1 /* asn1x509-2.1.6.js (c) 2013-2020 Kenji Urushima | kjur.github.com/jsrsasign/license 2 */ 3 /* 4 * asn1x509.js - ASN.1 DER encoder classes for X.509 certificate 5 * 6 * Copyright (c) 2013-2020 Kenji Urushima (kenji.urushima@gmail.com) 7 * 8 * This software is licensed under the terms of the MIT License. 9 * https://kjur.github.io/jsrsasign/license 10 * 11 * The above copyright and license notice shall be 12 * included in all copies or substantial portions of the Software. 13 */ 14 15 /** 16 * @fileOverview 17 * @name asn1x509-1.0.js 18 * @author Kenji Urushima kenji.urushima@gmail.com 19 * @version jsrsasign 10.1.0 asn1x509 2.1.6 (2020-Nov-18) 20 * @since jsrsasign 2.1 21 * @license <a href="https://kjur.github.io/jsrsasign/license/">MIT License</a> 22 */ 23 24 /** 25 * kjur's class library name space 26 * // already documented in asn1-1.0.js 27 * @name KJUR 28 * @namespace kjur's class library name space 29 */ 30 if (typeof KJUR == "undefined" || !KJUR) KJUR = {}; 31 32 /** 33 * kjur's ASN.1 class library name space 34 * // already documented in asn1-1.0.js 35 * @name KJUR.asn1 36 * @namespace 37 */ 38 if (typeof KJUR.asn1 == "undefined" || !KJUR.asn1) KJUR.asn1 = {}; 39 40 /** 41 * kjur's ASN.1 class for X.509 certificate library name space 42 * <p> 43 * <h4>FEATURES</h4> 44 * <ul> 45 * <li>easily issue any kind of certificate</li> 46 * <li>APIs are very similar to BouncyCastle library ASN.1 classes. So easy to learn.</li> 47 * </ul> 48 * </p> 49 * <h4>PROVIDED CLASSES</h4> 50 * <ul> 51 * <li>{@link KJUR.asn1.x509.Certificate}</li> 52 * <li>{@link KJUR.asn1.x509.TBSCertificate}</li> 53 * <li>{@link KJUR.asn1.x509.Extension} abstract class</li> 54 * <li>{@link KJUR.asn1.x509.Extensions}</li> 55 * <li>{@link KJUR.asn1.x509.SubjectPublicKeyInfo}</li> 56 * <li>{@link KJUR.asn1.x509.AlgorithmIdentifier}</li> 57 * <li>{@link KJUR.asn1.x509.GeneralNames}</li> 58 * <li>{@link KJUR.asn1.x509.GeneralName}</li> 59 * <li>{@link KJUR.asn1.x509.X500Name}</li> 60 * <li>{@link KJUR.asn1.x509.RDN}</li> 61 * <li>{@link KJUR.asn1.x509.AttributeTypeAndValue}</li> 62 * <li>{@link KJUR.asn1.x509.DistributionPointName}</li> 63 * <li>{@link KJUR.asn1.x509.DistributionPoint}</li> 64 * <li>{@link KJUR.asn1.x509.PolicyInformation}</li> 65 * <li>{@link KJUR.asn1.x509.PolicyQualifierInfo}</li> 66 * <li>{@link KJUR.asn1.x509.UserNotice}</li> 67 * <li>{@link KJUR.asn1.x509.NoticeReference}</li> 68 * <li>{@link KJUR.asn1.x509.DisplayText}</li> 69 * <li>{@link KJUR.asn1.x509.CRL}</li> 70 * <li>{@link KJUR.asn1.x509.TBSCertList}</li> 71 * <li>{@link KJUR.asn1.x509.CRLEntry} (DEPRECATED)</li> 72 * <li>{@link KJUR.asn1.x509.OID}</li> 73 * </ul> 74 * <h4>SUPPORTED EXTENSIONS</h4> 75 * <ul> 76 * <li>{@link KJUR.asn1.x509.BasicConstraints}</li> 77 * <li>{@link KJUR.asn1.x509.KeyUsage}</li> 78 * <li>{@link KJUR.asn1.x509.CRLDistributionPoints}</li> 79 * <li>{@link KJUR.asn1.x509.CertificatePolicies}</li> 80 * <li>{@link KJUR.asn1.x509.ExtKeyUsage}</li> 81 * <li>{@link KJUR.asn1.x509.AuthorityKeyIdentifier}</li> 82 * <li>{@link KJUR.asn1.x509.SubjectKeyIdentifier}</li> 83 * <li>{@link KJUR.asn1.x509.AuthorityInfoAccess}</li> 84 * <li>{@link KJUR.asn1.x509.SubjectAltName}</li> 85 * <li>{@link KJUR.asn1.x509.IssuerAltName}</li> 86 * <li>{@link KJUR.asn1.x509.CertificatePolicies}</li> 87 * <li>{@link KJUR.asn1.x509.CRLNumber}</li> 88 * <li>{@link KJUR.asn1.x509.CRLReason}</li> 89 * <li>{@link KJUR.asn1.x509.OCSPNonce</li> 90 * <li>{@link KJUR.asn1.x509.OCSPNoCheck</li> 91 * <li>{@link KJUR.asn1.x509.AdobeTimeStamp}</li> 92 * </ul> 93 * NOTE1: Please ignore method summary and document of this namespace. This caused by a bug of jsdoc2.<br/> 94 * NOTE2: SubjectAltName and IssuerAltName supported since 95 * jsrsasign 6.2.3 asn1x509 1.0.19.<br/> 96 * NOTE3: CeritifcatePolicies supported supported since 97 * jsrsasign 8.0.23 asn1x509 1.1.12<br/> 98 * @name KJUR.asn1.x509 99 * @namespace 100 */ 101 if (typeof KJUR.asn1.x509 == "undefined" || !KJUR.asn1.x509) KJUR.asn1.x509 = {}; 102 103 // === BEGIN Certificate =================================================== 104 105 /** 106 * X.509 Certificate class to sign and generate hex encoded certificate 107 * @name KJUR.asn1.x509.Certificate 108 * @class X.509 Certificate class to sign and generate hex encoded certificate 109 * @property {Array} params JSON object of parameters 110 * @param {Array} params JSON object for Certificate parameters 111 * @extends KJUR.asn1.ASN1Object 112 * @description 113 * <br/> 114 * This class provides Certificate ASN.1 class structure 115 * defined in 116 * <a href="https://tools.ietf.org/html/rfc5280#section-4.1"> 117 * RFC 5280 4.1</a>. 118 * <pre> 119 * Certificate ::= SEQUENCE { 120 * tbsCertificate TBSCertificate, 121 * signatureAlgorithm AlgorithmIdentifier, 122 * signatureValue BIT STRING } 123 * </pre> 124 * Parameter "params" JSON object can be 125 * the same as {@link KJUR.asn1.x509.TBSCertificate}. 126 * Then they are used to generate TBSCertificate. 127 * Additionally just for Certificate, following parameters can be used: 128 * <ul> 129 * <li>{TBSCertfificate}tbsobj - 130 * specifies {@link KJUR.asn1.x509.TBSCertificate} 131 * object to be signed if needed. 132 * When this isn't specified, 133 * this will be set from other parametes of TBSCertificate.</li> 134 * <li>{Object}cakey (OPTION) - specifies certificate signing private key. 135 * Parameter "cakey" or "sighex" shall be specified. Following 136 * values can be specified: 137 * <ul> 138 * <li>PKCS#1/5 or PKCS#8 PEM string of private key</li> 139 * <li>RSAKey/DSA/ECDSA key object. {@link KEYUTIL.getKey} is useful 140 * to generate a key object.</li> 141 * </ul> 142 * </li> 143 * <li>{String}sighex (OPTION) - hexadecimal string of signature value 144 * (i.e. ASN.1 value(V) of signatureValue BIT STRING without 145 * unused bits)</li> 146 * </ul> 147 * CAUTION: APIs of this class have been totally updated without 148 * backward compatibility since jsrsasign 9.0.0.<br/> 149 * NOTE1: 'params' can be omitted.<br/> 150 * NOTE2: DSA/ECDSA is also supported for CA signging key from asn1x509 1.0.6. 151 * @example 152 * var cert = new KJUR.asn1.x509.Certificate({ 153 * version: 3, 154 * serial: {hex: "1234..."}, 155 * sigalg: "SHA256withRSAandMGF1", 156 * ... 157 * sighex: "1d3f..." // sign() method won't be called 158 * }); 159 * 160 * // sighex will by calculated by signing with cakey 161 * var cert = new KJUR.asn1.x509.Certificate({ 162 * version: 3, 163 * serial: {hex: "2345..."}, 164 * sigalg: "SHA256withRSA", 165 * ... 166 * cakey: "-----BEGIN PRIVATE KEY..." 167 * }); 168 * 169 * // use TBSCertificate object to sign 170 * var cert = new KJUR.asn1.x509.Certificate({ 171 * tbsobj: <<OBJ>>, 172 * sigalg: "SHA256withRSA", 173 * cakey: "-----BEGIN PRIVATE KEY..." 174 * }); 175 */ 176 KJUR.asn1.x509.Certificate = function(params) { 177 KJUR.asn1.x509.Certificate.superclass.constructor.call(this); 178 var _KJUR = KJUR, 179 _KJUR_asn1 = _KJUR.asn1, 180 _DERBitString = _KJUR_asn1.DERBitString, 181 _DERSequence = _KJUR_asn1.DERSequence, 182 _KJUR_asn1_x509 = _KJUR_asn1.x509, 183 _TBSCertificate = _KJUR_asn1_x509.TBSCertificate, 184 _AlgorithmIdentifier = _KJUR_asn1_x509.AlgorithmIdentifier; 185 186 this.params = undefined; 187 188 /** 189 * set parameter<br/> 190 * @name setByParam 191 * @memberOf KJUR.asn1.x509.Certificate# 192 * @function 193 * @param params {Array} JSON object of certificate parameters 194 * @since jsrsasign 9.0.0 asn1hex 2.0.0 195 * @description 196 * This method will set parameter 197 * {@link KJUR.asn1.x509.Certificate#params} 198 * to this object. 199 * @example 200 * cert = new KJUR.asn1.x509.Certificate(); 201 * cert.setByParam({ 202 * version: 3, 203 * serial: {hex: "1234..."}, 204 * ... 205 * }); 206 */ 207 this.setByParam = function(params) { 208 this.params = params; 209 }; 210 211 /** 212 * sign certificate<br/> 213 * @name sign 214 * @memberOf KJUR.asn1.x509.Certificate# 215 * @function 216 * @description 217 * This method signs TBSCertificate with a specified 218 * private key and algorithm by 219 * this.params.cakey and this.params.sigalg parameter. 220 * @example 221 * cert = new KJUR.asn1.x509.Certificate({...}); 222 * cert.sign() 223 */ 224 this.sign = function() { 225 var params = this.params; 226 227 var sigalg = params.sigalg; 228 if (params.sigalg.name != undefined) 229 sigalg = params.sigalg.name; 230 231 var hTBS = params.tbsobj.getEncodedHex(); 232 var sig = new KJUR.crypto.Signature({alg: sigalg}); 233 sig.init(params.cakey); 234 sig.updateHex(hTBS); 235 params.sighex = sig.sign(); 236 }; 237 238 /** 239 * get PEM formatted certificate string after signed 240 * @name getPEM 241 * @memberOf KJUR.asn1.x509.Certificate# 242 * @function 243 * @return PEM formatted string of certificate 244 * @since jsrsasign 9.0.0 asn1hex 2.0.0 245 * @description 246 * This method returns a string of PEM formatted 247 * certificate. 248 * @example 249 * cert = new KJUR.asn1.x509.Certificate({...}); 250 * cert.getPEM() → 251 * "-----BEGIN CERTIFICATE-----\r\n..." 252 */ 253 this.getPEM = function() { 254 return hextopem(this.getEncodedHex(), "CERTIFICATE"); 255 }; 256 257 this.getEncodedHex = function() { 258 var params = this.params; 259 260 if (params.tbsobj == undefined || params.tbsobj == null) { 261 params.tbsobj = new _TBSCertificate(params); 262 } 263 264 if (params.sighex == undefined && params.cakey != undefined) { 265 this.sign(); 266 } 267 268 if (params.sighex == undefined) { 269 throw new Error("sighex or cakey parameter not defined"); 270 } 271 272 var a = []; 273 a.push(params.tbsobj); 274 a.push(new _AlgorithmIdentifier({name: params.sigalg})); 275 a.push(new _DERBitString({hex: "00" + params.sighex})); 276 var seq = new _DERSequence({array: a}); 277 return seq.getEncodedHex(); 278 }; 279 280 if (params != undefined) this.params = params; 281 }; 282 YAHOO.lang.extend(KJUR.asn1.x509.Certificate, KJUR.asn1.ASN1Object); 283 284 /** 285 * ASN.1 TBSCertificate structure class<br/> 286 * @name KJUR.asn1.x509.TBSCertificate 287 * @class ASN.1 TBSCertificate structure class 288 * @property {Array} params JSON object of parameters 289 * @param {Array} params JSON object of TBSCertificate parameters 290 * @extends KJUR.asn1.ASN1Object 291 * @see KJUR.asn1.x509.Certificate 292 * 293 * @description 294 * <br/> 295 * NOTE: TBSCertificate class is updated without backward 296 * compatibility from jsrsasign 9.0.0 asn1x509 2.0.0. 297 * Most of methods are removed and parameters can be set 298 * by JSON object. 299 * 300 * @example 301 * new TBSCertificate({ 302 * version: 3, // this can be omitted, the default is 3. 303 * serial: {hex: "1234..."}, // DERInteger parameter 304 * sigalg: "SHA256withRSA", 305 * issuer: {array:[[{type:'O',value:'Test',ds:'prn'}]]}, // X500Name parameter 306 * notbefore: "151231235959Z", // string, passed to Time 307 * notafter: "251231235959Z", // string, passed to Time 308 * subject: {array:[[{type:'O',value:'Test',ds:'prn'}]]}, // X500Name parameter 309 * sbjpubkey: "-----BEGIN...", // KEYUTIL.getKey pubkey parameter 310 * // As for extension parameters, please see extension class 311 * // All extension parameters need to have "extname" parameter additionaly. 312 * ext:[{ 313 * extname:"keyUsage",critical:true, 314 * names:["digitalSignature","keyEncipherment"] 315 * },{ 316 * extname:"cRLDistributionPoints", 317 * array:[{dpname:{full:[{uri:"http://example.com/a1.crl"}]}}] 318 * }, ...] 319 * }) 320 * 321 * var tbsc = new TBSCertificate(); 322 * tbsc.setByParam({version:3,serial:{hex:'1234...'},...}); 323 */ 324 KJUR.asn1.x509.TBSCertificate = function(params) { 325 KJUR.asn1.x509.TBSCertificate.superclass.constructor.call(this); 326 var _KJUR = KJUR, 327 _KJUR_asn1 = _KJUR.asn1, 328 _KJUR_asn1_x509 = _KJUR_asn1.x509, 329 _DERTaggedObject = _KJUR_asn1.DERTaggedObject, 330 _DERInteger = _KJUR_asn1.DERInteger, 331 _DERSequence = _KJUR_asn1.DERSequence, 332 _AlgorithmIdentifier = _KJUR_asn1_x509.AlgorithmIdentifier, 333 _Time = _KJUR_asn1_x509.Time, 334 _X500Name = _KJUR_asn1_x509.X500Name, 335 _Extensions = _KJUR_asn1_x509.Extensions, 336 _SubjectPublicKeyInfo = _KJUR_asn1_x509.SubjectPublicKeyInfo; 337 338 this.params = null; 339 340 /** 341 * get array of ASN.1 object for extensions<br/> 342 * @name setByParam 343 * @memberOf KJUR.asn1.x509.TBSCertificate# 344 * @function 345 * @param {Array} JSON object of TBSCertificate parameters 346 * @example 347 * tbsc = new KJUR.asn1.x509.TBSCertificate(); 348 * tbsc.setByParam({version:3, serial:{hex:'1234...'},...}); 349 */ 350 this.setByParam = function(params) { 351 this.params = params; 352 }; 353 354 this.getEncodedHex = function() { 355 var a = []; 356 var params = this.params; 357 358 // X.509v3 default if params.version not defined 359 if (params.version != undefined || params.version != 1) { 360 var version = 2; 361 if (params.version != undefined) version = params.version - 1; 362 var obj = 363 new _DERTaggedObject({obj: new _DERInteger({'int': version})}) 364 a.push(obj); 365 } 366 367 a.push(new _DERInteger(params.serial)); 368 a.push(new _AlgorithmIdentifier({name: params.sigalg})); 369 a.push(new _X500Name(params.issuer)); 370 a.push(new _DERSequence({array:[new _Time(params.notbefore), 371 new _Time(params.notafter)]})); 372 a.push(new _X500Name(params.subject)); 373 a.push(new _SubjectPublicKeyInfo(KEYUTIL.getKey(params.sbjpubkey))); 374 if (params.ext !== undefined && params.ext.length > 0) { 375 a.push(new _DERTaggedObject({tag: "a3", 376 obj: new _Extensions(params.ext)})); 377 } 378 379 var seq = new KJUR.asn1.DERSequence({array: a}); 380 return seq.getEncodedHex(); 381 }; 382 383 if (params !== undefined) this.setByParam(params); 384 }; 385 YAHOO.lang.extend(KJUR.asn1.x509.TBSCertificate, KJUR.asn1.ASN1Object); 386 387 /** 388 * Extensions ASN.1 structure class<br/> 389 * @name KJUR.asn1.x509.Extensions 390 * @class Extensions ASN.1 structure class 391 * @param {Array} aParam array of JSON extension parameter 392 * @extends KJUR.asn1.ASN1Object 393 * @since jsrsasign 9.1.0 asn1x509 2.1.0 394 * @see KJUR.asn1.x509.TBSCertificate 395 * @see KJUR.asn1.x509.TBSCertList 396 * @see KJUR.asn1.csr.CertificationRequestInfo 397 * @see KJUR.asn1.x509.PrivateExtension 398 * 399 * @description 400 * This class represents 401 * <a href="https://tools.ietf.org/html/rfc5280#section-4.1"> 402 * Extensions defined in RFC 5280 4.1</a> and 403 * <a href="https://tools.ietf.org/html/rfc5280#section-4.1.2.9"> 404 * 4.1.2.9</a>. 405 * <pre> 406 * Extensions ::= SEQUENCE SIZE (1..MAX) OF Extension 407 * </pre> 408 * NOTE: From jsrsasign 9.1.1, private extension or 409 * undefined extension have been supported by 410 * {@link KJUR.asn1.x509.PrivateExtension}. 411 * 412 * @example 413 * o = new KJUR.asn1.x509.Extensions([ 414 * {extname:"keyUsage",critical:true,names:["digitalSignature"]}, 415 * {extname:"subjectAltName",array:[{dns:"example.com"}]}, 416 * {extname:"1.2.3.4",extn:{prnstr:"aa"}} // private extension 417 * ]); 418 * o.getEncodedHex() → "30..." 419 */ 420 KJUR.asn1.x509.Extensions = function(aParam) { 421 KJUR.asn1.x509.Extensions.superclass.constructor.call(this); 422 var _KJUR = KJUR, 423 _KJUR_asn1 = _KJUR.asn1, 424 _DERSequence = _KJUR_asn1.DERSequence, 425 _KJUR_asn1_x509 = _KJUR_asn1.x509; 426 this.aParam = []; 427 428 this.setByParam = function(aParam) { this.aParam = aParam; } 429 430 this.getEncodedHex = function() { 431 var a = []; 432 for (var i = 0; i < this.aParam.length; i++) { 433 var param = this.aParam[i]; 434 var extname = param.extname; 435 var obj = null; 436 437 if (param.extn != undefined) { 438 obj = new _KJUR_asn1_x509.PrivateExtension(param); 439 } else if (extname == "subjectKeyIdentifier") { 440 obj = new _KJUR_asn1_x509.SubjectKeyIdentifier(param); 441 } else if (extname == "keyUsage") { 442 obj = new _KJUR_asn1_x509.KeyUsage(param); 443 } else if (extname == "subjectAltName") { 444 obj = new _KJUR_asn1_x509.SubjectAltName(param); 445 } else if (extname == "issuerAltName") { 446 obj = new _KJUR_asn1_x509.IssuerAltName(param); 447 } else if (extname == "basicConstraints") { 448 obj = new _KJUR_asn1_x509.BasicConstraints(param); 449 } else if (extname == "cRLDistributionPoints") { 450 obj = new _KJUR_asn1_x509.CRLDistributionPoints(param); 451 } else if (extname == "certificatePolicies") { 452 obj = new _KJUR_asn1_x509.CertificatePolicies(param); 453 } else if (extname == "authorityKeyIdentifier") { 454 obj = new _KJUR_asn1_x509.AuthorityKeyIdentifier(param); 455 } else if (extname == "extKeyUsage") { 456 obj = new _KJUR_asn1_x509.ExtKeyUsage(param); 457 } else if (extname == "authorityInfoAccess") { 458 obj = new _KJUR_asn1_x509.AuthorityInfoAccess(param); 459 } else if (extname == "cRLNumber") { 460 obj = new _KJUR_asn1_x509.CRLNumber(param); 461 } else if (extname == "cRLReason") { 462 obj = new _KJUR_asn1_x509.CRLReason(param); 463 } else if (extname == "ocspNonce") { 464 obj = new _KJUR_asn1_x509.OCSPNonce(param); 465 } else if (extname == "ocspNoCheck") { 466 obj = new _KJUR_asn1_x509.OCSPNoCheck(param); 467 } else if (extname == "adobeTimeStamp") { 468 obj = new _KJUR_asn1_x509.AdobeTimeStamp(param); 469 } else { 470 throw new Error("extension not supported:" 471 + JSON.stringify(param)); 472 } 473 if (obj != null) a.push(obj); 474 } 475 476 var seq = new _DERSequence({array: a}); 477 return seq.getEncodedHex(); 478 }; 479 480 if (aParam != undefined) this.setByParam(aParam); 481 }; 482 YAHOO.lang.extend(KJUR.asn1.x509.Extensions, KJUR.asn1.ASN1Object); 483 484 485 // === END TBSCertificate =================================================== 486 487 // === BEGIN X.509v3 Extensions Related ======================================= 488 489 /** 490 * base Extension ASN.1 structure class 491 * @name KJUR.asn1.x509.Extension 492 * @class base Extension ASN.1 structure class 493 * @param {Array} params associative array of parameters (ex. {'critical': true}) 494 * @extends KJUR.asn1.ASN1Object 495 * @description 496 * <pre> 497 * Extension ::= SEQUENCE { 498 * extnID OBJECT IDENTIFIER, 499 * critical BOOLEAN DEFAULT FALSE, 500 * extnValue OCTET STRING } 501 * </pre> 502 * @example 503 */ 504 KJUR.asn1.x509.Extension = function(params) { 505 KJUR.asn1.x509.Extension.superclass.constructor.call(this); 506 var asn1ExtnValue = null, 507 _KJUR = KJUR, 508 _KJUR_asn1 = _KJUR.asn1, 509 _DERObjectIdentifier = _KJUR_asn1.DERObjectIdentifier, 510 _DEROctetString = _KJUR_asn1.DEROctetString, 511 _DERBitString = _KJUR_asn1.DERBitString, 512 _DERBoolean = _KJUR_asn1.DERBoolean, 513 _DERSequence = _KJUR_asn1.DERSequence; 514 515 this.getEncodedHex = function() { 516 var asn1Oid = new _DERObjectIdentifier({'oid': this.oid}); 517 var asn1EncapExtnValue = 518 new _DEROctetString({'hex': this.getExtnValueHex()}); 519 520 var asn1Array = new Array(); 521 asn1Array.push(asn1Oid); 522 if (this.critical) asn1Array.push(new _DERBoolean()); 523 asn1Array.push(asn1EncapExtnValue); 524 525 var asn1Seq = new _DERSequence({'array': asn1Array}); 526 return asn1Seq.getEncodedHex(); 527 }; 528 529 this.critical = false; 530 if (params !== undefined) { 531 if (params.critical !== undefined) { 532 this.critical = params.critical; 533 } 534 } 535 }; 536 YAHOO.lang.extend(KJUR.asn1.x509.Extension, KJUR.asn1.ASN1Object); 537 538 /** 539 * KeyUsage ASN.1 structure class 540 * @name KJUR.asn1.x509.KeyUsage 541 * @class KeyUsage ASN.1 structure class 542 * @param {Array} params associative array of parameters (ex. {'bin': '11', 'critical': true}) 543 * @extends KJUR.asn1.x509.Extension 544 * @description 545 * This class is for <a href="https://tools.ietf.org/html/rfc5280#section-4.2.1.3" target="_blank">KeyUsage</a> X.509v3 extension. 546 * <pre> 547 * id-ce-keyUsage OBJECT IDENTIFIER ::= { id-ce 15 } 548 * KeyUsage ::= BIT STRING { 549 * digitalSignature (0), 550 * nonRepudiation (1), 551 * keyEncipherment (2), 552 * dataEncipherment (3), 553 * keyAgreement (4), 554 * keyCertSign (5), 555 * cRLSign (6), 556 * encipherOnly (7), 557 * decipherOnly (8) } 558 * </pre><br/> 559 * NOTE: 'names' parameter is supprted since jsrsasign 8.0.14. 560 * @example 561 * o = new KJUR.asn1.x509.KeyUsage({bin: "11"}); 562 * o = new KJUR.asn1.x509.KeyUsage({critical: true, bin: "11"}); 563 * o = new KJUR.asn1.x509.KeyUsage({names: ['digitalSignature', 'keyAgreement']}); 564 */ 565 KJUR.asn1.x509.KeyUsage = function(params) { 566 KJUR.asn1.x509.KeyUsage.superclass.constructor.call(this, params); 567 var _KEYUSAGE_NAME = X509.KEYUSAGE_NAME; 568 569 this.getExtnValueHex = function() { 570 return this.asn1ExtnValue.getEncodedHex(); 571 }; 572 573 this.oid = "2.5.29.15"; 574 if (params !== undefined) { 575 if (params.bin !== undefined) { 576 this.asn1ExtnValue = new KJUR.asn1.DERBitString(params); 577 } 578 if (params.names !== undefined && 579 params.names.length !== undefined) { 580 var names = params.names; 581 var s = "000000000"; 582 for (var i = 0; i < names.length; i++) { 583 for (var j = 0; j < _KEYUSAGE_NAME.length; j++) { 584 if (names[i] === _KEYUSAGE_NAME[j]) { 585 s = s.substring(0, j) + '1' + 586 s.substring(j + 1, s.length); 587 } 588 } 589 } 590 this.asn1ExtnValue = new KJUR.asn1.DERBitString({bin: s}); 591 } 592 } 593 }; 594 YAHOO.lang.extend(KJUR.asn1.x509.KeyUsage, KJUR.asn1.x509.Extension); 595 596 /** 597 * BasicConstraints ASN.1 structure class 598 * @name KJUR.asn1.x509.BasicConstraints 599 * @class BasicConstraints ASN.1 structure class 600 * @param {Array} params JSON object for parameters (ex. {cA:true,critical:true}) 601 * @extends KJUR.asn1.x509.Extension 602 * @see {@link X509#getExtBasicConstraints} 603 * @description 604 * This class represents 605 * <a href="https://tools.ietf.org/html/rfc5280#section-4.2.1.9"> 606 * BasicConstraints extension defined in RFC 5280 4.2.1.9</a>. 607 * <pre> 608 * id-ce-basicConstraints OBJECT IDENTIFIER ::= { id-ce 19 } 609 * BasicConstraints ::= SEQUENCE { 610 * cA BOOLEAN DEFAULT FALSE, 611 * pathLenConstraint INTEGER (0..MAX) OPTIONAL } 612 * </pre> 613 * Its constructor can have following parameters: 614 * <ul> 615 * <li>{Boolean}cA - cA flag</li> 616 * <li>{Integer}pathLen - pathLen field value</li> 617 * <li>{Boolean}critical - critical flag</li> 618 * </ul> 619 * @example 620 * new KJUR.asn1.x509.BasicConstraints({ 621 * cA: true, 622 * pathLen: 3, 623 * critical: true 624 * }) 625 */ 626 KJUR.asn1.x509.BasicConstraints = function(params) { 627 KJUR.asn1.x509.BasicConstraints.superclass.constructor.call(this, params); 628 var _KJUR_asn1 = KJUR.asn1, 629 _DERBoolean = _KJUR_asn1.DERBoolean, 630 _DERInteger = _KJUR_asn1.DERInteger, 631 _DERSequence = _KJUR_asn1.DERSequence; 632 633 var cA = false; 634 var pathLen = -1; 635 636 this.getExtnValueHex = function() { 637 var asn1Array = new Array(); 638 if (this.cA) asn1Array.push(new _DERBoolean()); 639 if (this.pathLen > -1) 640 asn1Array.push(new _DERInteger({'int': this.pathLen})); 641 var asn1Seq = new _DERSequence({'array': asn1Array}); 642 this.asn1ExtnValue = asn1Seq; 643 return this.asn1ExtnValue.getEncodedHex(); 644 }; 645 646 this.oid = "2.5.29.19"; 647 this.cA = false; 648 this.pathLen = -1; 649 if (params !== undefined) { 650 if (params.cA !== undefined) { 651 this.cA = params.cA; 652 } 653 if (params.pathLen !== undefined) { 654 this.pathLen = params.pathLen; 655 } 656 } 657 }; 658 YAHOO.lang.extend(KJUR.asn1.x509.BasicConstraints, KJUR.asn1.x509.Extension); 659 660 /** 661 * CRLDistributionPoints ASN.1 structure class 662 * @name KJUR.asn1.x509.CRLDistributionPoints 663 * @class CRLDistributionPoints ASN.1 structure class 664 * @param {Array} params associative array of parameters (ex. {'uri': 'http://a.com/', 'critical': true}) 665 * @extends KJUR.asn1.x509.Extension 666 * @see {@link X509#getExtCRLDistributionPoints} 667 * @see {@link KJUR.asn1.x509.DistributionPoint} 668 * @see {@link KJUR.asn1.x509.GeneralNames} 669 * @description 670 * This class represents 671 * <a href="https://tools.ietf.org/html/rfc5280#section-4.2.1.13"> 672 * CRLDistributionPoints extension defined in RFC 5280 4.2.1.13</a>. 673 * <pre> 674 * id-ce-cRLDistributionPoints OBJECT IDENTIFIER ::= { id-ce 31 } 675 * CRLDistributionPoints ::= SEQUENCE SIZE (1..MAX) OF DistributionPoint 676 * DistributionPoint ::= SEQUENCE { 677 * distributionPoint [0] DistributionPointName OPTIONAL, 678 * reasons [1] ReasonFlags OPTIONAL, 679 * cRLIssuer [2] GeneralNames OPTIONAL } 680 * DistributionPointName ::= CHOICE { 681 * fullName [0] GeneralNames, 682 * nameRelativeToCRLIssuer [1] RelativeDistinguishedName } 683 * </pre> 684 * Constructor can have following parameter: 685 * <ul> 686 * <li>{Array}array - array of {@link KJUR.asn1.x509.DistributionPoint} parameter</li> 687 * <li>{Boolean}critical - critical flag</li> 688 * </ul> 689 * @example 690 * new KJUR.asn1.x509.CRLDistributionPoints({ 691 * array: [{fulluri: "http://aaa.com/"}, {fulluri: "ldap://aaa.com/"}], 692 * critical: true 693 * }) 694 */ 695 KJUR.asn1.x509.CRLDistributionPoints = function(params) { 696 KJUR.asn1.x509.CRLDistributionPoints.superclass.constructor.call(this, params); 697 var _KJUR = KJUR, 698 _KJUR_asn1 = _KJUR.asn1, 699 _KJUR_asn1_x509 = _KJUR_asn1.x509; 700 701 this.getExtnValueHex = function() { 702 return this.asn1ExtnValue.getEncodedHex(); 703 }; 704 705 this.setByDPArray = function(dpArray) { 706 var asn1Array = []; 707 for (var i = 0; i < dpArray.length; i++) { 708 if (dpArray[i] instanceof KJUR.asn1.ASN1Object) { 709 asn1Array.push(dpArray[i]); 710 } else { 711 var dp = new _KJUR_asn1_x509.DistributionPoint(dpArray[i]); 712 asn1Array.push(dp); 713 } 714 } 715 this.asn1ExtnValue = new _KJUR_asn1.DERSequence({'array': asn1Array}); 716 }; 717 718 this.setByOneURI = function(uri) { 719 var dp1 = new _KJUR_asn1_x509.DistributionPoint({fulluri: uri}); 720 this.setByDPArray([dp1]); 721 }; 722 723 this.oid = "2.5.29.31"; 724 if (params !== undefined) { 725 if (params.array !== undefined) { 726 this.setByDPArray(params.array); 727 } else if (params.uri !== undefined) { 728 this.setByOneURI(params.uri); 729 } 730 } 731 }; 732 YAHOO.lang.extend(KJUR.asn1.x509.CRLDistributionPoints, KJUR.asn1.x509.Extension); 733 734 /** 735 * DistributionPoint ASN.1 structure class<br/> 736 * @name KJUR.asn1.x509.DistributionPoint 737 * @class DistributionPoint ASN.1 structure class 738 * @param {Array} params JSON object of parameters (OPTIONAL) 739 * @extends KJUR.asn1.ASN1Object 740 * @see {@link KJUR.asn1.x509.CRLDistributionPoints} 741 * @see {@link KJUR.asn1.x509.DistributionPointName} 742 * @see {@link KJUR.asn1.x509.GeneralNames} 743 * @see {@link X509#getDistributionPoint} 744 * @description 745 * This class represents 746 * <a href="https://tools.ietf.org/html/rfc5280#section-4.2.1.13"> 747 * DistributionPoint defined in RFC 5280 4.2.1.13</a>. 748 * <pre> 749 * DistributionPoint ::= SEQUENCE { 750 * distributionPoint [0] DistributionPointName OPTIONAL, 751 * reasons [1] ReasonFlags OPTIONAL, 752 * cRLIssuer [2] GeneralNames OPTIONAL } 753 * </pre> 754 * Constructor can have following parameter: 755 * <ul> 756 * <li>{String}fulluri - uri string for fullName uri. This has the same meaning for '{dpname: {full: [{uri: "..."]}}'.</li> 757 * <li>{Array}dpname - JSON object for {@link KJUR.asn1.x509.DistributionPointName} parameters</li> 758 * <li>{DistrubutionPoint}dpobj - {@link KJUR.asn1.x509.DistributionPointName} object (DEPRECATED)</li> 759 * </ul> 760 * <br/> 761 * NOTE1: Parameter "fulluri" and "dpname" supported 762 * since jsrsasign 9.0.0 asn1x509 2.0.0. 763 * <br/> 764 * NOTE2: The "reasons" and "cRLIssuer" fields are currently 765 * not supported. 766 * @example 767 * new KJUR.asn1.x509.DistributionPoint( 768 * {fulluri: "http://example.com/crl1.crl"}) 769 * new KJUR.asn1.x509.DistributionPoint( 770 * {dpname: {full: [{uri: "http://example.com/crl1.crl"}]}}) 771 * new KJUR.asn1.x509.DistributionPoint( 772 * {dpobj: new DistributionPoint(...)}) 773 */ 774 KJUR.asn1.x509.DistributionPoint = function(params) { 775 KJUR.asn1.x509.DistributionPoint.superclass.constructor.call(this); 776 var asn1DP = null, 777 _KJUR = KJUR, 778 _KJUR_asn1 = _KJUR.asn1, 779 _DistributionPointName = _KJUR_asn1.x509.DistributionPointName; 780 781 this.getEncodedHex = function() { 782 var seq = new _KJUR_asn1.DERSequence(); 783 if (this.asn1DP != null) { 784 var o1 = new _KJUR_asn1.DERTaggedObject({'explicit': true, 785 'tag': 'a0', 786 'obj': this.asn1DP}); 787 seq.appendASN1Object(o1); 788 } 789 this.hTLV = seq.getEncodedHex(); 790 return this.hTLV; 791 }; 792 793 if (params !== undefined) { 794 if (params.dpobj !== undefined) { 795 this.asn1DP = params.dpobj; 796 } else if (params.dpname !== undefined) { 797 this.asn1DP = new _DistributionPointName(params.dpname); 798 } else if (params.fulluri !== undefined) { 799 this.asn1DP = new _DistributionPointName({full: [{uri: params.fulluri}]}); 800 } 801 } 802 }; 803 YAHOO.lang.extend(KJUR.asn1.x509.DistributionPoint, KJUR.asn1.ASN1Object); 804 805 /** 806 * DistributionPointName ASN.1 structure class<br/> 807 * @name KJUR.asn1.x509.DistributionPointName 808 * @class DistributionPointName ASN.1 structure class 809 * @param {Array} params JSON object of parameters or GeneralNames object 810 * @extends KJUR.asn1.ASN1Object 811 * @see {@link KJUR.asn1.x509.CRLDistributionPoints} 812 * @see {@link KJUR.asn1.x509.DistributionPoint} 813 * @see {@link KJUR.asn1.x509.GeneralNames} 814 * @see {@link X509#getDistributionPointName} 815 * @description 816 * This class represents 817 * <a href="https://tools.ietf.org/html/rfc5280#section-4.2.1.13"> 818 * DistributionPointName defined in RFC 5280 4.2.1.13</a>. 819 * <pre> 820 * DistributionPointName ::= CHOICE { 821 * fullName [0] GeneralNames, 822 * nameRelativeToCRLIssuer [1] RelativeDistinguishedName } 823 * </pre> 824 * Constructor can have following parameter: 825 * <ul> 826 * <li>{String}full - JSON object parameter of {@link KJUR.asn1.x509.GeneralNames} for 'fullName' field</li> 827 * <li>{GeneralNames} - {@link KJUR.asn1.x509.GeneralNames} object for 'fullName'</li> 828 * </ul> 829 * NOTE1: 'full' parameter have been suppored since jsrsasign 9.0.0 asn1x509 2.0.0. 830 * <br> 831 * NOTE2: The 'nameRelativeToCRLIssuer' field is currently not supported. 832 * @example 833 * new KJUR.asn1.x509.DistributionPointName({full: <<GeneralNamesParameter>>}) 834 * new KJUR.asn1.x509.DistributionPointName({full: [{uri: <<CDPURI>>}]}) 835 * new KJUR.asn1.x509.DistributionPointName({full: [{dn: <<DN Parameter>>}]} 836 * new KJUR.asn1.x509.DistributionPointName({full: [{uri: "http://example.com/root.crl"}]}) 837 * new KJUR.asn1.x509.DistributionPointName({full: [{dn {str: "/C=US/O=Test"}}]}) 838 * new KJUR.asn1.x509.DistributionPointName(new GeneralNames(...)) 839 */ 840 KJUR.asn1.x509.DistributionPointName = function(params) { 841 KJUR.asn1.x509.DistributionPointName.superclass.constructor.call(this); 842 var asn1Obj = null, 843 type = null, 844 tag = null, 845 asn1V = null, 846 _KJUR = KJUR, 847 _KJUR_asn1 = _KJUR.asn1, 848 _DERTaggedObject = _KJUR_asn1.DERTaggedObject; 849 850 this.getEncodedHex = function() { 851 if (this.type != "full") 852 throw new Error("currently type shall be 'full': " + this.type); 853 this.asn1Obj = new _DERTaggedObject({'explicit': false, 854 'tag': this.tag, 855 'obj': this.asn1V}); 856 this.hTLV = this.asn1Obj.getEncodedHex(); 857 return this.hTLV; 858 }; 859 860 if (params !== undefined) { 861 if (_KJUR_asn1.x509.GeneralNames.prototype.isPrototypeOf(params)) { 862 this.type = "full"; 863 this.tag = "a0"; 864 this.asn1V = params; 865 } else if (params.full !== undefined) { 866 this.type = "full"; 867 this.tag = "a0"; 868 this.asn1V = new _KJUR_asn1.x509.GeneralNames(params.full); 869 } else { 870 throw new Error("This class supports GeneralNames only as argument"); 871 } 872 } 873 }; 874 YAHOO.lang.extend(KJUR.asn1.x509.DistributionPointName, KJUR.asn1.ASN1Object); 875 876 /** 877 * CertificatePolicies ASN.1 structure class 878 * @name KJUR.asn1.x509.CertificatePolicies 879 * @class CertificatePolicies ASN.1 structure class 880 * @param {Array} params associative array of parameters 881 * @extends KJUR.asn1.x509.Extension 882 * @since jsrsasign 8.0.23 asn1x509 1.1.12 883 * @see KJUR.asn1.x509.CertificatePolicies 884 * @see KJUR.asn1.x509.PolicyInformation 885 * @see KJUR.asn1.x509.PolicyQualifierInfo 886 * @see KJUR.asn1.x509.UserNotice 887 * @see KJUR.asn1.x509.NoticeReference 888 * @see KJUR.asn1.x509.DisplayText 889 * @description 890 * This class represents 891 * <a href="https://tools.ietf.org/html/rfc5280#section-4.2.1.4"> 892 * CertificatePolicies extension defined in RFC 5280 4.2.1.4</a>. 893 * <pre> 894 * id-ce-certificatePolicies OBJECT IDENTIFIER ::= { id-ce 32 } 895 * CertificatePolicies ::= SEQUENCE SIZE (1..MAX) OF PolicyInformation 896 * </pre> 897 * Its constructor can have following parameters: 898 * <ul> 899 * <li>array - array of {@link KJUR.asn1.x509.PolicyInformation} parameter</li> 900 * <li>critical - boolean: critical flag</li> 901 * </ul> 902 * NOTE: Returned JSON value format have been changed without 903 * backward compatibility since jsrsasign 9.0.0 asn1x509 2.0.0. 904 * @example 905 * e1 = new KJUR.asn1.x509.CertificatePolicies({ 906 * array: [ 907 * { policyoid: "1.2.3.4.5", 908 * array: [ 909 * { cps: "https://example.com/repository" }, 910 * { unotice: { 911 * noticeref: { // CA SHOULD NOT use this by RFC 912 * org: {type: "ia5", str: "Sample Org"}, 913 * noticenum: [{int: 5}, {hex: "01af"}] 914 * }, 915 * exptext: {type: "ia5", str: "Sample Policy"} 916 * }} 917 * ] 918 * } 919 * ], 920 * critical: true 921 * }); 922 */ 923 KJUR.asn1.x509.CertificatePolicies = function(params) { 924 KJUR.asn1.x509.CertificatePolicies.superclass.constructor.call(this, params); 925 var _KJUR = KJUR, 926 _KJUR_asn1 = _KJUR.asn1, 927 _KJUR_asn1_x509 = _KJUR_asn1.x509, 928 _DERSequence = _KJUR_asn1.DERSequence, 929 _PolicyInformation = _KJUR_asn1_x509.PolicyInformation; 930 931 this.params = null; 932 933 this.getExtnValueHex = function() { 934 var aPI = []; 935 for (var i = 0; i < this.params.array.length; i++) { 936 aPI.push(new _PolicyInformation(this.params.array[i])); 937 } 938 var seq = new _DERSequence({array: aPI}); 939 this.asn1ExtnValue = seq; 940 return this.asn1ExtnValue.getEncodedHex(); 941 }; 942 943 this.oid = "2.5.29.32"; 944 if (params !== undefined) { 945 this.params = params; 946 } 947 }; 948 YAHOO.lang.extend(KJUR.asn1.x509.CertificatePolicies, KJUR.asn1.x509.Extension); 949 950 // ===== BEGIN CertificatePolicies related classes ===== 951 /** 952 * PolicyInformation ASN.1 structure class 953 * @name KJUR.asn1.x509.PolicyInformation 954 * @class PolicyInformation ASN.1 structure class 955 * @param {Array} params JSON object of parameters 956 * @extends KJUR.asn1.ASN1Object 957 * @since jsrsasign 8.0.23 asn1x509 1.1.12 958 * @see KJUR.asn1.x509.CertificatePolicies 959 * @see KJUR.asn1.x509.PolicyInformation 960 * @see KJUR.asn1.x509.PolicyQualifierInfo 961 * @see KJUR.asn1.x509.UserNotice 962 * @see KJUR.asn1.x509.NoticeReference 963 * @see KJUR.asn1.x509.DisplayText 964 * @description 965 * This class represents 966 * <a href="https://tools.ietf.org/html/rfc5280#section-4.2.1.4"> 967 * PolicyInformation defined in RFC 5280 4.2.1.4</a>. 968 * <pre> 969 * PolicyInformation ::= SEQUENCE { 970 * policyIdentifier CertPolicyId, 971 * policyQualifiers SEQUENCE SIZE (1..MAX) OF 972 * PolicyQualifierInfo OPTIONAL } 973 * CertPolicyId ::= OBJECT IDENTIFIER 974 * Its constructor can have following parameters: 975 * <ul> 976 * <li>{String}policyoid - policy OID (ex. "1.2.3.4.5")</li> 977 * <li>{Object}array - array of {@link KJUR.asn1.x509.PolicyQualifierInfo} 978 * parameters (OPTIONAL)</li> 979 * </ul> 980 * @example 981 * new KJUR.asn1.x509.PolicyInformation({ 982 * policyoid: "1.2.3.4.5", 983 * array: [ 984 * { cps: "https://example.com/repository" }, 985 * { unotice: { 986 * noticeref: { // CA SHOULD NOT use this by RFC 987 * org: {type: "ia5", str: "Sample Org"}, 988 * noticenum: [{int: 5}, {hex: "01af"}] 989 * }, 990 * exptext: {type: "ia5", str: "Sample Policy"} 991 * }} 992 * ] 993 * }) 994 */ 995 KJUR.asn1.x509.PolicyInformation = function(params) { 996 KJUR.asn1.x509.PolicyInformation.superclass.constructor.call(this, 997 params); 998 var _KJUR_asn1 = KJUR.asn1, 999 _DERSequence = _KJUR_asn1.DERSequence, 1000 _DERObjectIdentifier = _KJUR_asn1.DERObjectIdentifier, 1001 _PolicyQualifierInfo = _KJUR_asn1.x509.PolicyQualifierInfo; 1002 1003 this.params = null; 1004 1005 this.getEncodedHex = function() { 1006 if (this.params.policyoid === undefined && 1007 this.params.array === undefined) 1008 throw new Error("parameter oid and array missing"); 1009 1010 // policy oid 1011 var a = [new _DERObjectIdentifier(this.params.policyoid)]; 1012 1013 // array of ASN1Object of PolicyQualifierInfo 1014 if (this.params.array !== undefined) { 1015 var aPQI = []; 1016 for (var i = 0; i < this.params.array.length; i++) { 1017 aPQI.push(new _PolicyQualifierInfo(this.params.array[i])); 1018 } 1019 if (aPQI.length > 0) { 1020 a.push(new _DERSequence({array: aPQI})); 1021 } 1022 } 1023 1024 var seq = new _DERSequence({array: a}); 1025 return seq.getEncodedHex(); 1026 }; 1027 1028 if (params !== undefined) { 1029 this.params = params; 1030 } 1031 }; 1032 YAHOO.lang.extend(KJUR.asn1.x509.PolicyInformation, KJUR.asn1.ASN1Object); 1033 1034 /** 1035 * PolicyQualifierInfo ASN.1 structure class 1036 * @name KJUR.asn1.x509.PolicyQualifierInfo 1037 * @class PolicyQualifierInfo ASN.1 structure class 1038 * @param {Array} params associative array of parameters 1039 * @extends KJUR.asn1.ASN1Object 1040 * @since jsrsasign 8.0.23 asn1x509 1.1.12 1041 * @description 1042 * This class represents 1043 * <a href="https://tools.ietf.org/html/rfc5280#section-4.2.1.4"> 1044 * PolicyQualifierInfo defined in RFC 5280 4.2.1.4</a>. 1045 * <pre> 1046 * PolicyQualifierInfo ::= SEQUENCE { 1047 * policyQualifierId PolicyQualifierId, 1048 * qualifier ANY DEFINED BY policyQualifierId } 1049 * PolicyQualifierId ::= OBJECT IDENTIFIER ( id-qt-cps | id-qt-unotice ) 1050 * CPSuri ::= IA5String 1051 * </pre> 1052 * Its constructor can have one of following two parameters: 1053 * <ul> 1054 * <li>{String}cps - URI string for CPS</li> 1055 * <li>{Object}unotice - {@link KJUR.asn1.x509.UserNotice} parameter</li> 1056 * </ul> 1057 * @example 1058 * new PolicyQualifierInfo({ 1059 * cps: "https://example.com/repository/cps" 1060 * }) 1061 * 1062 * new PolicyQualifierInfo({ 1063 * unotice: { 1064 * noticeref: { // CA SHOULD NOT use this by RFC 1065 * org: {type: "bmp", str: "Sample Org"}, 1066 * noticenum: [{int: 3}, {hex: "01af"}] 1067 * }, 1068 * exptext: {type: "ia5", str: "Sample Policy"} 1069 * } 1070 * }) 1071 */ 1072 KJUR.asn1.x509.PolicyQualifierInfo = function(params) { 1073 KJUR.asn1.x509.PolicyQualifierInfo.superclass.constructor.call(this, 1074 params); 1075 var _KJUR_asn1 = KJUR.asn1, 1076 _DERSequence = _KJUR_asn1.DERSequence, 1077 _DERIA5String = _KJUR_asn1.DERIA5String, 1078 _DERObjectIdentifier = _KJUR_asn1.DERObjectIdentifier, 1079 _UserNotice = _KJUR_asn1.x509.UserNotice; 1080 1081 this.params = null; 1082 1083 this.getEncodedHex = function() { 1084 if (this.params.cps !== undefined) { 1085 var seq = new _DERSequence({array: [ 1086 new _DERObjectIdentifier({oid: '1.3.6.1.5.5.7.2.1'}), 1087 new _DERIA5String({str: this.params.cps}) 1088 ]}); 1089 return seq.getEncodedHex(); 1090 } 1091 if (this.params.unotice != undefined) { 1092 var seq = new _DERSequence({array: [ 1093 new _DERObjectIdentifier({oid: '1.3.6.1.5.5.7.2.2'}), 1094 new _UserNotice(this.params.unotice) 1095 ]}); 1096 return seq.getEncodedHex(); 1097 } 1098 }; 1099 1100 if (params !== undefined) { 1101 this.params = params; 1102 } 1103 }; 1104 YAHOO.lang.extend(KJUR.asn1.x509.PolicyQualifierInfo, KJUR.asn1.ASN1Object); 1105 1106 1107 /** 1108 * UserNotice ASN.1 structure class 1109 * @name KJUR.asn1.x509.UserNotice 1110 * @class UserNotice ASN.1 structure class 1111 * @param {Array} params associative array of parameters 1112 * @extends KJUR.asn1.ASN1Object 1113 * @since jsrsasign 8.0.23 asn1x509 1.1.12 1114 * @description 1115 * This class represents 1116 * <a href="https://tools.ietf.org/html/rfc5280#section-4.2.1.4"> 1117 * UserNotice defined in RFC 5280 4.2.1.4</a>. 1118 * <pre> 1119 * UserNotice ::= SEQUENCE { 1120 * noticeRef NoticeReference OPTIONAL, 1121 * explicitText DisplayText OPTIONAL } 1122 * </pre> 1123 * Its constructor can have following two parameters: 1124 * <ul> 1125 * <li>{Object}noticeref - {@link KJUR.asn1.x509.NoticeReference} parameter. 1126 * This SHALL NOT be set for conforming CA by RFC 5280. (OPTIONAL)</li> 1127 * <li>{Object}exptext - explicitText value 1128 * by {@link KJUR.asn1.x509.DisplayText} parameter (OPTIONAL)</li> 1129 * </ul> 1130 * @example 1131 * new UserNotice({ 1132 * noticeref: { 1133 * org: {type: "bmp", str: "Sample Org"}, 1134 * noticenum: [{int: 3}, {hex: "01af"}] 1135 * }, 1136 * exptext: {type: "ia5", str: "Sample Policy"} 1137 * }) 1138 */ 1139 KJUR.asn1.x509.UserNotice = function(params) { 1140 KJUR.asn1.x509.UserNotice.superclass.constructor.call(this, params); 1141 var _DERSequence = KJUR.asn1.DERSequence, 1142 _DERInteger = KJUR.asn1.DERInteger, 1143 _DisplayText = KJUR.asn1.x509.DisplayText, 1144 _NoticeReference = KJUR.asn1.x509.NoticeReference; 1145 1146 this.params = null; 1147 1148 this.getEncodedHex = function() { 1149 var a = []; 1150 if (this.params.noticeref !== undefined) { 1151 a.push(new _NoticeReference(this.params.noticeref)); 1152 } 1153 if (this.params.exptext !== undefined) { 1154 a.push(new _DisplayText(this.params.exptext)); 1155 } 1156 var seq = new _DERSequence({array: a}); 1157 return seq.getEncodedHex(); 1158 }; 1159 1160 if (params !== undefined) { 1161 this.params = params; 1162 } 1163 }; 1164 YAHOO.lang.extend(KJUR.asn1.x509.UserNotice, KJUR.asn1.ASN1Object); 1165 1166 /** 1167 * NoticeReference ASN.1 structure class 1168 * @name KJUR.asn1.x509.NoticeReference 1169 * @class NoticeReference ASN.1 structure class 1170 * @param {Array} params associative array of parameters 1171 * @extends KJUR.asn1.ASN1Object 1172 * @since jsrsasign 8.0.23 asn1x509 1.1.12 1173 * @description 1174 * This class represents 1175 * <a href="https://tools.ietf.org/html/rfc5280#section-4.2.1.4"> 1176 * NoticeReference defined in RFC 5280 4.2.1.4</a>. 1177 * <pre> 1178 * NoticeReference ::= SEQUENCE { 1179 * organization DisplayText, 1180 * noticeNumbers SEQUENCE OF INTEGER } 1181 * </pre> 1182 * Its constructor can have following two parameters: 1183 * <ul> 1184 * <li>{Object}org - organization by {@link KJUR.asn1.x509.DisplayText} 1185 * parameter.</li> 1186 * <li>{Object}noticenum - noticeNumbers value by an array of 1187 * {@link KJUR.asn1.DERInteger} parameter</li> 1188 * </ul> 1189 * @example 1190 * new NoticeReference({ 1191 * org: {type: "bmp", str: "Sample Org"}, 1192 * noticenum: [{int: 3}, {hex: "01af"}] 1193 * }) 1194 */ 1195 KJUR.asn1.x509.NoticeReference = function(params) { 1196 KJUR.asn1.x509.NoticeReference.superclass.constructor.call(this, params); 1197 var _DERSequence = KJUR.asn1.DERSequence, 1198 _DERInteger = KJUR.asn1.DERInteger, 1199 _DisplayText = KJUR.asn1.x509.DisplayText; 1200 1201 this.params = null; 1202 1203 this.getEncodedHex = function() { 1204 var a = []; 1205 if (this.params.org !== undefined) { 1206 a.push(new _DisplayText(this.params.org)); 1207 } 1208 if (this.params.noticenum !== undefined) { 1209 var aNoticeNum = []; 1210 var aNumParam = this.params.noticenum; 1211 for (var i = 0; i < aNumParam.length; i++) { 1212 aNoticeNum.push(new _DERInteger(aNumParam[i])); 1213 } 1214 a.push(new _DERSequence({array: aNoticeNum})); 1215 } 1216 if (a.length == 0) throw new Error("parameter is empty"); 1217 var seq = new _DERSequence({array: a}); 1218 return seq.getEncodedHex(); 1219 } 1220 1221 if (params !== undefined) { 1222 this.params = params; 1223 } 1224 }; 1225 YAHOO.lang.extend(KJUR.asn1.x509.NoticeReference, KJUR.asn1.ASN1Object); 1226 1227 /** 1228 * DisplayText ASN.1 structure class 1229 * @name KJUR.asn1.x509.DisplayText 1230 * @class DisplayText ASN.1 structure class 1231 * @param {Array} params associative array of parameters 1232 * @extends KJUR.asn1.DERAbstractString 1233 * @since jsrsasign 8.0.23 asn1x509 1.1.12 1234 * @description 1235 * This class represents 1236 * <a href="https://tools.ietf.org/html/rfc5280#section-4.2.1.4"> 1237 * DisplayText defined in RFC 5280 4.2.1.4</a>. 1238 * <pre> 1239 * -- from RFC 5280 Appendix A 1240 * DisplayText ::= CHOICE { 1241 * ia5String IA5String (SIZE (1..200)), 1242 * visibleString VisibleString (SIZE (1..200)), 1243 * bmpString BMPString (SIZE (1..200)), 1244 * utf8String UTF8String (SIZE (1..200)) } 1245 * </pre> 1246 * {@link KJUR.asn1.DERAbstractString} parameters and methods 1247 * can be used. 1248 * Its constructor can also have following parameter: 1249 * <ul> 1250 * <li>{String} type - DirectoryString type of DisplayText. 1251 * "ia5" for IA5String, "vis" for VisibleString, 1252 * "bmp" for BMPString and "utf8" for UTF8String. 1253 * Default is "utf8". (OPTIONAL)</li> 1254 * </ul> 1255 * @example 1256 * new DisplayText({type: "bmp", str: "Sample Org"}) 1257 * new DisplayText({type: "ia5", str: "Sample Org"}) 1258 * new DisplayText({str: "Sample Org"}) 1259 */ 1260 KJUR.asn1.x509.DisplayText = function(params) { 1261 KJUR.asn1.x509.DisplayText.superclass.constructor.call(this, params); 1262 1263 this.hT = "0c"; // DEFAULT "utf8" 1264 1265 if (params !== undefined) { 1266 if (params.type === "ia5") { 1267 this.hT = "16"; 1268 } else if (params.type === "vis") { 1269 this.hT = "1a"; 1270 } else if (params.type === "bmp") { 1271 this.hT = "1e"; 1272 } 1273 } 1274 }; 1275 YAHOO.lang.extend(KJUR.asn1.x509.DisplayText, KJUR.asn1.DERAbstractString); 1276 // ===== END CertificatePolicies related classes ===== 1277 1278 // ===================================================================== 1279 /** 1280 * KeyUsage ASN.1 structure class 1281 * @name KJUR.asn1.x509.ExtKeyUsage 1282 * @class ExtKeyUsage ASN.1 structure class 1283 * @param {Array} params associative array of parameters 1284 * @extends KJUR.asn1.x509.Extension 1285 * @description 1286 * @example 1287 * e1 = new KJUR.asn1.x509.ExtKeyUsage({ 1288 * critical: true, 1289 * array: [ 1290 * {oid: '2.5.29.37.0'}, // anyExtendedKeyUsage 1291 * {name: 'clientAuth'}, 1292 * "1.2.3.4", 1293 * "serverAuth" 1294 * ] 1295 * }); 1296 * // id-ce-extKeyUsage OBJECT IDENTIFIER ::= { id-ce 37 } 1297 * // ExtKeyUsageSyntax ::= SEQUENCE SIZE (1..MAX) OF KeyPurposeId 1298 * // KeyPurposeId ::= OBJECT IDENTIFIER 1299 */ 1300 KJUR.asn1.x509.ExtKeyUsage = function(params) { 1301 KJUR.asn1.x509.ExtKeyUsage.superclass.constructor.call(this, params); 1302 var _KJUR = KJUR, 1303 _KJUR_asn1 = _KJUR.asn1; 1304 1305 this.setPurposeArray = function(purposeArray) { 1306 this.asn1ExtnValue = new _KJUR_asn1.DERSequence(); 1307 for (var i = 0; i < purposeArray.length; i++) { 1308 var o = new _KJUR_asn1.DERObjectIdentifier(purposeArray[i]); 1309 this.asn1ExtnValue.appendASN1Object(o); 1310 } 1311 }; 1312 1313 this.getExtnValueHex = function() { 1314 return this.asn1ExtnValue.getEncodedHex(); 1315 }; 1316 1317 this.oid = "2.5.29.37"; 1318 if (params !== undefined) { 1319 if (params.array !== undefined) { 1320 this.setPurposeArray(params.array); 1321 } 1322 } 1323 }; 1324 YAHOO.lang.extend(KJUR.asn1.x509.ExtKeyUsage, KJUR.asn1.x509.Extension); 1325 1326 /** 1327 * AuthorityKeyIdentifier ASN.1 structure class 1328 * @name KJUR.asn1.x509.AuthorityKeyIdentifier 1329 * @class AuthorityKeyIdentifier ASN.1 structure class 1330 * @param {Array} params associative array of parameters (ex. {kid: {hex: '89ab...'}, critical: true}) 1331 * @extends KJUR.asn1.x509.Extension 1332 * @since asn1x509 1.0.8 1333 * @description 1334 * This class represents ASN.1 structure for <a href="https://tools.ietf.org/html/rfc5280#section-4.2.1.1">AuthorityKeyIdentifier in RFC 5280</a>. 1335 * Constructor of this class may have following parameters.: 1336 * <ul> 1337 * <li>kid - When key object (RSA, KJUR.crypto.ECDSA/DSA) or PEM string of issuing authority public key or issuer certificate is specified, key identifier will be automatically calculated by the method specified in RFC 5280. When a hexadecimal string is specifed, kid will be set explicitly by it.</li> 1338 * <li>isscert - When PEM string of authority certificate is specified, both authorityCertIssuer and authorityCertSerialNumber will be set by the certificate.</li> 1339 * <li>issuer - {@link KJUR.asn1.x509.X500Name} parameter to specify issuer name explicitly.</li> 1340 * <li>sn - hexadecimal string to specify serial number explicitly.</li> 1341 * <li>critical - boolean to specify criticality of this extension 1342 * however conforming CA must mark this extension as non-critical in RFC 5280.</li> 1343 * </ul> 1344 * 1345 * <pre> 1346 * d-ce-authorityKeyIdentifier OBJECT IDENTIFIER ::= { id-ce 35 } 1347 * AuthorityKeyIdentifier ::= SEQUENCE { 1348 * keyIdentifier [0] KeyIdentifier OPTIONAL, 1349 * authorityCertIssuer [1] GeneralNames OPTIONAL, 1350 * authorityCertSerialNumber [2] CertificateSerialNumber OPTIONAL } 1351 * KeyIdentifier ::= OCTET STRING 1352 * </pre> 1353 * 1354 * @example 1355 * // 1. kid by key object 1356 * keyobj = KEYUTIL.getKey("-----BEGIN PUBLIC KEY..."); 1357 * e1 = new KJUR.asn1.x509.AuthorityKeyIdentifier({kid: keyobj}); 1358 * // 2. kid by PEM string of authority certificate or public key 1359 * e1 = new KJUR.asn1.x509.AuthorityKeyIdentifier({kid: "-----BEGIN..."}); 1360 * // 3. specify kid explicitly 1361 * e1 = new KJUR.asn1.x509.AuthorityKeyIdentifier({kid: "8ab1d3..."}); 1362 * }); 1363 * // 4. issuer and serial number by auhtority PEM certificate 1364 * e1 = new KJUR.asn1.x509.AuthorityKeyIdentifier({isscert: "-----BEGIN..."}); 1365 * // 5. issuer and serial number explicitly 1366 * e1 = new KJUR.asn1.x509.AuthorityKeyIdentifier({ 1367 * issuer: {ldapstr: "O=test,C=US"}, 1368 * sn: {hex: "1ac7..."}}); 1369 * // 6. combination 1370 * e1 = new KJUR.asn1.x509.AuthorityKeyIdentifier({ 1371 * kid: "-----BEGIN CERTIFICATE...", 1372 * isscert: "-----BEGIN CERTIFICATE..."}); 1373 */ 1374 KJUR.asn1.x509.AuthorityKeyIdentifier = function(params) { 1375 KJUR.asn1.x509.AuthorityKeyIdentifier.superclass.constructor.call(this, params); 1376 var _KJUR = KJUR, 1377 _KJUR_asn1 = _KJUR.asn1, 1378 _DERTaggedObject = _KJUR_asn1.DERTaggedObject, 1379 _GeneralNames = _KJUR_asn1.x509.GeneralNames, 1380 _isKey = _KJUR.crypto.Util.isKey; 1381 1382 this.asn1KID = null; 1383 this.asn1CertIssuer = null; // X500Name hTLV 1384 this.asn1CertSN = null; 1385 1386 this.getExtnValueHex = function() { 1387 var a = new Array(); 1388 if (this.asn1KID) 1389 a.push(new _DERTaggedObject({'explicit': false, 1390 'tag': '80', 1391 'obj': this.asn1KID})); 1392 1393 if (this.asn1CertIssuer) 1394 a.push(new _DERTaggedObject({'explicit': false, 1395 'tag': 'a1', 1396 'obj': new _GeneralNames([{dn: this.asn1CertIssuer}])})); 1397 1398 if (this.asn1CertSN) 1399 a.push(new _DERTaggedObject({'explicit': false, 1400 'tag': '82', 1401 'obj': this.asn1CertSN})); 1402 1403 var asn1Seq = new _KJUR_asn1.DERSequence({'array': a}); 1404 this.asn1ExtnValue = asn1Seq; 1405 return this.asn1ExtnValue.getEncodedHex(); 1406 }; 1407 1408 /** 1409 * set keyIdentifier value by DEROctetString parameter, key object or PEM file 1410 * @name setKIDByParam 1411 * @memberOf KJUR.asn1.x509.AuthorityKeyIdentifier# 1412 * @function 1413 * @param {Array} param parameter to set key identifier 1414 * @since asn1x509 1.0.8 1415 * @description 1416 * This method will set keyIdentifier by param. 1417 * Its key identifier value can be set by following type of param argument: 1418 * <ul> 1419 * <li>{str: "123"} - by raw string</li> 1420 * <li>{hex: "01af..."} - by hexadecimal value</li> 1421 * <li>RSAKey/DSA/ECDSA - by RSAKey, KJUR.crypto.{DSA/ECDSA} public key object. 1422 * key identifier value will be calculated by the method described in 1423 * <a href="https://tools.ietf.org/html/rfc5280#section-4.2.1.2">RFC 5280 4.2.1.2 (1)</a>. 1424 * </li> 1425 * <li>certificate PEM string - extract subjectPublicKeyInfo from specified PEM 1426 * certificate and 1427 * key identifier value will be calculated by the method described in 1428 * <a href="https://tools.ietf.org/html/rfc5280#section-4.2.1.2">RFC 5280 4.2.1.2 (1)</a>. 1429 * <li>PKCS#1/#8 public key PEM string - pem will be converted to a key object and 1430 * to PKCS#8 ASN.1 structure then calculate 1431 * a key identifier value will be calculated by the method described in 1432 * <a href="https://tools.ietf.org/html/rfc5280#section-4.2.1.2">RFC 5280 4.2.1.2 (1)</a>. 1433 * </ul> 1434 * 1435 * NOTE1: Automatic key identifier calculation is supported 1436 * since jsrsasign 8.0.16. 1437 * 1438 * @see KEYUTIL.getKeyID 1439 * 1440 * @example 1441 * o = new KJUR.asn1.x509.AuthorityKeyIdentifier(); 1442 * // set by hexadecimal string 1443 * o.setKIDByParam({hex: '1ad9...'}); 1444 * // set by SubjectPublicKeyInfo of PEM certificate string 1445 * o.setKIDByParam("-----BEGIN CERTIFICATE..."); 1446 * // set by PKCS#8 PEM public key string 1447 * o.setKIDByParam("-----BEGIN PUBLIC KEY..."); 1448 * // set by public key object 1449 * pubkey = KEYUTIL.getKey("-----BEGIN CERTIFICATE..."); 1450 * o.setKIDByParam(pubkey); 1451 */ 1452 this.setKIDByParam = function(param) { 1453 if (param.str !== undefined || 1454 param.hex !== undefined) { 1455 this.asn1KID = new KJUR.asn1.DEROctetString(param); 1456 } else if ((typeof param === "object" && 1457 KJUR.crypto.Util.isKey(param)) || 1458 (typeof param === "string" && 1459 param.indexOf("BEGIN ") != -1)) { 1460 1461 var keyobj = param; 1462 if (typeof param === "string") { 1463 keyobj = KEYUTIL.getKey(param); 1464 } 1465 1466 var kid = KEYUTIL.getKeyID(keyobj); 1467 this.asn1KID = new KJUR.asn1.DEROctetString({hex: kid}); 1468 } 1469 }; 1470 1471 /** 1472 * set authorityCertIssuer value by X500Name parameter 1473 * @name setCertIssuerByParam 1474 * @memberOf KJUR.asn1.x509.AuthorityKeyIdentifier# 1475 * @function 1476 * @param {Array} param parameter to set issuer name 1477 * @since asn1x509 1.0.8 1478 * @description 1479 * This method will set authorityCertIssuer name by param. 1480 * Issuer name can be set by following type of param argument: 1481 * <ul> 1482 * <li>str/ldapstr/hex/certsubject/certissuer - 1483 * set issuer by {@link KJUR.asn1.x509.X500Name} 1484 * object with specified parameters.</li> 1485 * <li>PEM CERTIFICATE STRING - extract its subject name from 1486 * specified issuer PEM certificate and set. 1487 * </ul> 1488 * NOTE1: Automatic authorityCertIssuer setting by certificate 1489 * is supported since jsrsasign 8.0.16. 1490 * 1491 * @see KJUR.asn1.x509.X500Name 1492 * @see KJUR.asn1.x509.GeneralNames 1493 * @see X509.getSubjectHex 1494 * 1495 * @example 1496 * var o = new KJUR.asn1.x509.AuthorityKeyIdentifier(); 1497 * // 1. set it by string 1498 * o.setCertIssuerByParam({str: '/C=US/O=Test'}); 1499 * // 2. set it by issuer PEM certificate 1500 * o.setCertIssuerByParam("-----BEGIN CERTIFICATE..."); 1501 * 1502 */ 1503 this.setCertIssuerByParam = function(param) { 1504 if (param.str !== undefined || 1505 param.ldapstr !== undefined || 1506 param.hex !== undefined || 1507 param.certsubject !== undefined || 1508 param.certissuer !== undefined) { 1509 this.asn1CertIssuer = new KJUR.asn1.x509.X500Name(param); 1510 } else if (typeof param === "string" && 1511 param.indexOf("BEGIN ") != -1 && 1512 param.indexOf("CERTIFICATE") != -1) { 1513 this.asn1CertIssuer = new KJUR.asn1.x509.X500Name({certissuer: param}); 1514 } 1515 }; 1516 1517 /** 1518 * set authorityCertSerialNumber value 1519 * @name setCertSerialNumberByParam 1520 * @memberOf KJUR.asn1.x509.AuthorityKeyIdentifier# 1521 * @function 1522 * @param {Object} param parameter to set serial number 1523 * @since asn1x509 1.0.8 1524 * @description 1525 * This method will set authorityCertSerialNumber by param. 1526 * Serial number can be set by following type of param argument: 1527 * 1528 * <ul> 1529 * <li>{int: 123} - by integer value</li> 1530 * <li>{hex: "01af"} - by hexadecimal integer value</li> 1531 * <li>{bigint: new BigInteger(...)} - by hexadecimal integer value</li> 1532 * <li>PEM CERTIFICATE STRING - extract serial number from issuer certificate and 1533 * set serial number. 1534 * 1535 * NOTE1: Automatic authorityCertSerialNumber setting by certificate 1536 * is supported since jsrsasign 8.0.16. 1537 * 1538 * @see X509.getSerialNumberHex 1539 */ 1540 this.setCertSNByParam = function(param) { 1541 if (param.str !== undefined || 1542 param.bigint !== undefined || 1543 param.hex !== undefined) { 1544 this.asn1CertSN = new KJUR.asn1.DERInteger(param); 1545 } else if (typeof param === "string" && 1546 param.indexOf("BEGIN ") != -1 && 1547 param.indexOf("CERTIFICATE")) { 1548 1549 var x = new X509(); 1550 x.readCertPEM(param); 1551 var sn = x.getSerialNumberHex(); 1552 this.asn1CertSN = new KJUR.asn1.DERInteger({hex: sn}); 1553 } 1554 }; 1555 1556 this.oid = "2.5.29.35"; 1557 if (params !== undefined) { 1558 if (params.kid !== undefined) { 1559 this.setKIDByParam(params.kid); 1560 } 1561 if (params.issuer !== undefined) { 1562 this.setCertIssuerByParam(params.issuer); 1563 } 1564 if (params.sn !== undefined) { 1565 this.setCertSNByParam(params.sn); 1566 } 1567 1568 if (params.issuersn !== undefined && 1569 typeof params.issuersn === "string" && 1570 params.issuersn.indexOf("BEGIN ") != -1 && 1571 params.issuersn.indexOf("CERTIFICATE")) { 1572 this.setCertSNByParam(params.issuersn); 1573 this.setCertIssuerByParam(params.issuersn); 1574 } 1575 } 1576 }; 1577 YAHOO.lang.extend(KJUR.asn1.x509.AuthorityKeyIdentifier, KJUR.asn1.x509.Extension); 1578 1579 /** 1580 * SubjectKeyIdentifier extension ASN.1 structure class 1581 * @name KJUR.asn1.x509.SubjectKeyIdentifier 1582 * @class SubjectKeyIdentifier ASN.1 structure class 1583 * @param {Array} params associative array of parameters (ex. {kid: {hex: '89ab...'}, critical: true}) 1584 * @extends KJUR.asn1.x509.Extension 1585 * @since asn1x509 1.1.7 jsrsasign 8.0.14 1586 * @description 1587 * This class represents ASN.1 structure for 1588 * <a href="https://tools.ietf.org/html/rfc5280#section-4.2.1.2"> 1589 * SubjectKeyIdentifier in RFC 5280</a>. 1590 * Constructor of this class may have following parameters: 1591 * <ul> 1592 * <li>kid - When key object (RSA, KJUR.crypto.ECDSA/DSA) or PEM string of subject public key or certificate is specified, key identifier will be automatically calculated by the method specified in RFC 5280. When a hexadecimal string is specifed, kid will be set explicitly by it.</li> 1593 * <li>critical - boolean to specify criticality of this extension 1594 * however conforming CA must mark this extension as non-critical in RFC 5280.</li> 1595 * </ul> 1596 * <pre> 1597 * d-ce-subjectKeyIdentifier OBJECT IDENTIFIER ::= { id-ce 14 } 1598 * SubjectKeyIdentifier ::= KeyIdentifier 1599 * KeyIdentifier ::= OCTET STRING 1600 * </pre> 1601 * 1602 * @example 1603 * // set by hexadecimal string 1604 * e = new KJUR.asn1.x509.SubjectKeyIdentifier({kid: {hex: '89ab'}}); 1605 * // set by PEM public key or certificate string 1606 * e = new KJUR.asn1.x509.SubjectKeyIdentifier({kid: "-----BEGIN CERTIFICATE..."}); 1607 * // set by public key object 1608 * pubkey = KEYUTIL.getKey("-----BEGIN CERTIFICATE..."); 1609 * e = new KJUR.asn1.x509.SubjectKeyIdentifier({kid: pubkey}); 1610 */ 1611 KJUR.asn1.x509.SubjectKeyIdentifier = function(params) { 1612 KJUR.asn1.x509.SubjectKeyIdentifier.superclass.constructor.call(this, params); 1613 var _KJUR = KJUR, 1614 _KJUR_asn1 = _KJUR.asn1, 1615 _DEROctetString = _KJUR_asn1.DEROctetString; 1616 1617 this.asn1KID = null; 1618 1619 this.getExtnValueHex = function() { 1620 this.asn1ExtnValue = this.asn1KID; 1621 return this.asn1ExtnValue.getEncodedHex(); 1622 }; 1623 1624 /** 1625 * set keyIdentifier value by DEROctetString parameter, key object or PEM file 1626 * @name setKIDByParam 1627 * @memberOf KJUR.asn1.x509.SubjectKeyIdentifier# 1628 * @function 1629 * @param {Array} param array of {@link KJUR.asn1.DERInteger} parameter 1630 * @since asn1x509 1.1.7 jsrsasign 8.0.14 1631 * @description 1632 * <ul> 1633 * <li>{str: "123"} - by raw string</li> 1634 * <li>{hex: "01af..."} - by hexadecimal value</li> 1635 * <li>RSAKey/DSA/ECDSA - by RSAKey, KJUR.crypto.{DSA/ECDSA} public key object. 1636 * key identifier value will be calculated by the method described in 1637 * <a href="https://tools.ietf.org/html/rfc5280#section-4.2.1.2">RFC 5280 4.2.1.2 (1)</a>. 1638 * </li> 1639 * <li>certificate PEM string - extract subjectPublicKeyInfo from specified PEM 1640 * certificate and 1641 * key identifier value will be calculated by the method described in 1642 * <a href="https://tools.ietf.org/html/rfc5280#section-4.2.1.2">RFC 5280 4.2.1.2 (1)</a>. 1643 * <li>PKCS#1/#8 public key PEM string - pem will be converted to a key object and 1644 * to PKCS#8 ASN.1 structure then calculate 1645 * a key identifier value will be calculated by the method described in 1646 * <a href="https://tools.ietf.org/html/rfc5280#section-4.2.1.2">RFC 5280 4.2.1.2 (1)</a>. 1647 * </ul> 1648 * 1649 * NOTE1: Automatic key identifier calculation is supported 1650 * since jsrsasign 8.0.16. 1651 * 1652 * @see KEYUTIL.getKeyID 1653 * 1654 * @example 1655 * o = new KJUR.asn1.x509.SubjectKeyIdentifier(); 1656 * // set by hexadecimal string 1657 * o.setKIDByParam({hex: '1ad9...'}); 1658 * // set by SubjectPublicKeyInfo of PEM certificate string 1659 * o.setKIDByParam("-----BEGIN CERTIFICATE..."); 1660 * // set by PKCS#8 PEM public key string 1661 * o.setKIDByParam("-----BEGIN PUBLIC KEY..."); 1662 * // set by public key object 1663 * pubkey = KEYUTIL.getKey("-----BEGIN CERTIFICATE..."); 1664 * o.setKIDByParam(pubkey); 1665 */ 1666 this.setKIDByParam = function(param) { 1667 if (param.str !== undefined || 1668 param.hex !== undefined) { 1669 this.asn1KID = new _DEROctetString(param); 1670 } else if ((typeof param === "object" && 1671 KJUR.crypto.Util.isKey(param)) || 1672 (typeof param === "string" && 1673 param.indexOf("BEGIN") != -1)) { 1674 1675 var keyobj = param; 1676 if (typeof param === "string") { 1677 keyobj = KEYUTIL.getKey(param); 1678 } 1679 1680 var kid = KEYUTIL.getKeyID(keyobj); 1681 this.asn1KID = new KJUR.asn1.DEROctetString({hex: kid}); 1682 } 1683 }; 1684 1685 this.oid = "2.5.29.14"; 1686 if (params !== undefined) { 1687 if (params.kid !== undefined) { 1688 this.setKIDByParam(params.kid); 1689 } 1690 } 1691 }; 1692 YAHOO.lang.extend(KJUR.asn1.x509.SubjectKeyIdentifier, KJUR.asn1.x509.Extension); 1693 1694 /** 1695 * AuthorityInfoAccess ASN.1 structure class 1696 * @name KJUR.asn1.x509.AuthorityInfoAccess 1697 * @class AuthorityInfoAccess ASN.1 structure class 1698 * @param {Array} params JSON object of AuthorityInfoAccess parameters 1699 * @extends KJUR.asn1.x509.Extension 1700 * @since asn1x509 1.0.8 1701 * @see {@link X509#getExtAuthorityInfoAccess} 1702 * @description 1703 * This class represents 1704 * <a href="https://tools.ietf.org/html/rfc5280#section-4.2.2.1"> 1705 * AuthorityInfoAccess extension defined in RFC 5280 4.2.2.1</a>. 1706 * <pre> 1707 * id-pe OBJECT IDENTIFIER ::= { id-pkix 1 } 1708 * id-pe-authorityInfoAccess OBJECT IDENTIFIER ::= { id-pe 1 } 1709 * AuthorityInfoAccessSyntax ::= 1710 * SEQUENCE SIZE (1..MAX) OF AccessDescription 1711 * AccessDescription ::= SEQUENCE { 1712 * accessMethod OBJECT IDENTIFIER, 1713 * accessLocation GeneralName } 1714 * id-ad OBJECT IDENTIFIER ::= { id-pkix 48 } 1715 * id-ad-caIssuers OBJECT IDENTIFIER ::= { id-ad 2 } 1716 * id-ad-ocsp OBJECT IDENTIFIER ::= { id-ad 1 } 1717 * </pre> 1718 * NOTE: Acceptable parameters have been changed since 1719 * from jsrsasign 9.0.0 asn1x509 2.0.0. 1720 * Parameter generated by {@link X509#getAuthorityInfoAccess} 1721 * can be accepted as a argument of this constructor. 1722 * @example 1723 * e1 = new KJUR.asn1.x509.AuthorityInfoAccess({ 1724 * array: [ 1725 * {ocsp: 'http://ocsp.example.org'}, 1726 * {caissuer: 'https://repository.example.org/aaa.crt'} 1727 * ] 1728 * }); 1729 */ 1730 KJUR.asn1.x509.AuthorityInfoAccess = function(params) { 1731 KJUR.asn1.x509.AuthorityInfoAccess.superclass.constructor.call(this, params); 1732 1733 this.setAccessDescriptionArray = function(aParam) { 1734 var aASN1 = new Array(), 1735 _KJUR = KJUR, 1736 _KJUR_asn1 = _KJUR.asn1, 1737 _DERSequence = _KJUR_asn1.DERSequence, 1738 _DERObjectIdentifier = _KJUR_asn1.DERObjectIdentifier, 1739 _GeneralName = _KJUR_asn1.x509.GeneralName; 1740 1741 for (var i = 0; i < aParam.length; i++) { 1742 var adseq; 1743 var adparam = aParam[i]; 1744 1745 if (adparam.ocsp !== undefined) { 1746 adseq = new _DERSequence({array: [ 1747 new _DERObjectIdentifier({oid: "1.3.6.1.5.5.7.48.1"}), 1748 new _GeneralName({uri: adparam.ocsp}) 1749 ]}); 1750 } else if (adparam.caissuer !== undefined) { 1751 adseq = new _DERSequence({array: [ 1752 new _DERObjectIdentifier({oid: "1.3.6.1.5.5.7.48.2"}), 1753 new _GeneralName({uri: adparam.caissuer}) 1754 ]}); 1755 } else { 1756 throw new Error("unknown AccessMethod parameter: " + 1757 JSON.stringify(adparam)); 1758 } 1759 aASN1.push(adseq); 1760 } 1761 this.asn1ExtnValue = new _DERSequence({'array':aASN1}); 1762 }; 1763 1764 this.getExtnValueHex = function() { 1765 return this.asn1ExtnValue.getEncodedHex(); 1766 }; 1767 1768 this.oid = "1.3.6.1.5.5.7.1.1"; 1769 if (params !== undefined) { 1770 if (params.array !== undefined) { 1771 this.setAccessDescriptionArray(params.array); 1772 } 1773 } 1774 }; 1775 YAHOO.lang.extend(KJUR.asn1.x509.AuthorityInfoAccess, KJUR.asn1.x509.Extension); 1776 1777 /** 1778 * SubjectAltName ASN.1 structure class<br/> 1779 * @name KJUR.asn1.x509.SubjectAltName 1780 * @class SubjectAltName ASN.1 structure class 1781 * @param {Array} params associative array of parameters 1782 * @extends KJUR.asn1.x509.Extension 1783 * @since jsrsasign 6.2.3 asn1x509 1.0.19 1784 * @see KJUR.asn1.x509.GeneralNames 1785 * @see KJUR.asn1.x509.GeneralName 1786 * @description 1787 * This class provides X.509v3 SubjectAltName extension. 1788 * <pre> 1789 * id-ce-subjectAltName OBJECT IDENTIFIER ::= { id-ce 17 } 1790 * SubjectAltName ::= GeneralNames 1791 * GeneralNames ::= SEQUENCE SIZE (1..MAX) OF GeneralName 1792 * GeneralName ::= CHOICE { 1793 * otherName [0] OtherName, 1794 * rfc822Name [1] IA5String, 1795 * dNSName [2] IA5String, 1796 * x400Address [3] ORAddress, 1797 * directoryName [4] Name, 1798 * ediPartyName [5] EDIPartyName, 1799 * uniformResourceIdentifier [6] IA5String, 1800 * iPAddress [7] OCTET STRING, 1801 * registeredID [8] OBJECT IDENTIFIER } 1802 * </pre> 1803 * @example 1804 * e1 = new KJUR.asn1.x509.SubjectAltName({ 1805 * critical: true, 1806 * array: [{uri: 'http://aaa.com/'}, {uri: 'http://bbb.com/'}] 1807 * }); 1808 */ 1809 KJUR.asn1.x509.SubjectAltName = function(params) { 1810 KJUR.asn1.x509.SubjectAltName.superclass.constructor.call(this, params) 1811 1812 this.setNameArray = function(paramsArray) { 1813 this.asn1ExtnValue = new KJUR.asn1.x509.GeneralNames(paramsArray); 1814 }; 1815 1816 this.getExtnValueHex = function() { 1817 return this.asn1ExtnValue.getEncodedHex(); 1818 }; 1819 1820 this.oid = "2.5.29.17"; 1821 if (params !== undefined) { 1822 if (params.array !== undefined) { 1823 this.setNameArray(params.array); 1824 } 1825 } 1826 }; 1827 YAHOO.lang.extend(KJUR.asn1.x509.SubjectAltName, KJUR.asn1.x509.Extension); 1828 1829 /** 1830 * IssuerAltName ASN.1 structure class<br/> 1831 * @name KJUR.asn1.x509.IssuerAltName 1832 * @class IssuerAltName ASN.1 structure class 1833 * @param {Array} params associative array of parameters 1834 * @extends KJUR.asn1.x509.Extension 1835 * @since jsrsasign 6.2.3 asn1x509 1.0.19 1836 * @see KJUR.asn1.x509.GeneralNames 1837 * @see KJUR.asn1.x509.GeneralName 1838 * @description 1839 * This class provides X.509v3 IssuerAltName extension. 1840 * <pre> 1841 * id-ce-subjectAltName OBJECT IDENTIFIER ::= { id-ce 18 } 1842 * IssuerAltName ::= GeneralNames 1843 * GeneralNames ::= SEQUENCE SIZE (1..MAX) OF GeneralName 1844 * GeneralName ::= CHOICE { 1845 * otherName [0] OtherName, 1846 * rfc822Name [1] IA5String, 1847 * dNSName [2] IA5String, 1848 * x400Address [3] ORAddress, 1849 * directoryName [4] Name, 1850 * ediPartyName [5] EDIPartyName, 1851 * uniformResourceIdentifier [6] IA5String, 1852 * iPAddress [7] OCTET STRING, 1853 * registeredID [8] OBJECT IDENTIFIER } 1854 * </pre> 1855 * @example 1856 * e1 = new KJUR.asn1.x509.IssuerAltName({ 1857 * critical: true, 1858 * array: [{uri: 'http://aaa.com/'}, {uri: 'http://bbb.com/'}] 1859 * }); 1860 */ 1861 KJUR.asn1.x509.IssuerAltName = function(params) { 1862 KJUR.asn1.x509.IssuerAltName.superclass.constructor.call(this, params) 1863 1864 this.setNameArray = function(paramsArray) { 1865 this.asn1ExtnValue = new KJUR.asn1.x509.GeneralNames(paramsArray); 1866 }; 1867 1868 this.getExtnValueHex = function() { 1869 return this.asn1ExtnValue.getEncodedHex(); 1870 }; 1871 1872 this.oid = "2.5.29.18"; 1873 if (params !== undefined) { 1874 if (params.array !== undefined) { 1875 this.setNameArray(params.array); 1876 } 1877 } 1878 }; 1879 YAHOO.lang.extend(KJUR.asn1.x509.IssuerAltName, KJUR.asn1.x509.Extension); 1880 1881 /** 1882 * priavte extension ASN.1 structure class<br/> 1883 * @name KJUR.asn1.x509.PrivateExtension 1884 * @class private extension ASN.1 structure class 1885 * @param {Array} params JSON object of private extension 1886 * @extends KJUR.asn1.x509.Extension 1887 * @since jsrsasign 9.1.1 asn1x509 1888 * @see KJUR.asn1.ASN1Util.newObject 1889 * 1890 * @description 1891 * This class is to represent private extension or 1892 * unsupported extension. 1893 * <pre> 1894 * Extension ::= SEQUENCE { 1895 * extnID OBJECT IDENTIFIER, 1896 * critical BOOLEAN DEFAULT FALSE, 1897 * extnValue OCTET STRING } 1898 * </pre> 1899 * Following properties can be set for JSON parameter: 1900 * <ul> 1901 * <li>{String}extname - string of OID or predefined extension name</li> 1902 * <li>{Boolean}critical - critical flag</li> 1903 * <li>{Object}extn - hexadecimal string or 1904 * of {@link KJUR.asn1.ASN1Util.newObject} 1905 * JSON parameter for extnValue field</li> 1906 * </li> 1907 * </ul> 1908 * 1909 * @example 1910 * // extn by hexadecimal 1911 * new KJUR.asn1.x509.PrivateExtension({ 1912 * extname: "1.2.3.4", 1913 * critical: true, 1914 * extn: "13026161" // means PrintableString "aa" 1915 * }); 1916 * 1917 * // extn by JSON parameter 1918 * new KJUR.asn1.x509.PrivateExtension({ 1919 * extname: "1.2.3.5", 1920 * extn: {seq: [{prnstr:"abc"},{utf8str:"def"}]} 1921 * }); 1922 */ 1923 KJUR.asn1.x509.PrivateExtension = function(params) { 1924 KJUR.asn1.x509.PrivateExtension.superclass.constructor.call(this, params) 1925 1926 var _KJUR = KJUR, 1927 _isHex = _KJUR.lang.String.isHex, 1928 _KJUR_asn1 = _KJUR.asn1, 1929 _name2oid = _KJUR_asn1.x509.OID.name2oid, 1930 _newObject = _KJUR_asn1.ASN1Util.newObject; 1931 1932 this.params = null; 1933 1934 this.setByParam = function(params) { 1935 this.oid = _name2oid(params.extname); 1936 this.params = params; 1937 }; 1938 1939 this.getExtnValueHex = function() { 1940 if (this.params.extname == undefined || 1941 this.params.extn == undefined) { 1942 throw new Error("extname or extnhex not specified"); 1943 } 1944 1945 var extn = this.params.extn; 1946 if (typeof extn == "string" && _isHex(extn)) { 1947 return extn; 1948 } else if (typeof extn == "object") { 1949 try { 1950 return _newObject(extn).getEncodedHex(); 1951 } catch(ex) {} 1952 } 1953 throw new Error("unsupported extn value"); 1954 }; 1955 1956 if (params != undefined) { 1957 this.setByParam(params); 1958 } 1959 }; 1960 YAHOO.lang.extend(KJUR.asn1.x509.PrivateExtension, KJUR.asn1.x509.Extension); 1961 1962 // === END X.509v3 Extensions Related ======================================= 1963 1964 // === BEGIN CRL Related =================================================== 1965 /** 1966 * X.509 CRL class to sign and generate hex encoded CRL<br/> 1967 * @name KJUR.asn1.x509.CRL 1968 * @class X.509 CRL class to sign and generate hex encoded certificate 1969 * @property {Array} params JSON object of parameters 1970 * @param {Array} params JSON object of CRL parameters 1971 * @extends KJUR.asn1.ASN1Object 1972 * @since 1.0.3 1973 * @see KJUR.asn1.x509.TBSCertList 1974 * 1975 * @description 1976 * This class represents CertificateList ASN.1 structur of X.509 CRL 1977 * defined in <a href="https://tools.ietf.org/html/rfc5280#section-5.1"> 1978 * RFC 5280 5.1</a> 1979 * <pre> 1980 * CertificateList ::= SEQUENCE { 1981 * tbsCertList TBSCertList, 1982 * signatureAlgorithm AlgorithmIdentifier, 1983 * signatureValue BIT STRING } 1984 * </pre> 1985 * NOTE: CRL class is updated without backward 1986 * compatibility from jsrsasign 9.1.0 asn1x509 2.1.0. 1987 * Most of methods are removed and parameters can be set 1988 * by JSON object. 1989 * <br/> 1990 * Constructor of this class can accept all 1991 * parameters of {@link KJUR.asn1.x509.TBSCertList}. 1992 * It also accept following parameters additionally: 1993 * <ul> 1994 * <li>{TBSCertList}tbsobj (OPTION) - 1995 * specifies {@link KJUR.asn1.x509.TBSCertList} 1996 * object to be signed if needed. 1997 * When this isn't specified, 1998 * this will be set from other parametes of TBSCertList.</li> 1999 * <li>{Object}cakey (OPTION) - specifies CRL signing private key. 2000 * Parameter "cakey" or "sighex" shall be specified. Following 2001 * values can be specified: 2002 * <ul> 2003 * <li>PKCS#1/5 or PKCS#8 PEM string of private key</li> 2004 * <li>RSAKey/DSA/ECDSA key object. {@link KEYUTIL.getKey} is useful 2005 * to generate a key object.</li> 2006 * </ul> 2007 * </li> 2008 * <li>{String}sighex (OPTION) - hexadecimal string of signature value 2009 * (i.e. ASN.1 value(V) of signatureValue BIT STRING without 2010 * unused bits)</li> 2011 * </ul> 2012 * 2013 * @example 2014 * var crl = new KJUR.asn1.x509.CRL({ 2015 * sigalg: "SHA256withRSA", 2016 * issuer: {str:'/C=JP/O=Test1'}, 2017 * thisupdate: "200821235959Z", 2018 * nextupdate: "200828235959Z", // OPTION 2019 * revcert: [{sn: {hex: "12ab"}, date: "200401235959Z"}], 2020 * ext: [ 2021 * {extname: "cRLNumber", num: {'int': 8}}, 2022 * {extname: "authorityKeyIdentifier", "kid": {hex: "12ab"}} 2023 * ], 2024 * cakey: prvkey 2025 * }); 2026 * crl.getEncodedHex() → "30..." 2027 * crl.getPEM() → "-----BEGIN X509 CRL..." 2028 */ 2029 KJUR.asn1.x509.CRL = function(params) { 2030 KJUR.asn1.x509.CRL.superclass.constructor.call(this); 2031 var _KJUR = KJUR, 2032 _KJUR_asn1 = _KJUR.asn1, 2033 _DERSequence = _KJUR_asn1.DERSequence, 2034 _DERBitString = _KJUR_asn1.DERBitString, 2035 _KJUR_asn1_x509 = _KJUR_asn1.x509, 2036 _AlgorithmIdentifier = _KJUR_asn1_x509.AlgorithmIdentifier, 2037 _TBSCertList = _KJUR_asn1_x509.TBSCertList; 2038 2039 this.params = undefined; 2040 2041 this.setByParam = function(params) { 2042 this.params = params; 2043 }; 2044 2045 /** 2046 * sign CRL<br/> 2047 * @name sign 2048 * @memberOf KJUR.asn1.x509.CRL# 2049 * @function 2050 * @description 2051 * This method signs TBSCertList with a specified 2052 * private key and algorithm by 2053 * this.params.cakey and this.params.sigalg parameter. 2054 * @example 2055 * crl = new KJUR.asn1.x509.CRL({..., cakey:prvkey}); 2056 * crl.sign() 2057 */ 2058 this.sign = function() { 2059 var hTBSCL = (new _TBSCertList(this.params)).getEncodedHex(); 2060 var sig = new KJUR.crypto.Signature({alg: this.params.sigalg}); 2061 sig.init(this.params.cakey); 2062 sig.updateHex(hTBSCL); 2063 var sighex = sig.sign(); 2064 this.params.sighex = sighex; 2065 }; 2066 2067 /** 2068 * get PEM formatted CRL string after signed<br/> 2069 * @name getPEM 2070 * @memberOf KJUR.asn1.x509.CRL# 2071 * @function 2072 * @return PEM formatted string of CRL 2073 * @since jsrsasign 9.1.0 asn1hex 2.1.0 2074 * @description 2075 * This method returns a string of PEM formatted 2076 * CRL. 2077 * @example 2078 * crl = new KJUR.asn1.x509.CRL({...}); 2079 * crl.getPEM() → 2080 * "-----BEGIN X509 CRL-----\r\n..." 2081 */ 2082 this.getPEM = function() { 2083 return hextopem(this.getEncodedHex(), "X509 CRL"); 2084 }; 2085 2086 this.getEncodedHex = function() { 2087 var params = this.params; 2088 2089 if (params.tbsobj == undefined) { 2090 params.tbsobj = new _TBSCertList(params); 2091 } 2092 2093 if (params.sighex == undefined && params.cakey != undefined) { 2094 this.sign(); 2095 } 2096 2097 if (params.sighex == undefined) { 2098 throw new Error("sighex or cakey parameter not defined"); 2099 } 2100 2101 var a = []; 2102 a.push(params.tbsobj); 2103 a.push(new _AlgorithmIdentifier({name: params.sigalg})); 2104 a.push(new _DERBitString({hex: "00" + params.sighex})); 2105 var seq = new _DERSequence({array: a}); 2106 return seq.getEncodedHex(); 2107 }; 2108 2109 if (params != undefined) this.params = params; 2110 }; 2111 YAHOO.lang.extend(KJUR.asn1.x509.CRL, KJUR.asn1.ASN1Object); 2112 2113 /** 2114 * ASN.1 TBSCertList ASN.1 structure class for CRL<br/> 2115 * @name KJUR.asn1.x509.TBSCertList 2116 * @class TBSCertList ASN.1 structure class for CRL 2117 * @property {Array} params JSON object of parameters 2118 * @param {Array} params JSON object of TBSCertList parameters 2119 * @extends KJUR.asn1.ASN1Object 2120 * @since 1.0.3 2121 * 2122 * @description 2123 * This class represents TBSCertList of CRL defined in 2124 * <a href="https://tools.ietf.org/html/rfc5280#section-5.1"> 2125 * RFC 5280 5.1</a>. 2126 * <pre> 2127 * TBSCertList ::= SEQUENCE { 2128 * version Version OPTIONAL, 2129 * -- if present, MUST be v2 2130 * signature AlgorithmIdentifier, 2131 * issuer Name, 2132 * thisUpdate Time, 2133 * nextUpdate Time OPTIONAL, 2134 * revokedCertificates SEQUENCE OF SEQUENCE { 2135 * userCertificate CertificateSerialNumber, 2136 * revocationDate Time, 2137 * crlEntryExtensions Extensions OPTIONAL 2138 * -- if present, version MUST be v2 2139 * } OPTIONAL, 2140 * crlExtensions [0] EXPLICIT Extensions OPTIONAL 2141 * } 2142 * </pre> 2143 * NOTE: TBSCertList class is updated without backward 2144 * compatibility from jsrsasign 9.1.0 asn1x509 2.1.0. 2145 * Most of methods are removed and parameters can be set 2146 * by JSON object. 2147 * <br/> 2148 * Constructor of this class may have following parameters: 2149 * <ul> 2150 * <li>{Integer}version (OPTION) - version number. Omitted by default.</li> 2151 * <li>{String}sigalg - signature algorithm name</li> 2152 * <li>{Array}issuer - issuer parameter of {@link KJUR.asn1.x509.X500Name}</li> 2153 * <li>{String}thisupdate - thisUpdate field value</li> 2154 * <li>{String}nextupdate (OPTION) - thisUpdate field value</li> 2155 * <li>{Array}revcert (OPTION) - revokedCertificates field value as array 2156 * Its element may have following property: 2157 * <ul> 2158 * <li>{Array}sn - serialNumber of userCertificate field specified 2159 * by {@link KJUR.asn1.DERInteger}</li> 2160 * <li>{String}date - revocationDate field specified by 2161 * a string of {@link KJUR.asn1.x509.Time} parameter</li> 2162 * <li>{Array}ext (OPTION) - array of CRL entry extension parameter</li> 2163 * </ul> 2164 * </li> 2165 * </ul> 2166 * 2167 * @example 2168 * var o = new KJUR.asn1.x509.TBSCertList({ 2169 * sigalg: "SHA256withRSA", 2170 * issuer: {array: [[{type:'C',value:'JP',ds:'prn'}], 2171 * [{type:'O',value:'T1',ds:'prn'}]]}, 2172 * thisupdate: "200821235959Z", 2173 * nextupdate: "200828235959Z", // OPTION 2174 * revcert: [ 2175 * {sn: {hex: "12ab"}, date: "200401235959Z", ext: [{extname: "cRLReason", code:1}]}, 2176 * {sn: {hex: "12bc"}, date: "200405235959Z", ext: [{extname: "cRLReason", code:2}]} 2177 * ], 2178 * ext: [ 2179 * {extname: "cRLNumber", num: {'int': 8}}, 2180 * {extname: "authorityKeyIdentifier", "kid": {hex: "12ab"}} 2181 * ] 2182 * }); 2183 * o.getEncodedHex() → "30..." 2184 */ 2185 KJUR.asn1.x509.TBSCertList = function(params) { 2186 KJUR.asn1.x509.TBSCertList.superclass.constructor.call(this); 2187 var _KJUR = KJUR, 2188 _KJUR_asn1 = _KJUR.asn1, 2189 _DERInteger = _KJUR_asn1.DERInteger, 2190 _DERSequence = _KJUR_asn1.DERSequence, 2191 _DERTaggedObject = _KJUR_asn1.DERTaggedObject, 2192 _DERObjectIdentifier = _KJUR_asn1.DERObjectIdentifier, 2193 _KJUR_asn1_x509 = _KJUR_asn1.x509, 2194 _AlgorithmIdentifier = _KJUR_asn1_x509.AlgorithmIdentifier, 2195 _Time = _KJUR_asn1_x509.Time, 2196 _Extensions = _KJUR_asn1_x509.Extensions, 2197 _X500Name = _KJUR_asn1_x509.X500Name; 2198 this.params = null; 2199 2200 /** 2201 * get array of ASN.1 object for extensions<br/> 2202 * @name setByParam 2203 * @memberOf KJUR.asn1.x509.TBSCertList# 2204 * @function 2205 * @param {Array} JSON object of TBSCertList parameters 2206 * @example 2207 * tbsc = new KJUR.asn1.x509.TBSCertificate(); 2208 * tbsc.setByParam({version:3, serial:{hex:'1234...'},...}); 2209 */ 2210 this.setByParam = function(params) { 2211 this.params = params; 2212 }; 2213 2214 /** 2215 * get DERSequence for revokedCertificates<br/> 2216 * @name getRevCertSequence 2217 * @memberOf KJUR.asn1.x509.TBSCertList# 2218 * @function 2219 * @return {@link KJUR.asn1.DERSequence} of revokedCertificates 2220 */ 2221 this.getRevCertSequence = function() { 2222 var a = []; 2223 var aRevCert = this.params.revcert; 2224 for (var i = 0; i < aRevCert.length; i++) { 2225 var aEntry = [ 2226 new _DERInteger(aRevCert[i].sn), 2227 new _Time(aRevCert[i].date) 2228 ]; 2229 if (aRevCert[i].ext != undefined) { 2230 aEntry.push(new _Extensions(aRevCert[i].ext)); 2231 } 2232 a.push(new _DERSequence({array: aEntry})); 2233 } 2234 return new _DERSequence({array: a}); 2235 }; 2236 2237 this.getEncodedHex = function() { 2238 var a = []; 2239 var params = this.params; 2240 2241 if (params.version != undefined) { 2242 var version = params.version - 1; 2243 var obj = new _DERInteger({'int': version}); 2244 a.push(obj); 2245 } 2246 2247 a.push(new _AlgorithmIdentifier({name: params.sigalg})); 2248 a.push(new _X500Name(params.issuer)); 2249 a.push(new _Time(params.thisupdate)); 2250 if (params.nextupdate != undefined) 2251 a.push(new _Time(params.nextupdate)) 2252 if (params.revcert != undefined) { 2253 a.push(this.getRevCertSequence()); 2254 } 2255 if (params.ext != undefined) { 2256 var dExt = new _Extensions(params.ext); 2257 a.push(new _DERTaggedObject({tag:'a0', 2258 explicit:true, 2259 obj:dExt})); 2260 } 2261 2262 var seq = new _DERSequence({array: a}); 2263 return seq.getEncodedHex(); 2264 }; 2265 2266 if (params !== undefined) this.setByParam(params); 2267 }; 2268 YAHOO.lang.extend(KJUR.asn1.x509.TBSCertList, KJUR.asn1.ASN1Object); 2269 2270 /** 2271 * ASN.1 CRLEntry structure class for CRL (DEPRECATED)<br/> 2272 * @name KJUR.asn1.x509.CRLEntry 2273 * @class ASN.1 CRLEntry structure class for CRL 2274 * @param {Array} params JSON object for CRL entry parameter 2275 * @extends KJUR.asn1.ASN1Object 2276 * @since 1.0.3 2277 * @see KJUR.asn1.x509.TBSCertList 2278 * @deprecated since jsrsasign 9.1.0 asn1x509 2.1.0 2279 * @description 2280 * This class is to represent revokedCertificate in TBSCertList. 2281 * However this is no more used by TBSCertList since 2282 * jsrsasign 9.1.0. So this class have been deprecated in 2283 * jsrsasign 9.1.0. 2284 * <pre> 2285 * revokedCertificates SEQUENCE OF SEQUENCE { 2286 * userCertificate CertificateSerialNumber, 2287 * revocationDate Time, 2288 * crlEntryExtensions Extensions OPTIONAL 2289 * -- if present, version MUST be v2 } 2290 * </pre> 2291 * @example 2292 * var e = new KJUR.asn1.x509.CRLEntry({'time': {'str': '130514235959Z'}, 'sn': {'int': 234}}); 2293 */ 2294 KJUR.asn1.x509.CRLEntry = function(params) { 2295 KJUR.asn1.x509.CRLEntry.superclass.constructor.call(this); 2296 var sn = null, 2297 time = null, 2298 _KJUR = KJUR, 2299 _KJUR_asn1 = _KJUR.asn1; 2300 2301 /** 2302 * set DERInteger parameter for serial number of revoked certificate 2303 * @name setCertSerial 2304 * @memberOf KJUR.asn1.x509.CRLEntry 2305 * @function 2306 * @param {Array} intParam DERInteger parameter for certificate serial number 2307 * @description 2308 * @example 2309 * entry.setCertSerial({'int': 3}); 2310 */ 2311 this.setCertSerial = function(intParam) { 2312 this.sn = new _KJUR_asn1.DERInteger(intParam); 2313 }; 2314 2315 /** 2316 * set Time parameter for revocation date 2317 * @name setRevocationDate 2318 * @memberOf KJUR.asn1.x509.CRLEntry 2319 * @function 2320 * @param {Array} timeParam Time parameter for revocation date 2321 * @description 2322 * @example 2323 * entry.setRevocationDate({'str': '130508235959Z'}); 2324 */ 2325 this.setRevocationDate = function(timeParam) { 2326 this.time = new _KJUR_asn1.x509.Time(timeParam); 2327 }; 2328 2329 this.getEncodedHex = function() { 2330 var o = new _KJUR_asn1.DERSequence({"array": [this.sn, this.time]}); 2331 this.TLV = o.getEncodedHex(); 2332 return this.TLV; 2333 }; 2334 2335 if (params !== undefined) { 2336 if (params.time !== undefined) { 2337 this.setRevocationDate(params.time); 2338 } 2339 if (params.sn !== undefined) { 2340 this.setCertSerial(params.sn); 2341 } 2342 } 2343 }; 2344 YAHOO.lang.extend(KJUR.asn1.x509.CRLEntry, KJUR.asn1.ASN1Object); 2345 2346 /** 2347 * CRLNumber CRL extension ASN.1 structure class<br/> 2348 * @name KJUR.asn1.x509.CRLNumber 2349 * @class CRLNumber CRL extension ASN.1 structure class 2350 * @extends KJUR.asn1.x509.Extension 2351 * @since jsrsasign 9.1.0 asn1x509 2.1.0 2352 * @see KJUR.asn1.x509.TBSCertList 2353 * @see KJUR.asn1.x509.Extensions 2354 * @description 2355 * This class represents ASN.1 structure for 2356 * CRLNumber CRL extension defined in 2357 * <a href="https://tools.ietf.org/html/rfc5280#section-5.2.3"> 2358 * RFC 5280 5.2.3</a>. 2359 * <pre> 2360 * id-ce-cRLNumber OBJECT IDENTIFIER ::= { id-ce 20 } 2361 * CRLNumber ::= INTEGER (0..MAX) 2362 * </pre> 2363 * Constructor of this class may have following parameters: 2364 * <ul> 2365 * <li>{String}extname - name "cRLNumber". It is ignored in this class but 2366 * required to use with {@link KJUR.asn1.x509.Extensions} class. (OPTION)</li> 2367 * <li>{Object}num - CRLNumber value to specify 2368 * {@link KJUR.asn1.DERInteger} parameter.</li> 2369 * <li>{Boolean}critical - critical flag. Generally false and not specified 2370 * in this class.(OPTION)</li> 2371 * </ul> 2372 * 2373 * @example 2374 * new KJUR.asn1.x509.CRLNumber({extname:'cRLNumber', 2375 * num:{'int':147}}) 2376 */ 2377 KJUR.asn1.x509.CRLNumber = function(params) { 2378 KJUR.asn1.x509.CRLNumber.superclass.constructor.call(this, params); 2379 this.params = undefined; 2380 2381 this.getExtnValueHex = function() { 2382 this.asn1ExtnValue = new KJUR.asn1.DERInteger(this.params.num); 2383 return this.asn1ExtnValue.getEncodedHex(); 2384 }; 2385 2386 this.oid = "2.5.29.20"; 2387 if (params != undefined) this.params = params; 2388 }; 2389 YAHOO.lang.extend(KJUR.asn1.x509.CRLNumber, KJUR.asn1.x509.Extension); 2390 2391 /** 2392 * CRLReason CRL entry extension ASN.1 structure class<br/> 2393 * @name KJUR.asn1.x509.CRLReason 2394 * @class CRLReason CRL entry extension ASN.1 structure class 2395 * @extends KJUR.asn1.x509.Extension 2396 * @since jsrsasign 9.1.0 asn1x509 2.1.0 2397 * @see KJUR.asn1.x509.TBSCertList 2398 * @see KJUR.asn1.x509.Extensions 2399 * @description 2400 * This class represents ASN.1 structure for 2401 * CRLReason CRL entry extension defined in 2402 * <a href="https://tools.ietf.org/html/rfc5280#section-5.3.1"> 2403 * RFC 5280 5.3.1</a> 2404 * <pre> 2405 * id-ce-cRLReasons OBJECT IDENTIFIER ::= { id-ce 21 } 2406 * -- reasonCode ::= { CRLReason } 2407 * CRLReason ::= ENUMERATED { 2408 * unspecified (0), 2409 * keyCompromise (1), 2410 * cACompromise (2), 2411 * affiliationChanged (3), 2412 * superseded (4), 2413 * cessationOfOperation (5), 2414 * certificateHold (6), 2415 * removeFromCRL (8), 2416 * privilegeWithdrawn (9), 2417 * aACompromise (10) } 2418 * </pre> 2419 * Constructor of this class may have following parameters: 2420 * <ul> 2421 * <li>{String}extname - name "cRLReason". It is ignored in this class but 2422 * required to use with {@link KJUR.asn1.x509.Extensions} class. (OPTION)</li> 2423 * <li>{Integer}code - reasonCode value</li> 2424 * <li>{Boolean}critical - critical flag. Generally false and not specified 2425 * in this class.(OPTION)</li> 2426 * </ul> 2427 * 2428 * @example 2429 * new KJUR.asn1.x509.CRLReason({extname:'cRLNumber',code:4}) 2430 */ 2431 KJUR.asn1.x509.CRLReason = function(params) { 2432 KJUR.asn1.x509.CRLReason.superclass.constructor.call(this, params); 2433 this.params = undefined; 2434 2435 this.getExtnValueHex = function() { 2436 this.asn1ExtnValue = new KJUR.asn1.DEREnumerated(this.params.code); 2437 return this.asn1ExtnValue.getEncodedHex(); 2438 }; 2439 2440 this.oid = "2.5.29.21"; 2441 if (params != undefined) this.params = params; 2442 }; 2443 YAHOO.lang.extend(KJUR.asn1.x509.CRLReason, KJUR.asn1.x509.Extension); 2444 2445 // === END CRL Related =================================================== 2446 2447 // === BEGIN OCSP Related =================================================== 2448 /** 2449 * Nonce OCSP extension ASN.1 structure class<br/> 2450 * @name KJUR.asn1.x509.OCSPNonce 2451 * @class Nonce OCSP extension ASN.1 structure class 2452 * @extends KJUR.asn1.x509.Extension 2453 * @since jsrsasign 9.1.6 asn1x509 2.1.2 2454 * @param {Array} params JSON object for Nonce extension 2455 * @see KJUR.asn1.ocsp.ResponseData 2456 * @see KJUR.asn1.x509.Extensions 2457 * @see X509#getExtOCSPNonce 2458 * @description 2459 * This class represents 2460 * Nonce OCSP extension value defined in 2461 * <a href="https://tools.ietf.org/html/rfc6960#section-4.4.1"> 2462 * RFC 6960 4.4.1</a> as JSON object. 2463 * <pre> 2464 * id-pkix-ocsp OBJECT IDENTIFIER ::= { id-ad-ocsp } 2465 * id-pkix-ocsp-nonce OBJECT IDENTIFIER ::= { id-pkix-ocsp 2 } 2466 * Nonce ::= OCTET STRING 2467 * </pre> 2468 * Constructor of this class may have following parameters: 2469 * <ul> 2470 * <li>{String}extname - name "ocspNonce". It is ignored in this class but 2471 * required to use with {@link KJUR.asn1.x509.Extensions} class. (OPTION)</li> 2472 * <li>{String}hex - hexadecimal string of nonce value</li> 2473 * <li>{Number}int - integer of nonce value. "hex" or "int" needs to be 2474 * specified.</li> 2475 * <li>{Boolean}critical - critical flag. Generally false and not specified 2476 * in this class.(OPTION)</li> 2477 * </ul> 2478 * 2479 * @example 2480 * new KJUR.asn1.x509.OCSPNonce({extname:'ocspNonce', 2481 * hex: '12ab...'}) 2482 */ 2483 KJUR.asn1.x509.OCSPNonce = function(params) { 2484 KJUR.asn1.x509.OCSPNonce.superclass.constructor.call(this, params); 2485 this.params = undefined; 2486 2487 this.getExtnValueHex = function() { 2488 this.asn1ExtnValue = new KJUR.asn1.DEROctetString(this.params); 2489 return this.asn1ExtnValue.getEncodedHex(); 2490 }; 2491 2492 this.oid = "1.3.6.1.5.5.7.48.1.2"; 2493 if (params != undefined) this.params = params; 2494 }; 2495 YAHOO.lang.extend(KJUR.asn1.x509.OCSPNonce, KJUR.asn1.x509.Extension); 2496 2497 /** 2498 * OCSPNoCheck certificate ASN.1 structure class<br/> 2499 * @name KJUR.asn1.x509.OCSPNoCheck 2500 * @class OCSPNoCheck extension ASN.1 structure class 2501 * @extends KJUR.asn1.x509.Extension 2502 * @since jsrsasign 9.1.6 asn1x509 2.1.2 2503 * @param {Array} params JSON object for OCSPNoCheck extension 2504 * @see KJUR.asn1.x509.Extensions 2505 * @see X509#getExtOCSPNoCheck 2506 * @description 2507 * This class represents 2508 * OCSPNoCheck extension value defined in 2509 * <a href="https://tools.ietf.org/html/rfc6960#section-4.2.2.2.1"> 2510 * RFC 6960 4.2.2.2.1</a> as JSON object. 2511 * <pre> 2512 * id-pkix-ocsp-nocheck OBJECT IDENTIFIER ::= { id-pkix-ocsp 5 } 2513 * </pre> 2514 * Constructor of this class may have following parameters: 2515 * <ul> 2516 * <li>{String}extname - name "ocspNoCheck". It is ignored in this class but 2517 * required to use with {@link KJUR.asn1.x509.Extensions} class. (OPTION)</li> 2518 * <li>{Boolean}critical - critical flag. Generally false and not specified 2519 * in this class.(OPTION)</li> 2520 * </ul> 2521 * 2522 * @example 2523 * new KJUR.asn1.x509.OCSPNonce({extname:'ocspNoCheck'}) 2524 */ 2525 KJUR.asn1.x509.OCSPNoCheck = function(params) { 2526 KJUR.asn1.x509.OCSPNoCheck.superclass.constructor.call(this, params); 2527 this.params = undefined; 2528 2529 this.getExtnValueHex = function() { 2530 this.asn1ExtnValue = new KJUR.asn1.DERNull(); 2531 return this.asn1ExtnValue.getEncodedHex(); 2532 }; 2533 2534 this.oid = "1.3.6.1.5.5.7.48.1.5"; 2535 if (params != undefined) this.params = params; 2536 }; 2537 YAHOO.lang.extend(KJUR.asn1.x509.OCSPNoCheck, KJUR.asn1.x509.Extension); 2538 2539 // === END OCSP Related =================================================== 2540 2541 // === BEGIN Other X.509v3 Extensions======================================== 2542 2543 /** 2544 * AdobeTimeStamp X.509v3 extension ASN.1 encoder class<br/> 2545 * @name KJUR.asn1.x509.AdobeTimeStamp 2546 * @class AdobeTimeStamp X.509v3 extension ASN.1 encoder class 2547 * @extends KJUR.asn1.x509.Extension 2548 * @since jsrsasign 10.0.1 asn1x509 2.1.4 2549 * @param {Array} params JSON object for AdobeTimeStamp extension parameter 2550 * @see KJUR.asn1.x509.Extensions 2551 * @see X509#getExtAdobeTimeStamp 2552 * @description 2553 * This class represents 2554 * AdobeTimeStamp X.509v3 extension value defined in 2555 * <a href="https://www.adobe.com/devnet-docs/acrobatetk/tools/DigSigDC/oids.html"> 2556 * Adobe site</a> as JSON object. 2557 * <pre> 2558 * adbe- OBJECT IDENTIFIER ::= { adbe(1.2.840.113583) acrobat(1) security(1) x509Ext(9) 1 } 2559 * ::= SEQUENCE { 2560 * version INTEGER { v1(1) }, -- extension version 2561 * location GeneralName (In v1 GeneralName can be only uniformResourceIdentifier) 2562 * requiresAuth boolean (default false), OPTIONAL } 2563 * </pre> 2564 * Constructor of this class may have following parameters: 2565 * <ul> 2566 * <li>{String}uri - RFC 3161 time stamp service URL</li> 2567 * <li>{Boolean}reqauth - authentication required or not</li> 2568 * </ul> 2569 * </pre> 2570 * <br/> 2571 * NOTE: This extesion doesn't seem to have official name. This may be called as "pdfTimeStamp". 2572 * @example 2573 * new KJUR.asn1.x509.AdobeTimesStamp({ 2574 * uri: "http://tsa.example.com/", 2575 * reqauth: true 2576 * } 2577 */ 2578 KJUR.asn1.x509.AdobeTimeStamp = function(params) { 2579 KJUR.asn1.x509.AdobeTimeStamp.superclass.constructor.call(this, params); 2580 2581 var _KJUR = KJUR, 2582 _KJUR_asn1 = _KJUR.asn1, 2583 _DERInteger = _KJUR_asn1.DERInteger, 2584 _DERBoolean = _KJUR_asn1.DERBoolean, 2585 _DERSequence = _KJUR_asn1.DERSequence, 2586 _GeneralName = _KJUR_asn1.x509.GeneralName; 2587 2588 this.params = null; 2589 2590 this.getExtnValueHex = function() { 2591 var params = this.params; 2592 var a = [new _DERInteger(1)]; 2593 a.push(new _GeneralName({uri: params.uri})); 2594 if (params.reqauth != undefined) { 2595 a.push(new _DERBoolean(params.reqauth)); 2596 } 2597 2598 this.asn1ExtnValue = new _DERSequence({array: a}); 2599 return this.asn1ExtnValue.getEncodedHex(); 2600 }; 2601 2602 this.oid = "1.2.840.113583.1.1.9.1"; 2603 if (params !== undefined) this.setByParam(params); 2604 }; 2605 YAHOO.lang.extend(KJUR.asn1.x509.AdobeTimeStamp, KJUR.asn1.x509.Extension); 2606 2607 // === END Other X.509v3 Extensions======================================== 2608 2609 2610 // === BEGIN X500Name Related ================================================= 2611 /** 2612 * X500Name ASN.1 structure class 2613 * @name KJUR.asn1.x509.X500Name 2614 * @class X500Name ASN.1 structure class 2615 * @param {Array} params associative array of parameters (ex. {'str': '/C=US/O=a'}) 2616 * @extends KJUR.asn1.ASN1Object 2617 * @see KJUR.asn1.x509.X500Name 2618 * @see KJUR.asn1.x509.RDN 2619 * @see KJUR.asn1.x509.AttributeTypeAndValue 2620 * @see X509#getX500Name 2621 * @description 2622 * This class provides DistinguishedName ASN.1 class structure 2623 * defined in <a href="https://tools.ietf.org/html/rfc2253#section-2">RFC 2253 section 2</a>. 2624 * <blockquote><pre> 2625 * DistinguishedName ::= RDNSequence 2626 * RDNSequence ::= SEQUENCE OF RelativeDistinguishedName 2627 * RelativeDistinguishedName ::= SET SIZE (1..MAX) OF 2628 * AttributeTypeAndValue 2629 * AttributeTypeAndValue ::= SEQUENCE { 2630 * type AttributeType, 2631 * value AttributeValue } 2632 * </pre></blockquote> 2633 * <br/> 2634 * Argument for the constructor can be one of following parameters: 2635 * <ul> 2636 * <li>{Array}array - array of {@link KJUR.asn1.x509.RDN} parameter</li> 2637 * <li>`String}str - string for distingish name in OpenSSL One line foramt (ex: /C=US/O=test/CN=test) See <a href="https://github.com/kjur/jsrsasign/wiki/NOTE-distinguished-name-representation-in-jsrsasign">this</a> in detail.</li> 2638 * <li>{String}ldapstr - string for distinguish name in LDAP format (ex: CN=test,O=test,C=US)</li> 2639 * <li>{String}hex - hexadecimal string for ASN.1 distinguish name structure</li> 2640 * <li>{String}certissuer - issuer name in the specified PEM certificate</li> 2641 * <li>{String}certsubject - subject name in the specified PEM certificate</li> 2642 * <li>{String}rule - DirectoryString rule (ex. "prn" or "utf8")</li> 2643 * </ul> 2644 * <br/> 2645 * NOTE1: The "array" and "rule" parameters have been supported 2646 * since jsrsasign 9.0.0 asn1x509 2.0.0. 2647 * <br/> 2648 * NOTE2: Multi-valued RDN in "str" parameter have been 2649 * supported since jsrsasign 6.2.1 asn1x509 1.0.17. 2650 * @example 2651 * // 1. construct with array 2652 * new KJUR.asn1.x509.X500Name({array:[ 2653 * [{type:'C',value:'JP',ds:'prn'}], 2654 * [{type:'O',value:'aaa',ds:'utf8'}, // multi-valued RDN 2655 * {type:'CN',value:'bob@example.com',ds:'ia5'}] 2656 * ]}) 2657 : "/C=US/O=aaa+CN=contact@example.com"}); // multi valued 2658 * // 2. construct with string 2659 * new KJUR.asn1.x509.X500Name({str: "/C=US/O=aaa+CN=contact@example.com"}); // multi valued 2660 * // 3. construct by LDAP string 2661 * new KJUR.asn1.x509.X500Name({ldapstr: "CN=foo@example.com,OU=bbb,C=US"}); 2662 * // 4. construct by ASN.1 hex string 2663 * new KJUR.asn1.x509.X500Name({hex: "304c3120..."}); 2664 * // 5. construct by issuer of PEM certificate 2665 * new KJUR.asn1.x509.X500Name({certsubject: "-----BEGIN CERT..."}); 2666 * // 6. construct by subject of PEM certificate 2667 * new KJUR.asn1.x509.X500Name({certissuer: "-----BEGIN CERT..."}); 2668 * // 7. construct by object (DEPRECATED) 2669 * new KJUR.asn1.x509.X500Name({C:"US",O:"aaa",CN:"http://example.com/"}); 2670 */ 2671 KJUR.asn1.x509.X500Name = function(params) { 2672 KJUR.asn1.x509.X500Name.superclass.constructor.call(this); 2673 this.asn1Array = []; 2674 this.paramArray = []; 2675 this.sRule = "utf8"; 2676 var _KJUR = KJUR, 2677 _KJUR_asn1 = _KJUR.asn1, 2678 _KJUR_asn1_x509 = _KJUR_asn1.x509, 2679 _RDN = _KJUR_asn1_x509.RDN, 2680 _pemtohex = pemtohex; 2681 2682 /** 2683 * set DN by OpenSSL oneline distinguished name string<br/> 2684 * @name setByString 2685 * @memberOf KJUR.asn1.x509.X500Name# 2686 * @function 2687 * @param {String} dnStr distinguished name by string (ex. /C=US/O=aaa) 2688 * @description 2689 * Sets distinguished name by string. 2690 * dnStr must be formatted as 2691 * "/type0=value0/type1=value1/type2=value2...". 2692 * No need to escape a slash in an attribute value. 2693 * @example 2694 * name = new KJUR.asn1.x509.X500Name(); 2695 * name.setByString("/C=US/O=aaa/OU=bbb/CN=foo@example.com"); 2696 * // no need to escape slash in an attribute value 2697 * name.setByString("/C=US/O=aaa/CN=1980/12/31"); 2698 */ 2699 this.setByString = function(dnStr, sRule) { 2700 if (sRule !== undefined) this.sRule = sRule; 2701 var a = dnStr.split('/'); 2702 a.shift(); 2703 2704 var a1 = []; 2705 for (var i = 0; i < a.length; i++) { 2706 if (a[i].match(/^[^=]+=.+$/)) { 2707 a1.push(a[i]); 2708 } else { 2709 var lastidx = a1.length - 1; 2710 a1[lastidx] = a1[lastidx] + "/" + a[i]; 2711 } 2712 } 2713 2714 for (var i = 0; i < a1.length; i++) { 2715 this.asn1Array.push(new _RDN({'str':a1[i], rule:this.sRule})); 2716 } 2717 }; 2718 2719 /** 2720 * set DN by LDAP(RFC 2253) distinguished name string<br/> 2721 * @name setByLdapString 2722 * @memberOf KJUR.asn1.x509.X500Name# 2723 * @function 2724 * @param {String} dnStr distinguished name by LDAP string (ex. O=aaa,C=US) 2725 * @since jsrsasign 6.2.2 asn1x509 1.0.18 2726 * @see {@link KJUR.asn1.x509.X500Name.ldapToCompat} 2727 * @description 2728 * @example 2729 * name = new KJUR.asn1.x509.X500Name(); 2730 * name.setByLdapString("CN=foo@example.com,OU=bbb,O=aaa,C=US"); 2731 */ 2732 this.setByLdapString = function(dnStr, sRule) { 2733 if (sRule !== undefined) this.sRule = sRule; 2734 var compat = _KJUR_asn1_x509.X500Name.ldapToCompat(dnStr); 2735 this.setByString(compat, sRule); 2736 }; 2737 2738 /** 2739 * set DN by associative array<br/> 2740 * @name setByObject 2741 * @memberOf KJUR.asn1.x509.X500Name# 2742 * @function 2743 * @param {Array} dnObj associative array of DN (ex. {C: "US", O: "aaa"}) 2744 * @since jsrsasign 4.9. asn1x509 1.0.13 2745 * @description 2746 * @example 2747 * name = new KJUR.asn1.x509.X500Name(); 2748 * name.setByObject({C: "US", O: "aaa", CN="http://example.com/"1}); 2749 */ 2750 this.setByObject = function(dnObj, sRule) { 2751 if (sRule !== undefined) this.sRule = sRule; 2752 2753 // Get all the dnObject attributes and stuff them in the ASN.1 array. 2754 for (var x in dnObj) { 2755 if (dnObj.hasOwnProperty(x)) { 2756 var newRDN = new _RDN({str: x + '=' + dnObj[x], rule: this.sRule}); 2757 // Initialize or push into the ANS1 array. 2758 this.asn1Array ? this.asn1Array.push(newRDN) 2759 : this.asn1Array = [newRDN]; 2760 } 2761 } 2762 }; 2763 2764 this.setByParam = function(params) { 2765 if (params.rule !== undefined) this.sRule = params.rule; 2766 2767 if (params.array !== undefined) { 2768 this.paramArray = params.array; 2769 } else { 2770 if (params.str !== undefined) { 2771 this.setByString(params.str); 2772 } else if (params.ldapstr !== undefined) { 2773 this.setByLdapString(params.ldapstr); 2774 } else if (params.hex !== undefined) { 2775 this.hTLV = params.hex; 2776 } else if (params.certissuer !== undefined) { 2777 var x = new X509(); 2778 x.readCertPEM(params.certissuer); 2779 this.hTLV = x.getIssuerHex(); 2780 } else if (params.certsubject !== undefined) { 2781 var x = new X509(); 2782 x.readCertPEM(params.certsubject); 2783 this.hTLV = x.getSubjectHex(); 2784 // If params is an object, then set the ASN1 array 2785 // just using the object attributes. 2786 // This is nice for fields that have lots of special 2787 // characters (i.e. CN: 'https://www.github.com/kjur//'). 2788 } else if (typeof params === "object" && 2789 params.certsubject === undefined && 2790 params.certissuer === undefined) { 2791 this.setByObject(params); 2792 } 2793 } 2794 } 2795 2796 this.getEncodedHex = function() { 2797 if (typeof this.hTLV == "string") return this.hTLV; 2798 2799 if (this.asn1Array.length == 0 && this.paramArray.length > 0) { 2800 for (var i = 0; i < this.paramArray.length; i++) { 2801 var param = {array: this.paramArray[i]}; 2802 if (this.sRule != "utf8") param.rule = this.sRule; 2803 var asn1RDN = new _RDN(param); 2804 this.asn1Array.push(asn1RDN); 2805 } 2806 } 2807 2808 var o = new _KJUR_asn1.DERSequence({"array": this.asn1Array}); 2809 this.hTLV = o.getEncodedHex(); 2810 return this.hTLV; 2811 }; 2812 2813 if (params !== undefined) this.setByParam(params); 2814 }; 2815 YAHOO.lang.extend(KJUR.asn1.x509.X500Name, KJUR.asn1.ASN1Object); 2816 2817 /** 2818 * convert OpenSSL compat distinguished name format string to LDAP(RFC 2253) format<br/> 2819 * @name compatToLDAP 2820 * @memberOf KJUR.asn1.x509.X500Name 2821 * @function 2822 * @param {String} s distinguished name string in OpenSSL oneline compat (ex. /C=US/O=test) 2823 * @return {String} distinguished name string in LDAP(RFC 2253) format (ex. O=test,C=US) 2824 * @since jsrsasign 8.0.19 asn1x509 1.1.20 2825 * @description 2826 * This static method converts a distinguished name string in OpenSSL compat 2827 * format to LDAP(RFC 2253) format. 2828 * @see <a href="https://github.com/kjur/jsrsasign/wiki/NOTE-distinguished-name-representation-in-jsrsasign">jsrsasign wiki: distinguished name string difference between OpenSSL compat and LDAP(RFC 2253)</a> 2829 * @see <a href="https://www.openssl.org/docs/man1.0.2/man1/openssl-x509.html#NAME-OPTIONS">OpenSSL x509 command manual - NAME OPTIONS</a> 2830 * @example 2831 * KJUR.asn1.x509.X500Name.compatToLDAP("/C=US/O=test") → 'O=test,C=US' 2832 * KJUR.asn1.x509.X500Name.compatToLDAP("/C=US/O=a,a") → 'O=a\,a,C=US' 2833 */ 2834 KJUR.asn1.x509.X500Name.compatToLDAP = function(s) { 2835 if (s.substr(0, 1) !== "/") throw "malformed input"; 2836 2837 var result = ""; 2838 s = s.substr(1); 2839 2840 var a = s.split("/"); 2841 a.reverse(); 2842 a = a.map(function(s) {return s.replace(/,/, "\\,")}); 2843 2844 return a.join(","); 2845 }; 2846 2847 /** 2848 * convert OpenSSL compat distinguished name format string to LDAP(RFC 2253) format (DEPRECATED)<br/> 2849 * @name onelineToLDAP 2850 * @memberOf KJUR.asn1.x509.X500Name 2851 * @function 2852 * @param {String} s distinguished name string in OpenSSL compat format (ex. /C=US/O=test) 2853 * @return {String} distinguished name string in LDAP(RFC 2253) format (ex. O=test,C=US) 2854 * @since jsrsasign 6.2.2 asn1x509 1.0.18 2855 * @see KJUR.asn1.x509.X500Name.compatToLDAP 2856 * @description 2857 * This method is deprecated. Please use 2858 * {@link KJUR.asn1.x509.X500Name.compatToLDAP} instead. 2859 */ 2860 KJUR.asn1.x509.X500Name.onelineToLDAP = function(s) { 2861 return KJUR.asn1.x509.X500Name.compatToLDAP(s); 2862 } 2863 2864 /** 2865 * convert LDAP(RFC 2253) distinguished name format string to OpenSSL compat format<br/> 2866 * @name ldapToCompat 2867 * @memberOf KJUR.asn1.x509.X500Name 2868 * @function 2869 * @param {String} s distinguished name string in LDAP(RFC 2253) format (ex. O=test,C=US) 2870 * @return {String} distinguished name string in OpenSSL compat format (ex. /C=US/O=test) 2871 * @since jsrsasign 8.0.19 asn1x509 1.1.10 2872 * @description 2873 * This static method converts a distinguished name string in 2874 * LDAP(RFC 2253) format to OpenSSL compat format. 2875 * @see <a href="https://github.com/kjur/jsrsasign/wiki/NOTE-distinguished-name-representation-in-jsrsasign">jsrsasign wiki: distinguished name string difference between OpenSSL compat and LDAP(RFC 2253)</a> 2876 * @example 2877 * KJUR.asn1.x509.X500Name.ldapToCompat('O=test,C=US') → '/C=US/O=test' 2878 * KJUR.asn1.x509.X500Name.ldapToCompat('O=a\,a,C=US') → '/C=US/O=a,a' 2879 * KJUR.asn1.x509.X500Name.ldapToCompat('O=a/a,C=US') → '/C=US/O=a\/a' 2880 */ 2881 KJUR.asn1.x509.X500Name.ldapToCompat = function(s) { 2882 var a = s.split(","); 2883 2884 // join \, 2885 var isBSbefore = false; 2886 var a2 = []; 2887 for (var i = 0; a.length > 0; i++) { 2888 var item = a.shift(); 2889 //console.log("item=" + item); 2890 2891 if (isBSbefore === true) { 2892 var a2last = a2.pop(); 2893 var newitem = (a2last + "," + item).replace(/\\,/g, ","); 2894 a2.push(newitem); 2895 isBSbefore = false; 2896 } else { 2897 a2.push(item); 2898 } 2899 2900 if (item.substr(-1, 1) === "\\") isBSbefore = true; 2901 } 2902 2903 a2 = a2.map(function(s) {return s.replace("/", "\\/")}); 2904 a2.reverse(); 2905 return "/" + a2.join("/"); 2906 }; 2907 2908 /** 2909 * convert LDAP(RFC 2253) distinguished name format string to OpenSSL compat format (DEPRECATED)<br/> 2910 * @name ldapToOneline 2911 * @memberOf KJUR.asn1.x509.X500Name 2912 * @function 2913 * @param {String} s distinguished name string in LDAP(RFC 2253) format (ex. O=test,C=US) 2914 * @return {String} distinguished name string in OpenSSL compat format (ex. /C=US/O=test) 2915 * @since jsrsasign 6.2.2 asn1x509 1.0.18 2916 * @description 2917 * This method is deprecated. Please use 2918 * {@link KJUR.asn1.x509.X500Name.ldapToCompat} instead. 2919 */ 2920 KJUR.asn1.x509.X500Name.ldapToOneline = function(s) { 2921 return KJUR.asn1.x509.X500Name.ldapToCompat(s); 2922 }; 2923 2924 /** 2925 * RDN (Relative Distinguished Name) ASN.1 structure class 2926 * @name KJUR.asn1.x509.RDN 2927 * @class RDN (Relative Distinguished Name) ASN.1 structure class 2928 * @param {Array} params associative array of parameters (ex. {'str': 'C=US'}) 2929 * @extends KJUR.asn1.ASN1Object 2930 * @see KJUR.asn1.x509.X500Name 2931 * @see KJUR.asn1.x509.RDN 2932 * @see KJUR.asn1.x509.AttributeTypeAndValue 2933 * @description 2934 * This class provides RelativeDistinguishedName ASN.1 class structure 2935 * defined in <a href="https://tools.ietf.org/html/rfc2253#section-2">RFC 2253 section 2</a>. 2936 * <blockquote><pre> 2937 * RelativeDistinguishedName ::= SET SIZE (1..MAX) OF 2938 * AttributeTypeAndValue 2939 * 2940 * AttributeTypeAndValue ::= SEQUENCE { 2941 * type AttributeType, 2942 * value AttributeValue } 2943 * </pre></blockquote> 2944 * <br/> 2945 * NOTE1: The "array" and "rule" parameters have been supported 2946 * since jsrsasign 9.0.0 asn1x509 2.0.0. 2947 * <br/> 2948 * NOTE2: Multi-valued RDN in "str" parameter have been 2949 * supported since jsrsasign 6.2.1 asn1x509 1.0.17. 2950 * @example 2951 * new KJUR.asn1.x509.RDN({array: [ // multi-valued 2952 * {type:"CN",value:"Bob",ds:"prn"}, 2953 * {type:"CN",value:"bob@example.com", ds:"ia5"} 2954 * ]}); 2955 * new KJUR.asn1.x509.RDN({str: "CN=test"}); 2956 * new KJUR.asn1.x509.RDN({str: "O=a+O=bb+O=c"}); // multi-valued 2957 * new KJUR.asn1.x509.RDN({str: "O=a+O=b\\+b+O=c"}); // plus escaped 2958 * new KJUR.asn1.x509.RDN({str: "O=a+O=\"b+b\"+O=c"}); // double quoted 2959 */ 2960 KJUR.asn1.x509.RDN = function(params) { 2961 KJUR.asn1.x509.RDN.superclass.constructor.call(this); 2962 this.asn1Array = []; 2963 this.paramArray = []; 2964 this.sRule = "utf8"; // DEFAULT "utf8" 2965 var _AttributeTypeAndValue = KJUR.asn1.x509.AttributeTypeAndValue; 2966 2967 this.setByParam = function(params) { 2968 if (params.rule !== undefined) this.sRule = params.rule; 2969 if (params.str !== undefined) { 2970 this.addByMultiValuedString(params.str); 2971 } 2972 if (params.array !== undefined) this.paramArray = params.array; 2973 }; 2974 2975 /** 2976 * add one AttributeTypeAndValue by string<br/> 2977 * @name addByString 2978 * @memberOf KJUR.asn1.x509.RDN# 2979 * @function 2980 * @param {String} s string of AttributeTypeAndValue 2981 * @return {Object} unspecified 2982 * @description 2983 * This method add one AttributeTypeAndValue to RDN object. 2984 * @example 2985 * rdn = new KJUR.asn1.x509.RDN(); 2986 * rdn.addByString("CN=john"); 2987 * rdn.addByString("serialNumber=1234"); // for multi-valued RDN 2988 */ 2989 this.addByString = function(s) { 2990 this.asn1Array.push(new KJUR.asn1.x509.AttributeTypeAndValue({'str': s, rule: this.sRule})); 2991 }; 2992 2993 /** 2994 * add one AttributeTypeAndValue by multi-valued string<br/> 2995 * @name addByMultiValuedString 2996 * @memberOf KJUR.asn1.x509.RDN# 2997 * @function 2998 * @param {String} s string of multi-valued RDN 2999 * @return {Object} unspecified 3000 * @since jsrsasign 6.2.1 asn1x509 1.0.17 3001 * @description 3002 * This method add multi-valued RDN to RDN object. 3003 * @example 3004 * rdn = new KJUR.asn1.x509.RDN(); 3005 * rdn.addByMultiValuedString("CN=john+O=test"); 3006 * rdn.addByMultiValuedString("O=a+O=b\+b\+b+O=c"); // multi-valued RDN with quoted plus 3007 * rdn.addByMultiValuedString("O=a+O=\"b+b+b\"+O=c"); // multi-valued RDN with quoted quotation 3008 */ 3009 this.addByMultiValuedString = function(s) { 3010 var a = KJUR.asn1.x509.RDN.parseString(s); 3011 for (var i = 0; i < a.length; i++) { 3012 this.addByString(a[i]); 3013 } 3014 }; 3015 3016 this.getEncodedHex = function() { 3017 if (this.asn1Array.length == 0 && this.paramArray.length > 0) { 3018 for (var i = 0; i < this.paramArray.length; i++) { 3019 var param = this.paramArray[i]; 3020 if (param.rule !== undefined && 3021 this.sRule != "utf8") { 3022 param.rule = this.sRule; 3023 } 3024 //alert(JSON.stringify(param)); 3025 var asn1ATV = new _AttributeTypeAndValue(param); 3026 this.asn1Array.push(asn1ATV); 3027 } 3028 } 3029 var o = new KJUR.asn1.DERSet({"array": this.asn1Array}); 3030 this.TLV = o.getEncodedHex(); 3031 return this.TLV; 3032 }; 3033 3034 if (params !== undefined) { 3035 this.setByParam(params); 3036 } 3037 }; 3038 YAHOO.lang.extend(KJUR.asn1.x509.RDN, KJUR.asn1.ASN1Object); 3039 3040 /** 3041 * parse multi-valued RDN string and split into array of 'AttributeTypeAndValue'<br/> 3042 * @name parseString 3043 * @memberOf KJUR.asn1.x509.RDN 3044 * @function 3045 * @param {String} s multi-valued string of RDN 3046 * @return {Array} array of string of AttributeTypeAndValue 3047 * @since jsrsasign 6.2.1 asn1x509 1.0.17 3048 * @description 3049 * This static method parses multi-valued RDN string and split into 3050 * array of AttributeTypeAndValue. 3051 * @example 3052 * KJUR.asn1.x509.RDN.parseString("CN=john") → ["CN=john"] 3053 * KJUR.asn1.x509.RDN.parseString("CN=john+OU=test") → ["CN=john", "OU=test"] 3054 * KJUR.asn1.x509.RDN.parseString('CN="jo+hn"+OU=test') → ["CN=jo+hn", "OU=test"] 3055 * KJUR.asn1.x509.RDN.parseString('CN=jo\+hn+OU=test') → ["CN=jo+hn", "OU=test"] 3056 * KJUR.asn1.x509.RDN.parseString("CN=john+OU=test+OU=t1") → ["CN=john", "OU=test", "OU=t1"] 3057 */ 3058 KJUR.asn1.x509.RDN.parseString = function(s) { 3059 var a = s.split(/\+/); 3060 3061 // join \+ 3062 var isBSbefore = false; 3063 var a2 = []; 3064 for (var i = 0; a.length > 0; i++) { 3065 var item = a.shift(); 3066 //console.log("item=" + item); 3067 3068 if (isBSbefore === true) { 3069 var a2last = a2.pop(); 3070 var newitem = (a2last + "+" + item).replace(/\\\+/g, "+"); 3071 a2.push(newitem); 3072 isBSbefore = false; 3073 } else { 3074 a2.push(item); 3075 } 3076 3077 if (item.substr(-1, 1) === "\\") isBSbefore = true; 3078 } 3079 3080 // join quote 3081 var beginQuote = false; 3082 var a3 = []; 3083 for (var i = 0; a2.length > 0; i++) { 3084 var item = a2.shift(); 3085 3086 if (beginQuote === true) { 3087 var a3last = a3.pop(); 3088 if (item.match(/"$/)) { 3089 var newitem = (a3last + "+" + item).replace(/^([^=]+)="(.*)"$/, "$1=$2"); 3090 a3.push(newitem); 3091 beginQuote = false; 3092 } else { 3093 a3.push(a3last + "+" + item); 3094 } 3095 } else { 3096 a3.push(item); 3097 } 3098 3099 if (item.match(/^[^=]+="/)) { 3100 //console.log(i + "=" + item); 3101 beginQuote = true; 3102 } 3103 } 3104 return a3; 3105 }; 3106 3107 /** 3108 * AttributeTypeAndValue ASN.1 structure class 3109 * @name KJUR.asn1.x509.AttributeTypeAndValue 3110 * @class AttributeTypeAndValue ASN.1 structure class 3111 * @param {Array} params JSON object for parameters (ex. {str: 'C=US'}) 3112 * @extends KJUR.asn1.ASN1Object 3113 * @see KJUR.asn1.x509.X500Name 3114 * @see KJUR.asn1.x509.RDN 3115 * @see KJUR.asn1.x509.AttributeTypeAndValue 3116 * @see X509#getAttrTypeAndValue 3117 * @description 3118 * This class generates AttributeTypeAndValue defined in 3119 * <a href="https://tools.ietf.org/html/rfc5280#section-4.1.2.4"> 3120 * RFC 5280 4.1.2.4</a>. 3121 * <pre> 3122 * AttributeTypeAndValue ::= SEQUENCE { 3123 * type AttributeType, 3124 * value AttributeValue } 3125 * AttributeType ::= OBJECT IDENTIFIER 3126 * AttributeValue ::= ANY -- DEFINED BY AttributeType 3127 * </pre> 3128 * The constructor argument can have following parameters: 3129 * <ul> 3130 * <li>{String}type - AttributeType name or OID(ex. C,O,CN)</li> 3131 * <li>{String}value - raw string of ASN.1 value of AttributeValue</li> 3132 * <li>{String}ds - DirectoryString type of AttributeValue</li> 3133 * <li>{String}rule - DirectoryString type rule (ex. "prn" or "utf8") 3134 * set DirectoryString type automatically when "ds" not specified.</li> 3135 * <li>{String}str - AttributeTypeAndVale string (ex. "C=US"). 3136 * When type and value don't exists, 3137 * this "str" will be converted to "type" and "value". 3138 * </li> 3139 * </ul> 3140 * <br 3141 * NOTE: Parameters "type", "value,", "ds" and "rule" have 3142 * been supported since jsrsasign 9.0.0 asn1x509 2.0.0. 3143 * @example 3144 * new KJUR.asn1.x509.AttributeTypeAndValue({type:'C',value:'US',ds:'prn'}) 3145 * new KJUR.asn1.x509.AttributeTypeAndValue({str:'O=T1'}) 3146 * new KJUR.asn1.x509.AttributeTypeAndValue({str:'O=T1',rule='prn'}) 3147 * new KJUR.asn1.x509.AttributeTypeAndValue({str:'O=T1',rule='utf8'}) 3148 */ 3149 KJUR.asn1.x509.AttributeTypeAndValue = function(params) { 3150 KJUR.asn1.x509.AttributeTypeAndValue.superclass.constructor.call(this); 3151 this.sRule = "utf8"; 3152 this.sType = null; 3153 this.sValue = null; 3154 this.dsType = null; 3155 var _KJUR = KJUR, 3156 _KJUR_asn1 = _KJUR.asn1, 3157 _DERSequence = _KJUR_asn1.DERSequence, 3158 _DERUTF8String = _KJUR_asn1.DERUTF8String, 3159 _DERPrintableString = _KJUR_asn1.DERPrintableString, 3160 _DERTeletexString = _KJUR_asn1.DERTeletexString, 3161 _DERIA5String = _KJUR_asn1.DERIA5String, 3162 _DERVisibleString = _KJUR_asn1.DERVisibleString, 3163 _DERBMPString = _KJUR_asn1.DERBMPString, 3164 _isMail = _KJUR.lang.String.isMail, 3165 _isPrintable = _KJUR.lang.String.isPrintable; 3166 3167 this.setByParam = function(params) { 3168 if (params.rule !== undefined) this.sRule = params.rule; 3169 if (params.ds !== undefined) this.dsType = params.ds; 3170 3171 if (params.value === undefined && 3172 params.str !== undefined) { 3173 var str = params.str; 3174 var matchResult = str.match(/^([^=]+)=(.+)$/); 3175 if (matchResult) { 3176 this.sType = matchResult[1]; 3177 this.sValue = matchResult[2]; 3178 } else { 3179 throw new Error("malformed attrTypeAndValueStr: " + 3180 attrTypeAndValueStr); 3181 } 3182 3183 //this.setByString(params.str); 3184 } else { 3185 this.sType = params.type; 3186 this.sValue = params.value; 3187 } 3188 }; 3189 3190 /* 3191 * @deprecated 3192 */ 3193 this.setByString = function(sTypeValue, sRule) { 3194 if (sRule !== undefined) this.sRule = sRule; 3195 var matchResult = sTypeValue.match(/^([^=]+)=(.+)$/); 3196 if (matchResult) { 3197 this.setByAttrTypeAndValueStr(matchResult[1], matchResult[2]); 3198 } else { 3199 throw new Error("malformed attrTypeAndValueStr: " + 3200 attrTypeAndValueStr); 3201 } 3202 }; 3203 3204 this._getDsType = function() { 3205 var sType = this.sType; 3206 var sValue = this.sValue; 3207 var sRule = this.sRule; 3208 3209 if (sRule === "prn") { 3210 if (sType == "CN" && _isMail(sValue)) return "ia5"; 3211 if (_isPrintable(sValue)) return "prn"; 3212 return "utf8"; 3213 } else if (sRule === "utf8") { 3214 if (sType == "CN" && _isMail(sValue)) return "ia5"; 3215 if (sType == "C") return "prn"; 3216 return "utf8"; 3217 } 3218 return "utf8"; // default 3219 }; 3220 3221 this.setByAttrTypeAndValueStr = function(sType, sValue, sRule) { 3222 if (sRule !== undefined) this.sRule = sRule; 3223 this.sType = sType; 3224 this.sValue = sValue; 3225 }; 3226 3227 this.getValueObj = function(dsType, valueStr) { 3228 if (dsType == "utf8") return new _DERUTF8String({"str": valueStr}); 3229 if (dsType == "prn") return new _DERPrintableString({"str": valueStr}); 3230 if (dsType == "tel") return new _DERTeletexString({"str": valueStr}); 3231 if (dsType == "ia5") return new _DERIA5String({"str": valueStr}); 3232 if (dsType == "vis") return new _DERVisibleString({"str": valueStr}); 3233 if (dsType == "bmp") return new _DERBMPString({"str": valueStr}); 3234 throw new Error("unsupported directory string type: type=" + 3235 dsType + " value=" + valueStr); 3236 }; 3237 3238 this.getEncodedHex = function() { 3239 if (this.dsType == null) this.dsType = this._getDsType(); 3240 var asn1Type = KJUR.asn1.x509.OID.atype2obj(this.sType); 3241 var asn1Value = this.getValueObj(this.dsType, this.sValue); 3242 var o = new _DERSequence({"array": [asn1Type, asn1Value]}); 3243 this.TLV = o.getEncodedHex(); 3244 return this.TLV; 3245 }; 3246 3247 if (params !== undefined) { 3248 this.setByParam(params); 3249 } 3250 }; 3251 YAHOO.lang.extend(KJUR.asn1.x509.AttributeTypeAndValue, KJUR.asn1.ASN1Object); 3252 3253 // === END X500Name Related ================================================= 3254 3255 // === BEGIN Other ASN1 structure class ====================================== 3256 3257 /** 3258 * SubjectPublicKeyInfo ASN.1 structure class 3259 * @name KJUR.asn1.x509.SubjectPublicKeyInfo 3260 * @class SubjectPublicKeyInfo ASN.1 structure class 3261 * @param {Object} params parameter for subject public key 3262 * @extends KJUR.asn1.ASN1Object 3263 * @description 3264 * <br/> 3265 * As for argument 'params' for constructor, you can specify one of 3266 * following properties: 3267 * <ul> 3268 * <li>{@link RSAKey} object</li> 3269 * <li>{@link KJUR.crypto.ECDSA} object</li> 3270 * <li>{@link KJUR.crypto.DSA} object</li> 3271 * </ul> 3272 * NOTE1: 'params' can be omitted.<br/> 3273 * NOTE2: DSA/ECDSA key object is also supported since asn1x509 1.0.6.<br/> 3274 * <h4>EXAMPLE</h4> 3275 * @example 3276 * spki = new KJUR.asn1.x509.SubjectPublicKeyInfo(RSAKey_object); 3277 * spki = new KJUR.asn1.x509.SubjectPublicKeyInfo(KJURcryptoECDSA_object); 3278 * spki = new KJUR.asn1.x509.SubjectPublicKeyInfo(KJURcryptoDSA_object); 3279 */ 3280 KJUR.asn1.x509.SubjectPublicKeyInfo = function(params) { 3281 KJUR.asn1.x509.SubjectPublicKeyInfo.superclass.constructor.call(this); 3282 var asn1AlgId = null, 3283 asn1SubjPKey = null, 3284 _KJUR = KJUR, 3285 _KJUR_asn1 = _KJUR.asn1, 3286 _DERInteger = _KJUR_asn1.DERInteger, 3287 _DERBitString = _KJUR_asn1.DERBitString, 3288 _DERObjectIdentifier = _KJUR_asn1.DERObjectIdentifier, 3289 _DERSequence = _KJUR_asn1.DERSequence, 3290 _newObject = _KJUR_asn1.ASN1Util.newObject, 3291 _KJUR_asn1_x509 = _KJUR_asn1.x509, 3292 _AlgorithmIdentifier = _KJUR_asn1_x509.AlgorithmIdentifier, 3293 _KJUR_crypto = _KJUR.crypto, 3294 _KJUR_crypto_ECDSA = _KJUR_crypto.ECDSA, 3295 _KJUR_crypto_DSA = _KJUR_crypto.DSA; 3296 3297 /* 3298 * @since asn1x509 1.0.7 3299 */ 3300 this.getASN1Object = function() { 3301 if (this.asn1AlgId == null || this.asn1SubjPKey == null) 3302 throw "algId and/or subjPubKey not set"; 3303 var o = new _DERSequence({'array': 3304 [this.asn1AlgId, this.asn1SubjPKey]}); 3305 return o; 3306 }; 3307 3308 this.getEncodedHex = function() { 3309 var o = this.getASN1Object(); 3310 this.hTLV = o.getEncodedHex(); 3311 return this.hTLV; 3312 }; 3313 3314 /** 3315 * @name setPubKey 3316 * @memberOf KJUR.asn1.x509.SubjectPublicKeyInfo# 3317 * @function 3318 * @param {Object} {@link RSAKey}, {@link KJUR.crypto.ECDSA} or {@link KJUR.crypto.DSA} object 3319 * @since jsrsasign 8.0.0 asn1x509 1.1.0 3320 * @description 3321 * @example 3322 * spki = new KJUR.asn1.x509.SubjectPublicKeyInfo(); 3323 * pubKey = KEYUTIL.getKey(PKCS8PUBKEYPEM); 3324 * spki.setPubKey(pubKey); 3325 */ 3326 this.setPubKey = function(key) { 3327 try { 3328 if (key instanceof RSAKey) { 3329 var asn1RsaPub = _newObject({ 3330 'seq': [{'int': {'bigint': key.n}}, {'int': {'int': key.e}}] 3331 }); 3332 var rsaKeyHex = asn1RsaPub.getEncodedHex(); 3333 this.asn1AlgId = new _AlgorithmIdentifier({'name':'rsaEncryption'}); 3334 this.asn1SubjPKey = new _DERBitString({'hex':'00'+rsaKeyHex}); 3335 } 3336 } catch(ex) {}; 3337 3338 try { 3339 if (key instanceof KJUR.crypto.ECDSA) { 3340 var asn1Params = new _DERObjectIdentifier({'name': key.curveName}); 3341 this.asn1AlgId = 3342 new _AlgorithmIdentifier({'name': 'ecPublicKey', 3343 'asn1params': asn1Params}); 3344 this.asn1SubjPKey = new _DERBitString({'hex': '00' + key.pubKeyHex}); 3345 } 3346 } catch(ex) {}; 3347 3348 try { 3349 if (key instanceof KJUR.crypto.DSA) { 3350 var asn1Params = new _newObject({ 3351 'seq': [{'int': {'bigint': key.p}}, 3352 {'int': {'bigint': key.q}}, 3353 {'int': {'bigint': key.g}}] 3354 }); 3355 this.asn1AlgId = 3356 new _AlgorithmIdentifier({'name': 'dsa', 3357 'asn1params': asn1Params}); 3358 var pubInt = new _DERInteger({'bigint': key.y}); 3359 this.asn1SubjPKey = 3360 new _DERBitString({'hex': '00' + pubInt.getEncodedHex()}); 3361 } 3362 } catch(ex) {}; 3363 }; 3364 3365 if (params !== undefined) { 3366 this.setPubKey(params); 3367 } 3368 }; 3369 YAHOO.lang.extend(KJUR.asn1.x509.SubjectPublicKeyInfo, KJUR.asn1.ASN1Object); 3370 3371 /** 3372 * Time ASN.1 structure class<br/> 3373 * @name KJUR.asn1.x509.Time 3374 * @class Time ASN.1 structure class 3375 * @param {Array} params associative array of parameters (ex. {'str': '130508235959Z'}) 3376 * @extends KJUR.asn1.ASN1Object 3377 * @see KJUR.asn1.DERUTCTime 3378 * @see KJUR.asn1.DERGeneralizedTime 3379 * @description 3380 * This class represents Time ASN.1 structure defined in 3381 * <a href="https://tools.ietf.org/html/rfc5280">RFC 5280</a> 3382 * <pre> 3383 * Time ::= CHOICE { 3384 * utcTime UTCTime, 3385 * generalTime GeneralizedTime } 3386 * </pre> 3387 * 3388 * @example 3389 * var t1 = new KJUR.asn1.x509.Time{'str': '130508235959Z'} // UTCTime by default 3390 * var t2 = new KJUR.asn1.x509.Time{'type': 'gen', 'str': '20130508235959Z'} // GeneralizedTime 3391 */ 3392 KJUR.asn1.x509.Time = function(params) { 3393 KJUR.asn1.x509.Time.superclass.constructor.call(this); 3394 var type = null, 3395 timeParams = null, 3396 _KJUR = KJUR, 3397 _KJUR_asn1 = _KJUR.asn1, 3398 _DERUTCTime = _KJUR_asn1.DERUTCTime, 3399 _DERGeneralizedTime = _KJUR_asn1.DERGeneralizedTime; 3400 3401 this.setTimeParams = function(timeParams) { 3402 this.timeParams = timeParams; 3403 } 3404 3405 this.getEncodedHex = function() { 3406 var o = null; 3407 3408 if (this.timeParams != null) { 3409 if (this.type == "utc") { 3410 o = new _DERUTCTime(this.timeParams); 3411 } else { 3412 o = new _DERGeneralizedTime(this.timeParams); 3413 } 3414 } else { 3415 if (this.type == "utc") { 3416 o = new _DERUTCTime(); 3417 } else { 3418 o = new _DERGeneralizedTime(); 3419 } 3420 } 3421 this.TLV = o.getEncodedHex(); 3422 return this.TLV; 3423 }; 3424 3425 this.type = "utc"; 3426 if (params !== undefined) { 3427 if (params.type !== undefined) { 3428 this.type = params.type; 3429 } else { 3430 if (params.str !== undefined) { 3431 if (params.str.match(/^[0-9]{12}Z$/)) this.type = "utc"; 3432 if (params.str.match(/^[0-9]{14}Z$/)) this.type = "gen"; 3433 } 3434 } 3435 this.timeParams = params; 3436 } 3437 }; 3438 YAHOO.lang.extend(KJUR.asn1.x509.Time, KJUR.asn1.ASN1Object); 3439 3440 /** 3441 * AlgorithmIdentifier ASN.1 structure class 3442 * @name KJUR.asn1.x509.AlgorithmIdentifier 3443 * @class AlgorithmIdentifier ASN.1 structure class 3444 * @param {Array} params associative array of parameters (ex. {'name': 'SHA1withRSA'}) 3445 * @extends KJUR.asn1.ASN1Object 3446 * @description 3447 * The 'params' argument is an associative array and has following parameters: 3448 * <ul> 3449 * <li>name: algorithm name (MANDATORY, ex. sha1, SHA256withRSA)</li> 3450 * <li>asn1params: explicitly specify ASN.1 object for algorithm. 3451 * (OPTION)</li> 3452 * <li>paramempty: set algorithm parameter to NULL by force. 3453 * If paramempty is false, algorithm parameter will be set automatically. 3454 * If paramempty is false and algorithm name is "*withDSA" or "withECDSA" parameter field of 3455 * AlgorithmIdentifier will be ommitted otherwise 3456 * it will be NULL by default. 3457 * (OPTION, DEFAULT = false)</li> 3458 * </ul> 3459 * RSA-PSS algorithm names such as SHA{,256,384,512}withRSAandMGF1 are 3460 * special names. They will set a suite of algorithm OID and multiple algorithm 3461 * parameters. Its ASN.1 schema is defined in 3462 * <a href="https://tools.ietf.org/html/rfc3447#appendix-A.2.3">RFC 3447 PKCS#1 2.1 3463 * section A.2.3</a>. 3464 * <blockquote><pre> 3465 * id-RSASSA-PSS OBJECT IDENTIFIER ::= { pkcs-1 10 } 3466 * RSASSA-PSS-params ::= SEQUENCE { 3467 * hashAlgorithm [0] HashAlgorithm DEFAULT sha1, 3468 * maskGenAlgorithm [1] MaskGenAlgorithm DEFAULT mgf1SHA1, 3469 * saltLength [2] INTEGER DEFAULT 20, 3470 * trailerField [3] TrailerField DEFAULT trailerFieldBC } 3471 * mgf1SHA1 MaskGenAlgorithm ::= { 3472 * algorithm id-mgf1, 3473 * parameters HashAlgorithm : sha1 } 3474 * id-mgf1 OBJECT IDENTIFIER ::= { pkcs-1 8 } 3475 * TrailerField ::= INTEGER { trailerFieldBC(1) } 3476 * </pre></blockquote> 3477 * Here is a table for PSS parameters: 3478 * <table> 3479 * <tr><th>Name</th><th>alg oid</th><th>pss hash</th><th>maskgen</th></th><th>pss saltlen</th><th>trailer</th></tr> 3480 * <tr><td>SHAwithRSAandMGF1</td><td>1.2.840.113549.1.1.10(rsapss)</td><td>default(sha1)</td><td>default(mgf1sha1)</td><td>default(20)</td><td>default(1)</td></tr> 3481 * <tr><td>SHA256withRSAandMGF1</td><td>1.2.840.113549.1.1.10(rsapss)</td><td>sha256</td><td>mgf1sha256</td><td>32</td><td>default(1)</td></tr> 3482 * <tr><td>SHA384withRSAandMGF1</td><td>1.2.840.113549.1.1.10(rsapss)</td><td>sha384</td><td>mgf1sha384</td><td>48</td><td>default(1)</td></tr> 3483 * <tr><td>SHA512withRSAandMGF1</td><td>1.2.840.113549.1.1.10(rsapss)</td><td>sha512</td><td>mgf1sha512</td><td>64</td><td>default(1)</td></tr> 3484 * </table> 3485 * Default value is omitted as defined in ASN.1 schema. 3486 * These parameters are interoperable to OpenSSL or IAIK toolkit. 3487 * <br/> 3488 * NOTE: RSA-PSS algorihtm names are supported since jsrsasign 8.0.21. 3489 * @example 3490 * new KJUR.asn1.x509.AlgorithmIdentifier({name: "sha1"}) 3491 * new KJUR.asn1.x509.AlgorithmIdentifier({name: "SHA256withRSA"}) 3492 * new KJUR.asn1.x509.AlgorithmIdentifier({name: "SHA512withRSAandMGF1"}) // set parameters automatically 3493 * new KJUR.asn1.x509.AlgorithmIdentifier({name: "SHA256withRSA", paramempty: true}) 3494 * new KJUR.asn1.x509.AlgorithmIdentifier({name: "rsaEncryption"}) 3495 */ 3496 KJUR.asn1.x509.AlgorithmIdentifier = function(params) { 3497 KJUR.asn1.x509.AlgorithmIdentifier.superclass.constructor.call(this); 3498 this.nameAlg = null; 3499 this.asn1Alg = null; 3500 this.asn1Params = null; 3501 this.paramEmpty = false; 3502 3503 var _KJUR = KJUR, 3504 _KJUR_asn1 = _KJUR.asn1, 3505 _PSSNAME2ASN1TLV = _KJUR_asn1.x509.AlgorithmIdentifier.PSSNAME2ASN1TLV; 3506 3507 this.getEncodedHex = function() { 3508 if (this.nameAlg === null && this.asn1Alg === null) { 3509 throw new Error("algorithm not specified"); 3510 } 3511 3512 // for RSAPSS algorithm name 3513 // && this.hTLV === null 3514 if (this.nameAlg !== null) { 3515 var hTLV = null; 3516 for (var key in _PSSNAME2ASN1TLV) { 3517 if (key === this.nameAlg) { 3518 hTLV = _PSSNAME2ASN1TLV[key]; 3519 } 3520 } 3521 if (hTLV !== null) { 3522 this.hTLV = hTLV; 3523 return this.hTLV; 3524 } 3525 } 3526 3527 if (this.nameAlg !== null && this.asn1Alg === null) { 3528 this.asn1Alg = _KJUR_asn1.x509.OID.name2obj(this.nameAlg); 3529 } 3530 var a = [this.asn1Alg]; 3531 if (this.asn1Params !== null) a.push(this.asn1Params); 3532 3533 var o = new _KJUR_asn1.DERSequence({'array': a}); 3534 this.hTLV = o.getEncodedHex(); 3535 return this.hTLV; 3536 }; 3537 3538 if (params !== undefined) { 3539 if (params.name !== undefined) { 3540 this.nameAlg = params.name; 3541 } 3542 if (params.asn1params !== undefined) { 3543 this.asn1Params = params.asn1params; 3544 } 3545 if (params.paramempty !== undefined) { 3546 this.paramEmpty = params.paramempty; 3547 } 3548 } 3549 3550 // set algorithm parameters will be ommitted for 3551 // "*withDSA" or "*withECDSA" otherwise will be NULL. 3552 if (this.asn1Params === null && 3553 this.paramEmpty === false && 3554 this.nameAlg !== null) { 3555 3556 if (this.nameAlg.name !== undefined) { 3557 this.nameAlg = this.nameAlg.name; 3558 } 3559 var lcNameAlg = this.nameAlg.toLowerCase(); 3560 3561 if (lcNameAlg.substr(-7, 7) !== "withdsa" && 3562 lcNameAlg.substr(-9, 9) !== "withecdsa") { 3563 this.asn1Params = new _KJUR_asn1.DERNull(); 3564 } 3565 } 3566 }; 3567 YAHOO.lang.extend(KJUR.asn1.x509.AlgorithmIdentifier, KJUR.asn1.ASN1Object); 3568 3569 /** 3570 * AlgorithmIdentifier ASN.1 TLV string associative array for RSA-PSS algorithm names 3571 * @const 3572 */ 3573 KJUR.asn1.x509.AlgorithmIdentifier.PSSNAME2ASN1TLV = { 3574 "SHAwithRSAandMGF1": 3575 "300d06092a864886f70d01010a3000", 3576 "SHA256withRSAandMGF1": 3577 "303d06092a864886f70d01010a3030a00d300b0609608648016503040201a11a301806092a864886f70d010108300b0609608648016503040201a203020120", 3578 "SHA384withRSAandMGF1": 3579 "303d06092a864886f70d01010a3030a00d300b0609608648016503040202a11a301806092a864886f70d010108300b0609608648016503040202a203020130", 3580 "SHA512withRSAandMGF1": 3581 "303d06092a864886f70d01010a3030a00d300b0609608648016503040203a11a301806092a864886f70d010108300b0609608648016503040203a203020140" 3582 }; 3583 3584 /** 3585 * GeneralName ASN.1 structure class<br/> 3586 * @name KJUR.asn1.x509.GeneralName 3587 * @class GeneralName ASN.1 structure class 3588 * @description 3589 * <br/> 3590 * As for argument 'params' for constructor, you can specify one of 3591 * following properties: 3592 * <ul> 3593 * <li>rfc822 - rfc822Name[1] (ex. user1@foo.com)</li> 3594 * <li>dns - dNSName[2] (ex. foo.com)</li> 3595 * <li>uri - uniformResourceIdentifier[6] (ex. http://foo.com/)</li> 3596 * <li>dn - directoryName[4] 3597 * distinguished name string or X500Name class parameters can be 3598 * specified (ex. "/C=US/O=Test", {hex: '301c...')</li> 3599 * <li>ldapdn - directoryName[4] (ex. O=Test,C=US)</li> 3600 * <li>certissuer - directoryName[4] (PEM or hex string of cert)</li> 3601 * <li>certsubj - directoryName[4] (PEM or hex string of cert)</li> 3602 * <li>ip - iPAddress[7] (ex. 192.168.1.1, 2001:db3::43, 3faa0101...)</li> 3603 * </ul> 3604 * NOTE1: certissuer and certsubj were supported since asn1x509 1.0.10.<br/> 3605 * NOTE2: dn and ldapdn were supported since jsrsasign 6.2.3 asn1x509 1.0.19.<br/> 3606 * NOTE3: ip were supported since jsrsasign 8.0.10 asn1x509 1.1.4.<br/> 3607 * NOTE4: X500Name parameters in dn were supported since jsrsasign 8.0.16.<br/> 3608 * 3609 * Here is definition of the ASN.1 syntax: 3610 * <pre> 3611 * -- NOTE: under the CHOICE, it will always be explicit. 3612 * GeneralName ::= CHOICE { 3613 * otherName [0] OtherName, 3614 * rfc822Name [1] IA5String, 3615 * dNSName [2] IA5String, 3616 * x400Address [3] ORAddress, 3617 * directoryName [4] Name, 3618 * ediPartyName [5] EDIPartyName, 3619 * uniformResourceIdentifier [6] IA5String, 3620 * iPAddress [7] OCTET STRING, 3621 * registeredID [8] OBJECT IDENTIFIER } 3622 * </pre> 3623 * 3624 * @example 3625 * gn = new KJUR.asn1.x509.GeneralName({dn: '/C=US/O=Test'}); 3626 * gn = new KJUR.asn1.x509.GeneralName({dn: X500NameObject); 3627 * gn = new KJUR.asn1.x509.GeneralName({dn: {str: /C=US/O=Test'}); 3628 * gn = new KJUR.asn1.x509.GeneralName({dn: {ldapstr: 'O=Test,C=US'}); 3629 * gn = new KJUR.asn1.x509.GeneralName({dn: {hex: '301c...'}); 3630 * gn = new KJUR.asn1.x509.GeneralName({dn: {certissuer: PEMCERTSTRING}); 3631 * gn = new KJUR.asn1.x509.GeneralName({dn: {certsubject: PEMCERTSTRING}); 3632 * gn = new KJUR.asn1.x509.GeneralName({ip: '192.168.1.1'}); 3633 * gn = new KJUR.asn1.x509.GeneralName({ip: '2001:db4::4:1'}); 3634 * gn = new KJUR.asn1.x509.GeneralName({ip: 'c0a80101'}); 3635 * gn = new KJUR.asn1.x509.GeneralName({rfc822: 'test@aaa.com'}); 3636 * gn = new KJUR.asn1.x509.GeneralName({dns: 'aaa.com'}); 3637 * gn = new KJUR.asn1.x509.GeneralName({uri: 'http://aaa.com/'}); 3638 * 3639 * gn = new KJUR.asn1.x509.GeneralName({ldapdn: 'O=Test,C=US'}); // DEPRECATED 3640 * gn = new KJUR.asn1.x509.GeneralName({certissuer: certPEM}); // DEPRECATED 3641 * gn = new KJUR.asn1.x509.GeneralName({certsubj: certPEM}); // DEPRECATED 3642 */ 3643 KJUR.asn1.x509.GeneralName = function(params) { 3644 KJUR.asn1.x509.GeneralName.superclass.constructor.call(this); 3645 var asn1Obj = null, 3646 type = null, 3647 pTag = {rfc822: '81', dns: '82', dn: 'a4', uri: '86', ip: '87'}, 3648 _KJUR = KJUR, 3649 _KJUR_asn1 = _KJUR.asn1, 3650 _DERSequence = _KJUR_asn1.DERSequence, 3651 _DEROctetString = _KJUR_asn1.DEROctetString, 3652 _DERIA5String = _KJUR_asn1.DERIA5String, 3653 _DERTaggedObject = _KJUR_asn1.DERTaggedObject, 3654 _ASN1Object = _KJUR_asn1.ASN1Object, 3655 _X500Name = _KJUR_asn1.x509.X500Name, 3656 _pemtohex = pemtohex; 3657 3658 this.explicit = false; 3659 3660 this.setByParam = function(params) { 3661 var str = null; 3662 var v = null; 3663 3664 if (params === undefined) return; 3665 3666 if (params.rfc822 !== undefined) { 3667 this.type = 'rfc822'; 3668 v = new _DERIA5String({str: params[this.type]}); 3669 } 3670 3671 if (params.dns !== undefined) { 3672 this.type = 'dns'; 3673 v = new _DERIA5String({str: params[this.type]}); 3674 } 3675 3676 if (params.uri !== undefined) { 3677 this.type = 'uri'; 3678 v = new _DERIA5String({str: params[this.type]}); 3679 } 3680 3681 if (params.dn !== undefined) { 3682 this.type = 'dn'; 3683 this.explicit = true; 3684 if (typeof params.dn === "string") { 3685 v = new _X500Name({str: params.dn}); 3686 } else if (params.dn instanceof KJUR.asn1.x509.X500Name) { 3687 v = params.dn; 3688 } else { 3689 v = new _X500Name(params.dn); 3690 } 3691 } 3692 3693 if (params.ldapdn !== undefined) { 3694 this.type = 'dn'; 3695 this.explicit = true; 3696 v = new _X500Name({ldapstr: params.ldapdn}); 3697 } 3698 3699 if (params.certissuer !== undefined) { 3700 this.type = 'dn'; 3701 this.explicit = true; 3702 var certStr = params.certissuer; 3703 var certHex = null; 3704 3705 if (certStr.match(/^[0-9A-Fa-f]+$/)) { 3706 certHex == certStr; 3707 } 3708 3709 if (certStr.indexOf("-----BEGIN ") != -1) { 3710 certHex = _pemtohex(certStr); 3711 } 3712 3713 if (certHex == null) throw "certissuer param not cert"; 3714 var x = new X509(); 3715 x.hex = certHex; 3716 var dnHex = x.getIssuerHex(); 3717 v = new _ASN1Object(); 3718 v.hTLV = dnHex; 3719 } 3720 3721 if (params.certsubj !== undefined) { 3722 this.type = 'dn'; 3723 this.explicit = true; 3724 var certStr = params.certsubj; 3725 var certHex = null; 3726 if (certStr.match(/^[0-9A-Fa-f]+$/)) { 3727 certHex == certStr; 3728 } 3729 if (certStr.indexOf("-----BEGIN ") != -1) { 3730 certHex = _pemtohex(certStr); 3731 } 3732 if (certHex == null) throw "certsubj param not cert"; 3733 var x = new X509(); 3734 x.hex = certHex; 3735 var dnHex = x.getSubjectHex(); 3736 v = new _ASN1Object(); 3737 v.hTLV = dnHex; 3738 } 3739 3740 if (params.ip !== undefined) { 3741 this.type = 'ip'; 3742 this.explicit = false; 3743 var ip = params.ip; 3744 var hIP; 3745 var malformedIPMsg = "malformed IP address"; 3746 if (ip.match(/^[0-9.]+[.][0-9.]+$/)) { // ipv4 3747 hIP = intarystrtohex("[" + ip.split(".").join(",") + "]"); 3748 if (hIP.length !== 8) throw malformedIPMsg; 3749 } else if (ip.match(/^[0-9A-Fa-f:]+:[0-9A-Fa-f:]+$/)) { // ipv6 3750 hIP = ipv6tohex(ip); 3751 } else if (ip.match(/^([0-9A-Fa-f][0-9A-Fa-f]){1,}$/)) { // hex 3752 hIP = ip; 3753 } else { 3754 throw malformedIPMsg; 3755 } 3756 v = new _DEROctetString({hex: hIP}); 3757 } 3758 3759 if (this.type == null) 3760 throw "unsupported type in params=" + params; 3761 this.asn1Obj = new _DERTaggedObject({'explicit': this.explicit, 3762 'tag': pTag[this.type], 3763 'obj': v}); 3764 }; 3765 3766 this.getEncodedHex = function() { 3767 return this.asn1Obj.getEncodedHex(); 3768 } 3769 3770 if (params !== undefined) { 3771 this.setByParam(params); 3772 } 3773 3774 }; 3775 YAHOO.lang.extend(KJUR.asn1.x509.GeneralName, KJUR.asn1.ASN1Object); 3776 3777 /** 3778 * GeneralNames ASN.1 structure class<br/> 3779 * @name KJUR.asn1.x509.GeneralNames 3780 * @class GeneralNames ASN.1 structure class 3781 * @description 3782 * <br/> 3783 * <h4>EXAMPLE AND ASN.1 SYNTAX</h4> 3784 * @example 3785 * gns = new KJUR.asn1.x509.GeneralNames([{'uri': 'http://aaa.com/'}, {'uri': 'http://bbb.com/'}]); 3786 * 3787 * GeneralNames ::= SEQUENCE SIZE (1..MAX) OF GeneralName 3788 */ 3789 KJUR.asn1.x509.GeneralNames = function(paramsArray) { 3790 KJUR.asn1.x509.GeneralNames.superclass.constructor.call(this); 3791 var asn1Array = null, 3792 _KJUR = KJUR, 3793 _KJUR_asn1 = _KJUR.asn1; 3794 3795 /** 3796 * set a array of {@link KJUR.asn1.x509.GeneralName} parameters<br/> 3797 * @name setByParamArray 3798 * @memberOf KJUR.asn1.x509.GeneralNames# 3799 * @function 3800 * @param {Array} paramsArray Array of {@link KJUR.asn1.x509.GeneralNames} 3801 * @description 3802 * <br/> 3803 * <h4>EXAMPLES</h4> 3804 * @example 3805 * gns = new KJUR.asn1.x509.GeneralNames(); 3806 * gns.setByParamArray([{uri: 'http://aaa.com/'}, {uri: 'http://bbb.com/'}]); 3807 */ 3808 this.setByParamArray = function(paramsArray) { 3809 for (var i = 0; i < paramsArray.length; i++) { 3810 var o = new _KJUR_asn1.x509.GeneralName(paramsArray[i]); 3811 this.asn1Array.push(o); 3812 } 3813 }; 3814 3815 this.getEncodedHex = function() { 3816 var o = new _KJUR_asn1.DERSequence({'array': this.asn1Array}); 3817 return o.getEncodedHex(); 3818 }; 3819 3820 this.asn1Array = new Array(); 3821 if (typeof paramsArray != "undefined") { 3822 this.setByParamArray(paramsArray); 3823 } 3824 }; 3825 YAHOO.lang.extend(KJUR.asn1.x509.GeneralNames, KJUR.asn1.ASN1Object); 3826 3827 /** 3828 * static object for OID 3829 * @name KJUR.asn1.x509.OID 3830 * @class static object for OID 3831 * @property {Assoc Array} atype2oidList for short attribute type name and oid (ex. 'C' and '2.5.4.6') 3832 * @property {Assoc Array} name2oidList for oid name and oid (ex. 'keyUsage' and '2.5.29.15') 3833 * @property {Assoc Array} objCache for caching name and DERObjectIdentifier object 3834 * @description 3835 * This class defines OID name and values. 3836 * AttributeType names registered in OID.atype2oidList are following: 3837 * <table style="border-width: thin; border-style: solid; witdh: 100%"> 3838 * <tr><th>short</th><th>long</th><th>OID</th></tr> 3839 * <tr><td>CN</td>commonName<td></td><td>2.5.4.3</td></tr> 3840 * <tr><td>L</td><td>localityName</td><td>2.5.4.7</td></tr> 3841 * <tr><td>ST</td><td>stateOrProvinceName</td><td>2.5.4.8</td></tr> 3842 * <tr><td>O</td><td>organizationName</td><td>2.5.4.10</td></tr> 3843 * <tr><td>OU</td><td>organizationalUnitName</td><td>2.5.4.11</td></tr> 3844 * <tr><td>C</td><td></td>countryName<td>2.5.4.6</td></tr> 3845 * <tr><td>STREET</td>streetAddress<td></td><td>2.5.4.6</td></tr> 3846 * <tr><td>DC</td><td>domainComponent</td><td>0.9.2342.19200300.100.1.25</td></tr> 3847 * <tr><td>UID</td><td>userId</td><td>0.9.2342.19200300.100.1.1</td></tr> 3848 * <tr><td>SN</td><td>surname</td><td>2.5.4.4</td></tr> 3849 * <tr><td>DN</td><td>distinguishedName</td><td>2.5.4.49</td></tr> 3850 * <tr><td>E</td><td>emailAddress</td><td>1.2.840.113549.1.9.1</td></tr> 3851 * <tr><td></td><td>businessCategory</td><td>2.5.4.15</td></tr> 3852 * <tr><td></td><td>postalCode</td><td>2.5.4.17</td></tr> 3853 * <tr><td></td><td>jurisdictionOfIncorporationL</td><td>1.3.6.1.4.1.311.60.2.1.1</td></tr> 3854 * <tr><td></td><td>jurisdictionOfIncorporationSP</td><td>1.3.6.1.4.1.311.60.2.1.2</td></tr> 3855 * <tr><td></td><td>jurisdictionOfIncorporationC</td><td>1.3.6.1.4.1.311.60.2.1.3</td></tr> 3856 * </table> 3857 * 3858 * @example 3859 */ 3860 KJUR.asn1.x509.OID = new function(params) { 3861 this.atype2oidList = { 3862 // RFC 4514 AttributeType name string (MUST recognized) 3863 'CN': '2.5.4.3', 3864 'L': '2.5.4.7', 3865 'ST': '2.5.4.8', 3866 'O': '2.5.4.10', 3867 'OU': '2.5.4.11', 3868 'C': '2.5.4.6', 3869 'STREET': '2.5.4.9', 3870 'DC': '0.9.2342.19200300.100.1.25', 3871 'UID': '0.9.2342.19200300.100.1.1', 3872 // other AttributeType name string 3873 // http://blog.livedoor.jp/k_urushima/archives/656114.html 3874 'SN': '2.5.4.4', // surname 3875 'T': '2.5.4.12', // title 3876 'DN': '2.5.4.49', // distinguishedName 3877 'E': '1.2.840.113549.1.9.1', // emailAddress in MS.NET or Bouncy 3878 // other AttributeType name string (no short name) 3879 'description': '2.5.4.13', 3880 'businessCategory': '2.5.4.15', 3881 'postalCode': '2.5.4.17', 3882 'serialNumber': '2.5.4.5', 3883 'uniqueIdentifier': '2.5.4.45', 3884 'organizationIdentifier': '2.5.4.97', 3885 'jurisdictionOfIncorporationL': '1.3.6.1.4.1.311.60.2.1.1', 3886 'jurisdictionOfIncorporationSP':'1.3.6.1.4.1.311.60.2.1.2', 3887 'jurisdictionOfIncorporationC': '1.3.6.1.4.1.311.60.2.1.3' 3888 }; 3889 this.name2oidList = { 3890 'sha1': '1.3.14.3.2.26', 3891 'sha256': '2.16.840.1.101.3.4.2.1', 3892 'sha384': '2.16.840.1.101.3.4.2.2', 3893 'sha512': '2.16.840.1.101.3.4.2.3', 3894 'sha224': '2.16.840.1.101.3.4.2.4', 3895 'md5': '1.2.840.113549.2.5', 3896 'md2': '1.3.14.7.2.2.1', 3897 'ripemd160': '1.3.36.3.2.1', 3898 3899 'MD2withRSA': '1.2.840.113549.1.1.2', 3900 'MD4withRSA': '1.2.840.113549.1.1.3', 3901 'MD5withRSA': '1.2.840.113549.1.1.4', 3902 'SHA1withRSA': '1.2.840.113549.1.1.5', 3903 'pkcs1-MGF': '1.2.840.113549.1.1.8', 3904 'rsaPSS': '1.2.840.113549.1.1.10', 3905 'SHA224withRSA': '1.2.840.113549.1.1.14', 3906 'SHA256withRSA': '1.2.840.113549.1.1.11', 3907 'SHA384withRSA': '1.2.840.113549.1.1.12', 3908 'SHA512withRSA': '1.2.840.113549.1.1.13', 3909 3910 'SHA1withECDSA': '1.2.840.10045.4.1', 3911 'SHA224withECDSA': '1.2.840.10045.4.3.1', 3912 'SHA256withECDSA': '1.2.840.10045.4.3.2', 3913 'SHA384withECDSA': '1.2.840.10045.4.3.3', 3914 'SHA512withECDSA': '1.2.840.10045.4.3.4', 3915 3916 'dsa': '1.2.840.10040.4.1', 3917 'SHA1withDSA': '1.2.840.10040.4.3', 3918 'SHA224withDSA': '2.16.840.1.101.3.4.3.1', 3919 'SHA256withDSA': '2.16.840.1.101.3.4.3.2', 3920 3921 'rsaEncryption': '1.2.840.113549.1.1.1', 3922 3923 // X.500 AttributeType defined in RFC 4514 3924 'commonName': '2.5.4.3', 3925 'countryName': '2.5.4.6', 3926 'localityName': '2.5.4.7', 3927 'stateOrProvinceName': '2.5.4.8', 3928 'streetAddress': '2.5.4.9', 3929 'organizationName': '2.5.4.10', 3930 'organizationalUnitName': '2.5.4.11', 3931 'domainComponent': '0.9.2342.19200300.100.1.25', 3932 'userId': '0.9.2342.19200300.100.1.1', 3933 // other AttributeType name string 3934 'surname': '2.5.4.4', 3935 'title': '2.5.4.12', 3936 'distinguishedName': '2.5.4.49', 3937 'emailAddress': '1.2.840.113549.1.9.1', 3938 // other AttributeType name string (no short name) 3939 'description': '2.5.4.13', 3940 'businessCategory': '2.5.4.15', 3941 'postalCode': '2.5.4.17', 3942 'uniqueIdentifier': '2.5.4.45', 3943 'organizationIdentifier': '2.5.4.97', 3944 'jurisdictionOfIncorporationL': '1.3.6.1.4.1.311.60.2.1.1', 3945 'jurisdictionOfIncorporationSP':'1.3.6.1.4.1.311.60.2.1.2', 3946 'jurisdictionOfIncorporationC': '1.3.6.1.4.1.311.60.2.1.3', 3947 3948 'subjectKeyIdentifier': '2.5.29.14', 3949 'keyUsage': '2.5.29.15', 3950 'subjectAltName': '2.5.29.17', 3951 'issuerAltName': '2.5.29.18', 3952 'basicConstraints': '2.5.29.19', 3953 'cRLNumber': '2.5.29.20', 3954 'cRLReason': '2.5.29.21', 3955 'nameConstraints': '2.5.29.30', 3956 'cRLDistributionPoints':'2.5.29.31', 3957 'certificatePolicies': '2.5.29.32', 3958 'anyPolicy': '2.5.29.32.0', 3959 'authorityKeyIdentifier':'2.5.29.35', 3960 'policyConstraints': '2.5.29.36', 3961 'extKeyUsage': '2.5.29.37', 3962 'authorityInfoAccess': '1.3.6.1.5.5.7.1.1', 3963 'ocsp': '1.3.6.1.5.5.7.48.1', 3964 'ocspBasic': '1.3.6.1.5.5.7.48.1.1', 3965 'ocspNonce': '1.3.6.1.5.5.7.48.1.2', 3966 'ocspNoCheck': '1.3.6.1.5.5.7.48.1.5', 3967 'caIssuers': '1.3.6.1.5.5.7.48.2', 3968 3969 'anyExtendedKeyUsage': '2.5.29.37.0', 3970 'serverAuth': '1.3.6.1.5.5.7.3.1', 3971 'clientAuth': '1.3.6.1.5.5.7.3.2', 3972 'codeSigning': '1.3.6.1.5.5.7.3.3', 3973 'emailProtection': '1.3.6.1.5.5.7.3.4', 3974 'timeStamping': '1.3.6.1.5.5.7.3.8', 3975 'ocspSigning': '1.3.6.1.5.5.7.3.9', 3976 3977 'ecPublicKey': '1.2.840.10045.2.1', 3978 'P-256': '1.2.840.10045.3.1.7', 3979 'secp256r1': '1.2.840.10045.3.1.7', 3980 'secp256k1': '1.3.132.0.10', 3981 'secp384r1': '1.3.132.0.34', 3982 3983 'pkcs5PBES2': '1.2.840.113549.1.5.13', 3984 'pkcs5PBKDF2': '1.2.840.113549.1.5.12', 3985 3986 'des-EDE3-CBC': '1.2.840.113549.3.7', 3987 3988 'data': '1.2.840.113549.1.7.1', // CMS data 3989 'signed-data': '1.2.840.113549.1.7.2', // CMS signed-data 3990 'enveloped-data': '1.2.840.113549.1.7.3', // CMS enveloped-data 3991 'digested-data': '1.2.840.113549.1.7.5', // CMS digested-data 3992 'encrypted-data': '1.2.840.113549.1.7.6', // CMS encrypted-data 3993 'authenticated-data': '1.2.840.113549.1.9.16.1.2', // CMS authenticated-data 3994 'tstinfo': '1.2.840.113549.1.9.16.1.4', // RFC3161 TSTInfo 3995 'signingCertificate': '1.2.840.113549.1.9.16.2.12',// SMIME 3996 'timeStampToken': '1.2.840.113549.1.9.16.2.14',// sigTS 3997 'signaturePolicyIdentifier': '1.2.840.113549.1.9.16.2.15',// cades 3998 'etsArchiveTimeStamp': '1.2.840.113549.1.9.16.2.27',// SMIME 3999 'signingCertificateV2': '1.2.840.113549.1.9.16.2.47',// SMIME 4000 'etsArchiveTimeStampV2':'1.2.840.113549.1.9.16.2.48',// SMIME 4001 'extensionRequest': '1.2.840.113549.1.9.14',// CSR extensionRequest 4002 'contentType': '1.2.840.113549.1.9.3',//PKCS#9 4003 'messageDigest': '1.2.840.113549.1.9.4',//PKCS#9 4004 'signingTime': '1.2.840.113549.1.9.5',//PKCS#9 4005 'counterSignature': '1.2.840.113549.1.9.6',//PKCS#9 4006 'archiveTimeStampV3': '0.4.0.1733.2.4',//ETSI EN29319122/TS101733 4007 'pdfRevocationInfoArchival':'1.2.840.113583.1.1.8', //Adobe 4008 'adobeTimeStamp': '1.2.840.113583.1.1.9.1' // Adobe 4009 }; 4010 4011 this.objCache = {}; 4012 4013 /** 4014 * get DERObjectIdentifier by registered OID name 4015 * @name name2obj 4016 * @memberOf KJUR.asn1.x509.OID 4017 * @function 4018 * @param {String} name OID 4019 * @description 4020 * @example 4021 * var asn1ObjOID = OID.name2obj('SHA1withRSA'); 4022 */ 4023 this.name2obj = function(name) { 4024 if (typeof this.objCache[name] != "undefined") 4025 return this.objCache[name]; 4026 if (typeof this.name2oidList[name] == "undefined") 4027 throw "Name of ObjectIdentifier not defined: " + name; 4028 var oid = this.name2oidList[name]; 4029 var obj = new KJUR.asn1.DERObjectIdentifier({'oid': oid}); 4030 this.objCache[name] = obj; 4031 return obj; 4032 }; 4033 4034 /** 4035 * get DERObjectIdentifier by registered attribute type name such like 'C' or 'CN'<br/> 4036 * @name atype2obj 4037 * @memberOf KJUR.asn1.x509.OID 4038 * @function 4039 * @param {String} atype short attribute type name such like 'C' or 'CN' 4040 * @description 4041 * @example 4042 * KJUR.asn1.x509.OID.atype2obj('CN') → 2.5.4.3 4043 * KJUR.asn1.x509.OID.atype2obj('OU') → 2.5.4.11 4044 */ 4045 this.atype2obj = function(atype) { 4046 if (typeof this.objCache[atype] != "undefined") 4047 return this.objCache[atype]; 4048 if (typeof this.atype2oidList[atype] == "undefined") 4049 throw "AttributeType name undefined: " + atype; 4050 var oid = this.atype2oidList[atype]; 4051 var obj = new KJUR.asn1.DERObjectIdentifier({'oid': oid}); 4052 this.objCache[atype] = obj; 4053 return obj; 4054 }; 4055 }; 4056 4057 /** 4058 * convert OID to name<br/> 4059 * @name oid2name 4060 * @memberOf KJUR.asn1.x509.OID 4061 * @function 4062 * @param {String} oid dot noted Object Identifer string (ex. 1.2.3.4) 4063 * @return {String} OID name if registered otherwise empty string 4064 * @since asn1x509 1.0.9 4065 * @description 4066 * This static method converts OID string to its name. 4067 * If OID is undefined then it returns empty string (i.e. ''). 4068 * @example 4069 * KJUR.asn1.x509.OID.oid2name("1.3.6.1.5.5.7.1.1") → 'authorityInfoAccess' 4070 */ 4071 KJUR.asn1.x509.OID.oid2name = function(oid) { 4072 var list = KJUR.asn1.x509.OID.name2oidList; 4073 for (var name in list) { 4074 if (list[name] == oid) return name; 4075 } 4076 return ''; 4077 }; 4078 4079 /** 4080 * convert OID to AttributeType name<br/> 4081 * @name oid2atype 4082 * @memberOf KJUR.asn1.x509.OID 4083 * @function 4084 * @param {String} oid dot noted Object Identifer string (ex. 1.2.3.4) 4085 * @return {String} OID AttributeType name if registered otherwise oid 4086 * @since jsrsasign 6.2.2 asn1x509 1.0.18 4087 * @description 4088 * This static method converts OID string to its AttributeType name. 4089 * If OID is not defined in OID.atype2oidList associative array then it returns OID 4090 * specified as argument. 4091 * @example 4092 * KJUR.asn1.x509.OID.oid2atype("2.5.4.3") → CN 4093 * KJUR.asn1.x509.OID.oid2atype("1.3.6.1.4.1.311.60.2.1.3") → jurisdictionOfIncorporationC 4094 * KJUR.asn1.x509.OID.oid2atype("0.1.2.3.4") → 0.1.2.3.4 // unregistered OID 4095 */ 4096 KJUR.asn1.x509.OID.oid2atype = function(oid) { 4097 var list = KJUR.asn1.x509.OID.atype2oidList; 4098 for (var atype in list) { 4099 if (list[atype] == oid) return atype; 4100 } 4101 return oid; 4102 }; 4103 4104 /** 4105 * convert OID name to OID value<br/> 4106 * @name name2oid 4107 * @memberOf KJUR.asn1.x509.OID 4108 * @function 4109 * @param {String} name OID name or OID (ex. "sha1" or "1.2.3.4") 4110 * @return {String} dot noted Object Identifer string (ex. 1.2.3.4) 4111 * @since asn1x509 1.0.11 4112 * @description 4113 * This static method converts from OID name to OID string. 4114 * If OID is undefined then it returns empty string (i.e. ''). 4115 * @example 4116 * KJUR.asn1.x509.OID.name2oid("authorityInfoAccess") → "1.3.6.1.5.5.7.1.1" 4117 * KJUR.asn1.x509.OID.name2oid("1.2.3.4") → "1.2.3.4" 4118 * KJUR.asn1.x509.OID.name2oid("UNKNOWN NAME") → "" 4119 */ 4120 KJUR.asn1.x509.OID.name2oid = function(name) { 4121 if (name.match(/^[0-9.]+$/)) return name; 4122 var list = KJUR.asn1.x509.OID.name2oidList; 4123 if (list[name] === undefined) return ''; 4124 return list[name]; 4125 }; 4126 4127 /** 4128 * X.509 certificate and CRL utilities class<br/> 4129 * @name KJUR.asn1.x509.X509Util 4130 * @class X.509 certificate and CRL utilities class 4131 */ 4132 KJUR.asn1.x509.X509Util = {}; 4133 4134 /** 4135 * issue a certificate in PEM format (DEPRECATED) 4136 * @name newCertPEM 4137 * @memberOf KJUR.asn1.x509.X509Util 4138 * @function 4139 * @param {Array} param JSON object of parameter to issue a certificate 4140 * @since asn1x509 1.0.6 4141 * @deprecated since jsrsasign 9.0.0 asn1x509 2.0.0. please move to {@link KJUR.asn1.x509.Certificate} constructor 4142 * @description 4143 * This method can issue a certificate by a simple 4144 * JSON object. 4145 * Signature value will be provided by signing with 4146 * private key using 'cakey' parameter or 4147 * hexadecimal signature value by 'sighex' parameter. 4148 * <br/> 4149 * NOTE: Algorithm parameter of AlgorithmIdentifier will 4150 * be set automatically by default. 4151 * (see {@link KJUR.asn1.x509.AlgorithmIdentifier}) 4152 * from jsrsasign 7.1.1 asn1x509 1.0.20. 4153 * <br/> 4154 * NOTE2: 4155 * RSA-PSS algorithm has been supported from jsrsasign 8.0.21. 4156 * As for RSA-PSS signature algorithm names and signing parameters 4157 * such as MGF function and salt length, please see 4158 * {@link KJUR.asn1.x509.AlgorithmIdentifier} class. 4159 * 4160 * @example 4161 * var certPEM = KJUR.asn1.x509.X509Util.newCertPEM({ 4162 * serial: {int: 4}, 4163 * sigalg: {name: 'SHA1withECDSA'}, 4164 * issuer: {str: '/C=US/O=a'}, 4165 * notbefore: {'str': '130504235959Z'}, 4166 * notafter: {'str': '140504235959Z'}, 4167 * subject: {str: '/C=US/O=b'}, 4168 * sbjpubkey: pubKeyObj, 4169 * ext: [ 4170 * {basicConstraints: {cA: true, critical: true}}, 4171 * {keyUsage: {bin: '11'}}, 4172 * ], 4173 * cakey: prvKeyObj 4174 * }); 4175 * // -- or -- 4176 * var certPEM = KJUR.asn1.x509.X509Util.newCertPEM({ 4177 * serial: {int: 4}, 4178 * sigalg: {name: 'SHA1withECDSA'}, 4179 * issuer: {str: '/C=US/O=a'}, 4180 * notbefore: {'str': '130504235959Z'}, 4181 * notafter: {'str': '140504235959Z'}, 4182 * subject: {str: '/C=US/O=b'}, 4183 * sbjpubkey: pubKeyPEM, 4184 * ext: [ 4185 * {basicConstraints: {cA: true, critical: true}}, 4186 * {keyUsage: {bin: '11'}}, 4187 * ], 4188 * cakey: [prvkey, pass]} 4189 * ); 4190 * // -- or -- 4191 * var certPEM = KJUR.asn1.x509.X509Util.newCertPEM({ 4192 * serial: {int: 1}, 4193 * sigalg: {name: 'SHA1withRSA'}, 4194 * issuer: {str: '/C=US/O=T1'}, 4195 * notbefore: {'str': '130504235959Z'}, 4196 * notafter: {'str': '140504235959Z'}, 4197 * subject: {str: '/C=US/O=T1'}, 4198 * sbjpubkey: pubKeyObj, 4199 * sighex: '0102030405..' 4200 * }); 4201 * // for the issuer and subject field, another 4202 * // representation is also available 4203 * var certPEM = KJUR.asn1.x509.X509Util.newCertPEM({ 4204 * serial: {int: 1}, 4205 * sigalg: {name: 'SHA256withRSA'}, 4206 * issuer: {C: "US", O: "T1"}, 4207 * notbefore: {'str': '130504235959Z'}, 4208 * notafter: {'str': '140504235959Z'}, 4209 * subject: {C: "US", O: "T1", CN: "http://example.com/"}, 4210 * sbjpubkey: pubKeyObj, 4211 * sighex: '0102030405..' 4212 * }); 4213 */ 4214 KJUR.asn1.x509.X509Util.newCertPEM = function(param) { 4215 var _KJUR_asn1_x509 = KJUR.asn1.x509, 4216 _TBSCertificate = _KJUR_asn1_x509.TBSCertificate, 4217 _Certificate = _KJUR_asn1_x509.Certificate; 4218 var cert = new _Certificate(param); 4219 return cert.getPEM(); 4220 }; 4221 4222