1 /* asn1x509-2.1.10.js (c) 2013-2021 Kenji Urushima | kjur.github.io/jsrsasign/license 2 */ 3 /* 4 * asn1x509.js - ASN.1 DER encoder classes for X.509 certificate 5 * 6 * Copyright (c) 2013-2021 Kenji Urushima (kenji.urushima@gmail.com) 7 * 8 * This software is licensed under the terms of the MIT License. 9 * https://kjur.github.io/jsrsasign/license 10 * 11 * The above copyright and license notice shall be 12 * included in all copies or substantial portions of the Software. 13 */ 14 15 /** 16 * @fileOverview 17 * @name asn1x509-1.0.js 18 * @author Kenji Urushima kenji.urushima@gmail.com 19 * @version jsrsasign 10.5.0 asn1x509 2.1.10 (2021-Nov-21) 20 * @since jsrsasign 2.1 21 * @license <a href="https://kjur.github.io/jsrsasign/license/">MIT License</a> 22 */ 23 24 /** 25 * kjur's class library name space 26 * // already documented in asn1-1.0.js 27 * @name KJUR 28 * @namespace kjur's class library name space 29 */ 30 if (typeof KJUR == "undefined" || !KJUR) KJUR = {}; 31 32 /** 33 * kjur's ASN.1 class library name space 34 * // already documented in asn1-1.0.js 35 * @name KJUR.asn1 36 * @namespace 37 */ 38 if (typeof KJUR.asn1 == "undefined" || !KJUR.asn1) KJUR.asn1 = {}; 39 40 /** 41 * kjur's ASN.1 class for X.509 certificate library name space 42 * <p> 43 * <h4>FEATURES</h4> 44 * <ul> 45 * <li>easily issue any kind of certificate</li> 46 * <li>APIs are very similar to BouncyCastle library ASN.1 classes. So easy to learn.</li> 47 * </ul> 48 * </p> 49 * <h4>PROVIDED CLASSES</h4> 50 * <ul> 51 * <li>{@link KJUR.asn1.x509.Certificate}</li> 52 * <li>{@link KJUR.asn1.x509.TBSCertificate}</li> 53 * <li>{@link KJUR.asn1.x509.Extension} abstract class</li> 54 * <li>{@link KJUR.asn1.x509.Extensions}</li> 55 * <li>{@link KJUR.asn1.x509.SubjectPublicKeyInfo}</li> 56 * <li>{@link KJUR.asn1.x509.AlgorithmIdentifier}</li> 57 * <li>{@link KJUR.asn1.x509.GeneralNames}</li> 58 * <li>{@link KJUR.asn1.x509.GeneralName}</li> 59 * <li>{@link KJUR.asn1.x509.X500Name}</li> 60 * <li>{@link KJUR.asn1.x509.RDN}</li> 61 * <li>{@link KJUR.asn1.x509.AttributeTypeAndValue}</li> 62 * <li>{@link KJUR.asn1.x509.DistributionPointName}</li> 63 * <li>{@link KJUR.asn1.x509.DistributionPoint}</li> 64 * <li>{@link KJUR.asn1.x509.PolicyInformation}</li> 65 * <li>{@link KJUR.asn1.x509.PolicyQualifierInfo}</li> 66 * <li>{@link KJUR.asn1.x509.UserNotice}</li> 67 * <li>{@link KJUR.asn1.x509.NoticeReference}</li> 68 * <li>{@link KJUR.asn1.x509.DisplayText}</li> 69 * <li>{@link KJUR.asn1.x509.CRL}</li> 70 * <li>{@link KJUR.asn1.x509.TBSCertList}</li> 71 * <li>{@link KJUR.asn1.x509.CRLEntry} (DEPRECATED)</li> 72 * <li>{@link KJUR.asn1.x509.OID}</li> 73 * </ul> 74 * <h4>SUPPORTED EXTENSIONS</h4> 75 * <ul> 76 * <li>{@link KJUR.asn1.x509.BasicConstraints}</li> 77 * <li>{@link KJUR.asn1.x509.KeyUsage}</li> 78 * <li>{@link KJUR.asn1.x509.CRLDistributionPoints}</li> 79 * <li>{@link KJUR.asn1.x509.CertificatePolicies}</li> 80 * <li>{@link KJUR.asn1.x509.ExtKeyUsage}</li> 81 * <li>{@link KJUR.asn1.x509.AuthorityKeyIdentifier}</li> 82 * <li>{@link KJUR.asn1.x509.SubjectKeyIdentifier}</li> 83 * <li>{@link KJUR.asn1.x509.AuthorityInfoAccess}</li> 84 * <li>{@link KJUR.asn1.x509.SubjectAltName}</li> 85 * <li>{@link KJUR.asn1.x509.IssuerAltName}</li> 86 * <li>{@link KJUR.asn1.x509.CertificatePolicies}</li> 87 * <li>{@link KJUR.asn1.x509.CRLNumber}</li> 88 * <li>{@link KJUR.asn1.x509.CRLReason}</li> 89 * <li>{@link KJUR.asn1.x509.OCSPNonce}</li> 90 * <li>{@link KJUR.asn1.x509.OCSPNoCheck}</li> 91 * <li>{@link KJUR.asn1.x509.AdobeTimeStamp}</li> 92 * <li>{@link KJUR.asn1.x509.SubjectDirectoryAttributes}</li> 93 * <li>{@link KJUR.asn1.x509.PrivateExtension}</li> 94 * </ul> 95 * NOTE1: Please ignore method summary and document of this namespace. This caused by a bug of jsdoc2.<br/> 96 * NOTE2: SubjectAltName and IssuerAltName supported since 97 * jsrsasign 6.2.3 asn1x509 1.0.19.<br/> 98 * NOTE3: CeritifcatePolicies supported supported since 99 * jsrsasign 8.0.23 asn1x509 1.1.12<br/> 100 * @name KJUR.asn1.x509 101 * @namespace 102 */ 103 if (typeof KJUR.asn1.x509 == "undefined" || !KJUR.asn1.x509) KJUR.asn1.x509 = {}; 104 105 // === BEGIN Certificate =================================================== 106 107 /** 108 * X.509 Certificate class to sign and generate hex encoded certificate 109 * @name KJUR.asn1.x509.Certificate 110 * @class X.509 Certificate class to sign and generate hex encoded certificate 111 * @property {Array} params JSON object of parameters 112 * @param {Array} params JSON object for Certificate parameters 113 * @extends KJUR.asn1.ASN1Object 114 * @description 115 * <br/> 116 * This class provides Certificate ASN.1 class structure 117 * defined in 118 * <a href="https://tools.ietf.org/html/rfc5280#section-4.1"> 119 * RFC 5280 4.1</a>. 120 * <pre> 121 * Certificate ::= SEQUENCE { 122 * tbsCertificate TBSCertificate, 123 * signatureAlgorithm AlgorithmIdentifier, 124 * signatureValue BIT STRING } 125 * </pre> 126 * Parameter "params" JSON object can be 127 * the same as {@link KJUR.asn1.x509.TBSCertificate}. 128 * Then they are used to generate TBSCertificate. 129 * Additionally just for Certificate, following parameters can be used: 130 * <ul> 131 * <li>{TBSCertfificate}tbsobj - 132 * specifies {@link KJUR.asn1.x509.TBSCertificate} 133 * object to be signed if needed. 134 * When this isn't specified, 135 * this will be set from other parametes of TBSCertificate.</li> 136 * <li>{Object}cakey (OPTION) - specifies certificate signing private key. 137 * Parameter "cakey" or "sighex" shall be specified. Following 138 * values can be specified: 139 * <ul> 140 * <li>PKCS#1/5 or PKCS#8 PEM string of private key</li> 141 * <li>RSAKey/DSA/ECDSA key object. {@link KEYUTIL.getKey} is useful 142 * to generate a key object.</li> 143 * </ul> 144 * </li> 145 * <li>{String}sighex (OPTION) - hexadecimal string of signature value 146 * (i.e. ASN.1 value(V) of signatureValue BIT STRING without 147 * unused bits)</li> 148 * </ul> 149 * CAUTION: APIs of this class have been totally updated without 150 * backward compatibility since jsrsasign 9.0.0.<br/> 151 * NOTE1: 'params' can be omitted.<br/> 152 * NOTE2: DSA/ECDSA is also supported for CA signging key from asn1x509 1.0.6. 153 * @example 154 * var cert = new KJUR.asn1.x509.Certificate({ 155 * version: 3, 156 * serial: {hex: "1234..."}, 157 * sigalg: "SHA256withRSAandMGF1", 158 * ... 159 * sighex: "1d3f..." // sign() method won't be called 160 * }); 161 * 162 * // sighex will by calculated by signing with cakey 163 * var cert = new KJUR.asn1.x509.Certificate({ 164 * version: 3, 165 * serial: {hex: "2345..."}, 166 * sigalg: "SHA256withRSA", 167 * ... 168 * cakey: "-----BEGIN PRIVATE KEY..." 169 * }); 170 * 171 * // use TBSCertificate object to sign 172 * var cert = new KJUR.asn1.x509.Certificate({ 173 * tbsobj: <<OBJ>>, 174 * sigalg: "SHA256withRSA", 175 * cakey: "-----BEGIN PRIVATE KEY..." 176 * }); 177 */ 178 KJUR.asn1.x509.Certificate = function(params) { 179 KJUR.asn1.x509.Certificate.superclass.constructor.call(this); 180 var _KJUR = KJUR, 181 _KJUR_asn1 = _KJUR.asn1, 182 _DERBitString = _KJUR_asn1.DERBitString, 183 _DERSequence = _KJUR_asn1.DERSequence, 184 _KJUR_asn1_x509 = _KJUR_asn1.x509, 185 _TBSCertificate = _KJUR_asn1_x509.TBSCertificate, 186 _AlgorithmIdentifier = _KJUR_asn1_x509.AlgorithmIdentifier; 187 188 this.params = undefined; 189 190 /** 191 * set parameter<br/> 192 * @name setByParam 193 * @memberOf KJUR.asn1.x509.Certificate# 194 * @function 195 * @param params {Array} JSON object of certificate parameters 196 * @since jsrsasign 9.0.0 asn1hex 2.0.0 197 * @description 198 * This method will set parameter 199 * {@link KJUR.asn1.x509.Certificate#params} 200 * to this object. 201 * @example 202 * cert = new KJUR.asn1.x509.Certificate(); 203 * cert.setByParam({ 204 * version: 3, 205 * serial: {hex: "1234..."}, 206 * ... 207 * }); 208 */ 209 this.setByParam = function(params) { 210 this.params = params; 211 }; 212 213 /** 214 * sign certificate<br/> 215 * @name sign 216 * @memberOf KJUR.asn1.x509.Certificate# 217 * @function 218 * @description 219 * This method signs TBSCertificate with a specified 220 * private key and algorithm by 221 * this.params.cakey and this.params.sigalg parameter. 222 * @example 223 * cert = new KJUR.asn1.x509.Certificate({...}); 224 * cert.sign() 225 */ 226 this.sign = function() { 227 var params = this.params; 228 229 var sigalg = params.sigalg; 230 if (params.sigalg.name != undefined) 231 sigalg = params.sigalg.name; 232 233 var hTBS = params.tbsobj.getEncodedHex(); 234 var sig = new KJUR.crypto.Signature({alg: sigalg}); 235 sig.init(params.cakey); 236 sig.updateHex(hTBS); 237 params.sighex = sig.sign(); 238 }; 239 240 /** 241 * get PEM formatted certificate string after signed 242 * @name getPEM 243 * @memberOf KJUR.asn1.x509.Certificate# 244 * @function 245 * @return PEM formatted string of certificate 246 * @since jsrsasign 9.0.0 asn1hex 2.0.0 247 * @description 248 * This method returns a string of PEM formatted 249 * certificate. 250 * @example 251 * cert = new KJUR.asn1.x509.Certificate({...}); 252 * cert.getPEM() → 253 * "-----BEGIN CERTIFICATE-----\r\n..." 254 */ 255 this.getPEM = function() { 256 return hextopem(this.getEncodedHex(), "CERTIFICATE"); 257 }; 258 259 this.getEncodedHex = function() { 260 var params = this.params; 261 262 if (params.tbsobj == undefined || params.tbsobj == null) { 263 params.tbsobj = new _TBSCertificate(params); 264 } 265 266 if (params.sighex == undefined && params.cakey != undefined) { 267 this.sign(); 268 } 269 270 if (params.sighex == undefined) { 271 throw new Error("sighex or cakey parameter not defined"); 272 } 273 274 var a = []; 275 a.push(params.tbsobj); 276 a.push(new _AlgorithmIdentifier({name: params.sigalg})); 277 a.push(new _DERBitString({hex: "00" + params.sighex})); 278 var seq = new _DERSequence({array: a}); 279 return seq.getEncodedHex(); 280 }; 281 282 if (params != undefined) this.params = params; 283 }; 284 extendClass(KJUR.asn1.x509.Certificate, KJUR.asn1.ASN1Object); 285 286 /** 287 * ASN.1 TBSCertificate structure class<br/> 288 * @name KJUR.asn1.x509.TBSCertificate 289 * @class ASN.1 TBSCertificate structure class 290 * @property {Array} params JSON object of parameters 291 * @param {Array} params JSON object of TBSCertificate parameters 292 * @extends KJUR.asn1.ASN1Object 293 * @see KJUR.asn1.x509.Certificate 294 * 295 * @description 296 * <br/> 297 * NOTE: TBSCertificate class is updated without backward 298 * compatibility from jsrsasign 9.0.0 asn1x509 2.0.0. 299 * Most of methods are removed and parameters can be set 300 * by JSON object. 301 * 302 * @example 303 * new TBSCertificate({ 304 * version: 3, // this can be omitted, the default is 3. 305 * serial: {hex: "1234..."}, // DERInteger parameter 306 * sigalg: "SHA256withRSA", 307 * issuer: {array:[[{type:'O',value:'Test',ds:'prn'}]]}, // X500Name parameter 308 * notbefore: "151231235959Z", // string, passed to Time 309 * notafter: "251231235959Z", // string, passed to Time 310 * subject: {array:[[{type:'O',value:'Test',ds:'prn'}]]}, // X500Name parameter 311 * sbjpubkey: "-----BEGIN...", // KEYUTIL.getKey pubkey parameter 312 * // As for extension parameters, please see extension class 313 * // All extension parameters need to have "extname" parameter additionaly. 314 * ext:[{ 315 * extname:"keyUsage",critical:true, 316 * names:["digitalSignature","keyEncipherment"] 317 * },{ 318 * extname:"cRLDistributionPoints", 319 * array:[{dpname:{full:[{uri:"http://example.com/a1.crl"}]}}] 320 * }, ...] 321 * }) 322 * 323 * var tbsc = new TBSCertificate(); 324 * tbsc.setByParam({version:3,serial:{hex:'1234...'},...}); 325 */ 326 KJUR.asn1.x509.TBSCertificate = function(params) { 327 KJUR.asn1.x509.TBSCertificate.superclass.constructor.call(this); 328 var _KJUR = KJUR, 329 _KJUR_asn1 = _KJUR.asn1, 330 _KJUR_asn1_x509 = _KJUR_asn1.x509, 331 _DERTaggedObject = _KJUR_asn1.DERTaggedObject, 332 _DERInteger = _KJUR_asn1.DERInteger, 333 _DERSequence = _KJUR_asn1.DERSequence, 334 _AlgorithmIdentifier = _KJUR_asn1_x509.AlgorithmIdentifier, 335 _Time = _KJUR_asn1_x509.Time, 336 _X500Name = _KJUR_asn1_x509.X500Name, 337 _Extensions = _KJUR_asn1_x509.Extensions, 338 _SubjectPublicKeyInfo = _KJUR_asn1_x509.SubjectPublicKeyInfo; 339 340 this.params = null; 341 342 /** 343 * get array of ASN.1 object for extensions<br/> 344 * @name setByParam 345 * @memberOf KJUR.asn1.x509.TBSCertificate# 346 * @function 347 * @param {Array} JSON object of TBSCertificate parameters 348 * @example 349 * tbsc = new KJUR.asn1.x509.TBSCertificate(); 350 * tbsc.setByParam({version:3, serial:{hex:'1234...'},...}); 351 */ 352 this.setByParam = function(params) { 353 this.params = params; 354 }; 355 356 this.getEncodedHex = function() { 357 var a = []; 358 var params = this.params; 359 360 // X.509v3 default if params.version not defined 361 if (params.version != undefined || params.version != 1) { 362 var version = 2; 363 if (params.version != undefined) version = params.version - 1; 364 var obj = 365 new _DERTaggedObject({obj: new _DERInteger({'int': version})}) 366 a.push(obj); 367 } 368 369 a.push(new _DERInteger(params.serial)); 370 a.push(new _AlgorithmIdentifier({name: params.sigalg})); 371 a.push(new _X500Name(params.issuer)); 372 a.push(new _DERSequence({array:[new _Time(params.notbefore), 373 new _Time(params.notafter)]})); 374 a.push(new _X500Name(params.subject)); 375 a.push(new _SubjectPublicKeyInfo(KEYUTIL.getKey(params.sbjpubkey))); 376 if (params.ext !== undefined && params.ext.length > 0) { 377 a.push(new _DERTaggedObject({tag: "a3", 378 obj: new _Extensions(params.ext)})); 379 } 380 381 var seq = new KJUR.asn1.DERSequence({array: a}); 382 return seq.getEncodedHex(); 383 }; 384 385 if (params !== undefined) this.setByParam(params); 386 }; 387 extendClass(KJUR.asn1.x509.TBSCertificate, KJUR.asn1.ASN1Object); 388 389 /** 390 * Extensions ASN.1 structure class<br/> 391 * @name KJUR.asn1.x509.Extensions 392 * @class Extensions ASN.1 structure class 393 * @param {Array} aParam array of JSON extension parameter 394 * @extends KJUR.asn1.ASN1Object 395 * @since jsrsasign 9.1.0 asn1x509 2.1.0 396 * @see KJUR.asn1.x509.TBSCertificate 397 * @see KJUR.asn1.x509.TBSCertList 398 * @see KJUR.asn1.csr.CertificationRequestInfo 399 * @see KJUR.asn1.x509.PrivateExtension 400 * @see KJUR.asn1.ocsp.ResponseData 401 * @see KJUR.asn1.ocsp.BasicOCSPResponse 402 * 403 * @description 404 * This class represents 405 * <a href="https://tools.ietf.org/html/rfc5280#section-4.1"> 406 * Extensions defined in RFC 5280 4.1</a> and 407 * <a href="https://tools.ietf.org/html/rfc5280#section-4.1.2.9"> 408 * 4.1.2.9</a>. 409 * <pre> 410 * Extensions ::= SEQUENCE SIZE (1..MAX) OF Extension 411 * </pre> 412 * <p>NOTE: From jsrsasign 9.1.1, private extension or 413 * undefined extension have been supported by 414 * {@link KJUR.asn1.x509.PrivateExtension}.</p> 415 * 416 * Here is a list of available extensions: 417 * <ul> 418 * <li>{@link KJUR.asn1.x509.BasicConstraints}</li> 419 * <li>{@link KJUR.asn1.x509.KeyUsage}</li> 420 * <li>{@link KJUR.asn1.x509.SubjectKeyIdentifier}</li> 421 * <li>{@link KJUR.asn1.x509.AuthorityKeyIdentifier}</li> 422 * <li>{@link KJUR.asn1.x509.SubjectAltName}</li> 423 * <li>{@link KJUR.asn1.x509.IssuerAltName}</li> 424 * <li>{@link KJUR.asn1.x509.CRLDistributionPoints}</li> 425 * <li>{@link KJUR.asn1.x509.CertificatePolicies}</li> 426 * <li>{@link KJUR.asn1.x509.CRLNumber}</li> 427 * <li>{@link KJUR.asn1.x509.CRLReason}</li> 428 * <li>{@link KJUR.asn1.x509.OCSPNonce}</li> 429 * <li>{@link KJUR.asn1.x509.OCSPNoCheck}</li> 430 * <li>{@link KJUR.asn1.x509.AdobeTimeStamp}</li> 431 * <li>{@link KJUR.asn1.x509.SubjectDirectoryAttributes}</li> 432 * <li>{@link KJUR.asn1.x509.PrivateExtension}</li> 433 * </ul> 434 * You can also use {@link KJUR.asn1.x509.PrivateExtension} object 435 * to specify a unsupported extension. 436 * 437 * @example 438 * o = new KJUR.asn1.x509.Extensions([ 439 * {extname:"keyUsage",critical:true,names:["digitalSignature"]}, 440 * {extname:"subjectAltName",array:[{dns:"example.com"}]}, 441 * {extname:"1.2.3.4",extn:{prnstr:"aa"}} // private extension 442 * ]); 443 * o.getEncodedHex() → "30..." 444 */ 445 KJUR.asn1.x509.Extensions = function(aParam) { 446 KJUR.asn1.x509.Extensions.superclass.constructor.call(this); 447 var _KJUR = KJUR, 448 _KJUR_asn1 = _KJUR.asn1, 449 _DERSequence = _KJUR_asn1.DERSequence, 450 _KJUR_asn1_x509 = _KJUR_asn1.x509; 451 this.aParam = []; 452 453 this.setByParam = function(aParam) { this.aParam = aParam; } 454 455 this.getEncodedHex = function() { 456 var a = []; 457 for (var i = 0; i < this.aParam.length; i++) { 458 var param = this.aParam[i]; 459 var extname = param.extname; 460 var obj = null; 461 462 if (param.extn != undefined) { 463 obj = new _KJUR_asn1_x509.PrivateExtension(param); 464 } else if (extname == "subjectKeyIdentifier") { 465 obj = new _KJUR_asn1_x509.SubjectKeyIdentifier(param); 466 } else if (extname == "keyUsage") { 467 obj = new _KJUR_asn1_x509.KeyUsage(param); 468 } else if (extname == "subjectAltName") { 469 obj = new _KJUR_asn1_x509.SubjectAltName(param); 470 } else if (extname == "issuerAltName") { 471 obj = new _KJUR_asn1_x509.IssuerAltName(param); 472 } else if (extname == "basicConstraints") { 473 obj = new _KJUR_asn1_x509.BasicConstraints(param); 474 } else if (extname == "cRLDistributionPoints") { 475 obj = new _KJUR_asn1_x509.CRLDistributionPoints(param); 476 } else if (extname == "certificatePolicies") { 477 obj = new _KJUR_asn1_x509.CertificatePolicies(param); 478 } else if (extname == "authorityKeyIdentifier") { 479 obj = new _KJUR_asn1_x509.AuthorityKeyIdentifier(param); 480 } else if (extname == "extKeyUsage") { 481 obj = new _KJUR_asn1_x509.ExtKeyUsage(param); 482 } else if (extname == "authorityInfoAccess") { 483 obj = new _KJUR_asn1_x509.AuthorityInfoAccess(param); 484 } else if (extname == "cRLNumber") { 485 obj = new _KJUR_asn1_x509.CRLNumber(param); 486 } else if (extname == "cRLReason") { 487 obj = new _KJUR_asn1_x509.CRLReason(param); 488 } else if (extname == "ocspNonce") { 489 obj = new _KJUR_asn1_x509.OCSPNonce(param); 490 } else if (extname == "ocspNoCheck") { 491 obj = new _KJUR_asn1_x509.OCSPNoCheck(param); 492 } else if (extname == "adobeTimeStamp") { 493 obj = new _KJUR_asn1_x509.AdobeTimeStamp(param); 494 } else if (extname == "subjectDirectoryAttributes") { 495 obj = new _KJUR_asn1_x509.SubjectDirectoryAttributes(param); 496 } else { 497 throw new Error("extension not supported:" 498 + JSON.stringify(param)); 499 } 500 if (obj != null) a.push(obj); 501 } 502 503 var seq = new _DERSequence({array: a}); 504 return seq.getEncodedHex(); 505 }; 506 507 if (aParam != undefined) this.setByParam(aParam); 508 }; 509 extendClass(KJUR.asn1.x509.Extensions, KJUR.asn1.ASN1Object); 510 511 512 // === END TBSCertificate =================================================== 513 514 // === BEGIN X.509v3 Extensions Related ======================================= 515 516 /** 517 * base Extension ASN.1 structure class 518 * @name KJUR.asn1.x509.Extension 519 * @class base Extension ASN.1 structure class 520 * @param {Array} params associative array of parameters (ex. {'critical': true}) 521 * @extends KJUR.asn1.ASN1Object 522 * @description 523 * <pre> 524 * Extension ::= SEQUENCE { 525 * extnID OBJECT IDENTIFIER, 526 * critical BOOLEAN DEFAULT FALSE, 527 * extnValue OCTET STRING } 528 * </pre> 529 * @example 530 */ 531 KJUR.asn1.x509.Extension = function(params) { 532 KJUR.asn1.x509.Extension.superclass.constructor.call(this); 533 var asn1ExtnValue = null, 534 _KJUR = KJUR, 535 _KJUR_asn1 = _KJUR.asn1, 536 _DERObjectIdentifier = _KJUR_asn1.DERObjectIdentifier, 537 _DEROctetString = _KJUR_asn1.DEROctetString, 538 _DERBitString = _KJUR_asn1.DERBitString, 539 _DERBoolean = _KJUR_asn1.DERBoolean, 540 _DERSequence = _KJUR_asn1.DERSequence; 541 542 this.getEncodedHex = function() { 543 var asn1Oid = new _DERObjectIdentifier({'oid': this.oid}); 544 var asn1EncapExtnValue = 545 new _DEROctetString({'hex': this.getExtnValueHex()}); 546 547 var asn1Array = new Array(); 548 asn1Array.push(asn1Oid); 549 if (this.critical) asn1Array.push(new _DERBoolean()); 550 asn1Array.push(asn1EncapExtnValue); 551 552 var asn1Seq = new _DERSequence({'array': asn1Array}); 553 return asn1Seq.getEncodedHex(); 554 }; 555 556 this.critical = false; 557 if (params !== undefined) { 558 if (params.critical !== undefined) { 559 this.critical = params.critical; 560 } 561 } 562 }; 563 extendClass(KJUR.asn1.x509.Extension, KJUR.asn1.ASN1Object); 564 565 /** 566 * KeyUsage ASN.1 structure class 567 * @name KJUR.asn1.x509.KeyUsage 568 * @class KeyUsage ASN.1 structure class 569 * @param {Array} params associative array of parameters (ex. {'bin': '11', 'critical': true}) 570 * @extends KJUR.asn1.x509.Extension 571 * @description 572 * This class is for <a href="https://tools.ietf.org/html/rfc5280#section-4.2.1.3" target="_blank">KeyUsage</a> X.509v3 extension. 573 * <pre> 574 * id-ce-keyUsage OBJECT IDENTIFIER ::= { id-ce 15 } 575 * KeyUsage ::= BIT STRING { 576 * digitalSignature (0), 577 * nonRepudiation (1), 578 * keyEncipherment (2), 579 * dataEncipherment (3), 580 * keyAgreement (4), 581 * keyCertSign (5), 582 * cRLSign (6), 583 * encipherOnly (7), 584 * decipherOnly (8) } 585 * </pre><br/> 586 * NOTE: 'names' parameter is supprted since jsrsasign 8.0.14. 587 * @example 588 * o = new KJUR.asn1.x509.KeyUsage({bin: "11"}); 589 * o = new KJUR.asn1.x509.KeyUsage({critical: true, bin: "11"}); 590 * o = new KJUR.asn1.x509.KeyUsage({names: ['digitalSignature', 'keyAgreement']}); 591 */ 592 KJUR.asn1.x509.KeyUsage = function(params) { 593 KJUR.asn1.x509.KeyUsage.superclass.constructor.call(this, params); 594 var _KEYUSAGE_NAME = X509.KEYUSAGE_NAME; 595 596 this.getExtnValueHex = function() { 597 return this.asn1ExtnValue.getEncodedHex(); 598 }; 599 600 this.oid = "2.5.29.15"; 601 if (params !== undefined) { 602 if (params.bin !== undefined) { 603 this.asn1ExtnValue = new KJUR.asn1.DERBitString(params); 604 } 605 if (params.names !== undefined && 606 params.names.length !== undefined) { 607 var names = params.names; 608 var s = "000000000"; 609 for (var i = 0; i < names.length; i++) { 610 for (var j = 0; j < _KEYUSAGE_NAME.length; j++) { 611 if (names[i] === _KEYUSAGE_NAME[j]) { 612 s = s.substring(0, j) + '1' + 613 s.substring(j + 1, s.length); 614 } 615 } 616 } 617 this.asn1ExtnValue = new KJUR.asn1.DERBitString({bin: s}); 618 } 619 } 620 }; 621 extendClass(KJUR.asn1.x509.KeyUsage, KJUR.asn1.x509.Extension); 622 623 /** 624 * BasicConstraints ASN.1 structure class 625 * @name KJUR.asn1.x509.BasicConstraints 626 * @class BasicConstraints ASN.1 structure class 627 * @param {Array} params JSON object for parameters (ex. {cA:true,critical:true}) 628 * @extends KJUR.asn1.x509.Extension 629 * @see {@link X509#getExtBasicConstraints} 630 * @description 631 * This class represents 632 * <a href="https://tools.ietf.org/html/rfc5280#section-4.2.1.9"> 633 * BasicConstraints extension defined in RFC 5280 4.2.1.9</a>. 634 * <pre> 635 * id-ce-basicConstraints OBJECT IDENTIFIER ::= { id-ce 19 } 636 * BasicConstraints ::= SEQUENCE { 637 * cA BOOLEAN DEFAULT FALSE, 638 * pathLenConstraint INTEGER (0..MAX) OPTIONAL } 639 * </pre> 640 * Its constructor can have following parameters: 641 * <ul> 642 * <li>{Boolean}cA - cA flag</li> 643 * <li>{Integer}pathLen - pathLen field value</li> 644 * <li>{Boolean}critical - critical flag</li> 645 * </ul> 646 * @example 647 * new KJUR.asn1.x509.BasicConstraints({ 648 * cA: true, 649 * pathLen: 3, 650 * critical: true 651 * }) 652 */ 653 KJUR.asn1.x509.BasicConstraints = function(params) { 654 KJUR.asn1.x509.BasicConstraints.superclass.constructor.call(this, params); 655 var _KJUR_asn1 = KJUR.asn1, 656 _DERBoolean = _KJUR_asn1.DERBoolean, 657 _DERInteger = _KJUR_asn1.DERInteger, 658 _DERSequence = _KJUR_asn1.DERSequence; 659 660 var cA = false; 661 var pathLen = -1; 662 663 this.getExtnValueHex = function() { 664 var asn1Array = new Array(); 665 if (this.cA) asn1Array.push(new _DERBoolean()); 666 if (this.pathLen > -1) 667 asn1Array.push(new _DERInteger({'int': this.pathLen})); 668 var asn1Seq = new _DERSequence({'array': asn1Array}); 669 this.asn1ExtnValue = asn1Seq; 670 return this.asn1ExtnValue.getEncodedHex(); 671 }; 672 673 this.oid = "2.5.29.19"; 674 this.cA = false; 675 this.pathLen = -1; 676 if (params !== undefined) { 677 if (params.cA !== undefined) { 678 this.cA = params.cA; 679 } 680 if (params.pathLen !== undefined) { 681 this.pathLen = params.pathLen; 682 } 683 } 684 }; 685 extendClass(KJUR.asn1.x509.BasicConstraints, KJUR.asn1.x509.Extension); 686 687 /** 688 * CRLDistributionPoints ASN.1 structure class 689 * @name KJUR.asn1.x509.CRLDistributionPoints 690 * @class CRLDistributionPoints ASN.1 structure class 691 * @param {Array} params associative array of parameters (ex. {'uri': 'http://a.com/', 'critical': true}) 692 * @extends KJUR.asn1.x509.Extension 693 * @see {@link X509#getExtCRLDistributionPoints} 694 * @see {@link KJUR.asn1.x509.DistributionPoint} 695 * @see {@link KJUR.asn1.x509.GeneralNames} 696 * @description 697 * This class represents 698 * <a href="https://tools.ietf.org/html/rfc5280#section-4.2.1.13"> 699 * CRLDistributionPoints extension defined in RFC 5280 4.2.1.13</a>. 700 * <pre> 701 * id-ce-cRLDistributionPoints OBJECT IDENTIFIER ::= { id-ce 31 } 702 * CRLDistributionPoints ::= SEQUENCE SIZE (1..MAX) OF DistributionPoint 703 * DistributionPoint ::= SEQUENCE { 704 * distributionPoint [0] DistributionPointName OPTIONAL, 705 * reasons [1] ReasonFlags OPTIONAL, 706 * cRLIssuer [2] GeneralNames OPTIONAL } 707 * DistributionPointName ::= CHOICE { 708 * fullName [0] GeneralNames, 709 * nameRelativeToCRLIssuer [1] RelativeDistinguishedName } 710 * </pre> 711 * Constructor can have following parameter: 712 * <ul> 713 * <li>{Array}array - array of {@link KJUR.asn1.x509.DistributionPoint} parameter</li> 714 * <li>{Boolean}critical - critical flag</li> 715 * </ul> 716 * @example 717 * new KJUR.asn1.x509.CRLDistributionPoints({ 718 * array: [{fulluri: "http://aaa.com/"}, {fulluri: "ldap://aaa.com/"}], 719 * critical: true 720 * }) 721 */ 722 KJUR.asn1.x509.CRLDistributionPoints = function(params) { 723 KJUR.asn1.x509.CRLDistributionPoints.superclass.constructor.call(this, params); 724 var _KJUR = KJUR, 725 _KJUR_asn1 = _KJUR.asn1, 726 _KJUR_asn1_x509 = _KJUR_asn1.x509; 727 728 this.getExtnValueHex = function() { 729 return this.asn1ExtnValue.getEncodedHex(); 730 }; 731 732 this.setByDPArray = function(dpArray) { 733 var asn1Array = []; 734 for (var i = 0; i < dpArray.length; i++) { 735 if (dpArray[i] instanceof KJUR.asn1.ASN1Object) { 736 asn1Array.push(dpArray[i]); 737 } else { 738 var dp = new _KJUR_asn1_x509.DistributionPoint(dpArray[i]); 739 asn1Array.push(dp); 740 } 741 } 742 this.asn1ExtnValue = new _KJUR_asn1.DERSequence({'array': asn1Array}); 743 }; 744 745 this.setByOneURI = function(uri) { 746 var dp1 = new _KJUR_asn1_x509.DistributionPoint({fulluri: uri}); 747 this.setByDPArray([dp1]); 748 }; 749 750 this.oid = "2.5.29.31"; 751 if (params !== undefined) { 752 if (params.array !== undefined) { 753 this.setByDPArray(params.array); 754 } else if (params.uri !== undefined) { 755 this.setByOneURI(params.uri); 756 } 757 } 758 }; 759 extendClass(KJUR.asn1.x509.CRLDistributionPoints, KJUR.asn1.x509.Extension); 760 761 /** 762 * DistributionPoint ASN.1 structure class<br/> 763 * @name KJUR.asn1.x509.DistributionPoint 764 * @class DistributionPoint ASN.1 structure class 765 * @param {Array} params JSON object of parameters (OPTIONAL) 766 * @extends KJUR.asn1.ASN1Object 767 * @see {@link KJUR.asn1.x509.CRLDistributionPoints} 768 * @see {@link KJUR.asn1.x509.DistributionPointName} 769 * @see {@link KJUR.asn1.x509.GeneralNames} 770 * @see {@link X509#getDistributionPoint} 771 * @description 772 * This class represents 773 * <a href="https://tools.ietf.org/html/rfc5280#section-4.2.1.13"> 774 * DistributionPoint defined in RFC 5280 4.2.1.13</a>. 775 * <pre> 776 * DistributionPoint ::= SEQUENCE { 777 * distributionPoint [0] DistributionPointName OPTIONAL, 778 * reasons [1] ReasonFlags OPTIONAL, 779 * cRLIssuer [2] GeneralNames OPTIONAL } 780 * </pre> 781 * Constructor can have following parameter: 782 * <ul> 783 * <li>{String}fulluri - uri string for fullName uri. This has the same meaning for '{dpname: {full: [{uri: "..."]}}'.</li> 784 * <li>{Array}dpname - JSON object for {@link KJUR.asn1.x509.DistributionPointName} parameters</li> 785 * <li>{DistrubutionPoint}dpobj - {@link KJUR.asn1.x509.DistributionPointName} object (DEPRECATED)</li> 786 * </ul> 787 * <br/> 788 * NOTE1: Parameter "fulluri" and "dpname" supported 789 * since jsrsasign 9.0.0 asn1x509 2.0.0. 790 * <br/> 791 * NOTE2: The "reasons" and "cRLIssuer" fields are currently 792 * not supported. 793 * @example 794 * new KJUR.asn1.x509.DistributionPoint( 795 * {fulluri: "http://example.com/crl1.crl"}) 796 * new KJUR.asn1.x509.DistributionPoint( 797 * {dpname: {full: [{uri: "http://example.com/crl1.crl"}]}}) 798 * new KJUR.asn1.x509.DistributionPoint( 799 * {dpobj: new DistributionPoint(...)}) 800 */ 801 KJUR.asn1.x509.DistributionPoint = function(params) { 802 KJUR.asn1.x509.DistributionPoint.superclass.constructor.call(this); 803 var asn1DP = null, 804 _KJUR = KJUR, 805 _KJUR_asn1 = _KJUR.asn1, 806 _DistributionPointName = _KJUR_asn1.x509.DistributionPointName; 807 808 this.getEncodedHex = function() { 809 var seq = new _KJUR_asn1.DERSequence(); 810 if (this.asn1DP != null) { 811 var o1 = new _KJUR_asn1.DERTaggedObject({'explicit': true, 812 'tag': 'a0', 813 'obj': this.asn1DP}); 814 seq.appendASN1Object(o1); 815 } 816 this.hTLV = seq.getEncodedHex(); 817 return this.hTLV; 818 }; 819 820 if (params !== undefined) { 821 if (params.dpobj !== undefined) { 822 this.asn1DP = params.dpobj; 823 } else if (params.dpname !== undefined) { 824 this.asn1DP = new _DistributionPointName(params.dpname); 825 } else if (params.fulluri !== undefined) { 826 this.asn1DP = new _DistributionPointName({full: [{uri: params.fulluri}]}); 827 } 828 } 829 }; 830 extendClass(KJUR.asn1.x509.DistributionPoint, KJUR.asn1.ASN1Object); 831 832 /** 833 * DistributionPointName ASN.1 structure class<br/> 834 * @name KJUR.asn1.x509.DistributionPointName 835 * @class DistributionPointName ASN.1 structure class 836 * @param {Array} params JSON object of parameters or GeneralNames object 837 * @extends KJUR.asn1.ASN1Object 838 * @see {@link KJUR.asn1.x509.CRLDistributionPoints} 839 * @see {@link KJUR.asn1.x509.DistributionPoint} 840 * @see {@link KJUR.asn1.x509.GeneralNames} 841 * @see {@link X509#getDistributionPointName} 842 * @description 843 * This class represents 844 * <a href="https://tools.ietf.org/html/rfc5280#section-4.2.1.13"> 845 * DistributionPointName defined in RFC 5280 4.2.1.13</a>. 846 * <pre> 847 * DistributionPointName ::= CHOICE { 848 * fullName [0] GeneralNames, 849 * nameRelativeToCRLIssuer [1] RelativeDistinguishedName } 850 * </pre> 851 * Constructor can have following parameter: 852 * <ul> 853 * <li>{String}full - JSON object parameter of {@link KJUR.asn1.x509.GeneralNames} for 'fullName' field</li> 854 * <li>{GeneralNames} - {@link KJUR.asn1.x509.GeneralNames} object for 'fullName'</li> 855 * </ul> 856 * NOTE1: 'full' parameter have been suppored since jsrsasign 9.0.0 asn1x509 2.0.0. 857 * <br> 858 * NOTE2: The 'nameRelativeToCRLIssuer' field is currently not supported. 859 * @example 860 * new KJUR.asn1.x509.DistributionPointName({full: <<GeneralNamesParameter>>}) 861 * new KJUR.asn1.x509.DistributionPointName({full: [{uri: <<CDPURI>>}]}) 862 * new KJUR.asn1.x509.DistributionPointName({full: [{dn: <<DN Parameter>>}]} 863 * new KJUR.asn1.x509.DistributionPointName({full: [{uri: "http://example.com/root.crl"}]}) 864 * new KJUR.asn1.x509.DistributionPointName({full: [{dn {str: "/C=US/O=Test"}}]}) 865 * new KJUR.asn1.x509.DistributionPointName(new GeneralNames(...)) 866 */ 867 KJUR.asn1.x509.DistributionPointName = function(params) { 868 KJUR.asn1.x509.DistributionPointName.superclass.constructor.call(this); 869 var asn1Obj = null, 870 type = null, 871 tag = null, 872 asn1V = null, 873 _KJUR = KJUR, 874 _KJUR_asn1 = _KJUR.asn1, 875 _DERTaggedObject = _KJUR_asn1.DERTaggedObject; 876 877 this.getEncodedHex = function() { 878 if (this.type != "full") 879 throw new Error("currently type shall be 'full': " + this.type); 880 this.asn1Obj = new _DERTaggedObject({'explicit': false, 881 'tag': this.tag, 882 'obj': this.asn1V}); 883 this.hTLV = this.asn1Obj.getEncodedHex(); 884 return this.hTLV; 885 }; 886 887 if (params !== undefined) { 888 if (_KJUR_asn1.x509.GeneralNames.prototype.isPrototypeOf(params)) { 889 this.type = "full"; 890 this.tag = "a0"; 891 this.asn1V = params; 892 } else if (params.full !== undefined) { 893 this.type = "full"; 894 this.tag = "a0"; 895 this.asn1V = new _KJUR_asn1.x509.GeneralNames(params.full); 896 } else { 897 throw new Error("This class supports GeneralNames only as argument"); 898 } 899 } 900 }; 901 extendClass(KJUR.asn1.x509.DistributionPointName, KJUR.asn1.ASN1Object); 902 903 /** 904 * CertificatePolicies ASN.1 structure class 905 * @name KJUR.asn1.x509.CertificatePolicies 906 * @class CertificatePolicies ASN.1 structure class 907 * @param {Array} params associative array of parameters 908 * @extends KJUR.asn1.x509.Extension 909 * @since jsrsasign 8.0.23 asn1x509 1.1.12 910 * @see KJUR.asn1.x509.CertificatePolicies 911 * @see KJUR.asn1.x509.PolicyInformation 912 * @see KJUR.asn1.x509.PolicyQualifierInfo 913 * @see KJUR.asn1.x509.UserNotice 914 * @see KJUR.asn1.x509.NoticeReference 915 * @see KJUR.asn1.x509.DisplayText 916 * @description 917 * This class represents 918 * <a href="https://tools.ietf.org/html/rfc5280#section-4.2.1.4"> 919 * CertificatePolicies extension defined in RFC 5280 4.2.1.4</a>. 920 * <pre> 921 * id-ce-certificatePolicies OBJECT IDENTIFIER ::= { id-ce 32 } 922 * CertificatePolicies ::= SEQUENCE SIZE (1..MAX) OF PolicyInformation 923 * </pre> 924 * Its constructor can have following parameters: 925 * <ul> 926 * <li>array - array of {@link KJUR.asn1.x509.PolicyInformation} parameter</li> 927 * <li>critical - boolean: critical flag</li> 928 * </ul> 929 * NOTE: Returned JSON value format have been changed without 930 * backward compatibility since jsrsasign 9.0.0 asn1x509 2.0.0. 931 * @example 932 * e1 = new KJUR.asn1.x509.CertificatePolicies({ 933 * array: [ 934 * { policyoid: "1.2.3.4.5", 935 * array: [ 936 * { cps: "https://example.com/repository" }, 937 * { unotice: { 938 * noticeref: { // CA SHOULD NOT use this by RFC 939 * org: {type: "ia5", str: "Sample Org"}, 940 * noticenum: [{int: 5}, {hex: "01af"}] 941 * }, 942 * exptext: {type: "ia5", str: "Sample Policy"} 943 * }} 944 * ] 945 * } 946 * ], 947 * critical: true 948 * }); 949 */ 950 KJUR.asn1.x509.CertificatePolicies = function(params) { 951 KJUR.asn1.x509.CertificatePolicies.superclass.constructor.call(this, params); 952 var _KJUR = KJUR, 953 _KJUR_asn1 = _KJUR.asn1, 954 _KJUR_asn1_x509 = _KJUR_asn1.x509, 955 _DERSequence = _KJUR_asn1.DERSequence, 956 _PolicyInformation = _KJUR_asn1_x509.PolicyInformation; 957 958 this.params = null; 959 960 this.getExtnValueHex = function() { 961 var aPI = []; 962 for (var i = 0; i < this.params.array.length; i++) { 963 aPI.push(new _PolicyInformation(this.params.array[i])); 964 } 965 var seq = new _DERSequence({array: aPI}); 966 this.asn1ExtnValue = seq; 967 return this.asn1ExtnValue.getEncodedHex(); 968 }; 969 970 this.oid = "2.5.29.32"; 971 if (params !== undefined) { 972 this.params = params; 973 } 974 }; 975 extendClass(KJUR.asn1.x509.CertificatePolicies, KJUR.asn1.x509.Extension); 976 977 // ===== BEGIN CertificatePolicies related classes ===== 978 /** 979 * PolicyInformation ASN.1 structure class 980 * @name KJUR.asn1.x509.PolicyInformation 981 * @class PolicyInformation ASN.1 structure class 982 * @param {Array} params JSON object of parameters 983 * @extends KJUR.asn1.ASN1Object 984 * @since jsrsasign 8.0.23 asn1x509 1.1.12 985 * @see KJUR.asn1.x509.CertificatePolicies 986 * @see KJUR.asn1.x509.PolicyInformation 987 * @see KJUR.asn1.x509.PolicyQualifierInfo 988 * @see KJUR.asn1.x509.UserNotice 989 * @see KJUR.asn1.x509.NoticeReference 990 * @see KJUR.asn1.x509.DisplayText 991 * @description 992 * This class represents 993 * <a href="https://tools.ietf.org/html/rfc5280#section-4.2.1.4"> 994 * PolicyInformation defined in RFC 5280 4.2.1.4</a>. 995 * <pre> 996 * PolicyInformation ::= SEQUENCE { 997 * policyIdentifier CertPolicyId, 998 * policyQualifiers SEQUENCE SIZE (1..MAX) OF 999 * PolicyQualifierInfo OPTIONAL } 1000 * CertPolicyId ::= OBJECT IDENTIFIER 1001 * Its constructor can have following parameters: 1002 * <ul> 1003 * <li>{String}policyoid - policy OID (ex. "1.2.3.4.5")</li> 1004 * <li>{Object}array - array of {@link KJUR.asn1.x509.PolicyQualifierInfo} 1005 * parameters (OPTIONAL)</li> 1006 * </ul> 1007 * @example 1008 * new KJUR.asn1.x509.PolicyInformation({ 1009 * policyoid: "1.2.3.4.5", 1010 * array: [ 1011 * { cps: "https://example.com/repository" }, 1012 * { unotice: { 1013 * noticeref: { // CA SHOULD NOT use this by RFC 1014 * org: {type: "ia5", str: "Sample Org"}, 1015 * noticenum: [{int: 5}, {hex: "01af"}] 1016 * }, 1017 * exptext: {type: "ia5", str: "Sample Policy"} 1018 * }} 1019 * ] 1020 * }) 1021 */ 1022 KJUR.asn1.x509.PolicyInformation = function(params) { 1023 KJUR.asn1.x509.PolicyInformation.superclass.constructor.call(this, 1024 params); 1025 var _KJUR_asn1 = KJUR.asn1, 1026 _DERSequence = _KJUR_asn1.DERSequence, 1027 _DERObjectIdentifier = _KJUR_asn1.DERObjectIdentifier, 1028 _PolicyQualifierInfo = _KJUR_asn1.x509.PolicyQualifierInfo; 1029 1030 this.params = null; 1031 1032 this.getEncodedHex = function() { 1033 if (this.params.policyoid === undefined && 1034 this.params.array === undefined) 1035 throw new Error("parameter oid and array missing"); 1036 1037 // policy oid 1038 var a = [new _DERObjectIdentifier(this.params.policyoid)]; 1039 1040 // array of ASN1Object of PolicyQualifierInfo 1041 if (this.params.array !== undefined) { 1042 var aPQI = []; 1043 for (var i = 0; i < this.params.array.length; i++) { 1044 aPQI.push(new _PolicyQualifierInfo(this.params.array[i])); 1045 } 1046 if (aPQI.length > 0) { 1047 a.push(new _DERSequence({array: aPQI})); 1048 } 1049 } 1050 1051 var seq = new _DERSequence({array: a}); 1052 return seq.getEncodedHex(); 1053 }; 1054 1055 if (params !== undefined) { 1056 this.params = params; 1057 } 1058 }; 1059 extendClass(KJUR.asn1.x509.PolicyInformation, KJUR.asn1.ASN1Object); 1060 1061 /** 1062 * PolicyQualifierInfo ASN.1 structure class 1063 * @name KJUR.asn1.x509.PolicyQualifierInfo 1064 * @class PolicyQualifierInfo ASN.1 structure class 1065 * @param {Array} params associative array of parameters 1066 * @extends KJUR.asn1.ASN1Object 1067 * @since jsrsasign 8.0.23 asn1x509 1.1.12 1068 * @description 1069 * This class represents 1070 * <a href="https://tools.ietf.org/html/rfc5280#section-4.2.1.4"> 1071 * PolicyQualifierInfo defined in RFC 5280 4.2.1.4</a>. 1072 * <pre> 1073 * PolicyQualifierInfo ::= SEQUENCE { 1074 * policyQualifierId PolicyQualifierId, 1075 * qualifier ANY DEFINED BY policyQualifierId } 1076 * PolicyQualifierId ::= OBJECT IDENTIFIER ( id-qt-cps | id-qt-unotice ) 1077 * CPSuri ::= IA5String 1078 * </pre> 1079 * Its constructor can have one of following two parameters: 1080 * <ul> 1081 * <li>{String}cps - URI string for CPS</li> 1082 * <li>{Object}unotice - {@link KJUR.asn1.x509.UserNotice} parameter</li> 1083 * </ul> 1084 * @example 1085 * new PolicyQualifierInfo({ 1086 * cps: "https://example.com/repository/cps" 1087 * }) 1088 * 1089 * new PolicyQualifierInfo({ 1090 * unotice: { 1091 * noticeref: { // CA SHOULD NOT use this by RFC 1092 * org: {type: "bmp", str: "Sample Org"}, 1093 * noticenum: [{int: 3}, {hex: "01af"}] 1094 * }, 1095 * exptext: {type: "ia5", str: "Sample Policy"} 1096 * } 1097 * }) 1098 */ 1099 KJUR.asn1.x509.PolicyQualifierInfo = function(params) { 1100 KJUR.asn1.x509.PolicyQualifierInfo.superclass.constructor.call(this, 1101 params); 1102 var _KJUR_asn1 = KJUR.asn1, 1103 _DERSequence = _KJUR_asn1.DERSequence, 1104 _DERIA5String = _KJUR_asn1.DERIA5String, 1105 _DERObjectIdentifier = _KJUR_asn1.DERObjectIdentifier, 1106 _UserNotice = _KJUR_asn1.x509.UserNotice; 1107 1108 this.params = null; 1109 1110 this.getEncodedHex = function() { 1111 if (this.params.cps !== undefined) { 1112 var seq = new _DERSequence({array: [ 1113 new _DERObjectIdentifier({oid: '1.3.6.1.5.5.7.2.1'}), 1114 new _DERIA5String({str: this.params.cps}) 1115 ]}); 1116 return seq.getEncodedHex(); 1117 } 1118 if (this.params.unotice != undefined) { 1119 var seq = new _DERSequence({array: [ 1120 new _DERObjectIdentifier({oid: '1.3.6.1.5.5.7.2.2'}), 1121 new _UserNotice(this.params.unotice) 1122 ]}); 1123 return seq.getEncodedHex(); 1124 } 1125 }; 1126 1127 if (params !== undefined) { 1128 this.params = params; 1129 } 1130 }; 1131 extendClass(KJUR.asn1.x509.PolicyQualifierInfo, KJUR.asn1.ASN1Object); 1132 1133 1134 /** 1135 * UserNotice ASN.1 structure class 1136 * @name KJUR.asn1.x509.UserNotice 1137 * @class UserNotice ASN.1 structure class 1138 * @param {Array} params associative array of parameters 1139 * @extends KJUR.asn1.ASN1Object 1140 * @since jsrsasign 8.0.23 asn1x509 1.1.12 1141 * @description 1142 * This class represents 1143 * <a href="https://tools.ietf.org/html/rfc5280#section-4.2.1.4"> 1144 * UserNotice defined in RFC 5280 4.2.1.4</a>. 1145 * <pre> 1146 * UserNotice ::= SEQUENCE { 1147 * noticeRef NoticeReference OPTIONAL, 1148 * explicitText DisplayText OPTIONAL } 1149 * </pre> 1150 * Its constructor can have following two parameters: 1151 * <ul> 1152 * <li>{Object}noticeref - {@link KJUR.asn1.x509.NoticeReference} parameter. 1153 * This SHALL NOT be set for conforming CA by RFC 5280. (OPTIONAL)</li> 1154 * <li>{Object}exptext - explicitText value 1155 * by {@link KJUR.asn1.x509.DisplayText} parameter (OPTIONAL)</li> 1156 * </ul> 1157 * @example 1158 * new UserNotice({ 1159 * noticeref: { 1160 * org: {type: "bmp", str: "Sample Org"}, 1161 * noticenum: [{int: 3}, {hex: "01af"}] 1162 * }, 1163 * exptext: {type: "ia5", str: "Sample Policy"} 1164 * }) 1165 */ 1166 KJUR.asn1.x509.UserNotice = function(params) { 1167 KJUR.asn1.x509.UserNotice.superclass.constructor.call(this, params); 1168 var _DERSequence = KJUR.asn1.DERSequence, 1169 _DERInteger = KJUR.asn1.DERInteger, 1170 _DisplayText = KJUR.asn1.x509.DisplayText, 1171 _NoticeReference = KJUR.asn1.x509.NoticeReference; 1172 1173 this.params = null; 1174 1175 this.getEncodedHex = function() { 1176 var a = []; 1177 if (this.params.noticeref !== undefined) { 1178 a.push(new _NoticeReference(this.params.noticeref)); 1179 } 1180 if (this.params.exptext !== undefined) { 1181 a.push(new _DisplayText(this.params.exptext)); 1182 } 1183 var seq = new _DERSequence({array: a}); 1184 return seq.getEncodedHex(); 1185 }; 1186 1187 if (params !== undefined) { 1188 this.params = params; 1189 } 1190 }; 1191 extendClass(KJUR.asn1.x509.UserNotice, KJUR.asn1.ASN1Object); 1192 1193 /** 1194 * NoticeReference ASN.1 structure class 1195 * @name KJUR.asn1.x509.NoticeReference 1196 * @class NoticeReference ASN.1 structure class 1197 * @param {Array} params associative array of parameters 1198 * @extends KJUR.asn1.ASN1Object 1199 * @since jsrsasign 8.0.23 asn1x509 1.1.12 1200 * @description 1201 * This class represents 1202 * <a href="https://tools.ietf.org/html/rfc5280#section-4.2.1.4"> 1203 * NoticeReference defined in RFC 5280 4.2.1.4</a>. 1204 * <pre> 1205 * NoticeReference ::= SEQUENCE { 1206 * organization DisplayText, 1207 * noticeNumbers SEQUENCE OF INTEGER } 1208 * </pre> 1209 * Its constructor can have following two parameters: 1210 * <ul> 1211 * <li>{Object}org - organization by {@link KJUR.asn1.x509.DisplayText} 1212 * parameter.</li> 1213 * <li>{Object}noticenum - noticeNumbers value by an array of 1214 * {@link KJUR.asn1.DERInteger} parameter</li> 1215 * </ul> 1216 * @example 1217 * new NoticeReference({ 1218 * org: {type: "bmp", str: "Sample Org"}, 1219 * noticenum: [{int: 3}, {hex: "01af"}] 1220 * }) 1221 */ 1222 KJUR.asn1.x509.NoticeReference = function(params) { 1223 KJUR.asn1.x509.NoticeReference.superclass.constructor.call(this, params); 1224 var _DERSequence = KJUR.asn1.DERSequence, 1225 _DERInteger = KJUR.asn1.DERInteger, 1226 _DisplayText = KJUR.asn1.x509.DisplayText; 1227 1228 this.params = null; 1229 1230 this.getEncodedHex = function() { 1231 var a = []; 1232 if (this.params.org !== undefined) { 1233 a.push(new _DisplayText(this.params.org)); 1234 } 1235 if (this.params.noticenum !== undefined) { 1236 var aNoticeNum = []; 1237 var aNumParam = this.params.noticenum; 1238 for (var i = 0; i < aNumParam.length; i++) { 1239 aNoticeNum.push(new _DERInteger(aNumParam[i])); 1240 } 1241 a.push(new _DERSequence({array: aNoticeNum})); 1242 } 1243 if (a.length == 0) throw new Error("parameter is empty"); 1244 var seq = new _DERSequence({array: a}); 1245 return seq.getEncodedHex(); 1246 } 1247 1248 if (params !== undefined) { 1249 this.params = params; 1250 } 1251 }; 1252 extendClass(KJUR.asn1.x509.NoticeReference, KJUR.asn1.ASN1Object); 1253 1254 /** 1255 * DisplayText ASN.1 structure class 1256 * @name KJUR.asn1.x509.DisplayText 1257 * @class DisplayText ASN.1 structure class 1258 * @param {Array} params associative array of parameters 1259 * @extends KJUR.asn1.DERAbstractString 1260 * @since jsrsasign 8.0.23 asn1x509 1.1.12 1261 * @description 1262 * This class represents 1263 * <a href="https://tools.ietf.org/html/rfc5280#section-4.2.1.4"> 1264 * DisplayText defined in RFC 5280 4.2.1.4</a>. 1265 * <pre> 1266 * -- from RFC 5280 Appendix A 1267 * DisplayText ::= CHOICE { 1268 * ia5String IA5String (SIZE (1..200)), 1269 * visibleString VisibleString (SIZE (1..200)), 1270 * bmpString BMPString (SIZE (1..200)), 1271 * utf8String UTF8String (SIZE (1..200)) } 1272 * </pre> 1273 * {@link KJUR.asn1.DERAbstractString} parameters and methods 1274 * can be used. 1275 * Its constructor can also have following parameter: 1276 * <ul> 1277 * <li>{String} type - DirectoryString type of DisplayText. 1278 * "ia5" for IA5String, "vis" for VisibleString, 1279 * "bmp" for BMPString and "utf8" for UTF8String. 1280 * Default is "utf8". (OPTIONAL)</li> 1281 * </ul> 1282 * @example 1283 * new DisplayText({type: "bmp", str: "Sample Org"}) 1284 * new DisplayText({type: "ia5", str: "Sample Org"}) 1285 * new DisplayText({str: "Sample Org"}) 1286 */ 1287 KJUR.asn1.x509.DisplayText = function(params) { 1288 KJUR.asn1.x509.DisplayText.superclass.constructor.call(this, params); 1289 1290 this.hT = "0c"; // DEFAULT "utf8" 1291 1292 if (params !== undefined) { 1293 if (params.type === "ia5") { 1294 this.hT = "16"; 1295 } else if (params.type === "vis") { 1296 this.hT = "1a"; 1297 } else if (params.type === "bmp") { 1298 this.hT = "1e"; 1299 } 1300 } 1301 }; 1302 extendClass(KJUR.asn1.x509.DisplayText, KJUR.asn1.DERAbstractString); 1303 // ===== END CertificatePolicies related classes ===== 1304 1305 // ===================================================================== 1306 /** 1307 * KeyUsage ASN.1 structure class 1308 * @name KJUR.asn1.x509.ExtKeyUsage 1309 * @class ExtKeyUsage ASN.1 structure class 1310 * @param {Array} params associative array of parameters 1311 * @extends KJUR.asn1.x509.Extension 1312 * @description 1313 * @example 1314 * e1 = new KJUR.asn1.x509.ExtKeyUsage({ 1315 * critical: true, 1316 * array: [ 1317 * {oid: '2.5.29.37.0'}, // anyExtendedKeyUsage 1318 * {name: 'clientAuth'}, 1319 * "1.2.3.4", 1320 * "serverAuth" 1321 * ] 1322 * }); 1323 * // id-ce-extKeyUsage OBJECT IDENTIFIER ::= { id-ce 37 } 1324 * // ExtKeyUsageSyntax ::= SEQUENCE SIZE (1..MAX) OF KeyPurposeId 1325 * // KeyPurposeId ::= OBJECT IDENTIFIER 1326 */ 1327 KJUR.asn1.x509.ExtKeyUsage = function(params) { 1328 KJUR.asn1.x509.ExtKeyUsage.superclass.constructor.call(this, params); 1329 var _KJUR = KJUR, 1330 _KJUR_asn1 = _KJUR.asn1; 1331 1332 this.setPurposeArray = function(purposeArray) { 1333 this.asn1ExtnValue = new _KJUR_asn1.DERSequence(); 1334 for (var i = 0; i < purposeArray.length; i++) { 1335 var o = new _KJUR_asn1.DERObjectIdentifier(purposeArray[i]); 1336 this.asn1ExtnValue.appendASN1Object(o); 1337 } 1338 }; 1339 1340 this.getExtnValueHex = function() { 1341 return this.asn1ExtnValue.getEncodedHex(); 1342 }; 1343 1344 this.oid = "2.5.29.37"; 1345 if (params !== undefined) { 1346 if (params.array !== undefined) { 1347 this.setPurposeArray(params.array); 1348 } 1349 } 1350 }; 1351 extendClass(KJUR.asn1.x509.ExtKeyUsage, KJUR.asn1.x509.Extension); 1352 1353 /** 1354 * AuthorityKeyIdentifier ASN.1 structure class 1355 * @name KJUR.asn1.x509.AuthorityKeyIdentifier 1356 * @class AuthorityKeyIdentifier ASN.1 structure class 1357 * @param {Array} params associative array of parameters (ex. {kid: {hex: '89ab...'}, critical: true}) 1358 * @extends KJUR.asn1.x509.Extension 1359 * @since asn1x509 1.0.8 1360 * @description 1361 * This class represents ASN.1 structure for <a href="https://tools.ietf.org/html/rfc5280#section-4.2.1.1">AuthorityKeyIdentifier in RFC 5280</a>. 1362 * Constructor of this class may have following parameters.: 1363 * <ul> 1364 * <li>kid - When key object (RSA, KJUR.crypto.ECDSA/DSA) or PEM string of issuing authority public key or issuer certificate is specified, key identifier will be automatically calculated by the method specified in RFC 5280. When a hexadecimal string is specifed, kid will be set explicitly by it.</li> 1365 * <li>isscert - When PEM string of authority certificate is specified, both authorityCertIssuer and authorityCertSerialNumber will be set by the certificate.</li> 1366 * <li>issuer - {@link KJUR.asn1.x509.X500Name} parameter to specify issuer name explicitly.</li> 1367 * <li>sn - hexadecimal string to specify serial number explicitly.</li> 1368 * <li>critical - boolean to specify criticality of this extension 1369 * however conforming CA must mark this extension as non-critical in RFC 5280.</li> 1370 * </ul> 1371 * 1372 * <pre> 1373 * d-ce-authorityKeyIdentifier OBJECT IDENTIFIER ::= { id-ce 35 } 1374 * AuthorityKeyIdentifier ::= SEQUENCE { 1375 * keyIdentifier [0] KeyIdentifier OPTIONAL, 1376 * authorityCertIssuer [1] GeneralNames OPTIONAL, 1377 * authorityCertSerialNumber [2] CertificateSerialNumber OPTIONAL } 1378 * KeyIdentifier ::= OCTET STRING 1379 * </pre> 1380 * 1381 * @example 1382 * // 1. kid by key object 1383 * keyobj = KEYUTIL.getKey("-----BEGIN PUBLIC KEY..."); 1384 * e1 = new KJUR.asn1.x509.AuthorityKeyIdentifier({kid: keyobj}); 1385 * // 2. kid by PEM string of authority certificate or public key 1386 * e1 = new KJUR.asn1.x509.AuthorityKeyIdentifier({kid: "-----BEGIN..."}); 1387 * // 3. specify kid explicitly 1388 * e1 = new KJUR.asn1.x509.AuthorityKeyIdentifier({kid: "8ab1d3..."}); 1389 * }); 1390 * // 4. issuer and serial number by auhtority PEM certificate 1391 * e1 = new KJUR.asn1.x509.AuthorityKeyIdentifier({isscert: "-----BEGIN..."}); 1392 * // 5. issuer and serial number explicitly 1393 * e1 = new KJUR.asn1.x509.AuthorityKeyIdentifier({ 1394 * issuer: {ldapstr: "O=test,C=US"}, 1395 * sn: {hex: "1ac7..."}}); 1396 * // 6. combination 1397 * e1 = new KJUR.asn1.x509.AuthorityKeyIdentifier({ 1398 * kid: "-----BEGIN CERTIFICATE...", 1399 * isscert: "-----BEGIN CERTIFICATE..."}); 1400 */ 1401 KJUR.asn1.x509.AuthorityKeyIdentifier = function(params) { 1402 KJUR.asn1.x509.AuthorityKeyIdentifier.superclass.constructor.call(this, params); 1403 var _KJUR = KJUR, 1404 _KJUR_asn1 = _KJUR.asn1, 1405 _DERTaggedObject = _KJUR_asn1.DERTaggedObject, 1406 _GeneralNames = _KJUR_asn1.x509.GeneralNames, 1407 _isKey = _KJUR.crypto.Util.isKey; 1408 1409 this.asn1KID = null; 1410 this.asn1CertIssuer = null; // X500Name hTLV 1411 this.asn1CertSN = null; 1412 1413 this.getExtnValueHex = function() { 1414 var a = new Array(); 1415 if (this.asn1KID) 1416 a.push(new _DERTaggedObject({'explicit': false, 1417 'tag': '80', 1418 'obj': this.asn1KID})); 1419 1420 if (this.asn1CertIssuer) 1421 a.push(new _DERTaggedObject({'explicit': false, 1422 'tag': 'a1', 1423 'obj': new _GeneralNames([{dn: this.asn1CertIssuer}])})); 1424 1425 if (this.asn1CertSN) 1426 a.push(new _DERTaggedObject({'explicit': false, 1427 'tag': '82', 1428 'obj': this.asn1CertSN})); 1429 1430 var asn1Seq = new _KJUR_asn1.DERSequence({'array': a}); 1431 this.asn1ExtnValue = asn1Seq; 1432 return this.asn1ExtnValue.getEncodedHex(); 1433 }; 1434 1435 /** 1436 * set keyIdentifier value by DEROctetString parameter, key object or PEM file 1437 * @name setKIDByParam 1438 * @memberOf KJUR.asn1.x509.AuthorityKeyIdentifier# 1439 * @function 1440 * @param {Array} param parameter to set key identifier 1441 * @since asn1x509 1.0.8 1442 * @description 1443 * This method will set keyIdentifier by param. 1444 * Its key identifier value can be set by following type of param argument: 1445 * <ul> 1446 * <li>{str: "123"} - by raw string</li> 1447 * <li>{hex: "01af..."} - by hexadecimal value</li> 1448 * <li>RSAKey/DSA/ECDSA - by RSAKey, KJUR.crypto.{DSA/ECDSA} public key object. 1449 * key identifier value will be calculated by the method described in 1450 * <a href="https://tools.ietf.org/html/rfc5280#section-4.2.1.2">RFC 5280 4.2.1.2 (1)</a>. 1451 * </li> 1452 * <li>certificate PEM string - extract subjectPublicKeyInfo from specified PEM 1453 * certificate and 1454 * key identifier value will be calculated by the method described in 1455 * <a href="https://tools.ietf.org/html/rfc5280#section-4.2.1.2">RFC 5280 4.2.1.2 (1)</a>. 1456 * <li>PKCS#1/#8 public key PEM string - pem will be converted to a key object and 1457 * to PKCS#8 ASN.1 structure then calculate 1458 * a key identifier value will be calculated by the method described in 1459 * <a href="https://tools.ietf.org/html/rfc5280#section-4.2.1.2">RFC 5280 4.2.1.2 (1)</a>. 1460 * </ul> 1461 * 1462 * NOTE1: Automatic key identifier calculation is supported 1463 * since jsrsasign 8.0.16. 1464 * 1465 * @see KEYUTIL.getKeyID 1466 * 1467 * @example 1468 * o = new KJUR.asn1.x509.AuthorityKeyIdentifier(); 1469 * // set by hexadecimal string 1470 * o.setKIDByParam({hex: '1ad9...'}); 1471 * // set by SubjectPublicKeyInfo of PEM certificate string 1472 * o.setKIDByParam("-----BEGIN CERTIFICATE..."); 1473 * // set by PKCS#8 PEM public key string 1474 * o.setKIDByParam("-----BEGIN PUBLIC KEY..."); 1475 * // set by public key object 1476 * pubkey = KEYUTIL.getKey("-----BEGIN CERTIFICATE..."); 1477 * o.setKIDByParam(pubkey); 1478 */ 1479 this.setKIDByParam = function(param) { 1480 if (param.str !== undefined || 1481 param.hex !== undefined) { 1482 this.asn1KID = new KJUR.asn1.DEROctetString(param); 1483 } else if ((typeof param === "object" && 1484 KJUR.crypto.Util.isKey(param)) || 1485 (typeof param === "string" && 1486 param.indexOf("BEGIN ") != -1)) { 1487 1488 var keyobj = param; 1489 if (typeof param === "string") { 1490 keyobj = KEYUTIL.getKey(param); 1491 } 1492 1493 var kid = KEYUTIL.getKeyID(keyobj); 1494 this.asn1KID = new KJUR.asn1.DEROctetString({hex: kid}); 1495 } 1496 }; 1497 1498 /** 1499 * set authorityCertIssuer value by X500Name parameter 1500 * @name setCertIssuerByParam 1501 * @memberOf KJUR.asn1.x509.AuthorityKeyIdentifier# 1502 * @function 1503 * @param {Array} param parameter to set issuer name 1504 * @since asn1x509 1.0.8 1505 * @description 1506 * This method will set authorityCertIssuer name by param. 1507 * Issuer name can be set by following type of param argument: 1508 * <ul> 1509 * <li>str/ldapstr/hex/certsubject/certissuer - 1510 * set issuer by {@link KJUR.asn1.x509.X500Name} 1511 * object with specified parameters.</li> 1512 * <li>PEM CERTIFICATE STRING - extract its subject name from 1513 * specified issuer PEM certificate and set. 1514 * </ul> 1515 * NOTE1: Automatic authorityCertIssuer setting by certificate 1516 * is supported since jsrsasign 8.0.16. 1517 * 1518 * @see KJUR.asn1.x509.X500Name 1519 * @see KJUR.asn1.x509.GeneralNames 1520 * @see X509.getSubjectHex 1521 * 1522 * @example 1523 * var o = new KJUR.asn1.x509.AuthorityKeyIdentifier(); 1524 * // 1. set it by string 1525 * o.setCertIssuerByParam({str: '/C=US/O=Test'}); 1526 * // 2. set it by issuer PEM certificate 1527 * o.setCertIssuerByParam("-----BEGIN CERTIFICATE..."); 1528 * 1529 */ 1530 this.setCertIssuerByParam = function(param) { 1531 if (param.str !== undefined || 1532 param.ldapstr !== undefined || 1533 param.hex !== undefined || 1534 param.certsubject !== undefined || 1535 param.certissuer !== undefined) { 1536 this.asn1CertIssuer = new KJUR.asn1.x509.X500Name(param); 1537 } else if (typeof param === "string" && 1538 param.indexOf("BEGIN ") != -1 && 1539 param.indexOf("CERTIFICATE") != -1) { 1540 this.asn1CertIssuer = new KJUR.asn1.x509.X500Name({certissuer: param}); 1541 } 1542 }; 1543 1544 /** 1545 * set authorityCertSerialNumber value 1546 * @name setCertSerialNumberByParam 1547 * @memberOf KJUR.asn1.x509.AuthorityKeyIdentifier# 1548 * @function 1549 * @param {Object} param parameter to set serial number 1550 * @since asn1x509 1.0.8 1551 * @description 1552 * This method will set authorityCertSerialNumber by param. 1553 * Serial number can be set by following type of param argument: 1554 * 1555 * <ul> 1556 * <li>{int: 123} - by integer value</li> 1557 * <li>{hex: "01af"} - by hexadecimal integer value</li> 1558 * <li>{bigint: new BigInteger(...)} - by hexadecimal integer value</li> 1559 * <li>PEM CERTIFICATE STRING - extract serial number from issuer certificate and 1560 * set serial number. 1561 * 1562 * NOTE1: Automatic authorityCertSerialNumber setting by certificate 1563 * is supported since jsrsasign 8.0.16. 1564 * 1565 * @see X509.getSerialNumberHex 1566 */ 1567 this.setCertSNByParam = function(param) { 1568 if (param.str !== undefined || 1569 param.bigint !== undefined || 1570 param.hex !== undefined) { 1571 this.asn1CertSN = new KJUR.asn1.DERInteger(param); 1572 } else if (typeof param === "string" && 1573 param.indexOf("BEGIN ") != -1 && 1574 param.indexOf("CERTIFICATE")) { 1575 1576 var x = new X509(); 1577 x.readCertPEM(param); 1578 var sn = x.getSerialNumberHex(); 1579 this.asn1CertSN = new KJUR.asn1.DERInteger({hex: sn}); 1580 } 1581 }; 1582 1583 this.oid = "2.5.29.35"; 1584 if (params !== undefined) { 1585 if (params.kid !== undefined) { 1586 this.setKIDByParam(params.kid); 1587 } 1588 if (params.issuer !== undefined) { 1589 this.setCertIssuerByParam(params.issuer); 1590 } 1591 if (params.sn !== undefined) { 1592 this.setCertSNByParam(params.sn); 1593 } 1594 1595 if (params.issuersn !== undefined && 1596 typeof params.issuersn === "string" && 1597 params.issuersn.indexOf("BEGIN ") != -1 && 1598 params.issuersn.indexOf("CERTIFICATE")) { 1599 this.setCertSNByParam(params.issuersn); 1600 this.setCertIssuerByParam(params.issuersn); 1601 } 1602 } 1603 }; 1604 extendClass(KJUR.asn1.x509.AuthorityKeyIdentifier, KJUR.asn1.x509.Extension); 1605 1606 /** 1607 * SubjectKeyIdentifier extension ASN.1 structure class 1608 * @name KJUR.asn1.x509.SubjectKeyIdentifier 1609 * @class SubjectKeyIdentifier ASN.1 structure class 1610 * @param {Array} params associative array of parameters (ex. {kid: {hex: '89ab...'}, critical: true}) 1611 * @extends KJUR.asn1.x509.Extension 1612 * @since asn1x509 1.1.7 jsrsasign 8.0.14 1613 * @description 1614 * This class represents ASN.1 structure for 1615 * <a href="https://tools.ietf.org/html/rfc5280#section-4.2.1.2"> 1616 * SubjectKeyIdentifier in RFC 5280</a>. 1617 * Constructor of this class may have following parameters: 1618 * <ul> 1619 * <li>kid - When key object (RSA, KJUR.crypto.ECDSA/DSA) or PEM string of subject public key or certificate is specified, key identifier will be automatically calculated by the method specified in RFC 5280. When a hexadecimal string is specifed, kid will be set explicitly by it.</li> 1620 * <li>critical - boolean to specify criticality of this extension 1621 * however conforming CA must mark this extension as non-critical in RFC 5280.</li> 1622 * </ul> 1623 * <pre> 1624 * d-ce-subjectKeyIdentifier OBJECT IDENTIFIER ::= { id-ce 14 } 1625 * SubjectKeyIdentifier ::= KeyIdentifier 1626 * KeyIdentifier ::= OCTET STRING 1627 * </pre> 1628 * 1629 * @example 1630 * // set by hexadecimal string 1631 * e = new KJUR.asn1.x509.SubjectKeyIdentifier({kid: {hex: '89ab'}}); 1632 * // set by PEM public key or certificate string 1633 * e = new KJUR.asn1.x509.SubjectKeyIdentifier({kid: "-----BEGIN CERTIFICATE..."}); 1634 * // set by public key object 1635 * pubkey = KEYUTIL.getKey("-----BEGIN CERTIFICATE..."); 1636 * e = new KJUR.asn1.x509.SubjectKeyIdentifier({kid: pubkey}); 1637 */ 1638 KJUR.asn1.x509.SubjectKeyIdentifier = function(params) { 1639 KJUR.asn1.x509.SubjectKeyIdentifier.superclass.constructor.call(this, params); 1640 var _KJUR = KJUR, 1641 _KJUR_asn1 = _KJUR.asn1, 1642 _DEROctetString = _KJUR_asn1.DEROctetString; 1643 1644 this.asn1KID = null; 1645 1646 this.getExtnValueHex = function() { 1647 this.asn1ExtnValue = this.asn1KID; 1648 return this.asn1ExtnValue.getEncodedHex(); 1649 }; 1650 1651 /** 1652 * set keyIdentifier value by DEROctetString parameter, key object or PEM file 1653 * @name setKIDByParam 1654 * @memberOf KJUR.asn1.x509.SubjectKeyIdentifier# 1655 * @function 1656 * @param {Array} param array of {@link KJUR.asn1.DERInteger} parameter 1657 * @since asn1x509 1.1.7 jsrsasign 8.0.14 1658 * @description 1659 * <ul> 1660 * <li>{str: "123"} - by raw string</li> 1661 * <li>{hex: "01af..."} - by hexadecimal value</li> 1662 * <li>RSAKey/DSA/ECDSA - by RSAKey, KJUR.crypto.{DSA/ECDSA} public key object. 1663 * key identifier value will be calculated by the method described in 1664 * <a href="https://tools.ietf.org/html/rfc5280#section-4.2.1.2">RFC 5280 4.2.1.2 (1)</a>. 1665 * </li> 1666 * <li>certificate PEM string - extract subjectPublicKeyInfo from specified PEM 1667 * certificate and 1668 * key identifier value will be calculated by the method described in 1669 * <a href="https://tools.ietf.org/html/rfc5280#section-4.2.1.2">RFC 5280 4.2.1.2 (1)</a>. 1670 * <li>PKCS#1/#8 public key PEM string - pem will be converted to a key object and 1671 * to PKCS#8 ASN.1 structure then calculate 1672 * a key identifier value will be calculated by the method described in 1673 * <a href="https://tools.ietf.org/html/rfc5280#section-4.2.1.2">RFC 5280 4.2.1.2 (1)</a>. 1674 * </ul> 1675 * 1676 * NOTE1: Automatic key identifier calculation is supported 1677 * since jsrsasign 8.0.16. 1678 * 1679 * @see KEYUTIL.getKeyID 1680 * 1681 * @example 1682 * o = new KJUR.asn1.x509.SubjectKeyIdentifier(); 1683 * // set by hexadecimal string 1684 * o.setKIDByParam({hex: '1ad9...'}); 1685 * // set by SubjectPublicKeyInfo of PEM certificate string 1686 * o.setKIDByParam("-----BEGIN CERTIFICATE..."); 1687 * // set by PKCS#8 PEM public key string 1688 * o.setKIDByParam("-----BEGIN PUBLIC KEY..."); 1689 * // set by public key object 1690 * pubkey = KEYUTIL.getKey("-----BEGIN CERTIFICATE..."); 1691 * o.setKIDByParam(pubkey); 1692 */ 1693 this.setKIDByParam = function(param) { 1694 if (param.str !== undefined || 1695 param.hex !== undefined) { 1696 this.asn1KID = new _DEROctetString(param); 1697 } else if ((typeof param === "object" && 1698 KJUR.crypto.Util.isKey(param)) || 1699 (typeof param === "string" && 1700 param.indexOf("BEGIN") != -1)) { 1701 1702 var keyobj = param; 1703 if (typeof param === "string") { 1704 keyobj = KEYUTIL.getKey(param); 1705 } 1706 1707 var kid = KEYUTIL.getKeyID(keyobj); 1708 this.asn1KID = new KJUR.asn1.DEROctetString({hex: kid}); 1709 } 1710 }; 1711 1712 this.oid = "2.5.29.14"; 1713 if (params !== undefined) { 1714 if (params.kid !== undefined) { 1715 this.setKIDByParam(params.kid); 1716 } 1717 } 1718 }; 1719 extendClass(KJUR.asn1.x509.SubjectKeyIdentifier, KJUR.asn1.x509.Extension); 1720 1721 /** 1722 * AuthorityInfoAccess ASN.1 structure class 1723 * @name KJUR.asn1.x509.AuthorityInfoAccess 1724 * @class AuthorityInfoAccess ASN.1 structure class 1725 * @param {Array} params JSON object of AuthorityInfoAccess parameters 1726 * @extends KJUR.asn1.x509.Extension 1727 * @since asn1x509 1.0.8 1728 * @see {@link X509#getExtAuthorityInfoAccess} 1729 * @description 1730 * This class represents 1731 * <a href="https://tools.ietf.org/html/rfc5280#section-4.2.2.1"> 1732 * AuthorityInfoAccess extension defined in RFC 5280 4.2.2.1</a>. 1733 * <pre> 1734 * id-pe OBJECT IDENTIFIER ::= { id-pkix 1 } 1735 * id-pe-authorityInfoAccess OBJECT IDENTIFIER ::= { id-pe 1 } 1736 * AuthorityInfoAccessSyntax ::= 1737 * SEQUENCE SIZE (1..MAX) OF AccessDescription 1738 * AccessDescription ::= SEQUENCE { 1739 * accessMethod OBJECT IDENTIFIER, 1740 * accessLocation GeneralName } 1741 * id-ad OBJECT IDENTIFIER ::= { id-pkix 48 } 1742 * id-ad-caIssuers OBJECT IDENTIFIER ::= { id-ad 2 } 1743 * id-ad-ocsp OBJECT IDENTIFIER ::= { id-ad 1 } 1744 * </pre> 1745 * NOTE: Acceptable parameters have been changed since 1746 * from jsrsasign 9.0.0 asn1x509 2.0.0. 1747 * Parameter generated by {@link X509#getAuthorityInfoAccess} 1748 * can be accepted as a argument of this constructor. 1749 * @example 1750 * e1 = new KJUR.asn1.x509.AuthorityInfoAccess({ 1751 * array: [ 1752 * {ocsp: 'http://ocsp.example.org'}, 1753 * {caissuer: 'https://repository.example.org/aaa.crt'} 1754 * ] 1755 * }); 1756 */ 1757 KJUR.asn1.x509.AuthorityInfoAccess = function(params) { 1758 KJUR.asn1.x509.AuthorityInfoAccess.superclass.constructor.call(this, params); 1759 1760 this.setAccessDescriptionArray = function(aParam) { 1761 var aASN1 = new Array(), 1762 _KJUR = KJUR, 1763 _KJUR_asn1 = _KJUR.asn1, 1764 _DERSequence = _KJUR_asn1.DERSequence, 1765 _DERObjectIdentifier = _KJUR_asn1.DERObjectIdentifier, 1766 _GeneralName = _KJUR_asn1.x509.GeneralName; 1767 1768 for (var i = 0; i < aParam.length; i++) { 1769 var adseq; 1770 var adparam = aParam[i]; 1771 1772 if (adparam.ocsp !== undefined) { 1773 adseq = new _DERSequence({array: [ 1774 new _DERObjectIdentifier({oid: "1.3.6.1.5.5.7.48.1"}), 1775 new _GeneralName({uri: adparam.ocsp}) 1776 ]}); 1777 } else if (adparam.caissuer !== undefined) { 1778 adseq = new _DERSequence({array: [ 1779 new _DERObjectIdentifier({oid: "1.3.6.1.5.5.7.48.2"}), 1780 new _GeneralName({uri: adparam.caissuer}) 1781 ]}); 1782 } else { 1783 throw new Error("unknown AccessMethod parameter: " + 1784 JSON.stringify(adparam)); 1785 } 1786 aASN1.push(adseq); 1787 } 1788 this.asn1ExtnValue = new _DERSequence({'array':aASN1}); 1789 }; 1790 1791 this.getExtnValueHex = function() { 1792 return this.asn1ExtnValue.getEncodedHex(); 1793 }; 1794 1795 this.oid = "1.3.6.1.5.5.7.1.1"; 1796 if (params !== undefined) { 1797 if (params.array !== undefined) { 1798 this.setAccessDescriptionArray(params.array); 1799 } 1800 } 1801 }; 1802 extendClass(KJUR.asn1.x509.AuthorityInfoAccess, KJUR.asn1.x509.Extension); 1803 1804 /** 1805 * SubjectAltName ASN.1 structure class<br/> 1806 * @name KJUR.asn1.x509.SubjectAltName 1807 * @class SubjectAltName ASN.1 structure class 1808 * @param {Array} params associative array of parameters 1809 * @extends KJUR.asn1.x509.Extension 1810 * @since jsrsasign 6.2.3 asn1x509 1.0.19 1811 * @see KJUR.asn1.x509.GeneralNames 1812 * @see KJUR.asn1.x509.GeneralName 1813 * @description 1814 * This class provides X.509v3 SubjectAltName extension. 1815 * <pre> 1816 * id-ce-subjectAltName OBJECT IDENTIFIER ::= { id-ce 17 } 1817 * SubjectAltName ::= GeneralNames 1818 * GeneralNames ::= SEQUENCE SIZE (1..MAX) OF GeneralName 1819 * GeneralName ::= CHOICE { 1820 * otherName [0] OtherName, 1821 * rfc822Name [1] IA5String, 1822 * dNSName [2] IA5String, 1823 * x400Address [3] ORAddress, 1824 * directoryName [4] Name, 1825 * ediPartyName [5] EDIPartyName, 1826 * uniformResourceIdentifier [6] IA5String, 1827 * iPAddress [7] OCTET STRING, 1828 * registeredID [8] OBJECT IDENTIFIER } 1829 * </pre> 1830 * @example 1831 * e1 = new KJUR.asn1.x509.SubjectAltName({ 1832 * critical: true, 1833 * array: [{uri: 'http://aaa.com/'}, {uri: 'http://bbb.com/'}] 1834 * }); 1835 */ 1836 KJUR.asn1.x509.SubjectAltName = function(params) { 1837 KJUR.asn1.x509.SubjectAltName.superclass.constructor.call(this, params) 1838 1839 this.setNameArray = function(paramsArray) { 1840 this.asn1ExtnValue = new KJUR.asn1.x509.GeneralNames(paramsArray); 1841 }; 1842 1843 this.getExtnValueHex = function() { 1844 return this.asn1ExtnValue.getEncodedHex(); 1845 }; 1846 1847 this.oid = "2.5.29.17"; 1848 if (params !== undefined) { 1849 if (params.array !== undefined) { 1850 this.setNameArray(params.array); 1851 } 1852 } 1853 }; 1854 extendClass(KJUR.asn1.x509.SubjectAltName, KJUR.asn1.x509.Extension); 1855 1856 /** 1857 * IssuerAltName ASN.1 structure class<br/> 1858 * @name KJUR.asn1.x509.IssuerAltName 1859 * @class IssuerAltName ASN.1 structure class 1860 * @param {Array} params associative array of parameters 1861 * @extends KJUR.asn1.x509.Extension 1862 * @since jsrsasign 6.2.3 asn1x509 1.0.19 1863 * @see KJUR.asn1.x509.GeneralNames 1864 * @see KJUR.asn1.x509.GeneralName 1865 * @description 1866 * This class provides X.509v3 IssuerAltName extension. 1867 * <pre> 1868 * id-ce-subjectAltName OBJECT IDENTIFIER ::= { id-ce 18 } 1869 * IssuerAltName ::= GeneralNames 1870 * GeneralNames ::= SEQUENCE SIZE (1..MAX) OF GeneralName 1871 * GeneralName ::= CHOICE { 1872 * otherName [0] OtherName, 1873 * rfc822Name [1] IA5String, 1874 * dNSName [2] IA5String, 1875 * x400Address [3] ORAddress, 1876 * directoryName [4] Name, 1877 * ediPartyName [5] EDIPartyName, 1878 * uniformResourceIdentifier [6] IA5String, 1879 * iPAddress [7] OCTET STRING, 1880 * registeredID [8] OBJECT IDENTIFIER } 1881 * </pre> 1882 * @example 1883 * e1 = new KJUR.asn1.x509.IssuerAltName({ 1884 * critical: true, 1885 * array: [{uri: 'http://aaa.com/'}, {uri: 'http://bbb.com/'}] 1886 * }); 1887 */ 1888 KJUR.asn1.x509.IssuerAltName = function(params) { 1889 KJUR.asn1.x509.IssuerAltName.superclass.constructor.call(this, params) 1890 1891 this.setNameArray = function(paramsArray) { 1892 this.asn1ExtnValue = new KJUR.asn1.x509.GeneralNames(paramsArray); 1893 }; 1894 1895 this.getExtnValueHex = function() { 1896 return this.asn1ExtnValue.getEncodedHex(); 1897 }; 1898 1899 this.oid = "2.5.29.18"; 1900 if (params !== undefined) { 1901 if (params.array !== undefined) { 1902 this.setNameArray(params.array); 1903 } 1904 } 1905 }; 1906 extendClass(KJUR.asn1.x509.IssuerAltName, KJUR.asn1.x509.Extension); 1907 1908 /** 1909 * SubjectDirectoryAttributes ASN.1 structure class<br/> 1910 * @name KJUR.asn1.x509.SubjectDirectoryAttributes 1911 * @class SubjectDirectoryAttributes ASN.1 structure class 1912 * @param {Array} params associative array of parameters 1913 * @extends KJUR.asn1.x509.Extension 1914 * @since jsrsasign 10.1.9 asn1x509 2.1.7 1915 * @description 1916 * This class provides X.509v3 SubjectDirectoryAttributes extension 1917 * defined in <a href="https://tools.ietf.org/html/rfc3739#section-3.3.2"> 1918 * RFC 3739 Qualified Certificate Profile section 3.3.2</a>. 1919 * <pre> 1920 * SubjectDirectoryAttributes ::= Attributes 1921 * Attributes ::= SEQUENCE SIZE (1..MAX) OF Attribute 1922 * Attribute ::= SEQUENCE { 1923 * type AttributeType 1924 * values SET OF AttributeValue } 1925 * AttributeType ::= OBJECT IDENTIFIER 1926 * AttributeValue ::= ANY DEFINED BY AttributeType 1927 * </pre> 1928 * @example 1929 * e1 = new KJUR.asn1.x509.SubjectDirectoryAttributes({ 1930 * extname: "subjectDirectoryAttributes", 1931 * array: [ 1932 * { attr: "dateOfBirth", str: "19701231230000Z" }, 1933 * { attr: "placeOfBirth", str: "Tokyo" }, 1934 * { attr: "gender", str: "F" }, 1935 * { attr: "countryOfCitizenship", str: "JP" }, 1936 * { attr: "countryOfResidence", str: "JP" } 1937 * ] 1938 * }); 1939 */ 1940 KJUR.asn1.x509.SubjectDirectoryAttributes = function(params) { 1941 KJUR.asn1.x509.SubjectDirectoryAttributes.superclass.constructor.call(this, params); 1942 var _KJUR_asn1 = KJUR.asn1, 1943 _DERSequence = _KJUR_asn1.DERSequence, 1944 _newObject = _KJUR_asn1.ASN1Util.newObject, 1945 _name2oid = _KJUR_asn1.x509.OID.name2oid; 1946 1947 this.params = null; 1948 1949 this.getExtnValueHex = function() { 1950 var a = []; 1951 for (var i = 0; i < this.params.array.length; i++) { 1952 var pAttr = this.params.array[i]; 1953 1954 var newparam = { 1955 "seq": [ 1956 {"oid": "1.2.3.4"}, 1957 {"set": [{"utf8str": "DE"}]} 1958 ] 1959 }; 1960 1961 if (pAttr.attr == "dateOfBirth") { 1962 newparam.seq[0].oid = _name2oid(pAttr.attr); 1963 newparam.seq[1].set[0] = {"gentime": pAttr.str}; 1964 } else if (pAttr.attr == "placeOfBirth") { 1965 newparam.seq[0].oid = _name2oid(pAttr.attr); 1966 newparam.seq[1].set[0] = {"utf8str": pAttr.str}; 1967 } else if (pAttr.attr == "gender") { 1968 newparam.seq[0].oid = _name2oid(pAttr.attr); 1969 newparam.seq[1].set[0] = {"prnstr": pAttr.str}; 1970 } else if (pAttr.attr == "countryOfCitizenship") { 1971 newparam.seq[0].oid = _name2oid(pAttr.attr); 1972 newparam.seq[1].set[0] = {"prnstr": pAttr.str}; 1973 } else if (pAttr.attr == "countryOfResidence") { 1974 newparam.seq[0].oid = _name2oid(pAttr.attr); 1975 newparam.seq[1].set[0] = {"prnstr": pAttr.str}; 1976 } else { 1977 throw new Error("unsupported attribute: " + pAttr.attr); 1978 } 1979 a.push(new _newObject(newparam)); 1980 } 1981 var seq = new _DERSequence({array: a}); 1982 this.asn1ExtnValue = seq; 1983 return this.asn1ExtnValue.getEncodedHex(); 1984 }; 1985 1986 this.oid = "2.5.29.9"; 1987 if (params !== undefined) { 1988 this.params = params; 1989 } 1990 }; 1991 extendClass(KJUR.asn1.x509.SubjectDirectoryAttributes, KJUR.asn1.x509.Extension); 1992 1993 1994 /** 1995 * priavte extension ASN.1 structure class<br/> 1996 * @name KJUR.asn1.x509.PrivateExtension 1997 * @class private extension ASN.1 structure class 1998 * @param {Array} params JSON object of private extension 1999 * @extends KJUR.asn1.x509.Extension 2000 * @since jsrsasign 9.1.1 asn1x509 2001 * @see KJUR.asn1.ASN1Util.newObject 2002 * 2003 * @description 2004 * This class is to represent private extension or 2005 * unsupported extension. 2006 * <pre> 2007 * Extension ::= SEQUENCE { 2008 * extnID OBJECT IDENTIFIER, 2009 * critical BOOLEAN DEFAULT FALSE, 2010 * extnValue OCTET STRING } 2011 * </pre> 2012 * Following properties can be set for JSON parameter: 2013 * <ul> 2014 * <li>{String}extname - string of OID or predefined extension name</li> 2015 * <li>{Boolean}critical - critical flag</li> 2016 * <li>{Object}extn - hexadecimal string or 2017 * of {@link KJUR.asn1.ASN1Util.newObject} 2018 * JSON parameter for extnValue field</li> 2019 * </li> 2020 * </ul> 2021 * 2022 * @example 2023 * // extn by hexadecimal 2024 * new KJUR.asn1.x509.PrivateExtension({ 2025 * extname: "1.2.3.4", 2026 * critical: true, 2027 * extn: "13026161" // means PrintableString "aa" 2028 * }); 2029 * 2030 * // extn by JSON parameter 2031 * new KJUR.asn1.x509.PrivateExtension({ 2032 * extname: "1.2.3.5", 2033 * extn: {seq: [{prnstr:"abc"},{utf8str:"def"}]} 2034 * }); 2035 */ 2036 KJUR.asn1.x509.PrivateExtension = function(params) { 2037 KJUR.asn1.x509.PrivateExtension.superclass.constructor.call(this, params) 2038 2039 var _KJUR = KJUR, 2040 _isHex = _KJUR.lang.String.isHex, 2041 _KJUR_asn1 = _KJUR.asn1, 2042 _name2oid = _KJUR_asn1.x509.OID.name2oid, 2043 _newObject = _KJUR_asn1.ASN1Util.newObject; 2044 2045 this.params = null; 2046 2047 this.setByParam = function(params) { 2048 this.oid = _name2oid(params.extname); 2049 this.params = params; 2050 }; 2051 2052 this.getExtnValueHex = function() { 2053 if (this.params.extname == undefined || 2054 this.params.extn == undefined) { 2055 throw new Error("extname or extnhex not specified"); 2056 } 2057 2058 var extn = this.params.extn; 2059 if (typeof extn == "string" && _isHex(extn)) { 2060 return extn; 2061 } else if (typeof extn == "object") { 2062 try { 2063 return _newObject(extn).getEncodedHex(); 2064 } catch(ex) {} 2065 } 2066 throw new Error("unsupported extn value"); 2067 }; 2068 2069 if (params != undefined) { 2070 this.setByParam(params); 2071 } 2072 }; 2073 extendClass(KJUR.asn1.x509.PrivateExtension, KJUR.asn1.x509.Extension); 2074 2075 // === END X.509v3 Extensions Related ======================================= 2076 2077 // === BEGIN CRL Related =================================================== 2078 /** 2079 * X.509 CRL class to sign and generate hex encoded CRL<br/> 2080 * @name KJUR.asn1.x509.CRL 2081 * @class X.509 CRL class to sign and generate hex encoded certificate 2082 * @property {Array} params JSON object of parameters 2083 * @param {Array} params JSON object of CRL parameters 2084 * @extends KJUR.asn1.ASN1Object 2085 * @since 1.0.3 2086 * @see KJUR.asn1.x509.TBSCertList 2087 * 2088 * @description 2089 * This class represents CertificateList ASN.1 structur of X.509 CRL 2090 * defined in <a href="https://tools.ietf.org/html/rfc5280#section-5.1"> 2091 * RFC 5280 5.1</a> 2092 * <pre> 2093 * CertificateList ::= SEQUENCE { 2094 * tbsCertList TBSCertList, 2095 * signatureAlgorithm AlgorithmIdentifier, 2096 * signatureValue BIT STRING } 2097 * </pre> 2098 * NOTE: CRL class is updated without backward 2099 * compatibility from jsrsasign 9.1.0 asn1x509 2.1.0. 2100 * Most of methods are removed and parameters can be set 2101 * by JSON object. 2102 * <br/> 2103 * Constructor of this class can accept all 2104 * parameters of {@link KJUR.asn1.x509.TBSCertList}. 2105 * It also accept following parameters additionally: 2106 * <ul> 2107 * <li>{TBSCertList}tbsobj (OPTION) - 2108 * specifies {@link KJUR.asn1.x509.TBSCertList} 2109 * object to be signed if needed. 2110 * When this isn't specified, 2111 * this will be set from other parametes of TBSCertList.</li> 2112 * <li>{Object}cakey (OPTION) - specifies CRL signing private key. 2113 * Parameter "cakey" or "sighex" shall be specified. Following 2114 * values can be specified: 2115 * <ul> 2116 * <li>PKCS#1/5 or PKCS#8 PEM string of private key</li> 2117 * <li>RSAKey/DSA/ECDSA key object. {@link KEYUTIL.getKey} is useful 2118 * to generate a key object.</li> 2119 * </ul> 2120 * </li> 2121 * <li>{String}sighex (OPTION) - hexadecimal string of signature value 2122 * (i.e. ASN.1 value(V) of signatureValue BIT STRING without 2123 * unused bits)</li> 2124 * </ul> 2125 * 2126 * @example 2127 * var crl = new KJUR.asn1.x509.CRL({ 2128 * sigalg: "SHA256withRSA", 2129 * issuer: {str:'/C=JP/O=Test1'}, 2130 * thisupdate: "200821235959Z", 2131 * nextupdate: "200828235959Z", // OPTION 2132 * revcert: [{sn: {hex: "12ab"}, date: "200401235959Z"}], 2133 * ext: [ 2134 * {extname: "cRLNumber", num: {'int': 8}}, 2135 * {extname: "authorityKeyIdentifier", "kid": {hex: "12ab"}} 2136 * ], 2137 * cakey: prvkey 2138 * }); 2139 * crl.getEncodedHex() → "30..." 2140 * crl.getPEM() → "-----BEGIN X509 CRL..." 2141 */ 2142 KJUR.asn1.x509.CRL = function(params) { 2143 KJUR.asn1.x509.CRL.superclass.constructor.call(this); 2144 var _KJUR = KJUR, 2145 _KJUR_asn1 = _KJUR.asn1, 2146 _DERSequence = _KJUR_asn1.DERSequence, 2147 _DERBitString = _KJUR_asn1.DERBitString, 2148 _KJUR_asn1_x509 = _KJUR_asn1.x509, 2149 _AlgorithmIdentifier = _KJUR_asn1_x509.AlgorithmIdentifier, 2150 _TBSCertList = _KJUR_asn1_x509.TBSCertList; 2151 2152 this.params = undefined; 2153 2154 this.setByParam = function(params) { 2155 this.params = params; 2156 }; 2157 2158 /** 2159 * sign CRL<br/> 2160 * @name sign 2161 * @memberOf KJUR.asn1.x509.CRL# 2162 * @function 2163 * @description 2164 * This method signs TBSCertList with a specified 2165 * private key and algorithm by 2166 * this.params.cakey and this.params.sigalg parameter. 2167 * @example 2168 * crl = new KJUR.asn1.x509.CRL({..., cakey:prvkey}); 2169 * crl.sign() 2170 */ 2171 this.sign = function() { 2172 var hTBSCL = (new _TBSCertList(this.params)).getEncodedHex(); 2173 var sig = new KJUR.crypto.Signature({alg: this.params.sigalg}); 2174 sig.init(this.params.cakey); 2175 sig.updateHex(hTBSCL); 2176 var sighex = sig.sign(); 2177 this.params.sighex = sighex; 2178 }; 2179 2180 /** 2181 * get PEM formatted CRL string after signed<br/> 2182 * @name getPEM 2183 * @memberOf KJUR.asn1.x509.CRL# 2184 * @function 2185 * @return PEM formatted string of CRL 2186 * @since jsrsasign 9.1.0 asn1hex 2.1.0 2187 * @description 2188 * This method returns a string of PEM formatted 2189 * CRL. 2190 * @example 2191 * crl = new KJUR.asn1.x509.CRL({...}); 2192 * crl.getPEM() → 2193 * "-----BEGIN X509 CRL-----\r\n..." 2194 */ 2195 this.getPEM = function() { 2196 return hextopem(this.getEncodedHex(), "X509 CRL"); 2197 }; 2198 2199 this.getEncodedHex = function() { 2200 var params = this.params; 2201 2202 if (params.tbsobj == undefined) { 2203 params.tbsobj = new _TBSCertList(params); 2204 } 2205 2206 if (params.sighex == undefined && params.cakey != undefined) { 2207 this.sign(); 2208 } 2209 2210 if (params.sighex == undefined) { 2211 throw new Error("sighex or cakey parameter not defined"); 2212 } 2213 2214 var a = []; 2215 a.push(params.tbsobj); 2216 a.push(new _AlgorithmIdentifier({name: params.sigalg})); 2217 a.push(new _DERBitString({hex: "00" + params.sighex})); 2218 var seq = new _DERSequence({array: a}); 2219 return seq.getEncodedHex(); 2220 }; 2221 2222 if (params != undefined) this.params = params; 2223 }; 2224 extendClass(KJUR.asn1.x509.CRL, KJUR.asn1.ASN1Object); 2225 2226 /** 2227 * ASN.1 TBSCertList ASN.1 structure class for CRL<br/> 2228 * @name KJUR.asn1.x509.TBSCertList 2229 * @class TBSCertList ASN.1 structure class for CRL 2230 * @property {Array} params JSON object of parameters 2231 * @param {Array} params JSON object of TBSCertList parameters 2232 * @extends KJUR.asn1.ASN1Object 2233 * @since 1.0.3 2234 * 2235 * @description 2236 * This class represents TBSCertList of CRL defined in 2237 * <a href="https://tools.ietf.org/html/rfc5280#section-5.1"> 2238 * RFC 5280 5.1</a>. 2239 * <pre> 2240 * TBSCertList ::= SEQUENCE { 2241 * version Version OPTIONAL, 2242 * -- if present, MUST be v2 2243 * signature AlgorithmIdentifier, 2244 * issuer Name, 2245 * thisUpdate Time, 2246 * nextUpdate Time OPTIONAL, 2247 * revokedCertificates SEQUENCE OF SEQUENCE { 2248 * userCertificate CertificateSerialNumber, 2249 * revocationDate Time, 2250 * crlEntryExtensions Extensions OPTIONAL 2251 * -- if present, version MUST be v2 2252 * } OPTIONAL, 2253 * crlExtensions [0] EXPLICIT Extensions OPTIONAL 2254 * } 2255 * </pre> 2256 * NOTE: TBSCertList class is updated without backward 2257 * compatibility from jsrsasign 9.1.0 asn1x509 2.1.0. 2258 * Most of methods are removed and parameters can be set 2259 * by JSON object. 2260 * <br/> 2261 * Constructor of this class may have following parameters: 2262 * <ul> 2263 * <li>{Integer}version (OPTION) - version number. Omitted by default.</li> 2264 * <li>{String}sigalg - signature algorithm name</li> 2265 * <li>{Array}issuer - issuer parameter of {@link KJUR.asn1.x509.X500Name}</li> 2266 * <li>{String}thisupdate - thisUpdate field value</li> 2267 * <li>{String}nextupdate (OPTION) - thisUpdate field value</li> 2268 * <li>{Array}revcert (OPTION) - revokedCertificates field value as array 2269 * Its element may have following property: 2270 * <ul> 2271 * <li>{Array}sn - serialNumber of userCertificate field specified 2272 * by {@link KJUR.asn1.DERInteger}</li> 2273 * <li>{String}date - revocationDate field specified by 2274 * a string of {@link KJUR.asn1.x509.Time} parameter</li> 2275 * <li>{Array}ext (OPTION) - array of CRL entry extension parameter</li> 2276 * </ul> 2277 * </li> 2278 * </ul> 2279 * 2280 * @example 2281 * var o = new KJUR.asn1.x509.TBSCertList({ 2282 * sigalg: "SHA256withRSA", 2283 * issuer: {array: [[{type:'C',value:'JP',ds:'prn'}], 2284 * [{type:'O',value:'T1',ds:'prn'}]]}, 2285 * thisupdate: "200821235959Z", 2286 * nextupdate: "200828235959Z", // OPTION 2287 * revcert: [ 2288 * {sn: {hex: "12ab"}, date: "200401235959Z", ext: [{extname: "cRLReason", code:1}]}, 2289 * {sn: {hex: "12bc"}, date: "200405235959Z", ext: [{extname: "cRLReason", code:2}]} 2290 * ], 2291 * ext: [ 2292 * {extname: "cRLNumber", num: {'int': 8}}, 2293 * {extname: "authorityKeyIdentifier", "kid": {hex: "12ab"}} 2294 * ] 2295 * }); 2296 * o.getEncodedHex() → "30..." 2297 */ 2298 KJUR.asn1.x509.TBSCertList = function(params) { 2299 KJUR.asn1.x509.TBSCertList.superclass.constructor.call(this); 2300 var _KJUR = KJUR, 2301 _KJUR_asn1 = _KJUR.asn1, 2302 _DERInteger = _KJUR_asn1.DERInteger, 2303 _DERSequence = _KJUR_asn1.DERSequence, 2304 _DERTaggedObject = _KJUR_asn1.DERTaggedObject, 2305 _DERObjectIdentifier = _KJUR_asn1.DERObjectIdentifier, 2306 _KJUR_asn1_x509 = _KJUR_asn1.x509, 2307 _AlgorithmIdentifier = _KJUR_asn1_x509.AlgorithmIdentifier, 2308 _Time = _KJUR_asn1_x509.Time, 2309 _Extensions = _KJUR_asn1_x509.Extensions, 2310 _X500Name = _KJUR_asn1_x509.X500Name; 2311 this.params = null; 2312 2313 /** 2314 * get array of ASN.1 object for extensions<br/> 2315 * @name setByParam 2316 * @memberOf KJUR.asn1.x509.TBSCertList# 2317 * @function 2318 * @param {Array} JSON object of TBSCertList parameters 2319 * @example 2320 * tbsc = new KJUR.asn1.x509.TBSCertificate(); 2321 * tbsc.setByParam({version:3, serial:{hex:'1234...'},...}); 2322 */ 2323 this.setByParam = function(params) { 2324 this.params = params; 2325 }; 2326 2327 /** 2328 * get DERSequence for revokedCertificates<br/> 2329 * @name getRevCertSequence 2330 * @memberOf KJUR.asn1.x509.TBSCertList# 2331 * @function 2332 * @return {@link KJUR.asn1.DERSequence} of revokedCertificates 2333 */ 2334 this.getRevCertSequence = function() { 2335 var a = []; 2336 var aRevCert = this.params.revcert; 2337 for (var i = 0; i < aRevCert.length; i++) { 2338 var aEntry = [ 2339 new _DERInteger(aRevCert[i].sn), 2340 new _Time(aRevCert[i].date) 2341 ]; 2342 if (aRevCert[i].ext != undefined) { 2343 aEntry.push(new _Extensions(aRevCert[i].ext)); 2344 } 2345 a.push(new _DERSequence({array: aEntry})); 2346 } 2347 return new _DERSequence({array: a}); 2348 }; 2349 2350 this.getEncodedHex = function() { 2351 var a = []; 2352 var params = this.params; 2353 2354 if (params.version != undefined) { 2355 var version = params.version - 1; 2356 var obj = new _DERInteger({'int': version}); 2357 a.push(obj); 2358 } 2359 2360 a.push(new _AlgorithmIdentifier({name: params.sigalg})); 2361 a.push(new _X500Name(params.issuer)); 2362 a.push(new _Time(params.thisupdate)); 2363 if (params.nextupdate != undefined) 2364 a.push(new _Time(params.nextupdate)) 2365 if (params.revcert != undefined) { 2366 a.push(this.getRevCertSequence()); 2367 } 2368 if (params.ext != undefined) { 2369 var dExt = new _Extensions(params.ext); 2370 a.push(new _DERTaggedObject({tag:'a0', 2371 explicit:true, 2372 obj:dExt})); 2373 } 2374 2375 var seq = new _DERSequence({array: a}); 2376 return seq.getEncodedHex(); 2377 }; 2378 2379 if (params !== undefined) this.setByParam(params); 2380 }; 2381 extendClass(KJUR.asn1.x509.TBSCertList, KJUR.asn1.ASN1Object); 2382 2383 /** 2384 * ASN.1 CRLEntry structure class for CRL (DEPRECATED)<br/> 2385 * @name KJUR.asn1.x509.CRLEntry 2386 * @class ASN.1 CRLEntry structure class for CRL 2387 * @param {Array} params JSON object for CRL entry parameter 2388 * @extends KJUR.asn1.ASN1Object 2389 * @since 1.0.3 2390 * @see KJUR.asn1.x509.TBSCertList 2391 * @deprecated since jsrsasign 9.1.0 asn1x509 2.1.0 2392 * @description 2393 * This class is to represent revokedCertificate in TBSCertList. 2394 * However this is no more used by TBSCertList since 2395 * jsrsasign 9.1.0. So this class have been deprecated in 2396 * jsrsasign 9.1.0. 2397 * <pre> 2398 * revokedCertificates SEQUENCE OF SEQUENCE { 2399 * userCertificate CertificateSerialNumber, 2400 * revocationDate Time, 2401 * crlEntryExtensions Extensions OPTIONAL 2402 * -- if present, version MUST be v2 } 2403 * </pre> 2404 * @example 2405 * var e = new KJUR.asn1.x509.CRLEntry({'time': {'str': '130514235959Z'}, 'sn': {'int': 234}}); 2406 */ 2407 KJUR.asn1.x509.CRLEntry = function(params) { 2408 KJUR.asn1.x509.CRLEntry.superclass.constructor.call(this); 2409 var sn = null, 2410 time = null, 2411 _KJUR = KJUR, 2412 _KJUR_asn1 = _KJUR.asn1; 2413 2414 /** 2415 * set DERInteger parameter for serial number of revoked certificate 2416 * @name setCertSerial 2417 * @memberOf KJUR.asn1.x509.CRLEntry 2418 * @function 2419 * @param {Array} intParam DERInteger parameter for certificate serial number 2420 * @description 2421 * @example 2422 * entry.setCertSerial({'int': 3}); 2423 */ 2424 this.setCertSerial = function(intParam) { 2425 this.sn = new _KJUR_asn1.DERInteger(intParam); 2426 }; 2427 2428 /** 2429 * set Time parameter for revocation date 2430 * @name setRevocationDate 2431 * @memberOf KJUR.asn1.x509.CRLEntry 2432 * @function 2433 * @param {Array} timeParam Time parameter for revocation date 2434 * @description 2435 * @example 2436 * entry.setRevocationDate({'str': '130508235959Z'}); 2437 */ 2438 this.setRevocationDate = function(timeParam) { 2439 this.time = new _KJUR_asn1.x509.Time(timeParam); 2440 }; 2441 2442 this.getEncodedHex = function() { 2443 var o = new _KJUR_asn1.DERSequence({"array": [this.sn, this.time]}); 2444 this.TLV = o.getEncodedHex(); 2445 return this.TLV; 2446 }; 2447 2448 if (params !== undefined) { 2449 if (params.time !== undefined) { 2450 this.setRevocationDate(params.time); 2451 } 2452 if (params.sn !== undefined) { 2453 this.setCertSerial(params.sn); 2454 } 2455 } 2456 }; 2457 extendClass(KJUR.asn1.x509.CRLEntry, KJUR.asn1.ASN1Object); 2458 2459 /** 2460 * CRLNumber CRL extension ASN.1 structure class<br/> 2461 * @name KJUR.asn1.x509.CRLNumber 2462 * @class CRLNumber CRL extension ASN.1 structure class 2463 * @extends KJUR.asn1.x509.Extension 2464 * @since jsrsasign 9.1.0 asn1x509 2.1.0 2465 * @see KJUR.asn1.x509.TBSCertList 2466 * @see KJUR.asn1.x509.Extensions 2467 * @description 2468 * This class represents ASN.1 structure for 2469 * CRLNumber CRL extension defined in 2470 * <a href="https://tools.ietf.org/html/rfc5280#section-5.2.3"> 2471 * RFC 5280 5.2.3</a>. 2472 * <pre> 2473 * id-ce-cRLNumber OBJECT IDENTIFIER ::= { id-ce 20 } 2474 * CRLNumber ::= INTEGER (0..MAX) 2475 * </pre> 2476 * Constructor of this class may have following parameters: 2477 * <ul> 2478 * <li>{String}extname - name "cRLNumber". It is ignored in this class but 2479 * required to use with {@link KJUR.asn1.x509.Extensions} class. (OPTION)</li> 2480 * <li>{Object}num - CRLNumber value to specify 2481 * {@link KJUR.asn1.DERInteger} parameter.</li> 2482 * <li>{Boolean}critical - critical flag. Generally false and not specified 2483 * in this class.(OPTION)</li> 2484 * </ul> 2485 * 2486 * @example 2487 * new KJUR.asn1.x509.CRLNumber({extname:'cRLNumber', 2488 * num:{'int':147}}) 2489 */ 2490 KJUR.asn1.x509.CRLNumber = function(params) { 2491 KJUR.asn1.x509.CRLNumber.superclass.constructor.call(this, params); 2492 this.params = undefined; 2493 2494 this.getExtnValueHex = function() { 2495 this.asn1ExtnValue = new KJUR.asn1.DERInteger(this.params.num); 2496 return this.asn1ExtnValue.getEncodedHex(); 2497 }; 2498 2499 this.oid = "2.5.29.20"; 2500 if (params != undefined) this.params = params; 2501 }; 2502 extendClass(KJUR.asn1.x509.CRLNumber, KJUR.asn1.x509.Extension); 2503 2504 /** 2505 * CRLReason CRL entry extension ASN.1 structure class<br/> 2506 * @name KJUR.asn1.x509.CRLReason 2507 * @class CRLReason CRL entry extension ASN.1 structure class 2508 * @extends KJUR.asn1.x509.Extension 2509 * @since jsrsasign 9.1.0 asn1x509 2.1.0 2510 * @see KJUR.asn1.x509.TBSCertList 2511 * @see KJUR.asn1.x509.Extensions 2512 * @description 2513 * This class represents ASN.1 structure for 2514 * CRLReason CRL entry extension defined in 2515 * <a href="https://tools.ietf.org/html/rfc5280#section-5.3.1"> 2516 * RFC 5280 5.3.1</a> 2517 * <pre> 2518 * id-ce-cRLReasons OBJECT IDENTIFIER ::= { id-ce 21 } 2519 * -- reasonCode ::= { CRLReason } 2520 * CRLReason ::= ENUMERATED { 2521 * unspecified (0), 2522 * keyCompromise (1), 2523 * cACompromise (2), 2524 * affiliationChanged (3), 2525 * superseded (4), 2526 * cessationOfOperation (5), 2527 * certificateHold (6), 2528 * removeFromCRL (8), 2529 * privilegeWithdrawn (9), 2530 * aACompromise (10) } 2531 * </pre> 2532 * Constructor of this class may have following parameters: 2533 * <ul> 2534 * <li>{String}extname - name "cRLReason". It is ignored in this class but 2535 * required to use with {@link KJUR.asn1.x509.Extensions} class. (OPTION)</li> 2536 * <li>{Integer}code - reasonCode value</li> 2537 * <li>{Boolean}critical - critical flag. Generally false and not specified 2538 * in this class.(OPTION)</li> 2539 * </ul> 2540 * 2541 * @example 2542 * new KJUR.asn1.x509.CRLReason({extname:'cRLReason',code:4}) 2543 */ 2544 KJUR.asn1.x509.CRLReason = function(params) { 2545 KJUR.asn1.x509.CRLReason.superclass.constructor.call(this, params); 2546 this.params = undefined; 2547 2548 this.getExtnValueHex = function() { 2549 this.asn1ExtnValue = new KJUR.asn1.DEREnumerated(this.params.code); 2550 return this.asn1ExtnValue.getEncodedHex(); 2551 }; 2552 2553 this.oid = "2.5.29.21"; 2554 if (params != undefined) this.params = params; 2555 }; 2556 extendClass(KJUR.asn1.x509.CRLReason, KJUR.asn1.x509.Extension); 2557 2558 // === END CRL Related =================================================== 2559 2560 // === BEGIN OCSP Related =================================================== 2561 /** 2562 * Nonce OCSP extension ASN.1 structure class<br/> 2563 * @name KJUR.asn1.x509.OCSPNonce 2564 * @class Nonce OCSP extension ASN.1 structure class 2565 * @extends KJUR.asn1.x509.Extension 2566 * @since jsrsasign 9.1.6 asn1x509 2.1.2 2567 * @param {Array} params JSON object for Nonce extension 2568 * @see KJUR.asn1.ocsp.ResponseData 2569 * @see KJUR.asn1.x509.Extensions 2570 * @see X509#getExtOCSPNonce 2571 * @description 2572 * This class represents 2573 * Nonce OCSP extension value defined in 2574 * <a href="https://tools.ietf.org/html/rfc6960#section-4.4.1"> 2575 * RFC 6960 4.4.1</a> as JSON object. 2576 * <pre> 2577 * id-pkix-ocsp OBJECT IDENTIFIER ::= { id-ad-ocsp } 2578 * id-pkix-ocsp-nonce OBJECT IDENTIFIER ::= { id-pkix-ocsp 2 } 2579 * Nonce ::= OCTET STRING 2580 * </pre> 2581 * Constructor of this class may have following parameters: 2582 * <ul> 2583 * <li>{String}extname - name "ocspNonce". It is ignored in this class but 2584 * required to use with {@link KJUR.asn1.x509.Extensions} class. (OPTION)</li> 2585 * <li>{String}hex - hexadecimal string of nonce value</li> 2586 * <li>{Number}int - integer of nonce value. "hex" or "int" needs to be 2587 * specified.</li> 2588 * <li>{Boolean}critical - critical flag. Generally false and not specified 2589 * in this class.(OPTION)</li> 2590 * </ul> 2591 * 2592 * @example 2593 * new KJUR.asn1.x509.OCSPNonce({extname:'ocspNonce', 2594 * hex: '12ab...'}) 2595 */ 2596 KJUR.asn1.x509.OCSPNonce = function(params) { 2597 KJUR.asn1.x509.OCSPNonce.superclass.constructor.call(this, params); 2598 this.params = undefined; 2599 2600 this.getExtnValueHex = function() { 2601 this.asn1ExtnValue = new KJUR.asn1.DEROctetString(this.params); 2602 return this.asn1ExtnValue.getEncodedHex(); 2603 }; 2604 2605 this.oid = "1.3.6.1.5.5.7.48.1.2"; 2606 if (params != undefined) this.params = params; 2607 }; 2608 extendClass(KJUR.asn1.x509.OCSPNonce, KJUR.asn1.x509.Extension); 2609 2610 /** 2611 * OCSPNoCheck certificate ASN.1 structure class<br/> 2612 * @name KJUR.asn1.x509.OCSPNoCheck 2613 * @class OCSPNoCheck extension ASN.1 structure class 2614 * @extends KJUR.asn1.x509.Extension 2615 * @since jsrsasign 9.1.6 asn1x509 2.1.2 2616 * @param {Array} params JSON object for OCSPNoCheck extension 2617 * @see KJUR.asn1.x509.Extensions 2618 * @see X509#getExtOCSPNoCheck 2619 * @description 2620 * This class represents 2621 * OCSPNoCheck extension value defined in 2622 * <a href="https://tools.ietf.org/html/rfc6960#section-4.2.2.2.1"> 2623 * RFC 6960 4.2.2.2.1</a> as JSON object. 2624 * <pre> 2625 * id-pkix-ocsp-nocheck OBJECT IDENTIFIER ::= { id-pkix-ocsp 5 } 2626 * </pre> 2627 * Constructor of this class may have following parameters: 2628 * <ul> 2629 * <li>{String}extname - name "ocspNoCheck". It is ignored in this class but 2630 * required to use with {@link KJUR.asn1.x509.Extensions} class. (OPTION)</li> 2631 * <li>{Boolean}critical - critical flag. Generally false and not specified 2632 * in this class.(OPTION)</li> 2633 * </ul> 2634 * 2635 * @example 2636 * new KJUR.asn1.x509.OCSPNonce({extname:'ocspNoCheck'}) 2637 */ 2638 KJUR.asn1.x509.OCSPNoCheck = function(params) { 2639 KJUR.asn1.x509.OCSPNoCheck.superclass.constructor.call(this, params); 2640 this.params = undefined; 2641 2642 this.getExtnValueHex = function() { 2643 this.asn1ExtnValue = new KJUR.asn1.DERNull(); 2644 return this.asn1ExtnValue.getEncodedHex(); 2645 }; 2646 2647 this.oid = "1.3.6.1.5.5.7.48.1.5"; 2648 if (params != undefined) this.params = params; 2649 }; 2650 extendClass(KJUR.asn1.x509.OCSPNoCheck, KJUR.asn1.x509.Extension); 2651 2652 // === END OCSP Related =================================================== 2653 2654 // === BEGIN Other X.509v3 Extensions======================================== 2655 2656 /** 2657 * AdobeTimeStamp X.509v3 extension ASN.1 encoder class<br/> 2658 * @name KJUR.asn1.x509.AdobeTimeStamp 2659 * @class AdobeTimeStamp X.509v3 extension ASN.1 encoder class 2660 * @extends KJUR.asn1.x509.Extension 2661 * @since jsrsasign 10.0.1 asn1x509 2.1.4 2662 * @param {Array} params JSON object for AdobeTimeStamp extension parameter 2663 * @see KJUR.asn1.x509.Extensions 2664 * @see X509#getExtAdobeTimeStamp 2665 * @description 2666 * This class represents 2667 * AdobeTimeStamp X.509v3 extension value defined in 2668 * <a href="https://www.adobe.com/devnet-docs/acrobatetk/tools/DigSigDC/oids.html"> 2669 * Adobe site</a> as JSON object. 2670 * <pre> 2671 * adbe- OBJECT IDENTIFIER ::= { adbe(1.2.840.113583) acrobat(1) security(1) x509Ext(9) 1 } 2672 * ::= SEQUENCE { 2673 * version INTEGER { v1(1) }, -- extension version 2674 * location GeneralName (In v1 GeneralName can be only uniformResourceIdentifier) 2675 * requiresAuth boolean (default false), OPTIONAL } 2676 * </pre> 2677 * Constructor of this class may have following parameters: 2678 * <ul> 2679 * <li>{String}uri - RFC 3161 time stamp service URL</li> 2680 * <li>{Boolean}reqauth - authentication required or not</li> 2681 * </ul> 2682 * </pre> 2683 * <br/> 2684 * NOTE: This extesion doesn't seem to have official name. This may be called as "pdfTimeStamp". 2685 * @example 2686 * new KJUR.asn1.x509.AdobeTimesStamp({ 2687 * uri: "http://tsa.example.com/", 2688 * reqauth: true 2689 * } 2690 */ 2691 KJUR.asn1.x509.AdobeTimeStamp = function(params) { 2692 KJUR.asn1.x509.AdobeTimeStamp.superclass.constructor.call(this, params); 2693 2694 var _KJUR = KJUR, 2695 _KJUR_asn1 = _KJUR.asn1, 2696 _DERInteger = _KJUR_asn1.DERInteger, 2697 _DERBoolean = _KJUR_asn1.DERBoolean, 2698 _DERSequence = _KJUR_asn1.DERSequence, 2699 _GeneralName = _KJUR_asn1.x509.GeneralName; 2700 2701 this.params = null; 2702 2703 this.getExtnValueHex = function() { 2704 var params = this.params; 2705 var a = [new _DERInteger(1)]; 2706 a.push(new _GeneralName({uri: params.uri})); 2707 if (params.reqauth != undefined) { 2708 a.push(new _DERBoolean(params.reqauth)); 2709 } 2710 2711 this.asn1ExtnValue = new _DERSequence({array: a}); 2712 return this.asn1ExtnValue.getEncodedHex(); 2713 }; 2714 2715 this.oid = "1.2.840.113583.1.1.9.1"; 2716 if (params !== undefined) this.setByParam(params); 2717 }; 2718 extendClass(KJUR.asn1.x509.AdobeTimeStamp, KJUR.asn1.x509.Extension); 2719 2720 // === END Other X.509v3 Extensions======================================== 2721 2722 2723 // === BEGIN X500Name Related ================================================= 2724 /** 2725 * X500Name ASN.1 structure class 2726 * @name KJUR.asn1.x509.X500Name 2727 * @class X500Name ASN.1 structure class 2728 * @param {Array} params associative array of parameters (ex. {'str': '/C=US/O=a'}) 2729 * @extends KJUR.asn1.ASN1Object 2730 * @see KJUR.asn1.x509.X500Name 2731 * @see KJUR.asn1.x509.RDN 2732 * @see KJUR.asn1.x509.AttributeTypeAndValue 2733 * @see X509#getX500Name 2734 * @description 2735 * This class provides DistinguishedName ASN.1 class structure 2736 * defined in <a href="https://tools.ietf.org/html/rfc2253#section-2">RFC 2253 section 2</a>. 2737 * <blockquote><pre> 2738 * DistinguishedName ::= RDNSequence 2739 * RDNSequence ::= SEQUENCE OF RelativeDistinguishedName 2740 * RelativeDistinguishedName ::= SET SIZE (1..MAX) OF 2741 * AttributeTypeAndValue 2742 * AttributeTypeAndValue ::= SEQUENCE { 2743 * type AttributeType, 2744 * value AttributeValue } 2745 * </pre></blockquote> 2746 * <br/> 2747 * Argument for the constructor can be one of following parameters: 2748 * <ul> 2749 * <li>{Array}array - array of {@link KJUR.asn1.x509.RDN} parameter</li> 2750 * <li>`String}str - string for distingish name in OpenSSL One line foramt (ex: /C=US/O=test/CN=test) See <a href="https://github.com/kjur/jsrsasign/wiki/NOTE-distinguished-name-representation-in-jsrsasign">this</a> in detail.</li> 2751 * <li>{String}ldapstr - string for distinguish name in LDAP format (ex: CN=test,O=test,C=US)</li> 2752 * <li>{String}hex - hexadecimal string for ASN.1 distinguish name structure</li> 2753 * <li>{String}certissuer - issuer name in the specified PEM certificate</li> 2754 * <li>{String}certsubject - subject name in the specified PEM certificate</li> 2755 * <li>{String}rule - DirectoryString rule (ex. "prn" or "utf8")</li> 2756 * </ul> 2757 * <br/> 2758 * NOTE1: The "array" and "rule" parameters have been supported 2759 * since jsrsasign 9.0.0 asn1x509 2.0.0. 2760 * <br/> 2761 * NOTE2: Multi-valued RDN in "str" parameter have been 2762 * supported since jsrsasign 6.2.1 asn1x509 1.0.17. 2763 * @example 2764 * // 1. construct with array 2765 * new KJUR.asn1.x509.X500Name({array:[ 2766 * [{type:'C',value:'JP',ds:'prn'}], 2767 * [{type:'O',value:'aaa',ds:'utf8'}, // multi-valued RDN 2768 * {type:'CN',value:'bob@example.com',ds:'ia5'}] 2769 * ]}) 2770 * // 2. construct with string 2771 * new KJUR.asn1.x509.X500Name({str: "/C=US/ST=NY/L=Ballston Spa/STREET=915 Stillwater Ave"}); 2772 * new KJUR.asn1.x509.X500Name({str: "/CN=AAA/2.5.4.42=John/surname=Ray"}); 2773 * new KJUR.asn1.x509.X500Name({str: "/C=US/O=aaa+CN=contact@example.com"}); // multi valued 2774 * // 3. construct by LDAP string 2775 * new KJUR.asn1.x509.X500Name({ldapstr: "CN=foo@example.com,OU=bbb,C=US"}); 2776 * // 4. construct by ASN.1 hex string 2777 * new KJUR.asn1.x509.X500Name({hex: "304c3120..."}); 2778 * // 5. construct by issuer of PEM certificate 2779 * new KJUR.asn1.x509.X500Name({certsubject: "-----BEGIN CERT..."}); 2780 * // 6. construct by subject of PEM certificate 2781 * new KJUR.asn1.x509.X500Name({certissuer: "-----BEGIN CERT..."}); 2782 * // 7. construct by object (DEPRECATED) 2783 * new KJUR.asn1.x509.X500Name({C:"US",O:"aaa",CN:"http://example.com/"}); 2784 */ 2785 KJUR.asn1.x509.X500Name = function(params) { 2786 KJUR.asn1.x509.X500Name.superclass.constructor.call(this); 2787 this.asn1Array = []; 2788 this.paramArray = []; 2789 this.sRule = "utf8"; 2790 var _KJUR = KJUR, 2791 _KJUR_asn1 = _KJUR.asn1, 2792 _KJUR_asn1_x509 = _KJUR_asn1.x509, 2793 _RDN = _KJUR_asn1_x509.RDN, 2794 _pemtohex = pemtohex; 2795 2796 /** 2797 * set DN by OpenSSL oneline distinguished name string<br/> 2798 * @name setByString 2799 * @memberOf KJUR.asn1.x509.X500Name# 2800 * @function 2801 * @param {String} dnStr distinguished name by string (ex. /C=US/O=aaa) 2802 * @description 2803 * Sets distinguished name by string. 2804 * dnStr must be formatted as 2805 * "/type0=value0/type1=value1/type2=value2...". 2806 * No need to escape a slash in an attribute value. 2807 * @example 2808 * name = new KJUR.asn1.x509.X500Name(); 2809 * name.setByString("/C=US/O=aaa/OU=bbb/CN=foo@example.com"); 2810 * // no need to escape slash in an attribute value 2811 * name.setByString("/C=US/O=aaa/CN=1980/12/31"); 2812 */ 2813 this.setByString = function(dnStr, sRule) { 2814 if (sRule !== undefined) this.sRule = sRule; 2815 var a = dnStr.split('/'); 2816 a.shift(); 2817 2818 var a1 = []; 2819 for (var i = 0; i < a.length; i++) { 2820 if (a[i].match(/^[^=]+=.+$/)) { 2821 a1.push(a[i]); 2822 } else { 2823 var lastidx = a1.length - 1; 2824 a1[lastidx] = a1[lastidx] + "/" + a[i]; 2825 } 2826 } 2827 2828 for (var i = 0; i < a1.length; i++) { 2829 this.asn1Array.push(new _RDN({'str':a1[i], rule:this.sRule})); 2830 } 2831 }; 2832 2833 /** 2834 * set DN by LDAP(RFC 2253) distinguished name string<br/> 2835 * @name setByLdapString 2836 * @memberOf KJUR.asn1.x509.X500Name# 2837 * @function 2838 * @param {String} dnStr distinguished name by LDAP string (ex. O=aaa,C=US) 2839 * @since jsrsasign 6.2.2 asn1x509 1.0.18 2840 * @see {@link KJUR.asn1.x509.X500Name.ldapToCompat} 2841 * @description 2842 * @example 2843 * name = new KJUR.asn1.x509.X500Name(); 2844 * name.setByLdapString("CN=foo@example.com,OU=bbb,O=aaa,C=US"); 2845 */ 2846 this.setByLdapString = function(dnStr, sRule) { 2847 if (sRule !== undefined) this.sRule = sRule; 2848 var compat = _KJUR_asn1_x509.X500Name.ldapToCompat(dnStr); 2849 this.setByString(compat, sRule); 2850 }; 2851 2852 /** 2853 * set DN by associative array<br/> 2854 * @name setByObject 2855 * @memberOf KJUR.asn1.x509.X500Name# 2856 * @function 2857 * @param {Array} dnObj associative array of DN (ex. {C: "US", O: "aaa"}) 2858 * @since jsrsasign 4.9. asn1x509 1.0.13 2859 * @description 2860 * @example 2861 * name = new KJUR.asn1.x509.X500Name(); 2862 * name.setByObject({C: "US", O: "aaa", CN="http://example.com/"1}); 2863 */ 2864 this.setByObject = function(dnObj, sRule) { 2865 if (sRule !== undefined) this.sRule = sRule; 2866 2867 // Get all the dnObject attributes and stuff them in the ASN.1 array. 2868 for (var x in dnObj) { 2869 if (dnObj.hasOwnProperty(x)) { 2870 var newRDN = new _RDN({str: x + '=' + dnObj[x], rule: this.sRule}); 2871 // Initialize or push into the ANS1 array. 2872 this.asn1Array ? this.asn1Array.push(newRDN) 2873 : this.asn1Array = [newRDN]; 2874 } 2875 } 2876 }; 2877 2878 this.setByParam = function(params) { 2879 if (params.rule !== undefined) this.sRule = params.rule; 2880 2881 if (params.array !== undefined) { 2882 this.paramArray = params.array; 2883 } else { 2884 if (params.str !== undefined) { 2885 this.setByString(params.str); 2886 } else if (params.ldapstr !== undefined) { 2887 this.setByLdapString(params.ldapstr); 2888 } else if (params.hex !== undefined) { 2889 this.hTLV = params.hex; 2890 } else if (params.certissuer !== undefined) { 2891 var x = new X509(); 2892 x.readCertPEM(params.certissuer); 2893 this.hTLV = x.getIssuerHex(); 2894 } else if (params.certsubject !== undefined) { 2895 var x = new X509(); 2896 x.readCertPEM(params.certsubject); 2897 this.hTLV = x.getSubjectHex(); 2898 // If params is an object, then set the ASN1 array 2899 // just using the object attributes. 2900 // This is nice for fields that have lots of special 2901 // characters (i.e. CN: 'https://www.github.com/kjur//'). 2902 } else if (typeof params === "object" && 2903 params.certsubject === undefined && 2904 params.certissuer === undefined) { 2905 this.setByObject(params); 2906 } 2907 } 2908 } 2909 2910 this.getEncodedHex = function() { 2911 if (typeof this.hTLV == "string") return this.hTLV; 2912 2913 if (this.asn1Array.length == 0 && this.paramArray.length > 0) { 2914 for (var i = 0; i < this.paramArray.length; i++) { 2915 var param = {array: this.paramArray[i]}; 2916 if (this.sRule != "utf8") param.rule = this.sRule; 2917 var asn1RDN = new _RDN(param); 2918 this.asn1Array.push(asn1RDN); 2919 } 2920 } 2921 2922 var o = new _KJUR_asn1.DERSequence({"array": this.asn1Array}); 2923 this.hTLV = o.getEncodedHex(); 2924 return this.hTLV; 2925 }; 2926 2927 if (params !== undefined) this.setByParam(params); 2928 }; 2929 extendClass(KJUR.asn1.x509.X500Name, KJUR.asn1.ASN1Object); 2930 2931 /** 2932 * convert OpenSSL compat distinguished name format string to LDAP(RFC 2253) format<br/> 2933 * @name compatToLDAP 2934 * @memberOf KJUR.asn1.x509.X500Name 2935 * @function 2936 * @param {String} s distinguished name string in OpenSSL oneline compat (ex. /C=US/O=test) 2937 * @return {String} distinguished name string in LDAP(RFC 2253) format (ex. O=test,C=US) 2938 * @since jsrsasign 8.0.19 asn1x509 1.1.20 2939 * @description 2940 * This static method converts a distinguished name string in OpenSSL compat 2941 * format to LDAP(RFC 2253) format. 2942 * @see <a href="https://github.com/kjur/jsrsasign/wiki/NOTE-distinguished-name-representation-in-jsrsasign">jsrsasign wiki: distinguished name string difference between OpenSSL compat and LDAP(RFC 2253)</a> 2943 * @see <a href="https://www.openssl.org/docs/man1.0.2/man1/openssl-x509.html#NAME-OPTIONS">OpenSSL x509 command manual - NAME OPTIONS</a> 2944 * @example 2945 * KJUR.asn1.x509.X500Name.compatToLDAP("/C=US/O=test") → 'O=test,C=US' 2946 * KJUR.asn1.x509.X500Name.compatToLDAP("/C=US/O=a,a") → 'O=a\,a,C=US' 2947 */ 2948 KJUR.asn1.x509.X500Name.compatToLDAP = function(s) { 2949 if (s.substr(0, 1) !== "/") throw "malformed input"; 2950 2951 var result = ""; 2952 s = s.substr(1); 2953 2954 var a = s.split("/"); 2955 a.reverse(); 2956 a = a.map(function(s) {return s.replace(/,/, "\\,")}); 2957 2958 return a.join(","); 2959 }; 2960 2961 /** 2962 * convert OpenSSL compat distinguished name format string to LDAP(RFC 2253) format (DEPRECATED)<br/> 2963 * @name onelineToLDAP 2964 * @memberOf KJUR.asn1.x509.X500Name 2965 * @function 2966 * @param {String} s distinguished name string in OpenSSL compat format (ex. /C=US/O=test) 2967 * @return {String} distinguished name string in LDAP(RFC 2253) format (ex. O=test,C=US) 2968 * @since jsrsasign 6.2.2 asn1x509 1.0.18 2969 * @see KJUR.asn1.x509.X500Name.compatToLDAP 2970 * @description 2971 * This method is deprecated. Please use 2972 * {@link KJUR.asn1.x509.X500Name.compatToLDAP} instead. 2973 */ 2974 KJUR.asn1.x509.X500Name.onelineToLDAP = function(s) { 2975 return KJUR.asn1.x509.X500Name.compatToLDAP(s); 2976 } 2977 2978 /** 2979 * convert LDAP(RFC 2253) distinguished name format string to OpenSSL compat format<br/> 2980 * @name ldapToCompat 2981 * @memberOf KJUR.asn1.x509.X500Name 2982 * @function 2983 * @param {String} s distinguished name string in LDAP(RFC 2253) format (ex. O=test,C=US) 2984 * @return {String} distinguished name string in OpenSSL compat format (ex. /C=US/O=test) 2985 * @since jsrsasign 8.0.19 asn1x509 1.1.10 2986 * @description 2987 * This static method converts a distinguished name string in 2988 * LDAP(RFC 2253) format to OpenSSL compat format. 2989 * @see <a href="https://github.com/kjur/jsrsasign/wiki/NOTE-distinguished-name-representation-in-jsrsasign">jsrsasign wiki: distinguished name string difference between OpenSSL compat and LDAP(RFC 2253)</a> 2990 * @example 2991 * KJUR.asn1.x509.X500Name.ldapToCompat('O=test,C=US') → '/C=US/O=test' 2992 * KJUR.asn1.x509.X500Name.ldapToCompat('O=a\,a,C=US') → '/C=US/O=a,a' 2993 * KJUR.asn1.x509.X500Name.ldapToCompat('O=a/a,C=US') → '/C=US/O=a\/a' 2994 */ 2995 KJUR.asn1.x509.X500Name.ldapToCompat = function(s) { 2996 var a = s.split(","); 2997 2998 // join \, 2999 var isBSbefore = false; 3000 var a2 = []; 3001 for (var i = 0; a.length > 0; i++) { 3002 var item = a.shift(); 3003 //console.log("item=" + item); 3004 3005 if (isBSbefore === true) { 3006 var a2last = a2.pop(); 3007 var newitem = (a2last + "," + item).replace(/\\,/g, ","); 3008 a2.push(newitem); 3009 isBSbefore = false; 3010 } else { 3011 a2.push(item); 3012 } 3013 3014 if (item.substr(-1, 1) === "\\") isBSbefore = true; 3015 } 3016 3017 a2 = a2.map(function(s) {return s.replace("/", "\\/")}); 3018 a2.reverse(); 3019 return "/" + a2.join("/"); 3020 }; 3021 3022 /** 3023 * convert LDAP(RFC 2253) distinguished name format string to OpenSSL compat format (DEPRECATED)<br/> 3024 * @name ldapToOneline 3025 * @memberOf KJUR.asn1.x509.X500Name 3026 * @function 3027 * @param {String} s distinguished name string in LDAP(RFC 2253) format (ex. O=test,C=US) 3028 * @return {String} distinguished name string in OpenSSL compat format (ex. /C=US/O=test) 3029 * @since jsrsasign 6.2.2 asn1x509 1.0.18 3030 * @description 3031 * This method is deprecated. Please use 3032 * {@link KJUR.asn1.x509.X500Name.ldapToCompat} instead. 3033 */ 3034 KJUR.asn1.x509.X500Name.ldapToOneline = function(s) { 3035 return KJUR.asn1.x509.X500Name.ldapToCompat(s); 3036 }; 3037 3038 /** 3039 * RDN (Relative Distinguished Name) ASN.1 structure class 3040 * @name KJUR.asn1.x509.RDN 3041 * @class RDN (Relative Distinguished Name) ASN.1 structure class 3042 * @param {Array} params associative array of parameters (ex. {'str': 'C=US'}) 3043 * @extends KJUR.asn1.ASN1Object 3044 * @see KJUR.asn1.x509.X500Name 3045 * @see KJUR.asn1.x509.RDN 3046 * @see KJUR.asn1.x509.AttributeTypeAndValue 3047 * @description 3048 * This class provides RelativeDistinguishedName ASN.1 class structure 3049 * defined in <a href="https://tools.ietf.org/html/rfc2253#section-2">RFC 2253 section 2</a>. 3050 * <blockquote><pre> 3051 * RelativeDistinguishedName ::= SET SIZE (1..MAX) OF 3052 * AttributeTypeAndValue 3053 * 3054 * AttributeTypeAndValue ::= SEQUENCE { 3055 * type AttributeType, 3056 * value AttributeValue } 3057 * </pre></blockquote> 3058 * <br/> 3059 * NOTE1: The "array" and "rule" parameters have been supported 3060 * since jsrsasign 9.0.0 asn1x509 2.0.0. 3061 * <br/> 3062 * NOTE2: Multi-valued RDN in "str" parameter have been 3063 * supported since jsrsasign 6.2.1 asn1x509 1.0.17. 3064 * @example 3065 * new KJUR.asn1.x509.RDN({array: [ // multi-valued 3066 * {type:"CN",value:"Bob",ds:"prn"}, 3067 * {type:"CN",value:"bob@example.com", ds:"ia5"} 3068 * ]}); 3069 * new KJUR.asn1.x509.RDN({str: "CN=test"}); 3070 * new KJUR.asn1.x509.RDN({str: "O=a+O=bb+O=c"}); // multi-valued 3071 * new KJUR.asn1.x509.RDN({str: "O=a+O=b\\+b+O=c"}); // plus escaped 3072 * new KJUR.asn1.x509.RDN({str: "O=a+O=\"b+b\"+O=c"}); // double quoted 3073 */ 3074 KJUR.asn1.x509.RDN = function(params) { 3075 KJUR.asn1.x509.RDN.superclass.constructor.call(this); 3076 this.asn1Array = []; 3077 this.paramArray = []; 3078 this.sRule = "utf8"; // DEFAULT "utf8" 3079 var _AttributeTypeAndValue = KJUR.asn1.x509.AttributeTypeAndValue; 3080 3081 this.setByParam = function(params) { 3082 if (params.rule !== undefined) this.sRule = params.rule; 3083 if (params.str !== undefined) { 3084 this.addByMultiValuedString(params.str); 3085 } 3086 if (params.array !== undefined) this.paramArray = params.array; 3087 }; 3088 3089 /** 3090 * add one AttributeTypeAndValue by string<br/> 3091 * @name addByString 3092 * @memberOf KJUR.asn1.x509.RDN# 3093 * @function 3094 * @param {String} s string of AttributeTypeAndValue 3095 * @return {Object} unspecified 3096 * @description 3097 * This method add one AttributeTypeAndValue to RDN object. 3098 * @example 3099 * rdn = new KJUR.asn1.x509.RDN(); 3100 * rdn.addByString("CN=john"); 3101 * rdn.addByString("serialNumber=1234"); // for multi-valued RDN 3102 */ 3103 this.addByString = function(s) { 3104 this.asn1Array.push(new KJUR.asn1.x509.AttributeTypeAndValue({'str': s, rule: this.sRule})); 3105 }; 3106 3107 /** 3108 * add one AttributeTypeAndValue by multi-valued string<br/> 3109 * @name addByMultiValuedString 3110 * @memberOf KJUR.asn1.x509.RDN# 3111 * @function 3112 * @param {String} s string of multi-valued RDN 3113 * @return {Object} unspecified 3114 * @since jsrsasign 6.2.1 asn1x509 1.0.17 3115 * @description 3116 * This method add multi-valued RDN to RDN object. 3117 * @example 3118 * rdn = new KJUR.asn1.x509.RDN(); 3119 * rdn.addByMultiValuedString("CN=john+O=test"); 3120 * rdn.addByMultiValuedString("O=a+O=b\+b\+b+O=c"); // multi-valued RDN with quoted plus 3121 * rdn.addByMultiValuedString("O=a+O=\"b+b+b\"+O=c"); // multi-valued RDN with quoted quotation 3122 */ 3123 this.addByMultiValuedString = function(s) { 3124 var a = KJUR.asn1.x509.RDN.parseString(s); 3125 for (var i = 0; i < a.length; i++) { 3126 this.addByString(a[i]); 3127 } 3128 }; 3129 3130 this.getEncodedHex = function() { 3131 if (this.asn1Array.length == 0 && this.paramArray.length > 0) { 3132 for (var i = 0; i < this.paramArray.length; i++) { 3133 var param = this.paramArray[i]; 3134 if (param.rule !== undefined && 3135 this.sRule != "utf8") { 3136 param.rule = this.sRule; 3137 } 3138 //alert(JSON.stringify(param)); 3139 var asn1ATV = new _AttributeTypeAndValue(param); 3140 this.asn1Array.push(asn1ATV); 3141 } 3142 } 3143 var o = new KJUR.asn1.DERSet({"array": this.asn1Array}); 3144 this.TLV = o.getEncodedHex(); 3145 return this.TLV; 3146 }; 3147 3148 if (params !== undefined) { 3149 this.setByParam(params); 3150 } 3151 }; 3152 extendClass(KJUR.asn1.x509.RDN, KJUR.asn1.ASN1Object); 3153 3154 /** 3155 * parse multi-valued RDN string and split into array of 'AttributeTypeAndValue'<br/> 3156 * @name parseString 3157 * @memberOf KJUR.asn1.x509.RDN 3158 * @function 3159 * @param {String} s multi-valued string of RDN 3160 * @return {Array} array of string of AttributeTypeAndValue 3161 * @since jsrsasign 6.2.1 asn1x509 1.0.17 3162 * @description 3163 * This static method parses multi-valued RDN string and split into 3164 * array of AttributeTypeAndValue. 3165 * @example 3166 * KJUR.asn1.x509.RDN.parseString("CN=john") → ["CN=john"] 3167 * KJUR.asn1.x509.RDN.parseString("CN=john+OU=test") → ["CN=john", "OU=test"] 3168 * KJUR.asn1.x509.RDN.parseString('CN="jo+hn"+OU=test') → ["CN=jo+hn", "OU=test"] 3169 * KJUR.asn1.x509.RDN.parseString('CN=jo\+hn+OU=test') → ["CN=jo+hn", "OU=test"] 3170 * KJUR.asn1.x509.RDN.parseString("CN=john+OU=test+OU=t1") → ["CN=john", "OU=test", "OU=t1"] 3171 */ 3172 KJUR.asn1.x509.RDN.parseString = function(s) { 3173 var a = s.split(/\+/); 3174 3175 // join \+ 3176 var isBSbefore = false; 3177 var a2 = []; 3178 for (var i = 0; a.length > 0; i++) { 3179 var item = a.shift(); 3180 //console.log("item=" + item); 3181 3182 if (isBSbefore === true) { 3183 var a2last = a2.pop(); 3184 var newitem = (a2last + "+" + item).replace(/\\\+/g, "+"); 3185 a2.push(newitem); 3186 isBSbefore = false; 3187 } else { 3188 a2.push(item); 3189 } 3190 3191 if (item.substr(-1, 1) === "\\") isBSbefore = true; 3192 } 3193 3194 // join quote 3195 var beginQuote = false; 3196 var a3 = []; 3197 for (var i = 0; a2.length > 0; i++) { 3198 var item = a2.shift(); 3199 3200 if (beginQuote === true) { 3201 var a3last = a3.pop(); 3202 if (item.match(/"$/)) { 3203 var newitem = (a3last + "+" + item).replace(/^([^=]+)="(.*)"$/, "$1=$2"); 3204 a3.push(newitem); 3205 beginQuote = false; 3206 } else { 3207 a3.push(a3last + "+" + item); 3208 } 3209 } else { 3210 a3.push(item); 3211 } 3212 3213 if (item.match(/^[^=]+="/)) { 3214 //console.log(i + "=" + item); 3215 beginQuote = true; 3216 } 3217 } 3218 return a3; 3219 }; 3220 3221 /** 3222 * AttributeTypeAndValue ASN.1 structure class 3223 * @name KJUR.asn1.x509.AttributeTypeAndValue 3224 * @class AttributeTypeAndValue ASN.1 structure class 3225 * @param {Array} params JSON object for parameters (ex. {str: 'C=US'}) 3226 * @extends KJUR.asn1.ASN1Object 3227 * @see KJUR.asn1.x509.X500Name 3228 * @see KJUR.asn1.x509.RDN 3229 * @see KJUR.asn1.x509.AttributeTypeAndValue 3230 * @see X509#getAttrTypeAndValue 3231 * @description 3232 * This class generates AttributeTypeAndValue defined in 3233 * <a href="https://tools.ietf.org/html/rfc5280#section-4.1.2.4"> 3234 * RFC 5280 4.1.2.4</a>. 3235 * <pre> 3236 * AttributeTypeAndValue ::= SEQUENCE { 3237 * type AttributeType, 3238 * value AttributeValue } 3239 * AttributeType ::= OBJECT IDENTIFIER 3240 * AttributeValue ::= ANY -- DEFINED BY AttributeType 3241 * </pre> 3242 * The constructor argument can have following parameters: 3243 * <ul> 3244 * <li>{String}type - AttributeType name or OID(ex. C,O,CN)</li> 3245 * <li>{String}value - raw string of ASN.1 value of AttributeValue</li> 3246 * <li>{String}ds - DirectoryString type of AttributeValue</li> 3247 * <li>{String}rule - DirectoryString type rule (ex. "prn" or "utf8") 3248 * set DirectoryString type automatically when "ds" not specified.</li> 3249 * <li>{String}str - AttributeTypeAndVale string (ex. "C=US"). 3250 * When type and value don't exists, 3251 * this "str" will be converted to "type" and "value". 3252 * </li> 3253 * </ul> 3254 * <br 3255 * NOTE: Parameters "type", "value,", "ds" and "rule" have 3256 * been supported since jsrsasign 9.0.0 asn1x509 2.0.0. 3257 * @example 3258 * new KJUR.asn1.x509.AttributeTypeAndValue({type:'C',value:'US',ds:'prn'}) 3259 * new KJUR.asn1.x509.AttributeTypeAndValue({type:'givenName',value:'John',ds:'prn'}) 3260 * new KJUR.asn1.x509.AttributeTypeAndValue({type:'2.5.4.9',value:'71 Bowman St',ds:'prn'}) 3261 * new KJUR.asn1.x509.AttributeTypeAndValue({str:'O=T1'}) 3262 * new KJUR.asn1.x509.AttributeTypeAndValue({str:'streetAddress=71 Bowman St'}) 3263 * new KJUR.asn1.x509.AttributeTypeAndValue({str:'O=T1',rule='prn'}) 3264 * new KJUR.asn1.x509.AttributeTypeAndValue({str:'O=T1',rule='utf8'}) 3265 */ 3266 KJUR.asn1.x509.AttributeTypeAndValue = function(params) { 3267 KJUR.asn1.x509.AttributeTypeAndValue.superclass.constructor.call(this); 3268 this.sRule = "utf8"; 3269 this.sType = null; 3270 this.sValue = null; 3271 this.dsType = null; 3272 var _KJUR = KJUR, 3273 _KJUR_asn1 = _KJUR.asn1, 3274 _DERSequence = _KJUR_asn1.DERSequence, 3275 _DERUTF8String = _KJUR_asn1.DERUTF8String, 3276 _DERPrintableString = _KJUR_asn1.DERPrintableString, 3277 _DERTeletexString = _KJUR_asn1.DERTeletexString, 3278 _DERIA5String = _KJUR_asn1.DERIA5String, 3279 _DERVisibleString = _KJUR_asn1.DERVisibleString, 3280 _DERBMPString = _KJUR_asn1.DERBMPString, 3281 _isMail = _KJUR.lang.String.isMail, 3282 _isPrintable = _KJUR.lang.String.isPrintable; 3283 3284 this.setByParam = function(params) { 3285 if (params.rule !== undefined) this.sRule = params.rule; 3286 if (params.ds !== undefined) this.dsType = params.ds; 3287 3288 if (params.value === undefined && 3289 params.str !== undefined) { 3290 var str = params.str; 3291 var matchResult = str.match(/^([^=]+)=(.+)$/); 3292 if (matchResult) { 3293 this.sType = matchResult[1]; 3294 this.sValue = matchResult[2]; 3295 } else { 3296 throw new Error("malformed attrTypeAndValueStr: " + 3297 attrTypeAndValueStr); 3298 } 3299 3300 //this.setByString(params.str); 3301 } else { 3302 this.sType = params.type; 3303 this.sValue = params.value; 3304 } 3305 }; 3306 3307 /* 3308 * @deprecated 3309 */ 3310 this.setByString = function(sTypeValue, sRule) { 3311 if (sRule !== undefined) this.sRule = sRule; 3312 var matchResult = sTypeValue.match(/^([^=]+)=(.+)$/); 3313 if (matchResult) { 3314 this.setByAttrTypeAndValueStr(matchResult[1], matchResult[2]); 3315 } else { 3316 throw new Error("malformed attrTypeAndValueStr: " + 3317 attrTypeAndValueStr); 3318 } 3319 }; 3320 3321 this._getDsType = function() { 3322 var sType = this.sType; 3323 var sValue = this.sValue; 3324 var sRule = this.sRule; 3325 3326 if (sRule === "prn") { 3327 if (sType == "CN" && _isMail(sValue)) return "ia5"; 3328 if (_isPrintable(sValue)) return "prn"; 3329 return "utf8"; 3330 } else if (sRule === "utf8") { 3331 if (sType == "CN" && _isMail(sValue)) return "ia5"; 3332 if (sType == "C") return "prn"; 3333 return "utf8"; 3334 } 3335 return "utf8"; // default 3336 }; 3337 3338 this.setByAttrTypeAndValueStr = function(sType, sValue, sRule) { 3339 if (sRule !== undefined) this.sRule = sRule; 3340 this.sType = sType; 3341 this.sValue = sValue; 3342 }; 3343 3344 this.getValueObj = function(dsType, valueStr) { 3345 if (dsType == "utf8") return new _DERUTF8String({"str": valueStr}); 3346 if (dsType == "prn") return new _DERPrintableString({"str": valueStr}); 3347 if (dsType == "tel") return new _DERTeletexString({"str": valueStr}); 3348 if (dsType == "ia5") return new _DERIA5String({"str": valueStr}); 3349 if (dsType == "vis") return new _DERVisibleString({"str": valueStr}); 3350 if (dsType == "bmp") return new _DERBMPString({"str": valueStr}); 3351 throw new Error("unsupported directory string type: type=" + 3352 dsType + " value=" + valueStr); 3353 }; 3354 3355 this.getEncodedHex = function() { 3356 if (this.dsType == null) this.dsType = this._getDsType(); 3357 var asn1Type = KJUR.asn1.x509.OID.atype2obj(this.sType); 3358 var asn1Value = this.getValueObj(this.dsType, this.sValue); 3359 var o = new _DERSequence({"array": [asn1Type, asn1Value]}); 3360 this.TLV = o.getEncodedHex(); 3361 return this.TLV; 3362 }; 3363 3364 if (params !== undefined) { 3365 this.setByParam(params); 3366 } 3367 }; 3368 extendClass(KJUR.asn1.x509.AttributeTypeAndValue, KJUR.asn1.ASN1Object); 3369 3370 // === END X500Name Related ================================================= 3371 3372 // === BEGIN Other ASN1 structure class ====================================== 3373 3374 /** 3375 * SubjectPublicKeyInfo ASN.1 structure class 3376 * @name KJUR.asn1.x509.SubjectPublicKeyInfo 3377 * @class SubjectPublicKeyInfo ASN.1 structure class 3378 * @param {Object} params parameter for subject public key 3379 * @extends KJUR.asn1.ASN1Object 3380 * @description 3381 * <br/> 3382 * As for argument 'params' for constructor, you can specify one of 3383 * following properties: 3384 * <ul> 3385 * <li>{@link RSAKey} object</li> 3386 * <li>{@link KJUR.crypto.ECDSA} object</li> 3387 * <li>{@link KJUR.crypto.DSA} object</li> 3388 * </ul> 3389 * NOTE1: 'params' can be omitted.<br/> 3390 * NOTE2: DSA/ECDSA key object is also supported since asn1x509 1.0.6.<br/> 3391 * <h4>EXAMPLE</h4> 3392 * @example 3393 * spki = new KJUR.asn1.x509.SubjectPublicKeyInfo(RSAKey_object); 3394 * spki = new KJUR.asn1.x509.SubjectPublicKeyInfo(KJURcryptoECDSA_object); 3395 * spki = new KJUR.asn1.x509.SubjectPublicKeyInfo(KJURcryptoDSA_object); 3396 */ 3397 KJUR.asn1.x509.SubjectPublicKeyInfo = function(params) { 3398 KJUR.asn1.x509.SubjectPublicKeyInfo.superclass.constructor.call(this); 3399 var asn1AlgId = null, 3400 asn1SubjPKey = null, 3401 _KJUR = KJUR, 3402 _KJUR_asn1 = _KJUR.asn1, 3403 _DERInteger = _KJUR_asn1.DERInteger, 3404 _DERBitString = _KJUR_asn1.DERBitString, 3405 _DERObjectIdentifier = _KJUR_asn1.DERObjectIdentifier, 3406 _DERSequence = _KJUR_asn1.DERSequence, 3407 _newObject = _KJUR_asn1.ASN1Util.newObject, 3408 _KJUR_asn1_x509 = _KJUR_asn1.x509, 3409 _AlgorithmIdentifier = _KJUR_asn1_x509.AlgorithmIdentifier, 3410 _KJUR_crypto = _KJUR.crypto, 3411 _KJUR_crypto_ECDSA = _KJUR_crypto.ECDSA, 3412 _KJUR_crypto_DSA = _KJUR_crypto.DSA; 3413 3414 /* 3415 * @since asn1x509 1.0.7 3416 */ 3417 this.getASN1Object = function() { 3418 if (this.asn1AlgId == null || this.asn1SubjPKey == null) 3419 throw "algId and/or subjPubKey not set"; 3420 var o = new _DERSequence({'array': 3421 [this.asn1AlgId, this.asn1SubjPKey]}); 3422 return o; 3423 }; 3424 3425 this.getEncodedHex = function() { 3426 var o = this.getASN1Object(); 3427 this.hTLV = o.getEncodedHex(); 3428 return this.hTLV; 3429 }; 3430 3431 /** 3432 * @name setPubKey 3433 * @memberOf KJUR.asn1.x509.SubjectPublicKeyInfo# 3434 * @function 3435 * @param {Object} {@link RSAKey}, {@link KJUR.crypto.ECDSA} or {@link KJUR.crypto.DSA} object 3436 * @since jsrsasign 8.0.0 asn1x509 1.1.0 3437 * @description 3438 * @example 3439 * spki = new KJUR.asn1.x509.SubjectPublicKeyInfo(); 3440 * pubKey = KEYUTIL.getKey(PKCS8PUBKEYPEM); 3441 * spki.setPubKey(pubKey); 3442 */ 3443 this.setPubKey = function(key) { 3444 try { 3445 if (key instanceof RSAKey) { 3446 var asn1RsaPub = _newObject({ 3447 'seq': [{'int': {'bigint': key.n}}, {'int': {'int': key.e}}] 3448 }); 3449 var rsaKeyHex = asn1RsaPub.getEncodedHex(); 3450 this.asn1AlgId = new _AlgorithmIdentifier({'name':'rsaEncryption'}); 3451 this.asn1SubjPKey = new _DERBitString({'hex':'00'+rsaKeyHex}); 3452 } 3453 } catch(ex) {}; 3454 3455 try { 3456 if (key instanceof KJUR.crypto.ECDSA) { 3457 var asn1Params = new _DERObjectIdentifier({'name': key.curveName}); 3458 this.asn1AlgId = 3459 new _AlgorithmIdentifier({'name': 'ecPublicKey', 3460 'asn1params': asn1Params}); 3461 this.asn1SubjPKey = new _DERBitString({'hex': '00' + key.pubKeyHex}); 3462 } 3463 } catch(ex) {}; 3464 3465 try { 3466 if (key instanceof KJUR.crypto.DSA) { 3467 var asn1Params = new _newObject({ 3468 'seq': [{'int': {'bigint': key.p}}, 3469 {'int': {'bigint': key.q}}, 3470 {'int': {'bigint': key.g}}] 3471 }); 3472 this.asn1AlgId = 3473 new _AlgorithmIdentifier({'name': 'dsa', 3474 'asn1params': asn1Params}); 3475 var pubInt = new _DERInteger({'bigint': key.y}); 3476 this.asn1SubjPKey = 3477 new _DERBitString({'hex': '00' + pubInt.getEncodedHex()}); 3478 } 3479 } catch(ex) {}; 3480 }; 3481 3482 if (params !== undefined) { 3483 this.setPubKey(params); 3484 } 3485 }; 3486 extendClass(KJUR.asn1.x509.SubjectPublicKeyInfo, KJUR.asn1.ASN1Object); 3487 3488 /** 3489 * Time ASN.1 structure class<br/> 3490 * @name KJUR.asn1.x509.Time 3491 * @class Time ASN.1 structure class 3492 * @param {Array} params associative array of parameters (ex. {'str': '130508235959Z'}) 3493 * @extends KJUR.asn1.ASN1Object 3494 * @see KJUR.asn1.DERUTCTime 3495 * @see KJUR.asn1.DERGeneralizedTime 3496 * @description 3497 * This class represents Time ASN.1 structure defined in 3498 * <a href="https://tools.ietf.org/html/rfc5280">RFC 5280</a> 3499 * <pre> 3500 * Time ::= CHOICE { 3501 * utcTime UTCTime, 3502 * generalTime GeneralizedTime } 3503 * </pre> 3504 * 3505 * @example 3506 * var t1 = new KJUR.asn1.x509.Time{'str': '130508235959Z'} // UTCTime by default 3507 * var t2 = new KJUR.asn1.x509.Time{'type': 'gen', 'str': '20130508235959Z'} // GeneralizedTime 3508 */ 3509 KJUR.asn1.x509.Time = function(params) { 3510 KJUR.asn1.x509.Time.superclass.constructor.call(this); 3511 var type = null, 3512 timeParams = null, 3513 _KJUR = KJUR, 3514 _KJUR_asn1 = _KJUR.asn1, 3515 _DERUTCTime = _KJUR_asn1.DERUTCTime, 3516 _DERGeneralizedTime = _KJUR_asn1.DERGeneralizedTime; 3517 this.params = null; 3518 this.type = null; 3519 3520 // deprecated 3521 this.setTimeParams = function(timeParams) { 3522 this.timeParams = timeParams; 3523 } 3524 3525 this.setByParam = function(params) { 3526 this.params = params; 3527 }; 3528 3529 this.getType = function(s) { 3530 if (s.match(/^[0-9]{12}Z$/)) return "utc"; 3531 if (s.match(/^[0-9]{14}Z$/)) return "gen"; 3532 if (s.match(/^[0-9]{12}\.[0-9]+Z$/)) return "utc"; 3533 if (s.match(/^[0-9]{14}\.[0-9]+Z$/)) return "gen"; 3534 return null; 3535 }; 3536 3537 this.getEncodedHex = function() { 3538 var params = this.params; 3539 var o = null; 3540 3541 if (typeof params == "string") params = {str: params}; 3542 if (params != null && 3543 params.str && 3544 (params.type == null || params.type == undefined)) { 3545 params.type = this.getType(params.str); 3546 } 3547 3548 if (params != null && params.str) { 3549 if (params.type == "utc") o = new _DERUTCTime(params.str); 3550 if (params.type == "gen") o = new _DERGeneralizedTime(params.str); 3551 } else { 3552 if (this.type == "gen") { 3553 o = new _DERGeneralizedTime(); 3554 } else { 3555 o = new _DERUTCTime(); 3556 } 3557 } 3558 3559 if (o == null) throw new Error("wrong setting for Time"); 3560 this.TLV = o.getEncodedHex(); 3561 return this.TLV; 3562 }; 3563 3564 if (params != undefined) this.setByParam(params); 3565 }; 3566 3567 KJUR.asn1.x509.Time_bak = function(params) { 3568 KJUR.asn1.x509.Time_bak.superclass.constructor.call(this); 3569 var type = null, 3570 timeParams = null, 3571 _KJUR = KJUR, 3572 _KJUR_asn1 = _KJUR.asn1, 3573 _DERUTCTime = _KJUR_asn1.DERUTCTime, 3574 _DERGeneralizedTime = _KJUR_asn1.DERGeneralizedTime; 3575 3576 this.setTimeParams = function(timeParams) { 3577 this.timeParams = timeParams; 3578 } 3579 3580 this.getEncodedHex = function() { 3581 var o = null; 3582 3583 if (this.timeParams != null) { 3584 if (this.type == "utc") { 3585 o = new _DERUTCTime(this.timeParams); 3586 } else { 3587 o = new _DERGeneralizedTime(this.timeParams); 3588 } 3589 } else { 3590 if (this.type == "utc") { 3591 o = new _DERUTCTime(); 3592 } else { 3593 o = new _DERGeneralizedTime(); 3594 } 3595 } 3596 this.TLV = o.getEncodedHex(); 3597 return this.TLV; 3598 }; 3599 3600 this.type = "utc"; 3601 if (params !== undefined) { 3602 if (params.type !== undefined) { 3603 this.type = params.type; 3604 } else { 3605 if (params.str !== undefined) { 3606 if (params.str.match(/^[0-9]{12}Z$/)) this.type = "utc"; 3607 if (params.str.match(/^[0-9]{14}Z$/)) this.type = "gen"; 3608 } 3609 } 3610 this.timeParams = params; 3611 } 3612 }; 3613 extendClass(KJUR.asn1.x509.Time, KJUR.asn1.ASN1Object); 3614 3615 /** 3616 * AlgorithmIdentifier ASN.1 structure class 3617 * @name KJUR.asn1.x509.AlgorithmIdentifier 3618 * @class AlgorithmIdentifier ASN.1 structure class 3619 * @param {Array} params associative array of parameters (ex. {'name': 'SHA1withRSA'}) 3620 * @extends KJUR.asn1.ASN1Object 3621 * @description 3622 * The 'params' argument is an associative array and has following parameters: 3623 * <ul> 3624 * <li>name: algorithm name (MANDATORY, ex. sha1, SHA256withRSA)</li> 3625 * <li>asn1params: explicitly specify ASN.1 object for algorithm. 3626 * (OPTION)</li> 3627 * <li>paramempty: set algorithm parameter to NULL by force. 3628 * If paramempty is false, algorithm parameter will be set automatically. 3629 * If paramempty is false and algorithm name is "*withDSA" or "withECDSA" parameter field of 3630 * AlgorithmIdentifier will be ommitted otherwise 3631 * it will be NULL by default. 3632 * (OPTION, DEFAULT = false)</li> 3633 * </ul> 3634 * RSA-PSS algorithm names such as SHA{,256,384,512}withRSAandMGF1 are 3635 * special names. They will set a suite of algorithm OID and multiple algorithm 3636 * parameters. Its ASN.1 schema is defined in 3637 * <a href="https://tools.ietf.org/html/rfc3447#appendix-A.2.3">RFC 3447 PKCS#1 2.1 3638 * section A.2.3</a>. 3639 * <blockquote><pre> 3640 * id-RSASSA-PSS OBJECT IDENTIFIER ::= { pkcs-1 10 } 3641 * RSASSA-PSS-params ::= SEQUENCE { 3642 * hashAlgorithm [0] HashAlgorithm DEFAULT sha1, 3643 * maskGenAlgorithm [1] MaskGenAlgorithm DEFAULT mgf1SHA1, 3644 * saltLength [2] INTEGER DEFAULT 20, 3645 * trailerField [3] TrailerField DEFAULT trailerFieldBC } 3646 * mgf1SHA1 MaskGenAlgorithm ::= { 3647 * algorithm id-mgf1, 3648 * parameters HashAlgorithm : sha1 } 3649 * id-mgf1 OBJECT IDENTIFIER ::= { pkcs-1 8 } 3650 * TrailerField ::= INTEGER { trailerFieldBC(1) } 3651 * </pre></blockquote> 3652 * Here is a table for PSS parameters: 3653 * <table> 3654 * <tr><th>Name</th><th>alg oid</th><th>pss hash</th><th>maskgen</th></th><th>pss saltlen</th><th>trailer</th></tr> 3655 * <tr><td>SHAwithRSAandMGF1</td><td>1.2.840.113549.1.1.10(rsapss)</td><td>default(sha1)</td><td>default(mgf1sha1)</td><td>default(20)</td><td>default(1)</td></tr> 3656 * <tr><td>SHA256withRSAandMGF1</td><td>1.2.840.113549.1.1.10(rsapss)</td><td>sha256</td><td>mgf1sha256</td><td>32</td><td>default(1)</td></tr> 3657 * <tr><td>SHA384withRSAandMGF1</td><td>1.2.840.113549.1.1.10(rsapss)</td><td>sha384</td><td>mgf1sha384</td><td>48</td><td>default(1)</td></tr> 3658 * <tr><td>SHA512withRSAandMGF1</td><td>1.2.840.113549.1.1.10(rsapss)</td><td>sha512</td><td>mgf1sha512</td><td>64</td><td>default(1)</td></tr> 3659 * </table> 3660 * Default value is omitted as defined in ASN.1 schema. 3661 * These parameters are interoperable to OpenSSL or IAIK toolkit. 3662 * <br/> 3663 * NOTE: RSA-PSS algorihtm names are supported since jsrsasign 8.0.21. 3664 * @example 3665 * new KJUR.asn1.x509.AlgorithmIdentifier({name: "sha1"}) 3666 * new KJUR.asn1.x509.AlgorithmIdentifier({name: "SHA256withRSA"}) 3667 * new KJUR.asn1.x509.AlgorithmIdentifier({name: "SHA512withRSAandMGF1"}) // set parameters automatically 3668 * new KJUR.asn1.x509.AlgorithmIdentifier({name: "SHA256withRSA", paramempty: true}) 3669 * new KJUR.asn1.x509.AlgorithmIdentifier({name: "rsaEncryption"}) 3670 */ 3671 KJUR.asn1.x509.AlgorithmIdentifier = function(params) { 3672 KJUR.asn1.x509.AlgorithmIdentifier.superclass.constructor.call(this); 3673 this.nameAlg = null; 3674 this.asn1Alg = null; 3675 this.asn1Params = null; 3676 this.paramEmpty = false; 3677 3678 var _KJUR = KJUR, 3679 _KJUR_asn1 = _KJUR.asn1, 3680 _PSSNAME2ASN1TLV = _KJUR_asn1.x509.AlgorithmIdentifier.PSSNAME2ASN1TLV; 3681 3682 this.getEncodedHex = function() { 3683 if (this.nameAlg === null && this.asn1Alg === null) { 3684 throw new Error("algorithm not specified"); 3685 } 3686 3687 // for RSAPSS algorithm name 3688 // && this.hTLV === null 3689 if (this.nameAlg !== null) { 3690 var hTLV = null; 3691 for (var key in _PSSNAME2ASN1TLV) { 3692 if (key === this.nameAlg) { 3693 hTLV = _PSSNAME2ASN1TLV[key]; 3694 } 3695 } 3696 if (hTLV !== null) { 3697 this.hTLV = hTLV; 3698 return this.hTLV; 3699 } 3700 } 3701 3702 if (this.nameAlg !== null && this.asn1Alg === null) { 3703 this.asn1Alg = _KJUR_asn1.x509.OID.name2obj(this.nameAlg); 3704 } 3705 var a = [this.asn1Alg]; 3706 if (this.asn1Params !== null) a.push(this.asn1Params); 3707 3708 var o = new _KJUR_asn1.DERSequence({'array': a}); 3709 this.hTLV = o.getEncodedHex(); 3710 return this.hTLV; 3711 }; 3712 3713 if (params !== undefined) { 3714 if (params.name !== undefined) { 3715 this.nameAlg = params.name; 3716 } 3717 if (params.asn1params !== undefined) { 3718 this.asn1Params = params.asn1params; 3719 } 3720 if (params.paramempty !== undefined) { 3721 this.paramEmpty = params.paramempty; 3722 } 3723 } 3724 3725 // set algorithm parameters will be ommitted for 3726 // "*withDSA" or "*withECDSA" otherwise will be NULL. 3727 if (this.asn1Params === null && 3728 this.paramEmpty === false && 3729 this.nameAlg !== null) { 3730 3731 if (this.nameAlg.name !== undefined) { 3732 this.nameAlg = this.nameAlg.name; 3733 } 3734 var lcNameAlg = this.nameAlg.toLowerCase(); 3735 3736 if (lcNameAlg.substr(-7, 7) !== "withdsa" && 3737 lcNameAlg.substr(-9, 9) !== "withecdsa") { 3738 this.asn1Params = new _KJUR_asn1.DERNull(); 3739 } 3740 } 3741 }; 3742 extendClass(KJUR.asn1.x509.AlgorithmIdentifier, KJUR.asn1.ASN1Object); 3743 3744 /** 3745 * AlgorithmIdentifier ASN.1 TLV string associative array for RSA-PSS algorithm names 3746 * @const 3747 */ 3748 KJUR.asn1.x509.AlgorithmIdentifier.PSSNAME2ASN1TLV = { 3749 "SHAwithRSAandMGF1": 3750 "300d06092a864886f70d01010a3000", 3751 "SHA256withRSAandMGF1": 3752 "303d06092a864886f70d01010a3030a00d300b0609608648016503040201a11a301806092a864886f70d010108300b0609608648016503040201a203020120", 3753 "SHA384withRSAandMGF1": 3754 "303d06092a864886f70d01010a3030a00d300b0609608648016503040202a11a301806092a864886f70d010108300b0609608648016503040202a203020130", 3755 "SHA512withRSAandMGF1": 3756 "303d06092a864886f70d01010a3030a00d300b0609608648016503040203a11a301806092a864886f70d010108300b0609608648016503040203a203020140" 3757 }; 3758 3759 /** 3760 * GeneralName ASN.1 structure class<br/> 3761 * @name KJUR.asn1.x509.GeneralName 3762 * @class GeneralName ASN.1 structure class 3763 * @description 3764 * <br/> 3765 * As for argument 'params' for constructor, you can specify one of 3766 * following properties: 3767 * <ul> 3768 * <li>rfc822 - rfc822Name[1] (ex. user1@foo.com)</li> 3769 * <li>dns - dNSName[2] (ex. foo.com)</li> 3770 * <li>uri - uniformResourceIdentifier[6] (ex. http://foo.com/)</li> 3771 * <li>dn - directoryName[4] 3772 * distinguished name string or X500Name class parameters can be 3773 * specified (ex. "/C=US/O=Test", {hex: '301c...')</li> 3774 * <li>ldapdn - directoryName[4] (ex. O=Test,C=US)</li> 3775 * <li>certissuer - directoryName[4] (PEM or hex string of cert)</li> 3776 * <li>certsubj - directoryName[4] (PEM or hex string of cert)</li> 3777 * <li>ip - iPAddress[7] (ex. 192.168.1.1, 2001:db3::43, 3faa0101...)</li> 3778 * </ul> 3779 * NOTE1: certissuer and certsubj were supported since asn1x509 1.0.10.<br/> 3780 * NOTE2: dn and ldapdn were supported since jsrsasign 6.2.3 asn1x509 1.0.19.<br/> 3781 * NOTE3: ip were supported since jsrsasign 8.0.10 asn1x509 1.1.4.<br/> 3782 * NOTE4: X500Name parameters in dn were supported since jsrsasign 8.0.16.<br/> 3783 * 3784 * Here is definition of the ASN.1 syntax: 3785 * <pre> 3786 * -- NOTE: under the CHOICE, it will always be explicit. 3787 * GeneralName ::= CHOICE { 3788 * otherName [0] OtherName, 3789 * rfc822Name [1] IA5String, 3790 * dNSName [2] IA5String, 3791 * x400Address [3] ORAddress, 3792 * directoryName [4] Name, 3793 * ediPartyName [5] EDIPartyName, 3794 * uniformResourceIdentifier [6] IA5String, 3795 * iPAddress [7] OCTET STRING, 3796 * registeredID [8] OBJECT IDENTIFIER } 3797 * </pre> 3798 * 3799 * @example 3800 * gn = new KJUR.asn1.x509.GeneralName({dn: '/C=US/O=Test'}); 3801 * gn = new KJUR.asn1.x509.GeneralName({dn: X500NameObject); 3802 * gn = new KJUR.asn1.x509.GeneralName({dn: {str: /C=US/O=Test'}); 3803 * gn = new KJUR.asn1.x509.GeneralName({dn: {ldapstr: 'O=Test,C=US'}); 3804 * gn = new KJUR.asn1.x509.GeneralName({dn: {hex: '301c...'}); 3805 * gn = new KJUR.asn1.x509.GeneralName({dn: {certissuer: PEMCERTSTRING}); 3806 * gn = new KJUR.asn1.x509.GeneralName({dn: {certsubject: PEMCERTSTRING}); 3807 * gn = new KJUR.asn1.x509.GeneralName({ip: '192.168.1.1'}); 3808 * gn = new KJUR.asn1.x509.GeneralName({ip: '2001:db4::4:1'}); 3809 * gn = new KJUR.asn1.x509.GeneralName({ip: 'c0a80101'}); 3810 * gn = new KJUR.asn1.x509.GeneralName({rfc822: 'test@aaa.com'}); 3811 * gn = new KJUR.asn1.x509.GeneralName({dns: 'aaa.com'}); 3812 * gn = new KJUR.asn1.x509.GeneralName({uri: 'http://aaa.com/'}); 3813 * 3814 * gn = new KJUR.asn1.x509.GeneralName({ldapdn: 'O=Test,C=US'}); // DEPRECATED 3815 * gn = new KJUR.asn1.x509.GeneralName({certissuer: certPEM}); // DEPRECATED 3816 * gn = new KJUR.asn1.x509.GeneralName({certsubj: certPEM}); // DEPRECATED 3817 */ 3818 KJUR.asn1.x509.GeneralName = function(params) { 3819 KJUR.asn1.x509.GeneralName.superclass.constructor.call(this); 3820 var asn1Obj = null, 3821 type = null, 3822 pTag = {rfc822: '81', dns: '82', dn: 'a4', uri: '86', ip: '87'}, 3823 _KJUR = KJUR, 3824 _KJUR_asn1 = _KJUR.asn1, 3825 _DERSequence = _KJUR_asn1.DERSequence, 3826 _DEROctetString = _KJUR_asn1.DEROctetString, 3827 _DERIA5String = _KJUR_asn1.DERIA5String, 3828 _DERTaggedObject = _KJUR_asn1.DERTaggedObject, 3829 _ASN1Object = _KJUR_asn1.ASN1Object, 3830 _X500Name = _KJUR_asn1.x509.X500Name, 3831 _pemtohex = pemtohex; 3832 3833 this.explicit = false; 3834 3835 this.setByParam = function(params) { 3836 var str = null; 3837 var v = null; 3838 3839 if (params === undefined) return; 3840 3841 if (params.rfc822 !== undefined) { 3842 this.type = 'rfc822'; 3843 v = new _DERIA5String({str: params[this.type]}); 3844 } 3845 3846 if (params.dns !== undefined) { 3847 this.type = 'dns'; 3848 v = new _DERIA5String({str: params[this.type]}); 3849 } 3850 3851 if (params.uri !== undefined) { 3852 this.type = 'uri'; 3853 v = new _DERIA5String({str: params[this.type]}); 3854 } 3855 3856 if (params.dn !== undefined) { 3857 this.type = 'dn'; 3858 this.explicit = true; 3859 if (typeof params.dn === "string") { 3860 v = new _X500Name({str: params.dn}); 3861 } else if (params.dn instanceof KJUR.asn1.x509.X500Name) { 3862 v = params.dn; 3863 } else { 3864 v = new _X500Name(params.dn); 3865 } 3866 } 3867 3868 if (params.ldapdn !== undefined) { 3869 this.type = 'dn'; 3870 this.explicit = true; 3871 v = new _X500Name({ldapstr: params.ldapdn}); 3872 } 3873 3874 if (params.certissuer !== undefined) { 3875 this.type = 'dn'; 3876 this.explicit = true; 3877 var certStr = params.certissuer; 3878 var certHex = null; 3879 3880 if (certStr.match(/^[0-9A-Fa-f]+$/)) { 3881 certHex == certStr; 3882 } 3883 3884 if (certStr.indexOf("-----BEGIN ") != -1) { 3885 certHex = _pemtohex(certStr); 3886 } 3887 3888 if (certHex == null) throw "certissuer param not cert"; 3889 var x = new X509(); 3890 x.hex = certHex; 3891 var dnHex = x.getIssuerHex(); 3892 v = new _ASN1Object(); 3893 v.hTLV = dnHex; 3894 } 3895 3896 if (params.certsubj !== undefined) { 3897 this.type = 'dn'; 3898 this.explicit = true; 3899 var certStr = params.certsubj; 3900 var certHex = null; 3901 if (certStr.match(/^[0-9A-Fa-f]+$/)) { 3902 certHex == certStr; 3903 } 3904 if (certStr.indexOf("-----BEGIN ") != -1) { 3905 certHex = _pemtohex(certStr); 3906 } 3907 if (certHex == null) throw "certsubj param not cert"; 3908 var x = new X509(); 3909 x.hex = certHex; 3910 var dnHex = x.getSubjectHex(); 3911 v = new _ASN1Object(); 3912 v.hTLV = dnHex; 3913 } 3914 3915 if (params.ip !== undefined) { 3916 this.type = 'ip'; 3917 this.explicit = false; 3918 var ip = params.ip; 3919 var hIP; 3920 var malformedIPMsg = "malformed IP address"; 3921 if (ip.match(/^[0-9.]+[.][0-9.]+$/)) { // ipv4 3922 hIP = intarystrtohex("[" + ip.split(".").join(",") + "]"); 3923 if (hIP.length !== 8) throw malformedIPMsg; 3924 } else if (ip.match(/^[0-9A-Fa-f:]+:[0-9A-Fa-f:]+$/)) { // ipv6 3925 hIP = ipv6tohex(ip); 3926 } else if (ip.match(/^([0-9A-Fa-f][0-9A-Fa-f]){1,}$/)) { // hex 3927 hIP = ip; 3928 } else { 3929 throw malformedIPMsg; 3930 } 3931 v = new _DEROctetString({hex: hIP}); 3932 } 3933 3934 if (this.type == null) 3935 throw "unsupported type in params=" + params; 3936 this.asn1Obj = new _DERTaggedObject({'explicit': this.explicit, 3937 'tag': pTag[this.type], 3938 'obj': v}); 3939 }; 3940 3941 this.getEncodedHex = function() { 3942 return this.asn1Obj.getEncodedHex(); 3943 } 3944 3945 if (params !== undefined) { 3946 this.setByParam(params); 3947 } 3948 3949 }; 3950 extendClass(KJUR.asn1.x509.GeneralName, KJUR.asn1.ASN1Object); 3951 3952 /** 3953 * GeneralNames ASN.1 structure class<br/> 3954 * @name KJUR.asn1.x509.GeneralNames 3955 * @class GeneralNames ASN.1 structure class 3956 * @description 3957 * <br/> 3958 * <h4>EXAMPLE AND ASN.1 SYNTAX</h4> 3959 * @example 3960 * gns = new KJUR.asn1.x509.GeneralNames([{'uri': 'http://aaa.com/'}, {'uri': 'http://bbb.com/'}]); 3961 * 3962 * GeneralNames ::= SEQUENCE SIZE (1..MAX) OF GeneralName 3963 */ 3964 KJUR.asn1.x509.GeneralNames = function(paramsArray) { 3965 KJUR.asn1.x509.GeneralNames.superclass.constructor.call(this); 3966 var asn1Array = null, 3967 _KJUR = KJUR, 3968 _KJUR_asn1 = _KJUR.asn1; 3969 3970 /** 3971 * set a array of {@link KJUR.asn1.x509.GeneralName} parameters<br/> 3972 * @name setByParamArray 3973 * @memberOf KJUR.asn1.x509.GeneralNames# 3974 * @function 3975 * @param {Array} paramsArray Array of {@link KJUR.asn1.x509.GeneralNames} 3976 * @description 3977 * <br/> 3978 * <h4>EXAMPLES</h4> 3979 * @example 3980 * gns = new KJUR.asn1.x509.GeneralNames(); 3981 * gns.setByParamArray([{uri: 'http://aaa.com/'}, {uri: 'http://bbb.com/'}]); 3982 */ 3983 this.setByParamArray = function(paramsArray) { 3984 for (var i = 0; i < paramsArray.length; i++) { 3985 var o = new _KJUR_asn1.x509.GeneralName(paramsArray[i]); 3986 this.asn1Array.push(o); 3987 } 3988 }; 3989 3990 this.getEncodedHex = function() { 3991 var o = new _KJUR_asn1.DERSequence({'array': this.asn1Array}); 3992 return o.getEncodedHex(); 3993 }; 3994 3995 this.asn1Array = new Array(); 3996 if (typeof paramsArray != "undefined") { 3997 this.setByParamArray(paramsArray); 3998 } 3999 }; 4000 extendClass(KJUR.asn1.x509.GeneralNames, KJUR.asn1.ASN1Object); 4001 4002 /** 4003 * static object for OID 4004 * @name KJUR.asn1.x509.OID 4005 * @class static object for OID 4006 * @property {Assoc Array} atype2oidList for short attribute type name and oid (ex. 'C' and '2.5.4.6') 4007 * @property {Assoc Array} name2oidList for oid name and oid (ex. 'keyUsage' and '2.5.29.15') 4008 * @property {Assoc Array} objCache for caching name and DERObjectIdentifier object 4009 * @description 4010 * This class defines OID name and values. 4011 * AttributeType names registered in OID.atype2oidList are following: 4012 * <table style="border-width: thin; border-style: solid; witdh: 100%"> 4013 * <tr><th>short</th><th>long</th><th>OID</th></tr> 4014 * <tr><td>CN</td>commonName<td></td><td>2.5.4.3</td></tr> 4015 * <tr><td>L</td><td>localityName</td><td>2.5.4.7</td></tr> 4016 * <tr><td>ST</td><td>stateOrProvinceName</td><td>2.5.4.8</td></tr> 4017 * <tr><td>O</td><td>organizationName</td><td>2.5.4.10</td></tr> 4018 * <tr><td>OU</td><td>organizationalUnitName</td><td>2.5.4.11</td></tr> 4019 * <tr><td>C</td><td></td>countryName<td>2.5.4.6</td></tr> 4020 * <tr><td>STREET</td>streetAddress<td></td><td>2.5.4.6</td></tr> 4021 * <tr><td>DC</td><td>domainComponent</td><td>0.9.2342.19200300.100.1.25</td></tr> 4022 * <tr><td>UID</td><td>userId</td><td>0.9.2342.19200300.100.1.1</td></tr> 4023 * <tr><td>SN</td><td>surname</td><td>2.5.4.4</td></tr> 4024 * <tr><td>DN</td><td>distinguishedName</td><td>2.5.4.49</td></tr> 4025 * <tr><td>E</td><td>emailAddress</td><td>1.2.840.113549.1.9.1</td></tr> 4026 * <tr><td></td><td>businessCategory</td><td>2.5.4.15</td></tr> 4027 * <tr><td></td><td>postalCode</td><td>2.5.4.17</td></tr> 4028 * <tr><td></td><td>jurisdictionOfIncorporationL</td><td>1.3.6.1.4.1.311.60.2.1.1</td></tr> 4029 * <tr><td></td><td>jurisdictionOfIncorporationSP</td><td>1.3.6.1.4.1.311.60.2.1.2</td></tr> 4030 * <tr><td></td><td>jurisdictionOfIncorporationC</td><td>1.3.6.1.4.1.311.60.2.1.3</td></tr> 4031 * </table> 4032 * 4033 * @example 4034 */ 4035 KJUR.asn1.x509.OID = new function(params) { 4036 this.atype2oidList = { 4037 // RFC 4514 AttributeType name string (MUST recognized) 4038 'CN': '2.5.4.3', 4039 'L': '2.5.4.7', 4040 'ST': '2.5.4.8', 4041 'O': '2.5.4.10', 4042 'OU': '2.5.4.11', 4043 'C': '2.5.4.6', 4044 'STREET': '2.5.4.9', 4045 'DC': '0.9.2342.19200300.100.1.25', 4046 'UID': '0.9.2342.19200300.100.1.1', 4047 // other AttributeType name string 4048 // http://blog.livedoor.jp/k_urushima/archives/656114.html 4049 'SN': '2.5.4.4', // surname 4050 'T': '2.5.4.12', // title 4051 'DN': '2.5.4.49', // distinguishedName 4052 'E': '1.2.840.113549.1.9.1', // emailAddress in MS.NET or Bouncy 4053 // other AttributeType name string (no short name) 4054 'description': '2.5.4.13', 4055 'businessCategory': '2.5.4.15', 4056 'postalCode': '2.5.4.17', 4057 'serialNumber': '2.5.4.5', 4058 'uniqueIdentifier': '2.5.4.45', 4059 'organizationIdentifier': '2.5.4.97', 4060 'jurisdictionOfIncorporationL': '1.3.6.1.4.1.311.60.2.1.1', 4061 'jurisdictionOfIncorporationSP':'1.3.6.1.4.1.311.60.2.1.2', 4062 'jurisdictionOfIncorporationC': '1.3.6.1.4.1.311.60.2.1.3' 4063 }; 4064 this.name2oidList = { 4065 'sha1': '1.3.14.3.2.26', 4066 'sha256': '2.16.840.1.101.3.4.2.1', 4067 'sha384': '2.16.840.1.101.3.4.2.2', 4068 'sha512': '2.16.840.1.101.3.4.2.3', 4069 'sha224': '2.16.840.1.101.3.4.2.4', 4070 'md5': '1.2.840.113549.2.5', 4071 'md2': '1.3.14.7.2.2.1', 4072 'ripemd160': '1.3.36.3.2.1', 4073 4074 'MD2withRSA': '1.2.840.113549.1.1.2', 4075 'MD4withRSA': '1.2.840.113549.1.1.3', 4076 'MD5withRSA': '1.2.840.113549.1.1.4', 4077 'SHA1withRSA': '1.2.840.113549.1.1.5', 4078 'pkcs1-MGF': '1.2.840.113549.1.1.8', 4079 'rsaPSS': '1.2.840.113549.1.1.10', 4080 'SHA224withRSA': '1.2.840.113549.1.1.14', 4081 'SHA256withRSA': '1.2.840.113549.1.1.11', 4082 'SHA384withRSA': '1.2.840.113549.1.1.12', 4083 'SHA512withRSA': '1.2.840.113549.1.1.13', 4084 4085 'SHA1withECDSA': '1.2.840.10045.4.1', 4086 'SHA224withECDSA': '1.2.840.10045.4.3.1', 4087 'SHA256withECDSA': '1.2.840.10045.4.3.2', 4088 'SHA384withECDSA': '1.2.840.10045.4.3.3', 4089 'SHA512withECDSA': '1.2.840.10045.4.3.4', 4090 4091 'dsa': '1.2.840.10040.4.1', 4092 'SHA1withDSA': '1.2.840.10040.4.3', 4093 'SHA224withDSA': '2.16.840.1.101.3.4.3.1', 4094 'SHA256withDSA': '2.16.840.1.101.3.4.3.2', 4095 4096 'rsaEncryption': '1.2.840.113549.1.1.1', 4097 4098 // X.500 AttributeType defined in RFC 4514 4099 'commonName': '2.5.4.3', 4100 'countryName': '2.5.4.6', 4101 'localityName': '2.5.4.7', 4102 'stateOrProvinceName': '2.5.4.8', 4103 'streetAddress': '2.5.4.9', 4104 'organizationName': '2.5.4.10', 4105 'organizationalUnitName': '2.5.4.11', 4106 'domainComponent': '0.9.2342.19200300.100.1.25', 4107 'userId': '0.9.2342.19200300.100.1.1', 4108 // other AttributeType name string 4109 'surname': '2.5.4.4', 4110 'givenName': '2.5.4.42', 4111 'title': '2.5.4.12', 4112 'distinguishedName': '2.5.4.49', 4113 'emailAddress': '1.2.840.113549.1.9.1', 4114 // other AttributeType name string (no short name) 4115 'description': '2.5.4.13', 4116 'businessCategory': '2.5.4.15', 4117 'postalCode': '2.5.4.17', 4118 'uniqueIdentifier': '2.5.4.45', 4119 'organizationIdentifier': '2.5.4.97', 4120 'jurisdictionOfIncorporationL': '1.3.6.1.4.1.311.60.2.1.1', 4121 'jurisdictionOfIncorporationSP':'1.3.6.1.4.1.311.60.2.1.2', 4122 'jurisdictionOfIncorporationC': '1.3.6.1.4.1.311.60.2.1.3', 4123 4124 'subjectDirectoryAttributes': '2.5.29.9', 4125 'subjectKeyIdentifier': '2.5.29.14', 4126 'keyUsage': '2.5.29.15', 4127 'subjectAltName': '2.5.29.17', 4128 'issuerAltName': '2.5.29.18', 4129 'basicConstraints': '2.5.29.19', 4130 'cRLNumber': '2.5.29.20', 4131 'cRLReason': '2.5.29.21', 4132 'nameConstraints': '2.5.29.30', 4133 'cRLDistributionPoints':'2.5.29.31', 4134 'certificatePolicies': '2.5.29.32', 4135 'anyPolicy': '2.5.29.32.0', 4136 'authorityKeyIdentifier':'2.5.29.35', 4137 'policyConstraints': '2.5.29.36', 4138 'extKeyUsage': '2.5.29.37', 4139 'authorityInfoAccess': '1.3.6.1.5.5.7.1.1', 4140 'ocsp': '1.3.6.1.5.5.7.48.1', 4141 'ocspBasic': '1.3.6.1.5.5.7.48.1.1', 4142 'ocspNonce': '1.3.6.1.5.5.7.48.1.2', 4143 'ocspNoCheck': '1.3.6.1.5.5.7.48.1.5', 4144 'caIssuers': '1.3.6.1.5.5.7.48.2', 4145 4146 'anyExtendedKeyUsage': '2.5.29.37.0', 4147 'serverAuth': '1.3.6.1.5.5.7.3.1', 4148 'clientAuth': '1.3.6.1.5.5.7.3.2', 4149 'codeSigning': '1.3.6.1.5.5.7.3.3', 4150 'emailProtection': '1.3.6.1.5.5.7.3.4', 4151 'timeStamping': '1.3.6.1.5.5.7.3.8', 4152 'ocspSigning': '1.3.6.1.5.5.7.3.9', 4153 4154 'dateOfBirth': '1.3.6.1.5.5.7.9.1', 4155 'placeOfBirth': '1.3.6.1.5.5.7.9.2', 4156 'gender': '1.3.6.1.5.5.7.9.3', 4157 'countryOfCitizenship': '1.3.6.1.5.5.7.9.4', 4158 'countryOfResidence': '1.3.6.1.5.5.7.9.5', 4159 4160 'ecPublicKey': '1.2.840.10045.2.1', 4161 'P-256': '1.2.840.10045.3.1.7', 4162 'secp256r1': '1.2.840.10045.3.1.7', 4163 'secp256k1': '1.3.132.0.10', 4164 'secp384r1': '1.3.132.0.34', 4165 'secp521r1': '1.3.132.0.35', 4166 4167 'pkcs5PBES2': '1.2.840.113549.1.5.13', 4168 'pkcs5PBKDF2': '1.2.840.113549.1.5.12', 4169 4170 'des-EDE3-CBC': '1.2.840.113549.3.7', 4171 4172 'data': '1.2.840.113549.1.7.1', // CMS data 4173 'signed-data': '1.2.840.113549.1.7.2', // CMS signed-data 4174 'enveloped-data': '1.2.840.113549.1.7.3', // CMS enveloped-data 4175 'digested-data': '1.2.840.113549.1.7.5', // CMS digested-data 4176 'encrypted-data': '1.2.840.113549.1.7.6', // CMS encrypted-data 4177 'authenticated-data': '1.2.840.113549.1.9.16.1.2', // CMS authenticated-data 4178 'tstinfo': '1.2.840.113549.1.9.16.1.4', // RFC3161 TSTInfo 4179 'signingCertificate': '1.2.840.113549.1.9.16.2.12',// SMIME 4180 'timeStampToken': '1.2.840.113549.1.9.16.2.14',// sigTS 4181 'signaturePolicyIdentifier': '1.2.840.113549.1.9.16.2.15',// cades 4182 'etsArchiveTimeStamp': '1.2.840.113549.1.9.16.2.27',// SMIME 4183 'signingCertificateV2': '1.2.840.113549.1.9.16.2.47',// SMIME 4184 'etsArchiveTimeStampV2':'1.2.840.113549.1.9.16.2.48',// SMIME 4185 'extensionRequest': '1.2.840.113549.1.9.14',// CSR extensionRequest 4186 'contentType': '1.2.840.113549.1.9.3',//PKCS#9 4187 'messageDigest': '1.2.840.113549.1.9.4',//PKCS#9 4188 'signingTime': '1.2.840.113549.1.9.5',//PKCS#9 4189 'counterSignature': '1.2.840.113549.1.9.6',//PKCS#9 4190 'archiveTimeStampV3': '0.4.0.1733.2.4',//ETSI EN29319122/TS101733 4191 'pdfRevocationInfoArchival':'1.2.840.113583.1.1.8', //Adobe 4192 'adobeTimeStamp': '1.2.840.113583.1.1.9.1' // Adobe 4193 }; 4194 4195 this.objCache = {}; 4196 4197 /** 4198 * get DERObjectIdentifier by registered OID name 4199 * @name name2obj 4200 * @memberOf KJUR.asn1.x509.OID 4201 * @function 4202 * @param {String} name OID 4203 * @description 4204 * @example 4205 * var asn1ObjOID = OID.name2obj('SHA1withRSA'); 4206 */ 4207 this.name2obj = function(name) { 4208 if (typeof this.objCache[name] != "undefined") 4209 return this.objCache[name]; 4210 if (typeof this.name2oidList[name] == "undefined") 4211 throw "Name of ObjectIdentifier not defined: " + name; 4212 var oid = this.name2oidList[name]; 4213 var obj = new KJUR.asn1.DERObjectIdentifier({'oid': oid}); 4214 this.objCache[name] = obj; 4215 return obj; 4216 }; 4217 4218 /** 4219 * get DERObjectIdentifier by registered attribute type name such like 'C' or 'CN'<br/> 4220 * @name atype2obj 4221 * @memberOf KJUR.asn1.x509.OID 4222 * @function 4223 * @param {String} atype short attribute type name such like 'C', 'CN' or OID 4224 * @return {@link KJUR.asn1.DERObjectIdentifier} instance 4225 * @description 4226 * @example 4227 * KJUR.asn1.x509.OID.atype2obj('CN') → DERObjectIdentifier of 2.5.4.3 4228 * KJUR.asn1.x509.OID.atype2obj('OU') → DERObjectIdentifier of 2.5.4.11 4229 * KJUR.asn1.x509.OID.atype2obj('streetAddress') → DERObjectIdentifier of 2.5.4.9 4230 * KJUR.asn1.x509.OID.atype2obj('2.5.4.9') → DERObjectIdentifier of 2.5.4.9 4231 */ 4232 this.atype2obj = function(atype) { 4233 if (this.objCache[atype] !== undefined) 4234 return this.objCache[atype]; 4235 4236 var oid; 4237 4238 if (atype.match(/^\d+\.\d+\.[0-9.]+$/)) { 4239 oid = atype; 4240 } else if (this.atype2oidList[atype] !== undefined) { 4241 oid = this.atype2oidList[atype]; 4242 } else if (this.name2oidList[atype] !== undefined) { 4243 oid = this.name2oidList[atype]; 4244 } else { 4245 throw "AttributeType name undefined: " + atype; 4246 } 4247 var obj = new KJUR.asn1.DERObjectIdentifier({'oid': oid}); 4248 this.objCache[atype] = obj; 4249 return obj; 4250 }; 4251 }; 4252 4253 /** 4254 * convert OID to name<br/> 4255 * @name oid2name 4256 * @memberOf KJUR.asn1.x509.OID 4257 * @function 4258 * @param {String} oid dot noted Object Identifer string (ex. 1.2.3.4) 4259 * @return {String} OID name if registered otherwise empty string 4260 * @since asn1x509 1.0.9 4261 * @description 4262 * This static method converts OID string to its name. 4263 * If OID is undefined then it returns empty string (i.e. ''). 4264 * @example 4265 * KJUR.asn1.x509.OID.oid2name("1.3.6.1.5.5.7.1.1") → 'authorityInfoAccess' 4266 */ 4267 KJUR.asn1.x509.OID.oid2name = function(oid) { 4268 var list = KJUR.asn1.x509.OID.name2oidList; 4269 for (var name in list) { 4270 if (list[name] == oid) return name; 4271 } 4272 return ''; 4273 }; 4274 4275 /** 4276 * convert OID to AttributeType name<br/> 4277 * @name oid2atype 4278 * @memberOf KJUR.asn1.x509.OID 4279 * @function 4280 * @param {String} oid dot noted Object Identifer string (ex. 1.2.3.4) 4281 * @return {String} OID AttributeType name if registered otherwise oid 4282 * @since jsrsasign 6.2.2 asn1x509 1.0.18 4283 * @description 4284 * This static method converts OID string to its AttributeType name. 4285 * If OID is not defined in OID.atype2oidList associative array then it returns OID 4286 * specified as argument. 4287 * @example 4288 * KJUR.asn1.x509.OID.oid2atype("2.5.4.3") → CN 4289 * KJUR.asn1.x509.OID.oid2atype("1.3.6.1.4.1.311.60.2.1.3") → jurisdictionOfIncorporationC 4290 * KJUR.asn1.x509.OID.oid2atype("0.1.2.3.4") → 0.1.2.3.4 // unregistered OID 4291 */ 4292 KJUR.asn1.x509.OID.oid2atype = function(oid) { 4293 var list = KJUR.asn1.x509.OID.atype2oidList; 4294 for (var atype in list) { 4295 if (list[atype] == oid) return atype; 4296 } 4297 return oid; 4298 }; 4299 4300 /** 4301 * convert OID name to OID value<br/> 4302 * @name name2oid 4303 * @memberOf KJUR.asn1.x509.OID 4304 * @function 4305 * @param {String} name OID name or OID (ex. "sha1" or "1.2.3.4") 4306 * @return {String} dot noted Object Identifer string (ex. 1.2.3.4) 4307 * @since asn1x509 1.0.11 4308 * @description 4309 * This static method converts from OID name to OID string. 4310 * If OID is undefined then it returns empty string (i.e. ''). 4311 * @example 4312 * KJUR.asn1.x509.OID.name2oid("authorityInfoAccess") → "1.3.6.1.5.5.7.1.1" 4313 * KJUR.asn1.x509.OID.name2oid("1.2.3.4") → "1.2.3.4" 4314 * KJUR.asn1.x509.OID.name2oid("UNKNOWN NAME") → "" 4315 */ 4316 KJUR.asn1.x509.OID.name2oid = function(name) { 4317 if (name.match(/^[0-9.]+$/)) return name; 4318 var list = KJUR.asn1.x509.OID.name2oidList; 4319 if (list[name] === undefined) return ''; 4320 return list[name]; 4321 }; 4322 4323 /** 4324 * X.509 certificate and CRL utilities class<br/> 4325 * @name KJUR.asn1.x509.X509Util 4326 * @class X.509 certificate and CRL utilities class 4327 */ 4328 KJUR.asn1.x509.X509Util = {}; 4329 4330 /** 4331 * issue a certificate in PEM format (DEPRECATED) 4332 * @name newCertPEM 4333 * @memberOf KJUR.asn1.x509.X509Util 4334 * @function 4335 * @param {Array} param JSON object of parameter to issue a certificate 4336 * @since asn1x509 1.0.6 4337 * @deprecated since jsrsasign 9.0.0 asn1x509 2.0.0. please move to {@link KJUR.asn1.x509.Certificate} constructor 4338 * @description 4339 * This method can issue a certificate by a simple 4340 * JSON object. 4341 * Signature value will be provided by signing with 4342 * private key using 'cakey' parameter or 4343 * hexadecimal signature value by 'sighex' parameter. 4344 * <br/> 4345 * NOTE: Algorithm parameter of AlgorithmIdentifier will 4346 * be set automatically by default. 4347 * (see {@link KJUR.asn1.x509.AlgorithmIdentifier}) 4348 * from jsrsasign 7.1.1 asn1x509 1.0.20. 4349 * <br/> 4350 * NOTE2: 4351 * RSA-PSS algorithm has been supported from jsrsasign 8.0.21. 4352 * As for RSA-PSS signature algorithm names and signing parameters 4353 * such as MGF function and salt length, please see 4354 * {@link KJUR.asn1.x509.AlgorithmIdentifier} class. 4355 * 4356 * @example 4357 * var certPEM = KJUR.asn1.x509.X509Util.newCertPEM({ 4358 * serial: {int: 4}, 4359 * sigalg: {name: 'SHA1withECDSA'}, 4360 * issuer: {str: '/C=US/O=a'}, 4361 * notbefore: {'str': '130504235959Z'}, 4362 * notafter: {'str': '140504235959Z'}, 4363 * subject: {str: '/C=US/O=b'}, 4364 * sbjpubkey: pubKeyObj, 4365 * ext: [ 4366 * {basicConstraints: {cA: true, critical: true}}, 4367 * {keyUsage: {bin: '11'}}, 4368 * ], 4369 * cakey: prvKeyObj 4370 * }); 4371 * // -- or -- 4372 * var certPEM = KJUR.asn1.x509.X509Util.newCertPEM({ 4373 * serial: {int: 4}, 4374 * sigalg: {name: 'SHA1withECDSA'}, 4375 * issuer: {str: '/C=US/O=a'}, 4376 * notbefore: {'str': '130504235959Z'}, 4377 * notafter: {'str': '140504235959Z'}, 4378 * subject: {str: '/C=US/O=b'}, 4379 * sbjpubkey: pubKeyPEM, 4380 * ext: [ 4381 * {basicConstraints: {cA: true, critical: true}}, 4382 * {keyUsage: {bin: '11'}}, 4383 * ], 4384 * cakey: [prvkey, pass]} 4385 * ); 4386 * // -- or -- 4387 * var certPEM = KJUR.asn1.x509.X509Util.newCertPEM({ 4388 * serial: {int: 1}, 4389 * sigalg: {name: 'SHA1withRSA'}, 4390 * issuer: {str: '/C=US/O=T1'}, 4391 * notbefore: {'str': '130504235959Z'}, 4392 * notafter: {'str': '140504235959Z'}, 4393 * subject: {str: '/C=US/O=T1'}, 4394 * sbjpubkey: pubKeyObj, 4395 * sighex: '0102030405..' 4396 * }); 4397 * // for the issuer and subject field, another 4398 * // representation is also available 4399 * var certPEM = KJUR.asn1.x509.X509Util.newCertPEM({ 4400 * serial: {int: 1}, 4401 * sigalg: {name: 'SHA256withRSA'}, 4402 * issuer: {C: "US", O: "T1"}, 4403 * notbefore: {'str': '130504235959Z'}, 4404 * notafter: {'str': '140504235959Z'}, 4405 * subject: {C: "US", O: "T1", CN: "http://example.com/"}, 4406 * sbjpubkey: pubKeyObj, 4407 * sighex: '0102030405..' 4408 * }); 4409 */ 4410 KJUR.asn1.x509.X509Util.newCertPEM = function(param) { 4411 var _KJUR_asn1_x509 = KJUR.asn1.x509, 4412 _TBSCertificate = _KJUR_asn1_x509.TBSCertificate, 4413 _Certificate = _KJUR_asn1_x509.Certificate; 4414 var cert = new _Certificate(param); 4415 return cert.getPEM(); 4416 }; 4417 4418