1 /* asn1x509-2.1.6.js (c) 2013-2020 Kenji Urushima | kjur.github.com/jsrsasign/license
  2  */
  3 /*
  4  * asn1x509.js - ASN.1 DER encoder classes for X.509 certificate
  5  *
  6  * Copyright (c) 2013-2020 Kenji Urushima (kenji.urushima@gmail.com)
  7  *
  8  * This software is licensed under the terms of the MIT License.
  9  * https://kjur.github.io/jsrsasign/license
 10  *
 11  * The above copyright and license notice shall be
 12  * included in all copies or substantial portions of the Software.
 13  */
 14 
 15 /**
 16  * @fileOverview
 17  * @name asn1x509-1.0.js
 18  * @author Kenji Urushima kenji.urushima@gmail.com
 19  * @version jsrsasign 10.1.0 asn1x509 2.1.6 (2020-Nov-18)
 20  * @since jsrsasign 2.1
 21  * @license <a href="https://kjur.github.io/jsrsasign/license/">MIT License</a>
 22  */
 23 
 24 /**
 25  * kjur's class library name space
 26  * // already documented in asn1-1.0.js
 27  * @name KJUR
 28  * @namespace kjur's class library name space
 29  */
 30 if (typeof KJUR == "undefined" || !KJUR) KJUR = {};
 31 
 32 /**
 33  * kjur's ASN.1 class library name space
 34  * // already documented in asn1-1.0.js
 35  * @name KJUR.asn1
 36  * @namespace
 37  */
 38 if (typeof KJUR.asn1 == "undefined" || !KJUR.asn1) KJUR.asn1 = {};
 39 
 40 /**
 41  * kjur's ASN.1 class for X.509 certificate library name space
 42  * <p>
 43  * <h4>FEATURES</h4>
 44  * <ul>
 45  * <li>easily issue any kind of certificate</li>
 46  * <li>APIs are very similar to BouncyCastle library ASN.1 classes. So easy to learn.</li>
 47  * </ul>
 48  * </p>
 49  * <h4>PROVIDED CLASSES</h4>
 50  * <ul>
 51  * <li>{@link KJUR.asn1.x509.Certificate}</li>
 52  * <li>{@link KJUR.asn1.x509.TBSCertificate}</li>
 53  * <li>{@link KJUR.asn1.x509.Extension} abstract class</li>
 54  * <li>{@link KJUR.asn1.x509.Extensions}</li>
 55  * <li>{@link KJUR.asn1.x509.SubjectPublicKeyInfo}</li>
 56  * <li>{@link KJUR.asn1.x509.AlgorithmIdentifier}</li>
 57  * <li>{@link KJUR.asn1.x509.GeneralNames}</li>
 58  * <li>{@link KJUR.asn1.x509.GeneralName}</li>
 59  * <li>{@link KJUR.asn1.x509.X500Name}</li>
 60  * <li>{@link KJUR.asn1.x509.RDN}</li>
 61  * <li>{@link KJUR.asn1.x509.AttributeTypeAndValue}</li>
 62  * <li>{@link KJUR.asn1.x509.DistributionPointName}</li>
 63  * <li>{@link KJUR.asn1.x509.DistributionPoint}</li>
 64  * <li>{@link KJUR.asn1.x509.PolicyInformation}</li>
 65  * <li>{@link KJUR.asn1.x509.PolicyQualifierInfo}</li>
 66  * <li>{@link KJUR.asn1.x509.UserNotice}</li>
 67  * <li>{@link KJUR.asn1.x509.NoticeReference}</li>
 68  * <li>{@link KJUR.asn1.x509.DisplayText}</li>
 69  * <li>{@link KJUR.asn1.x509.CRL}</li>
 70  * <li>{@link KJUR.asn1.x509.TBSCertList}</li>
 71  * <li>{@link KJUR.asn1.x509.CRLEntry} (DEPRECATED)</li>
 72  * <li>{@link KJUR.asn1.x509.OID}</li>
 73  * </ul>
 74  * <h4>SUPPORTED EXTENSIONS</h4>
 75  * <ul>
 76  * <li>{@link KJUR.asn1.x509.BasicConstraints}</li>
 77  * <li>{@link KJUR.asn1.x509.KeyUsage}</li>
 78  * <li>{@link KJUR.asn1.x509.CRLDistributionPoints}</li>
 79  * <li>{@link KJUR.asn1.x509.CertificatePolicies}</li>
 80  * <li>{@link KJUR.asn1.x509.ExtKeyUsage}</li>
 81  * <li>{@link KJUR.asn1.x509.AuthorityKeyIdentifier}</li>
 82  * <li>{@link KJUR.asn1.x509.SubjectKeyIdentifier}</li>
 83  * <li>{@link KJUR.asn1.x509.AuthorityInfoAccess}</li>
 84  * <li>{@link KJUR.asn1.x509.SubjectAltName}</li>
 85  * <li>{@link KJUR.asn1.x509.IssuerAltName}</li>
 86  * <li>{@link KJUR.asn1.x509.CertificatePolicies}</li>
 87  * <li>{@link KJUR.asn1.x509.CRLNumber}</li>
 88  * <li>{@link KJUR.asn1.x509.CRLReason}</li>
 89  * <li>{@link KJUR.asn1.x509.OCSPNonce</li>
 90  * <li>{@link KJUR.asn1.x509.OCSPNoCheck</li>
 91  * <li>{@link KJUR.asn1.x509.AdobeTimeStamp}</li>
 92  * </ul>
 93  * NOTE1: Please ignore method summary and document of this namespace. This caused by a bug of jsdoc2.<br/>
 94  * NOTE2: SubjectAltName and IssuerAltName supported since 
 95  * jsrsasign 6.2.3 asn1x509 1.0.19.<br/>
 96  * NOTE3: CeritifcatePolicies supported supported since
 97  * jsrsasign 8.0.23 asn1x509 1.1.12<br/>
 98  * @name KJUR.asn1.x509
 99  * @namespace
100  */
101 if (typeof KJUR.asn1.x509 == "undefined" || !KJUR.asn1.x509) KJUR.asn1.x509 = {};
102 
103 // === BEGIN Certificate ===================================================
104 
105 /**
106  * X.509 Certificate class to sign and generate hex encoded certificate
107  * @name KJUR.asn1.x509.Certificate
108  * @class X.509 Certificate class to sign and generate hex encoded certificate
109  * @property {Array} params JSON object of parameters
110  * @param {Array} params JSON object for Certificate parameters
111  * @extends KJUR.asn1.ASN1Object
112  * @description
113  * <br/>
114  * This class provides Certificate ASN.1 class structure
115  * defined in 
116  * <a href="https://tools.ietf.org/html/rfc5280#section-4.1">
117  * RFC 5280 4.1</a>.
118  * <pre>
119  * Certificate  ::=  SEQUENCE  {
120  *      tbsCertificate       TBSCertificate,
121  *      signatureAlgorithm   AlgorithmIdentifier,
122  *      signatureValue       BIT STRING  }
123  * </pre>
124  * Parameter "params" JSON object can be
125  * the same as {@link KJUR.asn1.x509.TBSCertificate}. 
126  * Then they are used to generate TBSCertificate.
127  * Additionally just for Certificate, following parameters can be used:
128  * <ul>
129  * <li>{TBSCertfificate}tbsobj - 
130  * specifies {@link KJUR.asn1.x509.TBSCertificate} 
131  * object to be signed if needed. 
132  * When this isn't specified, 
133  * this will be set from other parametes of TBSCertificate.</li>
134  * <li>{Object}cakey (OPTION) - specifies certificate signing private key.
135  * Parameter "cakey" or "sighex" shall be specified. Following
136  * values can be specified:
137  *   <ul>
138  *   <li>PKCS#1/5 or PKCS#8 PEM string of private key</li>
139  *   <li>RSAKey/DSA/ECDSA key object. {@link KEYUTIL.getKey} is useful
140  *   to generate a key object.</li>
141  *   </ul>
142  * </li>
143  * <li>{String}sighex (OPTION) - hexadecimal string of signature value
144  * (i.e. ASN.1 value(V) of signatureValue BIT STRING without
145  * unused bits)</li>
146  * </ul>
147  * CAUTION: APIs of this class have been totally updated without
148  * backward compatibility since jsrsasign 9.0.0.<br/>
149  * NOTE1: 'params' can be omitted.<br/>
150  * NOTE2: DSA/ECDSA is also supported for CA signging key from asn1x509 1.0.6.
151  * @example
152  * var cert = new KJUR.asn1.x509.Certificate({
153  *  version: 3,
154  *  serial: {hex: "1234..."},
155  *  sigalg: "SHA256withRSAandMGF1",
156  *  ...
157  *  sighex: "1d3f..." // sign() method won't be called
158  * });
159  *
160  * // sighex will by calculated by signing with cakey
161  * var cert = new KJUR.asn1.x509.Certificate({
162  *  version: 3,
163  *  serial: {hex: "2345..."},
164  *  sigalg: "SHA256withRSA",
165  *  ...
166  *  cakey: "-----BEGIN PRIVATE KEY..."
167  * });
168  *
169  * // use TBSCertificate object to sign
170  * var cert = new KJUR.asn1.x509.Certificate({
171  *  tbsobj: <<OBJ>>,
172  *  sigalg: "SHA256withRSA",
173  *  cakey: "-----BEGIN PRIVATE KEY..."
174  * });
175  */
176 KJUR.asn1.x509.Certificate = function(params) {
177     KJUR.asn1.x509.Certificate.superclass.constructor.call(this);
178     var _KJUR = KJUR,
179 	_KJUR_asn1 = _KJUR.asn1,
180 	_DERBitString = _KJUR_asn1.DERBitString,
181 	_DERSequence = _KJUR_asn1.DERSequence,
182 	_KJUR_asn1_x509 = _KJUR_asn1.x509,
183 	_TBSCertificate = _KJUR_asn1_x509.TBSCertificate,
184 	_AlgorithmIdentifier = _KJUR_asn1_x509.AlgorithmIdentifier;
185 
186     this.params = undefined;
187 
188     /**
189      * set parameter<br/>
190      * @name setByParam
191      * @memberOf KJUR.asn1.x509.Certificate#
192      * @function
193      * @param params {Array} JSON object of certificate parameters
194      * @since jsrsasign 9.0.0 asn1hex 2.0.0
195      * @description
196      * This method will set parameter 
197      * {@link KJUR.asn1.x509.Certificate#params}
198      * to this object.
199      * @example
200      * cert = new KJUR.asn1.x509.Certificate();
201      * cert.setByParam({
202      *   version: 3,
203      *   serial: {hex: "1234..."},
204      *   ...
205      * });
206      */
207     this.setByParam = function(params) {
208 	this.params = params;
209     };
210 
211     /**
212      * sign certificate<br/>
213      * @name sign
214      * @memberOf KJUR.asn1.x509.Certificate#
215      * @function
216      * @description
217      * This method signs TBSCertificate with a specified 
218      * private key and algorithm by 
219      * this.params.cakey and this.params.sigalg parameter.
220      * @example
221      * cert = new KJUR.asn1.x509.Certificate({...});
222      * cert.sign()
223      */
224     this.sign = function() {
225 	var params = this.params;
226 
227 	var sigalg = params.sigalg;
228 	if (params.sigalg.name != undefined) 
229 	    sigalg = params.sigalg.name;
230 
231 	var hTBS = params.tbsobj.getEncodedHex();
232 	var sig = new KJUR.crypto.Signature({alg: sigalg});
233 	sig.init(params.cakey);
234 	sig.updateHex(hTBS);
235 	params.sighex = sig.sign();
236     };
237 
238     /**
239      * get PEM formatted certificate string after signed
240      * @name getPEM
241      * @memberOf KJUR.asn1.x509.Certificate#
242      * @function
243      * @return PEM formatted string of certificate
244      * @since jsrsasign 9.0.0 asn1hex 2.0.0
245      * @description
246      * This method returns a string of PEM formatted 
247      * certificate.
248      * @example
249      * cert = new KJUR.asn1.x509.Certificate({...});
250      * cert.getPEM() →
251      * "-----BEGIN CERTIFICATE-----\r\n..."
252      */
253     this.getPEM = function() {
254 	return hextopem(this.getEncodedHex(), "CERTIFICATE");
255     };
256 
257     this.getEncodedHex = function() {
258 	var params = this.params;
259 	
260 	if (params.tbsobj == undefined || params.tbsobj == null) {
261 	    params.tbsobj = new _TBSCertificate(params);
262 	}
263 
264 	if (params.sighex == undefined && params.cakey != undefined) {
265 	    this.sign();
266 	}
267 
268 	if (params.sighex == undefined) {
269 	    throw new Error("sighex or cakey parameter not defined");
270 	}
271 
272 	var a = [];
273 	a.push(params.tbsobj);
274 	a.push(new _AlgorithmIdentifier({name: params.sigalg}));
275 	a.push(new _DERBitString({hex: "00" + params.sighex}));
276 	var seq = new _DERSequence({array: a});
277 	return seq.getEncodedHex();
278     };
279 
280     if (params != undefined) this.params = params;
281 };
282 YAHOO.lang.extend(KJUR.asn1.x509.Certificate, KJUR.asn1.ASN1Object);
283 
284 /**
285  * ASN.1 TBSCertificate structure class<br/>
286  * @name KJUR.asn1.x509.TBSCertificate
287  * @class ASN.1 TBSCertificate structure class
288  * @property {Array} params JSON object of parameters
289  * @param {Array} params JSON object of TBSCertificate parameters
290  * @extends KJUR.asn1.ASN1Object
291  * @see KJUR.asn1.x509.Certificate
292  *
293  * @description
294  * <br/>
295  * NOTE: TBSCertificate class is updated without backward 
296  * compatibility from jsrsasign 9.0.0 asn1x509 2.0.0.
297  * Most of methods are removed and parameters can be set
298  * by JSON object.
299  *
300  * @example
301  * new TBSCertificate({
302  *  version: 3, // this can be omitted, the default is 3.
303  *  serial: {hex: "1234..."}, // DERInteger parameter
304  *  sigalg: "SHA256withRSA",
305  *  issuer: {array:[[{type:'O',value:'Test',ds:'prn'}]]}, // X500Name parameter
306  *  notbefore: "151231235959Z", // string, passed to Time
307  *  notafter: "251231235959Z", // string, passed to Time
308  *  subject: {array:[[{type:'O',value:'Test',ds:'prn'}]]}, // X500Name parameter
309  *  sbjpubkey: "-----BEGIN...", // KEYUTIL.getKey pubkey parameter
310  *  // As for extension parameters, please see extension class
311  *  // All extension parameters need to have "extname" parameter additionaly.
312  *  ext:[{ 
313  *   extname:"keyUsage",critical:true,
314  *   names:["digitalSignature","keyEncipherment"]
315  *  },{
316  *   extname:"cRLDistributionPoints",
317  *   array:[{dpname:{full:[{uri:"http://example.com/a1.crl"}]}}]
318  *  }, ...]
319  * })
320  *
321  * var tbsc = new TBSCertificate();
322  * tbsc.setByParam({version:3,serial:{hex:'1234...'},...});
323  */
324 KJUR.asn1.x509.TBSCertificate = function(params) {
325     KJUR.asn1.x509.TBSCertificate.superclass.constructor.call(this);
326     var _KJUR = KJUR,
327 	_KJUR_asn1 = _KJUR.asn1,
328 	_KJUR_asn1_x509 = _KJUR_asn1.x509,
329 	_DERTaggedObject = _KJUR_asn1.DERTaggedObject,
330 	_DERInteger = _KJUR_asn1.DERInteger,
331 	_DERSequence = _KJUR_asn1.DERSequence,
332 	_AlgorithmIdentifier = _KJUR_asn1_x509.AlgorithmIdentifier,
333 	_Time = _KJUR_asn1_x509.Time,
334 	_X500Name = _KJUR_asn1_x509.X500Name,
335 	_Extensions = _KJUR_asn1_x509.Extensions,
336 	_SubjectPublicKeyInfo = _KJUR_asn1_x509.SubjectPublicKeyInfo;
337 
338     this.params = null;
339 
340     /**
341      * get array of ASN.1 object for extensions<br/>
342      * @name setByParam
343      * @memberOf KJUR.asn1.x509.TBSCertificate#
344      * @function
345      * @param {Array} JSON object of TBSCertificate parameters
346      * @example
347      * tbsc = new KJUR.asn1.x509.TBSCertificate();
348      * tbsc.setByParam({version:3, serial:{hex:'1234...'},...});
349      */
350     this.setByParam = function(params) {
351 	this.params = params;
352     };
353 
354     this.getEncodedHex = function() {
355 	var a = [];
356 	var params = this.params;
357 
358 	// X.509v3 default if params.version not defined
359 	if (params.version != undefined || params.version != 1) {
360 	    var version = 2; 
361 	    if (params.version != undefined) version = params.version - 1;
362 	    var obj = 
363 		new _DERTaggedObject({obj: new _DERInteger({'int': version})}) 
364 	    a.push(obj);
365 	}
366 
367 	a.push(new _DERInteger(params.serial));
368 	a.push(new _AlgorithmIdentifier({name: params.sigalg}));
369 	a.push(new _X500Name(params.issuer));
370 	a.push(new _DERSequence({array:[new _Time(params.notbefore),
371 					new _Time(params.notafter)]}));
372 	a.push(new _X500Name(params.subject));
373 	a.push(new _SubjectPublicKeyInfo(KEYUTIL.getKey(params.sbjpubkey)));
374 	if (params.ext !== undefined && params.ext.length > 0) {
375 	    a.push(new _DERTaggedObject({tag: "a3",
376 					 obj: new _Extensions(params.ext)}));
377 	}
378 
379 	var seq = new KJUR.asn1.DERSequence({array: a});
380 	return seq.getEncodedHex();
381     };
382 
383     if (params !== undefined) this.setByParam(params);
384 };
385 YAHOO.lang.extend(KJUR.asn1.x509.TBSCertificate, KJUR.asn1.ASN1Object);
386 
387 /**
388  * Extensions ASN.1 structure class<br/>
389  * @name KJUR.asn1.x509.Extensions
390  * @class Extensions ASN.1 structure class
391  * @param {Array} aParam array of JSON extension parameter
392  * @extends KJUR.asn1.ASN1Object
393  * @since jsrsasign 9.1.0 asn1x509 2.1.0
394  * @see KJUR.asn1.x509.TBSCertificate
395  * @see KJUR.asn1.x509.TBSCertList
396  * @see KJUR.asn1.csr.CertificationRequestInfo
397  * @see KJUR.asn1.x509.PrivateExtension
398  *
399  * @description
400  * This class represents
401  * <a href="https://tools.ietf.org/html/rfc5280#section-4.1">
402  * Extensions defined in RFC 5280 4.1</a> and
403  * <a href="https://tools.ietf.org/html/rfc5280#section-4.1.2.9">
404  * 4.1.2.9</a>.
405  * <pre>
406  * Extensions  ::=  SEQUENCE SIZE (1..MAX) OF Extension
407  * </pre>
408  * NOTE: From jsrsasign 9.1.1, private extension or
409  * undefined extension have been supported by
410  * {@link KJUR.asn1.x509.PrivateExtension}.
411  *
412  * @example
413  * o = new KJUR.asn1.x509.Extensions([
414  *   {extname:"keyUsage",critical:true,names:["digitalSignature"]},
415  *   {extname:"subjectAltName",array:[{dns:"example.com"}]},
416  *   {extname:"1.2.3.4",extn:{prnstr:"aa"}} // private extension
417  * ]);
418  * o.getEncodedHex() → "30..."
419  */
420 KJUR.asn1.x509.Extensions = function(aParam) {
421     KJUR.asn1.x509.Extensions.superclass.constructor.call(this);
422     var _KJUR = KJUR,
423 	_KJUR_asn1 = _KJUR.asn1,
424 	_DERSequence = _KJUR_asn1.DERSequence,
425 	_KJUR_asn1_x509 = _KJUR_asn1.x509;
426     this.aParam = [];
427 
428     this.setByParam = function(aParam) { this.aParam = aParam; }
429 
430     this.getEncodedHex = function() {
431 	var a = [];
432 	for (var i = 0; i < this.aParam.length; i++) {
433 	    var param = this.aParam[i];
434 	    var extname = param.extname;
435 	    var obj = null;
436 
437 	    if (param.extn != undefined) {
438 		obj = new _KJUR_asn1_x509.PrivateExtension(param);
439 	    } else if (extname == "subjectKeyIdentifier") {
440 		obj = new _KJUR_asn1_x509.SubjectKeyIdentifier(param);
441 	    } else if (extname == "keyUsage") {
442 		obj = new _KJUR_asn1_x509.KeyUsage(param);
443 	    } else if (extname == "subjectAltName") {
444 		obj = new _KJUR_asn1_x509.SubjectAltName(param);
445 	    } else if (extname == "issuerAltName") {
446 		obj = new _KJUR_asn1_x509.IssuerAltName(param);
447 	    } else if (extname == "basicConstraints") {
448 		obj = new _KJUR_asn1_x509.BasicConstraints(param);
449 	    } else if (extname == "cRLDistributionPoints") {
450 		obj = new _KJUR_asn1_x509.CRLDistributionPoints(param);
451 	    } else if (extname == "certificatePolicies") {
452 		obj = new _KJUR_asn1_x509.CertificatePolicies(param);
453 	    } else if (extname == "authorityKeyIdentifier") {
454 		obj = new _KJUR_asn1_x509.AuthorityKeyIdentifier(param);
455 	    } else if (extname == "extKeyUsage") {
456 		obj = new _KJUR_asn1_x509.ExtKeyUsage(param);
457 	    } else if (extname == "authorityInfoAccess") {
458 		obj = new _KJUR_asn1_x509.AuthorityInfoAccess(param);
459 	    } else if (extname == "cRLNumber") {
460 		obj = new _KJUR_asn1_x509.CRLNumber(param);
461 	    } else if (extname == "cRLReason") {
462 		obj = new _KJUR_asn1_x509.CRLReason(param);
463 	    } else if (extname == "ocspNonce") {
464 		obj = new _KJUR_asn1_x509.OCSPNonce(param);
465 	    } else if (extname == "ocspNoCheck") {
466 		obj = new _KJUR_asn1_x509.OCSPNoCheck(param);
467 	    } else if (extname == "adobeTimeStamp") {
468 		obj = new _KJUR_asn1_x509.AdobeTimeStamp(param);
469 	    } else {
470 		throw new Error("extension not supported:"
471 				+ JSON.stringify(param));
472 	    }
473 	    if (obj != null) a.push(obj);
474 	}
475 
476 	var seq = new _DERSequence({array: a});
477 	return seq.getEncodedHex();
478     };
479 
480     if (aParam != undefined) this.setByParam(aParam);
481 };
482 YAHOO.lang.extend(KJUR.asn1.x509.Extensions, KJUR.asn1.ASN1Object);
483 
484 
485 // === END   TBSCertificate ===================================================
486 
487 // === BEGIN X.509v3 Extensions Related =======================================
488 
489 /**
490  * base Extension ASN.1 structure class
491  * @name KJUR.asn1.x509.Extension
492  * @class base Extension ASN.1 structure class
493  * @param {Array} params associative array of parameters (ex. {'critical': true})
494  * @extends KJUR.asn1.ASN1Object
495  * @description
496  * <pre>
497  * Extension  ::=  SEQUENCE  {
498  *     extnID      OBJECT IDENTIFIER,
499  *     critical    BOOLEAN DEFAULT FALSE,
500  *     extnValue   OCTET STRING  }
501  * </pre>
502  * @example
503  */
504 KJUR.asn1.x509.Extension = function(params) {
505     KJUR.asn1.x509.Extension.superclass.constructor.call(this);
506     var asn1ExtnValue = null,
507 	_KJUR = KJUR,
508 	_KJUR_asn1 = _KJUR.asn1,
509 	_DERObjectIdentifier = _KJUR_asn1.DERObjectIdentifier,
510 	_DEROctetString = _KJUR_asn1.DEROctetString,
511 	_DERBitString = _KJUR_asn1.DERBitString,
512 	_DERBoolean = _KJUR_asn1.DERBoolean,
513 	_DERSequence = _KJUR_asn1.DERSequence;
514 
515     this.getEncodedHex = function() {
516         var asn1Oid = new _DERObjectIdentifier({'oid': this.oid});
517         var asn1EncapExtnValue =
518             new _DEROctetString({'hex': this.getExtnValueHex()});
519 
520         var asn1Array = new Array();
521         asn1Array.push(asn1Oid);
522         if (this.critical) asn1Array.push(new _DERBoolean());
523         asn1Array.push(asn1EncapExtnValue);
524 
525         var asn1Seq = new _DERSequence({'array': asn1Array});
526         return asn1Seq.getEncodedHex();
527     };
528 
529     this.critical = false;
530     if (params !== undefined) {
531         if (params.critical !== undefined) {
532             this.critical = params.critical;
533         }
534     }
535 };
536 YAHOO.lang.extend(KJUR.asn1.x509.Extension, KJUR.asn1.ASN1Object);
537 
538 /**
539  * KeyUsage ASN.1 structure class
540  * @name KJUR.asn1.x509.KeyUsage
541  * @class KeyUsage ASN.1 structure class
542  * @param {Array} params associative array of parameters (ex. {'bin': '11', 'critical': true})
543  * @extends KJUR.asn1.x509.Extension
544  * @description
545  * This class is for <a href="https://tools.ietf.org/html/rfc5280#section-4.2.1.3" target="_blank">KeyUsage</a> X.509v3 extension.
546  * <pre>
547  * id-ce-keyUsage OBJECT IDENTIFIER ::=  { id-ce 15 }
548  * KeyUsage ::= BIT STRING {
549  *   digitalSignature   (0),
550  *   nonRepudiation     (1),
551  *   keyEncipherment    (2),
552  *   dataEncipherment   (3),
553  *   keyAgreement       (4),
554  *   keyCertSign        (5),
555  *   cRLSign            (6),
556  *   encipherOnly       (7),
557  *   decipherOnly       (8) }
558  * </pre><br/>
559  * NOTE: 'names' parameter is supprted since jsrsasign 8.0.14.
560  * @example
561  * o = new KJUR.asn1.x509.KeyUsage({bin: "11"});
562  * o = new KJUR.asn1.x509.KeyUsage({critical: true, bin: "11"});
563  * o = new KJUR.asn1.x509.KeyUsage({names: ['digitalSignature', 'keyAgreement']});
564  */
565 KJUR.asn1.x509.KeyUsage = function(params) {
566     KJUR.asn1.x509.KeyUsage.superclass.constructor.call(this, params);
567     var _KEYUSAGE_NAME = X509.KEYUSAGE_NAME;
568 
569     this.getExtnValueHex = function() {
570         return this.asn1ExtnValue.getEncodedHex();
571     };
572 
573     this.oid = "2.5.29.15";
574     if (params !== undefined) {
575         if (params.bin !== undefined) {
576             this.asn1ExtnValue = new KJUR.asn1.DERBitString(params);
577         }
578 	if (params.names !== undefined &&
579 	    params.names.length !== undefined) {
580 	    var names = params.names;
581 	    var s = "000000000";
582 	    for (var i = 0; i < names.length; i++) {
583 		for (var j = 0; j < _KEYUSAGE_NAME.length; j++) {
584 		    if (names[i] === _KEYUSAGE_NAME[j]) {
585 			s = s.substring(0, j) + '1' + 
586 			    s.substring(j + 1, s.length);
587 		    }
588 		}
589 	    }
590             this.asn1ExtnValue = new KJUR.asn1.DERBitString({bin: s});
591 	}
592     }
593 };
594 YAHOO.lang.extend(KJUR.asn1.x509.KeyUsage, KJUR.asn1.x509.Extension);
595 
596 /**
597  * BasicConstraints ASN.1 structure class
598  * @name KJUR.asn1.x509.BasicConstraints
599  * @class BasicConstraints ASN.1 structure class
600  * @param {Array} params JSON object for parameters (ex. {cA:true,critical:true})
601  * @extends KJUR.asn1.x509.Extension
602  * @see {@link X509#getExtBasicConstraints}
603  * @description
604  * This class represents 
605  * <a href="https://tools.ietf.org/html/rfc5280#section-4.2.1.9">
606  * BasicConstraints extension defined in RFC 5280 4.2.1.9</a>.
607  * <pre>
608  *  id-ce-basicConstraints OBJECT IDENTIFIER ::=  { id-ce 19 }
609  *  BasicConstraints ::= SEQUENCE {
610  *       cA                      BOOLEAN DEFAULT FALSE,
611  *       pathLenConstraint       INTEGER (0..MAX) OPTIONAL }
612  * </pre>
613  * Its constructor can have following parameters:
614  * <ul>
615  * <li>{Boolean}cA - cA flag</li>
616  * <li>{Integer}pathLen - pathLen field value</li>
617  * <li>{Boolean}critical - critical flag</li>
618  * </ul>
619  * @example
620  * new KJUR.asn1.x509.BasicConstraints({
621  *   cA: true,
622  *   pathLen: 3,
623  *   critical: true
624  * })
625  */
626 KJUR.asn1.x509.BasicConstraints = function(params) {
627     KJUR.asn1.x509.BasicConstraints.superclass.constructor.call(this, params);
628     var _KJUR_asn1 = KJUR.asn1,
629 	_DERBoolean = _KJUR_asn1.DERBoolean,
630 	_DERInteger = _KJUR_asn1.DERInteger,
631 	_DERSequence = _KJUR_asn1.DERSequence;
632 
633     var cA = false;
634     var pathLen = -1;
635 
636     this.getExtnValueHex = function() {
637         var asn1Array = new Array();
638         if (this.cA) asn1Array.push(new _DERBoolean());
639         if (this.pathLen > -1)
640             asn1Array.push(new _DERInteger({'int': this.pathLen}));
641         var asn1Seq = new _DERSequence({'array': asn1Array});
642         this.asn1ExtnValue = asn1Seq;
643         return this.asn1ExtnValue.getEncodedHex();
644     };
645 
646     this.oid = "2.5.29.19";
647     this.cA = false;
648     this.pathLen = -1;
649     if (params !== undefined) {
650         if (params.cA !== undefined) {
651             this.cA = params.cA;
652         }
653         if (params.pathLen !== undefined) {
654             this.pathLen = params.pathLen;
655         }
656     }
657 };
658 YAHOO.lang.extend(KJUR.asn1.x509.BasicConstraints, KJUR.asn1.x509.Extension);
659 
660 /**
661  * CRLDistributionPoints ASN.1 structure class
662  * @name KJUR.asn1.x509.CRLDistributionPoints
663  * @class CRLDistributionPoints ASN.1 structure class
664  * @param {Array} params associative array of parameters (ex. {'uri': 'http://a.com/', 'critical': true})
665  * @extends KJUR.asn1.x509.Extension
666  * @see {@link X509#getExtCRLDistributionPoints}
667  * @see {@link KJUR.asn1.x509.DistributionPoint}
668  * @see {@link KJUR.asn1.x509.GeneralNames}
669  * @description
670  * This class represents 
671  * <a href="https://tools.ietf.org/html/rfc5280#section-4.2.1.13">
672  * CRLDistributionPoints extension defined in RFC 5280 4.2.1.13</a>.
673  * <pre>
674  * id-ce-cRLDistributionPoints OBJECT IDENTIFIER ::=  { id-ce 31 }
675  * CRLDistributionPoints ::= SEQUENCE SIZE (1..MAX) OF DistributionPoint
676  * DistributionPoint ::= SEQUENCE {
677  *      distributionPoint       [0]     DistributionPointName OPTIONAL,
678  *      reasons                 [1]     ReasonFlags OPTIONAL,
679  *      cRLIssuer               [2]     GeneralNames OPTIONAL }
680  * DistributionPointName ::= CHOICE {
681  *      fullName                [0]     GeneralNames,
682  *      nameRelativeToCRLIssuer [1]     RelativeDistinguishedName }
683  * </pre>
684  * Constructor can have following parameter:
685  * <ul>
686  * <li>{Array}array - array of {@link KJUR.asn1.x509.DistributionPoint} parameter</li>
687  * <li>{Boolean}critical - critical flag</li>
688  * </ul>
689  * @example
690  * new KJUR.asn1.x509.CRLDistributionPoints({
691  *   array: [{fulluri: "http://aaa.com/"}, {fulluri: "ldap://aaa.com/"}],
692  *   critical: true
693  * })
694  */
695 KJUR.asn1.x509.CRLDistributionPoints = function(params) {
696     KJUR.asn1.x509.CRLDistributionPoints.superclass.constructor.call(this, params);
697     var _KJUR = KJUR,
698 	_KJUR_asn1 = _KJUR.asn1,
699 	_KJUR_asn1_x509 = _KJUR_asn1.x509;
700 
701     this.getExtnValueHex = function() {
702         return this.asn1ExtnValue.getEncodedHex();
703     };
704 
705     this.setByDPArray = function(dpArray) {
706 	var asn1Array = [];
707 	for (var i = 0; i < dpArray.length; i++) {
708 	    if (dpArray[i] instanceof KJUR.asn1.ASN1Object) {
709 		asn1Array.push(dpArray[i]);
710 	    } else {
711 		var dp = new _KJUR_asn1_x509.DistributionPoint(dpArray[i]);
712 		asn1Array.push(dp);
713 	    }
714 	}
715         this.asn1ExtnValue = new _KJUR_asn1.DERSequence({'array': asn1Array});
716     };
717 
718     this.setByOneURI = function(uri) {
719         var dp1 = new _KJUR_asn1_x509.DistributionPoint({fulluri: uri});
720         this.setByDPArray([dp1]);
721     };
722 
723     this.oid = "2.5.29.31";
724     if (params !== undefined) {
725         if (params.array !== undefined) {
726             this.setByDPArray(params.array);
727         } else if (params.uri !== undefined) {
728             this.setByOneURI(params.uri);
729         }
730     }
731 };
732 YAHOO.lang.extend(KJUR.asn1.x509.CRLDistributionPoints, KJUR.asn1.x509.Extension);
733 
734 /**
735  * DistributionPoint ASN.1 structure class<br/>
736  * @name KJUR.asn1.x509.DistributionPoint
737  * @class DistributionPoint ASN.1 structure class
738  * @param {Array} params JSON object of parameters (OPTIONAL)
739  * @extends KJUR.asn1.ASN1Object
740  * @see {@link KJUR.asn1.x509.CRLDistributionPoints}
741  * @see {@link KJUR.asn1.x509.DistributionPointName}
742  * @see {@link KJUR.asn1.x509.GeneralNames}
743  * @see {@link X509#getDistributionPoint}
744  * @description
745  * This class represents 
746  * <a href="https://tools.ietf.org/html/rfc5280#section-4.2.1.13">
747  * DistributionPoint defined in RFC 5280 4.2.1.13</a>.
748  * <pre>
749  * DistributionPoint ::= SEQUENCE {
750  *      distributionPoint       [0]     DistributionPointName OPTIONAL,
751  *      reasons                 [1]     ReasonFlags OPTIONAL,
752  *      cRLIssuer               [2]     GeneralNames OPTIONAL }
753  * </pre>
754  * Constructor can have following parameter:
755  * <ul>
756  * <li>{String}fulluri - uri string for fullName uri. This has the same meaning for '{dpname: {full: [{uri: "..."]}}'.</li>
757  * <li>{Array}dpname - JSON object for {@link KJUR.asn1.x509.DistributionPointName} parameters</li>
758  * <li>{DistrubutionPoint}dpobj - {@link KJUR.asn1.x509.DistributionPointName} object (DEPRECATED)</li>
759  * </ul>
760  * <br/>
761  * NOTE1: Parameter "fulluri" and "dpname" supported 
762  * since jsrsasign 9.0.0 asn1x509 2.0.0.
763  * <br/>
764  * NOTE2: The "reasons" and "cRLIssuer" fields are currently
765  * not supported.
766  * @example
767  * new KJUR.asn1.x509.DistributionPoint(
768  *   {fulluri: "http://example.com/crl1.crl"})
769  * new KJUR.asn1.x509.DistributionPoint(
770  *   {dpname: {full: [{uri: "http://example.com/crl1.crl"}]}})
771  * new KJUR.asn1.x509.DistributionPoint(
772  *   {dpobj: new DistributionPoint(...)})
773  */
774 KJUR.asn1.x509.DistributionPoint = function(params) {
775     KJUR.asn1.x509.DistributionPoint.superclass.constructor.call(this);
776     var asn1DP = null,
777 	_KJUR = KJUR,
778 	_KJUR_asn1 = _KJUR.asn1,
779 	_DistributionPointName = _KJUR_asn1.x509.DistributionPointName;
780 
781     this.getEncodedHex = function() {
782         var seq = new _KJUR_asn1.DERSequence();
783         if (this.asn1DP != null) {
784             var o1 = new _KJUR_asn1.DERTaggedObject({'explicit': true,
785                                                      'tag': 'a0',
786                                                      'obj': this.asn1DP});
787             seq.appendASN1Object(o1);
788         }
789         this.hTLV = seq.getEncodedHex();
790         return this.hTLV;
791     };
792 
793     if (params !== undefined) {
794         if (params.dpobj !== undefined) {
795             this.asn1DP = params.dpobj;
796         } else if (params.dpname !== undefined) {
797             this.asn1DP = new _DistributionPointName(params.dpname);
798 	} else if (params.fulluri !== undefined) {
799             this.asn1DP = new _DistributionPointName({full: [{uri: params.fulluri}]});
800 	}
801     }
802 };
803 YAHOO.lang.extend(KJUR.asn1.x509.DistributionPoint, KJUR.asn1.ASN1Object);
804 
805 /**
806  * DistributionPointName ASN.1 structure class<br/>
807  * @name KJUR.asn1.x509.DistributionPointName
808  * @class DistributionPointName ASN.1 structure class
809  * @param {Array} params JSON object of parameters or GeneralNames object
810  * @extends KJUR.asn1.ASN1Object
811  * @see {@link KJUR.asn1.x509.CRLDistributionPoints}
812  * @see {@link KJUR.asn1.x509.DistributionPoint}
813  * @see {@link KJUR.asn1.x509.GeneralNames}
814  * @see {@link X509#getDistributionPointName}
815  * @description
816  * This class represents 
817  * <a href="https://tools.ietf.org/html/rfc5280#section-4.2.1.13">
818  * DistributionPointName defined in RFC 5280 4.2.1.13</a>.
819  * <pre>
820  * DistributionPointName ::= CHOICE {
821  *      fullName                [0]     GeneralNames,
822  *      nameRelativeToCRLIssuer [1]     RelativeDistinguishedName }
823  * </pre>
824  * Constructor can have following parameter:
825  * <ul>
826  * <li>{String}full - JSON object parameter of {@link KJUR.asn1.x509.GeneralNames} for 'fullName' field</li>
827  * <li>{GeneralNames} - {@link KJUR.asn1.x509.GeneralNames} object for 'fullName'</li>
828  * </ul>
829  * NOTE1: 'full' parameter have been suppored since jsrsasign 9.0.0 asn1x509 2.0.0.
830  * <br>
831  * NOTE2: The 'nameRelativeToCRLIssuer' field is currently not supported.
832  * @example
833  * new KJUR.asn1.x509.DistributionPointName({full: <<GeneralNamesParameter>>})
834  * new KJUR.asn1.x509.DistributionPointName({full: [{uri: <<CDPURI>>}]})
835  * new KJUR.asn1.x509.DistributionPointName({full: [{dn: <<DN Parameter>>}]}
836  * new KJUR.asn1.x509.DistributionPointName({full: [{uri: "http://example.com/root.crl"}]})
837  * new KJUR.asn1.x509.DistributionPointName({full: [{dn {str: "/C=US/O=Test"}}]})
838  * new KJUR.asn1.x509.DistributionPointName(new GeneralNames(...))
839  */
840 KJUR.asn1.x509.DistributionPointName = function(params) {
841     KJUR.asn1.x509.DistributionPointName.superclass.constructor.call(this);
842     var asn1Obj = null,
843 	type = null,
844 	tag = null,
845 	asn1V = null,
846 	_KJUR = KJUR,
847 	_KJUR_asn1 = _KJUR.asn1,
848 	_DERTaggedObject = _KJUR_asn1.DERTaggedObject;
849 
850     this.getEncodedHex = function() {
851         if (this.type != "full")
852             throw new Error("currently type shall be 'full': " + this.type);
853         this.asn1Obj = new _DERTaggedObject({'explicit': false,
854                                              'tag': this.tag,
855                                              'obj': this.asn1V});
856         this.hTLV = this.asn1Obj.getEncodedHex();
857         return this.hTLV;
858     };
859 
860     if (params !== undefined) {
861         if (_KJUR_asn1.x509.GeneralNames.prototype.isPrototypeOf(params)) {
862             this.type = "full";
863             this.tag = "a0";
864             this.asn1V = params;
865 	} else if (params.full !== undefined) {
866             this.type = "full";
867             this.tag = "a0";
868             this.asn1V = new _KJUR_asn1.x509.GeneralNames(params.full);
869         } else {
870             throw new Error("This class supports GeneralNames only as argument");
871         }
872     }
873 };
874 YAHOO.lang.extend(KJUR.asn1.x509.DistributionPointName, KJUR.asn1.ASN1Object);
875 
876 /**
877  * CertificatePolicies ASN.1 structure class
878  * @name KJUR.asn1.x509.CertificatePolicies
879  * @class CertificatePolicies ASN.1 structure class
880  * @param {Array} params associative array of parameters
881  * @extends KJUR.asn1.x509.Extension
882  * @since jsrsasign 8.0.23 asn1x509 1.1.12
883  * @see KJUR.asn1.x509.CertificatePolicies
884  * @see KJUR.asn1.x509.PolicyInformation
885  * @see KJUR.asn1.x509.PolicyQualifierInfo
886  * @see KJUR.asn1.x509.UserNotice
887  * @see KJUR.asn1.x509.NoticeReference
888  * @see KJUR.asn1.x509.DisplayText
889  * @description
890  * This class represents 
891  * <a href="https://tools.ietf.org/html/rfc5280#section-4.2.1.4">
892  * CertificatePolicies extension defined in RFC 5280 4.2.1.4</a>.
893  * <pre>
894  * id-ce-certificatePolicies OBJECT IDENTIFIER ::=  { id-ce 32 }
895  * CertificatePolicies ::= SEQUENCE SIZE (1..MAX) OF PolicyInformation
896  * </pre>
897  * Its constructor can have following parameters:
898  * <ul>
899  * <li>array - array of {@link KJUR.asn1.x509.PolicyInformation} parameter</li>
900  * <li>critical - boolean: critical flag</li>
901  * </ul>
902  * NOTE: Returned JSON value format have been changed without 
903  * backward compatibility since jsrsasign 9.0.0 asn1x509 2.0.0.
904  * @example
905  * e1 = new KJUR.asn1.x509.CertificatePolicies({
906  *   array: [
907  *     { policyoid: "1.2.3.4.5",
908  *       array: [
909  *         { cps: "https://example.com/repository" },
910  *         { unotice: {
911  *           noticeref: { // CA SHOULD NOT use this by RFC
912  *             org: {type: "ia5", str: "Sample Org"},
913  *             noticenum: [{int: 5}, {hex: "01af"}]
914  *           },
915  *           exptext: {type: "ia5", str: "Sample Policy"}
916  *         }}
917  *       ]
918  *     }
919  *   ],
920  *   critical: true
921  * });
922  */
923 KJUR.asn1.x509.CertificatePolicies = function(params) {
924     KJUR.asn1.x509.CertificatePolicies.superclass.constructor.call(this, params);
925     var _KJUR = KJUR,
926 	_KJUR_asn1 = _KJUR.asn1,
927 	_KJUR_asn1_x509 = _KJUR_asn1.x509,
928 	_DERSequence = _KJUR_asn1.DERSequence,
929 	_PolicyInformation = _KJUR_asn1_x509.PolicyInformation;
930 
931     this.params = null;
932 
933     this.getExtnValueHex = function() {
934 	var aPI = [];
935 	for (var i = 0; i < this.params.array.length; i++) {
936 	    aPI.push(new _PolicyInformation(this.params.array[i]));
937 	}
938 	var seq = new _DERSequence({array: aPI});
939 	this.asn1ExtnValue = seq;
940         return this.asn1ExtnValue.getEncodedHex();
941     };
942 
943     this.oid = "2.5.29.32";
944     if (params !== undefined) {
945 	this.params = params;
946     }
947 };
948 YAHOO.lang.extend(KJUR.asn1.x509.CertificatePolicies, KJUR.asn1.x509.Extension);
949 
950 // ===== BEGIN CertificatePolicies related classes =====
951 /**
952  * PolicyInformation ASN.1 structure class
953  * @name KJUR.asn1.x509.PolicyInformation
954  * @class PolicyInformation ASN.1 structure class
955  * @param {Array} params JSON object of parameters
956  * @extends KJUR.asn1.ASN1Object
957  * @since jsrsasign 8.0.23 asn1x509 1.1.12
958  * @see KJUR.asn1.x509.CertificatePolicies
959  * @see KJUR.asn1.x509.PolicyInformation
960  * @see KJUR.asn1.x509.PolicyQualifierInfo
961  * @see KJUR.asn1.x509.UserNotice
962  * @see KJUR.asn1.x509.NoticeReference
963  * @see KJUR.asn1.x509.DisplayText
964  * @description
965  * This class represents 
966  * <a href="https://tools.ietf.org/html/rfc5280#section-4.2.1.4">
967  * PolicyInformation defined in RFC 5280 4.2.1.4</a>.
968  * <pre>
969  * PolicyInformation ::= SEQUENCE {
970  *      policyIdentifier   CertPolicyId,
971  *      policyQualifiers   SEQUENCE SIZE (1..MAX) OF
972  *                         PolicyQualifierInfo OPTIONAL }
973  * CertPolicyId ::= OBJECT IDENTIFIER
974  * Its constructor can have following parameters:
975  * <ul>
976  * <li>{String}policyoid - policy OID (ex. "1.2.3.4.5")</li>
977  * <li>{Object}array - array of {@link KJUR.asn1.x509.PolicyQualifierInfo}
978  * parameters (OPTIONAL)</li>
979  * </ul>
980  * @example
981  * new KJUR.asn1.x509.PolicyInformation({
982  *   policyoid: "1.2.3.4.5",
983  *   array: [
984  *     { cps: "https://example.com/repository" },
985  *     { unotice: {
986  *       noticeref: { // CA SHOULD NOT use this by RFC
987  *         org: {type: "ia5", str: "Sample Org"},
988  *         noticenum: [{int: 5}, {hex: "01af"}]
989  *       },
990  *       exptext: {type: "ia5", str: "Sample Policy"}
991  *     }}
992  *   ]
993  * })
994  */
995 KJUR.asn1.x509.PolicyInformation = function(params) {
996     KJUR.asn1.x509.PolicyInformation.superclass.constructor.call(this,
997 								 params);
998     var _KJUR_asn1 = KJUR.asn1,
999 	_DERSequence = _KJUR_asn1.DERSequence,
1000 	_DERObjectIdentifier = _KJUR_asn1.DERObjectIdentifier,
1001 	_PolicyQualifierInfo = _KJUR_asn1.x509.PolicyQualifierInfo;
1002 
1003     this.params = null;
1004 
1005     this.getEncodedHex = function() {
1006 	if (this.params.policyoid === undefined &&
1007 	    this.params.array === undefined)
1008 	    throw new Error("parameter oid and array missing");
1009 
1010 	// policy oid
1011 	var a = [new _DERObjectIdentifier(this.params.policyoid)];
1012 
1013 	// array of ASN1Object of PolicyQualifierInfo
1014 	if (this.params.array !== undefined) {
1015 	    var aPQI = [];
1016 	    for (var i = 0; i < this.params.array.length; i++) {
1017 		aPQI.push(new _PolicyQualifierInfo(this.params.array[i]));
1018 	    }
1019 	    if (aPQI.length > 0) {
1020 		a.push(new _DERSequence({array: aPQI}));
1021 	    }
1022 	}
1023 
1024 	var seq = new _DERSequence({array: a});
1025 	return seq.getEncodedHex();
1026     };
1027 
1028     if (params !== undefined) {
1029 	this.params = params;
1030     }
1031 };
1032 YAHOO.lang.extend(KJUR.asn1.x509.PolicyInformation, KJUR.asn1.ASN1Object);
1033 
1034 /**
1035  * PolicyQualifierInfo ASN.1 structure class
1036  * @name KJUR.asn1.x509.PolicyQualifierInfo
1037  * @class PolicyQualifierInfo ASN.1 structure class
1038  * @param {Array} params associative array of parameters
1039  * @extends KJUR.asn1.ASN1Object
1040  * @since jsrsasign 8.0.23 asn1x509 1.1.12
1041  * @description
1042  * This class represents 
1043  * <a href="https://tools.ietf.org/html/rfc5280#section-4.2.1.4">
1044  * PolicyQualifierInfo defined in RFC 5280 4.2.1.4</a>.
1045  * <pre>
1046  * PolicyQualifierInfo ::= SEQUENCE {
1047  *      policyQualifierId  PolicyQualifierId,
1048  *      qualifier          ANY DEFINED BY policyQualifierId }
1049  * PolicyQualifierId ::= OBJECT IDENTIFIER ( id-qt-cps | id-qt-unotice )
1050  * CPSuri ::= IA5String
1051  * </pre>
1052  * Its constructor can have one of following two parameters:
1053  * <ul>
1054  * <li>{String}cps - URI string for CPS</li>
1055  * <li>{Object}unotice - {@link KJUR.asn1.x509.UserNotice} parameter</li>
1056  * </ul>
1057  * @example
1058  * new PolicyQualifierInfo({
1059  *   cps: "https://example.com/repository/cps"
1060  * })
1061  *
1062  * new PolicyQualifierInfo({
1063  *   unotice: {
1064  *     noticeref: { // CA SHOULD NOT use this by RFC
1065  *       org: {type: "bmp", str: "Sample Org"},
1066  *       noticenum: [{int: 3}, {hex: "01af"}]
1067  *     },
1068  *     exptext: {type: "ia5", str: "Sample Policy"}
1069  *   }
1070  * })
1071  */
1072 KJUR.asn1.x509.PolicyQualifierInfo = function(params) {
1073     KJUR.asn1.x509.PolicyQualifierInfo.superclass.constructor.call(this,
1074 								   params);
1075     var _KJUR_asn1 = KJUR.asn1,
1076 	_DERSequence = _KJUR_asn1.DERSequence,
1077 	_DERIA5String = _KJUR_asn1.DERIA5String,
1078 	_DERObjectIdentifier = _KJUR_asn1.DERObjectIdentifier,
1079 	_UserNotice = _KJUR_asn1.x509.UserNotice;
1080 
1081     this.params = null;
1082 
1083     this.getEncodedHex = function() {
1084 	if (this.params.cps !== undefined) {
1085 	    var seq = new _DERSequence({array: [
1086 		new _DERObjectIdentifier({oid: '1.3.6.1.5.5.7.2.1'}),
1087 		new _DERIA5String({str: this.params.cps})
1088 	    ]});
1089 	    return seq.getEncodedHex();
1090 	}
1091 	if (this.params.unotice != undefined) {
1092 	    var seq = new _DERSequence({array: [
1093 		new _DERObjectIdentifier({oid: '1.3.6.1.5.5.7.2.2'}),
1094 		new _UserNotice(this.params.unotice)
1095 	    ]});
1096 	    return seq.getEncodedHex();
1097 	}
1098     };
1099 
1100     if (params !== undefined) {
1101 	this.params = params;
1102     }
1103 };
1104 YAHOO.lang.extend(KJUR.asn1.x509.PolicyQualifierInfo, KJUR.asn1.ASN1Object);
1105 
1106 
1107 /**
1108  * UserNotice ASN.1 structure class
1109  * @name KJUR.asn1.x509.UserNotice
1110  * @class UserNotice ASN.1 structure class
1111  * @param {Array} params associative array of parameters
1112  * @extends KJUR.asn1.ASN1Object
1113  * @since jsrsasign 8.0.23 asn1x509 1.1.12
1114  * @description
1115  * This class represents 
1116  * <a href="https://tools.ietf.org/html/rfc5280#section-4.2.1.4">
1117  * UserNotice defined in RFC 5280 4.2.1.4</a>.
1118  * <pre>
1119  * UserNotice ::= SEQUENCE {
1120  *      noticeRef        NoticeReference OPTIONAL,
1121  *      explicitText     DisplayText OPTIONAL }
1122  * </pre>
1123  * Its constructor can have following two parameters:
1124  * <ul>
1125  * <li>{Object}noticeref - {@link KJUR.asn1.x509.NoticeReference} parameter.
1126  * This SHALL NOT be set for conforming CA by RFC 5280. (OPTIONAL)</li>
1127  * <li>{Object}exptext - explicitText value
1128  * by {@link KJUR.asn1.x509.DisplayText} parameter (OPTIONAL)</li>
1129  * </ul>
1130  * @example
1131  * new UserNotice({
1132  *   noticeref: {
1133  *     org: {type: "bmp", str: "Sample Org"},
1134  *     noticenum: [{int: 3}, {hex: "01af"}]
1135  *   },
1136  *   exptext: {type: "ia5", str: "Sample Policy"}
1137  * })
1138  */
1139 KJUR.asn1.x509.UserNotice = function(params) {
1140     KJUR.asn1.x509.UserNotice.superclass.constructor.call(this, params);
1141     var _DERSequence = KJUR.asn1.DERSequence,
1142 	_DERInteger = KJUR.asn1.DERInteger,
1143 	_DisplayText = KJUR.asn1.x509.DisplayText,
1144 	_NoticeReference = KJUR.asn1.x509.NoticeReference;
1145 
1146     this.params = null;
1147 
1148     this.getEncodedHex = function() {
1149 	var a = [];
1150 	if (this.params.noticeref !== undefined) {
1151 	    a.push(new _NoticeReference(this.params.noticeref));
1152 	}
1153 	if (this.params.exptext !== undefined) {
1154 	    a.push(new _DisplayText(this.params.exptext));
1155 	}
1156 	var seq = new _DERSequence({array: a});
1157 	return seq.getEncodedHex();
1158     };
1159 
1160     if (params !== undefined) {
1161 	this.params = params;
1162     }
1163 };
1164 YAHOO.lang.extend(KJUR.asn1.x509.UserNotice, KJUR.asn1.ASN1Object);
1165 
1166 /**
1167  * NoticeReference ASN.1 structure class
1168  * @name KJUR.asn1.x509.NoticeReference
1169  * @class NoticeReference ASN.1 structure class
1170  * @param {Array} params associative array of parameters
1171  * @extends KJUR.asn1.ASN1Object
1172  * @since jsrsasign 8.0.23 asn1x509 1.1.12
1173  * @description
1174  * This class represents 
1175  * <a href="https://tools.ietf.org/html/rfc5280#section-4.2.1.4">
1176  * NoticeReference defined in RFC 5280 4.2.1.4</a>.
1177  * <pre>
1178  * NoticeReference ::= SEQUENCE {
1179  *      organization     DisplayText,
1180  *      noticeNumbers    SEQUENCE OF INTEGER }
1181  * </pre>
1182  * Its constructor can have following two parameters:
1183  * <ul>
1184  * <li>{Object}org - organization by {@link KJUR.asn1.x509.DisplayText}
1185  * parameter.</li>
1186  * <li>{Object}noticenum - noticeNumbers value by an array of
1187  * {@link KJUR.asn1.DERInteger} parameter</li>
1188  * </ul>
1189  * @example
1190  * new NoticeReference({
1191  *   org: {type: "bmp", str: "Sample Org"},
1192  *   noticenum: [{int: 3}, {hex: "01af"}]
1193  * })
1194  */
1195 KJUR.asn1.x509.NoticeReference = function(params) {
1196     KJUR.asn1.x509.NoticeReference.superclass.constructor.call(this, params);
1197     var _DERSequence = KJUR.asn1.DERSequence,
1198 	_DERInteger = KJUR.asn1.DERInteger,
1199 	_DisplayText = KJUR.asn1.x509.DisplayText;
1200 
1201     this.params = null;
1202 
1203     this.getEncodedHex = function() {
1204 	var a = [];
1205 	if (this.params.org !== undefined) {
1206 	    a.push(new _DisplayText(this.params.org));
1207 	}
1208 	if (this.params.noticenum !== undefined) {
1209 	    var aNoticeNum = [];
1210 	    var aNumParam = this.params.noticenum;
1211 	    for (var i = 0; i < aNumParam.length; i++) {
1212 		aNoticeNum.push(new _DERInteger(aNumParam[i]));
1213 	    }
1214 	    a.push(new _DERSequence({array: aNoticeNum}));
1215 	}
1216 	if (a.length == 0) throw new Error("parameter is empty");
1217 	var seq = new _DERSequence({array: a});
1218 	return seq.getEncodedHex();
1219     }
1220 
1221     if (params !== undefined) {
1222 	this.params = params;
1223     }
1224 };
1225 YAHOO.lang.extend(KJUR.asn1.x509.NoticeReference, KJUR.asn1.ASN1Object);
1226 
1227 /**
1228  * DisplayText ASN.1 structure class
1229  * @name KJUR.asn1.x509.DisplayText
1230  * @class DisplayText ASN.1 structure class
1231  * @param {Array} params associative array of parameters
1232  * @extends KJUR.asn1.DERAbstractString
1233  * @since jsrsasign 8.0.23 asn1x509 1.1.12
1234  * @description
1235  * This class represents 
1236  * <a href="https://tools.ietf.org/html/rfc5280#section-4.2.1.4">
1237  * DisplayText defined in RFC 5280 4.2.1.4</a>.
1238  * <pre>
1239  * -- from RFC 5280 Appendix A
1240  * DisplayText ::= CHOICE {
1241  *      ia5String        IA5String      (SIZE (1..200)),
1242  *      visibleString    VisibleString  (SIZE (1..200)),
1243  *      bmpString        BMPString      (SIZE (1..200)),
1244  *      utf8String       UTF8String     (SIZE (1..200)) }
1245  * </pre>
1246  * {@link KJUR.asn1.DERAbstractString} parameters and methods
1247  * can be used.
1248  * Its constructor can also have following parameter:
1249  * <ul>
1250  * <li>{String} type - DirectoryString type of DisplayText.
1251  * "ia5" for IA5String, "vis" for VisibleString,
1252  * "bmp" for BMPString and "utf8" for UTF8String.
1253  * Default is "utf8". (OPTIONAL)</li>
1254  * </ul>
1255  * @example
1256  * new DisplayText({type: "bmp", str: "Sample Org"})
1257  * new DisplayText({type: "ia5", str: "Sample Org"})
1258  * new DisplayText({str: "Sample Org"})
1259  */
1260 KJUR.asn1.x509.DisplayText = function(params) {
1261     KJUR.asn1.x509.DisplayText.superclass.constructor.call(this, params);
1262 
1263     this.hT = "0c"; // DEFAULT "utf8"
1264 
1265     if (params !== undefined) {
1266 	if (params.type === "ia5") {
1267 	    this.hT = "16";
1268 	} else if (params.type === "vis") {
1269 	    this.hT = "1a";
1270 	} else if (params.type === "bmp") {
1271 	    this.hT = "1e";
1272 	}
1273     }
1274 };
1275 YAHOO.lang.extend(KJUR.asn1.x509.DisplayText, KJUR.asn1.DERAbstractString);
1276 // ===== END CertificatePolicies related classes =====
1277 
1278 // =====================================================================
1279 /**
1280  * KeyUsage ASN.1 structure class
1281  * @name KJUR.asn1.x509.ExtKeyUsage
1282  * @class ExtKeyUsage ASN.1 structure class
1283  * @param {Array} params associative array of parameters
1284  * @extends KJUR.asn1.x509.Extension
1285  * @description
1286  * @example
1287  * e1 = new KJUR.asn1.x509.ExtKeyUsage({
1288  *   critical: true,
1289  *   array: [
1290  *     {oid: '2.5.29.37.0'},  // anyExtendedKeyUsage
1291  *     {name: 'clientAuth'},
1292  *     "1.2.3.4",
1293  *     "serverAuth"
1294  *   ]
1295  * });
1296  * // id-ce-extKeyUsage OBJECT IDENTIFIER ::= { id-ce 37 }
1297  * // ExtKeyUsageSyntax ::= SEQUENCE SIZE (1..MAX) OF KeyPurposeId
1298  * // KeyPurposeId ::= OBJECT IDENTIFIER
1299  */
1300 KJUR.asn1.x509.ExtKeyUsage = function(params) {
1301     KJUR.asn1.x509.ExtKeyUsage.superclass.constructor.call(this, params);
1302     var _KJUR = KJUR,
1303 	_KJUR_asn1 = _KJUR.asn1;
1304 
1305     this.setPurposeArray = function(purposeArray) {
1306         this.asn1ExtnValue = new _KJUR_asn1.DERSequence();
1307         for (var i = 0; i < purposeArray.length; i++) {
1308             var o = new _KJUR_asn1.DERObjectIdentifier(purposeArray[i]);
1309             this.asn1ExtnValue.appendASN1Object(o);
1310         }
1311     };
1312 
1313     this.getExtnValueHex = function() {
1314         return this.asn1ExtnValue.getEncodedHex();
1315     };
1316 
1317     this.oid = "2.5.29.37";
1318     if (params !== undefined) {
1319         if (params.array !== undefined) {
1320             this.setPurposeArray(params.array);
1321         }
1322     }
1323 };
1324 YAHOO.lang.extend(KJUR.asn1.x509.ExtKeyUsage, KJUR.asn1.x509.Extension);
1325 
1326 /**
1327  * AuthorityKeyIdentifier ASN.1 structure class
1328  * @name KJUR.asn1.x509.AuthorityKeyIdentifier
1329  * @class AuthorityKeyIdentifier ASN.1 structure class
1330  * @param {Array} params associative array of parameters (ex. {kid: {hex: '89ab...'}, critical: true})
1331  * @extends KJUR.asn1.x509.Extension
1332  * @since asn1x509 1.0.8
1333  * @description
1334  * This class represents ASN.1 structure for <a href="https://tools.ietf.org/html/rfc5280#section-4.2.1.1">AuthorityKeyIdentifier in RFC 5280</a>.
1335  * Constructor of this class may have following parameters.: 
1336  * <ul>
1337  * <li>kid - When key object (RSA, KJUR.crypto.ECDSA/DSA) or PEM string of issuing authority public key or issuer certificate is specified, key identifier will be automatically calculated by the method specified in RFC 5280. When a hexadecimal string is specifed, kid will be set explicitly by it.</li>
1338  * <li>isscert - When PEM string of authority certificate is specified, both authorityCertIssuer and authorityCertSerialNumber will be set by the certificate.</li>
1339  * <li>issuer - {@link KJUR.asn1.x509.X500Name} parameter to specify issuer name explicitly.</li>
1340  * <li>sn - hexadecimal string to specify serial number explicitly.</li>
1341  * <li>critical - boolean to specify criticality of this extension
1342  * however conforming CA must mark this extension as non-critical in RFC 5280.</li>
1343  * </ul>
1344  * 
1345  * <pre>
1346  * d-ce-authorityKeyIdentifier OBJECT IDENTIFIER ::=  { id-ce 35 }
1347  * AuthorityKeyIdentifier ::= SEQUENCE {
1348  *    keyIdentifier             [0] KeyIdentifier           OPTIONAL,
1349  *    authorityCertIssuer       [1] GeneralNames            OPTIONAL,
1350  *    authorityCertSerialNumber [2] CertificateSerialNumber OPTIONAL  }
1351  * KeyIdentifier ::= OCTET STRING
1352  * </pre>
1353  *
1354  * @example
1355  * // 1. kid by key object
1356  * keyobj = KEYUTIL.getKey("-----BEGIN PUBLIC KEY...");
1357  * e1 = new KJUR.asn1.x509.AuthorityKeyIdentifier({kid: keyobj});
1358  * // 2. kid by PEM string of authority certificate or public key
1359  * e1 = new KJUR.asn1.x509.AuthorityKeyIdentifier({kid: "-----BEGIN..."});
1360  * // 3. specify kid explicitly
1361  * e1 = new KJUR.asn1.x509.AuthorityKeyIdentifier({kid: "8ab1d3..."});
1362  * });
1363  * // 4. issuer and serial number by auhtority PEM certificate
1364  * e1 = new KJUR.asn1.x509.AuthorityKeyIdentifier({isscert: "-----BEGIN..."});
1365  * // 5. issuer and serial number explicitly
1366  * e1 = new KJUR.asn1.x509.AuthorityKeyIdentifier({
1367  *   issuer: {ldapstr: "O=test,C=US"},
1368  *   sn: {hex: "1ac7..."}});
1369  * // 6. combination
1370  * e1 = new KJUR.asn1.x509.AuthorityKeyIdentifier({
1371  *   kid: "-----BEGIN CERTIFICATE...",
1372  *   isscert: "-----BEGIN CERTIFICATE..."});
1373  */
1374 KJUR.asn1.x509.AuthorityKeyIdentifier = function(params) {
1375     KJUR.asn1.x509.AuthorityKeyIdentifier.superclass.constructor.call(this, params);
1376     var _KJUR = KJUR,
1377 	_KJUR_asn1 = _KJUR.asn1,
1378 	_DERTaggedObject = _KJUR_asn1.DERTaggedObject,
1379 	_GeneralNames = _KJUR_asn1.x509.GeneralNames,
1380 	_isKey = _KJUR.crypto.Util.isKey;
1381 
1382     this.asn1KID = null;
1383     this.asn1CertIssuer = null; // X500Name hTLV
1384     this.asn1CertSN = null;
1385 
1386     this.getExtnValueHex = function() {
1387         var a = new Array();
1388         if (this.asn1KID)
1389             a.push(new _DERTaggedObject({'explicit': false,
1390                                          'tag': '80',
1391                                          'obj': this.asn1KID}));
1392 
1393         if (this.asn1CertIssuer)
1394             a.push(new _DERTaggedObject({'explicit': false,
1395                                          'tag': 'a1',
1396                                          'obj': new _GeneralNames([{dn: this.asn1CertIssuer}])}));
1397 
1398         if (this.asn1CertSN)
1399             a.push(new _DERTaggedObject({'explicit': false,
1400                                          'tag': '82',
1401                                          'obj': this.asn1CertSN}));
1402 
1403         var asn1Seq = new _KJUR_asn1.DERSequence({'array': a});
1404         this.asn1ExtnValue = asn1Seq;
1405         return this.asn1ExtnValue.getEncodedHex();
1406     };
1407 
1408     /**
1409      * set keyIdentifier value by DEROctetString parameter, key object or PEM file
1410      * @name setKIDByParam
1411      * @memberOf KJUR.asn1.x509.AuthorityKeyIdentifier#
1412      * @function
1413      * @param {Array} param parameter to set key identifier
1414      * @since asn1x509 1.0.8
1415      * @description
1416      * This method will set keyIdentifier by param.
1417      * Its key identifier value can be set by following type of param argument:
1418      * <ul>
1419      * <li>{str: "123"} - by raw string</li>
1420      * <li>{hex: "01af..."} - by hexadecimal value</li>
1421      * <li>RSAKey/DSA/ECDSA - by RSAKey, KJUR.crypto.{DSA/ECDSA} public key object.
1422      * key identifier value will be calculated by the method described in
1423      * <a href="https://tools.ietf.org/html/rfc5280#section-4.2.1.2">RFC 5280 4.2.1.2 (1)</a>.
1424      * </li>
1425      * <li>certificate PEM string - extract subjectPublicKeyInfo from specified PEM
1426      * certificate and
1427      * key identifier value will be calculated by the method described in
1428      * <a href="https://tools.ietf.org/html/rfc5280#section-4.2.1.2">RFC 5280 4.2.1.2 (1)</a>.
1429      * <li>PKCS#1/#8 public key PEM string - pem will be converted to a key object and
1430      * to PKCS#8 ASN.1 structure then calculate 
1431      * a key identifier value will be calculated by the method described in
1432      * <a href="https://tools.ietf.org/html/rfc5280#section-4.2.1.2">RFC 5280 4.2.1.2 (1)</a>.
1433      * </ul>
1434      *
1435      * NOTE1: Automatic key identifier calculation is supported
1436      * since jsrsasign 8.0.16.
1437      *
1438      * @see KEYUTIL.getKeyID
1439      * 
1440      * @example
1441      * o = new KJUR.asn1.x509.AuthorityKeyIdentifier();
1442      * // set by hexadecimal string
1443      * o.setKIDByParam({hex: '1ad9...'});
1444      * // set by SubjectPublicKeyInfo of PEM certificate string
1445      * o.setKIDByParam("-----BEGIN CERTIFICATE...");
1446      * // set by PKCS#8 PEM public key string
1447      * o.setKIDByParam("-----BEGIN PUBLIC KEY...");
1448      * // set by public key object
1449      * pubkey = KEYUTIL.getKey("-----BEGIN CERTIFICATE...");
1450      * o.setKIDByParam(pubkey);
1451      */
1452     this.setKIDByParam = function(param) {
1453 	if (param.str !== undefined ||
1454 	    param.hex !== undefined) {
1455 	    this.asn1KID = new KJUR.asn1.DEROctetString(param);
1456 	} else if ((typeof param === "object" &&
1457 		    KJUR.crypto.Util.isKey(param)) ||
1458 		   (typeof param === "string" &&
1459 		    param.indexOf("BEGIN ") != -1)) {
1460 
1461 	    var keyobj = param;
1462 	    if (typeof param === "string") {
1463 		keyobj = KEYUTIL.getKey(param);
1464 	    }
1465 
1466 	    var kid = KEYUTIL.getKeyID(keyobj);
1467 	    this.asn1KID = new KJUR.asn1.DEROctetString({hex: kid});
1468 	}
1469     };
1470 
1471     /**
1472      * set authorityCertIssuer value by X500Name parameter
1473      * @name setCertIssuerByParam
1474      * @memberOf KJUR.asn1.x509.AuthorityKeyIdentifier#
1475      * @function
1476      * @param {Array} param parameter to set issuer name
1477      * @since asn1x509 1.0.8
1478      * @description
1479      * This method will set authorityCertIssuer name by param.
1480      * Issuer name can be set by following type of param argument:
1481      * <ul>
1482      * <li>str/ldapstr/hex/certsubject/certissuer - 
1483      * set issuer by {@link KJUR.asn1.x509.X500Name}
1484      * object with specified parameters.</li>
1485      * <li>PEM CERTIFICATE STRING - extract its subject name from 
1486      * specified issuer PEM certificate and set.
1487      * </ul>
1488      * NOTE1: Automatic authorityCertIssuer setting by certificate
1489      * is supported since jsrsasign 8.0.16.
1490      *
1491      * @see KJUR.asn1.x509.X500Name
1492      * @see KJUR.asn1.x509.GeneralNames
1493      * @see X509.getSubjectHex
1494      *
1495      * @example
1496      * var o = new KJUR.asn1.x509.AuthorityKeyIdentifier();
1497      * // 1. set it by string
1498      * o.setCertIssuerByParam({str: '/C=US/O=Test'});
1499      * // 2. set it by issuer PEM certificate
1500      * o.setCertIssuerByParam("-----BEGIN CERTIFICATE...");
1501      *
1502      */
1503     this.setCertIssuerByParam = function(param) {
1504 	if (param.str !== undefined ||
1505 	    param.ldapstr !== undefined ||
1506 	    param.hex !== undefined ||
1507 	    param.certsubject !== undefined ||
1508 	    param.certissuer !== undefined) {
1509             this.asn1CertIssuer = new KJUR.asn1.x509.X500Name(param);
1510 	} else if (typeof param === "string" &&
1511 		   param.indexOf("BEGIN ") != -1 &&
1512 		   param.indexOf("CERTIFICATE") != -1) {
1513             this.asn1CertIssuer = new KJUR.asn1.x509.X500Name({certissuer: param});
1514 	}
1515     };
1516 
1517     /**
1518      * set authorityCertSerialNumber value
1519      * @name setCertSerialNumberByParam
1520      * @memberOf KJUR.asn1.x509.AuthorityKeyIdentifier#
1521      * @function
1522      * @param {Object} param parameter to set serial number
1523      * @since asn1x509 1.0.8
1524      * @description
1525      * This method will set authorityCertSerialNumber by param.
1526      * Serial number can be set by following type of param argument:
1527      *
1528      * <ul>
1529      * <li>{int: 123} - by integer value</li>
1530      * <li>{hex: "01af"} - by hexadecimal integer value</li>
1531      * <li>{bigint: new BigInteger(...)} - by hexadecimal integer value</li>
1532      * <li>PEM CERTIFICATE STRING - extract serial number from issuer certificate and
1533      * set serial number.
1534      * 
1535      * NOTE1: Automatic authorityCertSerialNumber setting by certificate
1536      * is supported since jsrsasign 8.0.16.
1537      *
1538      * @see X509.getSerialNumberHex
1539      */
1540     this.setCertSNByParam = function(param) {
1541 	if (param.str !== undefined ||
1542 	    param.bigint !== undefined ||
1543 	    param.hex !== undefined) {
1544             this.asn1CertSN = new KJUR.asn1.DERInteger(param);
1545 	} else if (typeof param === "string" &&
1546 		   param.indexOf("BEGIN ") != -1 &&
1547 		   param.indexOf("CERTIFICATE")) {
1548 
1549             var x = new X509();
1550             x.readCertPEM(param);
1551 	    var sn = x.getSerialNumberHex();
1552 	    this.asn1CertSN = new KJUR.asn1.DERInteger({hex: sn});
1553 	}
1554     };
1555 
1556     this.oid = "2.5.29.35";
1557     if (params !== undefined) {
1558         if (params.kid !== undefined) {
1559             this.setKIDByParam(params.kid);
1560         }
1561         if (params.issuer !== undefined) {
1562             this.setCertIssuerByParam(params.issuer);
1563         }
1564         if (params.sn !== undefined) {
1565             this.setCertSNByParam(params.sn);
1566         }
1567 
1568 	if (params.issuersn !== undefined &&
1569 	    typeof params.issuersn === "string" &&
1570 	    params.issuersn.indexOf("BEGIN ") != -1 &&
1571 	    params.issuersn.indexOf("CERTIFICATE")) {
1572 	    this.setCertSNByParam(params.issuersn);
1573 	    this.setCertIssuerByParam(params.issuersn);
1574 	}
1575     }
1576 };
1577 YAHOO.lang.extend(KJUR.asn1.x509.AuthorityKeyIdentifier, KJUR.asn1.x509.Extension);
1578 
1579 /**
1580  * SubjectKeyIdentifier extension ASN.1 structure class
1581  * @name KJUR.asn1.x509.SubjectKeyIdentifier
1582  * @class SubjectKeyIdentifier ASN.1 structure class
1583  * @param {Array} params associative array of parameters (ex. {kid: {hex: '89ab...'}, critical: true})
1584  * @extends KJUR.asn1.x509.Extension
1585  * @since asn1x509 1.1.7 jsrsasign 8.0.14
1586  * @description
1587  * This class represents ASN.1 structure for 
1588  * <a href="https://tools.ietf.org/html/rfc5280#section-4.2.1.2">
1589  * SubjectKeyIdentifier in RFC 5280</a>.
1590  * Constructor of this class may have following parameters:
1591  * <ul>
1592  * <li>kid - When key object (RSA, KJUR.crypto.ECDSA/DSA) or PEM string of subject public key or certificate is specified, key identifier will be automatically calculated by the method specified in RFC 5280. When a hexadecimal string is specifed, kid will be set explicitly by it.</li>
1593  * <li>critical - boolean to specify criticality of this extension
1594  * however conforming CA must mark this extension as non-critical in RFC 5280.</li>
1595  * </ul>
1596  * <pre>
1597  * d-ce-subjectKeyIdentifier OBJECT IDENTIFIER ::=  { id-ce 14 }
1598  * SubjectKeyIdentifier ::= KeyIdentifier
1599  * KeyIdentifier ::= OCTET STRING
1600  * </pre>
1601  *
1602  * @example
1603  * // set by hexadecimal string
1604  * e = new KJUR.asn1.x509.SubjectKeyIdentifier({kid: {hex: '89ab'}});
1605  * // set by PEM public key or certificate string
1606  * e = new KJUR.asn1.x509.SubjectKeyIdentifier({kid: "-----BEGIN CERTIFICATE..."});
1607  * // set by public key object
1608  * pubkey = KEYUTIL.getKey("-----BEGIN CERTIFICATE...");
1609  * e = new KJUR.asn1.x509.SubjectKeyIdentifier({kid: pubkey});
1610  */
1611 KJUR.asn1.x509.SubjectKeyIdentifier = function(params) {
1612     KJUR.asn1.x509.SubjectKeyIdentifier.superclass.constructor.call(this, params);
1613     var _KJUR = KJUR,
1614 	_KJUR_asn1 = _KJUR.asn1,
1615 	_DEROctetString = _KJUR_asn1.DEROctetString;
1616 
1617     this.asn1KID = null;
1618 
1619     this.getExtnValueHex = function() {
1620         this.asn1ExtnValue = this.asn1KID;
1621         return this.asn1ExtnValue.getEncodedHex();
1622     };
1623 
1624     /**
1625      * set keyIdentifier value by DEROctetString parameter, key object or PEM file
1626      * @name setKIDByParam
1627      * @memberOf KJUR.asn1.x509.SubjectKeyIdentifier#
1628      * @function
1629      * @param {Array} param array of {@link KJUR.asn1.DERInteger} parameter
1630      * @since asn1x509 1.1.7 jsrsasign 8.0.14
1631      * @description
1632      * <ul>
1633      * <li>{str: "123"} - by raw string</li>
1634      * <li>{hex: "01af..."} - by hexadecimal value</li>
1635      * <li>RSAKey/DSA/ECDSA - by RSAKey, KJUR.crypto.{DSA/ECDSA} public key object.
1636      * key identifier value will be calculated by the method described in
1637      * <a href="https://tools.ietf.org/html/rfc5280#section-4.2.1.2">RFC 5280 4.2.1.2 (1)</a>.
1638      * </li>
1639      * <li>certificate PEM string - extract subjectPublicKeyInfo from specified PEM
1640      * certificate and
1641      * key identifier value will be calculated by the method described in
1642      * <a href="https://tools.ietf.org/html/rfc5280#section-4.2.1.2">RFC 5280 4.2.1.2 (1)</a>.
1643      * <li>PKCS#1/#8 public key PEM string - pem will be converted to a key object and
1644      * to PKCS#8 ASN.1 structure then calculate 
1645      * a key identifier value will be calculated by the method described in
1646      * <a href="https://tools.ietf.org/html/rfc5280#section-4.2.1.2">RFC 5280 4.2.1.2 (1)</a>.
1647      * </ul>
1648      *
1649      * NOTE1: Automatic key identifier calculation is supported
1650      * since jsrsasign 8.0.16.
1651      *
1652      * @see KEYUTIL.getKeyID
1653      *
1654      * @example
1655      * o = new KJUR.asn1.x509.SubjectKeyIdentifier();
1656      * // set by hexadecimal string
1657      * o.setKIDByParam({hex: '1ad9...'});
1658      * // set by SubjectPublicKeyInfo of PEM certificate string
1659      * o.setKIDByParam("-----BEGIN CERTIFICATE...");
1660      * // set by PKCS#8 PEM public key string
1661      * o.setKIDByParam("-----BEGIN PUBLIC KEY...");
1662      * // set by public key object
1663      * pubkey = KEYUTIL.getKey("-----BEGIN CERTIFICATE...");
1664      * o.setKIDByParam(pubkey);
1665      */
1666     this.setKIDByParam = function(param) {
1667 	if (param.str !== undefined ||
1668 	    param.hex !== undefined) {
1669 	    this.asn1KID = new _DEROctetString(param);
1670 	} else if ((typeof param === "object" &&
1671 		    KJUR.crypto.Util.isKey(param)) ||
1672 		   (typeof param === "string" &&
1673 		    param.indexOf("BEGIN") != -1)) {
1674 
1675 	    var keyobj = param;
1676 	    if (typeof param === "string") {
1677 		keyobj = KEYUTIL.getKey(param);
1678 	    }
1679 
1680 	    var kid = KEYUTIL.getKeyID(keyobj);
1681 	    this.asn1KID = new KJUR.asn1.DEROctetString({hex: kid});
1682 	}
1683     };
1684 
1685     this.oid = "2.5.29.14";
1686     if (params !== undefined) {
1687 	if (params.kid !== undefined) {
1688 	    this.setKIDByParam(params.kid);
1689 	}
1690     }
1691 };
1692 YAHOO.lang.extend(KJUR.asn1.x509.SubjectKeyIdentifier, KJUR.asn1.x509.Extension);
1693 
1694 /**
1695  * AuthorityInfoAccess ASN.1 structure class
1696  * @name KJUR.asn1.x509.AuthorityInfoAccess
1697  * @class AuthorityInfoAccess ASN.1 structure class
1698  * @param {Array} params JSON object of AuthorityInfoAccess parameters
1699  * @extends KJUR.asn1.x509.Extension
1700  * @since asn1x509 1.0.8
1701  * @see {@link X509#getExtAuthorityInfoAccess}
1702  * @description
1703  * This class represents 
1704  * <a href="https://tools.ietf.org/html/rfc5280#section-4.2.2.1">
1705  * AuthorityInfoAccess extension defined in RFC 5280 4.2.2.1</a>.
1706  * <pre>
1707  * id-pe OBJECT IDENTIFIER  ::=  { id-pkix 1 }
1708  * id-pe-authorityInfoAccess OBJECT IDENTIFIER ::= { id-pe 1 }
1709  * AuthorityInfoAccessSyntax  ::=
1710  *         SEQUENCE SIZE (1..MAX) OF AccessDescription
1711  * AccessDescription  ::=  SEQUENCE {
1712  *         accessMethod          OBJECT IDENTIFIER,
1713  *         accessLocation        GeneralName  }
1714  * id-ad OBJECT IDENTIFIER ::= { id-pkix 48 }
1715  * id-ad-caIssuers OBJECT IDENTIFIER ::= { id-ad 2 }
1716  * id-ad-ocsp OBJECT IDENTIFIER ::= { id-ad 1 }
1717  * </pre>
1718  * NOTE: Acceptable parameters have been changed since
1719  * from jsrsasign 9.0.0 asn1x509 2.0.0.
1720  * Parameter generated by {@link X509#getAuthorityInfoAccess}
1721  * can be accepted as a argument of this constructor.
1722  * @example
1723  * e1 = new KJUR.asn1.x509.AuthorityInfoAccess({
1724  *   array: [
1725  *     {ocsp: 'http://ocsp.example.org'},
1726  *     {caissuer: 'https://repository.example.org/aaa.crt'}
1727  *   ]
1728  * });
1729  */
1730 KJUR.asn1.x509.AuthorityInfoAccess = function(params) {
1731     KJUR.asn1.x509.AuthorityInfoAccess.superclass.constructor.call(this, params);
1732 
1733     this.setAccessDescriptionArray = function(aParam) {
1734         var aASN1 = new Array(),
1735 	    _KJUR = KJUR,
1736 	    _KJUR_asn1 = _KJUR.asn1,
1737 	    _DERSequence = _KJUR_asn1.DERSequence,
1738 	    _DERObjectIdentifier = _KJUR_asn1.DERObjectIdentifier,
1739 	    _GeneralName = _KJUR_asn1.x509.GeneralName;
1740 
1741         for (var i = 0; i < aParam.length; i++) {
1742 	    var adseq;
1743 	    var adparam = aParam[i];
1744 
1745 	    if (adparam.ocsp !== undefined) {
1746 		adseq = new _DERSequence({array: [
1747 		    new _DERObjectIdentifier({oid: "1.3.6.1.5.5.7.48.1"}),
1748 		    new _GeneralName({uri: adparam.ocsp})
1749 		]});
1750 	    } else if (adparam.caissuer !== undefined) {
1751 		adseq = new _DERSequence({array: [
1752 		    new _DERObjectIdentifier({oid: "1.3.6.1.5.5.7.48.2"}),
1753 		    new _GeneralName({uri: adparam.caissuer})
1754 		]});
1755 	    } else {
1756 		throw new Error("unknown AccessMethod parameter: " +
1757 				JSON.stringify(adparam));
1758 	    }
1759 	    aASN1.push(adseq);
1760         }
1761         this.asn1ExtnValue = new _DERSequence({'array':aASN1});
1762     };
1763 
1764     this.getExtnValueHex = function() {
1765         return this.asn1ExtnValue.getEncodedHex();
1766     };
1767 
1768     this.oid = "1.3.6.1.5.5.7.1.1";
1769     if (params !== undefined) {
1770         if (params.array !== undefined) {
1771             this.setAccessDescriptionArray(params.array);
1772         }
1773     }
1774 };
1775 YAHOO.lang.extend(KJUR.asn1.x509.AuthorityInfoAccess, KJUR.asn1.x509.Extension);
1776 
1777 /**
1778  * SubjectAltName ASN.1 structure class<br/>
1779  * @name KJUR.asn1.x509.SubjectAltName
1780  * @class SubjectAltName ASN.1 structure class
1781  * @param {Array} params associative array of parameters
1782  * @extends KJUR.asn1.x509.Extension
1783  * @since jsrsasign 6.2.3 asn1x509 1.0.19
1784  * @see KJUR.asn1.x509.GeneralNames
1785  * @see KJUR.asn1.x509.GeneralName
1786  * @description
1787  * This class provides X.509v3 SubjectAltName extension.
1788  * <pre>
1789  * id-ce-subjectAltName OBJECT IDENTIFIER ::=  { id-ce 17 }
1790  * SubjectAltName ::= GeneralNames
1791  * GeneralNames ::= SEQUENCE SIZE (1..MAX) OF GeneralName
1792  * GeneralName ::= CHOICE {
1793  *   otherName                  [0] OtherName,
1794  *   rfc822Name                 [1] IA5String,
1795  *   dNSName                    [2] IA5String,
1796  *   x400Address                [3] ORAddress,
1797  *   directoryName              [4] Name,
1798  *   ediPartyName               [5] EDIPartyName,
1799  *   uniformResourceIdentifier  [6] IA5String,
1800  *   iPAddress                  [7] OCTET STRING,
1801  *   registeredID               [8] OBJECT IDENTIFIER }
1802  * </pre>
1803  * @example
1804  * e1 = new KJUR.asn1.x509.SubjectAltName({
1805  *   critical: true,
1806  *   array: [{uri: 'http://aaa.com/'}, {uri: 'http://bbb.com/'}]
1807  * });
1808  */
1809 KJUR.asn1.x509.SubjectAltName = function(params) {
1810     KJUR.asn1.x509.SubjectAltName.superclass.constructor.call(this, params)
1811 
1812     this.setNameArray = function(paramsArray) {
1813 	this.asn1ExtnValue = new KJUR.asn1.x509.GeneralNames(paramsArray);
1814     };
1815 
1816     this.getExtnValueHex = function() {
1817         return this.asn1ExtnValue.getEncodedHex();
1818     };
1819 
1820     this.oid = "2.5.29.17";
1821     if (params !== undefined) {
1822         if (params.array !== undefined) {
1823             this.setNameArray(params.array);
1824         }
1825     }
1826 };
1827 YAHOO.lang.extend(KJUR.asn1.x509.SubjectAltName, KJUR.asn1.x509.Extension);
1828 
1829 /**
1830  * IssuerAltName ASN.1 structure class<br/>
1831  * @name KJUR.asn1.x509.IssuerAltName
1832  * @class IssuerAltName ASN.1 structure class
1833  * @param {Array} params associative array of parameters
1834  * @extends KJUR.asn1.x509.Extension
1835  * @since jsrsasign 6.2.3 asn1x509 1.0.19
1836  * @see KJUR.asn1.x509.GeneralNames
1837  * @see KJUR.asn1.x509.GeneralName
1838  * @description
1839  * This class provides X.509v3 IssuerAltName extension.
1840  * <pre>
1841  * id-ce-subjectAltName OBJECT IDENTIFIER ::=  { id-ce 18 }
1842  * IssuerAltName ::= GeneralNames
1843  * GeneralNames ::= SEQUENCE SIZE (1..MAX) OF GeneralName
1844  * GeneralName ::= CHOICE {
1845  *   otherName                  [0] OtherName,
1846  *   rfc822Name                 [1] IA5String,
1847  *   dNSName                    [2] IA5String,
1848  *   x400Address                [3] ORAddress,
1849  *   directoryName              [4] Name,
1850  *   ediPartyName               [5] EDIPartyName,
1851  *   uniformResourceIdentifier  [6] IA5String,
1852  *   iPAddress                  [7] OCTET STRING,
1853  *   registeredID               [8] OBJECT IDENTIFIER }
1854  * </pre>
1855  * @example
1856  * e1 = new KJUR.asn1.x509.IssuerAltName({
1857  *   critical: true,
1858  *   array: [{uri: 'http://aaa.com/'}, {uri: 'http://bbb.com/'}]
1859  * });
1860  */
1861 KJUR.asn1.x509.IssuerAltName = function(params) {
1862     KJUR.asn1.x509.IssuerAltName.superclass.constructor.call(this, params)
1863 
1864     this.setNameArray = function(paramsArray) {
1865 	this.asn1ExtnValue = new KJUR.asn1.x509.GeneralNames(paramsArray);
1866     };
1867 
1868     this.getExtnValueHex = function() {
1869         return this.asn1ExtnValue.getEncodedHex();
1870     };
1871 
1872     this.oid = "2.5.29.18";
1873     if (params !== undefined) {
1874         if (params.array !== undefined) {
1875             this.setNameArray(params.array);
1876         }
1877     }
1878 };
1879 YAHOO.lang.extend(KJUR.asn1.x509.IssuerAltName, KJUR.asn1.x509.Extension);
1880 
1881 /**
1882  * priavte extension ASN.1 structure class<br/>
1883  * @name KJUR.asn1.x509.PrivateExtension
1884  * @class private extension ASN.1 structure class
1885  * @param {Array} params JSON object of private extension
1886  * @extends KJUR.asn1.x509.Extension
1887  * @since jsrsasign 9.1.1 asn1x509 
1888  * @see KJUR.asn1.ASN1Util.newObject
1889  *
1890  * @description
1891  * This class is to represent private extension or 
1892  * unsupported extension. 
1893  * <pre>
1894  * Extension  ::=  SEQUENCE  {
1895  *      extnID      OBJECT IDENTIFIER,
1896  *      critical    BOOLEAN DEFAULT FALSE,
1897  *      extnValue   OCTET STRING }
1898  * </pre>
1899  * Following properties can be set for JSON parameter:
1900  * <ul>
1901  * <li>{String}extname - string of OID or predefined extension name</li>
1902  * <li>{Boolean}critical - critical flag</li>
1903  * <li>{Object}extn - hexadecimal string or 
1904  * of {@link KJUR.asn1.ASN1Util.newObject} 
1905  * JSON parameter for extnValue field</li>
1906  * </li>
1907  * </ul>
1908  *
1909  * @example
1910  * // extn by hexadecimal
1911  * new KJUR.asn1.x509.PrivateExtension({
1912  *   extname: "1.2.3.4",
1913  *   critical: true,
1914  *   extn: "13026161" // means PrintableString "aa"
1915  * });
1916  *
1917  * // extn by JSON parameter
1918  * new KJUR.asn1.x509.PrivateExtension({
1919  *   extname: "1.2.3.5",
1920  *   extn: {seq: [{prnstr:"abc"},{utf8str:"def"}]}
1921  * });
1922  */
1923 KJUR.asn1.x509.PrivateExtension = function(params) {
1924     KJUR.asn1.x509.PrivateExtension.superclass.constructor.call(this, params)
1925 
1926     var _KJUR = KJUR,
1927 	_isHex = _KJUR.lang.String.isHex,
1928 	_KJUR_asn1 = _KJUR.asn1,
1929 	_name2oid = _KJUR_asn1.x509.OID.name2oid,
1930 	_newObject = _KJUR_asn1.ASN1Util.newObject;
1931 
1932     this.params = null;
1933 
1934     this.setByParam = function(params) {
1935 	this.oid = _name2oid(params.extname);
1936 	this.params = params;
1937     };
1938 
1939     this.getExtnValueHex = function() {
1940 	if (this.params.extname == undefined ||
1941 	    this.params.extn == undefined) {
1942 	    throw new Error("extname or extnhex not specified");
1943 	}
1944 
1945 	var extn = this.params.extn;
1946 	if (typeof extn == "string" && _isHex(extn)) {
1947 	    return extn;
1948 	} else if (typeof extn == "object") {
1949 	    try {
1950 		return _newObject(extn).getEncodedHex();
1951 	    } catch(ex) {}
1952 	}
1953 	throw new Error("unsupported extn value");
1954     };
1955 
1956     if (params != undefined) {
1957 	this.setByParam(params);
1958     }
1959 };
1960 YAHOO.lang.extend(KJUR.asn1.x509.PrivateExtension, KJUR.asn1.x509.Extension);
1961 
1962 // === END   X.509v3 Extensions Related =======================================
1963 
1964 // === BEGIN CRL Related ===================================================
1965 /**
1966  * X.509 CRL class to sign and generate hex encoded CRL<br/>
1967  * @name KJUR.asn1.x509.CRL
1968  * @class X.509 CRL class to sign and generate hex encoded certificate
1969  * @property {Array} params JSON object of parameters
1970  * @param {Array} params JSON object of CRL parameters
1971  * @extends KJUR.asn1.ASN1Object
1972  * @since 1.0.3
1973  * @see KJUR.asn1.x509.TBSCertList
1974  * 
1975  * @description
1976  * This class represents CertificateList ASN.1 structur of X.509 CRL
1977  * defined in <a href="https://tools.ietf.org/html/rfc5280#section-5.1">
1978  * RFC 5280 5.1</a>
1979  * <pre>
1980  * CertificateList  ::=  SEQUENCE  {
1981  *     tbsCertList          TBSCertList,
1982  *     signatureAlgorithm   AlgorithmIdentifier,
1983  *     signatureValue       BIT STRING  }
1984  * </pre>
1985  * NOTE: CRL class is updated without backward 
1986  * compatibility from jsrsasign 9.1.0 asn1x509 2.1.0.
1987  * Most of methods are removed and parameters can be set
1988  * by JSON object.
1989  * <br/>
1990  * Constructor of this class can accept all
1991  * parameters of {@link KJUR.asn1.x509.TBSCertList}.
1992  * It also accept following parameters additionally:
1993  * <ul>
1994  * <li>{TBSCertList}tbsobj (OPTION) - 
1995  * specifies {@link KJUR.asn1.x509.TBSCertList} 
1996  * object to be signed if needed. 
1997  * When this isn't specified, 
1998  * this will be set from other parametes of TBSCertList.</li>
1999  * <li>{Object}cakey (OPTION) - specifies CRL signing private key.
2000  * Parameter "cakey" or "sighex" shall be specified. Following
2001  * values can be specified:
2002  *   <ul>
2003  *   <li>PKCS#1/5 or PKCS#8 PEM string of private key</li>
2004  *   <li>RSAKey/DSA/ECDSA key object. {@link KEYUTIL.getKey} is useful
2005  *   to generate a key object.</li>
2006  *   </ul>
2007  * </li>
2008  * <li>{String}sighex (OPTION) - hexadecimal string of signature value
2009  * (i.e. ASN.1 value(V) of signatureValue BIT STRING without
2010  * unused bits)</li>
2011  * </ul>
2012  *
2013  * @example
2014  * var crl = new KJUR.asn1.x509.CRL({
2015  *  sigalg: "SHA256withRSA",
2016  *  issuer: {str:'/C=JP/O=Test1'},
2017  *  thisupdate: "200821235959Z",
2018  *  nextupdate: "200828235959Z", // OPTION
2019  *  revcert: [{sn: {hex: "12ab"}, date: "200401235959Z"}],
2020  *  ext: [
2021  *   {extname: "cRLNumber", num: {'int': 8}},
2022  *   {extname: "authorityKeyIdentifier", "kid": {hex: "12ab"}}
2023  *  ],
2024  *  cakey: prvkey
2025  * });
2026  * crl.getEncodedHex() → "30..."
2027  * crl.getPEM() → "-----BEGIN X509 CRL..."
2028  */
2029 KJUR.asn1.x509.CRL = function(params) {
2030     KJUR.asn1.x509.CRL.superclass.constructor.call(this);
2031     var _KJUR = KJUR,
2032 	_KJUR_asn1 = _KJUR.asn1,
2033 	_DERSequence = _KJUR_asn1.DERSequence,
2034 	_DERBitString = _KJUR_asn1.DERBitString,
2035 	_KJUR_asn1_x509 = _KJUR_asn1.x509,
2036 	_AlgorithmIdentifier = _KJUR_asn1_x509.AlgorithmIdentifier,
2037 	_TBSCertList = _KJUR_asn1_x509.TBSCertList;
2038 
2039     this.params = undefined;
2040 
2041     this.setByParam = function(params) {
2042 	this.params = params;
2043     };
2044 
2045     /**
2046      * sign CRL<br/>
2047      * @name sign
2048      * @memberOf KJUR.asn1.x509.CRL#
2049      * @function
2050      * @description
2051      * This method signs TBSCertList with a specified 
2052      * private key and algorithm by 
2053      * this.params.cakey and this.params.sigalg parameter.
2054      * @example
2055      * crl = new KJUR.asn1.x509.CRL({..., cakey:prvkey});
2056      * crl.sign()
2057      */
2058     this.sign = function() {
2059 	var hTBSCL = (new _TBSCertList(this.params)).getEncodedHex();
2060 	var sig = new KJUR.crypto.Signature({alg: this.params.sigalg});
2061 	sig.init(this.params.cakey);
2062 	sig.updateHex(hTBSCL);
2063 	var sighex = sig.sign();
2064 	this.params.sighex = sighex;
2065     };
2066 
2067     /**
2068      * get PEM formatted CRL string after signed<br/>
2069      * @name getPEM
2070      * @memberOf KJUR.asn1.x509.CRL#
2071      * @function
2072      * @return PEM formatted string of CRL
2073      * @since jsrsasign 9.1.0 asn1hex 2.1.0
2074      * @description
2075      * This method returns a string of PEM formatted 
2076      * CRL.
2077      * @example
2078      * crl = new KJUR.asn1.x509.CRL({...});
2079      * crl.getPEM() →
2080      * "-----BEGIN X509 CRL-----\r\n..."
2081      */
2082     this.getPEM = function() {
2083 	return hextopem(this.getEncodedHex(), "X509 CRL");
2084     };
2085 
2086     this.getEncodedHex = function() {
2087 	var params = this.params;
2088 
2089 	if (params.tbsobj == undefined) {
2090 	    params.tbsobj = new _TBSCertList(params);
2091 	}
2092 
2093 	if (params.sighex == undefined && params.cakey != undefined) {
2094 	    this.sign();
2095 	}
2096 
2097 	if (params.sighex == undefined) {
2098 	    throw new Error("sighex or cakey parameter not defined");
2099 	}
2100 	
2101 	var a = [];
2102 	a.push(params.tbsobj);
2103 	a.push(new _AlgorithmIdentifier({name: params.sigalg}));
2104 	a.push(new _DERBitString({hex: "00" + params.sighex}));
2105 	var seq = new _DERSequence({array: a});
2106 	return seq.getEncodedHex();
2107     };
2108 
2109     if (params != undefined) this.params = params;
2110 };
2111 YAHOO.lang.extend(KJUR.asn1.x509.CRL, KJUR.asn1.ASN1Object);
2112 
2113 /**
2114  * ASN.1 TBSCertList ASN.1 structure class for CRL<br/>
2115  * @name KJUR.asn1.x509.TBSCertList
2116  * @class TBSCertList ASN.1 structure class for CRL
2117  * @property {Array} params JSON object of parameters
2118  * @param {Array} params JSON object of TBSCertList parameters
2119  * @extends KJUR.asn1.ASN1Object
2120  * @since 1.0.3
2121  *
2122  * @description
2123  * This class represents TBSCertList of CRL defined in
2124  * <a href="https://tools.ietf.org/html/rfc5280#section-5.1">
2125  * RFC 5280 5.1</a>.
2126  * <pre>
2127  * TBSCertList  ::=  SEQUENCE  {
2128  *       version                 Version OPTIONAL,
2129  *                                    -- if present, MUST be v2
2130  *       signature               AlgorithmIdentifier,
2131  *       issuer                  Name,
2132  *       thisUpdate              Time,
2133  *       nextUpdate              Time OPTIONAL,
2134  *       revokedCertificates     SEQUENCE OF SEQUENCE  {
2135  *            userCertificate         CertificateSerialNumber,
2136  *            revocationDate          Time,
2137  *            crlEntryExtensions      Extensions OPTIONAL
2138  *                                     -- if present, version MUST be v2
2139  *                                 }  OPTIONAL,
2140  *       crlExtensions           [0]  EXPLICIT Extensions OPTIONAL
2141  * }
2142  * </pre>
2143  * NOTE: TBSCertList class is updated without backward 
2144  * compatibility from jsrsasign 9.1.0 asn1x509 2.1.0.
2145  * Most of methods are removed and parameters can be set
2146  * by JSON object.
2147  * <br/>
2148  * Constructor of this class may have following parameters:
2149  * <ul>
2150  * <li>{Integer}version (OPTION) - version number. Omitted by default.</li>
2151  * <li>{String}sigalg - signature algorithm name</li>
2152  * <li>{Array}issuer - issuer parameter of {@link KJUR.asn1.x509.X500Name}</li>
2153  * <li>{String}thisupdate - thisUpdate field value</li>
2154  * <li>{String}nextupdate (OPTION) - thisUpdate field value</li>
2155  * <li>{Array}revcert (OPTION) - revokedCertificates field value as array
2156  *   Its element may have following property:
2157  *   <ul>
2158  *   <li>{Array}sn - serialNumber of userCertificate field specified
2159  *   by {@link KJUR.asn1.DERInteger}</li>
2160  *   <li>{String}date - revocationDate field specified by
2161  *   a string of {@link KJUR.asn1.x509.Time} parameter</li>
2162  *   <li>{Array}ext (OPTION) - array of CRL entry extension parameter</li>
2163  *   </ul>
2164  * </li>
2165  * </ul>
2166  * 
2167  * @example
2168  * var o = new KJUR.asn1.x509.TBSCertList({
2169  *  sigalg: "SHA256withRSA",
2170  *  issuer: {array: [[{type:'C',value:'JP',ds:'prn'}],
2171  *                   [{type:'O',value:'T1',ds:'prn'}]]},
2172  *  thisupdate: "200821235959Z",
2173  *  nextupdate: "200828235959Z", // OPTION
2174  *  revcert: [
2175  *   {sn: {hex: "12ab"}, date: "200401235959Z", ext: [{extname: "cRLReason", code:1}]},
2176  *   {sn: {hex: "12bc"}, date: "200405235959Z", ext: [{extname: "cRLReason", code:2}]}
2177  *  ],
2178  *  ext: [
2179  *   {extname: "cRLNumber", num: {'int': 8}},
2180  *   {extname: "authorityKeyIdentifier", "kid": {hex: "12ab"}}
2181  *  ]
2182  * });
2183  * o.getEncodedHex() → "30..."
2184  */
2185 KJUR.asn1.x509.TBSCertList = function(params) {
2186     KJUR.asn1.x509.TBSCertList.superclass.constructor.call(this);
2187     var	_KJUR = KJUR,
2188 	_KJUR_asn1 = _KJUR.asn1,
2189 	_DERInteger = _KJUR_asn1.DERInteger,
2190 	_DERSequence = _KJUR_asn1.DERSequence,
2191 	_DERTaggedObject = _KJUR_asn1.DERTaggedObject,
2192 	_DERObjectIdentifier = _KJUR_asn1.DERObjectIdentifier,
2193 	_KJUR_asn1_x509 = _KJUR_asn1.x509,
2194 	_AlgorithmIdentifier = _KJUR_asn1_x509.AlgorithmIdentifier,
2195 	_Time = _KJUR_asn1_x509.Time,
2196 	_Extensions = _KJUR_asn1_x509.Extensions,
2197 	_X500Name = _KJUR_asn1_x509.X500Name;
2198     this.params = null;
2199 
2200     /**
2201      * get array of ASN.1 object for extensions<br/>
2202      * @name setByParam
2203      * @memberOf KJUR.asn1.x509.TBSCertList#
2204      * @function
2205      * @param {Array} JSON object of TBSCertList parameters
2206      * @example
2207      * tbsc = new KJUR.asn1.x509.TBSCertificate();
2208      * tbsc.setByParam({version:3, serial:{hex:'1234...'},...});
2209      */
2210     this.setByParam = function(params) {
2211 	this.params = params;
2212     };
2213 
2214     /**
2215      * get DERSequence for revokedCertificates<br/>
2216      * @name getRevCertSequence
2217      * @memberOf KJUR.asn1.x509.TBSCertList#
2218      * @function
2219      * @return {@link KJUR.asn1.DERSequence} of revokedCertificates
2220      */
2221     this.getRevCertSequence = function() {
2222 	var a = [];
2223 	var aRevCert = this.params.revcert;
2224 	for (var i = 0; i < aRevCert.length; i++) {
2225 	    var aEntry = [
2226 		new _DERInteger(aRevCert[i].sn),
2227 		new _Time(aRevCert[i].date)
2228 	    ];
2229 	    if (aRevCert[i].ext != undefined) {
2230 		aEntry.push(new _Extensions(aRevCert[i].ext));
2231 	    }
2232 	    a.push(new _DERSequence({array: aEntry}));
2233 	}
2234 	return new _DERSequence({array: a});
2235     };
2236 
2237     this.getEncodedHex = function() {
2238 	var a = [];
2239 	var params = this.params;
2240 
2241 	if (params.version != undefined) {
2242 	    var version = params.version - 1; 
2243 	    var obj = new _DERInteger({'int': version});
2244 	    a.push(obj);
2245 	}
2246 
2247 	a.push(new _AlgorithmIdentifier({name: params.sigalg}));
2248 	a.push(new _X500Name(params.issuer));
2249 	a.push(new _Time(params.thisupdate));
2250 	if (params.nextupdate != undefined) 
2251 	    a.push(new _Time(params.nextupdate))
2252 	if (params.revcert != undefined) {
2253 	    a.push(this.getRevCertSequence());
2254 	}
2255 	if (params.ext != undefined) {
2256 	    var dExt = new _Extensions(params.ext);
2257 	    a.push(new _DERTaggedObject({tag:'a0',
2258 					 explicit:true,
2259 					 obj:dExt}));
2260 	}
2261 
2262 	var seq = new _DERSequence({array: a});
2263 	return seq.getEncodedHex();
2264     };
2265 
2266     if (params !== undefined) this.setByParam(params);
2267 };
2268 YAHOO.lang.extend(KJUR.asn1.x509.TBSCertList, KJUR.asn1.ASN1Object);
2269 
2270 /**
2271  * ASN.1 CRLEntry structure class for CRL (DEPRECATED)<br/>
2272  * @name KJUR.asn1.x509.CRLEntry
2273  * @class ASN.1 CRLEntry structure class for CRL
2274  * @param {Array} params JSON object for CRL entry parameter
2275  * @extends KJUR.asn1.ASN1Object
2276  * @since 1.0.3
2277  * @see KJUR.asn1.x509.TBSCertList
2278  * @deprecated since jsrsasign 9.1.0 asn1x509 2.1.0
2279  * @description
2280  * This class is to represent revokedCertificate in TBSCertList.
2281  * However this is no more used by TBSCertList since
2282  * jsrsasign 9.1.0. So this class have been deprecated in 
2283  * jsrsasign 9.1.0.
2284  * <pre>
2285  * revokedCertificates     SEQUENCE OF SEQUENCE  {
2286  *     userCertificate         CertificateSerialNumber,
2287  *     revocationDate          Time,
2288  *     crlEntryExtensions      Extensions OPTIONAL
2289  *                             -- if present, version MUST be v2 }
2290  * </pre>
2291  * @example
2292  * var e = new KJUR.asn1.x509.CRLEntry({'time': {'str': '130514235959Z'}, 'sn': {'int': 234}});
2293  */
2294 KJUR.asn1.x509.CRLEntry = function(params) {
2295     KJUR.asn1.x509.CRLEntry.superclass.constructor.call(this);
2296     var sn = null,
2297 	time = null,
2298 	_KJUR = KJUR,
2299 	_KJUR_asn1 = _KJUR.asn1;
2300 
2301     /**
2302      * set DERInteger parameter for serial number of revoked certificate
2303      * @name setCertSerial
2304      * @memberOf KJUR.asn1.x509.CRLEntry
2305      * @function
2306      * @param {Array} intParam DERInteger parameter for certificate serial number
2307      * @description
2308      * @example
2309      * entry.setCertSerial({'int': 3});
2310      */
2311     this.setCertSerial = function(intParam) {
2312         this.sn = new _KJUR_asn1.DERInteger(intParam);
2313     };
2314 
2315     /**
2316      * set Time parameter for revocation date
2317      * @name setRevocationDate
2318      * @memberOf KJUR.asn1.x509.CRLEntry
2319      * @function
2320      * @param {Array} timeParam Time parameter for revocation date
2321      * @description
2322      * @example
2323      * entry.setRevocationDate({'str': '130508235959Z'});
2324      */
2325     this.setRevocationDate = function(timeParam) {
2326         this.time = new _KJUR_asn1.x509.Time(timeParam);
2327     };
2328 
2329     this.getEncodedHex = function() {
2330         var o = new _KJUR_asn1.DERSequence({"array": [this.sn, this.time]});
2331         this.TLV = o.getEncodedHex();
2332         return this.TLV;
2333     };
2334 
2335     if (params !== undefined) {
2336         if (params.time !== undefined) {
2337             this.setRevocationDate(params.time);
2338         }
2339         if (params.sn !== undefined) {
2340             this.setCertSerial(params.sn);
2341         }
2342     }
2343 };
2344 YAHOO.lang.extend(KJUR.asn1.x509.CRLEntry, KJUR.asn1.ASN1Object);
2345 
2346 /**
2347  * CRLNumber CRL extension ASN.1 structure class<br/>
2348  * @name KJUR.asn1.x509.CRLNumber
2349  * @class CRLNumber CRL extension ASN.1 structure class
2350  * @extends KJUR.asn1.x509.Extension
2351  * @since jsrsasign 9.1.0 asn1x509 2.1.0
2352  * @see KJUR.asn1.x509.TBSCertList
2353  * @see KJUR.asn1.x509.Extensions
2354  * @description
2355  * This class represents ASN.1 structure for
2356  * CRLNumber CRL extension defined in
2357  * <a href="https://tools.ietf.org/html/rfc5280#section-5.2.3">
2358  * RFC 5280 5.2.3</a>.
2359  * <pre>
2360  * id-ce-cRLNumber OBJECT IDENTIFIER ::= { id-ce 20 }
2361  * CRLNumber ::= INTEGER (0..MAX)
2362  * </pre>
2363  * Constructor of this class may have following parameters:
2364  * <ul>
2365  * <li>{String}extname - name "cRLNumber". It is ignored in this class but
2366  * required to use with {@link KJUR.asn1.x509.Extensions} class. (OPTION)</li>
2367  * <li>{Object}num - CRLNumber value to specify
2368  * {@link KJUR.asn1.DERInteger} parameter.</li>
2369  * <li>{Boolean}critical - critical flag. Generally false and not specified
2370  * in this class.(OPTION)</li>
2371  * </ul>
2372  *
2373  * @example
2374  * new KJUR.asn1.x509.CRLNumber({extname:'cRLNumber',
2375  *                               num:{'int':147}})
2376  */
2377 KJUR.asn1.x509.CRLNumber = function(params) {
2378     KJUR.asn1.x509.CRLNumber.superclass.constructor.call(this, params);
2379     this.params = undefined;
2380 
2381     this.getExtnValueHex = function() {
2382         this.asn1ExtnValue = new KJUR.asn1.DERInteger(this.params.num);
2383         return this.asn1ExtnValue.getEncodedHex();
2384     };
2385 
2386     this.oid = "2.5.29.20";
2387     if (params != undefined) this.params = params;
2388 };
2389 YAHOO.lang.extend(KJUR.asn1.x509.CRLNumber, KJUR.asn1.x509.Extension);
2390 
2391 /**
2392  * CRLReason CRL entry extension ASN.1 structure class<br/>
2393  * @name KJUR.asn1.x509.CRLReason
2394  * @class CRLReason CRL entry extension ASN.1 structure class
2395  * @extends KJUR.asn1.x509.Extension
2396  * @since jsrsasign 9.1.0 asn1x509 2.1.0
2397  * @see KJUR.asn1.x509.TBSCertList
2398  * @see KJUR.asn1.x509.Extensions
2399  * @description
2400  * This class represents ASN.1 structure for
2401  * CRLReason CRL entry extension defined in
2402  * <a href="https://tools.ietf.org/html/rfc5280#section-5.3.1">
2403  * RFC 5280 5.3.1</a>
2404  * <pre>
2405  * id-ce-cRLReasons OBJECT IDENTIFIER ::= { id-ce 21 }
2406  * -- reasonCode ::= { CRLReason }
2407  * CRLReason ::= ENUMERATED {
2408  *      unspecified             (0),
2409  *      keyCompromise           (1),
2410  *      cACompromise            (2),
2411  *      affiliationChanged      (3),
2412  *      superseded              (4),
2413  *      cessationOfOperation    (5),
2414  *      certificateHold         (6),
2415  *      removeFromCRL           (8),
2416  *      privilegeWithdrawn      (9),
2417  *      aACompromise           (10) }
2418  * </pre>
2419  * Constructor of this class may have following parameters:
2420  * <ul>
2421  * <li>{String}extname - name "cRLReason". It is ignored in this class but
2422  * required to use with {@link KJUR.asn1.x509.Extensions} class. (OPTION)</li>
2423  * <li>{Integer}code - reasonCode value</li>
2424  * <li>{Boolean}critical - critical flag. Generally false and not specified
2425  * in this class.(OPTION)</li>
2426  * </ul>
2427  *
2428  * @example
2429  * new KJUR.asn1.x509.CRLReason({extname:'cRLNumber',code:4})
2430  */
2431 KJUR.asn1.x509.CRLReason = function(params) {
2432     KJUR.asn1.x509.CRLReason.superclass.constructor.call(this, params);
2433     this.params = undefined;
2434 
2435     this.getExtnValueHex = function() {
2436         this.asn1ExtnValue = new KJUR.asn1.DEREnumerated(this.params.code);
2437         return this.asn1ExtnValue.getEncodedHex();
2438     };
2439 
2440     this.oid = "2.5.29.21";
2441     if (params != undefined) this.params = params;
2442 };
2443 YAHOO.lang.extend(KJUR.asn1.x509.CRLReason, KJUR.asn1.x509.Extension);
2444 
2445 // === END   CRL Related ===================================================
2446 
2447 // === BEGIN OCSP Related ===================================================
2448 /**
2449  * Nonce OCSP extension ASN.1 structure class<br/>
2450  * @name KJUR.asn1.x509.OCSPNonce
2451  * @class Nonce OCSP extension ASN.1 structure class
2452  * @extends KJUR.asn1.x509.Extension
2453  * @since jsrsasign 9.1.6 asn1x509 2.1.2
2454  * @param {Array} params JSON object for Nonce extension
2455  * @see KJUR.asn1.ocsp.ResponseData
2456  * @see KJUR.asn1.x509.Extensions
2457  * @see X509#getExtOCSPNonce
2458  * @description
2459  * This class represents
2460  * Nonce OCSP extension value defined in
2461  * <a href="https://tools.ietf.org/html/rfc6960#section-4.4.1">
2462  * RFC 6960 4.4.1</a> as JSON object.
2463  * <pre>
2464  * id-pkix-ocsp           OBJECT IDENTIFIER ::= { id-ad-ocsp }
2465  * id-pkix-ocsp-nonce     OBJECT IDENTIFIER ::= { id-pkix-ocsp 2 }
2466  * Nonce ::= OCTET STRING
2467  * </pre>
2468  * Constructor of this class may have following parameters:
2469  * <ul>
2470  * <li>{String}extname - name "ocspNonce". It is ignored in this class but
2471  * required to use with {@link KJUR.asn1.x509.Extensions} class. (OPTION)</li>
2472  * <li>{String}hex - hexadecimal string of nonce value</li>
2473  * <li>{Number}int - integer of nonce value. "hex" or "int" needs to be
2474  * specified.</li>
2475  * <li>{Boolean}critical - critical flag. Generally false and not specified
2476  * in this class.(OPTION)</li>
2477  * </ul>
2478  *
2479  * @example
2480  * new KJUR.asn1.x509.OCSPNonce({extname:'ocspNonce',
2481  *                               hex: '12ab...'})
2482  */
2483 KJUR.asn1.x509.OCSPNonce = function(params) {
2484     KJUR.asn1.x509.OCSPNonce.superclass.constructor.call(this, params);
2485     this.params = undefined;
2486 
2487     this.getExtnValueHex = function() {
2488         this.asn1ExtnValue = new KJUR.asn1.DEROctetString(this.params);
2489         return this.asn1ExtnValue.getEncodedHex();
2490     };
2491 
2492     this.oid = "1.3.6.1.5.5.7.48.1.2";
2493     if (params != undefined) this.params = params;
2494 };
2495 YAHOO.lang.extend(KJUR.asn1.x509.OCSPNonce, KJUR.asn1.x509.Extension);
2496 
2497 /**
2498  * OCSPNoCheck certificate ASN.1 structure class<br/>
2499  * @name KJUR.asn1.x509.OCSPNoCheck
2500  * @class OCSPNoCheck extension ASN.1 structure class
2501  * @extends KJUR.asn1.x509.Extension
2502  * @since jsrsasign 9.1.6 asn1x509 2.1.2
2503  * @param {Array} params JSON object for OCSPNoCheck extension
2504  * @see KJUR.asn1.x509.Extensions
2505  * @see X509#getExtOCSPNoCheck
2506  * @description
2507  * This class represents
2508  * OCSPNoCheck extension value defined in
2509  * <a href="https://tools.ietf.org/html/rfc6960#section-4.2.2.2.1">
2510  * RFC 6960 4.2.2.2.1</a> as JSON object.
2511  * <pre>
2512  * id-pkix-ocsp-nocheck OBJECT IDENTIFIER ::= { id-pkix-ocsp 5 }
2513  * </pre>
2514  * Constructor of this class may have following parameters:
2515  * <ul>
2516  * <li>{String}extname - name "ocspNoCheck". It is ignored in this class but
2517  * required to use with {@link KJUR.asn1.x509.Extensions} class. (OPTION)</li>
2518  * <li>{Boolean}critical - critical flag. Generally false and not specified
2519  * in this class.(OPTION)</li>
2520  * </ul>
2521  *
2522  * @example
2523  * new KJUR.asn1.x509.OCSPNonce({extname:'ocspNoCheck'})
2524  */
2525 KJUR.asn1.x509.OCSPNoCheck = function(params) {
2526     KJUR.asn1.x509.OCSPNoCheck.superclass.constructor.call(this, params);
2527     this.params = undefined;
2528 
2529     this.getExtnValueHex = function() {
2530         this.asn1ExtnValue = new KJUR.asn1.DERNull();
2531         return this.asn1ExtnValue.getEncodedHex();
2532     };
2533 
2534     this.oid = "1.3.6.1.5.5.7.48.1.5";
2535     if (params != undefined) this.params = params;
2536 };
2537 YAHOO.lang.extend(KJUR.asn1.x509.OCSPNoCheck, KJUR.asn1.x509.Extension);
2538 
2539 // === END   OCSP Related ===================================================
2540 
2541 // === BEGIN Other X.509v3 Extensions========================================
2542 
2543 /**
2544  * AdobeTimeStamp X.509v3 extension ASN.1 encoder class<br/>
2545  * @name KJUR.asn1.x509.AdobeTimeStamp
2546  * @class AdobeTimeStamp X.509v3 extension ASN.1 encoder class
2547  * @extends KJUR.asn1.x509.Extension
2548  * @since jsrsasign 10.0.1 asn1x509 2.1.4
2549  * @param {Array} params JSON object for AdobeTimeStamp extension parameter
2550  * @see KJUR.asn1.x509.Extensions
2551  * @see X509#getExtAdobeTimeStamp
2552  * @description
2553  * This class represents
2554  * AdobeTimeStamp X.509v3 extension value defined in
2555  * <a href="https://www.adobe.com/devnet-docs/acrobatetk/tools/DigSigDC/oids.html">
2556  * Adobe site</a> as JSON object.
2557  * <pre>
2558  * adbe- OBJECT IDENTIFIER ::=  { adbe(1.2.840.113583) acrobat(1) security(1) x509Ext(9) 1 }
2559  *  ::= SEQUENCE {
2560  *     version INTEGER  { v1(1) }, -- extension version
2561  *     location GeneralName (In v1 GeneralName can be only uniformResourceIdentifier)
2562  *     requiresAuth        boolean (default false), OPTIONAL }
2563  * </pre>
2564  * Constructor of this class may have following parameters:
2565  * <ul>
2566  * <li>{String}uri - RFC 3161 time stamp service URL</li>
2567  * <li>{Boolean}reqauth - authentication required or not</li>
2568  * </ul>
2569  * </pre>
2570  * <br/>
2571  * NOTE: This extesion doesn't seem to have official name. This may be called as "pdfTimeStamp".
2572  * @example
2573  * new KJUR.asn1.x509.AdobeTimesStamp({
2574  *   uri: "http://tsa.example.com/",
2575  *   reqauth: true
2576  * }
2577  */
2578 KJUR.asn1.x509.AdobeTimeStamp = function(params) {
2579     KJUR.asn1.x509.AdobeTimeStamp.superclass.constructor.call(this, params);
2580 
2581     var _KJUR = KJUR,
2582 	_KJUR_asn1 = _KJUR.asn1,
2583 	_DERInteger = _KJUR_asn1.DERInteger,
2584 	_DERBoolean = _KJUR_asn1.DERBoolean,
2585 	_DERSequence = _KJUR_asn1.DERSequence,
2586 	_GeneralName = _KJUR_asn1.x509.GeneralName;
2587 
2588     this.params = null;
2589 
2590     this.getExtnValueHex = function() {
2591 	var params = this.params;
2592 	var a = [new _DERInteger(1)];
2593 	a.push(new _GeneralName({uri: params.uri}));
2594 	if (params.reqauth != undefined) {
2595 	    a.push(new _DERBoolean(params.reqauth));
2596 	}
2597 
2598         this.asn1ExtnValue = new _DERSequence({array: a});
2599         return this.asn1ExtnValue.getEncodedHex();
2600     };
2601 
2602     this.oid = "1.2.840.113583.1.1.9.1";
2603     if (params !== undefined) this.setByParam(params);
2604 };
2605 YAHOO.lang.extend(KJUR.asn1.x509.AdobeTimeStamp, KJUR.asn1.x509.Extension);
2606  
2607 // === END   Other X.509v3 Extensions========================================
2608 
2609 
2610 // === BEGIN X500Name Related =================================================
2611 /**
2612  * X500Name ASN.1 structure class
2613  * @name KJUR.asn1.x509.X500Name
2614  * @class X500Name ASN.1 structure class
2615  * @param {Array} params associative array of parameters (ex. {'str': '/C=US/O=a'})
2616  * @extends KJUR.asn1.ASN1Object
2617  * @see KJUR.asn1.x509.X500Name
2618  * @see KJUR.asn1.x509.RDN
2619  * @see KJUR.asn1.x509.AttributeTypeAndValue
2620  * @see X509#getX500Name
2621  * @description
2622  * This class provides DistinguishedName ASN.1 class structure
2623  * defined in <a href="https://tools.ietf.org/html/rfc2253#section-2">RFC 2253 section 2</a>.
2624  * <blockquote><pre>
2625  * DistinguishedName ::= RDNSequence
2626  * RDNSequence ::= SEQUENCE OF RelativeDistinguishedName
2627  * RelativeDistinguishedName ::= SET SIZE (1..MAX) OF
2628  *   AttributeTypeAndValue
2629  * AttributeTypeAndValue ::= SEQUENCE {
2630  *   type  AttributeType,
2631  *   value AttributeValue }
2632  * </pre></blockquote>
2633  * <br/>
2634  * Argument for the constructor can be one of following parameters:
2635  * <ul>
2636  * <li>{Array}array - array of {@link KJUR.asn1.x509.RDN} parameter</li>
2637  * <li>`String}str - string for distingish name in OpenSSL One line foramt (ex: /C=US/O=test/CN=test) See <a href="https://github.com/kjur/jsrsasign/wiki/NOTE-distinguished-name-representation-in-jsrsasign">this</a> in detail.</li>
2638  * <li>{String}ldapstr - string for distinguish name in LDAP format (ex: CN=test,O=test,C=US)</li>
2639  * <li>{String}hex - hexadecimal string for ASN.1 distinguish name structure</li>
2640  * <li>{String}certissuer - issuer name in the specified PEM certificate</li>
2641  * <li>{String}certsubject - subject name in the specified PEM certificate</li>
2642  * <li>{String}rule - DirectoryString rule (ex. "prn" or "utf8")</li>
2643  * </ul>
2644  * <br/>
2645  * NOTE1: The "array" and "rule" parameters have been supported
2646  * since jsrsasign 9.0.0 asn1x509 2.0.0.
2647  * <br/>
2648  * NOTE2: Multi-valued RDN in "str" parameter have been
2649  * supported since jsrsasign 6.2.1 asn1x509 1.0.17.
2650  * @example
2651  * // 1. construct with array
2652  * new KJUR.asn1.x509.X500Name({array:[
2653  *   [{type:'C',value:'JP',ds:'prn'}],
2654  *   [{type:'O',value:'aaa',ds:'utf8'}, // multi-valued RDN
2655  *    {type:'CN',value:'bob@example.com',ds:'ia5'}]
2656  * ]})
2657 : "/C=US/O=aaa+CN=contact@example.com"}); // multi valued
2658  * // 2. construct with string
2659  * new KJUR.asn1.x509.X500Name({str: "/C=US/O=aaa+CN=contact@example.com"}); // multi valued
2660  * // 3. construct by LDAP string
2661  * new KJUR.asn1.x509.X500Name({ldapstr: "CN=foo@example.com,OU=bbb,C=US"});
2662  * // 4. construct by ASN.1 hex string
2663  * new KJUR.asn1.x509.X500Name({hex: "304c3120..."});
2664  * // 5. construct by issuer of PEM certificate
2665  * new KJUR.asn1.x509.X500Name({certsubject: "-----BEGIN CERT..."});
2666  * // 6. construct by subject of PEM certificate
2667  * new KJUR.asn1.x509.X500Name({certissuer: "-----BEGIN CERT..."});
2668  * // 7. construct by object (DEPRECATED)
2669  * new KJUR.asn1.x509.X500Name({C:"US",O:"aaa",CN:"http://example.com/"});
2670  */
2671 KJUR.asn1.x509.X500Name = function(params) {
2672     KJUR.asn1.x509.X500Name.superclass.constructor.call(this);
2673     this.asn1Array = [];
2674     this.paramArray = [];
2675     this.sRule = "utf8";
2676     var _KJUR = KJUR,
2677 	_KJUR_asn1 = _KJUR.asn1,
2678 	_KJUR_asn1_x509 = _KJUR_asn1.x509,
2679 	_RDN = _KJUR_asn1_x509.RDN,
2680 	_pemtohex = pemtohex;
2681 
2682     /**
2683      * set DN by OpenSSL oneline distinguished name string<br/>
2684      * @name setByString
2685      * @memberOf KJUR.asn1.x509.X500Name#
2686      * @function
2687      * @param {String} dnStr distinguished name by string (ex. /C=US/O=aaa)
2688      * @description
2689      * Sets distinguished name by string. 
2690      * dnStr must be formatted as 
2691      * "/type0=value0/type1=value1/type2=value2...".
2692      * No need to escape a slash in an attribute value.
2693      * @example
2694      * name = new KJUR.asn1.x509.X500Name();
2695      * name.setByString("/C=US/O=aaa/OU=bbb/CN=foo@example.com");
2696      * // no need to escape slash in an attribute value
2697      * name.setByString("/C=US/O=aaa/CN=1980/12/31");
2698      */
2699     this.setByString = function(dnStr, sRule) {
2700 	if (sRule !== undefined) this.sRule = sRule;
2701         var a = dnStr.split('/');
2702         a.shift();
2703 
2704 	var a1 = [];
2705 	for (var i = 0; i < a.length; i++) {
2706 	  if (a[i].match(/^[^=]+=.+$/)) {
2707 	    a1.push(a[i]);
2708 	  } else {
2709 	    var lastidx = a1.length - 1;
2710 	    a1[lastidx] = a1[lastidx] + "/" + a[i];
2711 	  }
2712 	}
2713 
2714         for (var i = 0; i < a1.length; i++) {
2715             this.asn1Array.push(new _RDN({'str':a1[i], rule:this.sRule}));
2716         }
2717     };
2718 
2719     /**
2720      * set DN by LDAP(RFC 2253) distinguished name string<br/>
2721      * @name setByLdapString
2722      * @memberOf KJUR.asn1.x509.X500Name#
2723      * @function
2724      * @param {String} dnStr distinguished name by LDAP string (ex. O=aaa,C=US)
2725      * @since jsrsasign 6.2.2 asn1x509 1.0.18
2726      * @see {@link KJUR.asn1.x509.X500Name.ldapToCompat}
2727      * @description
2728      * @example
2729      * name = new KJUR.asn1.x509.X500Name();
2730      * name.setByLdapString("CN=foo@example.com,OU=bbb,O=aaa,C=US");
2731      */
2732     this.setByLdapString = function(dnStr, sRule) {
2733 	if (sRule !== undefined) this.sRule = sRule;
2734 	var compat = _KJUR_asn1_x509.X500Name.ldapToCompat(dnStr);
2735 	this.setByString(compat, sRule);
2736     };
2737 
2738     /**
2739      * set DN by associative array<br/>
2740      * @name setByObject
2741      * @memberOf KJUR.asn1.x509.X500Name#
2742      * @function
2743      * @param {Array} dnObj associative array of DN (ex. {C: "US", O: "aaa"})
2744      * @since jsrsasign 4.9. asn1x509 1.0.13
2745      * @description
2746      * @example
2747      * name = new KJUR.asn1.x509.X500Name();
2748      * name.setByObject({C: "US", O: "aaa", CN="http://example.com/"1});
2749      */
2750     this.setByObject = function(dnObj, sRule) {
2751 	if (sRule !== undefined) this.sRule = sRule;
2752 
2753         // Get all the dnObject attributes and stuff them in the ASN.1 array.
2754         for (var x in dnObj) {
2755             if (dnObj.hasOwnProperty(x)) {
2756                 var newRDN = new _RDN({str: x + '=' + dnObj[x], rule: this.sRule});
2757                 // Initialize or push into the ANS1 array.
2758                 this.asn1Array ? this.asn1Array.push(newRDN)
2759                     : this.asn1Array = [newRDN];
2760             }
2761         }
2762     };
2763 
2764     this.setByParam = function(params) {
2765 	if (params.rule !== undefined) this.sRule = params.rule;
2766 
2767 	if (params.array !== undefined) {
2768 	    this.paramArray = params.array;
2769 	} else {
2770             if (params.str !== undefined) {
2771 		this.setByString(params.str);
2772             } else if (params.ldapstr !== undefined) {
2773 		this.setByLdapString(params.ldapstr);
2774 	    } else if (params.hex !== undefined) {
2775 		this.hTLV = params.hex;
2776             } else if (params.certissuer !== undefined) {
2777 		var x = new X509();
2778 		x.readCertPEM(params.certissuer);
2779 		this.hTLV = x.getIssuerHex();
2780             } else if (params.certsubject !== undefined) {
2781 		var x = new X509();
2782 		x.readCertPEM(params.certsubject);
2783 		this.hTLV = x.getSubjectHex();
2784 		// If params is an object, then set the ASN1 array
2785 		// just using the object attributes. 
2786 		// This is nice for fields that have lots of special
2787 		// characters (i.e. CN: 'https://www.github.com/kjur//').
2788             } else if (typeof params === "object" &&
2789 		       params.certsubject === undefined &&
2790 		       params.certissuer === undefined) {
2791 		this.setByObject(params);
2792             }
2793 	}
2794     }
2795 
2796     this.getEncodedHex = function() {
2797         if (typeof this.hTLV == "string") return this.hTLV;
2798 
2799 	if (this.asn1Array.length == 0 && this.paramArray.length > 0) {
2800 	    for (var i = 0; i < this.paramArray.length; i++) {
2801 		var param = {array: this.paramArray[i]};
2802 		if (this.sRule != "utf8") param.rule = this.sRule;
2803 		var asn1RDN = new _RDN(param);
2804 		this.asn1Array.push(asn1RDN);
2805 	    }
2806 	}
2807 
2808         var o = new _KJUR_asn1.DERSequence({"array": this.asn1Array});
2809         this.hTLV = o.getEncodedHex();
2810         return this.hTLV;
2811     };
2812 
2813     if (params !== undefined) this.setByParam(params);
2814 };
2815 YAHOO.lang.extend(KJUR.asn1.x509.X500Name, KJUR.asn1.ASN1Object);
2816 
2817 /**
2818  * convert OpenSSL compat distinguished name format string to LDAP(RFC 2253) format<br/>
2819  * @name compatToLDAP
2820  * @memberOf KJUR.asn1.x509.X500Name
2821  * @function
2822  * @param {String} s distinguished name string in OpenSSL oneline compat (ex. /C=US/O=test)
2823  * @return {String} distinguished name string in LDAP(RFC 2253) format (ex. O=test,C=US)
2824  * @since jsrsasign 8.0.19 asn1x509 1.1.20
2825  * @description
2826  * This static method converts a distinguished name string in OpenSSL compat
2827  * format to LDAP(RFC 2253) format.
2828  * @see <a href="https://github.com/kjur/jsrsasign/wiki/NOTE-distinguished-name-representation-in-jsrsasign">jsrsasign wiki: distinguished name string difference between OpenSSL compat and LDAP(RFC 2253)</a>
2829  * @see <a href="https://www.openssl.org/docs/man1.0.2/man1/openssl-x509.html#NAME-OPTIONS">OpenSSL x509 command manual - NAME OPTIONS</a>
2830  * @example
2831  * KJUR.asn1.x509.X500Name.compatToLDAP("/C=US/O=test") → 'O=test,C=US'
2832  * KJUR.asn1.x509.X500Name.compatToLDAP("/C=US/O=a,a") → 'O=a\,a,C=US'
2833  */
2834 KJUR.asn1.x509.X500Name.compatToLDAP = function(s) {
2835     if (s.substr(0, 1) !== "/") throw "malformed input";
2836 
2837     var result = "";
2838     s = s.substr(1);
2839 
2840     var a = s.split("/");
2841     a.reverse();
2842     a = a.map(function(s) {return s.replace(/,/, "\\,")});
2843 
2844     return a.join(",");
2845 };
2846 
2847 /**
2848  * convert OpenSSL compat distinguished name format string to LDAP(RFC 2253) format (DEPRECATED)<br/>
2849  * @name onelineToLDAP
2850  * @memberOf KJUR.asn1.x509.X500Name
2851  * @function
2852  * @param {String} s distinguished name string in OpenSSL compat format (ex. /C=US/O=test)
2853  * @return {String} distinguished name string in LDAP(RFC 2253) format (ex. O=test,C=US)
2854  * @since jsrsasign 6.2.2 asn1x509 1.0.18
2855  * @see KJUR.asn1.x509.X500Name.compatToLDAP
2856  * @description
2857  * This method is deprecated. Please use 
2858  * {@link KJUR.asn1.x509.X500Name.compatToLDAP} instead.
2859  */
2860 KJUR.asn1.x509.X500Name.onelineToLDAP = function(s) {
2861     return KJUR.asn1.x509.X500Name.compatToLDAP(s);
2862 }
2863 
2864 /**
2865  * convert LDAP(RFC 2253) distinguished name format string to OpenSSL compat format<br/>
2866  * @name ldapToCompat
2867  * @memberOf KJUR.asn1.x509.X500Name
2868  * @function
2869  * @param {String} s distinguished name string in LDAP(RFC 2253) format (ex. O=test,C=US)
2870  * @return {String} distinguished name string in OpenSSL compat format (ex. /C=US/O=test)
2871  * @since jsrsasign 8.0.19 asn1x509 1.1.10
2872  * @description
2873  * This static method converts a distinguished name string in 
2874  * LDAP(RFC 2253) format to OpenSSL compat format.
2875  * @see <a href="https://github.com/kjur/jsrsasign/wiki/NOTE-distinguished-name-representation-in-jsrsasign">jsrsasign wiki: distinguished name string difference between OpenSSL compat and LDAP(RFC 2253)</a>
2876  * @example
2877  * KJUR.asn1.x509.X500Name.ldapToCompat('O=test,C=US') → '/C=US/O=test'
2878  * KJUR.asn1.x509.X500Name.ldapToCompat('O=a\,a,C=US') → '/C=US/O=a,a'
2879  * KJUR.asn1.x509.X500Name.ldapToCompat('O=a/a,C=US')  → '/C=US/O=a\/a'
2880  */
2881 KJUR.asn1.x509.X500Name.ldapToCompat = function(s) {
2882     var a = s.split(",");
2883 
2884     // join \,
2885     var isBSbefore = false;
2886     var a2 = [];
2887     for (var i = 0; a.length > 0; i++) {
2888 	var item = a.shift();
2889 	//console.log("item=" + item);
2890 
2891 	if (isBSbefore === true) {
2892 	    var a2last = a2.pop();
2893 	    var newitem = (a2last + "," + item).replace(/\\,/g, ",");
2894 	    a2.push(newitem);
2895 	    isBSbefore = false;
2896 	} else {
2897 	    a2.push(item);
2898 	}
2899 
2900 	if (item.substr(-1, 1) === "\\") isBSbefore = true;
2901     }
2902 
2903     a2 = a2.map(function(s) {return s.replace("/", "\\/")});
2904     a2.reverse();
2905     return "/" + a2.join("/");
2906 };
2907 
2908 /**
2909  * convert LDAP(RFC 2253) distinguished name format string to OpenSSL compat format (DEPRECATED)<br/>
2910  * @name ldapToOneline
2911  * @memberOf KJUR.asn1.x509.X500Name
2912  * @function
2913  * @param {String} s distinguished name string in LDAP(RFC 2253) format (ex. O=test,C=US)
2914  * @return {String} distinguished name string in OpenSSL compat format (ex. /C=US/O=test)
2915  * @since jsrsasign 6.2.2 asn1x509 1.0.18
2916  * @description
2917  * This method is deprecated. Please use 
2918  * {@link KJUR.asn1.x509.X500Name.ldapToCompat} instead.
2919  */
2920 KJUR.asn1.x509.X500Name.ldapToOneline = function(s) {
2921     return KJUR.asn1.x509.X500Name.ldapToCompat(s);
2922 };
2923 
2924 /**
2925  * RDN (Relative Distinguished Name) ASN.1 structure class
2926  * @name KJUR.asn1.x509.RDN
2927  * @class RDN (Relative Distinguished Name) ASN.1 structure class
2928  * @param {Array} params associative array of parameters (ex. {'str': 'C=US'})
2929  * @extends KJUR.asn1.ASN1Object
2930  * @see KJUR.asn1.x509.X500Name
2931  * @see KJUR.asn1.x509.RDN
2932  * @see KJUR.asn1.x509.AttributeTypeAndValue
2933  * @description
2934  * This class provides RelativeDistinguishedName ASN.1 class structure
2935  * defined in <a href="https://tools.ietf.org/html/rfc2253#section-2">RFC 2253 section 2</a>.
2936  * <blockquote><pre>
2937  * RelativeDistinguishedName ::= SET SIZE (1..MAX) OF
2938  *   AttributeTypeAndValue
2939  *
2940  * AttributeTypeAndValue ::= SEQUENCE {
2941  *   type  AttributeType,
2942  *   value AttributeValue }
2943  * </pre></blockquote>
2944  * <br/>
2945  * NOTE1: The "array" and "rule" parameters have been supported
2946  * since jsrsasign 9.0.0 asn1x509 2.0.0.
2947  * <br/>
2948  * NOTE2: Multi-valued RDN in "str" parameter have been
2949  * supported since jsrsasign 6.2.1 asn1x509 1.0.17.
2950  * @example
2951  * new KJUR.asn1.x509.RDN({array: [ // multi-valued
2952  *    {type:"CN",value:"Bob",ds:"prn"},
2953  *    {type:"CN",value:"bob@example.com", ds:"ia5"}
2954  * ]});
2955  * new KJUR.asn1.x509.RDN({str: "CN=test"});
2956  * new KJUR.asn1.x509.RDN({str: "O=a+O=bb+O=c"}); // multi-valued
2957  * new KJUR.asn1.x509.RDN({str: "O=a+O=b\\+b+O=c"}); // plus escaped
2958  * new KJUR.asn1.x509.RDN({str: "O=a+O=\"b+b\"+O=c"}); // double quoted
2959  */
2960 KJUR.asn1.x509.RDN = function(params) {
2961     KJUR.asn1.x509.RDN.superclass.constructor.call(this);
2962     this.asn1Array = [];
2963     this.paramArray = [];
2964     this.sRule = "utf8"; // DEFAULT "utf8"
2965     var _AttributeTypeAndValue = KJUR.asn1.x509.AttributeTypeAndValue;
2966 
2967     this.setByParam = function(params) {
2968 	if (params.rule !== undefined) this.sRule = params.rule;
2969         if (params.str !== undefined) {
2970             this.addByMultiValuedString(params.str);
2971         }
2972 	if (params.array !== undefined) this.paramArray = params.array;
2973     };
2974 
2975     /**
2976      * add one AttributeTypeAndValue by string<br/>
2977      * @name addByString
2978      * @memberOf KJUR.asn1.x509.RDN#
2979      * @function
2980      * @param {String} s string of AttributeTypeAndValue
2981      * @return {Object} unspecified
2982      * @description
2983      * This method add one AttributeTypeAndValue to RDN object.
2984      * @example
2985      * rdn = new KJUR.asn1.x509.RDN();
2986      * rdn.addByString("CN=john");
2987      * rdn.addByString("serialNumber=1234"); // for multi-valued RDN
2988      */
2989     this.addByString = function(s) {
2990         this.asn1Array.push(new KJUR.asn1.x509.AttributeTypeAndValue({'str': s, rule: this.sRule}));
2991     };
2992 
2993     /**
2994      * add one AttributeTypeAndValue by multi-valued string<br/>
2995      * @name addByMultiValuedString
2996      * @memberOf KJUR.asn1.x509.RDN#
2997      * @function
2998      * @param {String} s string of multi-valued RDN
2999      * @return {Object} unspecified
3000      * @since jsrsasign 6.2.1 asn1x509 1.0.17
3001      * @description
3002      * This method add multi-valued RDN to RDN object.
3003      * @example
3004      * rdn = new KJUR.asn1.x509.RDN();
3005      * rdn.addByMultiValuedString("CN=john+O=test");
3006      * rdn.addByMultiValuedString("O=a+O=b\+b\+b+O=c"); // multi-valued RDN with quoted plus
3007      * rdn.addByMultiValuedString("O=a+O=\"b+b+b\"+O=c"); // multi-valued RDN with quoted quotation
3008      */
3009     this.addByMultiValuedString = function(s) {
3010 	var a = KJUR.asn1.x509.RDN.parseString(s);
3011 	for (var i = 0; i < a.length; i++) {
3012 	    this.addByString(a[i]);
3013 	}
3014     };
3015 
3016     this.getEncodedHex = function() {
3017 	if (this.asn1Array.length == 0 && this.paramArray.length > 0) {
3018 	    for (var i = 0; i < this.paramArray.length; i++) {
3019 		var param = this.paramArray[i];
3020 		if (param.rule !== undefined &&
3021 		    this.sRule != "utf8") {
3022 		    param.rule = this.sRule;
3023 		}
3024 		//alert(JSON.stringify(param));
3025 		var asn1ATV = new _AttributeTypeAndValue(param);
3026 		this.asn1Array.push(asn1ATV);
3027 	    }
3028 	}
3029         var o = new KJUR.asn1.DERSet({"array": this.asn1Array});
3030         this.TLV = o.getEncodedHex();
3031         return this.TLV;
3032     };
3033 
3034     if (params !== undefined) {
3035 	this.setByParam(params);
3036     }
3037 };
3038 YAHOO.lang.extend(KJUR.asn1.x509.RDN, KJUR.asn1.ASN1Object);
3039 
3040 /**
3041  * parse multi-valued RDN string and split into array of 'AttributeTypeAndValue'<br/>
3042  * @name parseString
3043  * @memberOf KJUR.asn1.x509.RDN
3044  * @function
3045  * @param {String} s multi-valued string of RDN
3046  * @return {Array} array of string of AttributeTypeAndValue
3047  * @since jsrsasign 6.2.1 asn1x509 1.0.17
3048  * @description
3049  * This static method parses multi-valued RDN string and split into
3050  * array of AttributeTypeAndValue.
3051  * @example
3052  * KJUR.asn1.x509.RDN.parseString("CN=john") → ["CN=john"]
3053  * KJUR.asn1.x509.RDN.parseString("CN=john+OU=test") → ["CN=john", "OU=test"]
3054  * KJUR.asn1.x509.RDN.parseString('CN="jo+hn"+OU=test') → ["CN=jo+hn", "OU=test"]
3055  * KJUR.asn1.x509.RDN.parseString('CN=jo\+hn+OU=test') → ["CN=jo+hn", "OU=test"]
3056  * KJUR.asn1.x509.RDN.parseString("CN=john+OU=test+OU=t1") → ["CN=john", "OU=test", "OU=t1"]
3057  */
3058 KJUR.asn1.x509.RDN.parseString = function(s) {
3059     var a = s.split(/\+/);
3060 
3061     // join \+
3062     var isBSbefore = false;
3063     var a2 = [];
3064     for (var i = 0; a.length > 0; i++) {
3065 	var item = a.shift();
3066 	//console.log("item=" + item);
3067 
3068 	if (isBSbefore === true) {
3069 	    var a2last = a2.pop();
3070 	    var newitem = (a2last + "+" + item).replace(/\\\+/g, "+");
3071 	    a2.push(newitem);
3072 	    isBSbefore = false;
3073 	} else {
3074 	    a2.push(item);
3075 	}
3076 
3077 	if (item.substr(-1, 1) === "\\") isBSbefore = true;
3078     }
3079 
3080     // join quote
3081     var beginQuote = false;
3082     var a3 = [];
3083     for (var i = 0; a2.length > 0; i++) {
3084 	var item = a2.shift();
3085 
3086 	if (beginQuote === true) {
3087 	    var a3last = a3.pop();
3088 	    if (item.match(/"$/)) {
3089 		var newitem = (a3last + "+" + item).replace(/^([^=]+)="(.*)"$/, "$1=$2");
3090 		a3.push(newitem);
3091 		beginQuote = false;
3092 	    } else {
3093 		a3.push(a3last + "+" + item);
3094 	    }
3095 	} else {
3096 	    a3.push(item);
3097 	}
3098 
3099 	if (item.match(/^[^=]+="/)) {
3100 	    //console.log(i + "=" + item);
3101 	    beginQuote = true;
3102 	}
3103     }
3104     return a3;
3105 };
3106 
3107 /**
3108  * AttributeTypeAndValue ASN.1 structure class
3109  * @name KJUR.asn1.x509.AttributeTypeAndValue
3110  * @class AttributeTypeAndValue ASN.1 structure class
3111  * @param {Array} params JSON object for parameters (ex. {str: 'C=US'})
3112  * @extends KJUR.asn1.ASN1Object
3113  * @see KJUR.asn1.x509.X500Name
3114  * @see KJUR.asn1.x509.RDN
3115  * @see KJUR.asn1.x509.AttributeTypeAndValue
3116  * @see X509#getAttrTypeAndValue
3117  * @description
3118  * This class generates AttributeTypeAndValue defined in
3119  * <a href="https://tools.ietf.org/html/rfc5280#section-4.1.2.4">
3120  * RFC 5280 4.1.2.4</a>.
3121  * <pre>
3122  * AttributeTypeAndValue ::= SEQUENCE {
3123  *   type     AttributeType,
3124  *   value    AttributeValue }
3125  * AttributeType ::= OBJECT IDENTIFIER
3126  * AttributeValue ::= ANY -- DEFINED BY AttributeType
3127  * </pre>
3128  * The constructor argument can have following parameters:
3129  * <ul>
3130  * <li>{String}type - AttributeType name or OID(ex. C,O,CN)</li>
3131  * <li>{String}value - raw string of ASN.1 value of AttributeValue</li>
3132  * <li>{String}ds - DirectoryString type of AttributeValue</li>
3133  * <li>{String}rule - DirectoryString type rule (ex. "prn" or "utf8")
3134  * set DirectoryString type automatically when "ds" not specified.</li>
3135  * <li>{String}str - AttributeTypeAndVale string (ex. "C=US").
3136  * When type and value don't exists, 
3137  * this "str" will be converted to "type" and "value".
3138  * </li>
3139  * </ul>
3140  * <br
3141  * NOTE: Parameters "type", "value,", "ds" and "rule" have
3142  * been supported since jsrsasign 9.0.0 asn1x509 2.0.0.
3143  * @example
3144  * new KJUR.asn1.x509.AttributeTypeAndValue({type:'C',value:'US',ds:'prn'})
3145  * new KJUR.asn1.x509.AttributeTypeAndValue({str:'O=T1'})
3146  * new KJUR.asn1.x509.AttributeTypeAndValue({str:'O=T1',rule='prn'})
3147  * new KJUR.asn1.x509.AttributeTypeAndValue({str:'O=T1',rule='utf8'})
3148  */
3149 KJUR.asn1.x509.AttributeTypeAndValue = function(params) {
3150     KJUR.asn1.x509.AttributeTypeAndValue.superclass.constructor.call(this);
3151     this.sRule = "utf8";
3152     this.sType = null;
3153     this.sValue = null;
3154     this.dsType = null;
3155     var _KJUR = KJUR,
3156 	_KJUR_asn1 = _KJUR.asn1,
3157 	_DERSequence = _KJUR_asn1.DERSequence,
3158 	_DERUTF8String = _KJUR_asn1.DERUTF8String,
3159 	_DERPrintableString = _KJUR_asn1.DERPrintableString,
3160 	_DERTeletexString = _KJUR_asn1.DERTeletexString,
3161 	_DERIA5String = _KJUR_asn1.DERIA5String,
3162 	_DERVisibleString = _KJUR_asn1.DERVisibleString,
3163 	_DERBMPString = _KJUR_asn1.DERBMPString,
3164 	_isMail = _KJUR.lang.String.isMail,
3165 	_isPrintable = _KJUR.lang.String.isPrintable;
3166 
3167     this.setByParam = function(params) {
3168 	if (params.rule !== undefined) this.sRule = params.rule;
3169 	if (params.ds !== undefined)   this.dsType = params.ds;
3170 
3171         if (params.value === undefined &&
3172 	    params.str !== undefined) {
3173 	    var str = params.str;
3174             var matchResult = str.match(/^([^=]+)=(.+)$/);
3175             if (matchResult) {
3176 		this.sType = matchResult[1];
3177 		this.sValue = matchResult[2];
3178             } else {
3179 		throw new Error("malformed attrTypeAndValueStr: " +
3180 				attrTypeAndValueStr);
3181             }
3182 	    
3183 	    //this.setByString(params.str);
3184         } else {
3185 	    this.sType = params.type;
3186 	    this.sValue = params.value;
3187 	}
3188     };
3189 
3190     /*
3191      * @deprecated
3192      */
3193     this.setByString = function(sTypeValue, sRule) {
3194 	if (sRule !== undefined) this.sRule = sRule;
3195         var matchResult = sTypeValue.match(/^([^=]+)=(.+)$/);
3196         if (matchResult) {
3197             this.setByAttrTypeAndValueStr(matchResult[1], matchResult[2]);
3198         } else {
3199             throw new Error("malformed attrTypeAndValueStr: " +
3200 			    attrTypeAndValueStr);
3201         }
3202     };
3203 
3204     this._getDsType = function() {
3205 	var sType = this.sType;
3206 	var sValue = this.sValue;
3207 	var sRule = this.sRule;
3208 
3209 	if (sRule === "prn") {
3210 	    if (sType == "CN" && _isMail(sValue)) return "ia5";
3211 	    if (_isPrintable(sValue)) return "prn";
3212 	    return "utf8";
3213 	} else if (sRule === "utf8") {
3214 	    if (sType == "CN" && _isMail(sValue)) return "ia5";
3215 	    if (sType == "C") return "prn";
3216 	    return "utf8";
3217 	}
3218 	return "utf8"; // default
3219     };
3220 
3221     this.setByAttrTypeAndValueStr = function(sType, sValue, sRule) {
3222 	if (sRule !== undefined) this.sRule = sRule;
3223 	this.sType = sType;
3224 	this.sValue = sValue;
3225     };
3226 
3227     this.getValueObj = function(dsType, valueStr) {
3228         if (dsType == "utf8") return new _DERUTF8String({"str": valueStr});
3229         if (dsType == "prn")  return new _DERPrintableString({"str": valueStr});
3230         if (dsType == "tel")  return new _DERTeletexString({"str": valueStr});
3231         if (dsType == "ia5")  return new _DERIA5String({"str": valueStr});
3232         if (dsType == "vis")  return new _DERVisibleString({"str": valueStr});
3233         if (dsType == "bmp")  return new _DERBMPString({"str": valueStr});
3234         throw new Error("unsupported directory string type: type=" +
3235 			dsType + " value=" + valueStr);
3236     };
3237 
3238     this.getEncodedHex = function() {
3239 	if (this.dsType == null) this.dsType = this._getDsType();
3240 	var asn1Type = KJUR.asn1.x509.OID.atype2obj(this.sType);
3241 	var asn1Value = this.getValueObj(this.dsType, this.sValue);
3242         var o = new _DERSequence({"array": [asn1Type, asn1Value]});
3243         this.TLV = o.getEncodedHex();
3244         return this.TLV;
3245     };
3246 
3247     if (params !== undefined) {
3248 	this.setByParam(params);
3249     }
3250 };
3251 YAHOO.lang.extend(KJUR.asn1.x509.AttributeTypeAndValue, KJUR.asn1.ASN1Object);
3252 
3253 // === END   X500Name Related =================================================
3254 
3255 // === BEGIN Other ASN1 structure class  ======================================
3256 
3257 /**
3258  * SubjectPublicKeyInfo ASN.1 structure class
3259  * @name KJUR.asn1.x509.SubjectPublicKeyInfo
3260  * @class SubjectPublicKeyInfo ASN.1 structure class
3261  * @param {Object} params parameter for subject public key
3262  * @extends KJUR.asn1.ASN1Object
3263  * @description
3264  * <br/>
3265  * As for argument 'params' for constructor, you can specify one of
3266  * following properties:
3267  * <ul>
3268  * <li>{@link RSAKey} object</li>
3269  * <li>{@link KJUR.crypto.ECDSA} object</li>
3270  * <li>{@link KJUR.crypto.DSA} object</li>
3271  * </ul>
3272  * NOTE1: 'params' can be omitted.<br/>
3273  * NOTE2: DSA/ECDSA key object is also supported since asn1x509 1.0.6.<br/>
3274  * <h4>EXAMPLE</h4>
3275  * @example
3276  * spki = new KJUR.asn1.x509.SubjectPublicKeyInfo(RSAKey_object);
3277  * spki = new KJUR.asn1.x509.SubjectPublicKeyInfo(KJURcryptoECDSA_object);
3278  * spki = new KJUR.asn1.x509.SubjectPublicKeyInfo(KJURcryptoDSA_object);
3279  */
3280 KJUR.asn1.x509.SubjectPublicKeyInfo = function(params) {
3281     KJUR.asn1.x509.SubjectPublicKeyInfo.superclass.constructor.call(this);
3282     var asn1AlgId = null,
3283 	asn1SubjPKey = null,
3284 	_KJUR = KJUR,
3285 	_KJUR_asn1 = _KJUR.asn1,
3286 	_DERInteger = _KJUR_asn1.DERInteger,
3287 	_DERBitString = _KJUR_asn1.DERBitString,
3288 	_DERObjectIdentifier = _KJUR_asn1.DERObjectIdentifier,
3289 	_DERSequence = _KJUR_asn1.DERSequence,
3290 	_newObject = _KJUR_asn1.ASN1Util.newObject,
3291 	_KJUR_asn1_x509 = _KJUR_asn1.x509,
3292 	_AlgorithmIdentifier = _KJUR_asn1_x509.AlgorithmIdentifier,
3293 	_KJUR_crypto = _KJUR.crypto,
3294 	_KJUR_crypto_ECDSA = _KJUR_crypto.ECDSA,
3295 	_KJUR_crypto_DSA = _KJUR_crypto.DSA;
3296 
3297     /*
3298      * @since asn1x509 1.0.7
3299      */
3300     this.getASN1Object = function() {
3301         if (this.asn1AlgId == null || this.asn1SubjPKey == null)
3302             throw "algId and/or subjPubKey not set";
3303         var o = new _DERSequence({'array':
3304                                   [this.asn1AlgId, this.asn1SubjPKey]});
3305         return o;
3306     };
3307 
3308     this.getEncodedHex = function() {
3309         var o = this.getASN1Object();
3310         this.hTLV = o.getEncodedHex();
3311         return this.hTLV;
3312     };
3313 
3314     /**
3315      * @name setPubKey
3316      * @memberOf KJUR.asn1.x509.SubjectPublicKeyInfo#
3317      * @function
3318      * @param {Object} {@link RSAKey}, {@link KJUR.crypto.ECDSA} or {@link KJUR.crypto.DSA} object
3319      * @since jsrsasign 8.0.0 asn1x509 1.1.0
3320      * @description
3321      * @example
3322      * spki = new KJUR.asn1.x509.SubjectPublicKeyInfo();
3323      * pubKey = KEYUTIL.getKey(PKCS8PUBKEYPEM);
3324      * spki.setPubKey(pubKey);
3325      */
3326     this.setPubKey = function(key) {
3327 	try {
3328 	    if (key instanceof RSAKey) {
3329 		var asn1RsaPub = _newObject({
3330 		    'seq': [{'int': {'bigint': key.n}}, {'int': {'int': key.e}}]
3331 		});
3332 		var rsaKeyHex = asn1RsaPub.getEncodedHex();
3333 		this.asn1AlgId = new _AlgorithmIdentifier({'name':'rsaEncryption'});
3334 		this.asn1SubjPKey = new _DERBitString({'hex':'00'+rsaKeyHex});
3335 	    }
3336 	} catch(ex) {};
3337 
3338 	try {
3339 	    if (key instanceof KJUR.crypto.ECDSA) {
3340 		var asn1Params = new _DERObjectIdentifier({'name': key.curveName});
3341 		this.asn1AlgId =
3342 		    new _AlgorithmIdentifier({'name': 'ecPublicKey',
3343 					      'asn1params': asn1Params});
3344 		this.asn1SubjPKey = new _DERBitString({'hex': '00' + key.pubKeyHex});
3345 	    }
3346 	} catch(ex) {};
3347 
3348 	try {
3349 	    if (key instanceof KJUR.crypto.DSA) {
3350 		var asn1Params = new _newObject({
3351 		    'seq': [{'int': {'bigint': key.p}},
3352 			    {'int': {'bigint': key.q}},
3353 			    {'int': {'bigint': key.g}}]
3354 		});
3355 		this.asn1AlgId =
3356 		    new _AlgorithmIdentifier({'name': 'dsa',
3357 					      'asn1params': asn1Params});
3358 		var pubInt = new _DERInteger({'bigint': key.y});
3359 		this.asn1SubjPKey = 
3360 		    new _DERBitString({'hex': '00' + pubInt.getEncodedHex()});
3361 	    }
3362 	} catch(ex) {};
3363     };
3364 
3365     if (params !== undefined) {
3366 	this.setPubKey(params);
3367     }
3368 };
3369 YAHOO.lang.extend(KJUR.asn1.x509.SubjectPublicKeyInfo, KJUR.asn1.ASN1Object);
3370 
3371 /**
3372  * Time ASN.1 structure class<br/>
3373  * @name KJUR.asn1.x509.Time
3374  * @class Time ASN.1 structure class
3375  * @param {Array} params associative array of parameters (ex. {'str': '130508235959Z'})
3376  * @extends KJUR.asn1.ASN1Object
3377  * @see KJUR.asn1.DERUTCTime
3378  * @see KJUR.asn1.DERGeneralizedTime
3379  * @description
3380  * This class represents Time ASN.1 structure defined in 
3381  * <a href="https://tools.ietf.org/html/rfc5280">RFC 5280</a>
3382  * <pre>
3383  * Time ::= CHOICE {
3384  *      utcTime        UTCTime,
3385  *      generalTime    GeneralizedTime }
3386  * </pre>
3387  *
3388  * @example
3389  * var t1 = new KJUR.asn1.x509.Time{'str': '130508235959Z'} // UTCTime by default
3390  * var t2 = new KJUR.asn1.x509.Time{'type': 'gen',  'str': '20130508235959Z'} // GeneralizedTime
3391  */
3392 KJUR.asn1.x509.Time = function(params) {
3393     KJUR.asn1.x509.Time.superclass.constructor.call(this);
3394     var type = null,
3395 	timeParams = null,
3396 	_KJUR = KJUR,
3397 	_KJUR_asn1 = _KJUR.asn1,
3398 	_DERUTCTime = _KJUR_asn1.DERUTCTime,
3399 	_DERGeneralizedTime = _KJUR_asn1.DERGeneralizedTime;
3400 
3401     this.setTimeParams = function(timeParams) {
3402         this.timeParams = timeParams;
3403     }
3404 
3405     this.getEncodedHex = function() {
3406         var o = null;
3407 
3408         if (this.timeParams != null) {
3409             if (this.type == "utc") {
3410                 o = new _DERUTCTime(this.timeParams);
3411             } else {
3412                 o = new _DERGeneralizedTime(this.timeParams);
3413             }
3414         } else {
3415             if (this.type == "utc") {
3416                 o = new _DERUTCTime();
3417             } else {
3418                 o = new _DERGeneralizedTime();
3419             }
3420         }
3421         this.TLV = o.getEncodedHex();
3422         return this.TLV;
3423     };
3424 
3425     this.type = "utc";
3426     if (params !== undefined) {
3427         if (params.type !== undefined) {
3428             this.type = params.type;
3429         } else {
3430             if (params.str !== undefined) {
3431                 if (params.str.match(/^[0-9]{12}Z$/)) this.type = "utc";
3432                 if (params.str.match(/^[0-9]{14}Z$/)) this.type = "gen";
3433             }
3434         }
3435         this.timeParams = params;
3436     }
3437 };
3438 YAHOO.lang.extend(KJUR.asn1.x509.Time, KJUR.asn1.ASN1Object);
3439 
3440 /**
3441  * AlgorithmIdentifier ASN.1 structure class
3442  * @name KJUR.asn1.x509.AlgorithmIdentifier
3443  * @class AlgorithmIdentifier ASN.1 structure class
3444  * @param {Array} params associative array of parameters (ex. {'name': 'SHA1withRSA'})
3445  * @extends KJUR.asn1.ASN1Object
3446  * @description
3447  * The 'params' argument is an associative array and has following parameters:
3448  * <ul>
3449  * <li>name: algorithm name (MANDATORY, ex. sha1, SHA256withRSA)</li>
3450  * <li>asn1params: explicitly specify ASN.1 object for algorithm.
3451  * (OPTION)</li>
3452  * <li>paramempty: set algorithm parameter to NULL by force.
3453  * If paramempty is false, algorithm parameter will be set automatically.
3454  * If paramempty is false and algorithm name is "*withDSA" or "withECDSA" parameter field of
3455  * AlgorithmIdentifier will be ommitted otherwise
3456  * it will be NULL by default.
3457  * (OPTION, DEFAULT = false)</li>
3458  * </ul>
3459  * RSA-PSS algorithm names such as SHA{,256,384,512}withRSAandMGF1 are
3460  * special names. They will set a suite of algorithm OID and multiple algorithm
3461  * parameters. Its ASN.1 schema is defined in 
3462  * <a href="https://tools.ietf.org/html/rfc3447#appendix-A.2.3">RFC 3447 PKCS#1 2.1
3463  * section A.2.3</a>.
3464  * <blockquote><pre>
3465  * id-RSASSA-PSS  OBJECT IDENTIFIER ::= { pkcs-1 10 }
3466  * RSASSA-PSS-params ::= SEQUENCE {
3467  *   hashAlgorithm      [0] HashAlgorithm    DEFAULT sha1,
3468  *   maskGenAlgorithm   [1] MaskGenAlgorithm DEFAULT mgf1SHA1,
3469  *   saltLength         [2] INTEGER          DEFAULT 20,
3470  *   trailerField       [3] TrailerField     DEFAULT trailerFieldBC }
3471  * mgf1SHA1    MaskGenAlgorithm ::= {
3472  *   algorithm   id-mgf1,
3473  *   parameters  HashAlgorithm : sha1 }
3474  * id-mgf1     OBJECT IDENTIFIER ::= { pkcs-1 8 }
3475  * TrailerField ::= INTEGER { trailerFieldBC(1) }
3476  * </pre></blockquote>
3477  * Here is a table for PSS parameters:
3478  * <table>
3479  * <tr><th>Name</th><th>alg oid</th><th>pss hash</th><th>maskgen</th></th><th>pss saltlen</th><th>trailer</th></tr>
3480  * <tr><td>SHAwithRSAandMGF1</td><td>1.2.840.113549.1.1.10(rsapss)</td><td>default(sha1)</td><td>default(mgf1sha1)</td><td>default(20)</td><td>default(1)</td></tr>
3481  * <tr><td>SHA256withRSAandMGF1</td><td>1.2.840.113549.1.1.10(rsapss)</td><td>sha256</td><td>mgf1sha256</td><td>32</td><td>default(1)</td></tr>
3482  * <tr><td>SHA384withRSAandMGF1</td><td>1.2.840.113549.1.1.10(rsapss)</td><td>sha384</td><td>mgf1sha384</td><td>48</td><td>default(1)</td></tr>
3483  * <tr><td>SHA512withRSAandMGF1</td><td>1.2.840.113549.1.1.10(rsapss)</td><td>sha512</td><td>mgf1sha512</td><td>64</td><td>default(1)</td></tr>
3484  * </table>
3485  * Default value is omitted as defined in ASN.1 schema.
3486  * These parameters are interoperable to OpenSSL or IAIK toolkit.
3487  * <br/>
3488  * NOTE: RSA-PSS algorihtm names are supported since jsrsasign 8.0.21. 
3489  * @example
3490  * new KJUR.asn1.x509.AlgorithmIdentifier({name: "sha1"})
3491  * new KJUR.asn1.x509.AlgorithmIdentifier({name: "SHA256withRSA"})
3492  * new KJUR.asn1.x509.AlgorithmIdentifier({name: "SHA512withRSAandMGF1"}) // set parameters automatically
3493  * new KJUR.asn1.x509.AlgorithmIdentifier({name: "SHA256withRSA", paramempty: true})
3494  * new KJUR.asn1.x509.AlgorithmIdentifier({name: "rsaEncryption"})
3495  */
3496 KJUR.asn1.x509.AlgorithmIdentifier = function(params) {
3497     KJUR.asn1.x509.AlgorithmIdentifier.superclass.constructor.call(this);
3498     this.nameAlg = null;
3499     this.asn1Alg = null;
3500     this.asn1Params = null;
3501     this.paramEmpty = false;
3502 
3503     var _KJUR = KJUR,
3504 	_KJUR_asn1 = _KJUR.asn1,
3505 	_PSSNAME2ASN1TLV = _KJUR_asn1.x509.AlgorithmIdentifier.PSSNAME2ASN1TLV;
3506 
3507     this.getEncodedHex = function() {
3508         if (this.nameAlg === null && this.asn1Alg === null) {
3509             throw new Error("algorithm not specified");
3510         }
3511 
3512 	// for RSAPSS algorithm name
3513 	//  && this.hTLV === null
3514 	if (this.nameAlg !== null) {
3515 	    var hTLV = null;
3516 	    for (var key in _PSSNAME2ASN1TLV) {
3517 		if (key === this.nameAlg) {
3518 		    hTLV = _PSSNAME2ASN1TLV[key];
3519 		}
3520 	    }
3521 	    if (hTLV !== null) {
3522 		this.hTLV = hTLV;
3523 		return this.hTLV;
3524 	    }
3525 	}
3526 
3527         if (this.nameAlg !== null && this.asn1Alg === null) {
3528             this.asn1Alg = _KJUR_asn1.x509.OID.name2obj(this.nameAlg);
3529         }
3530         var a = [this.asn1Alg];
3531         if (this.asn1Params !== null) a.push(this.asn1Params);
3532 
3533         var o = new _KJUR_asn1.DERSequence({'array': a});
3534         this.hTLV = o.getEncodedHex();
3535         return this.hTLV;
3536     };
3537 
3538     if (params !== undefined) {
3539         if (params.name !== undefined) {
3540             this.nameAlg = params.name;
3541         }
3542         if (params.asn1params !== undefined) {
3543             this.asn1Params = params.asn1params;
3544         }
3545         if (params.paramempty !== undefined) {
3546             this.paramEmpty = params.paramempty;
3547         }
3548     }
3549 
3550     // set algorithm parameters will be ommitted for
3551     // "*withDSA" or "*withECDSA" otherwise will be NULL.
3552     if (this.asn1Params === null &&
3553 	this.paramEmpty === false &&
3554 	this.nameAlg !== null) {
3555 
3556 	if (this.nameAlg.name !== undefined) {
3557 	    this.nameAlg = this.nameAlg.name;
3558 	}
3559 	var lcNameAlg = this.nameAlg.toLowerCase();
3560 
3561 	if (lcNameAlg.substr(-7, 7) !== "withdsa" &&
3562 	    lcNameAlg.substr(-9, 9) !== "withecdsa") {
3563             this.asn1Params = new _KJUR_asn1.DERNull();
3564 	}
3565     }
3566 };
3567 YAHOO.lang.extend(KJUR.asn1.x509.AlgorithmIdentifier, KJUR.asn1.ASN1Object);
3568 
3569 /**
3570  * AlgorithmIdentifier ASN.1 TLV string associative array for RSA-PSS algorithm names
3571  * @const
3572  */
3573 KJUR.asn1.x509.AlgorithmIdentifier.PSSNAME2ASN1TLV = {
3574     "SHAwithRSAandMGF1":
3575     "300d06092a864886f70d01010a3000",
3576     "SHA256withRSAandMGF1":
3577     "303d06092a864886f70d01010a3030a00d300b0609608648016503040201a11a301806092a864886f70d010108300b0609608648016503040201a203020120",
3578     "SHA384withRSAandMGF1":
3579     "303d06092a864886f70d01010a3030a00d300b0609608648016503040202a11a301806092a864886f70d010108300b0609608648016503040202a203020130",
3580     "SHA512withRSAandMGF1":
3581     "303d06092a864886f70d01010a3030a00d300b0609608648016503040203a11a301806092a864886f70d010108300b0609608648016503040203a203020140"
3582 };
3583 
3584 /**
3585  * GeneralName ASN.1 structure class<br/>
3586  * @name KJUR.asn1.x509.GeneralName
3587  * @class GeneralName ASN.1 structure class
3588  * @description
3589  * <br/>
3590  * As for argument 'params' for constructor, you can specify one of
3591  * following properties:
3592  * <ul>
3593  * <li>rfc822 - rfc822Name[1] (ex. user1@foo.com)</li>
3594  * <li>dns - dNSName[2] (ex. foo.com)</li>
3595  * <li>uri - uniformResourceIdentifier[6] (ex. http://foo.com/)</li>
3596  * <li>dn - directoryName[4] 
3597  * distinguished name string or X500Name class parameters can be
3598  * specified (ex. "/C=US/O=Test", {hex: '301c...')</li>
3599  * <li>ldapdn - directoryName[4] (ex. O=Test,C=US)</li>
3600  * <li>certissuer - directoryName[4] (PEM or hex string of cert)</li>
3601  * <li>certsubj - directoryName[4] (PEM or hex string of cert)</li>
3602  * <li>ip - iPAddress[7] (ex. 192.168.1.1, 2001:db3::43, 3faa0101...)</li>
3603  * </ul>
3604  * NOTE1: certissuer and certsubj were supported since asn1x509 1.0.10.<br/>
3605  * NOTE2: dn and ldapdn were supported since jsrsasign 6.2.3 asn1x509 1.0.19.<br/>
3606  * NOTE3: ip were supported since jsrsasign 8.0.10 asn1x509 1.1.4.<br/>
3607  * NOTE4: X500Name parameters in dn were supported since jsrsasign 8.0.16.<br/>
3608  *
3609  * Here is definition of the ASN.1 syntax:
3610  * <pre>
3611  * -- NOTE: under the CHOICE, it will always be explicit.
3612  * GeneralName ::= CHOICE {
3613  *   otherName                  [0] OtherName,
3614  *   rfc822Name                 [1] IA5String,
3615  *   dNSName                    [2] IA5String,
3616  *   x400Address                [3] ORAddress,
3617  *   directoryName              [4] Name,
3618  *   ediPartyName               [5] EDIPartyName,
3619  *   uniformResourceIdentifier  [6] IA5String,
3620  *   iPAddress                  [7] OCTET STRING,
3621  *   registeredID               [8] OBJECT IDENTIFIER }
3622  * </pre>
3623  *
3624  * @example
3625  * gn = new KJUR.asn1.x509.GeneralName({dn:     '/C=US/O=Test'});
3626  * gn = new KJUR.asn1.x509.GeneralName({dn:     X500NameObject);
3627  * gn = new KJUR.asn1.x509.GeneralName({dn:     {str: /C=US/O=Test'});
3628  * gn = new KJUR.asn1.x509.GeneralName({dn:     {ldapstr: 'O=Test,C=US'});
3629  * gn = new KJUR.asn1.x509.GeneralName({dn:     {hex: '301c...'});
3630  * gn = new KJUR.asn1.x509.GeneralName({dn:     {certissuer: PEMCERTSTRING});
3631  * gn = new KJUR.asn1.x509.GeneralName({dn:     {certsubject: PEMCERTSTRING});
3632  * gn = new KJUR.asn1.x509.GeneralName({ip:     '192.168.1.1'});
3633  * gn = new KJUR.asn1.x509.GeneralName({ip:     '2001:db4::4:1'});
3634  * gn = new KJUR.asn1.x509.GeneralName({ip:     'c0a80101'});
3635  * gn = new KJUR.asn1.x509.GeneralName({rfc822: 'test@aaa.com'});
3636  * gn = new KJUR.asn1.x509.GeneralName({dns:    'aaa.com'});
3637  * gn = new KJUR.asn1.x509.GeneralName({uri:    'http://aaa.com/'});
3638  *
3639  * gn = new KJUR.asn1.x509.GeneralName({ldapdn:     'O=Test,C=US'}); // DEPRECATED
3640  * gn = new KJUR.asn1.x509.GeneralName({certissuer: certPEM});       // DEPRECATED
3641  * gn = new KJUR.asn1.x509.GeneralName({certsubj:   certPEM});       // DEPRECATED
3642  */
3643 KJUR.asn1.x509.GeneralName = function(params) {
3644     KJUR.asn1.x509.GeneralName.superclass.constructor.call(this);
3645     var asn1Obj = null,
3646 	type = null,
3647 	pTag = {rfc822: '81', dns: '82', dn: 'a4',  uri: '86', ip: '87'},
3648 	_KJUR = KJUR,
3649 	_KJUR_asn1 = _KJUR.asn1,
3650 	_DERSequence = _KJUR_asn1.DERSequence,
3651 	_DEROctetString = _KJUR_asn1.DEROctetString,
3652 	_DERIA5String = _KJUR_asn1.DERIA5String,
3653 	_DERTaggedObject = _KJUR_asn1.DERTaggedObject,
3654 	_ASN1Object = _KJUR_asn1.ASN1Object,
3655 	_X500Name = _KJUR_asn1.x509.X500Name,
3656 	_pemtohex = pemtohex;
3657 	
3658     this.explicit = false;
3659 
3660     this.setByParam = function(params) {
3661         var str = null;
3662         var v = null;
3663 
3664 	if (params === undefined) return;
3665 
3666         if (params.rfc822 !== undefined) {
3667             this.type = 'rfc822';
3668             v = new _DERIA5String({str: params[this.type]});
3669         }
3670 
3671         if (params.dns !== undefined) {
3672             this.type = 'dns';
3673             v = new _DERIA5String({str: params[this.type]});
3674         }
3675 
3676         if (params.uri !== undefined) {
3677             this.type = 'uri';
3678             v = new _DERIA5String({str: params[this.type]});
3679         }
3680 
3681         if (params.dn !== undefined) {
3682 	    this.type = 'dn';
3683 	    this.explicit = true;
3684 	    if (typeof params.dn === "string") {
3685 		v = new _X500Name({str: params.dn});
3686 	    } else if (params.dn instanceof KJUR.asn1.x509.X500Name) {
3687 		v = params.dn;
3688 	    } else {
3689 		v = new _X500Name(params.dn);
3690 	    }
3691 	}
3692 
3693         if (params.ldapdn !== undefined) {
3694 	    this.type = 'dn';
3695 	    this.explicit = true;
3696 	    v = new _X500Name({ldapstr: params.ldapdn});
3697 	}
3698 
3699 	if (params.certissuer !== undefined) {
3700 	    this.type = 'dn';
3701 	    this.explicit = true;
3702 	    var certStr = params.certissuer;
3703 	    var certHex = null;
3704 
3705 	    if (certStr.match(/^[0-9A-Fa-f]+$/)) {
3706 		certHex == certStr;
3707             }
3708 
3709 	    if (certStr.indexOf("-----BEGIN ") != -1) {
3710 		certHex = _pemtohex(certStr);
3711 	    }
3712 
3713 	    if (certHex == null) throw "certissuer param not cert";
3714 	    var x = new X509();
3715 	    x.hex = certHex;
3716 	    var dnHex = x.getIssuerHex();
3717 	    v = new _ASN1Object();
3718 	    v.hTLV = dnHex;
3719 	}
3720 
3721 	if (params.certsubj !== undefined) {
3722 	    this.type = 'dn';
3723 	    this.explicit = true;
3724 	    var certStr = params.certsubj;
3725 	    var certHex = null;
3726 	    if (certStr.match(/^[0-9A-Fa-f]+$/)) {
3727 		certHex == certStr;
3728             }
3729 	    if (certStr.indexOf("-----BEGIN ") != -1) {
3730 		certHex = _pemtohex(certStr);
3731 	    }
3732 	    if (certHex == null) throw "certsubj param not cert";
3733 	    var x = new X509();
3734 	    x.hex = certHex;
3735 	    var dnHex = x.getSubjectHex();
3736 	    v = new _ASN1Object();
3737 	    v.hTLV = dnHex;
3738 	}
3739 
3740 	if (params.ip !== undefined) {
3741 	    this.type = 'ip';
3742 	    this.explicit = false;
3743 	    var ip = params.ip;
3744 	    var hIP;
3745 	    var malformedIPMsg = "malformed IP address";
3746 	    if (ip.match(/^[0-9.]+[.][0-9.]+$/)) { // ipv4
3747 		hIP = intarystrtohex("[" + ip.split(".").join(",") + "]");
3748 		if (hIP.length !== 8) throw malformedIPMsg;
3749 	    } else if (ip.match(/^[0-9A-Fa-f:]+:[0-9A-Fa-f:]+$/)) { // ipv6
3750 		hIP = ipv6tohex(ip);
3751 	    } else if (ip.match(/^([0-9A-Fa-f][0-9A-Fa-f]){1,}$/)) { // hex
3752 		hIP = ip;
3753 	    } else {
3754 		throw malformedIPMsg;
3755 	    }
3756 	    v = new _DEROctetString({hex: hIP});
3757 	}
3758 
3759         if (this.type == null)
3760             throw "unsupported type in params=" + params;
3761         this.asn1Obj = new _DERTaggedObject({'explicit': this.explicit,
3762                                              'tag': pTag[this.type],
3763                                              'obj': v});
3764     };
3765 
3766     this.getEncodedHex = function() {
3767         return this.asn1Obj.getEncodedHex();
3768     }
3769 
3770     if (params !== undefined) {
3771         this.setByParam(params);
3772     }
3773 
3774 };
3775 YAHOO.lang.extend(KJUR.asn1.x509.GeneralName, KJUR.asn1.ASN1Object);
3776 
3777 /**
3778  * GeneralNames ASN.1 structure class<br/>
3779  * @name KJUR.asn1.x509.GeneralNames
3780  * @class GeneralNames ASN.1 structure class
3781  * @description
3782  * <br/>
3783  * <h4>EXAMPLE AND ASN.1 SYNTAX</h4>
3784  * @example
3785  * gns = new KJUR.asn1.x509.GeneralNames([{'uri': 'http://aaa.com/'}, {'uri': 'http://bbb.com/'}]);
3786  *
3787  * GeneralNames ::= SEQUENCE SIZE (1..MAX) OF GeneralName
3788  */
3789 KJUR.asn1.x509.GeneralNames = function(paramsArray) {
3790     KJUR.asn1.x509.GeneralNames.superclass.constructor.call(this);
3791     var asn1Array = null,
3792 	_KJUR = KJUR,
3793 	_KJUR_asn1 = _KJUR.asn1;
3794 
3795     /**
3796      * set a array of {@link KJUR.asn1.x509.GeneralName} parameters<br/>
3797      * @name setByParamArray
3798      * @memberOf KJUR.asn1.x509.GeneralNames#
3799      * @function
3800      * @param {Array} paramsArray Array of {@link KJUR.asn1.x509.GeneralNames}
3801      * @description
3802      * <br/>
3803      * <h4>EXAMPLES</h4>
3804      * @example
3805      * gns = new KJUR.asn1.x509.GeneralNames();
3806      * gns.setByParamArray([{uri: 'http://aaa.com/'}, {uri: 'http://bbb.com/'}]);
3807      */
3808     this.setByParamArray = function(paramsArray) {
3809         for (var i = 0; i < paramsArray.length; i++) {
3810             var o = new _KJUR_asn1.x509.GeneralName(paramsArray[i]);
3811             this.asn1Array.push(o);
3812         }
3813     };
3814 
3815     this.getEncodedHex = function() {
3816         var o = new _KJUR_asn1.DERSequence({'array': this.asn1Array});
3817         return o.getEncodedHex();
3818     };
3819 
3820     this.asn1Array = new Array();
3821     if (typeof paramsArray != "undefined") {
3822         this.setByParamArray(paramsArray);
3823     }
3824 };
3825 YAHOO.lang.extend(KJUR.asn1.x509.GeneralNames, KJUR.asn1.ASN1Object);
3826 
3827 /**
3828  * static object for OID
3829  * @name KJUR.asn1.x509.OID
3830  * @class static object for OID
3831  * @property {Assoc Array} atype2oidList for short attribute type name and oid (ex. 'C' and '2.5.4.6')
3832  * @property {Assoc Array} name2oidList for oid name and oid (ex. 'keyUsage' and '2.5.29.15')
3833  * @property {Assoc Array} objCache for caching name and DERObjectIdentifier object
3834  * @description
3835  * This class defines OID name and values.
3836  * AttributeType names registered in OID.atype2oidList are following:
3837  * <table style="border-width: thin; border-style: solid; witdh: 100%">
3838  * <tr><th>short</th><th>long</th><th>OID</th></tr>
3839  * <tr><td>CN</td>commonName<td></td><td>2.5.4.3</td></tr>
3840  * <tr><td>L</td><td>localityName</td><td>2.5.4.7</td></tr>
3841  * <tr><td>ST</td><td>stateOrProvinceName</td><td>2.5.4.8</td></tr>
3842  * <tr><td>O</td><td>organizationName</td><td>2.5.4.10</td></tr>
3843  * <tr><td>OU</td><td>organizationalUnitName</td><td>2.5.4.11</td></tr>
3844  * <tr><td>C</td><td></td>countryName<td>2.5.4.6</td></tr>
3845  * <tr><td>STREET</td>streetAddress<td></td><td>2.5.4.6</td></tr>
3846  * <tr><td>DC</td><td>domainComponent</td><td>0.9.2342.19200300.100.1.25</td></tr>
3847  * <tr><td>UID</td><td>userId</td><td>0.9.2342.19200300.100.1.1</td></tr>
3848  * <tr><td>SN</td><td>surname</td><td>2.5.4.4</td></tr>
3849  * <tr><td>DN</td><td>distinguishedName</td><td>2.5.4.49</td></tr>
3850  * <tr><td>E</td><td>emailAddress</td><td>1.2.840.113549.1.9.1</td></tr>
3851  * <tr><td></td><td>businessCategory</td><td>2.5.4.15</td></tr>
3852  * <tr><td></td><td>postalCode</td><td>2.5.4.17</td></tr>
3853  * <tr><td></td><td>jurisdictionOfIncorporationL</td><td>1.3.6.1.4.1.311.60.2.1.1</td></tr>
3854  * <tr><td></td><td>jurisdictionOfIncorporationSP</td><td>1.3.6.1.4.1.311.60.2.1.2</td></tr>
3855  * <tr><td></td><td>jurisdictionOfIncorporationC</td><td>1.3.6.1.4.1.311.60.2.1.3</td></tr>
3856  * </table>
3857  *
3858  * @example
3859  */
3860 KJUR.asn1.x509.OID = new function(params) {
3861     this.atype2oidList = {
3862 	// RFC 4514 AttributeType name string (MUST recognized)
3863         'CN':		'2.5.4.3',
3864         'L':		'2.5.4.7',
3865         'ST':		'2.5.4.8',
3866         'O':		'2.5.4.10',
3867         'OU':		'2.5.4.11',
3868         'C':		'2.5.4.6',
3869         'STREET':	'2.5.4.9',
3870         'DC':		'0.9.2342.19200300.100.1.25',
3871         'UID':		'0.9.2342.19200300.100.1.1',
3872 	// other AttributeType name string
3873 	// http://blog.livedoor.jp/k_urushima/archives/656114.html
3874         'SN':		'2.5.4.4', // surname
3875         'T':		'2.5.4.12', // title
3876         'DN':		'2.5.4.49', // distinguishedName
3877         'E':		'1.2.840.113549.1.9.1', // emailAddress in MS.NET or Bouncy
3878 	// other AttributeType name string (no short name)
3879 	'description':			'2.5.4.13',
3880 	'businessCategory':		'2.5.4.15',
3881 	'postalCode':			'2.5.4.17',
3882 	'serialNumber':			'2.5.4.5',
3883 	'uniqueIdentifier':		'2.5.4.45',
3884 	'organizationIdentifier':	'2.5.4.97',
3885 	'jurisdictionOfIncorporationL':	'1.3.6.1.4.1.311.60.2.1.1',
3886 	'jurisdictionOfIncorporationSP':'1.3.6.1.4.1.311.60.2.1.2',
3887 	'jurisdictionOfIncorporationC':	'1.3.6.1.4.1.311.60.2.1.3'
3888     };
3889     this.name2oidList = {
3890         'sha1':                 '1.3.14.3.2.26',
3891         'sha256':               '2.16.840.1.101.3.4.2.1',
3892         'sha384':               '2.16.840.1.101.3.4.2.2',
3893         'sha512':               '2.16.840.1.101.3.4.2.3',
3894         'sha224':               '2.16.840.1.101.3.4.2.4',
3895         'md5':                  '1.2.840.113549.2.5',
3896         'md2':                  '1.3.14.7.2.2.1',
3897         'ripemd160':            '1.3.36.3.2.1',
3898 
3899         'MD2withRSA':           '1.2.840.113549.1.1.2',
3900         'MD4withRSA':           '1.2.840.113549.1.1.3',
3901         'MD5withRSA':           '1.2.840.113549.1.1.4',
3902         'SHA1withRSA':          '1.2.840.113549.1.1.5',
3903 	'pkcs1-MGF':		'1.2.840.113549.1.1.8',
3904 	'rsaPSS':		'1.2.840.113549.1.1.10',
3905         'SHA224withRSA':        '1.2.840.113549.1.1.14',
3906         'SHA256withRSA':        '1.2.840.113549.1.1.11',
3907         'SHA384withRSA':        '1.2.840.113549.1.1.12',
3908         'SHA512withRSA':        '1.2.840.113549.1.1.13',
3909 
3910         'SHA1withECDSA':        '1.2.840.10045.4.1',
3911         'SHA224withECDSA':      '1.2.840.10045.4.3.1',
3912         'SHA256withECDSA':      '1.2.840.10045.4.3.2',
3913         'SHA384withECDSA':      '1.2.840.10045.4.3.3',
3914         'SHA512withECDSA':      '1.2.840.10045.4.3.4',
3915 
3916         'dsa':                  '1.2.840.10040.4.1',
3917         'SHA1withDSA':          '1.2.840.10040.4.3',
3918         'SHA224withDSA':        '2.16.840.1.101.3.4.3.1',
3919         'SHA256withDSA':        '2.16.840.1.101.3.4.3.2',
3920 
3921         'rsaEncryption':        '1.2.840.113549.1.1.1',
3922 
3923 	// X.500 AttributeType defined in RFC 4514
3924         'commonName':			'2.5.4.3',
3925         'countryName':			'2.5.4.6',
3926         'localityName':			'2.5.4.7',
3927         'stateOrProvinceName':		'2.5.4.8',
3928         'streetAddress':		'2.5.4.9',
3929         'organizationName':		'2.5.4.10',
3930         'organizationalUnitName':	'2.5.4.11',
3931         'domainComponent':		'0.9.2342.19200300.100.1.25',
3932         'userId':			'0.9.2342.19200300.100.1.1',
3933 	// other AttributeType name string
3934 	'surname':			'2.5.4.4',
3935         'title':			'2.5.4.12',
3936 	'distinguishedName':		'2.5.4.49',
3937 	'emailAddress':			'1.2.840.113549.1.9.1',
3938 	// other AttributeType name string (no short name)
3939 	'description':			'2.5.4.13',
3940 	'businessCategory':		'2.5.4.15',
3941 	'postalCode':			'2.5.4.17',
3942 	'uniqueIdentifier':		'2.5.4.45',
3943 	'organizationIdentifier':	'2.5.4.97',
3944 	'jurisdictionOfIncorporationL':	'1.3.6.1.4.1.311.60.2.1.1',
3945 	'jurisdictionOfIncorporationSP':'1.3.6.1.4.1.311.60.2.1.2',
3946 	'jurisdictionOfIncorporationC':	'1.3.6.1.4.1.311.60.2.1.3',
3947 
3948         'subjectKeyIdentifier': '2.5.29.14',
3949         'keyUsage':             '2.5.29.15',
3950         'subjectAltName':       '2.5.29.17',
3951         'issuerAltName':        '2.5.29.18',
3952         'basicConstraints':     '2.5.29.19',
3953         'cRLNumber':     	'2.5.29.20',
3954         'cRLReason':     	'2.5.29.21',
3955         'nameConstraints':      '2.5.29.30',
3956         'cRLDistributionPoints':'2.5.29.31',
3957         'certificatePolicies':  '2.5.29.32',
3958         'anyPolicy':  		'2.5.29.32.0',
3959         'authorityKeyIdentifier':'2.5.29.35',
3960         'policyConstraints':    '2.5.29.36',
3961         'extKeyUsage':          '2.5.29.37',
3962         'authorityInfoAccess':  '1.3.6.1.5.5.7.1.1',
3963         'ocsp':                 '1.3.6.1.5.5.7.48.1',
3964         'ocspBasic':            '1.3.6.1.5.5.7.48.1.1',
3965         'ocspNonce':            '1.3.6.1.5.5.7.48.1.2',
3966         'ocspNoCheck':          '1.3.6.1.5.5.7.48.1.5',
3967         'caIssuers':            '1.3.6.1.5.5.7.48.2',
3968 
3969         'anyExtendedKeyUsage':  '2.5.29.37.0',
3970         'serverAuth':           '1.3.6.1.5.5.7.3.1',
3971         'clientAuth':           '1.3.6.1.5.5.7.3.2',
3972         'codeSigning':          '1.3.6.1.5.5.7.3.3',
3973         'emailProtection':      '1.3.6.1.5.5.7.3.4',
3974         'timeStamping':         '1.3.6.1.5.5.7.3.8',
3975         'ocspSigning':          '1.3.6.1.5.5.7.3.9',
3976 
3977         'ecPublicKey':          '1.2.840.10045.2.1',
3978         'P-256':                '1.2.840.10045.3.1.7',
3979         'secp256r1':            '1.2.840.10045.3.1.7',
3980         'secp256k1':            '1.3.132.0.10',
3981         'secp384r1':            '1.3.132.0.34',
3982 
3983         'pkcs5PBES2':           '1.2.840.113549.1.5.13',
3984         'pkcs5PBKDF2':          '1.2.840.113549.1.5.12',
3985 
3986         'des-EDE3-CBC':         '1.2.840.113549.3.7',
3987 
3988         'data':                 '1.2.840.113549.1.7.1', // CMS data
3989         'signed-data':          '1.2.840.113549.1.7.2', // CMS signed-data
3990         'enveloped-data':       '1.2.840.113549.1.7.3', // CMS enveloped-data
3991         'digested-data':        '1.2.840.113549.1.7.5', // CMS digested-data
3992         'encrypted-data':       '1.2.840.113549.1.7.6', // CMS encrypted-data
3993         'authenticated-data':   '1.2.840.113549.1.9.16.1.2', // CMS authenticated-data
3994         'tstinfo':              '1.2.840.113549.1.9.16.1.4', // RFC3161 TSTInfo
3995 	'signingCertificate':	'1.2.840.113549.1.9.16.2.12',// SMIME
3996 	'timeStampToken':	'1.2.840.113549.1.9.16.2.14',// sigTS
3997 	'signaturePolicyIdentifier':	'1.2.840.113549.1.9.16.2.15',// cades
3998 	'etsArchiveTimeStamp':	'1.2.840.113549.1.9.16.2.27',// SMIME
3999 	'signingCertificateV2':	'1.2.840.113549.1.9.16.2.47',// SMIME
4000 	'etsArchiveTimeStampV2':'1.2.840.113549.1.9.16.2.48',// SMIME
4001         'extensionRequest':     '1.2.840.113549.1.9.14',// CSR extensionRequest
4002 	'contentType':		'1.2.840.113549.1.9.3',//PKCS#9
4003 	'messageDigest':	'1.2.840.113549.1.9.4',//PKCS#9
4004 	'signingTime':		'1.2.840.113549.1.9.5',//PKCS#9
4005 	'counterSignature':	'1.2.840.113549.1.9.6',//PKCS#9
4006 	'archiveTimeStampV3':	'0.4.0.1733.2.4',//ETSI EN29319122/TS101733
4007 	'pdfRevocationInfoArchival':'1.2.840.113583.1.1.8', //Adobe
4008 	'adobeTimeStamp':	'1.2.840.113583.1.1.9.1' // Adobe
4009     };
4010 
4011     this.objCache = {};
4012 
4013     /**
4014      * get DERObjectIdentifier by registered OID name
4015      * @name name2obj
4016      * @memberOf KJUR.asn1.x509.OID
4017      * @function
4018      * @param {String} name OID
4019      * @description
4020      * @example
4021      * var asn1ObjOID = OID.name2obj('SHA1withRSA');
4022      */
4023     this.name2obj = function(name) {
4024         if (typeof this.objCache[name] != "undefined")
4025             return this.objCache[name];
4026         if (typeof this.name2oidList[name] == "undefined")
4027             throw "Name of ObjectIdentifier not defined: " + name;
4028         var oid = this.name2oidList[name];
4029         var obj = new KJUR.asn1.DERObjectIdentifier({'oid': oid});
4030         this.objCache[name] = obj;
4031         return obj;
4032     };
4033 
4034     /**
4035      * get DERObjectIdentifier by registered attribute type name such like 'C' or 'CN'<br/>
4036      * @name atype2obj
4037      * @memberOf KJUR.asn1.x509.OID
4038      * @function
4039      * @param {String} atype short attribute type name such like 'C' or 'CN'
4040      * @description
4041      * @example
4042      * KJUR.asn1.x509.OID.atype2obj('CN') → 2.5.4.3
4043      * KJUR.asn1.x509.OID.atype2obj('OU') → 2.5.4.11
4044      */
4045     this.atype2obj = function(atype) {
4046         if (typeof this.objCache[atype] != "undefined")
4047             return this.objCache[atype];
4048         if (typeof this.atype2oidList[atype] == "undefined")
4049             throw "AttributeType name undefined: " + atype;
4050         var oid = this.atype2oidList[atype];
4051         var obj = new KJUR.asn1.DERObjectIdentifier({'oid': oid});
4052         this.objCache[atype] = obj;
4053         return obj;
4054     };
4055 };
4056 
4057 /**
4058  * convert OID to name<br/>
4059  * @name oid2name
4060  * @memberOf KJUR.asn1.x509.OID
4061  * @function
4062  * @param {String} oid dot noted Object Identifer string (ex. 1.2.3.4)
4063  * @return {String} OID name if registered otherwise empty string
4064  * @since asn1x509 1.0.9
4065  * @description
4066  * This static method converts OID string to its name.
4067  * If OID is undefined then it returns empty string (i.e. '').
4068  * @example
4069  * KJUR.asn1.x509.OID.oid2name("1.3.6.1.5.5.7.1.1") → 'authorityInfoAccess'
4070  */
4071 KJUR.asn1.x509.OID.oid2name = function(oid) {
4072     var list = KJUR.asn1.x509.OID.name2oidList;
4073     for (var name in list) {
4074         if (list[name] == oid) return name;
4075     }
4076     return '';
4077 };
4078 
4079 /**
4080  * convert OID to AttributeType name<br/>
4081  * @name oid2atype
4082  * @memberOf KJUR.asn1.x509.OID
4083  * @function
4084  * @param {String} oid dot noted Object Identifer string (ex. 1.2.3.4)
4085  * @return {String} OID AttributeType name if registered otherwise oid
4086  * @since jsrsasign 6.2.2 asn1x509 1.0.18
4087  * @description
4088  * This static method converts OID string to its AttributeType name.
4089  * If OID is not defined in OID.atype2oidList associative array then it returns OID
4090  * specified as argument.
4091  * @example
4092  * KJUR.asn1.x509.OID.oid2atype("2.5.4.3") → CN
4093  * KJUR.asn1.x509.OID.oid2atype("1.3.6.1.4.1.311.60.2.1.3") → jurisdictionOfIncorporationC
4094  * KJUR.asn1.x509.OID.oid2atype("0.1.2.3.4") → 0.1.2.3.4 // unregistered OID
4095  */
4096 KJUR.asn1.x509.OID.oid2atype = function(oid) {
4097     var list = KJUR.asn1.x509.OID.atype2oidList;
4098     for (var atype in list) {
4099         if (list[atype] == oid) return atype;
4100     }
4101     return oid;
4102 };
4103 
4104 /**
4105  * convert OID name to OID value<br/>
4106  * @name name2oid
4107  * @memberOf KJUR.asn1.x509.OID
4108  * @function
4109  * @param {String} name OID name or OID (ex. "sha1" or "1.2.3.4")
4110  * @return {String} dot noted Object Identifer string (ex. 1.2.3.4)
4111  * @since asn1x509 1.0.11
4112  * @description
4113  * This static method converts from OID name to OID string.
4114  * If OID is undefined then it returns empty string (i.e. '').
4115  * @example
4116  * KJUR.asn1.x509.OID.name2oid("authorityInfoAccess") → "1.3.6.1.5.5.7.1.1"
4117  * KJUR.asn1.x509.OID.name2oid("1.2.3.4") → "1.2.3.4"
4118  * KJUR.asn1.x509.OID.name2oid("UNKNOWN NAME") → ""
4119  */
4120 KJUR.asn1.x509.OID.name2oid = function(name) {
4121     if (name.match(/^[0-9.]+$/)) return name;
4122     var list = KJUR.asn1.x509.OID.name2oidList;
4123     if (list[name] === undefined) return '';
4124     return list[name];
4125 };
4126 
4127 /**
4128  * X.509 certificate and CRL utilities class<br/>
4129  * @name KJUR.asn1.x509.X509Util
4130  * @class X.509 certificate and CRL utilities class
4131  */
4132 KJUR.asn1.x509.X509Util = {};
4133 
4134 /**
4135  * issue a certificate in PEM format (DEPRECATED)
4136  * @name newCertPEM
4137  * @memberOf KJUR.asn1.x509.X509Util
4138  * @function
4139  * @param {Array} param JSON object of parameter to issue a certificate
4140  * @since asn1x509 1.0.6
4141  * @deprecated since jsrsasign 9.0.0 asn1x509 2.0.0. please move to {@link KJUR.asn1.x509.Certificate} constructor
4142  * @description
4143  * This method can issue a certificate by a simple
4144  * JSON object.
4145  * Signature value will be provided by signing with
4146  * private key using 'cakey' parameter or
4147  * hexadecimal signature value by 'sighex' parameter.
4148  * <br/>
4149  * NOTE: Algorithm parameter of AlgorithmIdentifier will
4150  * be set automatically by default. 
4151  * (see {@link KJUR.asn1.x509.AlgorithmIdentifier})
4152  * from jsrsasign 7.1.1 asn1x509 1.0.20.
4153  * <br/>
4154  * NOTE2: 
4155  * RSA-PSS algorithm has been supported from jsrsasign 8.0.21.
4156  * As for RSA-PSS signature algorithm names and signing parameters 
4157  * such as MGF function and salt length, please see
4158  * {@link KJUR.asn1.x509.AlgorithmIdentifier} class.
4159  *
4160  * @example
4161  * var certPEM = KJUR.asn1.x509.X509Util.newCertPEM({
4162  *   serial: {int: 4},
4163  *   sigalg: {name: 'SHA1withECDSA'},
4164  *   issuer: {str: '/C=US/O=a'},
4165  *   notbefore: {'str': '130504235959Z'},
4166  *   notafter: {'str': '140504235959Z'},
4167  *   subject: {str: '/C=US/O=b'},
4168  *   sbjpubkey: pubKeyObj,
4169  *   ext: [
4170  *     {basicConstraints: {cA: true, critical: true}},
4171  *     {keyUsage: {bin: '11'}},
4172  *   ],
4173  *   cakey: prvKeyObj
4174  * });
4175  * // -- or --
4176  * var certPEM = KJUR.asn1.x509.X509Util.newCertPEM({
4177  *   serial: {int: 4},
4178  *   sigalg: {name: 'SHA1withECDSA'},
4179  *   issuer: {str: '/C=US/O=a'},
4180  *   notbefore: {'str': '130504235959Z'},
4181  *   notafter: {'str': '140504235959Z'},
4182  *   subject: {str: '/C=US/O=b'},
4183  *   sbjpubkey: pubKeyPEM,
4184  *   ext: [
4185  *     {basicConstraints: {cA: true, critical: true}},
4186  *     {keyUsage: {bin: '11'}},
4187  *   ],
4188  *   cakey: [prvkey, pass]}
4189  * );
4190  * // -- or --
4191  * var certPEM = KJUR.asn1.x509.X509Util.newCertPEM({
4192  *   serial: {int: 1},
4193  *   sigalg: {name: 'SHA1withRSA'},
4194  *   issuer: {str: '/C=US/O=T1'},
4195  *   notbefore: {'str': '130504235959Z'},
4196  *   notafter: {'str': '140504235959Z'},
4197  *   subject: {str: '/C=US/O=T1'},
4198  *   sbjpubkey: pubKeyObj,
4199  *   sighex: '0102030405..'
4200  * });
4201  * // for the issuer and subject field, another
4202  * // representation is also available
4203  * var certPEM = KJUR.asn1.x509.X509Util.newCertPEM({
4204  *   serial: {int: 1},
4205  *   sigalg: {name: 'SHA256withRSA'},
4206  *   issuer: {C: "US", O: "T1"},
4207  *   notbefore: {'str': '130504235959Z'},
4208  *   notafter: {'str': '140504235959Z'},
4209  *   subject: {C: "US", O: "T1", CN: "http://example.com/"},
4210  *   sbjpubkey: pubKeyObj,
4211  *   sighex: '0102030405..'
4212  * });
4213  */
4214 KJUR.asn1.x509.X509Util.newCertPEM = function(param) {
4215     var _KJUR_asn1_x509 = KJUR.asn1.x509,
4216 	_TBSCertificate = _KJUR_asn1_x509.TBSCertificate,
4217 	_Certificate = _KJUR_asn1_x509.Certificate;
4218     var cert = new _Certificate(param);
4219     return cert.getPEM();
4220 };
4221 
4222