1 /* asn1x509-2.1.20.js (c) 2013-2022 Kenji Urushima | kjur.github.io/jsrsasign/license 2 */ 3 /* 4 * asn1x509.js - ASN.1 DER encoder classes for X.509 certificate 5 * 6 * Copyright (c) 2013-2023 Kenji Urushima (kenji.urushima@gmail.com) 7 * 8 * This software is licensed under the terms of the MIT License. 9 * https://kjur.github.io/jsrsasign/license 10 * 11 * The above copyright and license notice shall be 12 * included in all copies or substantial portions of the Software. 13 */ 14 15 /** 16 * @fileOverview 17 * @name asn1x509-1.0.js 18 * @author Kenji Urushima kenji.urushima@gmail.com 19 * @version jsrsasign 10.8.4 asn1x509 2.1.20 (2023-Apr-26) 20 * @since jsrsasign 2.1 21 * @license <a href="https://kjur.github.io/jsrsasign/license/">MIT License</a> 22 */ 23 24 /** 25 * kjur's class library name space 26 * // already documented in asn1-1.0.js 27 * @name KJUR 28 * @namespace kjur's class library name space 29 */ 30 if (typeof KJUR == "undefined" || !KJUR) KJUR = {}; 31 32 /** 33 * kjur's ASN.1 class library name space 34 * // already documented in asn1-1.0.js 35 * @name KJUR.asn1 36 * @namespace 37 */ 38 if (typeof KJUR.asn1 == "undefined" || !KJUR.asn1) KJUR.asn1 = {}; 39 40 /** 41 * kjur's ASN.1 class for X.509 certificate library name space 42 * <p> 43 * <h4>FEATURES</h4> 44 * <ul> 45 * <li>easily issue any kind of certificate</li> 46 * <li>APIs are very similar to BouncyCastle library ASN.1 classes. So easy to learn.</li> 47 * </ul> 48 * </p> 49 * <h4>PROVIDED CLASSES</h4> 50 * <ul> 51 * <li>{@link KJUR.asn1.x509.Certificate}</li> 52 * <li>{@link KJUR.asn1.x509.TBSCertificate}</li> 53 * <li>{@link KJUR.asn1.x509.Extension} abstract class</li> 54 * <li>{@link KJUR.asn1.x509.Extensions}</li> 55 * <li>{@link KJUR.asn1.x509.SubjectPublicKeyInfo}</li> 56 * <li>{@link KJUR.asn1.x509.AlgorithmIdentifier}</li> 57 * <li>{@link KJUR.asn1.x509.GeneralNames}</li> 58 * <li>{@link KJUR.asn1.x509.GeneralName}</li> 59 * <li>{@link KJUR.asn1.x509.X500Name}</li> 60 * <li>{@link KJUR.asn1.x509.RDN}</li> 61 * <li>{@link KJUR.asn1.x509.AttributeTypeAndValue}</li> 62 * <li>{@link KJUR.asn1.x509.DistributionPointName}</li> 63 * <li>{@link KJUR.asn1.x509.DistributionPoint}</li> 64 * <li>{@link KJUR.asn1.x509.PolicyInformation}</li> 65 * <li>{@link KJUR.asn1.x509.PolicyQualifierInfo}</li> 66 * <li>{@link KJUR.asn1.x509.UserNotice}</li> 67 * <li>{@link KJUR.asn1.x509.NoticeReference}</li> 68 * <li>{@link KJUR.asn1.x509.DisplayText}</li> 69 * <li>{@link KJUR.asn1.x509.GeneralSubtree}</li> 70 * <li>{@link KJUR.asn1.x509.CRL}</li> 71 * <li>{@link KJUR.asn1.x509.TBSCertList}</li> 72 * <li>{@link KJUR.asn1.x509.CRLEntry} (DEPRECATED)</li> 73 * <li>{@link KJUR.asn1.x509.OID}</li> 74 * </ul> 75 * <h4>SUPPORTED EXTENSIONS</h4> 76 * <ul> 77 * <li>{@link KJUR.asn1.x509.AuthorityKeyIdentifier}</li> 78 * <li>{@link KJUR.asn1.x509.SubjectKeyIdentifier}</li> 79 * <li>{@link KJUR.asn1.x509.KeyUsage}</li> 80 * <li>{@link KJUR.asn1.x509.CertificatePolicies}</li> 81 * <li>{@link KJUR.asn1.x509.PolicyMappings} 2.5.29.33</li> 82 * <li>{@link KJUR.asn1.x509.PolicyConstraints} 2.5.29.36</li> 83 * <li>{@link KJUR.asn1.x509.InhibitAnyPolicy} 2.5.29.54</li> 84 * <li>{@link KJUR.asn1.x509.SubjectAltName}</li> 85 * <li>{@link KJUR.asn1.x509.IssuerAltName}</li> 86 * <li>{@link KJUR.asn1.x509.BasicConstraints}</li> 87 * <li>{@link KJUR.asn1.x509.NameConstraints}</li> 88 * <li>{@link KJUR.asn1.x509.ExtKeyUsage}</li> 89 * <li>{@link KJUR.asn1.x509.CRLDistributionPoints}</li> 90 * <li>{@link KJUR.asn1.x509.AuthorityInfoAccess}</li> 91 * <li>{@link KJUR.asn1.x509.CRLNumber}</li> 92 * <li>{@link KJUR.asn1.x509.CRLReason}</li> 93 * <li>{@link KJUR.asn1.x509.OCSPNonce}</li> 94 * <li>{@link KJUR.asn1.x509.OCSPNoCheck}</li> 95 * <li>{@link KJUR.asn1.x509.AdobeTimeStamp}</li> 96 * <li>{@link KJUR.asn1.x509.SubjectDirectoryAttributes}</li> 97 * <li>{@link KJUR.asn1.x509.PrivateExtension}</li> 98 * </ul> 99 * NOTE1: Please ignore method summary and document of this namespace. This caused by a bug of jsdoc2.<br/> 100 * NOTE2: SubjectAltName and IssuerAltName supported since 101 * jsrsasign 6.2.3 asn1x509 1.0.19.<br/> 102 * NOTE3: CeritifcatePolicies supported supported since 103 * jsrsasign 8.0.23 asn1x509 1.1.12<br/> 104 * @name KJUR.asn1.x509 105 * @namespace 106 */ 107 if (typeof KJUR.asn1.x509 == "undefined" || !KJUR.asn1.x509) KJUR.asn1.x509 = {}; 108 109 // === BEGIN Certificate =================================================== 110 111 /** 112 * X.509 Certificate class to sign and generate hex encoded certificate 113 * @name KJUR.asn1.x509.Certificate 114 * @class X.509 Certificate class to sign and generate hex encoded certificate 115 * @property {Array} params JSON object of parameters 116 * @param {Array} params JSON object for Certificate parameters 117 * @extends KJUR.asn1.ASN1Object 118 * @description 119 * <br/> 120 * This class provides Certificate ASN.1 class structure 121 * defined in 122 * <a href="https://tools.ietf.org/html/rfc5280#section-4.1"> 123 * RFC 5280 4.1</a>. 124 * <pre> 125 * Certificate ::= SEQUENCE { 126 * tbsCertificate TBSCertificate, 127 * signatureAlgorithm AlgorithmIdentifier, 128 * signatureValue BIT STRING } 129 * </pre> 130 * Parameter "params" JSON object can be 131 * the same as {@link KJUR.asn1.x509.TBSCertificate}. 132 * Then they are used to generate TBSCertificate. 133 * Additionally just for Certificate, following parameters can be used: 134 * <ul> 135 * <li>{TBSCertfificate}tbsobj - 136 * specifies {@link KJUR.asn1.x509.TBSCertificate} 137 * object to be signed if needed. 138 * When this isn't specified, 139 * this will be set from other parametes of TBSCertificate.</li> 140 * <li>{Object}cakey (OPTION) - specifies certificate signing private key. 141 * Parameter "cakey" or "sighex" shall be specified. Following 142 * values can be specified: 143 * <ul> 144 * <li>PKCS#1/5 or PKCS#8 PEM string of private key</li> 145 * <li>RSAKey/DSA/ECDSA key object. {@link KEYUTIL.getKey} is useful 146 * to generate a key object.</li> 147 * </ul> 148 * </li> 149 * <li>{String}sighex (OPTION) - hexadecimal string of signature value 150 * (i.e. ASN.1 value(V) of signatureValue BIT STRING without 151 * unused bits)</li> 152 * </ul> 153 * CAUTION: APIs of this class have been totally updated without 154 * backward compatibility since jsrsasign 9.0.0.<br/> 155 * NOTE1: 'params' can be omitted.<br/> 156 * NOTE2: DSA/ECDSA is also supported for CA signging key from asn1x509 1.0.6. 157 * @example 158 * var cert = new KJUR.asn1.x509.Certificate({ 159 * version: 3, 160 * serial: {hex: "1234..."}, 161 * sigalg: "SHA256withRSAandMGF1", 162 * ... 163 * sighex: "1d3f..." // sign() method won't be called 164 * }); 165 * 166 * // sighex will by calculated by signing with cakey 167 * var cert = new KJUR.asn1.x509.Certificate({ 168 * version: 3, 169 * serial: {hex: "2345..."}, 170 * sigalg: "SHA256withRSA", 171 * ... 172 * cakey: "-----BEGIN PRIVATE KEY..." 173 * }); 174 * 175 * // use TBSCertificate object to sign 176 * var cert = new KJUR.asn1.x509.Certificate({ 177 * tbsobj: <<OBJ>>, 178 * sigalg: "SHA256withRSA", 179 * cakey: "-----BEGIN PRIVATE KEY..." 180 * }); 181 */ 182 KJUR.asn1.x509.Certificate = function(params) { 183 KJUR.asn1.x509.Certificate.superclass.constructor.call(this); 184 var _KJUR = KJUR, 185 _KJUR_asn1 = _KJUR.asn1, 186 _DERBitString = _KJUR_asn1.DERBitString, 187 _DERSequence = _KJUR_asn1.DERSequence, 188 _KJUR_asn1_x509 = _KJUR_asn1.x509, 189 _TBSCertificate = _KJUR_asn1_x509.TBSCertificate, 190 _AlgorithmIdentifier = _KJUR_asn1_x509.AlgorithmIdentifier; 191 192 this.params = undefined; 193 194 /** 195 * set parameter<br/> 196 * @name setByParam 197 * @memberOf KJUR.asn1.x509.Certificate# 198 * @function 199 * @param params {Array} JSON object of certificate parameters 200 * @since jsrsasign 9.0.0 asn1hex 2.0.0 201 * @description 202 * This method will set parameter 203 * {@link KJUR.asn1.x509.Certificate#params} 204 * to this object. 205 * @example 206 * cert = new KJUR.asn1.x509.Certificate(); 207 * cert.setByParam({ 208 * version: 3, 209 * serial: {hex: "1234..."}, 210 * ... 211 * }); 212 */ 213 this.setByParam = function(params) { 214 this.params = params; 215 }; 216 217 /** 218 * sign certificate<br/> 219 * @name sign 220 * @memberOf KJUR.asn1.x509.Certificate# 221 * @function 222 * @description 223 * This method signs TBSCertificate with a specified 224 * private key and algorithm by 225 * this.params.cakey and this.params.sigalg parameter. 226 * @example 227 * cert = new KJUR.asn1.x509.Certificate({...}); 228 * cert.sign() 229 */ 230 this.sign = function() { 231 var params = this.params; 232 233 var sigalg = params.sigalg; 234 if (params.sigalg.name != undefined) 235 sigalg = params.sigalg.name; 236 237 var hTBS = params.tbsobj.tohex(); 238 var sig = new KJUR.crypto.Signature({alg: sigalg}); 239 sig.init(params.cakey); 240 sig.updateHex(hTBS); 241 params.sighex = sig.sign(); 242 }; 243 244 /** 245 * get PEM formatted certificate string after signed 246 * @name getPEM 247 * @memberOf KJUR.asn1.x509.Certificate# 248 * @function 249 * @return PEM formatted string of certificate 250 * @since jsrsasign 9.0.0 asn1hex 2.0.0 251 * @description 252 * This method returns a string of PEM formatted 253 * certificate. 254 * @example 255 * cert = new KJUR.asn1.x509.Certificate({...}); 256 * cert.getPEM() → 257 * "-----BEGIN CERTIFICATE-----\r\n..." 258 */ 259 this.getPEM = function() { 260 return hextopem(this.tohex(), "CERTIFICATE"); 261 }; 262 263 this.tohex = function() { 264 var params = this.params; 265 266 if (params.tbsobj == undefined || params.tbsobj == null) { 267 params.tbsobj = new _TBSCertificate(params); 268 } 269 270 if (params.sighex == undefined && params.cakey != undefined) { 271 this.sign(); 272 } 273 274 if (params.sighex == undefined) { 275 throw new Error("sighex or cakey parameter not defined"); 276 } 277 278 var a = []; 279 a.push(params.tbsobj); 280 a.push(new _AlgorithmIdentifier({name: params.sigalg})); 281 a.push(new _DERBitString({hex: "00" + params.sighex})); 282 var seq = new _DERSequence({array: a}); 283 return seq.tohex(); 284 }; 285 this.getEncodedHex = function() { return this.tohex(); }; 286 287 if (params != undefined) this.params = params; 288 }; 289 extendClass(KJUR.asn1.x509.Certificate, KJUR.asn1.ASN1Object); 290 291 /** 292 * ASN.1 TBSCertificate structure class<br/> 293 * @name KJUR.asn1.x509.TBSCertificate 294 * @class ASN.1 TBSCertificate structure class 295 * @property {Array} params JSON object of parameters 296 * @param {Array} params JSON object of TBSCertificate parameters 297 * @extends KJUR.asn1.ASN1Object 298 * @see KJUR.asn1.x509.Certificate 299 * 300 * @description 301 * <br/> 302 * NOTE: TBSCertificate class is updated without backward 303 * compatibility from jsrsasign 9.0.0 asn1x509 2.0.0. 304 * Most of methods are removed and parameters can be set 305 * by JSON object. 306 * 307 * @example 308 * new TBSCertificate({ 309 * version: 3, // this can be omitted, the default is 3. 310 * serial: {hex: "1234..."}, // DERInteger parameter 311 * sigalg: "SHA256withRSA", 312 * issuer: {array:[[{type:'O',value:'Test',ds:'prn'}]]}, // X500Name parameter 313 * notbefore: "151231235959Z", // string, passed to Time 314 * notafter: "251231235959Z", // string, passed to Time 315 * subject: {array:[[{type:'O',value:'Test',ds:'prn'}]]}, // X500Name parameter 316 * sbjpubkey: "-----BEGIN...", // KEYUTIL.getKey pubkey parameter 317 * // As for extension parameters, please see extension class 318 * // All extension parameters need to have "extname" parameter additionaly. 319 * ext:[{ 320 * extname:"keyUsage",critical:true, 321 * names:["digitalSignature","keyEncipherment"] 322 * },{ 323 * extname:"cRLDistributionPoints", 324 * array:[{dpname:{full:[{uri:"http://example.com/a1.crl"}]}}] 325 * }, ...] 326 * }) 327 * 328 * var tbsc = new TBSCertificate(); 329 * tbsc.setByParam({version:3,serial:{hex:'1234...'},...}); 330 */ 331 KJUR.asn1.x509.TBSCertificate = function(params) { 332 KJUR.asn1.x509.TBSCertificate.superclass.constructor.call(this); 333 var _KJUR = KJUR, 334 _KJUR_asn1 = _KJUR.asn1, 335 _KJUR_asn1_x509 = _KJUR_asn1.x509, 336 _DERTaggedObject = _KJUR_asn1.DERTaggedObject, 337 _DERInteger = _KJUR_asn1.DERInteger, 338 _DERSequence = _KJUR_asn1.DERSequence, 339 _AlgorithmIdentifier = _KJUR_asn1_x509.AlgorithmIdentifier, 340 _Time = _KJUR_asn1_x509.Time, 341 _X500Name = _KJUR_asn1_x509.X500Name, 342 _Extensions = _KJUR_asn1_x509.Extensions, 343 _SubjectPublicKeyInfo = _KJUR_asn1_x509.SubjectPublicKeyInfo; 344 345 this.params = null; 346 347 /** 348 * get array of ASN.1 object for extensions<br/> 349 * @name setByParam 350 * @memberOf KJUR.asn1.x509.TBSCertificate# 351 * @function 352 * @param {Array} JSON object of TBSCertificate parameters 353 * @example 354 * tbsc = new KJUR.asn1.x509.TBSCertificate(); 355 * tbsc.setByParam({version:3, serial:{hex:'1234...'},...}); 356 */ 357 this.setByParam = function(params) { 358 this.params = params; 359 }; 360 361 this.tohex = function() { 362 var a = []; 363 var params = this.params; 364 365 // X.509v3 default if params.version not defined 366 if (params.version != undefined || params.version != 1) { 367 var version = 2; 368 if (params.version != undefined) version = params.version - 1; 369 var obj = 370 new _DERTaggedObject({obj: new _DERInteger({'int': version})}) 371 a.push(obj); 372 } 373 374 a.push(new _DERInteger(params.serial)); 375 a.push(new _AlgorithmIdentifier({name: params.sigalg})); 376 a.push(new _X500Name(params.issuer)); 377 a.push(new _DERSequence({array:[new _Time(params.notbefore), 378 new _Time(params.notafter)]})); 379 a.push(new _X500Name(params.subject)); 380 a.push(new _SubjectPublicKeyInfo(KEYUTIL.getKey(params.sbjpubkey))); 381 if (params.ext !== undefined && params.ext.length > 0) { 382 a.push(new _DERTaggedObject({tag: "a3", 383 obj: new _Extensions(params.ext)})); 384 } 385 386 var seq = new KJUR.asn1.DERSequence({array: a}); 387 return seq.tohex(); 388 }; 389 this.getEncodedHex = function() { return this.tohex(); }; 390 391 if (params !== undefined) this.setByParam(params); 392 }; 393 extendClass(KJUR.asn1.x509.TBSCertificate, KJUR.asn1.ASN1Object); 394 395 /** 396 * Extensions ASN.1 structure class<br/> 397 * @name KJUR.asn1.x509.Extensions 398 * @class Extensions ASN.1 structure class 399 * @param {Array} aParam array of JSON extension parameter 400 * @extends KJUR.asn1.ASN1Object 401 * @since jsrsasign 9.1.0 asn1x509 2.1.0 402 * @see KJUR.asn1.x509.TBSCertificate 403 * @see KJUR.asn1.x509.TBSCertList 404 * @see KJUR.asn1.csr.CertificationRequestInfo 405 * @see KJUR.asn1.x509.PrivateExtension 406 * @see KJUR.asn1.ocsp.ResponseData 407 * @see KJUR.asn1.ocsp.BasicOCSPResponse 408 * 409 * @description 410 * This class represents 411 * <a href="https://tools.ietf.org/html/rfc5280#section-4.1"> 412 * Extensions defined in RFC 5280 4.1</a> and 413 * <a href="https://tools.ietf.org/html/rfc5280#section-4.1.2.9"> 414 * 4.1.2.9</a>. 415 * <pre> 416 * Extensions ::= SEQUENCE SIZE (1..MAX) OF Extension 417 * </pre> 418 * <p>NOTE: From jsrsasign 9.1.1, private extension or 419 * undefined extension have been supported by 420 * {@link KJUR.asn1.x509.PrivateExtension}.</p> 421 * 422 * Here is a list of available extensions: 423 * <ul> 424 * <li>{@link KJUR.asn1.x509.BasicConstraints}</li> 425 * <li>{@link KJUR.asn1.x509.KeyUsage}</li> 426 * <li>{@link KJUR.asn1.x509.SubjectKeyIdentifier}</li> 427 * <li>{@link KJUR.asn1.x509.AuthorityKeyIdentifier}</li> 428 * <li>{@link KJUR.asn1.x509.SubjectAltName}</li> 429 * <li>{@link KJUR.asn1.x509.IssuerAltName}</li> 430 * <li>{@link KJUR.asn1.x509.CRLDistributionPoints}</li> 431 * <li>{@link KJUR.asn1.x509.CertificatePolicies}</li> 432 * <li>{@link KJUR.asn1.x509.CRLNumber}</li> 433 * <li>{@link KJUR.asn1.x509.CRLReason}</li> 434 * <li>{@link KJUR.asn1.x509.OCSPNonce}</li> 435 * <li>{@link KJUR.asn1.x509.OCSPNoCheck}</li> 436 * <li>{@link KJUR.asn1.x509.AdobeTimeStamp}</li> 437 * <li>{@link KJUR.asn1.x509.SubjectDirectoryAttributes}</li> 438 * <li>{@link KJUR.asn1.x509.PrivateExtension}</li> 439 * </ul> 440 * You can also use {@link KJUR.asn1.x509.PrivateExtension} object 441 * to specify a unsupported extension. 442 * 443 * @example 444 * o = new KJUR.asn1.x509.Extensions([ 445 * {extname:"keyUsage",critical:true,names:["digitalSignature"]}, 446 * {extname:"subjectAltName",array:[{dns:"example.com"}]}, 447 * {extname:"1.2.3.4",extn:{prnstr:"aa"}} // private extension 448 * ]); 449 * o.tohex() → "30..." 450 */ 451 KJUR.asn1.x509.Extensions = function(aParam) { 452 KJUR.asn1.x509.Extensions.superclass.constructor.call(this); 453 var _KJUR = KJUR, 454 _KJUR_asn1 = _KJUR.asn1, 455 _DERSequence = _KJUR_asn1.DERSequence, 456 _KJUR_asn1_x509 = _KJUR_asn1.x509; 457 this.aParam = []; 458 459 this.setByParam = function(aParam) { this.aParam = aParam; } 460 461 this.tohex = function() { 462 var a = []; 463 for (var i = 0; i < this.aParam.length; i++) { 464 var param = this.aParam[i]; 465 var extname = param.extname; 466 var obj = null; 467 468 if (param.extn != undefined) { 469 obj = new _KJUR_asn1_x509.PrivateExtension(param); 470 } else if (extname == "subjectKeyIdentifier") { 471 obj = new _KJUR_asn1_x509.SubjectKeyIdentifier(param); 472 } else if (extname == "keyUsage") { 473 obj = new _KJUR_asn1_x509.KeyUsage(param); 474 } else if (extname == "subjectAltName") { 475 obj = new _KJUR_asn1_x509.SubjectAltName(param); 476 } else if (extname == "issuerAltName") { 477 obj = new _KJUR_asn1_x509.IssuerAltName(param); 478 } else if (extname == "basicConstraints") { 479 obj = new _KJUR_asn1_x509.BasicConstraints(param); 480 } else if (extname == "nameConstraints") { 481 obj = new _KJUR_asn1_x509.NameConstraints(param); 482 } else if (extname == "cRLDistributionPoints") { 483 obj = new _KJUR_asn1_x509.CRLDistributionPoints(param); 484 } else if (extname == "certificatePolicies") { 485 obj = new _KJUR_asn1_x509.CertificatePolicies(param); 486 } else if (extname == "policyMappings") { 487 obj = new _KJUR_asn1_x509.PolicyMappings(param); 488 } else if (extname == "policyConstraints") { 489 obj = new _KJUR_asn1_x509.PolicyConstraints(param); 490 } else if (extname == "inhibitAnyPolicy") { 491 obj = new _KJUR_asn1_x509.InhibitAnyPolicy(param); 492 } else if (extname == "authorityKeyIdentifier") { 493 obj = new _KJUR_asn1_x509.AuthorityKeyIdentifier(param); 494 } else if (extname == "extKeyUsage") { 495 obj = new _KJUR_asn1_x509.ExtKeyUsage(param); 496 } else if (extname == "authorityInfoAccess") { 497 obj = new _KJUR_asn1_x509.AuthorityInfoAccess(param); 498 } else if (extname == "cRLNumber") { 499 obj = new _KJUR_asn1_x509.CRLNumber(param); 500 } else if (extname == "cRLReason") { 501 obj = new _KJUR_asn1_x509.CRLReason(param); 502 } else if (extname == "ocspNonce") { 503 obj = new _KJUR_asn1_x509.OCSPNonce(param); 504 } else if (extname == "ocspNoCheck") { 505 obj = new _KJUR_asn1_x509.OCSPNoCheck(param); 506 } else if (extname == "adobeTimeStamp") { 507 obj = new _KJUR_asn1_x509.AdobeTimeStamp(param); 508 } else if (extname == "subjectDirectoryAttributes") { 509 obj = new _KJUR_asn1_x509.SubjectDirectoryAttributes(param); 510 } else { 511 throw new Error("extension not supported:" 512 + JSON.stringify(param)); 513 } 514 if (obj != null) a.push(obj); 515 } 516 517 var seq = new _DERSequence({array: a}); 518 return seq.tohex(); 519 }; 520 this.getEncodedHex = function() { return this.tohex(); }; 521 522 if (aParam != undefined) this.setByParam(aParam); 523 }; 524 extendClass(KJUR.asn1.x509.Extensions, KJUR.asn1.ASN1Object); 525 526 527 // === END TBSCertificate =================================================== 528 529 // === BEGIN X.509v3 Extensions Related ======================================= 530 531 /** 532 * base Extension ASN.1 structure class 533 * @name KJUR.asn1.x509.Extension 534 * @class base Extension ASN.1 structure class 535 * @param {Array} params associative array of parameters (ex. {'critical': true}) 536 * @extends KJUR.asn1.ASN1Object 537 * @description 538 * <pre> 539 * Extension ::= SEQUENCE { 540 * extnID OBJECT IDENTIFIER, 541 * critical BOOLEAN DEFAULT FALSE, 542 * extnValue OCTET STRING } 543 * </pre> 544 * @example 545 */ 546 KJUR.asn1.x509.Extension = function(params) { 547 KJUR.asn1.x509.Extension.superclass.constructor.call(this); 548 var asn1ExtnValue = null, 549 _KJUR = KJUR, 550 _KJUR_asn1 = _KJUR.asn1, 551 _DERObjectIdentifier = _KJUR_asn1.DERObjectIdentifier, 552 _DEROctetString = _KJUR_asn1.DEROctetString, 553 _DERBitString = _KJUR_asn1.DERBitString, 554 _DERBoolean = _KJUR_asn1.DERBoolean, 555 _DERSequence = _KJUR_asn1.DERSequence; 556 557 this.tohex = function() { 558 var asn1Oid = new _DERObjectIdentifier({'oid': this.oid}); 559 var asn1EncapExtnValue = 560 new _DEROctetString({'hex': this.getExtnValueHex()}); 561 562 var asn1Array = new Array(); 563 asn1Array.push(asn1Oid); 564 if (this.critical) asn1Array.push(new _DERBoolean()); 565 asn1Array.push(asn1EncapExtnValue); 566 567 var asn1Seq = new _DERSequence({'array': asn1Array}); 568 return asn1Seq.tohex(); 569 }; 570 this.getEncodedHex = function() { return this.tohex(); }; 571 572 this.critical = false; 573 if (params !== undefined) { 574 if (params.critical !== undefined) { 575 this.critical = params.critical; 576 } 577 } 578 }; 579 extendClass(KJUR.asn1.x509.Extension, KJUR.asn1.ASN1Object); 580 581 /** 582 * KeyUsage ASN.1 structure class 583 * @name KJUR.asn1.x509.KeyUsage 584 * @class KeyUsage ASN.1 structure class 585 * @param {Array} params associative array of parameters (ex. {'bin': '11', 'critical': true}) 586 * @extends KJUR.asn1.x509.Extension 587 * @description 588 * This class is for <a href="https://tools.ietf.org/html/rfc5280#section-4.2.1.3" target="_blank">KeyUsage</a> X.509v3 extension. 589 * <pre> 590 * id-ce-keyUsage OBJECT IDENTIFIER ::= { id-ce 15 } 591 * KeyUsage ::= BIT STRING { 592 * digitalSignature (0), 593 * nonRepudiation (1), 594 * keyEncipherment (2), 595 * dataEncipherment (3), 596 * keyAgreement (4), 597 * keyCertSign (5), 598 * cRLSign (6), 599 * encipherOnly (7), 600 * decipherOnly (8) } 601 * </pre><br/> 602 * NOTE: 'names' parameter is supprted since jsrsasign 8.0.14. 603 * @example 604 * o = new KJUR.asn1.x509.KeyUsage({bin: "11"}); 605 * o = new KJUR.asn1.x509.KeyUsage({critical: true, bin: "11"}); 606 * o = new KJUR.asn1.x509.KeyUsage({names: ['digitalSignature', 'keyAgreement']}); 607 */ 608 KJUR.asn1.x509.KeyUsage = function(params) { 609 KJUR.asn1.x509.KeyUsage.superclass.constructor.call(this, params); 610 611 var _Error = Error; 612 613 var _nameValue = { 614 digitalSignature: 0, 615 nonRepudiation: 1, 616 keyEncipherment: 2, 617 dataEncipherment: 3, 618 keyAgreement: 4, 619 keyCertSign: 5, 620 cRLSign: 6, 621 encipherOnly: 7, 622 decipherOnly: 8 623 }; 624 625 this.getExtnValueHex = function() { 626 var binString = this.getBinValue(); 627 this.asn1ExtnValue = new KJUR.asn1.DERBitString({bin: binString}); 628 return this.asn1ExtnValue.tohex(); 629 }; 630 631 this.getBinValue = function() { 632 var params = this.params; 633 634 if (typeof params != "object" || 635 (typeof params.names != "object" && typeof params.bin != "string")) 636 throw new _Error("parameter not yet set"); 637 638 if (params.names != undefined) { 639 return namearraytobinstr(params.names, _nameValue); 640 } else if (params.bin != undefined) { 641 return params.bin; 642 } else { 643 throw new _Error("parameter not set properly"); 644 } 645 }; 646 647 this.oid = "2.5.29.15"; 648 if (params !== undefined) this.params = params; 649 }; 650 extendClass(KJUR.asn1.x509.KeyUsage, KJUR.asn1.x509.Extension); 651 652 /** 653 * BasicConstraints ASN.1 structure class 654 * @name KJUR.asn1.x509.BasicConstraints 655 * @class BasicConstraints ASN.1 structure class 656 * @param {Array} params JSON object for parameters (ex. {cA:true,critical:true}) 657 * @extends KJUR.asn1.x509.Extension 658 * @see {@link X509#getExtBasicConstraints} 659 * @description 660 * This class represents 661 * <a href="https://tools.ietf.org/html/rfc5280#section-4.2.1.9"> 662 * BasicConstraints extension defined in RFC 5280 4.2.1.9</a>. 663 * <pre> 664 * id-ce-basicConstraints OBJECT IDENTIFIER ::= { id-ce 19 } 665 * BasicConstraints ::= SEQUENCE { 666 * cA BOOLEAN DEFAULT FALSE, 667 * pathLenConstraint INTEGER (0..MAX) OPTIONAL } 668 * </pre> 669 * Its constructor can have following parameters: 670 * <ul> 671 * <li>{Boolean}cA - cA flag</li> 672 * <li>{Integer}pathLen - pathLen field value</li> 673 * <li>{Boolean}critical - critical flag</li> 674 * </ul> 675 * @example 676 * new KJUR.asn1.x509.BasicConstraints({ 677 * cA: true, 678 * pathLen: 3, 679 * critical: true 680 * }) 681 */ 682 KJUR.asn1.x509.BasicConstraints = function(params) { 683 KJUR.asn1.x509.BasicConstraints.superclass.constructor.call(this, params); 684 var _KJUR_asn1 = KJUR.asn1, 685 _DERBoolean = _KJUR_asn1.DERBoolean, 686 _DERInteger = _KJUR_asn1.DERInteger, 687 _DERSequence = _KJUR_asn1.DERSequence; 688 689 var cA = false; 690 var pathLen = -1; 691 692 this.getExtnValueHex = function() { 693 var asn1Array = new Array(); 694 if (this.cA) asn1Array.push(new _DERBoolean()); 695 if (this.pathLen > -1) 696 asn1Array.push(new _DERInteger({'int': this.pathLen})); 697 var asn1Seq = new _DERSequence({'array': asn1Array}); 698 this.asn1ExtnValue = asn1Seq; 699 return this.asn1ExtnValue.tohex(); 700 }; 701 702 this.oid = "2.5.29.19"; 703 this.cA = false; 704 this.pathLen = -1; 705 if (params !== undefined) { 706 if (params.cA !== undefined) { 707 this.cA = params.cA; 708 } 709 if (params.pathLen !== undefined) { 710 this.pathLen = params.pathLen; 711 } 712 } 713 }; 714 extendClass(KJUR.asn1.x509.BasicConstraints, KJUR.asn1.x509.Extension); 715 716 /** 717 * CRLDistributionPoints ASN.1 structure class 718 * @name KJUR.asn1.x509.CRLDistributionPoints 719 * @class CRLDistributionPoints ASN.1 structure class 720 * @param {Array} params associative array of parameters (ex. {'uri': 'http://a.com/', 'critical': true}) 721 * @extends KJUR.asn1.x509.Extension 722 * @see {@link X509#getExtCRLDistributionPoints} 723 * @see {@link KJUR.asn1.x509.DistributionPoint} 724 * @see {@link KJUR.asn1.x509.GeneralNames} 725 * @description 726 * This class represents 727 * <a href="https://tools.ietf.org/html/rfc5280#section-4.2.1.13"> 728 * CRLDistributionPoints extension defined in RFC 5280 4.2.1.13</a>. 729 * <pre> 730 * id-ce-cRLDistributionPoints OBJECT IDENTIFIER ::= { id-ce 31 } 731 * CRLDistributionPoints ::= SEQUENCE SIZE (1..MAX) OF DistributionPoint 732 * DistributionPoint ::= SEQUENCE { 733 * distributionPoint [0] DistributionPointName OPTIONAL, 734 * reasons [1] ReasonFlags OPTIONAL, 735 * cRLIssuer [2] GeneralNames OPTIONAL } 736 * DistributionPointName ::= CHOICE { 737 * fullName [0] GeneralNames, 738 * nameRelativeToCRLIssuer [1] RelativeDistinguishedName } 739 * </pre> 740 * Constructor can have following parameter: 741 * <ul> 742 * <li>{Array}array - array of {@link KJUR.asn1.x509.DistributionPoint} parameter</li> 743 * <li>{Boolean}critical - critical flag</li> 744 * </ul> 745 * @example 746 * new KJUR.asn1.x509.CRLDistributionPoints({ 747 * array: [{fulluri: "http://aaa.com/"}, {fulluri: "ldap://aaa.com/"}], 748 * critical: true 749 * }) 750 */ 751 KJUR.asn1.x509.CRLDistributionPoints = function(params) { 752 KJUR.asn1.x509.CRLDistributionPoints.superclass.constructor.call(this, params); 753 var _KJUR = KJUR, 754 _KJUR_asn1 = _KJUR.asn1, 755 _KJUR_asn1_x509 = _KJUR_asn1.x509; 756 757 this.getExtnValueHex = function() { 758 return this.asn1ExtnValue.tohex(); 759 }; 760 761 this.setByDPArray = function(dpArray) { 762 var asn1Array = []; 763 for (var i = 0; i < dpArray.length; i++) { 764 if (dpArray[i] instanceof KJUR.asn1.ASN1Object) { 765 asn1Array.push(dpArray[i]); 766 } else { 767 var dp = new _KJUR_asn1_x509.DistributionPoint(dpArray[i]); 768 asn1Array.push(dp); 769 } 770 } 771 this.asn1ExtnValue = new _KJUR_asn1.DERSequence({'array': asn1Array}); 772 }; 773 774 this.setByOneURI = function(uri) { 775 var dp1 = new _KJUR_asn1_x509.DistributionPoint({fulluri: uri}); 776 this.setByDPArray([dp1]); 777 }; 778 779 this.oid = "2.5.29.31"; 780 if (params !== undefined) { 781 if (params.array !== undefined) { 782 this.setByDPArray(params.array); 783 } else if (params.uri !== undefined) { 784 this.setByOneURI(params.uri); 785 } 786 } 787 }; 788 extendClass(KJUR.asn1.x509.CRLDistributionPoints, KJUR.asn1.x509.Extension); 789 790 /** 791 * DistributionPoint ASN.1 structure class<br/> 792 * @name KJUR.asn1.x509.DistributionPoint 793 * @class DistributionPoint ASN.1 structure class 794 * @param {Array} params JSON object of parameters (OPTIONAL) 795 * @extends KJUR.asn1.ASN1Object 796 * @see {@link KJUR.asn1.x509.CRLDistributionPoints} 797 * @see {@link KJUR.asn1.x509.DistributionPointName} 798 * @see {@link KJUR.asn1.x509.GeneralNames} 799 * @see {@link X509#getDistributionPoint} 800 * @description 801 * This class represents 802 * <a href="https://tools.ietf.org/html/rfc5280#section-4.2.1.13"> 803 * DistributionPoint defined in RFC 5280 4.2.1.13</a>. 804 * <pre> 805 * DistributionPoint ::= SEQUENCE { 806 * distributionPoint [0] DistributionPointName OPTIONAL, 807 * reasons [1] ReasonFlags OPTIONAL, 808 * cRLIssuer [2] GeneralNames OPTIONAL } 809 * </pre> 810 * Constructor can have following parameter: 811 * <ul> 812 * <li>{String}fulluri - uri string for fullName uri. This has the same meaning for '{dpname: {full: [{uri: "..."]}}'.</li> 813 * <li>{Array}dpname - JSON object for {@link KJUR.asn1.x509.DistributionPointName} parameters</li> 814 * <li>{DistrubutionPoint}dpobj - {@link KJUR.asn1.x509.DistributionPointName} object (DEPRECATED)</li> 815 * </ul> 816 * <br/> 817 * NOTE1: Parameter "fulluri" and "dpname" supported 818 * since jsrsasign 9.0.0 asn1x509 2.0.0. 819 * <br/> 820 * NOTE2: The "reasons" and "cRLIssuer" fields are currently 821 * not supported. 822 * @example 823 * new KJUR.asn1.x509.DistributionPoint( 824 * {fulluri: "http://example.com/crl1.crl"}) 825 * new KJUR.asn1.x509.DistributionPoint( 826 * {dpname: {full: [{uri: "http://example.com/crl1.crl"}]}}) 827 * new KJUR.asn1.x509.DistributionPoint( 828 * {dpobj: new DistributionPoint(...)}) 829 */ 830 KJUR.asn1.x509.DistributionPoint = function(params) { 831 KJUR.asn1.x509.DistributionPoint.superclass.constructor.call(this); 832 var asn1DP = null, 833 _KJUR = KJUR, 834 _KJUR_asn1 = _KJUR.asn1, 835 _DistributionPointName = _KJUR_asn1.x509.DistributionPointName; 836 837 this.tohex = function() { 838 var seq = new _KJUR_asn1.DERSequence(); 839 if (this.asn1DP != null) { 840 var o1 = new _KJUR_asn1.DERTaggedObject({'explicit': true, 841 'tag': 'a0', 842 'obj': this.asn1DP}); 843 seq.appendASN1Object(o1); 844 } 845 this.hTLV = seq.tohex(); 846 return this.hTLV; 847 }; 848 this.getEncodedHex = function() { return this.tohex(); }; 849 850 if (params !== undefined) { 851 if (params.dpobj !== undefined) { 852 this.asn1DP = params.dpobj; 853 } else if (params.dpname !== undefined) { 854 this.asn1DP = new _DistributionPointName(params.dpname); 855 } else if (params.fulluri !== undefined) { 856 this.asn1DP = new _DistributionPointName({full: [{uri: params.fulluri}]}); 857 } 858 } 859 }; 860 extendClass(KJUR.asn1.x509.DistributionPoint, KJUR.asn1.ASN1Object); 861 862 /** 863 * DistributionPointName ASN.1 structure class<br/> 864 * @name KJUR.asn1.x509.DistributionPointName 865 * @class DistributionPointName ASN.1 structure class 866 * @param {Array} params JSON object of parameters or GeneralNames object 867 * @extends KJUR.asn1.ASN1Object 868 * @see {@link KJUR.asn1.x509.CRLDistributionPoints} 869 * @see {@link KJUR.asn1.x509.DistributionPoint} 870 * @see {@link KJUR.asn1.x509.GeneralNames} 871 * @see {@link X509#getDistributionPointName} 872 * @description 873 * This class represents 874 * <a href="https://tools.ietf.org/html/rfc5280#section-4.2.1.13"> 875 * DistributionPointName defined in RFC 5280 4.2.1.13</a>. 876 * <pre> 877 * DistributionPointName ::= CHOICE { 878 * fullName [0] GeneralNames, 879 * nameRelativeToCRLIssuer [1] RelativeDistinguishedName } 880 * </pre> 881 * Constructor can have following parameter: 882 * <ul> 883 * <li>{String}full - JSON object parameter of {@link KJUR.asn1.x509.GeneralNames} for 'fullName' field</li> 884 * <li>{GeneralNames} - {@link KJUR.asn1.x509.GeneralNames} object for 'fullName'</li> 885 * </ul> 886 * NOTE1: 'full' parameter have been suppored since jsrsasign 9.0.0 asn1x509 2.0.0. 887 * <br> 888 * NOTE2: The 'nameRelativeToCRLIssuer' field is currently not supported. 889 * @example 890 * new KJUR.asn1.x509.DistributionPointName({full: <<GeneralNamesParameter>>}) 891 * new KJUR.asn1.x509.DistributionPointName({full: [{uri: <<CDPURI>>}]}) 892 * new KJUR.asn1.x509.DistributionPointName({full: [{dn: <<DN Parameter>>}]} 893 * new KJUR.asn1.x509.DistributionPointName({full: [{uri: "http://example.com/root.crl"}]}) 894 * new KJUR.asn1.x509.DistributionPointName({full: [{dn {str: "/C=US/O=Test"}}]}) 895 * new KJUR.asn1.x509.DistributionPointName(new GeneralNames(...)) 896 */ 897 KJUR.asn1.x509.DistributionPointName = function(params) { 898 KJUR.asn1.x509.DistributionPointName.superclass.constructor.call(this); 899 var asn1Obj = null, 900 type = null, 901 tag = null, 902 asn1V = null, 903 _KJUR = KJUR, 904 _KJUR_asn1 = _KJUR.asn1, 905 _DERTaggedObject = _KJUR_asn1.DERTaggedObject; 906 907 this.tohex = function() { 908 if (this.type != "full") 909 throw new Error("currently type shall be 'full': " + this.type); 910 this.asn1Obj = new _DERTaggedObject({'explicit': false, 911 'tag': this.tag, 912 'obj': this.asn1V}); 913 this.hTLV = this.asn1Obj.tohex(); 914 return this.hTLV; 915 }; 916 this.getEncodedHex = function() { return this.tohex(); }; 917 918 if (params !== undefined) { 919 if (_KJUR_asn1.x509.GeneralNames.prototype.isPrototypeOf(params)) { 920 this.type = "full"; 921 this.tag = "a0"; 922 this.asn1V = params; 923 } else if (params.full !== undefined) { 924 this.type = "full"; 925 this.tag = "a0"; 926 this.asn1V = new _KJUR_asn1.x509.GeneralNames(params.full); 927 } else { 928 throw new Error("This class supports GeneralNames only as argument"); 929 } 930 } 931 }; 932 extendClass(KJUR.asn1.x509.DistributionPointName, KJUR.asn1.ASN1Object); 933 934 /** 935 * CertificatePolicies ASN.1 structure class 936 * @name KJUR.asn1.x509.CertificatePolicies 937 * @class CertificatePolicies ASN.1 structure class 938 * @param {Array} params associative array of parameters 939 * @extends KJUR.asn1.x509.Extension 940 * @since jsrsasign 8.0.23 asn1x509 1.1.12 941 * @see KJUR.asn1.x509.CertificatePolicies 942 * @see KJUR.asn1.x509.PolicyInformation 943 * @see KJUR.asn1.x509.PolicyQualifierInfo 944 * @see KJUR.asn1.x509.UserNotice 945 * @see KJUR.asn1.x509.NoticeReference 946 * @see KJUR.asn1.x509.DisplayText 947 * @description 948 * This class represents 949 * <a href="https://tools.ietf.org/html/rfc5280#section-4.2.1.4"> 950 * CertificatePolicies extension defined in RFC 5280 4.2.1.4</a>. 951 * <pre> 952 * id-ce-certificatePolicies OBJECT IDENTIFIER ::= { id-ce 32 } 953 * CertificatePolicies ::= SEQUENCE SIZE (1..MAX) OF PolicyInformation 954 * </pre> 955 * Its constructor can have following parameters: 956 * <ul> 957 * <li>array - array of {@link KJUR.asn1.x509.PolicyInformation} parameter</li> 958 * <li>critical - boolean: critical flag</li> 959 * </ul> 960 * NOTE: Returned JSON value format have been changed without 961 * backward compatibility since jsrsasign 9.0.0 asn1x509 2.0.0. 962 * @example 963 * e1 = new KJUR.asn1.x509.CertificatePolicies({ 964 * array: [ 965 * { policyoid: "1.2.3.4.5", 966 * array: [ 967 * { cps: "https://example.com/repository" }, 968 * { unotice: { 969 * noticeref: { // CA SHOULD NOT use this by RFC 970 * org: {type: "ia5", str: "Sample Org"}, 971 * noticenum: [{int: 5}, {hex: "01af"}] 972 * }, 973 * exptext: {type: "ia5", str: "Sample Policy"} 974 * }} 975 * ] 976 * } 977 * ], 978 * critical: true 979 * }); 980 */ 981 KJUR.asn1.x509.CertificatePolicies = function(params) { 982 KJUR.asn1.x509.CertificatePolicies.superclass.constructor.call(this, params); 983 var _KJUR = KJUR, 984 _KJUR_asn1 = _KJUR.asn1, 985 _KJUR_asn1_x509 = _KJUR_asn1.x509, 986 _DERSequence = _KJUR_asn1.DERSequence, 987 _PolicyInformation = _KJUR_asn1_x509.PolicyInformation; 988 989 this.params = null; 990 991 this.getExtnValueHex = function() { 992 var aPI = []; 993 for (var i = 0; i < this.params.array.length; i++) { 994 aPI.push(new _PolicyInformation(this.params.array[i])); 995 } 996 var seq = new _DERSequence({array: aPI}); 997 this.asn1ExtnValue = seq; 998 return this.asn1ExtnValue.tohex(); 999 }; 1000 1001 this.oid = "2.5.29.32"; 1002 if (params !== undefined) { 1003 this.params = params; 1004 } 1005 }; 1006 extendClass(KJUR.asn1.x509.CertificatePolicies, KJUR.asn1.x509.Extension); 1007 1008 // ===== BEGIN CertificatePolicies related classes ===== 1009 /** 1010 * PolicyInformation ASN.1 structure class 1011 * @name KJUR.asn1.x509.PolicyInformation 1012 * @class PolicyInformation ASN.1 structure class 1013 * @param {Array} params JSON object of parameters 1014 * @extends KJUR.asn1.ASN1Object 1015 * @since jsrsasign 8.0.23 asn1x509 1.1.12 1016 * @see KJUR.asn1.x509.CertificatePolicies 1017 * @see KJUR.asn1.x509.PolicyInformation 1018 * @see KJUR.asn1.x509.PolicyQualifierInfo 1019 * @see KJUR.asn1.x509.UserNotice 1020 * @see KJUR.asn1.x509.NoticeReference 1021 * @see KJUR.asn1.x509.DisplayText 1022 * @description 1023 * This class represents 1024 * <a href="https://tools.ietf.org/html/rfc5280#section-4.2.1.4"> 1025 * PolicyInformation defined in RFC 5280 4.2.1.4</a>. 1026 * <pre> 1027 * PolicyInformation ::= SEQUENCE { 1028 * policyIdentifier CertPolicyId, 1029 * policyQualifiers SEQUENCE SIZE (1..MAX) OF 1030 * PolicyQualifierInfo OPTIONAL } 1031 * CertPolicyId ::= OBJECT IDENTIFIER 1032 * Its constructor can have following parameters: 1033 * <ul> 1034 * <li>{String}policyoid - policy OID (ex. "1.2.3.4.5")</li> 1035 * <li>{Object}array - array of {@link KJUR.asn1.x509.PolicyQualifierInfo} 1036 * parameters (OPTIONAL)</li> 1037 * </ul> 1038 * @example 1039 * new KJUR.asn1.x509.PolicyInformation({ 1040 * policyoid: "1.2.3.4.5", 1041 * array: [ 1042 * { cps: "https://example.com/repository" }, 1043 * { unotice: { 1044 * noticeref: { // CA SHOULD NOT use this by RFC 1045 * org: {type: "ia5", str: "Sample Org"}, 1046 * noticenum: [{int: 5}, {hex: "01af"}] 1047 * }, 1048 * exptext: {type: "ia5", str: "Sample Policy"} 1049 * }} 1050 * ] 1051 * }) 1052 */ 1053 KJUR.asn1.x509.PolicyInformation = function(params) { 1054 KJUR.asn1.x509.PolicyInformation.superclass.constructor.call(this, 1055 params); 1056 var _KJUR_asn1 = KJUR.asn1, 1057 _DERSequence = _KJUR_asn1.DERSequence, 1058 _DERObjectIdentifier = _KJUR_asn1.DERObjectIdentifier, 1059 _PolicyQualifierInfo = _KJUR_asn1.x509.PolicyQualifierInfo; 1060 1061 this.params = null; 1062 1063 this.tohex = function() { 1064 if (this.params.policyoid === undefined && 1065 this.params.array === undefined) 1066 throw new Error("parameter oid and array missing"); 1067 1068 // policy oid 1069 var a = [new _DERObjectIdentifier(this.params.policyoid)]; 1070 1071 // array of ASN1Object of PolicyQualifierInfo 1072 if (this.params.array !== undefined) { 1073 var aPQI = []; 1074 for (var i = 0; i < this.params.array.length; i++) { 1075 aPQI.push(new _PolicyQualifierInfo(this.params.array[i])); 1076 } 1077 if (aPQI.length > 0) { 1078 a.push(new _DERSequence({array: aPQI})); 1079 } 1080 } 1081 1082 var seq = new _DERSequence({array: a}); 1083 return seq.tohex(); 1084 }; 1085 this.getEncodedHex = function() { return this.tohex(); }; 1086 1087 if (params !== undefined) { 1088 this.params = params; 1089 } 1090 }; 1091 extendClass(KJUR.asn1.x509.PolicyInformation, KJUR.asn1.ASN1Object); 1092 1093 /** 1094 * PolicyQualifierInfo ASN.1 structure class 1095 * @name KJUR.asn1.x509.PolicyQualifierInfo 1096 * @class PolicyQualifierInfo ASN.1 structure class 1097 * @param {Array} params associative array of parameters 1098 * @extends KJUR.asn1.ASN1Object 1099 * @since jsrsasign 8.0.23 asn1x509 1.1.12 1100 * @description 1101 * This class represents 1102 * <a href="https://tools.ietf.org/html/rfc5280#section-4.2.1.4"> 1103 * PolicyQualifierInfo defined in RFC 5280 4.2.1.4</a>. 1104 * <pre> 1105 * PolicyQualifierInfo ::= SEQUENCE { 1106 * policyQualifierId PolicyQualifierId, 1107 * qualifier ANY DEFINED BY policyQualifierId } 1108 * PolicyQualifierId ::= OBJECT IDENTIFIER ( id-qt-cps | id-qt-unotice ) 1109 * CPSuri ::= IA5String 1110 * </pre> 1111 * Its constructor can have one of following two parameters: 1112 * <ul> 1113 * <li>{String}cps - URI string for CPS</li> 1114 * <li>{Object}unotice - {@link KJUR.asn1.x509.UserNotice} parameter</li> 1115 * </ul> 1116 * @example 1117 * new PolicyQualifierInfo({ 1118 * cps: "https://example.com/repository/cps" 1119 * }) 1120 * 1121 * new PolicyQualifierInfo({ 1122 * unotice: { 1123 * noticeref: { // CA SHOULD NOT use this by RFC 1124 * org: {type: "bmp", str: "Sample Org"}, 1125 * noticenum: [{int: 3}, {hex: "01af"}] 1126 * }, 1127 * exptext: {type: "ia5", str: "Sample Policy"} 1128 * } 1129 * }) 1130 */ 1131 KJUR.asn1.x509.PolicyQualifierInfo = function(params) { 1132 KJUR.asn1.x509.PolicyQualifierInfo.superclass.constructor.call(this, 1133 params); 1134 var _KJUR_asn1 = KJUR.asn1, 1135 _DERSequence = _KJUR_asn1.DERSequence, 1136 _DERIA5String = _KJUR_asn1.DERIA5String, 1137 _DERObjectIdentifier = _KJUR_asn1.DERObjectIdentifier, 1138 _UserNotice = _KJUR_asn1.x509.UserNotice; 1139 1140 this.params = null; 1141 1142 this.tohex = function() { 1143 if (this.params.cps !== undefined) { 1144 var seq = new _DERSequence({array: [ 1145 new _DERObjectIdentifier({oid: '1.3.6.1.5.5.7.2.1'}), 1146 new _DERIA5String({str: this.params.cps}) 1147 ]}); 1148 return seq.tohex(); 1149 } 1150 if (this.params.unotice != undefined) { 1151 var seq = new _DERSequence({array: [ 1152 new _DERObjectIdentifier({oid: '1.3.6.1.5.5.7.2.2'}), 1153 new _UserNotice(this.params.unotice) 1154 ]}); 1155 return seq.tohex(); 1156 } 1157 }; 1158 this.getEncodedHex = function() { return this.tohex(); }; 1159 1160 if (params !== undefined) { 1161 this.params = params; 1162 } 1163 }; 1164 extendClass(KJUR.asn1.x509.PolicyQualifierInfo, KJUR.asn1.ASN1Object); 1165 1166 1167 /** 1168 * UserNotice ASN.1 structure class 1169 * @name KJUR.asn1.x509.UserNotice 1170 * @class UserNotice ASN.1 structure class 1171 * @param {Array} params associative array of parameters 1172 * @extends KJUR.asn1.ASN1Object 1173 * @since jsrsasign 8.0.23 asn1x509 1.1.12 1174 * @description 1175 * This class represents 1176 * <a href="https://tools.ietf.org/html/rfc5280#section-4.2.1.4"> 1177 * UserNotice defined in RFC 5280 4.2.1.4</a>. 1178 * <pre> 1179 * UserNotice ::= SEQUENCE { 1180 * noticeRef NoticeReference OPTIONAL, 1181 * explicitText DisplayText OPTIONAL } 1182 * </pre> 1183 * Its constructor can have following two parameters: 1184 * <ul> 1185 * <li>{Object}noticeref - {@link KJUR.asn1.x509.NoticeReference} parameter. 1186 * This SHALL NOT be set for conforming CA by RFC 5280. (OPTIONAL)</li> 1187 * <li>{Object}exptext - explicitText value 1188 * by {@link KJUR.asn1.x509.DisplayText} parameter (OPTIONAL)</li> 1189 * </ul> 1190 * @example 1191 * new UserNotice({ 1192 * noticeref: { 1193 * org: {type: "bmp", str: "Sample Org"}, 1194 * noticenum: [{int: 3}, {hex: "01af"}] 1195 * }, 1196 * exptext: {type: "ia5", str: "Sample Policy"} 1197 * }) 1198 */ 1199 KJUR.asn1.x509.UserNotice = function(params) { 1200 KJUR.asn1.x509.UserNotice.superclass.constructor.call(this, params); 1201 var _DERSequence = KJUR.asn1.DERSequence, 1202 _DERInteger = KJUR.asn1.DERInteger, 1203 _DisplayText = KJUR.asn1.x509.DisplayText, 1204 _NoticeReference = KJUR.asn1.x509.NoticeReference; 1205 1206 this.params = null; 1207 1208 this.tohex = function() { 1209 var a = []; 1210 if (this.params.noticeref !== undefined) { 1211 a.push(new _NoticeReference(this.params.noticeref)); 1212 } 1213 if (this.params.exptext !== undefined) { 1214 a.push(new _DisplayText(this.params.exptext)); 1215 } 1216 var seq = new _DERSequence({array: a}); 1217 return seq.tohex(); 1218 }; 1219 this.getEncodedHex = function() { return this.tohex(); }; 1220 1221 if (params !== undefined) { 1222 this.params = params; 1223 } 1224 }; 1225 extendClass(KJUR.asn1.x509.UserNotice, KJUR.asn1.ASN1Object); 1226 1227 /** 1228 * NoticeReference ASN.1 structure class 1229 * @name KJUR.asn1.x509.NoticeReference 1230 * @class NoticeReference ASN.1 structure class 1231 * @param {Array} params associative array of parameters 1232 * @extends KJUR.asn1.ASN1Object 1233 * @since jsrsasign 8.0.23 asn1x509 1.1.12 1234 * @description 1235 * This class represents 1236 * <a href="https://tools.ietf.org/html/rfc5280#section-4.2.1.4"> 1237 * NoticeReference defined in RFC 5280 4.2.1.4</a>. 1238 * <pre> 1239 * NoticeReference ::= SEQUENCE { 1240 * organization DisplayText, 1241 * noticeNumbers SEQUENCE OF INTEGER } 1242 * </pre> 1243 * Its constructor can have following two parameters: 1244 * <ul> 1245 * <li>{Object}org - organization by {@link KJUR.asn1.x509.DisplayText} 1246 * parameter.</li> 1247 * <li>{Object}noticenum - noticeNumbers value by an array of 1248 * {@link KJUR.asn1.DERInteger} parameter</li> 1249 * </ul> 1250 * @example 1251 * new NoticeReference({ 1252 * org: {type: "bmp", str: "Sample Org"}, 1253 * noticenum: [{int: 3}, {hex: "01af"}] 1254 * }) 1255 */ 1256 KJUR.asn1.x509.NoticeReference = function(params) { 1257 KJUR.asn1.x509.NoticeReference.superclass.constructor.call(this, params); 1258 var _DERSequence = KJUR.asn1.DERSequence, 1259 _DERInteger = KJUR.asn1.DERInteger, 1260 _DisplayText = KJUR.asn1.x509.DisplayText; 1261 1262 this.params = null; 1263 1264 this.tohex = function() { 1265 var a = []; 1266 if (this.params.org !== undefined) { 1267 a.push(new _DisplayText(this.params.org)); 1268 } 1269 if (this.params.noticenum !== undefined) { 1270 var aNoticeNum = []; 1271 var aNumParam = this.params.noticenum; 1272 for (var i = 0; i < aNumParam.length; i++) { 1273 aNoticeNum.push(new _DERInteger(aNumParam[i])); 1274 } 1275 a.push(new _DERSequence({array: aNoticeNum})); 1276 } 1277 if (a.length == 0) throw new Error("parameter is empty"); 1278 var seq = new _DERSequence({array: a}); 1279 return seq.tohex(); 1280 } 1281 this.getEncodedHex = function() { return this.tohex(); }; 1282 1283 if (params !== undefined) { 1284 this.params = params; 1285 } 1286 }; 1287 extendClass(KJUR.asn1.x509.NoticeReference, KJUR.asn1.ASN1Object); 1288 1289 /** 1290 * DisplayText ASN.1 structure class 1291 * @name KJUR.asn1.x509.DisplayText 1292 * @class DisplayText ASN.1 structure class 1293 * @param {Array} params associative array of parameters 1294 * @extends KJUR.asn1.DERAbstractString 1295 * @since jsrsasign 8.0.23 asn1x509 1.1.12 1296 * @description 1297 * This class represents 1298 * <a href="https://tools.ietf.org/html/rfc5280#section-4.2.1.4"> 1299 * DisplayText defined in RFC 5280 4.2.1.4</a>. 1300 * <pre> 1301 * -- from RFC 5280 Appendix A 1302 * DisplayText ::= CHOICE { 1303 * ia5String IA5String (SIZE (1..200)), 1304 * visibleString VisibleString (SIZE (1..200)), 1305 * bmpString BMPString (SIZE (1..200)), 1306 * utf8String UTF8String (SIZE (1..200)) } 1307 * </pre> 1308 * {@link KJUR.asn1.DERAbstractString} parameters and methods 1309 * can be used. 1310 * Its constructor can also have following parameter: 1311 * <ul> 1312 * <li>{String} type - DirectoryString type of DisplayText. 1313 * "ia5" for IA5String, "vis" for VisibleString, 1314 * "bmp" for BMPString and "utf8" for UTF8String. 1315 * Default is "utf8". (OPTIONAL)</li> 1316 * </ul> 1317 * @example 1318 * new DisplayText({type: "bmp", str: "Sample Org"}) 1319 * new DisplayText({type: "ia5", str: "Sample Org"}) 1320 * new DisplayText({str: "Sample Org"}) 1321 */ 1322 KJUR.asn1.x509.DisplayText = function(params) { 1323 KJUR.asn1.x509.DisplayText.superclass.constructor.call(this, params); 1324 1325 this.hT = "0c"; // DEFAULT "utf8" 1326 1327 if (params !== undefined) { 1328 if (params.type === "ia5") { 1329 this.hT = "16"; 1330 } else if (params.type === "vis") { 1331 this.hT = "1a"; 1332 } else if (params.type === "bmp") { 1333 this.hT = "1e"; 1334 } 1335 } 1336 }; 1337 extendClass(KJUR.asn1.x509.DisplayText, KJUR.asn1.DERAbstractString); 1338 // ===== END CertificatePolicies related classes ===== 1339 1340 // ===================================================================== 1341 1342 /** 1343 * PolicyMappings ASN.1 structure class<br/> 1344 * @name KJUR.asn1.x509.PolicyMappings 1345 * @class PolicyMappings ASN.1 structure class 1346 * @param {Array} params associative array of parameters 1347 * @extends KJUR.asn1.x509.Extension 1348 * @since jsrsasign 10.6.1 asn1x509 2.1.17 1349 * @description 1350 * This class represents 1351 * <a href="https://tools.ietf.org/html/rfc5280#section-4.2.1.5"> 1352 * PolicyMappings extension defined in RFC 5280 4.2.1.5</a>. 1353 * <pre> 1354 * id-ce-policyMappings OBJECT IDENTIFIER ::= { id-ce 33 } 1355 * PolicyMappings ::= SEQUENCE SIZE (1..MAX) OF SEQUENCE { 1356 * issuerDomainPolicy CertPolicyId, 1357 * subjectDomainPolicy CertPolicyId } 1358 * </pre> 1359 * Its constructor can have following parameters: 1360 * <ul> 1361 * <li>array - Array: one or more pairs of OIDS</li> 1362 * <li>critical - boolean: critical flag</li> 1363 * </ul> 1364 * OID in "array" can use an OID name registered in 1365 * {@link KJUR.asn1.x509.OID} such as "anyPolicy". 1366 * @example 1367 * e1 = new KJUR.asn1.x509.PolicyMappings({ 1368 * array: [["1.2.3", "0.1.2"], ["anyPolicy", "1.2.4"]], 1369 * critical: true 1370 * }); 1371 */ 1372 KJUR.asn1.x509.PolicyMappings = function(params) { 1373 KJUR.asn1.x509.PolicyMappings.superclass.constructor.call(this, params); 1374 var _KJUR = KJUR, 1375 _KJUR_asn1 = _KJUR.asn1, 1376 _KJUR_asn1_x509 = _KJUR_asn1.x509, 1377 _newObject = _KJUR_asn1.ASN1Util.newObject; 1378 1379 this.params = null; 1380 1381 this.getExtnValueHex = function() { 1382 var params = this.params; 1383 var aItem = []; 1384 for (var i = 0; i < params.array.length; i++) { 1385 var aOid = params.array[i]; 1386 aItem.push({seq: [{oid: aOid[0]}, {oid: aOid[1]}]}); 1387 } 1388 this.asn1ExtnValue = _newObject({seq: aItem}); 1389 return this.asn1ExtnValue.tohex(); 1390 }; 1391 1392 this.oid = "2.5.29.33"; 1393 if (params !== undefined) { 1394 this.params = params; 1395 } 1396 }; 1397 extendClass(KJUR.asn1.x509.PolicyMappings, KJUR.asn1.x509.Extension); 1398 1399 /** 1400 * PolicyConstraints ASN.1 structure class<br/> 1401 * @name KJUR.asn1.x509.PolicyConstraints 1402 * @class PolicyConstraints ASN.1 structure class 1403 * @param {Array} params associative array of parameters 1404 * @extends KJUR.asn1.x509.Extension 1405 * @since jsrsasign 10.6.1 asn1x509 2.1.17 1406 * @description 1407 * This class represents 1408 * <a href="https://tools.ietf.org/html/rfc5280#section-4.2.1.11"> 1409 * PolicyConstraints extension defined in RFC 5280 4.2.1.11</a>. 1410 * <pre> 1411 * id-ce-policyConstraints OBJECT IDENTIFIER ::= { id-ce 36 } 1412 * PolicyConstraints ::= SEQUENCE { 1413 * requireExplicitPolicy [0] SkipCerts OPTIONAL, 1414 * inhibitPolicyMapping [1] SkipCerts OPTIONAL } 1415 * SkipCerts ::= INTEGER (0..MAX) 1416 * </pre> 1417 * Its constructor can have following parameters: 1418 * <ul> 1419 * <li>reqexp - integer: the number of additional certificates that may appear 1420 * in the path before an explicit policy is required for the entire path.</li> 1421 * <li>inhibit - integer: the number of additional certificates that may appear 1422 * in the path before policy mapping is no longer permitted.</li> 1423 * <li>critical - boolean: critical flag</li> 1424 * </ul> 1425 * @example 1426 * e1 = new KJUR.asn1.x509.PolicyConstraints({ 1427 * reqexp: 3, 1428 * inhibit: 3, 1429 * critical: true 1430 * }); 1431 */ 1432 KJUR.asn1.x509.PolicyConstraints = function(params) { 1433 KJUR.asn1.x509.PolicyConstraints.superclass.constructor.call(this, params); 1434 var _KJUR = KJUR, 1435 _KJUR_asn1 = _KJUR.asn1, 1436 _KJUR_asn1_x509 = _KJUR_asn1.x509, 1437 _newObject = _KJUR_asn1.ASN1Util.newObject; 1438 1439 this.params = null; 1440 1441 this.getExtnValueHex = function() { 1442 var params = this.params; 1443 var aItem = []; 1444 if (params.reqexp != undefined) { 1445 aItem.push({tag: {tagi: "80", obj: {"int": params.reqexp}}}); 1446 } 1447 if (params.inhibit != undefined) { 1448 aItem.push({tag: {tagi: "81", obj: {"int": params.inhibit}}}); 1449 } 1450 1451 this.asn1ExtnValue = _newObject({"seq": aItem}); 1452 return this.asn1ExtnValue.tohex(); 1453 }; 1454 1455 this.oid = "2.5.29.36"; 1456 if (params !== undefined) { 1457 this.params = params; 1458 } 1459 }; 1460 extendClass(KJUR.asn1.x509.PolicyConstraints, KJUR.asn1.x509.Extension); 1461 1462 /** 1463 * InhibitAnyPolicy ASN.1 structure class<br/> 1464 * @name KJUR.asn1.x509.InhibitAnyPolicy 1465 * @class InhibitAnyPolicy ASN.1 structure class 1466 * @param {Array} params associative array of parameters 1467 * @extends KJUR.asn1.x509.Extension 1468 * @since jsrsasign 10.6.1 asn1x509 2.1.17 1469 * @description 1470 * This class represents 1471 * <a href="https://tools.ietf.org/html/rfc5280#section-4.2.1.14"> 1472 * InhibitAnyPolicy extension defined in RFC 5280 4.2.1.14</a>. 1473 * <pre> 1474 * id-ce-inhibitAnyPolicy OBJECT IDENTIFIER ::= { id-ce 54 } 1475 * InhibitAnyPolicy ::= SkipCerts 1476 * SkipCerts ::= INTEGER (0..MAX) 1477 * </pre> 1478 * Its constructor can have following parameters: 1479 * <ul> 1480 * <li>skip - the number of additional non-self-issued certificates that may appear 1481 * in the path before anyPolicy is no longer permitted<li> 1482 * <li>critical - boolean: critical flag</li> 1483 * </ul> 1484 * @example 1485 * e1 = new KJUR.asn1.x509.InhibitAnyPolicy({ 1486 * skip: 5, 1487 * critical: true 1488 * }); 1489 */ 1490 KJUR.asn1.x509.InhibitAnyPolicy = function(params) { 1491 KJUR.asn1.x509.InhibitAnyPolicy.superclass.constructor.call(this, params); 1492 var _KJUR = KJUR, 1493 _KJUR_asn1 = _KJUR.asn1, 1494 _KJUR_asn1_x509 = _KJUR_asn1.x509, 1495 _newObject = _KJUR_asn1.ASN1Util.newObject; 1496 1497 this.params = null; 1498 1499 this.getExtnValueHex = function() { 1500 this.asn1ExtnValue = _newObject({"int": this.params.skip}); 1501 return this.asn1ExtnValue.tohex(); 1502 }; 1503 1504 this.oid = "2.5.29.54"; 1505 if (params !== undefined) { 1506 this.params = params; 1507 } 1508 }; 1509 extendClass(KJUR.asn1.x509.InhibitAnyPolicy, KJUR.asn1.x509.Extension); 1510 1511 // ===================================================================== 1512 /** 1513 * NameConstraints ASN.1 structure class<br/> 1514 * @name KJUR.asn1.x509.NameConstraints 1515 * @class NameConstraints ASN.1 structure class 1516 * @param {Array} params associative array of parameters 1517 * @extends KJUR.asn1.x509.Extension 1518 * @since jsrsasign 10.5.16 asn1x509 2.1.13 1519 * @see X509#getExtNameConstraints 1520 * @see KJUR.asn1.x509.GeneralSubtree 1521 * @see KJUR.asn1.x509.GeneralName 1522 1523 * @description 1524 * This class provides X.509v3 NameConstraints extension. 1525 * defined in 1526 * <a href="https://tools.ietf.org/html/rfc5280#section-4.2.1.10"> 1527 * RFC 5280 4.2.1.10</a>. 1528 * <pre> 1529 * id-ce-nameConstraints OBJECT IDENTIFIER ::= { id-ce 30 } 1530 * NameConstraints ::= SEQUENCE { 1531 * permittedSubtrees [0] GeneralSubtrees OPTIONAL, 1532 * excludedSubtrees [1] GeneralSubtrees OPTIONAL } 1533 * GeneralSubtrees ::= SEQUENCE SIZE (1..MAX) OF GeneralSubtree 1534 * GeneralSubtree ::= SEQUENCE { 1535 * base GeneralName, 1536 * minimum [0] BaseDistance DEFAULT 0, 1537 * maximum [1] BaseDistance OPTIONAL } 1538 * BaseDistance ::= INTEGER (0..MAX) 1539 * </pre> 1540 * 1541 * @example 1542 * new NameConstraints({permit: [{dns: "example.com"}], critical: true}) 1543 * new NameConstraints({exclude: [{uri: "example.com"}], critical: true}) 1544 * new NameConstraints({exclude: [{dn: "/C=JP/O=T1"}], critical: true}) 1545 * new NameConstraints({ 1546 * critical: true, 1547 * permit: [{dn: "/C=JP/O=T1"}], 1548 * exclude: [{dn: "/C=US/O=T1", max: 2}]}) 1549 */ 1550 KJUR.asn1.x509.NameConstraints = function(params) { 1551 KJUR.asn1.x509.NameConstraints.superclass.constructor.call(this, params); 1552 var _KJUR = KJUR, 1553 _KJUR_asn1 = _KJUR.asn1, 1554 _KJUR_asn1_x509 = _KJUR_asn1.x509, 1555 _newObject = _KJUR_asn1.ASN1Util.newObject, 1556 _GeneralSubtree = _KJUR_asn1_x509.GeneralSubtree; 1557 1558 this.params = null; 1559 1560 this.getExtnValueHex = function() { 1561 var params = this.params; 1562 var aItem = []; 1563 if (params.permit != undefined && 1564 params.permit.length != undefined) { 1565 var aPermit = []; 1566 for (var i = 0; i < params.permit.length; i++) { 1567 aPermit.push(new _GeneralSubtree(params.permit[i])); 1568 } 1569 aItem.push({tag: {tagi: "a0", obj: {seq: aPermit}}}); 1570 } 1571 1572 if (params.exclude != undefined && 1573 params.exclude.length != undefined) { 1574 var aExclude = []; 1575 for (var i = 0; i < params.exclude.length; i++) { 1576 aExclude.push(new _GeneralSubtree(params.exclude[i])); 1577 } 1578 aItem.push({tag: {tagi: "a1", obj: {seq: aExclude}}}); 1579 } 1580 1581 this.asn1ExtnValue = _newObject({seq: aItem}); 1582 return this.asn1ExtnValue.tohex(); 1583 }; 1584 1585 this.oid = "2.5.29.30"; 1586 if (params !== undefined) this.params = params; 1587 }; 1588 extendClass(KJUR.asn1.x509.NameConstraints, KJUR.asn1.x509.Extension); 1589 1590 /** 1591 * GeneralSubtree ASN.1 structure class<br/> 1592 * @name KJUR.asn1.x509.GeneralSubtree 1593 * @class GeneralSubtree ASN.1 structure class 1594 * @since jsrsasign 10.5.16 asn1x509 2.1.13 1595 * @see KJUR.asn1.x509.NameConstraints 1596 * @see KJUR.asn1.x509.GeneralName 1597 * @see X509#getExtNameConstraints 1598 * @see X509#getGeneralSubtree 1599 * 1600 * @description 1601 * This class provides a encoder for GeneralSubtree 1602 * defined in 1603 * <a href="https://tools.ietf.org/html/rfc5280#section-4.2.1.10"> 1604 * RFC 5280 4.2.1.10</a>. 1605 * This will be used for nameConstraints extension. 1606 * <br> 1607 * Here is definition of the ASN.1 syntax: 1608 * <pre> 1609 * GeneralSubtree ::= SEQUENCE { 1610 * base GeneralName, 1611 * minimum [0] BaseDistance DEFAULT 0, 1612 * maximum [1] BaseDistance OPTIONAL } 1613 * BaseDistance ::= INTEGER (0..MAX) 1614 * </pre> 1615 * An argument for constructor is the same as 1616 * {@link KJUR.asn1.x509.GeneralName} except 1617 * this has following optional members: 1618 * <ul> 1619 * <li>min - {Number} value for the minimum field</li> 1620 * <li>max - {Number} value for the maximum field</li> 1621 * </ul> 1622 * Please note that min and max can't be specified since 1623 * they are prohibited in RFC 5280. 1624 * 1625 * @example 1626 * new GeneralSubtree({dns: "example.com"}) 1627 * new GeneralSubtree({uri: ".example.com"}) 1628 * new GeneralSubtree({dn: "/C=JP/O=Test1"}) 1629 */ 1630 KJUR.asn1.x509.GeneralSubtree = function(params) { 1631 KJUR.asn1.x509.GeneralSubtree.superclass.constructor.call(this); 1632 1633 var _KJUR_asn1 = KJUR.asn1, 1634 _KJUR_asn1_x509 = _KJUR_asn1.x509, 1635 _GeneralName = _KJUR_asn1_x509.GeneralName, 1636 _newObject = _KJUR_asn1.ASN1Util.newObject; 1637 1638 this.params = null; 1639 1640 this.setByParam = function(params) { 1641 this.params = params; 1642 }; 1643 1644 this.tohex = function() { 1645 var params = this.params; 1646 1647 var aItem = [new _GeneralName(params)]; 1648 if (params.min != undefined) 1649 aItem.push({tag: {tagi:"80", obj: {"int": params.min}}}); 1650 if (params.max != undefined) 1651 aItem.push({tag: {tagi:"81", obj: {"int": params.max}}}); 1652 1653 var dSeq = _newObject({seq: aItem}); 1654 return dSeq.tohex(); 1655 } 1656 this.getEncodedHex = function() { return this.tohex(); }; 1657 1658 if (params !== undefined) this.setByParam(params); 1659 }; 1660 extendClass(KJUR.asn1.x509.GeneralSubtree, KJUR.asn1.ASN1Object); 1661 1662 // ===================================================================== 1663 /** 1664 * KeyUsage ASN.1 structure class 1665 * @name KJUR.asn1.x509.ExtKeyUsage 1666 * @class ExtKeyUsage ASN.1 structure class 1667 * @param {Array} params associative array of parameters 1668 * @extends KJUR.asn1.x509.Extension 1669 * @description 1670 * @example 1671 * e1 = new KJUR.asn1.x509.ExtKeyUsage({ 1672 * critical: true, 1673 * array: [ 1674 * {oid: '2.5.29.37.0'}, // anyExtendedKeyUsage 1675 * {name: 'clientAuth'}, 1676 * "1.2.3.4", 1677 * "serverAuth" 1678 * ] 1679 * }); 1680 * // id-ce-extKeyUsage OBJECT IDENTIFIER ::= { id-ce 37 } 1681 * // ExtKeyUsageSyntax ::= SEQUENCE SIZE (1..MAX) OF KeyPurposeId 1682 * // KeyPurposeId ::= OBJECT IDENTIFIER 1683 */ 1684 KJUR.asn1.x509.ExtKeyUsage = function(params) { 1685 KJUR.asn1.x509.ExtKeyUsage.superclass.constructor.call(this, params); 1686 var _KJUR = KJUR, 1687 _KJUR_asn1 = _KJUR.asn1; 1688 1689 this.setPurposeArray = function(purposeArray) { 1690 this.asn1ExtnValue = new _KJUR_asn1.DERSequence(); 1691 for (var i = 0; i < purposeArray.length; i++) { 1692 var o = new _KJUR_asn1.DERObjectIdentifier(purposeArray[i]); 1693 this.asn1ExtnValue.appendASN1Object(o); 1694 } 1695 }; 1696 1697 this.getExtnValueHex = function() { 1698 return this.asn1ExtnValue.tohex(); 1699 }; 1700 1701 this.oid = "2.5.29.37"; 1702 if (params !== undefined) { 1703 if (params.array !== undefined) { 1704 this.setPurposeArray(params.array); 1705 } 1706 } 1707 }; 1708 extendClass(KJUR.asn1.x509.ExtKeyUsage, KJUR.asn1.x509.Extension); 1709 1710 /** 1711 * AuthorityKeyIdentifier ASN.1 structure class 1712 * @name KJUR.asn1.x509.AuthorityKeyIdentifier 1713 * @class AuthorityKeyIdentifier ASN.1 structure class 1714 * @param {Array} params associative array of parameters (ex. {kid: {hex: '89ab...'}, critical: true}) 1715 * @extends KJUR.asn1.x509.Extension 1716 * @since asn1x509 1.0.8 1717 * @description 1718 * This class represents ASN.1 structure for <a href="https://tools.ietf.org/html/rfc5280#section-4.2.1.1">AuthorityKeyIdentifier in RFC 5280</a>. 1719 * Constructor of this class may have following parameters.: 1720 * <ul> 1721 * <li>kid - When key object (RSA, KJUR.crypto.ECDSA/DSA) or PEM string of issuing authority public key or issuer certificate is specified, key identifier will be automatically calculated by the method specified in RFC 5280. When a hexadecimal string is specifed, kid will be set explicitly by it.</li> 1722 * <li>isscert - When PEM string of authority certificate is specified, both authorityCertIssuer and authorityCertSerialNumber will be set by the certificate.</li> 1723 * <li>issuer - {@link KJUR.asn1.x509.X500Name} parameter to specify issuer name explicitly.</li> 1724 * <li>sn - hexadecimal string to specify serial number explicitly.</li> 1725 * <li>critical - boolean to specify criticality of this extension 1726 * however conforming CA must mark this extension as non-critical in RFC 5280.</li> 1727 * </ul> 1728 * 1729 * <pre> 1730 * d-ce-authorityKeyIdentifier OBJECT IDENTIFIER ::= { id-ce 35 } 1731 * AuthorityKeyIdentifier ::= SEQUENCE { 1732 * keyIdentifier [0] KeyIdentifier OPTIONAL, 1733 * authorityCertIssuer [1] GeneralNames OPTIONAL, 1734 * authorityCertSerialNumber [2] CertificateSerialNumber OPTIONAL } 1735 * KeyIdentifier ::= OCTET STRING 1736 * </pre> 1737 * 1738 * @example 1739 * // 1. kid by key object 1740 * keyobj = KEYUTIL.getKey("-----BEGIN PUBLIC KEY..."); 1741 * e1 = new KJUR.asn1.x509.AuthorityKeyIdentifier({kid: keyobj}); 1742 * // 2. kid by PEM string of authority certificate or public key 1743 * e1 = new KJUR.asn1.x509.AuthorityKeyIdentifier({kid: "-----BEGIN..."}); 1744 * // 3. specify kid explicitly 1745 * e1 = new KJUR.asn1.x509.AuthorityKeyIdentifier({kid: "8ab1d3..."}); 1746 * }); 1747 * // 4. issuer and serial number by auhtority PEM certificate 1748 * e1 = new KJUR.asn1.x509.AuthorityKeyIdentifier({isscert: "-----BEGIN..."}); 1749 * // 5. issuer and serial number explicitly 1750 * e1 = new KJUR.asn1.x509.AuthorityKeyIdentifier({ 1751 * issuer: {ldapstr: "O=test,C=US"}, 1752 * sn: {hex: "1ac7..."}}); 1753 * // 6. combination 1754 * e1 = new KJUR.asn1.x509.AuthorityKeyIdentifier({ 1755 * kid: "-----BEGIN CERTIFICATE...", 1756 * isscert: "-----BEGIN CERTIFICATE..."}); 1757 */ 1758 KJUR.asn1.x509.AuthorityKeyIdentifier = function(params) { 1759 KJUR.asn1.x509.AuthorityKeyIdentifier.superclass.constructor.call(this, params); 1760 var _KJUR = KJUR, 1761 _KJUR_asn1 = _KJUR.asn1, 1762 _DERTaggedObject = _KJUR_asn1.DERTaggedObject, 1763 _GeneralNames = _KJUR_asn1.x509.GeneralNames, 1764 _isKey = _KJUR.crypto.Util.isKey; 1765 1766 this.asn1KID = null; 1767 this.asn1CertIssuer = null; // X500Name hTLV 1768 this.asn1CertSN = null; 1769 1770 this.getExtnValueHex = function() { 1771 var a = new Array(); 1772 if (this.asn1KID) 1773 a.push(new _DERTaggedObject({'explicit': false, 1774 'tag': '80', 1775 'obj': this.asn1KID})); 1776 1777 if (this.asn1CertIssuer) 1778 a.push(new _DERTaggedObject({'explicit': false, 1779 'tag': 'a1', 1780 'obj': new _GeneralNames([{dn: this.asn1CertIssuer}])})); 1781 1782 if (this.asn1CertSN) 1783 a.push(new _DERTaggedObject({'explicit': false, 1784 'tag': '82', 1785 'obj': this.asn1CertSN})); 1786 1787 var asn1Seq = new _KJUR_asn1.DERSequence({'array': a}); 1788 this.asn1ExtnValue = asn1Seq; 1789 return this.asn1ExtnValue.tohex(); 1790 }; 1791 1792 /** 1793 * set keyIdentifier value by DEROctetString parameter, key object or PEM file 1794 * @name setKIDByParam 1795 * @memberOf KJUR.asn1.x509.AuthorityKeyIdentifier# 1796 * @function 1797 * @param {Array} param parameter to set key identifier 1798 * @since asn1x509 1.0.8 1799 * @description 1800 * This method will set keyIdentifier by param. 1801 * Its key identifier value can be set by following type of param argument: 1802 * <ul> 1803 * <li>{str: "123"} - by raw string</li> 1804 * <li>{hex: "01af..."} - by hexadecimal value</li> 1805 * <li>RSAKey/DSA/ECDSA - by RSAKey, KJUR.crypto.{DSA/ECDSA} public key object. 1806 * key identifier value will be calculated by the method described in 1807 * <a href="https://tools.ietf.org/html/rfc5280#section-4.2.1.2">RFC 5280 4.2.1.2 (1)</a>. 1808 * </li> 1809 * <li>certificate PEM string - extract subjectPublicKeyInfo from specified PEM 1810 * certificate and 1811 * key identifier value will be calculated by the method described in 1812 * <a href="https://tools.ietf.org/html/rfc5280#section-4.2.1.2">RFC 5280 4.2.1.2 (1)</a>. 1813 * <li>PKCS#1/#8 public key PEM string - pem will be converted to a key object and 1814 * to PKCS#8 ASN.1 structure then calculate 1815 * a key identifier value will be calculated by the method described in 1816 * <a href="https://tools.ietf.org/html/rfc5280#section-4.2.1.2">RFC 5280 4.2.1.2 (1)</a>. 1817 * </ul> 1818 * 1819 * NOTE1: Automatic key identifier calculation is supported 1820 * since jsrsasign 8.0.16. 1821 * 1822 * @see KEYUTIL.getKeyID 1823 * 1824 * @example 1825 * o = new KJUR.asn1.x509.AuthorityKeyIdentifier(); 1826 * // set by hexadecimal string 1827 * o.setKIDByParam({hex: '1ad9...'}); 1828 * // set by SubjectPublicKeyInfo of PEM certificate string 1829 * o.setKIDByParam("-----BEGIN CERTIFICATE..."); 1830 * // set by PKCS#8 PEM public key string 1831 * o.setKIDByParam("-----BEGIN PUBLIC KEY..."); 1832 * // set by public key object 1833 * pubkey = KEYUTIL.getKey("-----BEGIN CERTIFICATE..."); 1834 * o.setKIDByParam(pubkey); 1835 */ 1836 this.setKIDByParam = function(param) { 1837 if (param.str !== undefined || 1838 param.hex !== undefined) { 1839 this.asn1KID = new KJUR.asn1.DEROctetString(param); 1840 } else if ((typeof param === "object" && 1841 KJUR.crypto.Util.isKey(param)) || 1842 (typeof param === "string" && 1843 param.indexOf("BEGIN ") != -1)) { 1844 1845 var keyobj = param; 1846 if (typeof param === "string") { 1847 keyobj = KEYUTIL.getKey(param); 1848 } 1849 1850 var kid = KEYUTIL.getKeyID(keyobj); 1851 this.asn1KID = new KJUR.asn1.DEROctetString({hex: kid}); 1852 } 1853 }; 1854 1855 /** 1856 * set authorityCertIssuer value by X500Name parameter 1857 * @name setCertIssuerByParam 1858 * @memberOf KJUR.asn1.x509.AuthorityKeyIdentifier# 1859 * @function 1860 * @param {Array} param parameter to set issuer name 1861 * @since asn1x509 1.0.8 1862 * @description 1863 * This method will set authorityCertIssuer name by param. 1864 * Issuer name can be set by following type of param argument: 1865 * <ul> 1866 * <li>str/ldapstr/hex/certsubject/certissuer - 1867 * set issuer by {@link KJUR.asn1.x509.X500Name} 1868 * object with specified parameters.</li> 1869 * <li>PEM CERTIFICATE STRING - extract its subject name from 1870 * specified issuer PEM certificate and set. 1871 * </ul> 1872 * NOTE1: Automatic authorityCertIssuer setting by certificate 1873 * is supported since jsrsasign 8.0.16. 1874 * 1875 * @see KJUR.asn1.x509.X500Name 1876 * @see KJUR.asn1.x509.GeneralNames 1877 * @see X509.getSubjectHex 1878 * 1879 * @example 1880 * var o = new KJUR.asn1.x509.AuthorityKeyIdentifier(); 1881 * // 1. set it by string 1882 * o.setCertIssuerByParam({str: '/C=US/O=Test'}); 1883 * // 2. set it by issuer PEM certificate 1884 * o.setCertIssuerByParam("-----BEGIN CERTIFICATE..."); 1885 * 1886 */ 1887 this.setCertIssuerByParam = function(param) { 1888 if (param.str !== undefined || 1889 param.ldapstr !== undefined || 1890 param.hex !== undefined || 1891 param.certsubject !== undefined || 1892 param.certissuer !== undefined) { 1893 this.asn1CertIssuer = new KJUR.asn1.x509.X500Name(param); 1894 } else if (typeof param === "string" && 1895 param.indexOf("BEGIN ") != -1 && 1896 param.indexOf("CERTIFICATE") != -1) { 1897 this.asn1CertIssuer = new KJUR.asn1.x509.X500Name({certissuer: param}); 1898 } 1899 }; 1900 1901 /** 1902 * set authorityCertSerialNumber value 1903 * @name setCertSerialNumberByParam 1904 * @memberOf KJUR.asn1.x509.AuthorityKeyIdentifier# 1905 * @function 1906 * @param {Object} param parameter to set serial number 1907 * @since asn1x509 1.0.8 1908 * @description 1909 * This method will set authorityCertSerialNumber by param. 1910 * Serial number can be set by following type of param argument: 1911 * 1912 * <ul> 1913 * <li>{int: 123} - by integer value</li> 1914 * <li>{hex: "01af"} - by hexadecimal integer value</li> 1915 * <li>{bigint: new BigInteger(...)} - by hexadecimal integer value</li> 1916 * <li>PEM CERTIFICATE STRING - extract serial number from issuer certificate and 1917 * set serial number. 1918 * 1919 * NOTE1: Automatic authorityCertSerialNumber setting by certificate 1920 * is supported since jsrsasign 8.0.16. 1921 * 1922 * @see X509.getSerialNumberHex 1923 */ 1924 this.setCertSNByParam = function(param) { 1925 if (param.str !== undefined || 1926 param.bigint !== undefined || 1927 param.hex !== undefined) { 1928 this.asn1CertSN = new KJUR.asn1.DERInteger(param); 1929 } else if (typeof param === "string" && 1930 param.indexOf("BEGIN ") != -1 && 1931 param.indexOf("CERTIFICATE")) { 1932 1933 var x = new X509(); 1934 x.readCertPEM(param); 1935 var sn = x.getSerialNumberHex(); 1936 this.asn1CertSN = new KJUR.asn1.DERInteger({hex: sn}); 1937 } 1938 }; 1939 1940 this.oid = "2.5.29.35"; 1941 if (params !== undefined) { 1942 if (params.kid !== undefined) { 1943 this.setKIDByParam(params.kid); 1944 } 1945 if (params.issuer !== undefined) { 1946 this.setCertIssuerByParam(params.issuer); 1947 } 1948 if (params.sn !== undefined) { 1949 this.setCertSNByParam(params.sn); 1950 } 1951 1952 if (params.issuersn !== undefined && 1953 typeof params.issuersn === "string" && 1954 params.issuersn.indexOf("BEGIN ") != -1 && 1955 params.issuersn.indexOf("CERTIFICATE")) { 1956 this.setCertSNByParam(params.issuersn); 1957 this.setCertIssuerByParam(params.issuersn); 1958 } 1959 } 1960 }; 1961 extendClass(KJUR.asn1.x509.AuthorityKeyIdentifier, KJUR.asn1.x509.Extension); 1962 1963 /** 1964 * SubjectKeyIdentifier extension ASN.1 structure class 1965 * @name KJUR.asn1.x509.SubjectKeyIdentifier 1966 * @class SubjectKeyIdentifier ASN.1 structure class 1967 * @param {Array} params associative array of parameters (ex. {kid: {hex: '89ab...'}, critical: true}) 1968 * @extends KJUR.asn1.x509.Extension 1969 * @since asn1x509 1.1.7 jsrsasign 8.0.14 1970 * @description 1971 * This class represents ASN.1 structure for 1972 * <a href="https://tools.ietf.org/html/rfc5280#section-4.2.1.2"> 1973 * SubjectKeyIdentifier in RFC 5280</a>. 1974 * Constructor of this class may have following parameters: 1975 * <ul> 1976 * <li>kid - When key object (RSA, KJUR.crypto.ECDSA/DSA) or PEM string of subject public key or certificate is specified, key identifier will be automatically calculated by the method specified in RFC 5280. When a hexadecimal string is specifed, kid will be set explicitly by it.</li> 1977 * <li>critical - boolean to specify criticality of this extension 1978 * however conforming CA must mark this extension as non-critical in RFC 5280.</li> 1979 * </ul> 1980 * <pre> 1981 * d-ce-subjectKeyIdentifier OBJECT IDENTIFIER ::= { id-ce 14 } 1982 * SubjectKeyIdentifier ::= KeyIdentifier 1983 * KeyIdentifier ::= OCTET STRING 1984 * </pre> 1985 * 1986 * @example 1987 * // set by hexadecimal string 1988 * e = new KJUR.asn1.x509.SubjectKeyIdentifier({kid: {hex: '89ab'}}); 1989 * // set by PEM public key or certificate string 1990 * e = new KJUR.asn1.x509.SubjectKeyIdentifier({kid: "-----BEGIN CERTIFICATE..."}); 1991 * // set by public key object 1992 * pubkey = KEYUTIL.getKey("-----BEGIN CERTIFICATE..."); 1993 * e = new KJUR.asn1.x509.SubjectKeyIdentifier({kid: pubkey}); 1994 */ 1995 KJUR.asn1.x509.SubjectKeyIdentifier = function(params) { 1996 KJUR.asn1.x509.SubjectKeyIdentifier.superclass.constructor.call(this, params); 1997 var _KJUR = KJUR, 1998 _KJUR_asn1 = _KJUR.asn1, 1999 _DEROctetString = _KJUR_asn1.DEROctetString; 2000 2001 this.asn1KID = null; 2002 2003 this.getExtnValueHex = function() { 2004 this.asn1ExtnValue = this.asn1KID; 2005 return this.asn1ExtnValue.tohex(); 2006 }; 2007 2008 /** 2009 * set keyIdentifier value by DEROctetString parameter, key object or PEM file 2010 * @name setKIDByParam 2011 * @memberOf KJUR.asn1.x509.SubjectKeyIdentifier# 2012 * @function 2013 * @param {Array} param array of {@link KJUR.asn1.DERInteger} parameter 2014 * @since asn1x509 1.1.7 jsrsasign 8.0.14 2015 * @description 2016 * <ul> 2017 * <li>{str: "123"} - by raw string</li> 2018 * <li>{hex: "01af..."} - by hexadecimal value</li> 2019 * <li>RSAKey/DSA/ECDSA - by RSAKey, KJUR.crypto.{DSA/ECDSA} public key object. 2020 * key identifier value will be calculated by the method described in 2021 * <a href="https://tools.ietf.org/html/rfc5280#section-4.2.1.2">RFC 5280 4.2.1.2 (1)</a>. 2022 * </li> 2023 * <li>certificate PEM string - extract subjectPublicKeyInfo from specified PEM 2024 * certificate and 2025 * key identifier value will be calculated by the method described in 2026 * <a href="https://tools.ietf.org/html/rfc5280#section-4.2.1.2">RFC 5280 4.2.1.2 (1)</a>. 2027 * <li>PKCS#1/#8 public key PEM string - pem will be converted to a key object and 2028 * to PKCS#8 ASN.1 structure then calculate 2029 * a key identifier value will be calculated by the method described in 2030 * <a href="https://tools.ietf.org/html/rfc5280#section-4.2.1.2">RFC 5280 4.2.1.2 (1)</a>. 2031 * </ul> 2032 * 2033 * NOTE1: Automatic key identifier calculation is supported 2034 * since jsrsasign 8.0.16. 2035 * 2036 * @see KEYUTIL.getKeyID 2037 * 2038 * @example 2039 * o = new KJUR.asn1.x509.SubjectKeyIdentifier(); 2040 * // set by hexadecimal string 2041 * o.setKIDByParam({hex: '1ad9...'}); 2042 * // set by SubjectPublicKeyInfo of PEM certificate string 2043 * o.setKIDByParam("-----BEGIN CERTIFICATE..."); 2044 * // set by PKCS#8 PEM public key string 2045 * o.setKIDByParam("-----BEGIN PUBLIC KEY..."); 2046 * // set by public key object 2047 * pubkey = KEYUTIL.getKey("-----BEGIN CERTIFICATE..."); 2048 * o.setKIDByParam(pubkey); 2049 */ 2050 this.setKIDByParam = function(param) { 2051 if (param.str !== undefined || 2052 param.hex !== undefined) { 2053 this.asn1KID = new _DEROctetString(param); 2054 } else if ((typeof param === "object" && 2055 KJUR.crypto.Util.isKey(param)) || 2056 (typeof param === "string" && 2057 param.indexOf("BEGIN") != -1)) { 2058 2059 var keyobj = param; 2060 if (typeof param === "string") { 2061 keyobj = KEYUTIL.getKey(param); 2062 } 2063 2064 var kid = KEYUTIL.getKeyID(keyobj); 2065 this.asn1KID = new KJUR.asn1.DEROctetString({hex: kid}); 2066 } 2067 }; 2068 2069 this.oid = "2.5.29.14"; 2070 if (params !== undefined) { 2071 if (params.kid !== undefined) { 2072 this.setKIDByParam(params.kid); 2073 } 2074 } 2075 }; 2076 extendClass(KJUR.asn1.x509.SubjectKeyIdentifier, KJUR.asn1.x509.Extension); 2077 2078 /** 2079 * AuthorityInfoAccess ASN.1 structure class 2080 * @name KJUR.asn1.x509.AuthorityInfoAccess 2081 * @class AuthorityInfoAccess ASN.1 structure class 2082 * @param {Array} params JSON object of AuthorityInfoAccess parameters 2083 * @extends KJUR.asn1.x509.Extension 2084 * @since asn1x509 1.0.8 2085 * @see {@link X509#getExtAuthorityInfoAccess} 2086 * @description 2087 * This class represents 2088 * <a href="https://tools.ietf.org/html/rfc5280#section-4.2.2.1"> 2089 * AuthorityInfoAccess extension defined in RFC 5280 4.2.2.1</a>. 2090 * <pre> 2091 * id-pe OBJECT IDENTIFIER ::= { id-pkix 1 } 2092 * id-pe-authorityInfoAccess OBJECT IDENTIFIER ::= { id-pe 1 } 2093 * AuthorityInfoAccessSyntax ::= 2094 * SEQUENCE SIZE (1..MAX) OF AccessDescription 2095 * AccessDescription ::= SEQUENCE { 2096 * accessMethod OBJECT IDENTIFIER, 2097 * accessLocation GeneralName } 2098 * id-ad OBJECT IDENTIFIER ::= { id-pkix 48 } 2099 * id-ad-caIssuers OBJECT IDENTIFIER ::= { id-ad 2 } 2100 * id-ad-ocsp OBJECT IDENTIFIER ::= { id-ad 1 } 2101 * </pre> 2102 * NOTE: Acceptable parameters have been changed since 2103 * from jsrsasign 9.0.0 asn1x509 2.0.0. 2104 * Parameter generated by {@link X509#getAuthorityInfoAccess} 2105 * can be accepted as a argument of this constructor. 2106 * @example 2107 * e1 = new KJUR.asn1.x509.AuthorityInfoAccess({ 2108 * array: [ 2109 * {ocsp: 'http://ocsp.example.org'}, 2110 * {caissuer: 'https://repository.example.org/aaa.crt'} 2111 * ] 2112 * }); 2113 */ 2114 KJUR.asn1.x509.AuthorityInfoAccess = function(params) { 2115 KJUR.asn1.x509.AuthorityInfoAccess.superclass.constructor.call(this, params); 2116 2117 this.setAccessDescriptionArray = function(aParam) { 2118 var aASN1 = new Array(), 2119 _KJUR = KJUR, 2120 _KJUR_asn1 = _KJUR.asn1, 2121 _DERSequence = _KJUR_asn1.DERSequence, 2122 _DERObjectIdentifier = _KJUR_asn1.DERObjectIdentifier, 2123 _GeneralName = _KJUR_asn1.x509.GeneralName; 2124 2125 for (var i = 0; i < aParam.length; i++) { 2126 var adseq; 2127 var adparam = aParam[i]; 2128 2129 if (adparam.ocsp !== undefined) { 2130 adseq = new _DERSequence({array: [ 2131 new _DERObjectIdentifier({oid: "1.3.6.1.5.5.7.48.1"}), 2132 new _GeneralName({uri: adparam.ocsp}) 2133 ]}); 2134 } else if (adparam.caissuer !== undefined) { 2135 adseq = new _DERSequence({array: [ 2136 new _DERObjectIdentifier({oid: "1.3.6.1.5.5.7.48.2"}), 2137 new _GeneralName({uri: adparam.caissuer}) 2138 ]}); 2139 } else { 2140 throw new Error("unknown AccessMethod parameter: " + 2141 JSON.stringify(adparam)); 2142 } 2143 aASN1.push(adseq); 2144 } 2145 this.asn1ExtnValue = new _DERSequence({'array':aASN1}); 2146 }; 2147 2148 this.getExtnValueHex = function() { 2149 return this.asn1ExtnValue.tohex(); 2150 }; 2151 2152 this.oid = "1.3.6.1.5.5.7.1.1"; 2153 if (params !== undefined) { 2154 if (params.array !== undefined) { 2155 this.setAccessDescriptionArray(params.array); 2156 } 2157 } 2158 }; 2159 extendClass(KJUR.asn1.x509.AuthorityInfoAccess, KJUR.asn1.x509.Extension); 2160 2161 /** 2162 * SubjectAltName ASN.1 structure class<br/> 2163 * @name KJUR.asn1.x509.SubjectAltName 2164 * @class SubjectAltName ASN.1 structure class 2165 * @param {Array} params associative array of parameters 2166 * @extends KJUR.asn1.x509.Extension 2167 * @since jsrsasign 6.2.3 asn1x509 1.0.19 2168 * @see KJUR.asn1.x509.GeneralNames 2169 * @see KJUR.asn1.x509.GeneralName 2170 * @description 2171 * This class provides X.509v3 SubjectAltName extension. 2172 * <pre> 2173 * id-ce-subjectAltName OBJECT IDENTIFIER ::= { id-ce 17 } 2174 * SubjectAltName ::= GeneralNames 2175 * GeneralNames ::= SEQUENCE SIZE (1..MAX) OF GeneralName 2176 * GeneralName ::= CHOICE { 2177 * otherName [0] OtherName, 2178 * rfc822Name [1] IA5String, 2179 * dNSName [2] IA5String, 2180 * x400Address [3] ORAddress, 2181 * directoryName [4] Name, 2182 * ediPartyName [5] EDIPartyName, 2183 * uniformResourceIdentifier [6] IA5String, 2184 * iPAddress [7] OCTET STRING, 2185 * registeredID [8] OBJECT IDENTIFIER } 2186 * </pre> 2187 * @example 2188 * e1 = new KJUR.asn1.x509.SubjectAltName({ 2189 * critical: true, 2190 * array: [{uri: 'http://aaa.com/'}, {uri: 'http://bbb.com/'}] 2191 * }); 2192 */ 2193 KJUR.asn1.x509.SubjectAltName = function(params) { 2194 KJUR.asn1.x509.SubjectAltName.superclass.constructor.call(this, params) 2195 2196 this.setNameArray = function(paramsArray) { 2197 this.asn1ExtnValue = new KJUR.asn1.x509.GeneralNames(paramsArray); 2198 }; 2199 2200 this.getExtnValueHex = function() { 2201 return this.asn1ExtnValue.tohex(); 2202 }; 2203 2204 this.oid = "2.5.29.17"; 2205 if (params !== undefined) { 2206 if (params.array !== undefined) { 2207 this.setNameArray(params.array); 2208 } 2209 } 2210 }; 2211 extendClass(KJUR.asn1.x509.SubjectAltName, KJUR.asn1.x509.Extension); 2212 2213 /** 2214 * IssuerAltName ASN.1 structure class<br/> 2215 * @name KJUR.asn1.x509.IssuerAltName 2216 * @class IssuerAltName ASN.1 structure class 2217 * @param {Array} params associative array of parameters 2218 * @extends KJUR.asn1.x509.Extension 2219 * @since jsrsasign 6.2.3 asn1x509 1.0.19 2220 * @see KJUR.asn1.x509.GeneralNames 2221 * @see KJUR.asn1.x509.GeneralName 2222 * @description 2223 * This class provides X.509v3 IssuerAltName extension. 2224 * <pre> 2225 * id-ce-subjectAltName OBJECT IDENTIFIER ::= { id-ce 18 } 2226 * IssuerAltName ::= GeneralNames 2227 * GeneralNames ::= SEQUENCE SIZE (1..MAX) OF GeneralName 2228 * GeneralName ::= CHOICE { 2229 * otherName [0] OtherName, 2230 * rfc822Name [1] IA5String, 2231 * dNSName [2] IA5String, 2232 * x400Address [3] ORAddress, 2233 * directoryName [4] Name, 2234 * ediPartyName [5] EDIPartyName, 2235 * uniformResourceIdentifier [6] IA5String, 2236 * iPAddress [7] OCTET STRING, 2237 * registeredID [8] OBJECT IDENTIFIER } 2238 * </pre> 2239 * @example 2240 * e1 = new KJUR.asn1.x509.IssuerAltName({ 2241 * critical: true, 2242 * array: [{uri: 'http://aaa.com/'}, {uri: 'http://bbb.com/'}] 2243 * }); 2244 */ 2245 KJUR.asn1.x509.IssuerAltName = function(params) { 2246 KJUR.asn1.x509.IssuerAltName.superclass.constructor.call(this, params) 2247 2248 this.setNameArray = function(paramsArray) { 2249 this.asn1ExtnValue = new KJUR.asn1.x509.GeneralNames(paramsArray); 2250 }; 2251 2252 this.getExtnValueHex = function() { 2253 return this.asn1ExtnValue.tohex(); 2254 }; 2255 2256 this.oid = "2.5.29.18"; 2257 if (params !== undefined) { 2258 if (params.array !== undefined) { 2259 this.setNameArray(params.array); 2260 } 2261 } 2262 }; 2263 extendClass(KJUR.asn1.x509.IssuerAltName, KJUR.asn1.x509.Extension); 2264 2265 /** 2266 * SubjectDirectoryAttributes ASN.1 structure class<br/> 2267 * @name KJUR.asn1.x509.SubjectDirectoryAttributes 2268 * @class SubjectDirectoryAttributes ASN.1 structure class 2269 * @param {Array} params associative array of parameters 2270 * @extends KJUR.asn1.x509.Extension 2271 * @since jsrsasign 10.1.9 asn1x509 2.1.7 2272 * @see 2273 * 2274 * @description 2275 * This class provides X.509v3 SubjectDirectoryAttributes extension 2276 * defined in <a href="https://tools.ietf.org/html/rfc3739#section-3.3.2"> 2277 * RFC 3739 Qualified Certificate Profile section 3.3.2</a>. 2278 * <pre> 2279 * SubjectDirectoryAttributes ::= Attributes 2280 * Attributes ::= SEQUENCE SIZE (1..MAX) OF Attribute 2281 * Attribute ::= SEQUENCE { 2282 * type AttributeType 2283 * values SET OF AttributeValue } 2284 * AttributeType ::= OBJECT IDENTIFIER 2285 * AttributeValue ::= ANY DEFINED BY AttributeType 2286 * </pre> 2287 * Value of member "array" is an array which as following associative arrays as elements: 2288 * <ul> 2289 * <li>attr: OID name or value of attribute type (ex. "gender" or "1.2.3.4")</li> 2290 * <li>str: attribute value of pre defined types (See example for registered attribute types)</li> 2291 * <li>array: array of ASN.1 parameters as attribute value (See {@link KJUR.asn1.ASN1Util#newObject})</li> 2292 * </ul> 2293 * <br/> 2294 * NOTE: From jsrsasign 10.8.4, member "array in array" supported for an arbitrary 2295 * attribute value. 2296 * 2297 * @example 2298 * e1 = new KJUR.asn1.x509.SubjectDirectoryAttributes({ 2299 * extname: "subjectDirectoryAttributes", 2300 * array: [ 2301 * { attr: "dateOfBirth", str: "19701231230000Z" }, 2302 * { attr: "placeOfBirth", str: "Tokyo" }, 2303 * { attr: "gender", str: "F" }, 2304 * { attr: "countryOfCitizenship", str: "JP" }, 2305 * { attr: "countryOfResidence", str: "JP" }, 2306 * { attr: "1.2.3.4.5", array: [{prnstr: {str: "aaa"}}] } 2307 * ] 2308 * }); 2309 */ 2310 KJUR.asn1.x509.SubjectDirectoryAttributes = function(params) { 2311 KJUR.asn1.x509.SubjectDirectoryAttributes.superclass.constructor.call(this, params); 2312 var _KJUR_asn1 = KJUR.asn1, 2313 _DERSequence = _KJUR_asn1.DERSequence, 2314 _newObject = _KJUR_asn1.ASN1Util.newObject, 2315 _name2oid = _KJUR_asn1.x509.OID.name2oid; 2316 2317 this.params = null; 2318 2319 this.getExtnValueHex = function() { 2320 var a = []; 2321 for (var i = 0; i < this.params.array.length; i++) { 2322 var pAttr = this.params.array[i]; 2323 2324 if (pAttr.attr != undefined && pAttr.array != undefined) { 2325 var pObj = {"seq": [{"oid": pAttr.attr}, {"set": pAttr.array}]}; 2326 a.push(_newObject(pObj)); 2327 continue; 2328 } 2329 2330 var newparam = {"seq": [{"oid": "1.2.3.4"}, {"set": [{"utf8str": "DE"}]}]}; 2331 2332 if (pAttr.attr == "dateOfBirth") { 2333 newparam.seq[0].oid = _name2oid(pAttr.attr); 2334 newparam.seq[1].set[0] = {"gentime": pAttr.str}; 2335 } else if (pAttr.attr == "placeOfBirth") { 2336 newparam.seq[0].oid = _name2oid(pAttr.attr); 2337 newparam.seq[1].set[0] = {"utf8str": pAttr.str}; 2338 } else if (pAttr.attr == "gender") { 2339 newparam.seq[0].oid = _name2oid(pAttr.attr); 2340 newparam.seq[1].set[0] = {"prnstr": pAttr.str}; 2341 } else if (pAttr.attr == "countryOfCitizenship") { 2342 newparam.seq[0].oid = _name2oid(pAttr.attr); 2343 newparam.seq[1].set[0] = {"prnstr": pAttr.str}; 2344 } else if (pAttr.attr == "countryOfResidence") { 2345 newparam.seq[0].oid = _name2oid(pAttr.attr); 2346 newparam.seq[1].set[0] = {"prnstr": pAttr.str}; 2347 } else { 2348 throw new Error("unsupported attribute: " + pAttr.attr); 2349 } 2350 a.push(new _newObject(newparam)); 2351 } 2352 var seq = new _DERSequence({array: a}); 2353 this.asn1ExtnValue = seq; 2354 return this.asn1ExtnValue.tohex(); 2355 }; 2356 2357 this.oid = "2.5.29.9"; 2358 if (params !== undefined) { 2359 this.params = params; 2360 } 2361 }; 2362 extendClass(KJUR.asn1.x509.SubjectDirectoryAttributes, KJUR.asn1.x509.Extension); 2363 2364 2365 /** 2366 * priavte extension ASN.1 structure class<br/> 2367 * @name KJUR.asn1.x509.PrivateExtension 2368 * @class private extension ASN.1 structure class 2369 * @param {Array} params JSON object of private extension 2370 * @extends KJUR.asn1.x509.Extension 2371 * @since jsrsasign 9.1.1 asn1x509 2372 * @see KJUR.asn1.ASN1Util.newObject 2373 * 2374 * @description 2375 * This class is to represent private extension or 2376 * unsupported extension. 2377 * <pre> 2378 * Extension ::= SEQUENCE { 2379 * extnID OBJECT IDENTIFIER, 2380 * critical BOOLEAN DEFAULT FALSE, 2381 * extnValue OCTET STRING } 2382 * </pre> 2383 * Following properties can be set for JSON parameter: 2384 * <ul> 2385 * <li>{String}extname - string of OID or predefined extension name</li> 2386 * <li>{Boolean}critical - critical flag</li> 2387 * <li>{Object}extn - hexadecimal string or 2388 * of {@link KJUR.asn1.ASN1Util.newObject} 2389 * JSON parameter for extnValue field</li> 2390 * </li> 2391 * </ul> 2392 * 2393 * @example 2394 * // extn by hexadecimal 2395 * new KJUR.asn1.x509.PrivateExtension({ 2396 * extname: "1.2.3.4", 2397 * critical: true, 2398 * extn: "13026161" // means PrintableString "aa" 2399 * }); 2400 * 2401 * // extn by JSON parameter 2402 * new KJUR.asn1.x509.PrivateExtension({ 2403 * extname: "1.2.3.5", 2404 * extn: {seq: [{prnstr:"abc"},{utf8str:"def"}]} 2405 * }); 2406 */ 2407 KJUR.asn1.x509.PrivateExtension = function(params) { 2408 KJUR.asn1.x509.PrivateExtension.superclass.constructor.call(this, params) 2409 2410 var _KJUR = KJUR, 2411 _isHex = _KJUR.lang.String.isHex, 2412 _KJUR_asn1 = _KJUR.asn1, 2413 _name2oid = _KJUR_asn1.x509.OID.name2oid, 2414 _newObject = _KJUR_asn1.ASN1Util.newObject; 2415 2416 this.params = null; 2417 2418 this.setByParam = function(params) { 2419 this.oid = _name2oid(params.extname); 2420 this.params = params; 2421 }; 2422 2423 this.getExtnValueHex = function() { 2424 if (this.params.extname == undefined || 2425 this.params.extn == undefined) { 2426 throw new Error("extname or extnhex not specified"); 2427 } 2428 2429 var extn = this.params.extn; 2430 if (typeof extn == "string" && _isHex(extn)) { 2431 return extn; 2432 } else if (typeof extn == "object") { 2433 try { 2434 return _newObject(extn).tohex(); 2435 } catch(ex) {} 2436 } 2437 throw new Error("unsupported extn value"); 2438 }; 2439 2440 if (params != undefined) { 2441 this.setByParam(params); 2442 } 2443 }; 2444 extendClass(KJUR.asn1.x509.PrivateExtension, KJUR.asn1.x509.Extension); 2445 2446 // === END X.509v3 Extensions Related ======================================= 2447 2448 // === BEGIN CRL Related =================================================== 2449 /** 2450 * X.509 CRL class to sign and generate hex encoded CRL<br/> 2451 * @name KJUR.asn1.x509.CRL 2452 * @class X.509 CRL class to sign and generate hex encoded certificate 2453 * @property {Array} params JSON object of parameters 2454 * @param {Array} params JSON object of CRL parameters 2455 * @extends KJUR.asn1.ASN1Object 2456 * @since 1.0.3 2457 * @see KJUR.asn1.x509.TBSCertList 2458 * 2459 * @description 2460 * This class represents CertificateList ASN.1 structur of X.509 CRL 2461 * defined in <a href="https://tools.ietf.org/html/rfc5280#section-5.1"> 2462 * RFC 5280 5.1</a> 2463 * <pre> 2464 * CertificateList ::= SEQUENCE { 2465 * tbsCertList TBSCertList, 2466 * signatureAlgorithm AlgorithmIdentifier, 2467 * signatureValue BIT STRING } 2468 * </pre> 2469 * NOTE: CRL class is updated without backward 2470 * compatibility from jsrsasign 9.1.0 asn1x509 2.1.0. 2471 * Most of methods are removed and parameters can be set 2472 * by JSON object. 2473 * <br/> 2474 * Constructor of this class can accept all 2475 * parameters of {@link KJUR.asn1.x509.TBSCertList}. 2476 * It also accept following parameters additionally: 2477 * <ul> 2478 * <li>{TBSCertList}tbsobj (OPTION) - 2479 * specifies {@link KJUR.asn1.x509.TBSCertList} 2480 * object to be signed if needed. 2481 * When this isn't specified, 2482 * this will be set from other parametes of TBSCertList.</li> 2483 * <li>{Object}cakey (OPTION) - specifies CRL signing private key. 2484 * Parameter "cakey" or "sighex" shall be specified. Following 2485 * values can be specified: 2486 * <ul> 2487 * <li>PKCS#1/5 or PKCS#8 PEM string of private key</li> 2488 * <li>RSAKey/DSA/ECDSA key object. {@link KEYUTIL.getKey} is useful 2489 * to generate a key object.</li> 2490 * </ul> 2491 * </li> 2492 * <li>{String}sighex (OPTION) - hexadecimal string of signature value 2493 * (i.e. ASN.1 value(V) of signatureValue BIT STRING without 2494 * unused bits)</li> 2495 * </ul> 2496 * 2497 * @example 2498 * var crl = new KJUR.asn1.x509.CRL({ 2499 * sigalg: "SHA256withRSA", 2500 * issuer: {str:'/C=JP/O=Test1'}, 2501 * thisupdate: "200821235959Z", 2502 * nextupdate: "200828235959Z", // OPTION 2503 * revcert: [{sn: {hex: "12ab"}, date: "200401235959Z"}], 2504 * ext: [ 2505 * {extname: "cRLNumber", num: {'int': 8}}, 2506 * {extname: "authorityKeyIdentifier", "kid": {hex: "12ab"}} 2507 * ], 2508 * cakey: prvkey 2509 * }); 2510 * crl.gettohex() → "30..." 2511 * crl.getPEM() → "-----BEGIN X509 CRL..." 2512 */ 2513 KJUR.asn1.x509.CRL = function(params) { 2514 KJUR.asn1.x509.CRL.superclass.constructor.call(this); 2515 var _KJUR = KJUR, 2516 _KJUR_asn1 = _KJUR.asn1, 2517 _DERSequence = _KJUR_asn1.DERSequence, 2518 _DERBitString = _KJUR_asn1.DERBitString, 2519 _KJUR_asn1_x509 = _KJUR_asn1.x509, 2520 _AlgorithmIdentifier = _KJUR_asn1_x509.AlgorithmIdentifier, 2521 _TBSCertList = _KJUR_asn1_x509.TBSCertList; 2522 2523 this.params = undefined; 2524 2525 this.setByParam = function(params) { 2526 this.params = params; 2527 }; 2528 2529 /** 2530 * sign CRL<br/> 2531 * @name sign 2532 * @memberOf KJUR.asn1.x509.CRL# 2533 * @function 2534 * @description 2535 * This method signs TBSCertList with a specified 2536 * private key and algorithm by 2537 * this.params.cakey and this.params.sigalg parameter. 2538 * @example 2539 * crl = new KJUR.asn1.x509.CRL({..., cakey:prvkey}); 2540 * crl.sign() 2541 */ 2542 this.sign = function() { 2543 var hTBSCL = (new _TBSCertList(this.params)).tohex(); 2544 var sig = new KJUR.crypto.Signature({alg: this.params.sigalg}); 2545 sig.init(this.params.cakey); 2546 sig.updateHex(hTBSCL); 2547 var sighex = sig.sign(); 2548 this.params.sighex = sighex; 2549 }; 2550 2551 /** 2552 * get PEM formatted CRL string after signed<br/> 2553 * @name getPEM 2554 * @memberOf KJUR.asn1.x509.CRL# 2555 * @function 2556 * @return PEM formatted string of CRL 2557 * @since jsrsasign 9.1.0 asn1hex 2.1.0 2558 * @description 2559 * This method returns a string of PEM formatted 2560 * CRL. 2561 * @example 2562 * crl = new KJUR.asn1.x509.CRL({...}); 2563 * crl.getPEM() → 2564 * "-----BEGIN X509 CRL-----\r\n..." 2565 */ 2566 this.getPEM = function() { 2567 return hextopem(this.tohex(), "X509 CRL"); 2568 }; 2569 2570 this.tohex = function() { 2571 var params = this.params; 2572 2573 if (params.tbsobj == undefined) { 2574 params.tbsobj = new _TBSCertList(params); 2575 } 2576 2577 if (params.sighex == undefined && params.cakey != undefined) { 2578 this.sign(); 2579 } 2580 2581 if (params.sighex == undefined) { 2582 throw new Error("sighex or cakey parameter not defined"); 2583 } 2584 2585 var a = []; 2586 a.push(params.tbsobj); 2587 a.push(new _AlgorithmIdentifier({name: params.sigalg})); 2588 a.push(new _DERBitString({hex: "00" + params.sighex})); 2589 var seq = new _DERSequence({array: a}); 2590 return seq.tohex(); 2591 }; 2592 this.getEncodedHex = function() { return this.tohex(); }; 2593 2594 if (params != undefined) this.params = params; 2595 }; 2596 extendClass(KJUR.asn1.x509.CRL, KJUR.asn1.ASN1Object); 2597 2598 /** 2599 * ASN.1 TBSCertList ASN.1 structure class for CRL<br/> 2600 * @name KJUR.asn1.x509.TBSCertList 2601 * @class TBSCertList ASN.1 structure class for CRL 2602 * @property {Array} params JSON object of parameters 2603 * @param {Array} params JSON object of TBSCertList parameters 2604 * @extends KJUR.asn1.ASN1Object 2605 * @since 1.0.3 2606 * 2607 * @description 2608 * This class represents TBSCertList of CRL defined in 2609 * <a href="https://tools.ietf.org/html/rfc5280#section-5.1"> 2610 * RFC 5280 5.1</a>. 2611 * <pre> 2612 * TBSCertList ::= SEQUENCE { 2613 * version Version OPTIONAL, 2614 * -- if present, MUST be v2 2615 * signature AlgorithmIdentifier, 2616 * issuer Name, 2617 * thisUpdate Time, 2618 * nextUpdate Time OPTIONAL, 2619 * revokedCertificates SEQUENCE OF SEQUENCE { 2620 * userCertificate CertificateSerialNumber, 2621 * revocationDate Time, 2622 * crlEntryExtensions Extensions OPTIONAL 2623 * -- if present, version MUST be v2 2624 * } OPTIONAL, 2625 * crlExtensions [0] EXPLICIT Extensions OPTIONAL 2626 * } 2627 * </pre> 2628 * NOTE: TBSCertList class is updated without backward 2629 * compatibility from jsrsasign 9.1.0 asn1x509 2.1.0. 2630 * Most of methods are removed and parameters can be set 2631 * by JSON object. 2632 * <br/> 2633 * Constructor of this class may have following parameters: 2634 * <ul> 2635 * <li>{Integer}version (OPTION) - version number. Omitted by default.</li> 2636 * <li>{String}sigalg - signature algorithm name</li> 2637 * <li>{Array}issuer - issuer parameter of {@link KJUR.asn1.x509.X500Name}</li> 2638 * <li>{String}thisupdate - thisUpdate field value</li> 2639 * <li>{String}nextupdate (OPTION) - thisUpdate field value</li> 2640 * <li>{Array}revcert (OPTION) - revokedCertificates field value as array 2641 * Its element may have following property: 2642 * <ul> 2643 * <li>{Array}sn - serialNumber of userCertificate field specified 2644 * by {@link KJUR.asn1.DERInteger}</li> 2645 * <li>{String}date - revocationDate field specified by 2646 * a string of {@link KJUR.asn1.x509.Time} parameter</li> 2647 * <li>{Array}ext (OPTION) - array of CRL entry extension parameter</li> 2648 * </ul> 2649 * </li> 2650 * </ul> 2651 * 2652 * @example 2653 * var o = new KJUR.asn1.x509.TBSCertList({ 2654 * sigalg: "SHA256withRSA", 2655 * issuer: {array: [[{type:'C',value:'JP',ds:'prn'}], 2656 * [{type:'O',value:'T1',ds:'prn'}]]}, 2657 * thisupdate: "200821235959Z", 2658 * nextupdate: "200828235959Z", // OPTION 2659 * revcert: [ 2660 * {sn: {hex: "12ab"}, date: "200401235959Z", ext: [{extname: "cRLReason", code:1}]}, 2661 * {sn: {hex: "12bc"}, date: "200405235959Z", ext: [{extname: "cRLReason", code:2}]} 2662 * ], 2663 * ext: [ 2664 * {extname: "cRLNumber", num: {'int': 8}}, 2665 * {extname: "authorityKeyIdentifier", "kid": {hex: "12ab"}} 2666 * ] 2667 * }); 2668 * o.tohex() → "30..." 2669 */ 2670 KJUR.asn1.x509.TBSCertList = function(params) { 2671 KJUR.asn1.x509.TBSCertList.superclass.constructor.call(this); 2672 var _KJUR = KJUR, 2673 _KJUR_asn1 = _KJUR.asn1, 2674 _DERInteger = _KJUR_asn1.DERInteger, 2675 _DERSequence = _KJUR_asn1.DERSequence, 2676 _DERTaggedObject = _KJUR_asn1.DERTaggedObject, 2677 _DERObjectIdentifier = _KJUR_asn1.DERObjectIdentifier, 2678 _KJUR_asn1_x509 = _KJUR_asn1.x509, 2679 _AlgorithmIdentifier = _KJUR_asn1_x509.AlgorithmIdentifier, 2680 _Time = _KJUR_asn1_x509.Time, 2681 _Extensions = _KJUR_asn1_x509.Extensions, 2682 _X500Name = _KJUR_asn1_x509.X500Name; 2683 this.params = null; 2684 2685 /** 2686 * get array of ASN.1 object for extensions<br/> 2687 * @name setByParam 2688 * @memberOf KJUR.asn1.x509.TBSCertList# 2689 * @function 2690 * @param {Array} JSON object of TBSCertList parameters 2691 * @example 2692 * tbsc = new KJUR.asn1.x509.TBSCertificate(); 2693 * tbsc.setByParam({version:3, serial:{hex:'1234...'},...}); 2694 */ 2695 this.setByParam = function(params) { 2696 this.params = params; 2697 }; 2698 2699 /** 2700 * get DERSequence for revokedCertificates<br/> 2701 * @name getRevCertSequence 2702 * @memberOf KJUR.asn1.x509.TBSCertList# 2703 * @function 2704 * @return {@link KJUR.asn1.DERSequence} of revokedCertificates 2705 */ 2706 this.getRevCertSequence = function() { 2707 var a = []; 2708 var aRevCert = this.params.revcert; 2709 for (var i = 0; i < aRevCert.length; i++) { 2710 var aEntry = [ 2711 new _DERInteger(aRevCert[i].sn), 2712 new _Time(aRevCert[i].date) 2713 ]; 2714 if (aRevCert[i].ext != undefined) { 2715 aEntry.push(new _Extensions(aRevCert[i].ext)); 2716 } 2717 a.push(new _DERSequence({array: aEntry})); 2718 } 2719 return new _DERSequence({array: a}); 2720 }; 2721 2722 this.tohex = function() { 2723 var a = []; 2724 var params = this.params; 2725 2726 if (params.version != undefined) { 2727 var version = params.version - 1; 2728 var obj = new _DERInteger({'int': version}); 2729 a.push(obj); 2730 } 2731 2732 a.push(new _AlgorithmIdentifier({name: params.sigalg})); 2733 a.push(new _X500Name(params.issuer)); 2734 a.push(new _Time(params.thisupdate)); 2735 if (params.nextupdate != undefined) 2736 a.push(new _Time(params.nextupdate)) 2737 if (params.revcert != undefined) { 2738 a.push(this.getRevCertSequence()); 2739 } 2740 if (params.ext != undefined) { 2741 var dExt = new _Extensions(params.ext); 2742 a.push(new _DERTaggedObject({tag:'a0', 2743 explicit:true, 2744 obj:dExt})); 2745 } 2746 2747 var seq = new _DERSequence({array: a}); 2748 return seq.tohex(); 2749 }; 2750 this.getEncodedHex = function() { return this.tohex(); }; 2751 2752 if (params !== undefined) this.setByParam(params); 2753 }; 2754 extendClass(KJUR.asn1.x509.TBSCertList, KJUR.asn1.ASN1Object); 2755 2756 /** 2757 * ASN.1 CRLEntry structure class for CRL (DEPRECATED)<br/> 2758 * @name KJUR.asn1.x509.CRLEntry 2759 * @class ASN.1 CRLEntry structure class for CRL 2760 * @param {Array} params JSON object for CRL entry parameter 2761 * @extends KJUR.asn1.ASN1Object 2762 * @since 1.0.3 2763 * @see KJUR.asn1.x509.TBSCertList 2764 * @deprecated since jsrsasign 9.1.0 asn1x509 2.1.0 2765 * @description 2766 * This class is to represent revokedCertificate in TBSCertList. 2767 * However this is no more used by TBSCertList since 2768 * jsrsasign 9.1.0. So this class have been deprecated in 2769 * jsrsasign 9.1.0. 2770 * <pre> 2771 * revokedCertificates SEQUENCE OF SEQUENCE { 2772 * userCertificate CertificateSerialNumber, 2773 * revocationDate Time, 2774 * crlEntryExtensions Extensions OPTIONAL 2775 * -- if present, version MUST be v2 } 2776 * </pre> 2777 * @example 2778 * var e = new KJUR.asn1.x509.CRLEntry({'time': {'str': '130514235959Z'}, 'sn': {'int': 234}}); 2779 */ 2780 KJUR.asn1.x509.CRLEntry = function(params) { 2781 KJUR.asn1.x509.CRLEntry.superclass.constructor.call(this); 2782 var sn = null, 2783 time = null, 2784 _KJUR = KJUR, 2785 _KJUR_asn1 = _KJUR.asn1; 2786 2787 /** 2788 * set DERInteger parameter for serial number of revoked certificate 2789 * @name setCertSerial 2790 * @memberOf KJUR.asn1.x509.CRLEntry 2791 * @function 2792 * @param {Array} intParam DERInteger parameter for certificate serial number 2793 * @description 2794 * @example 2795 * entry.setCertSerial({'int': 3}); 2796 */ 2797 this.setCertSerial = function(intParam) { 2798 this.sn = new _KJUR_asn1.DERInteger(intParam); 2799 }; 2800 2801 /** 2802 * set Time parameter for revocation date 2803 * @name setRevocationDate 2804 * @memberOf KJUR.asn1.x509.CRLEntry 2805 * @function 2806 * @param {Array} timeParam Time parameter for revocation date 2807 * @description 2808 * @example 2809 * entry.setRevocationDate({'str': '130508235959Z'}); 2810 */ 2811 this.setRevocationDate = function(timeParam) { 2812 this.time = new _KJUR_asn1.x509.Time(timeParam); 2813 }; 2814 2815 this.tohex = function() { 2816 var o = new _KJUR_asn1.DERSequence({"array": [this.sn, this.time]}); 2817 this.TLV = o.tohex(); 2818 return this.TLV; 2819 }; 2820 this.getEncodedHex = function() { return this.tohex(); }; 2821 2822 if (params !== undefined) { 2823 if (params.time !== undefined) { 2824 this.setRevocationDate(params.time); 2825 } 2826 if (params.sn !== undefined) { 2827 this.setCertSerial(params.sn); 2828 } 2829 } 2830 }; 2831 extendClass(KJUR.asn1.x509.CRLEntry, KJUR.asn1.ASN1Object); 2832 2833 /** 2834 * CRLNumber CRL extension ASN.1 structure class<br/> 2835 * @name KJUR.asn1.x509.CRLNumber 2836 * @class CRLNumber CRL extension ASN.1 structure class 2837 * @extends KJUR.asn1.x509.Extension 2838 * @since jsrsasign 9.1.0 asn1x509 2.1.0 2839 * @see KJUR.asn1.x509.TBSCertList 2840 * @see KJUR.asn1.x509.Extensions 2841 * @description 2842 * This class represents ASN.1 structure for 2843 * CRLNumber CRL extension defined in 2844 * <a href="https://tools.ietf.org/html/rfc5280#section-5.2.3"> 2845 * RFC 5280 5.2.3</a>. 2846 * <pre> 2847 * id-ce-cRLNumber OBJECT IDENTIFIER ::= { id-ce 20 } 2848 * CRLNumber ::= INTEGER (0..MAX) 2849 * </pre> 2850 * Constructor of this class may have following parameters: 2851 * <ul> 2852 * <li>{String}extname - name "cRLNumber". It is ignored in this class but 2853 * required to use with {@link KJUR.asn1.x509.Extensions} class. (OPTION)</li> 2854 * <li>{Object}num - CRLNumber value to specify 2855 * {@link KJUR.asn1.DERInteger} parameter.</li> 2856 * <li>{Boolean}critical - critical flag. Generally false and not specified 2857 * in this class.(OPTION)</li> 2858 * </ul> 2859 * 2860 * @example 2861 * new KJUR.asn1.x509.CRLNumber({extname:'cRLNumber', 2862 * num:{'int':147}}) 2863 */ 2864 KJUR.asn1.x509.CRLNumber = function(params) { 2865 KJUR.asn1.x509.CRLNumber.superclass.constructor.call(this, params); 2866 this.params = undefined; 2867 2868 this.getExtnValueHex = function() { 2869 this.asn1ExtnValue = new KJUR.asn1.DERInteger(this.params.num); 2870 return this.asn1ExtnValue.tohex(); 2871 }; 2872 2873 this.oid = "2.5.29.20"; 2874 if (params != undefined) this.params = params; 2875 }; 2876 extendClass(KJUR.asn1.x509.CRLNumber, KJUR.asn1.x509.Extension); 2877 2878 /** 2879 * CRLReason CRL entry extension ASN.1 structure class<br/> 2880 * @name KJUR.asn1.x509.CRLReason 2881 * @class CRLReason CRL entry extension ASN.1 structure class 2882 * @extends KJUR.asn1.x509.Extension 2883 * @since jsrsasign 9.1.0 asn1x509 2.1.0 2884 * @see KJUR.asn1.x509.TBSCertList 2885 * @see KJUR.asn1.x509.Extensions 2886 * @description 2887 * This class represents ASN.1 structure for 2888 * CRLReason CRL entry extension defined in 2889 * <a href="https://tools.ietf.org/html/rfc5280#section-5.3.1"> 2890 * RFC 5280 5.3.1</a> 2891 * <pre> 2892 * id-ce-cRLReasons OBJECT IDENTIFIER ::= { id-ce 21 } 2893 * -- reasonCode ::= { CRLReason } 2894 * CRLReason ::= ENUMERATED { 2895 * unspecified (0), 2896 * keyCompromise (1), 2897 * cACompromise (2), 2898 * affiliationChanged (3), 2899 * superseded (4), 2900 * cessationOfOperation (5), 2901 * certificateHold (6), 2902 * removeFromCRL (8), 2903 * privilegeWithdrawn (9), 2904 * aACompromise (10) } 2905 * </pre> 2906 * Constructor of this class may have following parameters: 2907 * <ul> 2908 * <li>{String}extname - name "cRLReason". It is ignored in this class but 2909 * required to use with {@link KJUR.asn1.x509.Extensions} class. (OPTION)</li> 2910 * <li>{Integer}code - reasonCode value</li> 2911 * <li>{Boolean}critical - critical flag. Generally false and not specified 2912 * in this class.(OPTION)</li> 2913 * </ul> 2914 * 2915 * @example 2916 * new KJUR.asn1.x509.CRLReason({extname:'cRLReason',code:4}) 2917 */ 2918 KJUR.asn1.x509.CRLReason = function(params) { 2919 KJUR.asn1.x509.CRLReason.superclass.constructor.call(this, params); 2920 this.params = undefined; 2921 2922 this.getExtnValueHex = function() { 2923 this.asn1ExtnValue = new KJUR.asn1.DEREnumerated(this.params.code); 2924 return this.asn1ExtnValue.tohex(); 2925 }; 2926 2927 this.oid = "2.5.29.21"; 2928 if (params != undefined) this.params = params; 2929 }; 2930 extendClass(KJUR.asn1.x509.CRLReason, KJUR.asn1.x509.Extension); 2931 2932 // === END CRL Related =================================================== 2933 2934 // === BEGIN OCSP Related =================================================== 2935 /** 2936 * Nonce OCSP extension ASN.1 structure class<br/> 2937 * @name KJUR.asn1.x509.OCSPNonce 2938 * @class Nonce OCSP extension ASN.1 structure class 2939 * @extends KJUR.asn1.x509.Extension 2940 * @since jsrsasign 9.1.6 asn1x509 2.1.2 2941 * @param {Array} params JSON object for Nonce extension 2942 * @see KJUR.asn1.ocsp.ResponseData 2943 * @see KJUR.asn1.x509.Extensions 2944 * @see X509#getExtOCSPNonce 2945 * @description 2946 * This class represents 2947 * Nonce OCSP extension value defined in 2948 * <a href="https://tools.ietf.org/html/rfc6960#section-4.4.1"> 2949 * RFC 6960 4.4.1</a> as JSON object. 2950 * <pre> 2951 * id-pkix-ocsp OBJECT IDENTIFIER ::= { id-ad-ocsp } 2952 * id-pkix-ocsp-nonce OBJECT IDENTIFIER ::= { id-pkix-ocsp 2 } 2953 * Nonce ::= OCTET STRING 2954 * </pre> 2955 * Constructor of this class may have following parameters: 2956 * <ul> 2957 * <li>{String}extname - name "ocspNonce". It is ignored in this class but 2958 * required to use with {@link KJUR.asn1.x509.Extensions} class. (OPTION)</li> 2959 * <li>{String}hex - hexadecimal string of nonce value</li> 2960 * <li>{Number}int - integer of nonce value. "hex" or "int" needs to be 2961 * specified.</li> 2962 * <li>{Boolean}critical - critical flag. Generally false and not specified 2963 * in this class.(OPTION)</li> 2964 * </ul> 2965 * 2966 * @example 2967 * new KJUR.asn1.x509.OCSPNonce({extname:'ocspNonce', 2968 * hex: '12ab...'}) 2969 */ 2970 KJUR.asn1.x509.OCSPNonce = function(params) { 2971 KJUR.asn1.x509.OCSPNonce.superclass.constructor.call(this, params); 2972 this.params = undefined; 2973 2974 this.getExtnValueHex = function() { 2975 this.asn1ExtnValue = new KJUR.asn1.DEROctetString(this.params); 2976 return this.asn1ExtnValue.tohex(); 2977 }; 2978 2979 this.oid = "1.3.6.1.5.5.7.48.1.2"; 2980 if (params != undefined) this.params = params; 2981 }; 2982 extendClass(KJUR.asn1.x509.OCSPNonce, KJUR.asn1.x509.Extension); 2983 2984 /** 2985 * OCSPNoCheck certificate ASN.1 structure class<br/> 2986 * @name KJUR.asn1.x509.OCSPNoCheck 2987 * @class OCSPNoCheck extension ASN.1 structure class 2988 * @extends KJUR.asn1.x509.Extension 2989 * @since jsrsasign 9.1.6 asn1x509 2.1.2 2990 * @param {Array} params JSON object for OCSPNoCheck extension 2991 * @see KJUR.asn1.x509.Extensions 2992 * @see X509#getExtOCSPNoCheck 2993 * @description 2994 * This class represents 2995 * OCSPNoCheck extension value defined in 2996 * <a href="https://tools.ietf.org/html/rfc6960#section-4.2.2.2.1"> 2997 * RFC 6960 4.2.2.2.1</a> as JSON object. 2998 * <pre> 2999 * id-pkix-ocsp-nocheck OBJECT IDENTIFIER ::= { id-pkix-ocsp 5 } 3000 * </pre> 3001 * Constructor of this class may have following parameters: 3002 * <ul> 3003 * <li>{String}extname - name "ocspNoCheck". It is ignored in this class but 3004 * required to use with {@link KJUR.asn1.x509.Extensions} class. (OPTION)</li> 3005 * <li>{Boolean}critical - critical flag. Generally false and not specified 3006 * in this class.(OPTION)</li> 3007 * </ul> 3008 * 3009 * @example 3010 * new KJUR.asn1.x509.OCSPNonce({extname:'ocspNoCheck'}) 3011 */ 3012 KJUR.asn1.x509.OCSPNoCheck = function(params) { 3013 KJUR.asn1.x509.OCSPNoCheck.superclass.constructor.call(this, params); 3014 this.params = undefined; 3015 3016 this.getExtnValueHex = function() { 3017 this.asn1ExtnValue = new KJUR.asn1.DERNull(); 3018 return this.asn1ExtnValue.tohex(); 3019 }; 3020 3021 this.oid = "1.3.6.1.5.5.7.48.1.5"; 3022 if (params != undefined) this.params = params; 3023 }; 3024 extendClass(KJUR.asn1.x509.OCSPNoCheck, KJUR.asn1.x509.Extension); 3025 3026 // === END OCSP Related =================================================== 3027 3028 // === BEGIN Other X.509v3 Extensions======================================== 3029 3030 /** 3031 * AdobeTimeStamp X.509v3 extension ASN.1 encoder class<br/> 3032 * @name KJUR.asn1.x509.AdobeTimeStamp 3033 * @class AdobeTimeStamp X.509v3 extension ASN.1 encoder class 3034 * @extends KJUR.asn1.x509.Extension 3035 * @since jsrsasign 10.0.1 asn1x509 2.1.4 3036 * @param {Array} params JSON object for AdobeTimeStamp extension parameter 3037 * @see KJUR.asn1.x509.Extensions 3038 * @see X509#getExtAdobeTimeStamp 3039 * @description 3040 * This class represents 3041 * AdobeTimeStamp X.509v3 extension value defined in 3042 * <a href="https://www.adobe.com/devnet-docs/acrobatetk/tools/DigSigDC/oids.html"> 3043 * Adobe site</a> as JSON object. 3044 * <pre> 3045 * adbe- OBJECT IDENTIFIER ::= { adbe(1.2.840.113583) acrobat(1) security(1) x509Ext(9) 1 } 3046 * ::= SEQUENCE { 3047 * version INTEGER { v1(1) }, -- extension version 3048 * location GeneralName (In v1 GeneralName can be only uniformResourceIdentifier) 3049 * requiresAuth boolean (default false), OPTIONAL } 3050 * </pre> 3051 * Constructor of this class may have following parameters: 3052 * <ul> 3053 * <li>{String}uri - RFC 3161 time stamp service URL</li> 3054 * <li>{Boolean}reqauth - authentication required or not</li> 3055 * </ul> 3056 * </pre> 3057 * <br/> 3058 * NOTE: This extesion doesn't seem to have official name. This may be called as "pdfTimeStamp". 3059 * @example 3060 * new KJUR.asn1.x509.AdobeTimesStamp({ 3061 * uri: "http://tsa.example.com/", 3062 * reqauth: true 3063 * } 3064 */ 3065 KJUR.asn1.x509.AdobeTimeStamp = function(params) { 3066 KJUR.asn1.x509.AdobeTimeStamp.superclass.constructor.call(this, params); 3067 3068 var _KJUR = KJUR, 3069 _KJUR_asn1 = _KJUR.asn1, 3070 _DERInteger = _KJUR_asn1.DERInteger, 3071 _DERBoolean = _KJUR_asn1.DERBoolean, 3072 _DERSequence = _KJUR_asn1.DERSequence, 3073 _GeneralName = _KJUR_asn1.x509.GeneralName; 3074 3075 this.params = null; 3076 3077 this.getExtnValueHex = function() { 3078 var params = this.params; 3079 var a = [new _DERInteger(1)]; 3080 a.push(new _GeneralName({uri: params.uri})); 3081 if (params.reqauth != undefined) { 3082 a.push(new _DERBoolean(params.reqauth)); 3083 } 3084 3085 this.asn1ExtnValue = new _DERSequence({array: a}); 3086 return this.asn1ExtnValue.tohex(); 3087 }; 3088 3089 this.oid = "1.2.840.113583.1.1.9.1"; 3090 if (params !== undefined) this.setByParam(params); 3091 }; 3092 extendClass(KJUR.asn1.x509.AdobeTimeStamp, KJUR.asn1.x509.Extension); 3093 3094 // === END Other X.509v3 Extensions======================================== 3095 3096 3097 // === BEGIN X500Name Related ================================================= 3098 /** 3099 * X500Name ASN.1 structure class 3100 * @name KJUR.asn1.x509.X500Name 3101 * @class X500Name ASN.1 structure class 3102 * @param {Array} params associative array of parameters (ex. {'str': '/C=US/O=a'}) 3103 * @extends KJUR.asn1.ASN1Object 3104 * @see KJUR.asn1.x509.X500Name 3105 * @see KJUR.asn1.x509.RDN 3106 * @see KJUR.asn1.x509.AttributeTypeAndValue 3107 * @see X509#getX500Name 3108 * @description 3109 * This class provides DistinguishedName ASN.1 class structure 3110 * defined in <a href="https://tools.ietf.org/html/rfc2253#section-2">RFC 2253 section 2</a>. 3111 * <blockquote><pre> 3112 * DistinguishedName ::= RDNSequence 3113 * RDNSequence ::= SEQUENCE OF RelativeDistinguishedName 3114 * RelativeDistinguishedName ::= SET SIZE (1..MAX) OF 3115 * AttributeTypeAndValue 3116 * AttributeTypeAndValue ::= SEQUENCE { 3117 * type AttributeType, 3118 * value AttributeValue } 3119 * </pre></blockquote> 3120 * <br/> 3121 * Argument for the constructor can be one of following parameters: 3122 * <ul> 3123 * <li>{Array}array - array of {@link KJUR.asn1.x509.RDN} parameter</li> 3124 * <li>`String}str - string for distingish name in OpenSSL One line foramt (ex: /C=US/O=test/CN=test) See <a href="https://github.com/kjur/jsrsasign/wiki/NOTE-distinguished-name-representation-in-jsrsasign">this</a> in detail.</li> 3125 * <li>{String}ldapstr - string for distinguish name in LDAP format (ex: CN=test,O=test,C=US)</li> 3126 * <li>{String}hex - hexadecimal string for ASN.1 distinguish name structure</li> 3127 * <li>{String}certissuer - issuer name in the specified PEM certificate</li> 3128 * <li>{String}certsubject - subject name in the specified PEM certificate</li> 3129 * <li>{String}rule - DirectoryString rule (ex. "prn" or "utf8")</li> 3130 * </ul> 3131 * <br/> 3132 * NOTE1: The "array" and "rule" parameters have been supported 3133 * since jsrsasign 9.0.0 asn1x509 2.0.0. 3134 * <br/> 3135 * NOTE2: Multi-valued RDN in "str" parameter have been 3136 * supported since jsrsasign 6.2.1 asn1x509 1.0.17. 3137 * @example 3138 * // 1. construct with array 3139 * new KJUR.asn1.x509.X500Name({array:[ 3140 * [{type:'C',value:'JP',ds:'prn'}], 3141 * [{type:'O',value:'aaa',ds:'utf8'}, // multi-valued RDN 3142 * {type:'CN',value:'bob@example.com',ds:'ia5'}] 3143 * ]}) 3144 * // 2. construct with string 3145 * new KJUR.asn1.x509.X500Name({str: "/C=US/ST=NY/L=Ballston Spa/STREET=915 Stillwater Ave"}); 3146 * new KJUR.asn1.x509.X500Name({str: "/CN=AAA/2.5.4.42=John/surname=Ray"}); 3147 * new KJUR.asn1.x509.X500Name({str: "/C=US/O=aaa+CN=contact@example.com"}); // multi valued 3148 * // 3. construct by LDAP string 3149 * new KJUR.asn1.x509.X500Name({ldapstr: "CN=foo@example.com,OU=bbb,C=US"}); 3150 * // 4. construct by ASN.1 hex string 3151 * new KJUR.asn1.x509.X500Name({hex: "304c3120..."}); 3152 * // 5. construct by issuer of PEM certificate 3153 * new KJUR.asn1.x509.X500Name({certsubject: "-----BEGIN CERT..."}); 3154 * // 6. construct by subject of PEM certificate 3155 * new KJUR.asn1.x509.X500Name({certissuer: "-----BEGIN CERT..."}); 3156 * // 7. construct by object (DEPRECATED) 3157 * new KJUR.asn1.x509.X500Name({C:"US",O:"aaa",CN:"http://example.com/"}); 3158 */ 3159 KJUR.asn1.x509.X500Name = function(params) { 3160 KJUR.asn1.x509.X500Name.superclass.constructor.call(this); 3161 this.asn1Array = []; 3162 this.paramArray = []; 3163 this.sRule = "utf8"; 3164 var _KJUR = KJUR, 3165 _KJUR_asn1 = _KJUR.asn1, 3166 _KJUR_asn1_x509 = _KJUR_asn1.x509, 3167 _RDN = _KJUR_asn1_x509.RDN, 3168 _pemtohex = pemtohex; 3169 3170 /** 3171 * set DN by OpenSSL oneline distinguished name string<br/> 3172 * @name setByString 3173 * @memberOf KJUR.asn1.x509.X500Name# 3174 * @function 3175 * @param {String} dnStr distinguished name by string (ex. /C=US/O=aaa) 3176 * @description 3177 * Sets distinguished name by string. 3178 * dnStr must be formatted as 3179 * "/type0=value0/type1=value1/type2=value2...". 3180 * No need to escape a slash in an attribute value. 3181 * @example 3182 * name = new KJUR.asn1.x509.X500Name(); 3183 * name.setByString("/C=US/O=aaa/OU=bbb/CN=foo@example.com"); 3184 * // no need to escape slash in an attribute value 3185 * name.setByString("/C=US/O=aaa/CN=1980/12/31"); 3186 */ 3187 this.setByString = function(dnStr, sRule) { 3188 if (sRule !== undefined) this.sRule = sRule; 3189 var a = dnStr.split('/'); 3190 a.shift(); 3191 3192 var a1 = []; 3193 for (var i = 0; i < a.length; i++) { 3194 if (a[i].match(/^[^=]+=.+$/)) { 3195 a1.push(a[i]); 3196 } else { 3197 var lastidx = a1.length - 1; 3198 a1[lastidx] = a1[lastidx] + "/" + a[i]; 3199 } 3200 } 3201 3202 for (var i = 0; i < a1.length; i++) { 3203 this.asn1Array.push(new _RDN({'str':a1[i], rule:this.sRule})); 3204 } 3205 }; 3206 3207 /** 3208 * set DN by LDAP(RFC 2253) distinguished name string<br/> 3209 * @name setByLdapString 3210 * @memberOf KJUR.asn1.x509.X500Name# 3211 * @function 3212 * @param {String} dnStr distinguished name by LDAP string (ex. O=aaa,C=US) 3213 * @since jsrsasign 6.2.2 asn1x509 1.0.18 3214 * @see {@link KJUR.asn1.x509.X500Name.ldapToCompat} 3215 * @description 3216 * @example 3217 * name = new KJUR.asn1.x509.X500Name(); 3218 * name.setByLdapString("CN=foo@example.com,OU=bbb,O=aaa,C=US"); 3219 */ 3220 this.setByLdapString = function(dnStr, sRule) { 3221 if (sRule !== undefined) this.sRule = sRule; 3222 var compat = _KJUR_asn1_x509.X500Name.ldapToCompat(dnStr); 3223 this.setByString(compat, sRule); 3224 }; 3225 3226 /** 3227 * set DN by associative array<br/> 3228 * @name setByObject 3229 * @memberOf KJUR.asn1.x509.X500Name# 3230 * @function 3231 * @param {Array} dnObj associative array of DN (ex. {C: "US", O: "aaa"}) 3232 * @since jsrsasign 4.9. asn1x509 1.0.13 3233 * @description 3234 * @example 3235 * name = new KJUR.asn1.x509.X500Name(); 3236 * name.setByObject({C: "US", O: "aaa", CN="http://example.com/"1}); 3237 */ 3238 this.setByObject = function(dnObj, sRule) { 3239 if (sRule !== undefined) this.sRule = sRule; 3240 3241 // Get all the dnObject attributes and stuff them in the ASN.1 array. 3242 for (var x in dnObj) { 3243 if (dnObj.hasOwnProperty(x)) { 3244 var newRDN = new _RDN({str: x + '=' + dnObj[x], rule: this.sRule}); 3245 // Initialize or push into the ANS1 array. 3246 this.asn1Array ? this.asn1Array.push(newRDN) 3247 : this.asn1Array = [newRDN]; 3248 } 3249 } 3250 }; 3251 3252 this.setByParam = function(params) { 3253 if (params.rule !== undefined) this.sRule = params.rule; 3254 3255 if (params.array !== undefined) { 3256 this.paramArray = params.array; 3257 } else { 3258 if (params.str !== undefined) { 3259 this.setByString(params.str); 3260 } else if (params.ldapstr !== undefined) { 3261 this.setByLdapString(params.ldapstr); 3262 } else if (params.hex !== undefined) { 3263 this.hTLV = params.hex; 3264 } else if (params.certissuer !== undefined) { 3265 var x = new X509(); 3266 x.readCertPEM(params.certissuer); 3267 this.hTLV = x.getIssuerHex(); 3268 } else if (params.certsubject !== undefined) { 3269 var x = new X509(); 3270 x.readCertPEM(params.certsubject); 3271 this.hTLV = x.getSubjectHex(); 3272 // If params is an object, then set the ASN1 array 3273 // just using the object attributes. 3274 // This is nice for fields that have lots of special 3275 // characters (i.e. CN: 'https://www.github.com/kjur//'). 3276 } else if (typeof params === "object" && 3277 params.certsubject === undefined && 3278 params.certissuer === undefined) { 3279 this.setByObject(params); 3280 } 3281 } 3282 } 3283 3284 this.tohex = function() { 3285 if (typeof this.hTLV == "string") return this.hTLV; 3286 3287 if (this.asn1Array.length == 0 && this.paramArray.length > 0) { 3288 for (var i = 0; i < this.paramArray.length; i++) { 3289 var param = {array: this.paramArray[i]}; 3290 if (this.sRule != "utf8") param.rule = this.sRule; 3291 var asn1RDN = new _RDN(param); 3292 this.asn1Array.push(asn1RDN); 3293 } 3294 } 3295 3296 var o = new _KJUR_asn1.DERSequence({"array": this.asn1Array}); 3297 this.hTLV = o.tohex(); 3298 return this.hTLV; 3299 }; 3300 this.getEncodedHex = function() { return this.tohex(); }; 3301 3302 if (params !== undefined) this.setByParam(params); 3303 }; 3304 extendClass(KJUR.asn1.x509.X500Name, KJUR.asn1.ASN1Object); 3305 3306 /** 3307 * convert OpenSSL compat distinguished name format string to LDAP(RFC 2253) format<br/> 3308 * @name compatToLDAP 3309 * @memberOf KJUR.asn1.x509.X500Name 3310 * @function 3311 * @param {String} s distinguished name string in OpenSSL oneline compat (ex. /C=US/O=test) 3312 * @return {String} distinguished name string in LDAP(RFC 2253) format (ex. O=test,C=US) 3313 * @since jsrsasign 8.0.19 asn1x509 1.1.20 3314 * @description 3315 * This static method converts a distinguished name string in OpenSSL compat 3316 * format to LDAP(RFC 2253) format. 3317 * @see <a href="https://github.com/kjur/jsrsasign/wiki/NOTE-distinguished-name-representation-in-jsrsasign">jsrsasign wiki: distinguished name string difference between OpenSSL compat and LDAP(RFC 2253)</a> 3318 * @see <a href="https://www.openssl.org/docs/man1.0.2/man1/openssl-x509.html#NAME-OPTIONS">OpenSSL x509 command manual - NAME OPTIONS</a> 3319 * @example 3320 * KJUR.asn1.x509.X500Name.compatToLDAP("/C=US/O=test") → 'O=test,C=US' 3321 * KJUR.asn1.x509.X500Name.compatToLDAP("/C=US/O=a,a") → 'O=a\,a,C=US' 3322 */ 3323 KJUR.asn1.x509.X500Name.compatToLDAP = function(s) { 3324 if (s.substr(0, 1) !== "/") throw "malformed input"; 3325 3326 var result = ""; 3327 s = s.substr(1); 3328 3329 var a = s.split("/"); 3330 a.reverse(); 3331 a = a.map(function(s) {return s.replace(/,/, "\\,")}); 3332 3333 return a.join(","); 3334 }; 3335 3336 /** 3337 * convert OpenSSL compat distinguished name format string to LDAP(RFC 2253) format (DEPRECATED)<br/> 3338 * @name onelineToLDAP 3339 * @memberOf KJUR.asn1.x509.X500Name 3340 * @function 3341 * @param {String} s distinguished name string in OpenSSL compat format (ex. /C=US/O=test) 3342 * @return {String} distinguished name string in LDAP(RFC 2253) format (ex. O=test,C=US) 3343 * @since jsrsasign 6.2.2 asn1x509 1.0.18 3344 * @see KJUR.asn1.x509.X500Name.compatToLDAP 3345 * @description 3346 * This method is deprecated. Please use 3347 * {@link KJUR.asn1.x509.X500Name.compatToLDAP} instead. 3348 */ 3349 KJUR.asn1.x509.X500Name.onelineToLDAP = function(s) { 3350 return KJUR.asn1.x509.X500Name.compatToLDAP(s); 3351 } 3352 3353 /** 3354 * convert LDAP(RFC 2253) distinguished name format string to OpenSSL compat format<br/> 3355 * @name ldapToCompat 3356 * @memberOf KJUR.asn1.x509.X500Name 3357 * @function 3358 * @param {String} s distinguished name string in LDAP(RFC 2253) format (ex. O=test,C=US) 3359 * @return {String} distinguished name string in OpenSSL compat format (ex. /C=US/O=test) 3360 * @since jsrsasign 8.0.19 asn1x509 1.1.10 3361 * @description 3362 * This static method converts a distinguished name string in 3363 * LDAP(RFC 2253) format to OpenSSL compat format. 3364 * @see <a href="https://github.com/kjur/jsrsasign/wiki/NOTE-distinguished-name-representation-in-jsrsasign">jsrsasign wiki: distinguished name string difference between OpenSSL compat and LDAP(RFC 2253)</a> 3365 * @example 3366 * KJUR.asn1.x509.X500Name.ldapToCompat('O=test,C=US') → '/C=US/O=test' 3367 * KJUR.asn1.x509.X500Name.ldapToCompat('O=a\,a,C=US') → '/C=US/O=a,a' 3368 * KJUR.asn1.x509.X500Name.ldapToCompat('O=a/a,C=US') → '/C=US/O=a\/a' 3369 */ 3370 KJUR.asn1.x509.X500Name.ldapToCompat = function(s) { 3371 var a = s.split(","); 3372 3373 // join \, 3374 var isBSbefore = false; 3375 var a2 = []; 3376 for (var i = 0; a.length > 0; i++) { 3377 var item = a.shift(); 3378 //console.log("item=" + item); 3379 3380 if (isBSbefore === true) { 3381 var a2last = a2.pop(); 3382 var newitem = (a2last + "," + item).replace(/\\,/g, ","); 3383 a2.push(newitem); 3384 isBSbefore = false; 3385 } else { 3386 a2.push(item); 3387 } 3388 3389 if (item.substr(-1, 1) === "\\") isBSbefore = true; 3390 } 3391 3392 a2 = a2.map(function(s) {return s.replace("/", "\\/")}); 3393 a2.reverse(); 3394 return "/" + a2.join("/"); 3395 }; 3396 3397 /** 3398 * convert LDAP(RFC 2253) distinguished name format string to OpenSSL compat format (DEPRECATED)<br/> 3399 * @name ldapToOneline 3400 * @memberOf KJUR.asn1.x509.X500Name 3401 * @function 3402 * @param {String} s distinguished name string in LDAP(RFC 2253) format (ex. O=test,C=US) 3403 * @return {String} distinguished name string in OpenSSL compat format (ex. /C=US/O=test) 3404 * @since jsrsasign 6.2.2 asn1x509 1.0.18 3405 * @description 3406 * This method is deprecated. Please use 3407 * {@link KJUR.asn1.x509.X500Name.ldapToCompat} instead. 3408 */ 3409 KJUR.asn1.x509.X500Name.ldapToOneline = function(s) { 3410 return KJUR.asn1.x509.X500Name.ldapToCompat(s); 3411 }; 3412 3413 /** 3414 * RDN (Relative Distinguished Name) ASN.1 structure class 3415 * @name KJUR.asn1.x509.RDN 3416 * @class RDN (Relative Distinguished Name) ASN.1 structure class 3417 * @param {Array} params associative array of parameters (ex. {'str': 'C=US'}) 3418 * @extends KJUR.asn1.ASN1Object 3419 * @see KJUR.asn1.x509.X500Name 3420 * @see KJUR.asn1.x509.RDN 3421 * @see KJUR.asn1.x509.AttributeTypeAndValue 3422 * @description 3423 * This class provides RelativeDistinguishedName ASN.1 class structure 3424 * defined in <a href="https://tools.ietf.org/html/rfc2253#section-2">RFC 2253 section 2</a>. 3425 * <blockquote><pre> 3426 * RelativeDistinguishedName ::= SET SIZE (1..MAX) OF 3427 * AttributeTypeAndValue 3428 * 3429 * AttributeTypeAndValue ::= SEQUENCE { 3430 * type AttributeType, 3431 * value AttributeValue } 3432 * </pre></blockquote> 3433 * <br/> 3434 * NOTE1: The "array" and "rule" parameters have been supported 3435 * since jsrsasign 9.0.0 asn1x509 2.0.0. 3436 * <br/> 3437 * NOTE2: Multi-valued RDN in "str" parameter have been 3438 * supported since jsrsasign 6.2.1 asn1x509 1.0.17. 3439 * @example 3440 * new KJUR.asn1.x509.RDN({array: [ // multi-valued 3441 * {type:"CN",value:"Bob",ds:"prn"}, 3442 * {type:"CN",value:"bob@example.com", ds:"ia5"} 3443 * ]}); 3444 * new KJUR.asn1.x509.RDN({str: "CN=test"}); 3445 * new KJUR.asn1.x509.RDN({str: "O=a+O=bb+O=c"}); // multi-valued 3446 * new KJUR.asn1.x509.RDN({str: "O=a+O=b\\+b+O=c"}); // plus escaped 3447 * new KJUR.asn1.x509.RDN({str: "O=a+O=\"b+b\"+O=c"}); // double quoted 3448 */ 3449 KJUR.asn1.x509.RDN = function(params) { 3450 KJUR.asn1.x509.RDN.superclass.constructor.call(this); 3451 this.asn1Array = []; 3452 this.paramArray = []; 3453 this.sRule = "utf8"; // DEFAULT "utf8" 3454 var _AttributeTypeAndValue = KJUR.asn1.x509.AttributeTypeAndValue; 3455 3456 this.setByParam = function(params) { 3457 if (params.rule !== undefined) this.sRule = params.rule; 3458 if (params.str !== undefined) { 3459 this.addByMultiValuedString(params.str); 3460 } 3461 if (params.array !== undefined) this.paramArray = params.array; 3462 }; 3463 3464 /** 3465 * add one AttributeTypeAndValue by string<br/> 3466 * @name addByString 3467 * @memberOf KJUR.asn1.x509.RDN# 3468 * @function 3469 * @param {String} s string of AttributeTypeAndValue 3470 * @return {Object} unspecified 3471 * @description 3472 * This method add one AttributeTypeAndValue to RDN object. 3473 * @example 3474 * rdn = new KJUR.asn1.x509.RDN(); 3475 * rdn.addByString("CN=john"); 3476 * rdn.addByString("serialNumber=1234"); // for multi-valued RDN 3477 */ 3478 this.addByString = function(s) { 3479 this.asn1Array.push(new KJUR.asn1.x509.AttributeTypeAndValue({'str': s, rule: this.sRule})); 3480 }; 3481 3482 /** 3483 * add one AttributeTypeAndValue by multi-valued string<br/> 3484 * @name addByMultiValuedString 3485 * @memberOf KJUR.asn1.x509.RDN# 3486 * @function 3487 * @param {String} s string of multi-valued RDN 3488 * @return {Object} unspecified 3489 * @since jsrsasign 6.2.1 asn1x509 1.0.17 3490 * @description 3491 * This method add multi-valued RDN to RDN object. 3492 * @example 3493 * rdn = new KJUR.asn1.x509.RDN(); 3494 * rdn.addByMultiValuedString("CN=john+O=test"); 3495 * rdn.addByMultiValuedString("O=a+O=b\+b\+b+O=c"); // multi-valued RDN with quoted plus 3496 * rdn.addByMultiValuedString("O=a+O=\"b+b+b\"+O=c"); // multi-valued RDN with quoted quotation 3497 */ 3498 this.addByMultiValuedString = function(s) { 3499 var a = KJUR.asn1.x509.RDN.parseString(s); 3500 for (var i = 0; i < a.length; i++) { 3501 this.addByString(a[i]); 3502 } 3503 }; 3504 3505 this.tohex = function() { 3506 if (this.asn1Array.length == 0 && this.paramArray.length > 0) { 3507 for (var i = 0; i < this.paramArray.length; i++) { 3508 var param = this.paramArray[i]; 3509 if (param.rule !== undefined && 3510 this.sRule != "utf8") { 3511 param.rule = this.sRule; 3512 } 3513 //alert(JSON.stringify(param)); 3514 var asn1ATV = new _AttributeTypeAndValue(param); 3515 this.asn1Array.push(asn1ATV); 3516 } 3517 } 3518 var o = new KJUR.asn1.DERSet({"array": this.asn1Array}); 3519 this.TLV = o.tohex(); 3520 return this.TLV; 3521 }; 3522 this.getEncodedHex = function() { return this.tohex(); }; 3523 3524 if (params !== undefined) { 3525 this.setByParam(params); 3526 } 3527 }; 3528 extendClass(KJUR.asn1.x509.RDN, KJUR.asn1.ASN1Object); 3529 3530 /** 3531 * parse multi-valued RDN string and split into array of 'AttributeTypeAndValue'<br/> 3532 * @name parseString 3533 * @memberOf KJUR.asn1.x509.RDN 3534 * @function 3535 * @param {String} s multi-valued string of RDN 3536 * @return {Array} array of string of AttributeTypeAndValue 3537 * @since jsrsasign 6.2.1 asn1x509 1.0.17 3538 * @description 3539 * This static method parses multi-valued RDN string and split into 3540 * array of AttributeTypeAndValue. 3541 * @example 3542 * KJUR.asn1.x509.RDN.parseString("CN=john") → ["CN=john"] 3543 * KJUR.asn1.x509.RDN.parseString("CN=john+OU=test") → ["CN=john", "OU=test"] 3544 * KJUR.asn1.x509.RDN.parseString('CN="jo+hn"+OU=test') → ["CN=jo+hn", "OU=test"] 3545 * KJUR.asn1.x509.RDN.parseString('CN=jo\+hn+OU=test') → ["CN=jo+hn", "OU=test"] 3546 * KJUR.asn1.x509.RDN.parseString("CN=john+OU=test+OU=t1") → ["CN=john", "OU=test", "OU=t1"] 3547 */ 3548 KJUR.asn1.x509.RDN.parseString = function(s) { 3549 var a = s.split(/\+/); 3550 3551 // join \+ 3552 var isBSbefore = false; 3553 var a2 = []; 3554 for (var i = 0; a.length > 0; i++) { 3555 var item = a.shift(); 3556 //console.log("item=" + item); 3557 3558 if (isBSbefore === true) { 3559 var a2last = a2.pop(); 3560 var newitem = (a2last + "+" + item).replace(/\\\+/g, "+"); 3561 a2.push(newitem); 3562 isBSbefore = false; 3563 } else { 3564 a2.push(item); 3565 } 3566 3567 if (item.substr(-1, 1) === "\\") isBSbefore = true; 3568 } 3569 3570 // join quote 3571 var beginQuote = false; 3572 var a3 = []; 3573 for (var i = 0; a2.length > 0; i++) { 3574 var item = a2.shift(); 3575 3576 if (beginQuote === true) { 3577 var a3last = a3.pop(); 3578 if (item.match(/"$/)) { 3579 var newitem = (a3last + "+" + item).replace(/^([^=]+)="(.*)"$/, "$1=$2"); 3580 a3.push(newitem); 3581 beginQuote = false; 3582 } else { 3583 a3.push(a3last + "+" + item); 3584 } 3585 } else { 3586 a3.push(item); 3587 } 3588 3589 if (item.match(/^[^=]+="/)) { 3590 //console.log(i + "=" + item); 3591 beginQuote = true; 3592 } 3593 } 3594 return a3; 3595 }; 3596 3597 /** 3598 * AttributeTypeAndValue ASN.1 structure class 3599 * @name KJUR.asn1.x509.AttributeTypeAndValue 3600 * @class AttributeTypeAndValue ASN.1 structure class 3601 * @param {Array} params JSON object for parameters (ex. {str: 'C=US'}) 3602 * @extends KJUR.asn1.ASN1Object 3603 * @see KJUR.asn1.x509.X500Name 3604 * @see KJUR.asn1.x509.RDN 3605 * @see KJUR.asn1.x509.AttributeTypeAndValue 3606 * @see X509#getAttrTypeAndValue 3607 * @description 3608 * This class generates AttributeTypeAndValue defined in 3609 * <a href="https://tools.ietf.org/html/rfc5280#section-4.1.2.4"> 3610 * RFC 5280 4.1.2.4</a>. 3611 * <pre> 3612 * AttributeTypeAndValue ::= SEQUENCE { 3613 * type AttributeType, 3614 * value AttributeValue } 3615 * AttributeType ::= OBJECT IDENTIFIER 3616 * AttributeValue ::= ANY -- DEFINED BY AttributeType 3617 * </pre> 3618 * The constructor argument can have following parameters: 3619 * <ul> 3620 * <li>{String}type - AttributeType name or OID(ex. C,O,CN)</li> 3621 * <li>{String}value - raw string of ASN.1 value of AttributeValue</li> 3622 * <li>{String}ds - DirectoryString type of AttributeValue</li> 3623 * <li>{String}rule - DirectoryString type rule (ex. "prn" or "utf8") 3624 * set DirectoryString type automatically when "ds" not specified.</li> 3625 * <li>{String}str - AttributeTypeAndVale string (ex. "C=US"). 3626 * When type and value don't exists, 3627 * this "str" will be converted to "type" and "value". 3628 * </li> 3629 * </ul> 3630 * <br 3631 * NOTE: Parameters "type", "value,", "ds" and "rule" have 3632 * been supported since jsrsasign 9.0.0 asn1x509 2.0.0. 3633 * @example 3634 * new KJUR.asn1.x509.AttributeTypeAndValue({type:'C',value:'US',ds:'prn'}) 3635 * new KJUR.asn1.x509.AttributeTypeAndValue({type:'givenName',value:'John',ds:'prn'}) 3636 * new KJUR.asn1.x509.AttributeTypeAndValue({type:'2.5.4.9',value:'71 Bowman St',ds:'prn'}) 3637 * new KJUR.asn1.x509.AttributeTypeAndValue({str:'O=T1'}) 3638 * new KJUR.asn1.x509.AttributeTypeAndValue({str:'streetAddress=71 Bowman St'}) 3639 * new KJUR.asn1.x509.AttributeTypeAndValue({str:'O=T1',rule='prn'}) 3640 * new KJUR.asn1.x509.AttributeTypeAndValue({str:'O=T1',rule='utf8'}) 3641 */ 3642 KJUR.asn1.x509.AttributeTypeAndValue = function(params) { 3643 KJUR.asn1.x509.AttributeTypeAndValue.superclass.constructor.call(this); 3644 this.sRule = "utf8"; 3645 this.sType = null; 3646 this.sValue = null; 3647 this.dsType = null; 3648 var _KJUR = KJUR, 3649 _KJUR_asn1 = _KJUR.asn1, 3650 _DERSequence = _KJUR_asn1.DERSequence, 3651 _DERUTF8String = _KJUR_asn1.DERUTF8String, 3652 _DERPrintableString = _KJUR_asn1.DERPrintableString, 3653 _DERTeletexString = _KJUR_asn1.DERTeletexString, 3654 _DERIA5String = _KJUR_asn1.DERIA5String, 3655 _DERVisibleString = _KJUR_asn1.DERVisibleString, 3656 _DERBMPString = _KJUR_asn1.DERBMPString, 3657 _isMail = _KJUR.lang.String.isMail, 3658 _isPrintable = _KJUR.lang.String.isPrintable; 3659 3660 this.setByParam = function(params) { 3661 if (params.rule !== undefined) this.sRule = params.rule; 3662 if (params.ds !== undefined) this.dsType = params.ds; 3663 3664 if (params.value === undefined && 3665 params.str !== undefined) { 3666 var str = params.str; 3667 var matchResult = str.match(/^([^=]+)=(.+)$/); 3668 if (matchResult) { 3669 this.sType = matchResult[1]; 3670 this.sValue = matchResult[2]; 3671 } else { 3672 throw new Error("malformed attrTypeAndValueStr: " + 3673 attrTypeAndValueStr); 3674 } 3675 3676 //this.setByString(params.str); 3677 } else { 3678 this.sType = params.type; 3679 this.sValue = params.value; 3680 } 3681 }; 3682 3683 /* 3684 * @deprecated 3685 */ 3686 this.setByString = function(sTypeValue, sRule) { 3687 if (sRule !== undefined) this.sRule = sRule; 3688 var matchResult = sTypeValue.match(/^([^=]+)=(.+)$/); 3689 if (matchResult) { 3690 this.setByAttrTypeAndValueStr(matchResult[1], matchResult[2]); 3691 } else { 3692 throw new Error("malformed attrTypeAndValueStr: " + 3693 attrTypeAndValueStr); 3694 } 3695 }; 3696 3697 this._getDsType = function() { 3698 var sType = this.sType; 3699 var sValue = this.sValue; 3700 var sRule = this.sRule; 3701 3702 if (sRule === "prn") { 3703 if (sType == "CN" && _isMail(sValue)) return "ia5"; 3704 if (_isPrintable(sValue)) return "prn"; 3705 return "utf8"; 3706 } else if (sRule === "utf8") { 3707 if (sType == "CN" && _isMail(sValue)) return "ia5"; 3708 if (sType == "C") return "prn"; 3709 return "utf8"; 3710 } 3711 return "utf8"; // default 3712 }; 3713 3714 this.setByAttrTypeAndValueStr = function(sType, sValue, sRule) { 3715 if (sRule !== undefined) this.sRule = sRule; 3716 this.sType = sType; 3717 this.sValue = sValue; 3718 }; 3719 3720 this.getValueObj = function(dsType, valueStr) { 3721 if (dsType == "utf8") return new _DERUTF8String({"str": valueStr}); 3722 if (dsType == "prn") return new _DERPrintableString({"str": valueStr}); 3723 if (dsType == "tel") return new _DERTeletexString({"str": valueStr}); 3724 if (dsType == "ia5") return new _DERIA5String({"str": valueStr}); 3725 if (dsType == "vis") return new _DERVisibleString({"str": valueStr}); 3726 if (dsType == "bmp") return new _DERBMPString({"str": valueStr}); 3727 throw new Error("unsupported directory string type: type=" + 3728 dsType + " value=" + valueStr); 3729 }; 3730 3731 this.tohex = function() { 3732 if (this.dsType == null) this.dsType = this._getDsType(); 3733 var asn1Type = KJUR.asn1.x509.OID.atype2obj(this.sType); 3734 var asn1Value = this.getValueObj(this.dsType, this.sValue); 3735 var o = new _DERSequence({"array": [asn1Type, asn1Value]}); 3736 this.TLV = o.tohex(); 3737 return this.TLV; 3738 } 3739 3740 this.getEncodedHex = function() { return this.tohex(); }; 3741 3742 if (params !== undefined) { 3743 this.setByParam(params); 3744 } 3745 }; 3746 extendClass(KJUR.asn1.x509.AttributeTypeAndValue, KJUR.asn1.ASN1Object); 3747 3748 // === END X500Name Related ================================================= 3749 3750 // === BEGIN Other ASN1 structure class ====================================== 3751 3752 /** 3753 * SubjectPublicKeyInfo ASN.1 structure class 3754 * @name KJUR.asn1.x509.SubjectPublicKeyInfo 3755 * @class SubjectPublicKeyInfo ASN.1 structure class 3756 * @param {Object} params parameter for subject public key 3757 * @extends KJUR.asn1.ASN1Object 3758 * @description 3759 * <br/> 3760 * As for argument 'params' for constructor, you can specify one of 3761 * following properties: 3762 * <ul> 3763 * <li>{@link RSAKey} object</li> 3764 * <li>{@link KJUR.crypto.ECDSA} object</li> 3765 * <li>{@link KJUR.crypto.DSA} object</li> 3766 * </ul> 3767 * NOTE1: 'params' can be omitted.<br/> 3768 * NOTE2: DSA/ECDSA key object is also supported since asn1x509 1.0.6.<br/> 3769 * <h4>EXAMPLE</h4> 3770 * @example 3771 * spki = new KJUR.asn1.x509.SubjectPublicKeyInfo(RSAKey_object); 3772 * spki = new KJUR.asn1.x509.SubjectPublicKeyInfo(KJURcryptoECDSA_object); 3773 * spki = new KJUR.asn1.x509.SubjectPublicKeyInfo(KJURcryptoDSA_object); 3774 */ 3775 KJUR.asn1.x509.SubjectPublicKeyInfo = function(params) { 3776 KJUR.asn1.x509.SubjectPublicKeyInfo.superclass.constructor.call(this); 3777 var asn1AlgId = null, 3778 asn1SubjPKey = null, 3779 _KJUR = KJUR, 3780 _KJUR_asn1 = _KJUR.asn1, 3781 _DERInteger = _KJUR_asn1.DERInteger, 3782 _DERBitString = _KJUR_asn1.DERBitString, 3783 _DERObjectIdentifier = _KJUR_asn1.DERObjectIdentifier, 3784 _DERSequence = _KJUR_asn1.DERSequence, 3785 _newObject = _KJUR_asn1.ASN1Util.newObject, 3786 _KJUR_asn1_x509 = _KJUR_asn1.x509, 3787 _AlgorithmIdentifier = _KJUR_asn1_x509.AlgorithmIdentifier, 3788 _KJUR_crypto = _KJUR.crypto, 3789 _KJUR_crypto_ECDSA = _KJUR_crypto.ECDSA, 3790 _KJUR_crypto_DSA = _KJUR_crypto.DSA; 3791 3792 /* 3793 * @since asn1x509 1.0.7 3794 */ 3795 this.getASN1Object = function() { 3796 if (this.asn1AlgId == null || this.asn1SubjPKey == null) 3797 throw "algId and/or subjPubKey not set"; 3798 var o = new _DERSequence({'array': 3799 [this.asn1AlgId, this.asn1SubjPKey]}); 3800 return o; 3801 }; 3802 3803 this.tohex = function() { 3804 var o = this.getASN1Object(); 3805 this.hTLV = o.tohex(); 3806 return this.hTLV; 3807 }; 3808 this.getEncodedHex = function() { return this.tohex(); }; 3809 3810 /** 3811 * @name setPubKey 3812 * @memberOf KJUR.asn1.x509.SubjectPublicKeyInfo# 3813 * @function 3814 * @param {Object} {@link RSAKey}, {@link KJUR.crypto.ECDSA} or {@link KJUR.crypto.DSA} object 3815 * @since jsrsasign 8.0.0 asn1x509 1.1.0 3816 * @description 3817 * @example 3818 * spki = new KJUR.asn1.x509.SubjectPublicKeyInfo(); 3819 * pubKey = KEYUTIL.getKey(PKCS8PUBKEYPEM); 3820 * spki.setPubKey(pubKey); 3821 */ 3822 this.setPubKey = function(key) { 3823 try { 3824 if (key instanceof RSAKey) { 3825 var asn1RsaPub = _newObject({ 3826 'seq': [{'int': {'bigint': key.n}}, {'int': {'int': key.e}}] 3827 }); 3828 var rsaKeyHex = asn1RsaPub.tohex(); 3829 this.asn1AlgId = new _AlgorithmIdentifier({'name':'rsaEncryption'}); 3830 this.asn1SubjPKey = new _DERBitString({'hex':'00'+rsaKeyHex}); 3831 } 3832 } catch(ex) {}; 3833 3834 try { 3835 if (key instanceof KJUR.crypto.ECDSA) { 3836 var asn1Params = new _DERObjectIdentifier({'name': key.curveName}); 3837 this.asn1AlgId = 3838 new _AlgorithmIdentifier({'name': 'ecPublicKey', 3839 'asn1params': asn1Params}); 3840 this.asn1SubjPKey = new _DERBitString({'hex': '00' + key.pubKeyHex}); 3841 } 3842 } catch(ex) {}; 3843 3844 try { 3845 if (key instanceof KJUR.crypto.DSA) { 3846 var asn1Params = new _newObject({ 3847 'seq': [{'int': {'bigint': key.p}}, 3848 {'int': {'bigint': key.q}}, 3849 {'int': {'bigint': key.g}}] 3850 }); 3851 this.asn1AlgId = 3852 new _AlgorithmIdentifier({'name': 'dsa', 3853 'asn1params': asn1Params}); 3854 var pubInt = new _DERInteger({'bigint': key.y}); 3855 this.asn1SubjPKey = 3856 new _DERBitString({'hex': '00' + pubInt.tohex()}); 3857 } 3858 } catch(ex) {}; 3859 }; 3860 3861 if (params !== undefined) { 3862 this.setPubKey(params); 3863 } 3864 }; 3865 extendClass(KJUR.asn1.x509.SubjectPublicKeyInfo, KJUR.asn1.ASN1Object); 3866 3867 /** 3868 * Time ASN.1 structure class<br/> 3869 * @name KJUR.asn1.x509.Time 3870 * @class Time ASN.1 structure class 3871 * @param {Array} params associative array of parameters (ex. {'str': '130508235959Z'}) 3872 * @extends KJUR.asn1.ASN1Object 3873 * @see KJUR.asn1.DERUTCTime 3874 * @see KJUR.asn1.DERGeneralizedTime 3875 * @description 3876 * This class represents Time ASN.1 structure defined in 3877 * <a href="https://tools.ietf.org/html/rfc5280">RFC 5280</a> 3878 * <pre> 3879 * Time ::= CHOICE { 3880 * utcTime UTCTime, 3881 * generalTime GeneralizedTime } 3882 * </pre> 3883 * 3884 * @example 3885 * var t1 = new KJUR.asn1.x509.Time{'str': '130508235959Z'} // UTCTime by default 3886 * var t2 = new KJUR.asn1.x509.Time{'type': 'gen', 'str': '20130508235959Z'} // GeneralizedTime 3887 */ 3888 KJUR.asn1.x509.Time = function(params) { 3889 KJUR.asn1.x509.Time.superclass.constructor.call(this); 3890 var type = null, 3891 timeParams = null, 3892 _KJUR = KJUR, 3893 _KJUR_asn1 = _KJUR.asn1, 3894 _DERUTCTime = _KJUR_asn1.DERUTCTime, 3895 _DERGeneralizedTime = _KJUR_asn1.DERGeneralizedTime; 3896 this.params = null; 3897 this.type = null; 3898 3899 // deprecated 3900 this.setTimeParams = function(timeParams) { 3901 this.timeParams = timeParams; 3902 } 3903 3904 this.setByParam = function(params) { 3905 this.params = params; 3906 }; 3907 3908 this.getType = function(s) { 3909 if (s.match(/^[0-9]{12}Z$/)) return "utc"; 3910 if (s.match(/^[0-9]{14}Z$/)) return "gen"; 3911 if (s.match(/^[0-9]{12}\.[0-9]+Z$/)) return "utc"; 3912 if (s.match(/^[0-9]{14}\.[0-9]+Z$/)) return "gen"; 3913 return null; 3914 }; 3915 3916 this.tohex = function() { 3917 var params = this.params; 3918 var o = null; 3919 3920 if (typeof params == "string") params = {str: params}; 3921 if (params != null && 3922 params.str && 3923 (params.type == null || params.type == undefined)) { 3924 params.type = this.getType(params.str); 3925 } 3926 3927 if (params != null && params.str) { 3928 if (params.type == "utc") o = new _DERUTCTime(params.str); 3929 if (params.type == "gen") o = new _DERGeneralizedTime(params.str); 3930 } else { 3931 if (this.type == "gen") { 3932 o = new _DERGeneralizedTime(); 3933 } else { 3934 o = new _DERUTCTime(); 3935 } 3936 } 3937 3938 if (o == null) throw new Error("wrong setting for Time"); 3939 this.TLV = o.tohex(); 3940 return this.TLV; 3941 }; 3942 this.getEncodedHex = function() { return this.tohex(); }; 3943 3944 if (params != undefined) this.setByParam(params); 3945 }; 3946 3947 KJUR.asn1.x509.Time_bak = function(params) { 3948 KJUR.asn1.x509.Time_bak.superclass.constructor.call(this); 3949 var type = null, 3950 timeParams = null, 3951 _KJUR = KJUR, 3952 _KJUR_asn1 = _KJUR.asn1, 3953 _DERUTCTime = _KJUR_asn1.DERUTCTime, 3954 _DERGeneralizedTime = _KJUR_asn1.DERGeneralizedTime; 3955 3956 this.setTimeParams = function(timeParams) { 3957 this.timeParams = timeParams; 3958 } 3959 3960 this.tohex = function() { 3961 var o = null; 3962 3963 if (this.timeParams != null) { 3964 if (this.type == "utc") { 3965 o = new _DERUTCTime(this.timeParams); 3966 } else { 3967 o = new _DERGeneralizedTime(this.timeParams); 3968 } 3969 } else { 3970 if (this.type == "utc") { 3971 o = new _DERUTCTime(); 3972 } else { 3973 o = new _DERGeneralizedTime(); 3974 } 3975 } 3976 this.TLV = o.tohex(); 3977 return this.TLV; 3978 }; 3979 this.getEncodedHex = function() { return this.tohex(); }; 3980 3981 this.type = "utc"; 3982 if (params !== undefined) { 3983 if (params.type !== undefined) { 3984 this.type = params.type; 3985 } else { 3986 if (params.str !== undefined) { 3987 if (params.str.match(/^[0-9]{12}Z$/)) this.type = "utc"; 3988 if (params.str.match(/^[0-9]{14}Z$/)) this.type = "gen"; 3989 } 3990 } 3991 this.timeParams = params; 3992 } 3993 }; 3994 extendClass(KJUR.asn1.x509.Time, KJUR.asn1.ASN1Object); 3995 3996 /** 3997 * AlgorithmIdentifier ASN.1 structure class 3998 * @name KJUR.asn1.x509.AlgorithmIdentifier 3999 * @class AlgorithmIdentifier ASN.1 structure class 4000 * @param {Array} params associative array of parameters (ex. {'name': 'SHA1withRSA'}) 4001 * @extends KJUR.asn1.ASN1Object 4002 * @description 4003 * The 'params' argument is an associative array and has following parameters: 4004 * <ul> 4005 * <li>name: algorithm name (MANDATORY, ex. sha1, SHA256withRSA)</li> 4006 * <li>asn1params: explicitly specify ASN.1 object for algorithm. 4007 * (OPTION)</li> 4008 * <li>paramempty: set algorithm parameter to NULL by force. 4009 * If paramempty is false, algorithm parameter will be set automatically. 4010 * If paramempty is false and algorithm name is "*withDSA" or "withECDSA" parameter field of 4011 * AlgorithmIdentifier will be ommitted otherwise 4012 * it will be NULL by default. 4013 * (OPTION, DEFAULT = false)</li> 4014 * </ul> 4015 * RSA-PSS algorithm names such as SHA{,256,384,512}withRSAandMGF1 are 4016 * special names. They will set a suite of algorithm OID and multiple algorithm 4017 * parameters. Its ASN.1 schema is defined in 4018 * <a href="https://tools.ietf.org/html/rfc3447#appendix-A.2.3">RFC 3447 PKCS#1 2.1 4019 * section A.2.3</a>. 4020 * <blockquote><pre> 4021 * id-RSASSA-PSS OBJECT IDENTIFIER ::= { pkcs-1 10 } 4022 * RSASSA-PSS-params ::= SEQUENCE { 4023 * hashAlgorithm [0] HashAlgorithm DEFAULT sha1, 4024 * maskGenAlgorithm [1] MaskGenAlgorithm DEFAULT mgf1SHA1, 4025 * saltLength [2] INTEGER DEFAULT 20, 4026 * trailerField [3] TrailerField DEFAULT trailerFieldBC } 4027 * mgf1SHA1 MaskGenAlgorithm ::= { 4028 * algorithm id-mgf1, 4029 * parameters HashAlgorithm : sha1 } 4030 * id-mgf1 OBJECT IDENTIFIER ::= { pkcs-1 8 } 4031 * TrailerField ::= INTEGER { trailerFieldBC(1) } 4032 * </pre></blockquote> 4033 * Here is a table for PSS parameters: 4034 * <table> 4035 * <tr><th>Name</th><th>alg oid</th><th>pss hash</th><th>maskgen</th></th><th>pss saltlen</th><th>trailer</th></tr> 4036 * <tr><td>SHAwithRSAandMGF1</td><td>1.2.840.113549.1.1.10(rsapss)</td><td>default(sha1)</td><td>default(mgf1sha1)</td><td>default(20)</td><td>default(1)</td></tr> 4037 * <tr><td>SHA256withRSAandMGF1</td><td>1.2.840.113549.1.1.10(rsapss)</td><td>sha256</td><td>mgf1sha256</td><td>32</td><td>default(1)</td></tr> 4038 * <tr><td>SHA384withRSAandMGF1</td><td>1.2.840.113549.1.1.10(rsapss)</td><td>sha384</td><td>mgf1sha384</td><td>48</td><td>default(1)</td></tr> 4039 * <tr><td>SHA512withRSAandMGF1</td><td>1.2.840.113549.1.1.10(rsapss)</td><td>sha512</td><td>mgf1sha512</td><td>64</td><td>default(1)</td></tr> 4040 * </table> 4041 * Default value is omitted as defined in ASN.1 schema. 4042 * These parameters are interoperable to OpenSSL or IAIK toolkit. 4043 * <br/> 4044 * NOTE: RSA-PSS algorihtm names are supported since jsrsasign 8.0.21. 4045 * @example 4046 * new KJUR.asn1.x509.AlgorithmIdentifier({name: "sha1"}) 4047 * new KJUR.asn1.x509.AlgorithmIdentifier({name: "SHA256withRSA"}) 4048 * new KJUR.asn1.x509.AlgorithmIdentifier({name: "SHA512withRSAandMGF1"}) // set parameters automatically 4049 * new KJUR.asn1.x509.AlgorithmIdentifier({name: "SHA256withRSA", paramempty: true}) 4050 * new KJUR.asn1.x509.AlgorithmIdentifier({name: "rsaEncryption"}) 4051 */ 4052 KJUR.asn1.x509.AlgorithmIdentifier = function(params) { 4053 KJUR.asn1.x509.AlgorithmIdentifier.superclass.constructor.call(this); 4054 this.nameAlg = null; 4055 this.asn1Alg = null; 4056 this.asn1Params = null; 4057 this.paramEmpty = false; 4058 4059 var _KJUR = KJUR, 4060 _KJUR_asn1 = _KJUR.asn1, 4061 _PSSNAME2ASN1TLV = _KJUR_asn1.x509.AlgorithmIdentifier.PSSNAME2ASN1TLV; 4062 4063 this.tohex = function() { 4064 if (this.nameAlg === null && this.asn1Alg === null) { 4065 throw new Error("algorithm not specified"); 4066 } 4067 4068 // for RSAPSS algorithm name 4069 // && this.hTLV === null 4070 if (this.nameAlg !== null) { 4071 var hTLV = null; 4072 for (var key in _PSSNAME2ASN1TLV) { 4073 if (key === this.nameAlg) { 4074 hTLV = _PSSNAME2ASN1TLV[key]; 4075 } 4076 } 4077 if (hTLV !== null) { 4078 this.hTLV = hTLV; 4079 return this.hTLV; 4080 } 4081 } 4082 4083 if (this.nameAlg !== null && this.asn1Alg === null) { 4084 this.asn1Alg = _KJUR_asn1.x509.OID.name2obj(this.nameAlg); 4085 } 4086 var a = [this.asn1Alg]; 4087 if (this.asn1Params !== null) a.push(this.asn1Params); 4088 4089 var o = new _KJUR_asn1.DERSequence({'array': a}); 4090 this.hTLV = o.tohex(); 4091 return this.hTLV; 4092 }; 4093 this.getEncodedHex = function() { return this.tohex(); }; 4094 4095 if (params !== undefined) { 4096 if (params.name !== undefined) { 4097 this.nameAlg = params.name; 4098 } 4099 if (params.asn1params !== undefined) { 4100 this.asn1Params = params.asn1params; 4101 } 4102 if (params.paramempty !== undefined) { 4103 this.paramEmpty = params.paramempty; 4104 } 4105 } 4106 4107 // set algorithm parameters will be ommitted for 4108 // "*withDSA" or "*withECDSA" otherwise will be NULL. 4109 if (this.asn1Params === null && 4110 this.paramEmpty === false && 4111 this.nameAlg !== null) { 4112 4113 if (this.nameAlg.name !== undefined) { 4114 this.nameAlg = this.nameAlg.name; 4115 } 4116 var lcNameAlg = this.nameAlg.toLowerCase(); 4117 4118 if (lcNameAlg.substr(-7, 7) !== "withdsa" && 4119 lcNameAlg.substr(-9, 9) !== "withecdsa") { 4120 this.asn1Params = new _KJUR_asn1.DERNull(); 4121 } 4122 } 4123 }; 4124 extendClass(KJUR.asn1.x509.AlgorithmIdentifier, KJUR.asn1.ASN1Object); 4125 4126 /** 4127 * AlgorithmIdentifier ASN.1 TLV string associative array for RSA-PSS algorithm names 4128 * @const 4129 */ 4130 KJUR.asn1.x509.AlgorithmIdentifier.PSSNAME2ASN1TLV = { 4131 "SHAwithRSAandMGF1": 4132 "300d06092a864886f70d01010a3000", 4133 "SHA256withRSAandMGF1": 4134 "303d06092a864886f70d01010a3030a00d300b0609608648016503040201a11a301806092a864886f70d010108300b0609608648016503040201a203020120", 4135 "SHA384withRSAandMGF1": 4136 "303d06092a864886f70d01010a3030a00d300b0609608648016503040202a11a301806092a864886f70d010108300b0609608648016503040202a203020130", 4137 "SHA512withRSAandMGF1": 4138 "303d06092a864886f70d01010a3030a00d300b0609608648016503040203a11a301806092a864886f70d010108300b0609608648016503040203a203020140" 4139 }; 4140 4141 /** 4142 * GeneralName ASN.1 structure class<br/> 4143 * @name KJUR.asn1.x509.GeneralName 4144 * @class GeneralName ASN.1 structure class 4145 * @see KJUR.asn1.x509.OtherName 4146 * @see KJUR.asn1.x509.X500Name 4147 * 4148 * @description 4149 * <br/> 4150 * As for argument 'params' for constructor, you can specify one of 4151 * following properties: 4152 * <ul> 4153 * <li>rfc822 - rfc822Name[1] (ex. user1@foo.com)</li> 4154 * <li>dns - dNSName[2] (ex. foo.com)</li> 4155 * <li>uri - uniformResourceIdentifier[6] (ex. http://foo.com/)</li> 4156 * <li>dn - directoryName[4] 4157 * distinguished name string or X500Name class parameters can be 4158 * specified (ex. "/C=US/O=Test", {hex: '301c...')</li> 4159 * <li>ldapdn - directoryName[4] (ex. O=Test,C=US)</li> 4160 * <li>certissuer - directoryName[4] (PEM or hex string of cert)</li> 4161 * <li>certsubj - directoryName[4] (PEM or hex string of cert)</li> 4162 * <li>ip - iPAddress[7] (ex. 192.168.1.1, 2001:db3::43, 3faa0101...)</li> 4163 * </ul> 4164 * NOTE1: certissuer and certsubj were supported since asn1x509 1.0.10.<br/> 4165 * NOTE2: dn and ldapdn were supported since jsrsasign 6.2.3 asn1x509 1.0.19.<br/> 4166 * NOTE3: ip were supported since jsrsasign 8.0.10 asn1x509 1.1.4.<br/> 4167 * NOTE4: X500Name parameters in dn were supported since jsrsasign 8.0.16.<br/> 4168 * NOTE5: otherName is supported since jsrsasign 10.5.3.<br/> 4169 * 4170 * Here is definition of the ASN.1 syntax: 4171 * <pre> 4172 * -- NOTE: under the CHOICE, it will always be explicit. 4173 * GeneralName ::= CHOICE { 4174 * otherName [0] OtherName, 4175 * rfc822Name [1] IA5String, 4176 * dNSName [2] IA5String, 4177 * x400Address [3] ORAddress, 4178 * directoryName [4] Name, 4179 * ediPartyName [5] EDIPartyName, 4180 * uniformResourceIdentifier [6] IA5String, 4181 * iPAddress [7] OCTET STRING, 4182 * registeredID [8] OBJECT IDENTIFIER } 4183 * 4184 * OtherName ::= SEQUENCE { 4185 * type-id OBJECT IDENTIFIER, 4186 * value [0] EXPLICIT ANY DEFINED BY type-id } 4187 * </pre> 4188 * 4189 * @example 4190 * gn = new KJUR.asn1.x509.GeneralName({dn: '/C=US/O=Test'}); 4191 * gn = new KJUR.asn1.x509.GeneralName({dn: X500NameObject); 4192 * gn = new KJUR.asn1.x509.GeneralName({dn: {str: /C=US/O=Test'}); 4193 * gn = new KJUR.asn1.x509.GeneralName({dn: {ldapstr: 'O=Test,C=US'}); 4194 * gn = new KJUR.asn1.x509.GeneralName({dn: {hex: '301c...'}); 4195 * gn = new KJUR.asn1.x509.GeneralName({dn: {certissuer: PEMCERTSTRING}); 4196 * gn = new KJUR.asn1.x509.GeneralName({dn: {certsubject: PEMCERTSTRING}); 4197 * gn = new KJUR.asn1.x509.GeneralName({ip: '192.168.1.1'}); 4198 * gn = new KJUR.asn1.x509.GeneralName({ip: '2001:db4::4:1'}); 4199 * gn = new KJUR.asn1.x509.GeneralName({ip: 'c0a80101'}); 4200 * gn = new KJUR.asn1.x509.GeneralName({rfc822: 'test@aaa.com'}); 4201 * gn = new KJUR.asn1.x509.GeneralName({dns: 'aaa.com'}); 4202 * gn = new KJUR.asn1.x509.GeneralName({uri: 'http://aaa.com/'}); 4203 * gn = new KJUR.asn1.x509.GeneralName({other: { 4204 * oid: "1.2.3.4", 4205 * value: {utf8str: "example"} // any ASN.1 which passed to ASN1Util.newObject 4206 * }}); 4207 * 4208 * gn = new KJUR.asn1.x509.GeneralName({ldapdn: 'O=Test,C=US'}); // DEPRECATED 4209 * gn = new KJUR.asn1.x509.GeneralName({certissuer: certPEM}); // DEPRECATED 4210 * gn = new KJUR.asn1.x509.GeneralName({certsubj: certPEM}); // DEPRECATED 4211 */ 4212 KJUR.asn1.x509.GeneralName = function(params) { 4213 KJUR.asn1.x509.GeneralName.superclass.constructor.call(this); 4214 4215 var pTag = { rfc822: '81', dns: '82', dn: 'a4', 4216 uri: '86', ip: '87', otherName: 'a0'}, 4217 _KJUR = KJUR, 4218 _KJUR_asn1 = _KJUR.asn1, 4219 _KJUR_asn1_x509 = _KJUR_asn1.x509, 4220 _X500Name = _KJUR_asn1_x509.X500Name, 4221 _OtherName = _KJUR_asn1_x509.OtherName, 4222 _DERIA5String = _KJUR_asn1.DERIA5String, 4223 _DERPrintableString = _KJUR_asn1.DERPrintableString, 4224 _DEROctetString = _KJUR_asn1.DEROctetString, 4225 _DERTaggedObject = _KJUR_asn1.DERTaggedObject, 4226 _ASN1Object = _KJUR_asn1.ASN1Object, 4227 _Error = Error; 4228 4229 this.params = null; 4230 4231 this.setByParam = function(params) { 4232 this.params = params; 4233 }; 4234 4235 this.tohex = function() { 4236 var params = this.params; 4237 var hTag, explicitFlag, dObj; 4238 var explicitFlag = false; 4239 if (params.other !== undefined) { 4240 hTag = "a0", 4241 dObj = new _OtherName(params.other); 4242 } else if (params.rfc822 !== undefined) { 4243 hTag = "81"; 4244 dObj = new _DERIA5String({str: params.rfc822}); 4245 } else if (params.dns !== undefined) { 4246 hTag = "82"; 4247 dObj = new _DERIA5String({str: params.dns}); 4248 } else if (params.dn !== undefined) { 4249 hTag = "a4"; 4250 explicitFlag = true; 4251 if (typeof params.dn === "string") { 4252 dObj = new _X500Name({str: params.dn}); 4253 } else if (params.dn instanceof KJUR.asn1.x509.X500Name) { 4254 dObj = params.dn; 4255 } else { 4256 dObj = new _X500Name(params.dn); 4257 } 4258 } else if (params.ldapdn !== undefined) { 4259 hTag = "a4"; 4260 explicitFlag = true; 4261 dObj = new _X500Name({ldapstr: params.ldapdn}); 4262 } else if (params.certissuer !== undefined || 4263 params.certsubj !== undefined) { 4264 hTag = "a4"; 4265 explicitFlag = true; 4266 var isIssuer, certStr; 4267 var certHex = null; 4268 if (params.certsubj !== undefined) { 4269 isIssuer = false; 4270 certStr = params.certsubj; 4271 } else { 4272 isIssuer = true; 4273 certStr = params.certissuer; 4274 } 4275 4276 if (certStr.match(/^[0-9A-Fa-f]+$/)) { 4277 certHex == certStr; 4278 } 4279 if (certStr.indexOf("-----BEGIN ") != -1) { 4280 certHex = pemtohex(certStr); 4281 } 4282 if (certHex == null) 4283 throw new Error("certsubj/certissuer not cert"); 4284 4285 var x = new X509(); 4286 x.hex = certHex; 4287 4288 var hDN; 4289 if (isIssuer) { 4290 hDN = x.getIssuerHex(); 4291 } else { 4292 hDN = x.getSubjectHex(); 4293 } 4294 dObj = new _ASN1Object(); 4295 dObj.hTLV = hDN; 4296 } else if (params.uri !== undefined) { 4297 hTag = "86"; 4298 dObj = new _DERIA5String({str: params.uri}); 4299 } else if (params.ip !== undefined) { 4300 hTag = "87"; 4301 var hIP; 4302 var ip = params.ip; 4303 try { 4304 if (ip.match(/^[0-9a-f]+$/)) { 4305 var len = ip.length; 4306 if (len == 8 || len == 16 || len == 32 || len == 64) { 4307 hIP = ip; 4308 } else { 4309 throw "err"; 4310 } 4311 } else { 4312 hIP = iptohex(ip); 4313 } 4314 } catch(ex) { 4315 throw new _Error("malformed IP address: " + params.ip + ":" + ex.message); 4316 } 4317 dObj = new _DEROctetString({hex: hIP}); 4318 } else { 4319 throw new _Error("improper params"); 4320 } 4321 4322 var dTag = new _DERTaggedObject({tag: hTag, 4323 explicit: explicitFlag, 4324 obj: dObj}); 4325 return dTag.tohex(); 4326 }; 4327 this.getEncodedHex = function() { return this.tohex(); }; 4328 4329 if (params !== undefined) this.setByParam(params); 4330 }; 4331 extendClass(KJUR.asn1.x509.GeneralName, KJUR.asn1.ASN1Object); 4332 4333 /** 4334 * GeneralNames ASN.1 structure class<br/> 4335 * @name KJUR.asn1.x509.GeneralNames 4336 * @class GeneralNames ASN.1 structure class 4337 * @description 4338 * <br/> 4339 * <h4>EXAMPLE AND ASN.1 SYNTAX</h4> 4340 * @example 4341 * gns = new KJUR.asn1.x509.GeneralNames([{'uri': 'http://aaa.com/'}, {'uri': 'http://bbb.com/'}]); 4342 * 4343 * GeneralNames ::= SEQUENCE SIZE (1..MAX) OF GeneralName 4344 */ 4345 KJUR.asn1.x509.GeneralNames = function(paramsArray) { 4346 KJUR.asn1.x509.GeneralNames.superclass.constructor.call(this); 4347 var asn1Array = null, 4348 _KJUR = KJUR, 4349 _KJUR_asn1 = _KJUR.asn1; 4350 4351 /** 4352 * set a array of {@link KJUR.asn1.x509.GeneralName} parameters<br/> 4353 * @name setByParamArray 4354 * @memberOf KJUR.asn1.x509.GeneralNames# 4355 * @function 4356 * @param {Array} paramsArray Array of {@link KJUR.asn1.x509.GeneralNames} 4357 * @description 4358 * <br/> 4359 * <h4>EXAMPLES</h4> 4360 * @example 4361 * gns = new KJUR.asn1.x509.GeneralNames(); 4362 * gns.setByParamArray([{uri: 'http://aaa.com/'}, {uri: 'http://bbb.com/'}]); 4363 */ 4364 this.setByParamArray = function(paramsArray) { 4365 for (var i = 0; i < paramsArray.length; i++) { 4366 var o = new _KJUR_asn1.x509.GeneralName(paramsArray[i]); 4367 this.asn1Array.push(o); 4368 } 4369 }; 4370 4371 this.tohex = function() { 4372 var o = new _KJUR_asn1.DERSequence({'array': this.asn1Array}); 4373 return o.tohex(); 4374 }; 4375 this.getEncodedHex = function() { return this.tohex(); }; 4376 4377 this.asn1Array = new Array(); 4378 if (typeof paramsArray != "undefined") { 4379 this.setByParamArray(paramsArray); 4380 } 4381 }; 4382 extendClass(KJUR.asn1.x509.GeneralNames, KJUR.asn1.ASN1Object); 4383 4384 /** 4385 * OtherName of GeneralName ASN.1 structure class<br/> 4386 * @name KJUR.asn1.x509.OtherName 4387 * @class OtherName ASN.1 structure class 4388 * @since jsrsasign 10.5.3 asn1x509 2.1.12 4389 * @see KJUR.asn1.x509.GeneralName 4390 * @see KJUR.asn1.ASN1Util.newObject 4391 * 4392 * @description 4393 * This class is for OtherName of GeneralName ASN.1 structure. 4394 * Constructor has two members: 4395 * <ul> 4396 * <li>oid - oid string (ex. "1.2.3.4")</li> 4397 * <li>value - JSON object passed to ASN1Util.newObject or ASN1Object object</li> 4398 * </ul> 4399 * 4400 * <pre> 4401 * OtherName ::= SEQUENCE { 4402 * type-id OBJECT IDENTIFIER, 4403 * value [0] EXPLICIT ANY DEFINED BY type-id } 4404 * </pre> 4405 * 4406 * @example 4407 * new KJUR.asn1.x509.OtherName({ 4408 * oid: "1.2.3.4", 4409 * value: {prnstr: {str: "abc"}} 4410 * }) 4411 */ 4412 KJUR.asn1.x509.OtherName = function(params) { 4413 KJUR.asn1.x509.OtherName.superclass.constructor.call(this); 4414 4415 var asn1Obj = null, 4416 type = null, 4417 _KJUR = KJUR, 4418 _KJUR_asn1 = _KJUR.asn1, 4419 _DERObjectIdentifier = _KJUR_asn1.DERObjectIdentifier, 4420 _DERSequence = _KJUR_asn1.DERSequence, 4421 _newObject = _KJUR_asn1.ASN1Util.newObject; 4422 4423 this.params = null; 4424 4425 this.setByParam = function(params) { 4426 this.params = params; 4427 }; 4428 4429 this.tohex = function() { 4430 var params = this.params; 4431 4432 if (params.oid == undefined || params.value == undefined) 4433 throw new Error("oid or value not specified"); 4434 4435 var dOid = new _DERObjectIdentifier({oid: params.oid}); 4436 var dValue = _newObject({tag: {tag: "a0", 4437 explicit: true, 4438 obj: params.value}}); 4439 var dSeq = new _DERSequence({array: [dOid, dValue]}); 4440 4441 return dSeq.tohex(); 4442 }; 4443 this.getEncodedHex = function() { return this.tohex(); }; 4444 4445 if (params !== undefined) this.setByParam(params); 4446 }; 4447 extendClass(KJUR.asn1.x509.OtherName, KJUR.asn1.ASN1Object); 4448 4449 /** 4450 * static object for OID 4451 * @name KJUR.asn1.x509.OID 4452 * @class static object for OID 4453 * @property {Assoc Array} atype2oidList for short attribute type name and oid (ex. 'C' and '2.5.4.6') 4454 * @property {Assoc Array} name2oidList for oid name and oid (ex. 'keyUsage' and '2.5.29.15') 4455 * @property {Assoc Array} objCache for caching name and DERObjectIdentifier object 4456 * 4457 * @description 4458 * This class defines OID name and values. 4459 * AttributeType names registered in OID.atype2oidList are following: 4460 * <table style="border-width: thin; border-style: solid; witdh: 100%"> 4461 * <tr><th>short</th><th>long</th><th>OID</th></tr> 4462 * <tr><td>CN</td>commonName<td></td><td>2.5.4.3</td></tr> 4463 * <tr><td>L</td><td>localityName</td><td>2.5.4.7</td></tr> 4464 * <tr><td>ST</td><td>stateOrProvinceName</td><td>2.5.4.8</td></tr> 4465 * <tr><td>O</td><td>organizationName</td><td>2.5.4.10</td></tr> 4466 * <tr><td>OU</td><td>organizationalUnitName</td><td>2.5.4.11</td></tr> 4467 * <tr><td>C</td><td></td>countryName<td>2.5.4.6</td></tr> 4468 * <tr><td>STREET</td>streetAddress<td></td><td>2.5.4.6</td></tr> 4469 * <tr><td>DC</td><td>domainComponent</td><td>0.9.2342.19200300.100.1.25</td></tr> 4470 * <tr><td>UID</td><td>userId</td><td>0.9.2342.19200300.100.1.1</td></tr> 4471 * <tr><td>SN</td><td>surname</td><td>2.5.4.4</td></tr> 4472 * <tr><td>DN</td><td>distinguishedName</td><td>2.5.4.49</td></tr> 4473 * <tr><td>E</td><td>emailAddress</td><td>1.2.840.113549.1.9.1</td></tr> 4474 * <tr><td></td><td>businessCategory</td><td>2.5.4.15</td></tr> 4475 * <tr><td></td><td>postalCode</td><td>2.5.4.17</td></tr> 4476 * <tr><td></td><td>jurisdictionOfIncorporationL</td><td>1.3.6.1.4.1.311.60.2.1.1</td></tr> 4477 * <tr><td></td><td>jurisdictionOfIncorporationSP</td><td>1.3.6.1.4.1.311.60.2.1.2</td></tr> 4478 * <tr><td></td><td>jurisdictionOfIncorporationC</td><td>1.3.6.1.4.1.311.60.2.1.3</td></tr> 4479 * </table> 4480 * 4481 * @example 4482 */ 4483 KJUR.asn1.x509.OID = new function() { 4484 var _DERObjectIdentifier = KJUR.asn1.DERObjectIdentifier; 4485 4486 this.name2oidList = { 4487 'sha1': '1.3.14.3.2.26', 4488 'sha256': '2.16.840.1.101.3.4.2.1', 4489 'sha384': '2.16.840.1.101.3.4.2.2', 4490 'sha512': '2.16.840.1.101.3.4.2.3', 4491 'sha224': '2.16.840.1.101.3.4.2.4', 4492 'md5': '1.2.840.113549.2.5', 4493 'md2': '1.3.14.7.2.2.1', 4494 'ripemd160': '1.3.36.3.2.1', 4495 4496 'MD2withRSA': '1.2.840.113549.1.1.2', 4497 'MD4withRSA': '1.2.840.113549.1.1.3', 4498 'MD5withRSA': '1.2.840.113549.1.1.4', 4499 'SHA1withRSA': '1.2.840.113549.1.1.5', 4500 'pkcs1-MGF': '1.2.840.113549.1.1.8', 4501 'rsaPSS': '1.2.840.113549.1.1.10', 4502 'SHA224withRSA': '1.2.840.113549.1.1.14', 4503 'SHA256withRSA': '1.2.840.113549.1.1.11', 4504 'SHA384withRSA': '1.2.840.113549.1.1.12', 4505 'SHA512withRSA': '1.2.840.113549.1.1.13', 4506 4507 'SHA1withECDSA': '1.2.840.10045.4.1', 4508 'SHA224withECDSA': '1.2.840.10045.4.3.1', 4509 'SHA256withECDSA': '1.2.840.10045.4.3.2', 4510 'SHA384withECDSA': '1.2.840.10045.4.3.3', 4511 'SHA512withECDSA': '1.2.840.10045.4.3.4', 4512 4513 'dsa': '1.2.840.10040.4.1', 4514 'SHA1withDSA': '1.2.840.10040.4.3', 4515 'SHA224withDSA': '2.16.840.1.101.3.4.3.1', 4516 'SHA256withDSA': '2.16.840.1.101.3.4.3.2', 4517 4518 'rsaEncryption': '1.2.840.113549.1.1.1', 4519 4520 // X.500 AttributeType defined in RFC 4514 4521 'commonName': '2.5.4.3', 4522 'countryName': '2.5.4.6', 4523 'localityName': '2.5.4.7', 4524 'stateOrProvinceName': '2.5.4.8', 4525 'streetAddress': '2.5.4.9', 4526 'organizationName': '2.5.4.10', 4527 'organizationalUnitName': '2.5.4.11', 4528 'domainComponent': '0.9.2342.19200300.100.1.25', 4529 'userId': '0.9.2342.19200300.100.1.1', 4530 // other AttributeType name string 4531 'surname': '2.5.4.4', 4532 'givenName': '2.5.4.42', 4533 'title': '2.5.4.12', 4534 'distinguishedName': '2.5.4.49', 4535 'emailAddress': '1.2.840.113549.1.9.1', 4536 // other AttributeType name string (no short name) 4537 'description': '2.5.4.13', 4538 'businessCategory': '2.5.4.15', 4539 'postalCode': '2.5.4.17', 4540 'uniqueIdentifier': '2.5.4.45', 4541 'organizationIdentifier': '2.5.4.97', 4542 'jurisdictionOfIncorporationL': '1.3.6.1.4.1.311.60.2.1.1', 4543 'jurisdictionOfIncorporationSP':'1.3.6.1.4.1.311.60.2.1.2', 4544 'jurisdictionOfIncorporationC': '1.3.6.1.4.1.311.60.2.1.3', 4545 4546 'subjectDirectoryAttributes': '2.5.29.9', 4547 'subjectKeyIdentifier': '2.5.29.14', 4548 'keyUsage': '2.5.29.15', 4549 'subjectAltName': '2.5.29.17', 4550 'issuerAltName': '2.5.29.18', 4551 'basicConstraints': '2.5.29.19', 4552 'cRLNumber': '2.5.29.20', 4553 'cRLReason': '2.5.29.21', 4554 'nameConstraints': '2.5.29.30', 4555 'cRLDistributionPoints':'2.5.29.31', 4556 'certificatePolicies': '2.5.29.32', 4557 'anyPolicy': '2.5.29.32.0', 4558 'policyMappings': '2.5.29.33', 4559 'authorityKeyIdentifier':'2.5.29.35', 4560 'policyConstraints': '2.5.29.36', 4561 'extKeyUsage': '2.5.29.37', 4562 'inhibitAnyPolicy': '2.5.29.54', 4563 'authorityInfoAccess': '1.3.6.1.5.5.7.1.1', 4564 'ocsp': '1.3.6.1.5.5.7.48.1', 4565 'ocspBasic': '1.3.6.1.5.5.7.48.1.1', 4566 'ocspNonce': '1.3.6.1.5.5.7.48.1.2', 4567 'ocspNoCheck': '1.3.6.1.5.5.7.48.1.5', 4568 'caIssuers': '1.3.6.1.5.5.7.48.2', 4569 4570 'anyExtendedKeyUsage': '2.5.29.37.0', 4571 'serverAuth': '1.3.6.1.5.5.7.3.1', 4572 'clientAuth': '1.3.6.1.5.5.7.3.2', 4573 'codeSigning': '1.3.6.1.5.5.7.3.3', 4574 'emailProtection': '1.3.6.1.5.5.7.3.4', 4575 'timeStamping': '1.3.6.1.5.5.7.3.8', 4576 'ocspSigning': '1.3.6.1.5.5.7.3.9', 4577 4578 // 'otherNameForms': '1.3.6.1.5.5.7.8', 4579 'smtpUTF8Mailbox': '1.3.6.1.5.5.7.8.9', 4580 4581 'dateOfBirth': '1.3.6.1.5.5.7.9.1', 4582 'placeOfBirth': '1.3.6.1.5.5.7.9.2', 4583 'gender': '1.3.6.1.5.5.7.9.3', 4584 'countryOfCitizenship': '1.3.6.1.5.5.7.9.4', 4585 'countryOfResidence': '1.3.6.1.5.5.7.9.5', 4586 4587 'ecPublicKey': '1.2.840.10045.2.1', 4588 'P-256': '1.2.840.10045.3.1.7', 4589 'secp256r1': '1.2.840.10045.3.1.7', 4590 'secp256k1': '1.3.132.0.10', 4591 'secp384r1': '1.3.132.0.34', 4592 'secp521r1': '1.3.132.0.35', 4593 4594 'pkcs5PBES2': '1.2.840.113549.1.5.13', 4595 'pkcs5PBKDF2': '1.2.840.113549.1.5.12', 4596 4597 'des-EDE3-CBC': '1.2.840.113549.3.7', 4598 4599 'data': '1.2.840.113549.1.7.1', // CMS data 4600 'signed-data': '1.2.840.113549.1.7.2', // CMS signed-data 4601 'enveloped-data': '1.2.840.113549.1.7.3', // CMS enveloped-data 4602 'digested-data': '1.2.840.113549.1.7.5', // CMS digested-data 4603 'encrypted-data': '1.2.840.113549.1.7.6', // CMS encrypted-data 4604 'authenticated-data': '1.2.840.113549.1.9.16.1.2', // CMS authenticated-data 4605 'tstinfo': '1.2.840.113549.1.9.16.1.4', // RFC3161 TSTInfo 4606 'signingCertificate': '1.2.840.113549.1.9.16.2.12',// SMIME 4607 'timeStampToken': '1.2.840.113549.1.9.16.2.14',// sigTS 4608 'signaturePolicyIdentifier': '1.2.840.113549.1.9.16.2.15',// cades 4609 'etsArchiveTimeStamp': '1.2.840.113549.1.9.16.2.27',// SMIME 4610 'signingCertificateV2': '1.2.840.113549.1.9.16.2.47',// SMIME 4611 'etsArchiveTimeStampV2':'1.2.840.113549.1.9.16.2.48',// SMIME 4612 'extensionRequest': '1.2.840.113549.1.9.14',// CSR extensionRequest 4613 'contentType': '1.2.840.113549.1.9.3',//PKCS#9 4614 'messageDigest': '1.2.840.113549.1.9.4',//PKCS#9 4615 'signingTime': '1.2.840.113549.1.9.5',//PKCS#9 4616 'counterSignature': '1.2.840.113549.1.9.6',//PKCS#9 4617 'archiveTimeStampV3': '0.4.0.1733.2.4',//ETSI EN29319122/TS101733 4618 'pdfRevocationInfoArchival':'1.2.840.113583.1.1.8', //Adobe 4619 'adobeTimeStamp': '1.2.840.113583.1.1.9.1', // Adobe 4620 // CABF S/MIME BR 4621 'smimeMailboxLegacy': '2.23.140.1.5.1.1', 4622 'smimeMailboxMulti': '2.23.140.1.5.1.2', 4623 'smimeMailboxStrict': '2.23.140.1.5.1.3', 4624 'smimeOrganizationLegacy': '2.23.140.1.5.2.1', 4625 'smimeOrganizationMulti': '2.23.140.1.5.2.2', 4626 'smimeOrganizationStrict': '2.23.140.1.5.2.3', 4627 'smimeSponsorLegacy': '2.23.140.1.5.3.1', 4628 'smimeSponsorMulti': '2.23.140.1.5.3.2', 4629 'smimeSponsorStrict': '2.23.140.1.5.3.3', 4630 'smimeIndividualLegacy': '2.23.140.1.5.4.1', 4631 'smimeIndividualMulti': '2.23.140.1.5.4.2', 4632 'smimeIndividualStrict': '2.23.140.1.5.4.3', 4633 }; 4634 4635 this.atype2oidList = { 4636 // RFC 4514 AttributeType name string (MUST recognized) 4637 'CN': '2.5.4.3', 4638 'L': '2.5.4.7', 4639 'ST': '2.5.4.8', 4640 'O': '2.5.4.10', 4641 'OU': '2.5.4.11', 4642 'C': '2.5.4.6', 4643 'STREET': '2.5.4.9', 4644 'DC': '0.9.2342.19200300.100.1.25', 4645 'UID': '0.9.2342.19200300.100.1.1', 4646 // other AttributeType name string 4647 // http://blog.livedoor.jp/k_urushima/archives/656114.html 4648 'SN': '2.5.4.4', // surname 4649 'T': '2.5.4.12', // title 4650 'GN': '2.5.4.42', // givenName 4651 'DN': '2.5.4.49', // distinguishedName 4652 'E': '1.2.840.113549.1.9.1', // emailAddress in MS.NET or Bouncy 4653 // other AttributeType name string (no short name) 4654 'description': '2.5.4.13', 4655 'businessCategory': '2.5.4.15', 4656 'postalCode': '2.5.4.17', 4657 'serialNumber': '2.5.4.5', 4658 'uniqueIdentifier': '2.5.4.45', 4659 'organizationIdentifier': '2.5.4.97', 4660 'jurisdictionOfIncorporationL': '1.3.6.1.4.1.311.60.2.1.1', 4661 'jurisdictionOfIncorporationSP':'1.3.6.1.4.1.311.60.2.1.2', 4662 'jurisdictionOfIncorporationC': '1.3.6.1.4.1.311.60.2.1.3' 4663 }; 4664 4665 this.objCache = {}; 4666 4667 /** 4668 * get DERObjectIdentifier by registered OID name 4669 * @name name2obj 4670 * @memberOf KJUR.asn1.x509.OID 4671 * @function 4672 * @param {String} name OID 4673 * @return {Object} DERObjectIdentifier instance 4674 * @see KJUR.asn1.DERObjectIdentifier 4675 * 4676 * @description 4677 * This static method returns DERObjectIdentifier object 4678 * for the specified OID. 4679 * 4680 * @example 4681 * var asn1ObjOID = KJUR.asn1.x509.OID.name2obj('SHA1withRSA'); 4682 */ 4683 this.name2obj = function(name) { 4684 if (typeof this.objCache[name] != "undefined") 4685 return this.objCache[name]; 4686 if (typeof this.name2oidList[name] == "undefined") 4687 throw "Name of ObjectIdentifier not defined: " + name; 4688 var oid = this.name2oidList[name]; 4689 var obj = new _DERObjectIdentifier({'oid': oid}); 4690 this.objCache[name] = obj; 4691 return obj; 4692 }; 4693 4694 /** 4695 * get DERObjectIdentifier by registered attribute type name such like 'C' or 'CN'<br/> 4696 * @name atype2obj 4697 * @memberOf KJUR.asn1.x509.OID 4698 * @function 4699 * @param {String} atype short attribute type name such like 'C', 'CN' or OID 4700 * @return KJUR.asn1.DERObjectIdentifier instance 4701 * @description 4702 * @example 4703 * KJUR.asn1.x509.OID.atype2obj('CN') → DERObjectIdentifier of 2.5.4.3 4704 * KJUR.asn1.x509.OID.atype2obj('OU') → DERObjectIdentifier of 2.5.4.11 4705 * KJUR.asn1.x509.OID.atype2obj('streetAddress') → DERObjectIdentifier of 2.5.4.9 4706 * KJUR.asn1.x509.OID.atype2obj('2.5.4.9') → DERObjectIdentifier of 2.5.4.9 4707 */ 4708 this.atype2obj = function(atype) { 4709 if (this.objCache[atype] !== undefined) 4710 return this.objCache[atype]; 4711 4712 var oid; 4713 4714 if (atype.match(/^\d+\.\d+\.[0-9.]+$/)) { 4715 oid = atype; 4716 } else if (this.atype2oidList[atype] !== undefined) { 4717 oid = this.atype2oidList[atype]; 4718 } else if (this.name2oidList[atype] !== undefined) { 4719 oid = this.name2oidList[atype]; 4720 } else { 4721 throw new Error("AttributeType name undefined: " + atype); 4722 } 4723 var obj = new _DERObjectIdentifier({'oid': oid}); 4724 this.objCache[atype] = obj; 4725 return obj; 4726 }; 4727 4728 /** 4729 * register OID list<br/> 4730 * @name registerOIDs 4731 * @memberOf KJUR.asn1.x509.OID 4732 * @function 4733 * @param {object} oids associative array of names and oids 4734 * @since jsrsasign 10.5.2 asn1x509 2.1.11 4735 * @see KJUR.asn1.x509.OID.checkOIDs 4736 * 4737 * @description 4738 * This static method to register an oids to existing list 4739 * additionally. 4740 * 4741 * @example 4742 * KJUR.asn1.x509.OID.checkOIDs({ 4743 * "test1": "4.5.7.8" 4744 * }) // do nothing for invalid list 4745 * 4746 * KJUR.asn1.x509.OID.registerOIDs({ 4747 * "test1": "1.2.3", 4748 * "test2": "0.2.3.4.23", 4749 * }) // successfully registered 4750 * 4751 * KJUR.asn1.x509.OID.name2oid("test1") → "1.2.3" 4752 */ 4753 this.registerOIDs = function(oids) { 4754 if (! this.checkOIDs(oids)) return; 4755 for (var name in oids) { 4756 this.name2oidList[name] = oids[name]; 4757 } 4758 }; 4759 4760 /** 4761 * check validity for OID list<br/> 4762 * @name checkOIDs 4763 * @memberOf KJUR.asn1.x509.OID 4764 * @function 4765 * @param {object} oids associative array of names and oids 4766 * @return {boolean} return true when valid OID list otherwise false 4767 * @since jsrsasign 10.5.2 asn1x509 2.1.11 4768 * @see KJUR.asn1.x509.OID.registOIDs 4769 * 4770 * @description 4771 * This static method validates an associative array 4772 * as oid list. 4773 * 4774 * @example 4775 * KJUR.asn1.x509.OID.checkOIDs(*non-assoc-array*) → false 4776 * KJUR.asn1.x509.OID.checkOIDs({}) → false 4777 * KJUR.asn1.x509.OID.checkOIDs({"test1": "apple"}) → false 4778 * KJUR.asn1.x509.OID.checkOIDs({ 4779 * "test1": "1.2.3", 4780 * "test2": "0.2.3.4.23", 4781 * }) → true // valid oids 4782 * KJUR.asn1.x509.OID.checkOIDs({ 4783 * "test1": "4.5.7.8" 4784 * }) → false // invalid oid 4785 */ 4786 this.checkOIDs = function(oids) { 4787 try { 4788 var nameList = Object.keys(oids); 4789 if (nameList.length == 0) 4790 return false; 4791 nameList.map(function(value, index, array) { 4792 var oid = this[value]; 4793 if (! oid.match(/^[0-2]\.[0-9.]+$/)) 4794 throw new Error("value is not OID"); 4795 }, oids); 4796 return true; 4797 } catch(ex) { 4798 return false; 4799 } 4800 }; 4801 4802 4803 }; 4804 4805 /** 4806 * convert OID to name<br/> 4807 * @name oid2name 4808 * @memberOf KJUR.asn1.x509.OID 4809 * @function 4810 * @param {String} oid dot noted Object Identifer string (ex. 1.2.3.4) 4811 * @return {String} OID name if registered otherwise empty string 4812 * @since asn1x509 1.0.9 4813 * @description 4814 * This static method converts OID string to its name. 4815 * If OID is undefined then it returns empty string (i.e. ''). 4816 * @example 4817 * KJUR.asn1.x509.OID.oid2name("1.3.6.1.5.5.7.1.1") → 'authorityInfoAccess' 4818 */ 4819 KJUR.asn1.x509.OID.oid2name = function(oid) { 4820 var list = KJUR.asn1.x509.OID.name2oidList; 4821 for (var name in list) { 4822 if (list[name] == oid) return name; 4823 } 4824 return ''; 4825 }; 4826 4827 /** 4828 * convert OID to AttributeType name<br/> 4829 * @name oid2atype 4830 * @memberOf KJUR.asn1.x509.OID 4831 * @function 4832 * @param {String} oid dot noted Object Identifer string (ex. 1.2.3.4) 4833 * @return {String} OID AttributeType name if registered otherwise oid 4834 * @since jsrsasign 6.2.2 asn1x509 1.0.18 4835 * @description 4836 * This static method converts OID string to its AttributeType name. 4837 * If OID is not defined in OID.atype2oidList associative array then it returns OID 4838 * specified as argument. 4839 * @example 4840 * KJUR.asn1.x509.OID.oid2atype("2.5.4.3") → CN 4841 * KJUR.asn1.x509.OID.oid2atype("1.3.6.1.4.1.311.60.2.1.3") → jurisdictionOfIncorporationC 4842 * KJUR.asn1.x509.OID.oid2atype("0.1.2.3.4") → 0.1.2.3.4 // unregistered OID 4843 */ 4844 KJUR.asn1.x509.OID.oid2atype = function(oid) { 4845 var list = KJUR.asn1.x509.OID.atype2oidList; 4846 for (var atype in list) { 4847 if (list[atype] == oid) return atype; 4848 } 4849 return oid; 4850 }; 4851 4852 /** 4853 * convert OID name to OID value<br/> 4854 * @name name2oid 4855 * @memberOf KJUR.asn1.x509.OID 4856 * @function 4857 * @param {String} name OID name or OID (ex. "sha1" or "1.2.3.4") 4858 * @return {String} dot noted Object Identifer string (ex. 1.2.3.4) 4859 * @since asn1x509 1.0.11 4860 * @description 4861 * This static method converts from OID name to OID string. 4862 * If OID is undefined then it returns empty string (i.e. ''). 4863 * @example 4864 * KJUR.asn1.x509.OID.name2oid("authorityInfoAccess") → "1.3.6.1.5.5.7.1.1" 4865 * KJUR.asn1.x509.OID.name2oid("1.2.3.4") → "1.2.3.4" 4866 * KJUR.asn1.x509.OID.name2oid("UNKNOWN NAME") → "" 4867 */ 4868 KJUR.asn1.x509.OID.name2oid = function(name) { 4869 if (name.match(/^[0-9.]+$/)) return name; 4870 var list = KJUR.asn1.x509.OID.name2oidList; 4871 if (list[name] === undefined) return ''; 4872 return list[name]; 4873 }; 4874 4875 /** 4876 * X.509 certificate and CRL utilities class<br/> 4877 * @name KJUR.asn1.x509.X509Util 4878 * @class X.509 certificate and CRL utilities class 4879 */ 4880 KJUR.asn1.x509.X509Util = {}; 4881 4882 /** 4883 * issue a certificate in PEM format (DEPRECATED) 4884 * @name newCertPEM 4885 * @memberOf KJUR.asn1.x509.X509Util 4886 * @function 4887 * @param {Array} param JSON object of parameter to issue a certificate 4888 * @since asn1x509 1.0.6 4889 * @deprecated since jsrsasign 9.0.0 asn1x509 2.0.0. please move to {@link KJUR.asn1.x509.Certificate} constructor 4890 * @description 4891 * This method can issue a certificate by a simple 4892 * JSON object. 4893 * Signature value will be provided by signing with 4894 * private key using 'cakey' parameter or 4895 * hexadecimal signature value by 'sighex' parameter. 4896 * <br/> 4897 * NOTE: Algorithm parameter of AlgorithmIdentifier will 4898 * be set automatically by default. 4899 * (see {@link KJUR.asn1.x509.AlgorithmIdentifier}) 4900 * from jsrsasign 7.1.1 asn1x509 1.0.20. 4901 * <br/> 4902 * NOTE2: 4903 * RSA-PSS algorithm has been supported from jsrsasign 8.0.21. 4904 * As for RSA-PSS signature algorithm names and signing parameters 4905 * such as MGF function and salt length, please see 4906 * {@link KJUR.asn1.x509.AlgorithmIdentifier} class. 4907 * 4908 * @example 4909 * var certPEM = KJUR.asn1.x509.X509Util.newCertPEM({ 4910 * serial: {int: 4}, 4911 * sigalg: {name: 'SHA1withECDSA'}, 4912 * issuer: {str: '/C=US/O=a'}, 4913 * notbefore: {'str': '130504235959Z'}, 4914 * notafter: {'str': '140504235959Z'}, 4915 * subject: {str: '/C=US/O=b'}, 4916 * sbjpubkey: pubKeyObj, 4917 * ext: [ 4918 * {basicConstraints: {cA: true, critical: true}}, 4919 * {keyUsage: {bin: '11'}}, 4920 * ], 4921 * cakey: prvKeyObj 4922 * }); 4923 * // -- or -- 4924 * var certPEM = KJUR.asn1.x509.X509Util.newCertPEM({ 4925 * serial: {int: 4}, 4926 * sigalg: {name: 'SHA1withECDSA'}, 4927 * issuer: {str: '/C=US/O=a'}, 4928 * notbefore: {'str': '130504235959Z'}, 4929 * notafter: {'str': '140504235959Z'}, 4930 * subject: {str: '/C=US/O=b'}, 4931 * sbjpubkey: pubKeyPEM, 4932 * ext: [ 4933 * {basicConstraints: {cA: true, critical: true}}, 4934 * {keyUsage: {bin: '11'}}, 4935 * ], 4936 * cakey: [prvkey, pass]} 4937 * ); 4938 * // -- or -- 4939 * var certPEM = KJUR.asn1.x509.X509Util.newCertPEM({ 4940 * serial: {int: 1}, 4941 * sigalg: {name: 'SHA1withRSA'}, 4942 * issuer: {str: '/C=US/O=T1'}, 4943 * notbefore: {'str': '130504235959Z'}, 4944 * notafter: {'str': '140504235959Z'}, 4945 * subject: {str: '/C=US/O=T1'}, 4946 * sbjpubkey: pubKeyObj, 4947 * sighex: '0102030405..' 4948 * }); 4949 * // for the issuer and subject field, another 4950 * // representation is also available 4951 * var certPEM = KJUR.asn1.x509.X509Util.newCertPEM({ 4952 * serial: {int: 1}, 4953 * sigalg: {name: 'SHA256withRSA'}, 4954 * issuer: {C: "US", O: "T1"}, 4955 * notbefore: {'str': '130504235959Z'}, 4956 * notafter: {'str': '140504235959Z'}, 4957 * subject: {C: "US", O: "T1", CN: "http://example.com/"}, 4958 * sbjpubkey: pubKeyObj, 4959 * sighex: '0102030405..' 4960 * }); 4961 */ 4962 KJUR.asn1.x509.X509Util.newCertPEM = function(param) { 4963 var _KJUR_asn1_x509 = KJUR.asn1.x509, 4964 _TBSCertificate = _KJUR_asn1_x509.TBSCertificate, 4965 _Certificate = _KJUR_asn1_x509.Certificate; 4966 var cert = new _Certificate(param); 4967 return cert.getPEM(); 4968 }; 4969 4970