1 /* asn1x509-2.1.16.js (c) 2013-2022 Kenji Urushima | kjur.github.io/jsrsasign/license 2 */ 3 /* 4 * asn1x509.js - ASN.1 DER encoder classes for X.509 certificate 5 * 6 * Copyright (c) 2013-2022 Kenji Urushima (kenji.urushima@gmail.com) 7 * 8 * This software is licensed under the terms of the MIT License. 9 * https://kjur.github.io/jsrsasign/license 10 * 11 * The above copyright and license notice shall be 12 * included in all copies or substantial portions of the Software. 13 */ 14 15 /** 16 * @fileOverview 17 * @name asn1x509-1.0.js 18 * @author Kenji Urushima kenji.urushima@gmail.com 19 * @version jsrsasign 10.5.22 asn1x509 2.1.16 (2022-May-24) 20 * @since jsrsasign 2.1 21 * @license <a href="https://kjur.github.io/jsrsasign/license/">MIT License</a> 22 */ 23 24 /** 25 * kjur's class library name space 26 * // already documented in asn1-1.0.js 27 * @name KJUR 28 * @namespace kjur's class library name space 29 */ 30 if (typeof KJUR == "undefined" || !KJUR) KJUR = {}; 31 32 /** 33 * kjur's ASN.1 class library name space 34 * // already documented in asn1-1.0.js 35 * @name KJUR.asn1 36 * @namespace 37 */ 38 if (typeof KJUR.asn1 == "undefined" || !KJUR.asn1) KJUR.asn1 = {}; 39 40 /** 41 * kjur's ASN.1 class for X.509 certificate library name space 42 * <p> 43 * <h4>FEATURES</h4> 44 * <ul> 45 * <li>easily issue any kind of certificate</li> 46 * <li>APIs are very similar to BouncyCastle library ASN.1 classes. So easy to learn.</li> 47 * </ul> 48 * </p> 49 * <h4>PROVIDED CLASSES</h4> 50 * <ul> 51 * <li>{@link KJUR.asn1.x509.Certificate}</li> 52 * <li>{@link KJUR.asn1.x509.TBSCertificate}</li> 53 * <li>{@link KJUR.asn1.x509.Extension} abstract class</li> 54 * <li>{@link KJUR.asn1.x509.Extensions}</li> 55 * <li>{@link KJUR.asn1.x509.SubjectPublicKeyInfo}</li> 56 * <li>{@link KJUR.asn1.x509.AlgorithmIdentifier}</li> 57 * <li>{@link KJUR.asn1.x509.GeneralNames}</li> 58 * <li>{@link KJUR.asn1.x509.GeneralName}</li> 59 * <li>{@link KJUR.asn1.x509.X500Name}</li> 60 * <li>{@link KJUR.asn1.x509.RDN}</li> 61 * <li>{@link KJUR.asn1.x509.AttributeTypeAndValue}</li> 62 * <li>{@link KJUR.asn1.x509.DistributionPointName}</li> 63 * <li>{@link KJUR.asn1.x509.DistributionPoint}</li> 64 * <li>{@link KJUR.asn1.x509.PolicyInformation}</li> 65 * <li>{@link KJUR.asn1.x509.PolicyQualifierInfo}</li> 66 * <li>{@link KJUR.asn1.x509.UserNotice}</li> 67 * <li>{@link KJUR.asn1.x509.NoticeReference}</li> 68 * <li>{@link KJUR.asn1.x509.DisplayText}</li> 69 * <li>{@link KJUR.asn1.x509.GeneralSubtree}</li> 70 * <li>{@link KJUR.asn1.x509.CRL}</li> 71 * <li>{@link KJUR.asn1.x509.TBSCertList}</li> 72 * <li>{@link KJUR.asn1.x509.CRLEntry} (DEPRECATED)</li> 73 * <li>{@link KJUR.asn1.x509.OID}</li> 74 * </ul> 75 * <h4>SUPPORTED EXTENSIONS</h4> 76 * <ul> 77 * <li>{@link KJUR.asn1.x509.AuthorityKeyIdentifier}</li> 78 * <li>{@link KJUR.asn1.x509.SubjectKeyIdentifier}</li> 79 * <li>{@link KJUR.asn1.x509.KeyUsage}</li> 80 * <li>{@link KJUR.asn1.x509.CertificatePolicies}</li> 81 * <li>{@link KJUR.asn1.x509.SubjectAltName}</li> 82 * <li>{@link KJUR.asn1.x509.IssuerAltName}</li> 83 * <li>{@link KJUR.asn1.x509.BasicConstraints}</li> 84 * <li>{@link KJUR.asn1.x509.NameConstraints}</li> 85 * <li>{@link KJUR.asn1.x509.ExtKeyUsage}</li> 86 * <li>{@link KJUR.asn1.x509.CRLDistributionPoints}</li> 87 * <li>{@link KJUR.asn1.x509.AuthorityInfoAccess}</li> 88 * <li>{@link KJUR.asn1.x509.CRLNumber}</li> 89 * <li>{@link KJUR.asn1.x509.CRLReason}</li> 90 * <li>{@link KJUR.asn1.x509.OCSPNonce}</li> 91 * <li>{@link KJUR.asn1.x509.OCSPNoCheck}</li> 92 * <li>{@link KJUR.asn1.x509.AdobeTimeStamp}</li> 93 * <li>{@link KJUR.asn1.x509.SubjectDirectoryAttributes}</li> 94 * <li>{@link KJUR.asn1.x509.PrivateExtension}</li> 95 * </ul> 96 * NOTE1: Please ignore method summary and document of this namespace. This caused by a bug of jsdoc2.<br/> 97 * NOTE2: SubjectAltName and IssuerAltName supported since 98 * jsrsasign 6.2.3 asn1x509 1.0.19.<br/> 99 * NOTE3: CeritifcatePolicies supported supported since 100 * jsrsasign 8.0.23 asn1x509 1.1.12<br/> 101 * @name KJUR.asn1.x509 102 * @namespace 103 */ 104 if (typeof KJUR.asn1.x509 == "undefined" || !KJUR.asn1.x509) KJUR.asn1.x509 = {}; 105 106 // === BEGIN Certificate =================================================== 107 108 /** 109 * X.509 Certificate class to sign and generate hex encoded certificate 110 * @name KJUR.asn1.x509.Certificate 111 * @class X.509 Certificate class to sign and generate hex encoded certificate 112 * @property {Array} params JSON object of parameters 113 * @param {Array} params JSON object for Certificate parameters 114 * @extends KJUR.asn1.ASN1Object 115 * @description 116 * <br/> 117 * This class provides Certificate ASN.1 class structure 118 * defined in 119 * <a href="https://tools.ietf.org/html/rfc5280#section-4.1"> 120 * RFC 5280 4.1</a>. 121 * <pre> 122 * Certificate ::= SEQUENCE { 123 * tbsCertificate TBSCertificate, 124 * signatureAlgorithm AlgorithmIdentifier, 125 * signatureValue BIT STRING } 126 * </pre> 127 * Parameter "params" JSON object can be 128 * the same as {@link KJUR.asn1.x509.TBSCertificate}. 129 * Then they are used to generate TBSCertificate. 130 * Additionally just for Certificate, following parameters can be used: 131 * <ul> 132 * <li>{TBSCertfificate}tbsobj - 133 * specifies {@link KJUR.asn1.x509.TBSCertificate} 134 * object to be signed if needed. 135 * When this isn't specified, 136 * this will be set from other parametes of TBSCertificate.</li> 137 * <li>{Object}cakey (OPTION) - specifies certificate signing private key. 138 * Parameter "cakey" or "sighex" shall be specified. Following 139 * values can be specified: 140 * <ul> 141 * <li>PKCS#1/5 or PKCS#8 PEM string of private key</li> 142 * <li>RSAKey/DSA/ECDSA key object. {@link KEYUTIL.getKey} is useful 143 * to generate a key object.</li> 144 * </ul> 145 * </li> 146 * <li>{String}sighex (OPTION) - hexadecimal string of signature value 147 * (i.e. ASN.1 value(V) of signatureValue BIT STRING without 148 * unused bits)</li> 149 * </ul> 150 * CAUTION: APIs of this class have been totally updated without 151 * backward compatibility since jsrsasign 9.0.0.<br/> 152 * NOTE1: 'params' can be omitted.<br/> 153 * NOTE2: DSA/ECDSA is also supported for CA signging key from asn1x509 1.0.6. 154 * @example 155 * var cert = new KJUR.asn1.x509.Certificate({ 156 * version: 3, 157 * serial: {hex: "1234..."}, 158 * sigalg: "SHA256withRSAandMGF1", 159 * ... 160 * sighex: "1d3f..." // sign() method won't be called 161 * }); 162 * 163 * // sighex will by calculated by signing with cakey 164 * var cert = new KJUR.asn1.x509.Certificate({ 165 * version: 3, 166 * serial: {hex: "2345..."}, 167 * sigalg: "SHA256withRSA", 168 * ... 169 * cakey: "-----BEGIN PRIVATE KEY..." 170 * }); 171 * 172 * // use TBSCertificate object to sign 173 * var cert = new KJUR.asn1.x509.Certificate({ 174 * tbsobj: <<OBJ>>, 175 * sigalg: "SHA256withRSA", 176 * cakey: "-----BEGIN PRIVATE KEY..." 177 * }); 178 */ 179 KJUR.asn1.x509.Certificate = function(params) { 180 KJUR.asn1.x509.Certificate.superclass.constructor.call(this); 181 var _KJUR = KJUR, 182 _KJUR_asn1 = _KJUR.asn1, 183 _DERBitString = _KJUR_asn1.DERBitString, 184 _DERSequence = _KJUR_asn1.DERSequence, 185 _KJUR_asn1_x509 = _KJUR_asn1.x509, 186 _TBSCertificate = _KJUR_asn1_x509.TBSCertificate, 187 _AlgorithmIdentifier = _KJUR_asn1_x509.AlgorithmIdentifier; 188 189 this.params = undefined; 190 191 /** 192 * set parameter<br/> 193 * @name setByParam 194 * @memberOf KJUR.asn1.x509.Certificate# 195 * @function 196 * @param params {Array} JSON object of certificate parameters 197 * @since jsrsasign 9.0.0 asn1hex 2.0.0 198 * @description 199 * This method will set parameter 200 * {@link KJUR.asn1.x509.Certificate#params} 201 * to this object. 202 * @example 203 * cert = new KJUR.asn1.x509.Certificate(); 204 * cert.setByParam({ 205 * version: 3, 206 * serial: {hex: "1234..."}, 207 * ... 208 * }); 209 */ 210 this.setByParam = function(params) { 211 this.params = params; 212 }; 213 214 /** 215 * sign certificate<br/> 216 * @name sign 217 * @memberOf KJUR.asn1.x509.Certificate# 218 * @function 219 * @description 220 * This method signs TBSCertificate with a specified 221 * private key and algorithm by 222 * this.params.cakey and this.params.sigalg parameter. 223 * @example 224 * cert = new KJUR.asn1.x509.Certificate({...}); 225 * cert.sign() 226 */ 227 this.sign = function() { 228 var params = this.params; 229 230 var sigalg = params.sigalg; 231 if (params.sigalg.name != undefined) 232 sigalg = params.sigalg.name; 233 234 var hTBS = params.tbsobj.tohex(); 235 var sig = new KJUR.crypto.Signature({alg: sigalg}); 236 sig.init(params.cakey); 237 sig.updateHex(hTBS); 238 params.sighex = sig.sign(); 239 }; 240 241 /** 242 * get PEM formatted certificate string after signed 243 * @name getPEM 244 * @memberOf KJUR.asn1.x509.Certificate# 245 * @function 246 * @return PEM formatted string of certificate 247 * @since jsrsasign 9.0.0 asn1hex 2.0.0 248 * @description 249 * This method returns a string of PEM formatted 250 * certificate. 251 * @example 252 * cert = new KJUR.asn1.x509.Certificate({...}); 253 * cert.getPEM() → 254 * "-----BEGIN CERTIFICATE-----\r\n..." 255 */ 256 this.getPEM = function() { 257 return hextopem(this.tohex(), "CERTIFICATE"); 258 }; 259 260 this.tohex = function() { 261 var params = this.params; 262 263 if (params.tbsobj == undefined || params.tbsobj == null) { 264 params.tbsobj = new _TBSCertificate(params); 265 } 266 267 if (params.sighex == undefined && params.cakey != undefined) { 268 this.sign(); 269 } 270 271 if (params.sighex == undefined) { 272 throw new Error("sighex or cakey parameter not defined"); 273 } 274 275 var a = []; 276 a.push(params.tbsobj); 277 a.push(new _AlgorithmIdentifier({name: params.sigalg})); 278 a.push(new _DERBitString({hex: "00" + params.sighex})); 279 var seq = new _DERSequence({array: a}); 280 return seq.tohex(); 281 }; 282 this.getEncodedHex = function() { return this.tohex(); }; 283 284 if (params != undefined) this.params = params; 285 }; 286 extendClass(KJUR.asn1.x509.Certificate, KJUR.asn1.ASN1Object); 287 288 /** 289 * ASN.1 TBSCertificate structure class<br/> 290 * @name KJUR.asn1.x509.TBSCertificate 291 * @class ASN.1 TBSCertificate structure class 292 * @property {Array} params JSON object of parameters 293 * @param {Array} params JSON object of TBSCertificate parameters 294 * @extends KJUR.asn1.ASN1Object 295 * @see KJUR.asn1.x509.Certificate 296 * 297 * @description 298 * <br/> 299 * NOTE: TBSCertificate class is updated without backward 300 * compatibility from jsrsasign 9.0.0 asn1x509 2.0.0. 301 * Most of methods are removed and parameters can be set 302 * by JSON object. 303 * 304 * @example 305 * new TBSCertificate({ 306 * version: 3, // this can be omitted, the default is 3. 307 * serial: {hex: "1234..."}, // DERInteger parameter 308 * sigalg: "SHA256withRSA", 309 * issuer: {array:[[{type:'O',value:'Test',ds:'prn'}]]}, // X500Name parameter 310 * notbefore: "151231235959Z", // string, passed to Time 311 * notafter: "251231235959Z", // string, passed to Time 312 * subject: {array:[[{type:'O',value:'Test',ds:'prn'}]]}, // X500Name parameter 313 * sbjpubkey: "-----BEGIN...", // KEYUTIL.getKey pubkey parameter 314 * // As for extension parameters, please see extension class 315 * // All extension parameters need to have "extname" parameter additionaly. 316 * ext:[{ 317 * extname:"keyUsage",critical:true, 318 * names:["digitalSignature","keyEncipherment"] 319 * },{ 320 * extname:"cRLDistributionPoints", 321 * array:[{dpname:{full:[{uri:"http://example.com/a1.crl"}]}}] 322 * }, ...] 323 * }) 324 * 325 * var tbsc = new TBSCertificate(); 326 * tbsc.setByParam({version:3,serial:{hex:'1234...'},...}); 327 */ 328 KJUR.asn1.x509.TBSCertificate = function(params) { 329 KJUR.asn1.x509.TBSCertificate.superclass.constructor.call(this); 330 var _KJUR = KJUR, 331 _KJUR_asn1 = _KJUR.asn1, 332 _KJUR_asn1_x509 = _KJUR_asn1.x509, 333 _DERTaggedObject = _KJUR_asn1.DERTaggedObject, 334 _DERInteger = _KJUR_asn1.DERInteger, 335 _DERSequence = _KJUR_asn1.DERSequence, 336 _AlgorithmIdentifier = _KJUR_asn1_x509.AlgorithmIdentifier, 337 _Time = _KJUR_asn1_x509.Time, 338 _X500Name = _KJUR_asn1_x509.X500Name, 339 _Extensions = _KJUR_asn1_x509.Extensions, 340 _SubjectPublicKeyInfo = _KJUR_asn1_x509.SubjectPublicKeyInfo; 341 342 this.params = null; 343 344 /** 345 * get array of ASN.1 object for extensions<br/> 346 * @name setByParam 347 * @memberOf KJUR.asn1.x509.TBSCertificate# 348 * @function 349 * @param {Array} JSON object of TBSCertificate parameters 350 * @example 351 * tbsc = new KJUR.asn1.x509.TBSCertificate(); 352 * tbsc.setByParam({version:3, serial:{hex:'1234...'},...}); 353 */ 354 this.setByParam = function(params) { 355 this.params = params; 356 }; 357 358 this.tohex = function() { 359 var a = []; 360 var params = this.params; 361 362 // X.509v3 default if params.version not defined 363 if (params.version != undefined || params.version != 1) { 364 var version = 2; 365 if (params.version != undefined) version = params.version - 1; 366 var obj = 367 new _DERTaggedObject({obj: new _DERInteger({'int': version})}) 368 a.push(obj); 369 } 370 371 a.push(new _DERInteger(params.serial)); 372 a.push(new _AlgorithmIdentifier({name: params.sigalg})); 373 a.push(new _X500Name(params.issuer)); 374 a.push(new _DERSequence({array:[new _Time(params.notbefore), 375 new _Time(params.notafter)]})); 376 a.push(new _X500Name(params.subject)); 377 a.push(new _SubjectPublicKeyInfo(KEYUTIL.getKey(params.sbjpubkey))); 378 if (params.ext !== undefined && params.ext.length > 0) { 379 a.push(new _DERTaggedObject({tag: "a3", 380 obj: new _Extensions(params.ext)})); 381 } 382 383 var seq = new KJUR.asn1.DERSequence({array: a}); 384 return seq.tohex(); 385 }; 386 this.getEncodedHex = function() { return this.tohex(); }; 387 388 if (params !== undefined) this.setByParam(params); 389 }; 390 extendClass(KJUR.asn1.x509.TBSCertificate, KJUR.asn1.ASN1Object); 391 392 /** 393 * Extensions ASN.1 structure class<br/> 394 * @name KJUR.asn1.x509.Extensions 395 * @class Extensions ASN.1 structure class 396 * @param {Array} aParam array of JSON extension parameter 397 * @extends KJUR.asn1.ASN1Object 398 * @since jsrsasign 9.1.0 asn1x509 2.1.0 399 * @see KJUR.asn1.x509.TBSCertificate 400 * @see KJUR.asn1.x509.TBSCertList 401 * @see KJUR.asn1.csr.CertificationRequestInfo 402 * @see KJUR.asn1.x509.PrivateExtension 403 * @see KJUR.asn1.ocsp.ResponseData 404 * @see KJUR.asn1.ocsp.BasicOCSPResponse 405 * 406 * @description 407 * This class represents 408 * <a href="https://tools.ietf.org/html/rfc5280#section-4.1"> 409 * Extensions defined in RFC 5280 4.1</a> and 410 * <a href="https://tools.ietf.org/html/rfc5280#section-4.1.2.9"> 411 * 4.1.2.9</a>. 412 * <pre> 413 * Extensions ::= SEQUENCE SIZE (1..MAX) OF Extension 414 * </pre> 415 * <p>NOTE: From jsrsasign 9.1.1, private extension or 416 * undefined extension have been supported by 417 * {@link KJUR.asn1.x509.PrivateExtension}.</p> 418 * 419 * Here is a list of available extensions: 420 * <ul> 421 * <li>{@link KJUR.asn1.x509.BasicConstraints}</li> 422 * <li>{@link KJUR.asn1.x509.KeyUsage}</li> 423 * <li>{@link KJUR.asn1.x509.SubjectKeyIdentifier}</li> 424 * <li>{@link KJUR.asn1.x509.AuthorityKeyIdentifier}</li> 425 * <li>{@link KJUR.asn1.x509.SubjectAltName}</li> 426 * <li>{@link KJUR.asn1.x509.IssuerAltName}</li> 427 * <li>{@link KJUR.asn1.x509.CRLDistributionPoints}</li> 428 * <li>{@link KJUR.asn1.x509.CertificatePolicies}</li> 429 * <li>{@link KJUR.asn1.x509.CRLNumber}</li> 430 * <li>{@link KJUR.asn1.x509.CRLReason}</li> 431 * <li>{@link KJUR.asn1.x509.OCSPNonce}</li> 432 * <li>{@link KJUR.asn1.x509.OCSPNoCheck}</li> 433 * <li>{@link KJUR.asn1.x509.AdobeTimeStamp}</li> 434 * <li>{@link KJUR.asn1.x509.SubjectDirectoryAttributes}</li> 435 * <li>{@link KJUR.asn1.x509.PrivateExtension}</li> 436 * </ul> 437 * You can also use {@link KJUR.asn1.x509.PrivateExtension} object 438 * to specify a unsupported extension. 439 * 440 * @example 441 * o = new KJUR.asn1.x509.Extensions([ 442 * {extname:"keyUsage",critical:true,names:["digitalSignature"]}, 443 * {extname:"subjectAltName",array:[{dns:"example.com"}]}, 444 * {extname:"1.2.3.4",extn:{prnstr:"aa"}} // private extension 445 * ]); 446 * o.tohex() → "30..." 447 */ 448 KJUR.asn1.x509.Extensions = function(aParam) { 449 KJUR.asn1.x509.Extensions.superclass.constructor.call(this); 450 var _KJUR = KJUR, 451 _KJUR_asn1 = _KJUR.asn1, 452 _DERSequence = _KJUR_asn1.DERSequence, 453 _KJUR_asn1_x509 = _KJUR_asn1.x509; 454 this.aParam = []; 455 456 this.setByParam = function(aParam) { this.aParam = aParam; } 457 458 this.tohex = function() { 459 var a = []; 460 for (var i = 0; i < this.aParam.length; i++) { 461 var param = this.aParam[i]; 462 var extname = param.extname; 463 var obj = null; 464 465 if (param.extn != undefined) { 466 obj = new _KJUR_asn1_x509.PrivateExtension(param); 467 } else if (extname == "subjectKeyIdentifier") { 468 obj = new _KJUR_asn1_x509.SubjectKeyIdentifier(param); 469 } else if (extname == "keyUsage") { 470 obj = new _KJUR_asn1_x509.KeyUsage(param); 471 } else if (extname == "subjectAltName") { 472 obj = new _KJUR_asn1_x509.SubjectAltName(param); 473 } else if (extname == "issuerAltName") { 474 obj = new _KJUR_asn1_x509.IssuerAltName(param); 475 } else if (extname == "basicConstraints") { 476 obj = new _KJUR_asn1_x509.BasicConstraints(param); 477 } else if (extname == "nameConstraints") { 478 obj = new _KJUR_asn1_x509.NameConstraints(param); 479 } else if (extname == "cRLDistributionPoints") { 480 obj = new _KJUR_asn1_x509.CRLDistributionPoints(param); 481 } else if (extname == "certificatePolicies") { 482 obj = new _KJUR_asn1_x509.CertificatePolicies(param); 483 } else if (extname == "authorityKeyIdentifier") { 484 obj = new _KJUR_asn1_x509.AuthorityKeyIdentifier(param); 485 } else if (extname == "extKeyUsage") { 486 obj = new _KJUR_asn1_x509.ExtKeyUsage(param); 487 } else if (extname == "authorityInfoAccess") { 488 obj = new _KJUR_asn1_x509.AuthorityInfoAccess(param); 489 } else if (extname == "cRLNumber") { 490 obj = new _KJUR_asn1_x509.CRLNumber(param); 491 } else if (extname == "cRLReason") { 492 obj = new _KJUR_asn1_x509.CRLReason(param); 493 } else if (extname == "ocspNonce") { 494 obj = new _KJUR_asn1_x509.OCSPNonce(param); 495 } else if (extname == "ocspNoCheck") { 496 obj = new _KJUR_asn1_x509.OCSPNoCheck(param); 497 } else if (extname == "adobeTimeStamp") { 498 obj = new _KJUR_asn1_x509.AdobeTimeStamp(param); 499 } else if (extname == "subjectDirectoryAttributes") { 500 obj = new _KJUR_asn1_x509.SubjectDirectoryAttributes(param); 501 } else { 502 throw new Error("extension not supported:" 503 + JSON.stringify(param)); 504 } 505 if (obj != null) a.push(obj); 506 } 507 508 var seq = new _DERSequence({array: a}); 509 return seq.tohex(); 510 }; 511 this.getEncodedHex = function() { return this.tohex(); }; 512 513 if (aParam != undefined) this.setByParam(aParam); 514 }; 515 extendClass(KJUR.asn1.x509.Extensions, KJUR.asn1.ASN1Object); 516 517 518 // === END TBSCertificate =================================================== 519 520 // === BEGIN X.509v3 Extensions Related ======================================= 521 522 /** 523 * base Extension ASN.1 structure class 524 * @name KJUR.asn1.x509.Extension 525 * @class base Extension ASN.1 structure class 526 * @param {Array} params associative array of parameters (ex. {'critical': true}) 527 * @extends KJUR.asn1.ASN1Object 528 * @description 529 * <pre> 530 * Extension ::= SEQUENCE { 531 * extnID OBJECT IDENTIFIER, 532 * critical BOOLEAN DEFAULT FALSE, 533 * extnValue OCTET STRING } 534 * </pre> 535 * @example 536 */ 537 KJUR.asn1.x509.Extension = function(params) { 538 KJUR.asn1.x509.Extension.superclass.constructor.call(this); 539 var asn1ExtnValue = null, 540 _KJUR = KJUR, 541 _KJUR_asn1 = _KJUR.asn1, 542 _DERObjectIdentifier = _KJUR_asn1.DERObjectIdentifier, 543 _DEROctetString = _KJUR_asn1.DEROctetString, 544 _DERBitString = _KJUR_asn1.DERBitString, 545 _DERBoolean = _KJUR_asn1.DERBoolean, 546 _DERSequence = _KJUR_asn1.DERSequence; 547 548 this.tohex = function() { 549 var asn1Oid = new _DERObjectIdentifier({'oid': this.oid}); 550 var asn1EncapExtnValue = 551 new _DEROctetString({'hex': this.getExtnValueHex()}); 552 553 var asn1Array = new Array(); 554 asn1Array.push(asn1Oid); 555 if (this.critical) asn1Array.push(new _DERBoolean()); 556 asn1Array.push(asn1EncapExtnValue); 557 558 var asn1Seq = new _DERSequence({'array': asn1Array}); 559 return asn1Seq.tohex(); 560 }; 561 this.getEncodedHex = function() { return this.tohex(); }; 562 563 this.critical = false; 564 if (params !== undefined) { 565 if (params.critical !== undefined) { 566 this.critical = params.critical; 567 } 568 } 569 }; 570 extendClass(KJUR.asn1.x509.Extension, KJUR.asn1.ASN1Object); 571 572 /** 573 * KeyUsage ASN.1 structure class 574 * @name KJUR.asn1.x509.KeyUsage 575 * @class KeyUsage ASN.1 structure class 576 * @param {Array} params associative array of parameters (ex. {'bin': '11', 'critical': true}) 577 * @extends KJUR.asn1.x509.Extension 578 * @description 579 * This class is for <a href="https://tools.ietf.org/html/rfc5280#section-4.2.1.3" target="_blank">KeyUsage</a> X.509v3 extension. 580 * <pre> 581 * id-ce-keyUsage OBJECT IDENTIFIER ::= { id-ce 15 } 582 * KeyUsage ::= BIT STRING { 583 * digitalSignature (0), 584 * nonRepudiation (1), 585 * keyEncipherment (2), 586 * dataEncipherment (3), 587 * keyAgreement (4), 588 * keyCertSign (5), 589 * cRLSign (6), 590 * encipherOnly (7), 591 * decipherOnly (8) } 592 * </pre><br/> 593 * NOTE: 'names' parameter is supprted since jsrsasign 8.0.14. 594 * @example 595 * o = new KJUR.asn1.x509.KeyUsage({bin: "11"}); 596 * o = new KJUR.asn1.x509.KeyUsage({critical: true, bin: "11"}); 597 * o = new KJUR.asn1.x509.KeyUsage({names: ['digitalSignature', 'keyAgreement']}); 598 */ 599 KJUR.asn1.x509.KeyUsage = function(params) { 600 KJUR.asn1.x509.KeyUsage.superclass.constructor.call(this, params); 601 602 var _Error = Error; 603 604 var _nameValue = { 605 digitalSignature: 0, 606 nonRepudiation: 1, 607 keyEncipherment: 2, 608 dataEncipherment: 3, 609 keyAgreement: 4, 610 keyCertSign: 5, 611 cRLSign: 6, 612 encipherOnly: 7, 613 decipherOnly: 8 614 }; 615 616 this.getExtnValueHex = function() { 617 var binString = this.getBinValue(); 618 this.asn1ExtnValue = new KJUR.asn1.DERBitString({bin: binString}); 619 return this.asn1ExtnValue.tohex(); 620 }; 621 622 this.getBinValue = function() { 623 var params = this.params; 624 625 if (typeof params != "object" || 626 (typeof params.names != "object" && typeof params.bin != "string")) 627 throw new _Error("parameter not yet set"); 628 629 if (params.names != undefined) { 630 return namearraytobinstr(params.names, _nameValue); 631 } else if (params.bin != undefined) { 632 return params.bin; 633 } else { 634 throw new _Error("parameter not set properly"); 635 } 636 }; 637 638 this.oid = "2.5.29.15"; 639 if (params !== undefined) this.params = params; 640 }; 641 extendClass(KJUR.asn1.x509.KeyUsage, KJUR.asn1.x509.Extension); 642 643 /** 644 * BasicConstraints ASN.1 structure class 645 * @name KJUR.asn1.x509.BasicConstraints 646 * @class BasicConstraints ASN.1 structure class 647 * @param {Array} params JSON object for parameters (ex. {cA:true,critical:true}) 648 * @extends KJUR.asn1.x509.Extension 649 * @see {@link X509#getExtBasicConstraints} 650 * @description 651 * This class represents 652 * <a href="https://tools.ietf.org/html/rfc5280#section-4.2.1.9"> 653 * BasicConstraints extension defined in RFC 5280 4.2.1.9</a>. 654 * <pre> 655 * id-ce-basicConstraints OBJECT IDENTIFIER ::= { id-ce 19 } 656 * BasicConstraints ::= SEQUENCE { 657 * cA BOOLEAN DEFAULT FALSE, 658 * pathLenConstraint INTEGER (0..MAX) OPTIONAL } 659 * </pre> 660 * Its constructor can have following parameters: 661 * <ul> 662 * <li>{Boolean}cA - cA flag</li> 663 * <li>{Integer}pathLen - pathLen field value</li> 664 * <li>{Boolean}critical - critical flag</li> 665 * </ul> 666 * @example 667 * new KJUR.asn1.x509.BasicConstraints({ 668 * cA: true, 669 * pathLen: 3, 670 * critical: true 671 * }) 672 */ 673 KJUR.asn1.x509.BasicConstraints = function(params) { 674 KJUR.asn1.x509.BasicConstraints.superclass.constructor.call(this, params); 675 var _KJUR_asn1 = KJUR.asn1, 676 _DERBoolean = _KJUR_asn1.DERBoolean, 677 _DERInteger = _KJUR_asn1.DERInteger, 678 _DERSequence = _KJUR_asn1.DERSequence; 679 680 var cA = false; 681 var pathLen = -1; 682 683 this.getExtnValueHex = function() { 684 var asn1Array = new Array(); 685 if (this.cA) asn1Array.push(new _DERBoolean()); 686 if (this.pathLen > -1) 687 asn1Array.push(new _DERInteger({'int': this.pathLen})); 688 var asn1Seq = new _DERSequence({'array': asn1Array}); 689 this.asn1ExtnValue = asn1Seq; 690 return this.asn1ExtnValue.tohex(); 691 }; 692 693 this.oid = "2.5.29.19"; 694 this.cA = false; 695 this.pathLen = -1; 696 if (params !== undefined) { 697 if (params.cA !== undefined) { 698 this.cA = params.cA; 699 } 700 if (params.pathLen !== undefined) { 701 this.pathLen = params.pathLen; 702 } 703 } 704 }; 705 extendClass(KJUR.asn1.x509.BasicConstraints, KJUR.asn1.x509.Extension); 706 707 /** 708 * CRLDistributionPoints ASN.1 structure class 709 * @name KJUR.asn1.x509.CRLDistributionPoints 710 * @class CRLDistributionPoints ASN.1 structure class 711 * @param {Array} params associative array of parameters (ex. {'uri': 'http://a.com/', 'critical': true}) 712 * @extends KJUR.asn1.x509.Extension 713 * @see {@link X509#getExtCRLDistributionPoints} 714 * @see {@link KJUR.asn1.x509.DistributionPoint} 715 * @see {@link KJUR.asn1.x509.GeneralNames} 716 * @description 717 * This class represents 718 * <a href="https://tools.ietf.org/html/rfc5280#section-4.2.1.13"> 719 * CRLDistributionPoints extension defined in RFC 5280 4.2.1.13</a>. 720 * <pre> 721 * id-ce-cRLDistributionPoints OBJECT IDENTIFIER ::= { id-ce 31 } 722 * CRLDistributionPoints ::= SEQUENCE SIZE (1..MAX) OF DistributionPoint 723 * DistributionPoint ::= SEQUENCE { 724 * distributionPoint [0] DistributionPointName OPTIONAL, 725 * reasons [1] ReasonFlags OPTIONAL, 726 * cRLIssuer [2] GeneralNames OPTIONAL } 727 * DistributionPointName ::= CHOICE { 728 * fullName [0] GeneralNames, 729 * nameRelativeToCRLIssuer [1] RelativeDistinguishedName } 730 * </pre> 731 * Constructor can have following parameter: 732 * <ul> 733 * <li>{Array}array - array of {@link KJUR.asn1.x509.DistributionPoint} parameter</li> 734 * <li>{Boolean}critical - critical flag</li> 735 * </ul> 736 * @example 737 * new KJUR.asn1.x509.CRLDistributionPoints({ 738 * array: [{fulluri: "http://aaa.com/"}, {fulluri: "ldap://aaa.com/"}], 739 * critical: true 740 * }) 741 */ 742 KJUR.asn1.x509.CRLDistributionPoints = function(params) { 743 KJUR.asn1.x509.CRLDistributionPoints.superclass.constructor.call(this, params); 744 var _KJUR = KJUR, 745 _KJUR_asn1 = _KJUR.asn1, 746 _KJUR_asn1_x509 = _KJUR_asn1.x509; 747 748 this.getExtnValueHex = function() { 749 return this.asn1ExtnValue.tohex(); 750 }; 751 752 this.setByDPArray = function(dpArray) { 753 var asn1Array = []; 754 for (var i = 0; i < dpArray.length; i++) { 755 if (dpArray[i] instanceof KJUR.asn1.ASN1Object) { 756 asn1Array.push(dpArray[i]); 757 } else { 758 var dp = new _KJUR_asn1_x509.DistributionPoint(dpArray[i]); 759 asn1Array.push(dp); 760 } 761 } 762 this.asn1ExtnValue = new _KJUR_asn1.DERSequence({'array': asn1Array}); 763 }; 764 765 this.setByOneURI = function(uri) { 766 var dp1 = new _KJUR_asn1_x509.DistributionPoint({fulluri: uri}); 767 this.setByDPArray([dp1]); 768 }; 769 770 this.oid = "2.5.29.31"; 771 if (params !== undefined) { 772 if (params.array !== undefined) { 773 this.setByDPArray(params.array); 774 } else if (params.uri !== undefined) { 775 this.setByOneURI(params.uri); 776 } 777 } 778 }; 779 extendClass(KJUR.asn1.x509.CRLDistributionPoints, KJUR.asn1.x509.Extension); 780 781 /** 782 * DistributionPoint ASN.1 structure class<br/> 783 * @name KJUR.asn1.x509.DistributionPoint 784 * @class DistributionPoint ASN.1 structure class 785 * @param {Array} params JSON object of parameters (OPTIONAL) 786 * @extends KJUR.asn1.ASN1Object 787 * @see {@link KJUR.asn1.x509.CRLDistributionPoints} 788 * @see {@link KJUR.asn1.x509.DistributionPointName} 789 * @see {@link KJUR.asn1.x509.GeneralNames} 790 * @see {@link X509#getDistributionPoint} 791 * @description 792 * This class represents 793 * <a href="https://tools.ietf.org/html/rfc5280#section-4.2.1.13"> 794 * DistributionPoint defined in RFC 5280 4.2.1.13</a>. 795 * <pre> 796 * DistributionPoint ::= SEQUENCE { 797 * distributionPoint [0] DistributionPointName OPTIONAL, 798 * reasons [1] ReasonFlags OPTIONAL, 799 * cRLIssuer [2] GeneralNames OPTIONAL } 800 * </pre> 801 * Constructor can have following parameter: 802 * <ul> 803 * <li>{String}fulluri - uri string for fullName uri. This has the same meaning for '{dpname: {full: [{uri: "..."]}}'.</li> 804 * <li>{Array}dpname - JSON object for {@link KJUR.asn1.x509.DistributionPointName} parameters</li> 805 * <li>{DistrubutionPoint}dpobj - {@link KJUR.asn1.x509.DistributionPointName} object (DEPRECATED)</li> 806 * </ul> 807 * <br/> 808 * NOTE1: Parameter "fulluri" and "dpname" supported 809 * since jsrsasign 9.0.0 asn1x509 2.0.0. 810 * <br/> 811 * NOTE2: The "reasons" and "cRLIssuer" fields are currently 812 * not supported. 813 * @example 814 * new KJUR.asn1.x509.DistributionPoint( 815 * {fulluri: "http://example.com/crl1.crl"}) 816 * new KJUR.asn1.x509.DistributionPoint( 817 * {dpname: {full: [{uri: "http://example.com/crl1.crl"}]}}) 818 * new KJUR.asn1.x509.DistributionPoint( 819 * {dpobj: new DistributionPoint(...)}) 820 */ 821 KJUR.asn1.x509.DistributionPoint = function(params) { 822 KJUR.asn1.x509.DistributionPoint.superclass.constructor.call(this); 823 var asn1DP = null, 824 _KJUR = KJUR, 825 _KJUR_asn1 = _KJUR.asn1, 826 _DistributionPointName = _KJUR_asn1.x509.DistributionPointName; 827 828 this.tohex = function() { 829 var seq = new _KJUR_asn1.DERSequence(); 830 if (this.asn1DP != null) { 831 var o1 = new _KJUR_asn1.DERTaggedObject({'explicit': true, 832 'tag': 'a0', 833 'obj': this.asn1DP}); 834 seq.appendASN1Object(o1); 835 } 836 this.hTLV = seq.tohex(); 837 return this.hTLV; 838 }; 839 this.getEncodedHex = function() { return this.tohex(); }; 840 841 if (params !== undefined) { 842 if (params.dpobj !== undefined) { 843 this.asn1DP = params.dpobj; 844 } else if (params.dpname !== undefined) { 845 this.asn1DP = new _DistributionPointName(params.dpname); 846 } else if (params.fulluri !== undefined) { 847 this.asn1DP = new _DistributionPointName({full: [{uri: params.fulluri}]}); 848 } 849 } 850 }; 851 extendClass(KJUR.asn1.x509.DistributionPoint, KJUR.asn1.ASN1Object); 852 853 /** 854 * DistributionPointName ASN.1 structure class<br/> 855 * @name KJUR.asn1.x509.DistributionPointName 856 * @class DistributionPointName ASN.1 structure class 857 * @param {Array} params JSON object of parameters or GeneralNames object 858 * @extends KJUR.asn1.ASN1Object 859 * @see {@link KJUR.asn1.x509.CRLDistributionPoints} 860 * @see {@link KJUR.asn1.x509.DistributionPoint} 861 * @see {@link KJUR.asn1.x509.GeneralNames} 862 * @see {@link X509#getDistributionPointName} 863 * @description 864 * This class represents 865 * <a href="https://tools.ietf.org/html/rfc5280#section-4.2.1.13"> 866 * DistributionPointName defined in RFC 5280 4.2.1.13</a>. 867 * <pre> 868 * DistributionPointName ::= CHOICE { 869 * fullName [0] GeneralNames, 870 * nameRelativeToCRLIssuer [1] RelativeDistinguishedName } 871 * </pre> 872 * Constructor can have following parameter: 873 * <ul> 874 * <li>{String}full - JSON object parameter of {@link KJUR.asn1.x509.GeneralNames} for 'fullName' field</li> 875 * <li>{GeneralNames} - {@link KJUR.asn1.x509.GeneralNames} object for 'fullName'</li> 876 * </ul> 877 * NOTE1: 'full' parameter have been suppored since jsrsasign 9.0.0 asn1x509 2.0.0. 878 * <br> 879 * NOTE2: The 'nameRelativeToCRLIssuer' field is currently not supported. 880 * @example 881 * new KJUR.asn1.x509.DistributionPointName({full: <<GeneralNamesParameter>>}) 882 * new KJUR.asn1.x509.DistributionPointName({full: [{uri: <<CDPURI>>}]}) 883 * new KJUR.asn1.x509.DistributionPointName({full: [{dn: <<DN Parameter>>}]} 884 * new KJUR.asn1.x509.DistributionPointName({full: [{uri: "http://example.com/root.crl"}]}) 885 * new KJUR.asn1.x509.DistributionPointName({full: [{dn {str: "/C=US/O=Test"}}]}) 886 * new KJUR.asn1.x509.DistributionPointName(new GeneralNames(...)) 887 */ 888 KJUR.asn1.x509.DistributionPointName = function(params) { 889 KJUR.asn1.x509.DistributionPointName.superclass.constructor.call(this); 890 var asn1Obj = null, 891 type = null, 892 tag = null, 893 asn1V = null, 894 _KJUR = KJUR, 895 _KJUR_asn1 = _KJUR.asn1, 896 _DERTaggedObject = _KJUR_asn1.DERTaggedObject; 897 898 this.tohex = function() { 899 if (this.type != "full") 900 throw new Error("currently type shall be 'full': " + this.type); 901 this.asn1Obj = new _DERTaggedObject({'explicit': false, 902 'tag': this.tag, 903 'obj': this.asn1V}); 904 this.hTLV = this.asn1Obj.tohex(); 905 return this.hTLV; 906 }; 907 this.getEncodedHex = function() { return this.tohex(); }; 908 909 if (params !== undefined) { 910 if (_KJUR_asn1.x509.GeneralNames.prototype.isPrototypeOf(params)) { 911 this.type = "full"; 912 this.tag = "a0"; 913 this.asn1V = params; 914 } else if (params.full !== undefined) { 915 this.type = "full"; 916 this.tag = "a0"; 917 this.asn1V = new _KJUR_asn1.x509.GeneralNames(params.full); 918 } else { 919 throw new Error("This class supports GeneralNames only as argument"); 920 } 921 } 922 }; 923 extendClass(KJUR.asn1.x509.DistributionPointName, KJUR.asn1.ASN1Object); 924 925 /** 926 * CertificatePolicies ASN.1 structure class 927 * @name KJUR.asn1.x509.CertificatePolicies 928 * @class CertificatePolicies ASN.1 structure class 929 * @param {Array} params associative array of parameters 930 * @extends KJUR.asn1.x509.Extension 931 * @since jsrsasign 8.0.23 asn1x509 1.1.12 932 * @see KJUR.asn1.x509.CertificatePolicies 933 * @see KJUR.asn1.x509.PolicyInformation 934 * @see KJUR.asn1.x509.PolicyQualifierInfo 935 * @see KJUR.asn1.x509.UserNotice 936 * @see KJUR.asn1.x509.NoticeReference 937 * @see KJUR.asn1.x509.DisplayText 938 * @description 939 * This class represents 940 * <a href="https://tools.ietf.org/html/rfc5280#section-4.2.1.4"> 941 * CertificatePolicies extension defined in RFC 5280 4.2.1.4</a>. 942 * <pre> 943 * id-ce-certificatePolicies OBJECT IDENTIFIER ::= { id-ce 32 } 944 * CertificatePolicies ::= SEQUENCE SIZE (1..MAX) OF PolicyInformation 945 * </pre> 946 * Its constructor can have following parameters: 947 * <ul> 948 * <li>array - array of {@link KJUR.asn1.x509.PolicyInformation} parameter</li> 949 * <li>critical - boolean: critical flag</li> 950 * </ul> 951 * NOTE: Returned JSON value format have been changed without 952 * backward compatibility since jsrsasign 9.0.0 asn1x509 2.0.0. 953 * @example 954 * e1 = new KJUR.asn1.x509.CertificatePolicies({ 955 * array: [ 956 * { policyoid: "1.2.3.4.5", 957 * array: [ 958 * { cps: "https://example.com/repository" }, 959 * { unotice: { 960 * noticeref: { // CA SHOULD NOT use this by RFC 961 * org: {type: "ia5", str: "Sample Org"}, 962 * noticenum: [{int: 5}, {hex: "01af"}] 963 * }, 964 * exptext: {type: "ia5", str: "Sample Policy"} 965 * }} 966 * ] 967 * } 968 * ], 969 * critical: true 970 * }); 971 */ 972 KJUR.asn1.x509.CertificatePolicies = function(params) { 973 KJUR.asn1.x509.CertificatePolicies.superclass.constructor.call(this, params); 974 var _KJUR = KJUR, 975 _KJUR_asn1 = _KJUR.asn1, 976 _KJUR_asn1_x509 = _KJUR_asn1.x509, 977 _DERSequence = _KJUR_asn1.DERSequence, 978 _PolicyInformation = _KJUR_asn1_x509.PolicyInformation; 979 980 this.params = null; 981 982 this.getExtnValueHex = function() { 983 var aPI = []; 984 for (var i = 0; i < this.params.array.length; i++) { 985 aPI.push(new _PolicyInformation(this.params.array[i])); 986 } 987 var seq = new _DERSequence({array: aPI}); 988 this.asn1ExtnValue = seq; 989 return this.asn1ExtnValue.tohex(); 990 }; 991 992 this.oid = "2.5.29.32"; 993 if (params !== undefined) { 994 this.params = params; 995 } 996 }; 997 extendClass(KJUR.asn1.x509.CertificatePolicies, KJUR.asn1.x509.Extension); 998 999 // ===== BEGIN CertificatePolicies related classes ===== 1000 /** 1001 * PolicyInformation ASN.1 structure class 1002 * @name KJUR.asn1.x509.PolicyInformation 1003 * @class PolicyInformation ASN.1 structure class 1004 * @param {Array} params JSON object of parameters 1005 * @extends KJUR.asn1.ASN1Object 1006 * @since jsrsasign 8.0.23 asn1x509 1.1.12 1007 * @see KJUR.asn1.x509.CertificatePolicies 1008 * @see KJUR.asn1.x509.PolicyInformation 1009 * @see KJUR.asn1.x509.PolicyQualifierInfo 1010 * @see KJUR.asn1.x509.UserNotice 1011 * @see KJUR.asn1.x509.NoticeReference 1012 * @see KJUR.asn1.x509.DisplayText 1013 * @description 1014 * This class represents 1015 * <a href="https://tools.ietf.org/html/rfc5280#section-4.2.1.4"> 1016 * PolicyInformation defined in RFC 5280 4.2.1.4</a>. 1017 * <pre> 1018 * PolicyInformation ::= SEQUENCE { 1019 * policyIdentifier CertPolicyId, 1020 * policyQualifiers SEQUENCE SIZE (1..MAX) OF 1021 * PolicyQualifierInfo OPTIONAL } 1022 * CertPolicyId ::= OBJECT IDENTIFIER 1023 * Its constructor can have following parameters: 1024 * <ul> 1025 * <li>{String}policyoid - policy OID (ex. "1.2.3.4.5")</li> 1026 * <li>{Object}array - array of {@link KJUR.asn1.x509.PolicyQualifierInfo} 1027 * parameters (OPTIONAL)</li> 1028 * </ul> 1029 * @example 1030 * new KJUR.asn1.x509.PolicyInformation({ 1031 * policyoid: "1.2.3.4.5", 1032 * array: [ 1033 * { cps: "https://example.com/repository" }, 1034 * { unotice: { 1035 * noticeref: { // CA SHOULD NOT use this by RFC 1036 * org: {type: "ia5", str: "Sample Org"}, 1037 * noticenum: [{int: 5}, {hex: "01af"}] 1038 * }, 1039 * exptext: {type: "ia5", str: "Sample Policy"} 1040 * }} 1041 * ] 1042 * }) 1043 */ 1044 KJUR.asn1.x509.PolicyInformation = function(params) { 1045 KJUR.asn1.x509.PolicyInformation.superclass.constructor.call(this, 1046 params); 1047 var _KJUR_asn1 = KJUR.asn1, 1048 _DERSequence = _KJUR_asn1.DERSequence, 1049 _DERObjectIdentifier = _KJUR_asn1.DERObjectIdentifier, 1050 _PolicyQualifierInfo = _KJUR_asn1.x509.PolicyQualifierInfo; 1051 1052 this.params = null; 1053 1054 this.tohex = function() { 1055 if (this.params.policyoid === undefined && 1056 this.params.array === undefined) 1057 throw new Error("parameter oid and array missing"); 1058 1059 // policy oid 1060 var a = [new _DERObjectIdentifier(this.params.policyoid)]; 1061 1062 // array of ASN1Object of PolicyQualifierInfo 1063 if (this.params.array !== undefined) { 1064 var aPQI = []; 1065 for (var i = 0; i < this.params.array.length; i++) { 1066 aPQI.push(new _PolicyQualifierInfo(this.params.array[i])); 1067 } 1068 if (aPQI.length > 0) { 1069 a.push(new _DERSequence({array: aPQI})); 1070 } 1071 } 1072 1073 var seq = new _DERSequence({array: a}); 1074 return seq.tohex(); 1075 }; 1076 this.getEncodedHex = function() { return this.tohex(); }; 1077 1078 if (params !== undefined) { 1079 this.params = params; 1080 } 1081 }; 1082 extendClass(KJUR.asn1.x509.PolicyInformation, KJUR.asn1.ASN1Object); 1083 1084 /** 1085 * PolicyQualifierInfo ASN.1 structure class 1086 * @name KJUR.asn1.x509.PolicyQualifierInfo 1087 * @class PolicyQualifierInfo ASN.1 structure class 1088 * @param {Array} params associative array of parameters 1089 * @extends KJUR.asn1.ASN1Object 1090 * @since jsrsasign 8.0.23 asn1x509 1.1.12 1091 * @description 1092 * This class represents 1093 * <a href="https://tools.ietf.org/html/rfc5280#section-4.2.1.4"> 1094 * PolicyQualifierInfo defined in RFC 5280 4.2.1.4</a>. 1095 * <pre> 1096 * PolicyQualifierInfo ::= SEQUENCE { 1097 * policyQualifierId PolicyQualifierId, 1098 * qualifier ANY DEFINED BY policyQualifierId } 1099 * PolicyQualifierId ::= OBJECT IDENTIFIER ( id-qt-cps | id-qt-unotice ) 1100 * CPSuri ::= IA5String 1101 * </pre> 1102 * Its constructor can have one of following two parameters: 1103 * <ul> 1104 * <li>{String}cps - URI string for CPS</li> 1105 * <li>{Object}unotice - {@link KJUR.asn1.x509.UserNotice} parameter</li> 1106 * </ul> 1107 * @example 1108 * new PolicyQualifierInfo({ 1109 * cps: "https://example.com/repository/cps" 1110 * }) 1111 * 1112 * new PolicyQualifierInfo({ 1113 * unotice: { 1114 * noticeref: { // CA SHOULD NOT use this by RFC 1115 * org: {type: "bmp", str: "Sample Org"}, 1116 * noticenum: [{int: 3}, {hex: "01af"}] 1117 * }, 1118 * exptext: {type: "ia5", str: "Sample Policy"} 1119 * } 1120 * }) 1121 */ 1122 KJUR.asn1.x509.PolicyQualifierInfo = function(params) { 1123 KJUR.asn1.x509.PolicyQualifierInfo.superclass.constructor.call(this, 1124 params); 1125 var _KJUR_asn1 = KJUR.asn1, 1126 _DERSequence = _KJUR_asn1.DERSequence, 1127 _DERIA5String = _KJUR_asn1.DERIA5String, 1128 _DERObjectIdentifier = _KJUR_asn1.DERObjectIdentifier, 1129 _UserNotice = _KJUR_asn1.x509.UserNotice; 1130 1131 this.params = null; 1132 1133 this.tohex = function() { 1134 if (this.params.cps !== undefined) { 1135 var seq = new _DERSequence({array: [ 1136 new _DERObjectIdentifier({oid: '1.3.6.1.5.5.7.2.1'}), 1137 new _DERIA5String({str: this.params.cps}) 1138 ]}); 1139 return seq.tohex(); 1140 } 1141 if (this.params.unotice != undefined) { 1142 var seq = new _DERSequence({array: [ 1143 new _DERObjectIdentifier({oid: '1.3.6.1.5.5.7.2.2'}), 1144 new _UserNotice(this.params.unotice) 1145 ]}); 1146 return seq.tohex(); 1147 } 1148 }; 1149 this.getEncodedHex = function() { return this.tohex(); }; 1150 1151 if (params !== undefined) { 1152 this.params = params; 1153 } 1154 }; 1155 extendClass(KJUR.asn1.x509.PolicyQualifierInfo, KJUR.asn1.ASN1Object); 1156 1157 1158 /** 1159 * UserNotice ASN.1 structure class 1160 * @name KJUR.asn1.x509.UserNotice 1161 * @class UserNotice ASN.1 structure class 1162 * @param {Array} params associative array of parameters 1163 * @extends KJUR.asn1.ASN1Object 1164 * @since jsrsasign 8.0.23 asn1x509 1.1.12 1165 * @description 1166 * This class represents 1167 * <a href="https://tools.ietf.org/html/rfc5280#section-4.2.1.4"> 1168 * UserNotice defined in RFC 5280 4.2.1.4</a>. 1169 * <pre> 1170 * UserNotice ::= SEQUENCE { 1171 * noticeRef NoticeReference OPTIONAL, 1172 * explicitText DisplayText OPTIONAL } 1173 * </pre> 1174 * Its constructor can have following two parameters: 1175 * <ul> 1176 * <li>{Object}noticeref - {@link KJUR.asn1.x509.NoticeReference} parameter. 1177 * This SHALL NOT be set for conforming CA by RFC 5280. (OPTIONAL)</li> 1178 * <li>{Object}exptext - explicitText value 1179 * by {@link KJUR.asn1.x509.DisplayText} parameter (OPTIONAL)</li> 1180 * </ul> 1181 * @example 1182 * new UserNotice({ 1183 * noticeref: { 1184 * org: {type: "bmp", str: "Sample Org"}, 1185 * noticenum: [{int: 3}, {hex: "01af"}] 1186 * }, 1187 * exptext: {type: "ia5", str: "Sample Policy"} 1188 * }) 1189 */ 1190 KJUR.asn1.x509.UserNotice = function(params) { 1191 KJUR.asn1.x509.UserNotice.superclass.constructor.call(this, params); 1192 var _DERSequence = KJUR.asn1.DERSequence, 1193 _DERInteger = KJUR.asn1.DERInteger, 1194 _DisplayText = KJUR.asn1.x509.DisplayText, 1195 _NoticeReference = KJUR.asn1.x509.NoticeReference; 1196 1197 this.params = null; 1198 1199 this.tohex = function() { 1200 var a = []; 1201 if (this.params.noticeref !== undefined) { 1202 a.push(new _NoticeReference(this.params.noticeref)); 1203 } 1204 if (this.params.exptext !== undefined) { 1205 a.push(new _DisplayText(this.params.exptext)); 1206 } 1207 var seq = new _DERSequence({array: a}); 1208 return seq.tohex(); 1209 }; 1210 this.getEncodedHex = function() { return this.tohex(); }; 1211 1212 if (params !== undefined) { 1213 this.params = params; 1214 } 1215 }; 1216 extendClass(KJUR.asn1.x509.UserNotice, KJUR.asn1.ASN1Object); 1217 1218 /** 1219 * NoticeReference ASN.1 structure class 1220 * @name KJUR.asn1.x509.NoticeReference 1221 * @class NoticeReference ASN.1 structure class 1222 * @param {Array} params associative array of parameters 1223 * @extends KJUR.asn1.ASN1Object 1224 * @since jsrsasign 8.0.23 asn1x509 1.1.12 1225 * @description 1226 * This class represents 1227 * <a href="https://tools.ietf.org/html/rfc5280#section-4.2.1.4"> 1228 * NoticeReference defined in RFC 5280 4.2.1.4</a>. 1229 * <pre> 1230 * NoticeReference ::= SEQUENCE { 1231 * organization DisplayText, 1232 * noticeNumbers SEQUENCE OF INTEGER } 1233 * </pre> 1234 * Its constructor can have following two parameters: 1235 * <ul> 1236 * <li>{Object}org - organization by {@link KJUR.asn1.x509.DisplayText} 1237 * parameter.</li> 1238 * <li>{Object}noticenum - noticeNumbers value by an array of 1239 * {@link KJUR.asn1.DERInteger} parameter</li> 1240 * </ul> 1241 * @example 1242 * new NoticeReference({ 1243 * org: {type: "bmp", str: "Sample Org"}, 1244 * noticenum: [{int: 3}, {hex: "01af"}] 1245 * }) 1246 */ 1247 KJUR.asn1.x509.NoticeReference = function(params) { 1248 KJUR.asn1.x509.NoticeReference.superclass.constructor.call(this, params); 1249 var _DERSequence = KJUR.asn1.DERSequence, 1250 _DERInteger = KJUR.asn1.DERInteger, 1251 _DisplayText = KJUR.asn1.x509.DisplayText; 1252 1253 this.params = null; 1254 1255 this.tohex = function() { 1256 var a = []; 1257 if (this.params.org !== undefined) { 1258 a.push(new _DisplayText(this.params.org)); 1259 } 1260 if (this.params.noticenum !== undefined) { 1261 var aNoticeNum = []; 1262 var aNumParam = this.params.noticenum; 1263 for (var i = 0; i < aNumParam.length; i++) { 1264 aNoticeNum.push(new _DERInteger(aNumParam[i])); 1265 } 1266 a.push(new _DERSequence({array: aNoticeNum})); 1267 } 1268 if (a.length == 0) throw new Error("parameter is empty"); 1269 var seq = new _DERSequence({array: a}); 1270 return seq.tohex(); 1271 } 1272 this.getEncodedHex = function() { return this.tohex(); }; 1273 1274 if (params !== undefined) { 1275 this.params = params; 1276 } 1277 }; 1278 extendClass(KJUR.asn1.x509.NoticeReference, KJUR.asn1.ASN1Object); 1279 1280 /** 1281 * DisplayText ASN.1 structure class 1282 * @name KJUR.asn1.x509.DisplayText 1283 * @class DisplayText ASN.1 structure class 1284 * @param {Array} params associative array of parameters 1285 * @extends KJUR.asn1.DERAbstractString 1286 * @since jsrsasign 8.0.23 asn1x509 1.1.12 1287 * @description 1288 * This class represents 1289 * <a href="https://tools.ietf.org/html/rfc5280#section-4.2.1.4"> 1290 * DisplayText defined in RFC 5280 4.2.1.4</a>. 1291 * <pre> 1292 * -- from RFC 5280 Appendix A 1293 * DisplayText ::= CHOICE { 1294 * ia5String IA5String (SIZE (1..200)), 1295 * visibleString VisibleString (SIZE (1..200)), 1296 * bmpString BMPString (SIZE (1..200)), 1297 * utf8String UTF8String (SIZE (1..200)) } 1298 * </pre> 1299 * {@link KJUR.asn1.DERAbstractString} parameters and methods 1300 * can be used. 1301 * Its constructor can also have following parameter: 1302 * <ul> 1303 * <li>{String} type - DirectoryString type of DisplayText. 1304 * "ia5" for IA5String, "vis" for VisibleString, 1305 * "bmp" for BMPString and "utf8" for UTF8String. 1306 * Default is "utf8". (OPTIONAL)</li> 1307 * </ul> 1308 * @example 1309 * new DisplayText({type: "bmp", str: "Sample Org"}) 1310 * new DisplayText({type: "ia5", str: "Sample Org"}) 1311 * new DisplayText({str: "Sample Org"}) 1312 */ 1313 KJUR.asn1.x509.DisplayText = function(params) { 1314 KJUR.asn1.x509.DisplayText.superclass.constructor.call(this, params); 1315 1316 this.hT = "0c"; // DEFAULT "utf8" 1317 1318 if (params !== undefined) { 1319 if (params.type === "ia5") { 1320 this.hT = "16"; 1321 } else if (params.type === "vis") { 1322 this.hT = "1a"; 1323 } else if (params.type === "bmp") { 1324 this.hT = "1e"; 1325 } 1326 } 1327 }; 1328 extendClass(KJUR.asn1.x509.DisplayText, KJUR.asn1.DERAbstractString); 1329 // ===== END CertificatePolicies related classes ===== 1330 1331 // ===================================================================== 1332 /** 1333 * NameConstraints ASN.1 structure class<br/> 1334 * @name KJUR.asn1.x509.NameConstraints 1335 * @class NameConstraints ASN.1 structure class 1336 * @param {Array} params associative array of parameters 1337 * @extends KJUR.asn1.x509.Extension 1338 * @since jsrsasign 10.5.16 asn1x509 2.1.13 1339 * @see X509#getExtNameConstraints 1340 * @see KJUR.asn1.x509.GeneralSubtree 1341 * @see KJUR.asn1.x509.GeneralName 1342 1343 * @description 1344 * This class provides X.509v3 NameConstraints extension. 1345 * defined in 1346 * <a href="https://tools.ietf.org/html/rfc5280#section-4.2.1.10"> 1347 * RFC 5280 4.2.1.10</a>. 1348 * <pre> 1349 * id-ce-nameConstraints OBJECT IDENTIFIER ::= { id-ce 30 } 1350 * NameConstraints ::= SEQUENCE { 1351 * permittedSubtrees [0] GeneralSubtrees OPTIONAL, 1352 * excludedSubtrees [1] GeneralSubtrees OPTIONAL } 1353 * GeneralSubtrees ::= SEQUENCE SIZE (1..MAX) OF GeneralSubtree 1354 * GeneralSubtree ::= SEQUENCE { 1355 * base GeneralName, 1356 * minimum [0] BaseDistance DEFAULT 0, 1357 * maximum [1] BaseDistance OPTIONAL } 1358 * BaseDistance ::= INTEGER (0..MAX) 1359 * </pre> 1360 * 1361 * @example 1362 * new NameConstraints({permit: [{dns: "example.com"}], critical: true}) 1363 * new NameConstraints({exclude: [{uri: "example.com"}], critical: true}) 1364 * new NameConstraints({exclude: [{dn: "/C=JP/O=T1"}], critical: true}) 1365 * new NameConstraints({ 1366 * critical: true, 1367 * permit: [{dn: "/C=JP/O=T1"}], 1368 * exclude: [{dn: "/C=US/O=T1", max: 2}]}) 1369 */ 1370 KJUR.asn1.x509.NameConstraints = function(params) { 1371 KJUR.asn1.x509.NameConstraints.superclass.constructor.call(this, params); 1372 var _KJUR = KJUR, 1373 _KJUR_asn1 = _KJUR.asn1, 1374 _KJUR_asn1_x509 = _KJUR_asn1.x509, 1375 _newObject = _KJUR_asn1.ASN1Util.newObject, 1376 _GeneralSubtree = _KJUR_asn1_x509.GeneralSubtree; 1377 1378 this.params = null; 1379 1380 this.getExtnValueHex = function() { 1381 var params = this.params; 1382 var aItem = []; 1383 if (params.permit != undefined && 1384 params.permit.length != undefined) { 1385 var aPermit = []; 1386 for (var i = 0; i < params.permit.length; i++) { 1387 aPermit.push(new _GeneralSubtree(params.permit[i])); 1388 } 1389 aItem.push({tag: {tagi: "a0", obj: {seq: aPermit}}}); 1390 } 1391 1392 if (params.exclude != undefined && 1393 params.exclude.length != undefined) { 1394 var aExclude = []; 1395 for (var i = 0; i < params.exclude.length; i++) { 1396 aExclude.push(new _GeneralSubtree(params.exclude[i])); 1397 } 1398 aItem.push({tag: {tagi: "a1", obj: {seq: aExclude}}}); 1399 } 1400 1401 this.asn1ExtnValue = _newObject({seq: aItem}); 1402 return this.asn1ExtnValue.tohex(); 1403 }; 1404 1405 this.oid = "2.5.29.30"; 1406 if (params !== undefined) this.params = params; 1407 }; 1408 extendClass(KJUR.asn1.x509.NameConstraints, KJUR.asn1.x509.Extension); 1409 1410 /** 1411 * GeneralSubtree ASN.1 structure class<br/> 1412 * @name KJUR.asn1.x509.GeneralSubtree 1413 * @class GeneralSubtree ASN.1 structure class 1414 * @since jsrsasign 10.5.16 asn1x509 2.1.13 1415 * @see KJUR.asn1.x509.NameConstraints 1416 * @see KJUR.asn1.x509.GeneralName 1417 * @see X509#getExtNameConstraints 1418 * @see X509#getGeneralSubtree 1419 * 1420 * @description 1421 * This class provides a encoder for GeneralSubtree 1422 * defined in 1423 * <a href="https://tools.ietf.org/html/rfc5280#section-4.2.1.10"> 1424 * RFC 5280 4.2.1.10</a>. 1425 * This will be used for nameConstraints extension. 1426 * <br> 1427 * Here is definition of the ASN.1 syntax: 1428 * <pre> 1429 * GeneralSubtree ::= SEQUENCE { 1430 * base GeneralName, 1431 * minimum [0] BaseDistance DEFAULT 0, 1432 * maximum [1] BaseDistance OPTIONAL } 1433 * BaseDistance ::= INTEGER (0..MAX) 1434 * </pre> 1435 * An argument for constructor is the same as 1436 * {@link KJUR.asn1.x509.GeneralName} except 1437 * this has following optional members: 1438 * <ul> 1439 * <li>min - {Number} value for the minimum field</li> 1440 * <li>max - {Number} value for the maximum field</li> 1441 * </ul> 1442 * Please note that min and max can't be specified since 1443 * they are prohibited in RFC 5280. 1444 * 1445 * @example 1446 * new GeneralSubtree({dns: "example.com"}) 1447 * new GeneralSubtree({uri: ".example.com"}) 1448 * new GeneralSubtree({dn: "/C=JP/O=Test1"}) 1449 */ 1450 KJUR.asn1.x509.GeneralSubtree = function(params) { 1451 KJUR.asn1.x509.GeneralSubtree.superclass.constructor.call(this); 1452 1453 var _KJUR_asn1 = KJUR.asn1, 1454 _KJUR_asn1_x509 = _KJUR_asn1.x509, 1455 _GeneralName = _KJUR_asn1_x509.GeneralName, 1456 _newObject = _KJUR_asn1.ASN1Util.newObject; 1457 1458 this.params = null; 1459 1460 this.setByParam = function(params) { 1461 this.params = params; 1462 }; 1463 1464 this.tohex = function() { 1465 var params = this.params; 1466 1467 var aItem = [new _GeneralName(params)]; 1468 if (params.min != undefined) 1469 aItem.push({tag: {tagi:"80", obj: {"int": params.min}}}); 1470 if (params.max != undefined) 1471 aItem.push({tag: {tagi:"81", obj: {"int": params.max}}}); 1472 1473 var dSeq = _newObject({seq: aItem}); 1474 return dSeq.tohex(); 1475 } 1476 this.getEncodedHex = function() { return this.tohex(); }; 1477 1478 if (params !== undefined) this.setByParam(params); 1479 }; 1480 extendClass(KJUR.asn1.x509.GeneralSubtree, KJUR.asn1.ASN1Object); 1481 1482 // ===================================================================== 1483 /** 1484 * KeyUsage ASN.1 structure class 1485 * @name KJUR.asn1.x509.ExtKeyUsage 1486 * @class ExtKeyUsage ASN.1 structure class 1487 * @param {Array} params associative array of parameters 1488 * @extends KJUR.asn1.x509.Extension 1489 * @description 1490 * @example 1491 * e1 = new KJUR.asn1.x509.ExtKeyUsage({ 1492 * critical: true, 1493 * array: [ 1494 * {oid: '2.5.29.37.0'}, // anyExtendedKeyUsage 1495 * {name: 'clientAuth'}, 1496 * "1.2.3.4", 1497 * "serverAuth" 1498 * ] 1499 * }); 1500 * // id-ce-extKeyUsage OBJECT IDENTIFIER ::= { id-ce 37 } 1501 * // ExtKeyUsageSyntax ::= SEQUENCE SIZE (1..MAX) OF KeyPurposeId 1502 * // KeyPurposeId ::= OBJECT IDENTIFIER 1503 */ 1504 KJUR.asn1.x509.ExtKeyUsage = function(params) { 1505 KJUR.asn1.x509.ExtKeyUsage.superclass.constructor.call(this, params); 1506 var _KJUR = KJUR, 1507 _KJUR_asn1 = _KJUR.asn1; 1508 1509 this.setPurposeArray = function(purposeArray) { 1510 this.asn1ExtnValue = new _KJUR_asn1.DERSequence(); 1511 for (var i = 0; i < purposeArray.length; i++) { 1512 var o = new _KJUR_asn1.DERObjectIdentifier(purposeArray[i]); 1513 this.asn1ExtnValue.appendASN1Object(o); 1514 } 1515 }; 1516 1517 this.getExtnValueHex = function() { 1518 return this.asn1ExtnValue.tohex(); 1519 }; 1520 1521 this.oid = "2.5.29.37"; 1522 if (params !== undefined) { 1523 if (params.array !== undefined) { 1524 this.setPurposeArray(params.array); 1525 } 1526 } 1527 }; 1528 extendClass(KJUR.asn1.x509.ExtKeyUsage, KJUR.asn1.x509.Extension); 1529 1530 /** 1531 * AuthorityKeyIdentifier ASN.1 structure class 1532 * @name KJUR.asn1.x509.AuthorityKeyIdentifier 1533 * @class AuthorityKeyIdentifier ASN.1 structure class 1534 * @param {Array} params associative array of parameters (ex. {kid: {hex: '89ab...'}, critical: true}) 1535 * @extends KJUR.asn1.x509.Extension 1536 * @since asn1x509 1.0.8 1537 * @description 1538 * This class represents ASN.1 structure for <a href="https://tools.ietf.org/html/rfc5280#section-4.2.1.1">AuthorityKeyIdentifier in RFC 5280</a>. 1539 * Constructor of this class may have following parameters.: 1540 * <ul> 1541 * <li>kid - When key object (RSA, KJUR.crypto.ECDSA/DSA) or PEM string of issuing authority public key or issuer certificate is specified, key identifier will be automatically calculated by the method specified in RFC 5280. When a hexadecimal string is specifed, kid will be set explicitly by it.</li> 1542 * <li>isscert - When PEM string of authority certificate is specified, both authorityCertIssuer and authorityCertSerialNumber will be set by the certificate.</li> 1543 * <li>issuer - {@link KJUR.asn1.x509.X500Name} parameter to specify issuer name explicitly.</li> 1544 * <li>sn - hexadecimal string to specify serial number explicitly.</li> 1545 * <li>critical - boolean to specify criticality of this extension 1546 * however conforming CA must mark this extension as non-critical in RFC 5280.</li> 1547 * </ul> 1548 * 1549 * <pre> 1550 * d-ce-authorityKeyIdentifier OBJECT IDENTIFIER ::= { id-ce 35 } 1551 * AuthorityKeyIdentifier ::= SEQUENCE { 1552 * keyIdentifier [0] KeyIdentifier OPTIONAL, 1553 * authorityCertIssuer [1] GeneralNames OPTIONAL, 1554 * authorityCertSerialNumber [2] CertificateSerialNumber OPTIONAL } 1555 * KeyIdentifier ::= OCTET STRING 1556 * </pre> 1557 * 1558 * @example 1559 * // 1. kid by key object 1560 * keyobj = KEYUTIL.getKey("-----BEGIN PUBLIC KEY..."); 1561 * e1 = new KJUR.asn1.x509.AuthorityKeyIdentifier({kid: keyobj}); 1562 * // 2. kid by PEM string of authority certificate or public key 1563 * e1 = new KJUR.asn1.x509.AuthorityKeyIdentifier({kid: "-----BEGIN..."}); 1564 * // 3. specify kid explicitly 1565 * e1 = new KJUR.asn1.x509.AuthorityKeyIdentifier({kid: "8ab1d3..."}); 1566 * }); 1567 * // 4. issuer and serial number by auhtority PEM certificate 1568 * e1 = new KJUR.asn1.x509.AuthorityKeyIdentifier({isscert: "-----BEGIN..."}); 1569 * // 5. issuer and serial number explicitly 1570 * e1 = new KJUR.asn1.x509.AuthorityKeyIdentifier({ 1571 * issuer: {ldapstr: "O=test,C=US"}, 1572 * sn: {hex: "1ac7..."}}); 1573 * // 6. combination 1574 * e1 = new KJUR.asn1.x509.AuthorityKeyIdentifier({ 1575 * kid: "-----BEGIN CERTIFICATE...", 1576 * isscert: "-----BEGIN CERTIFICATE..."}); 1577 */ 1578 KJUR.asn1.x509.AuthorityKeyIdentifier = function(params) { 1579 KJUR.asn1.x509.AuthorityKeyIdentifier.superclass.constructor.call(this, params); 1580 var _KJUR = KJUR, 1581 _KJUR_asn1 = _KJUR.asn1, 1582 _DERTaggedObject = _KJUR_asn1.DERTaggedObject, 1583 _GeneralNames = _KJUR_asn1.x509.GeneralNames, 1584 _isKey = _KJUR.crypto.Util.isKey; 1585 1586 this.asn1KID = null; 1587 this.asn1CertIssuer = null; // X500Name hTLV 1588 this.asn1CertSN = null; 1589 1590 this.getExtnValueHex = function() { 1591 var a = new Array(); 1592 if (this.asn1KID) 1593 a.push(new _DERTaggedObject({'explicit': false, 1594 'tag': '80', 1595 'obj': this.asn1KID})); 1596 1597 if (this.asn1CertIssuer) 1598 a.push(new _DERTaggedObject({'explicit': false, 1599 'tag': 'a1', 1600 'obj': new _GeneralNames([{dn: this.asn1CertIssuer}])})); 1601 1602 if (this.asn1CertSN) 1603 a.push(new _DERTaggedObject({'explicit': false, 1604 'tag': '82', 1605 'obj': this.asn1CertSN})); 1606 1607 var asn1Seq = new _KJUR_asn1.DERSequence({'array': a}); 1608 this.asn1ExtnValue = asn1Seq; 1609 return this.asn1ExtnValue.tohex(); 1610 }; 1611 1612 /** 1613 * set keyIdentifier value by DEROctetString parameter, key object or PEM file 1614 * @name setKIDByParam 1615 * @memberOf KJUR.asn1.x509.AuthorityKeyIdentifier# 1616 * @function 1617 * @param {Array} param parameter to set key identifier 1618 * @since asn1x509 1.0.8 1619 * @description 1620 * This method will set keyIdentifier by param. 1621 * Its key identifier value can be set by following type of param argument: 1622 * <ul> 1623 * <li>{str: "123"} - by raw string</li> 1624 * <li>{hex: "01af..."} - by hexadecimal value</li> 1625 * <li>RSAKey/DSA/ECDSA - by RSAKey, KJUR.crypto.{DSA/ECDSA} public key object. 1626 * key identifier value will be calculated by the method described in 1627 * <a href="https://tools.ietf.org/html/rfc5280#section-4.2.1.2">RFC 5280 4.2.1.2 (1)</a>. 1628 * </li> 1629 * <li>certificate PEM string - extract subjectPublicKeyInfo from specified PEM 1630 * certificate and 1631 * key identifier value will be calculated by the method described in 1632 * <a href="https://tools.ietf.org/html/rfc5280#section-4.2.1.2">RFC 5280 4.2.1.2 (1)</a>. 1633 * <li>PKCS#1/#8 public key PEM string - pem will be converted to a key object and 1634 * to PKCS#8 ASN.1 structure then calculate 1635 * a key identifier value will be calculated by the method described in 1636 * <a href="https://tools.ietf.org/html/rfc5280#section-4.2.1.2">RFC 5280 4.2.1.2 (1)</a>. 1637 * </ul> 1638 * 1639 * NOTE1: Automatic key identifier calculation is supported 1640 * since jsrsasign 8.0.16. 1641 * 1642 * @see KEYUTIL.getKeyID 1643 * 1644 * @example 1645 * o = new KJUR.asn1.x509.AuthorityKeyIdentifier(); 1646 * // set by hexadecimal string 1647 * o.setKIDByParam({hex: '1ad9...'}); 1648 * // set by SubjectPublicKeyInfo of PEM certificate string 1649 * o.setKIDByParam("-----BEGIN CERTIFICATE..."); 1650 * // set by PKCS#8 PEM public key string 1651 * o.setKIDByParam("-----BEGIN PUBLIC KEY..."); 1652 * // set by public key object 1653 * pubkey = KEYUTIL.getKey("-----BEGIN CERTIFICATE..."); 1654 * o.setKIDByParam(pubkey); 1655 */ 1656 this.setKIDByParam = function(param) { 1657 if (param.str !== undefined || 1658 param.hex !== undefined) { 1659 this.asn1KID = new KJUR.asn1.DEROctetString(param); 1660 } else if ((typeof param === "object" && 1661 KJUR.crypto.Util.isKey(param)) || 1662 (typeof param === "string" && 1663 param.indexOf("BEGIN ") != -1)) { 1664 1665 var keyobj = param; 1666 if (typeof param === "string") { 1667 keyobj = KEYUTIL.getKey(param); 1668 } 1669 1670 var kid = KEYUTIL.getKeyID(keyobj); 1671 this.asn1KID = new KJUR.asn1.DEROctetString({hex: kid}); 1672 } 1673 }; 1674 1675 /** 1676 * set authorityCertIssuer value by X500Name parameter 1677 * @name setCertIssuerByParam 1678 * @memberOf KJUR.asn1.x509.AuthorityKeyIdentifier# 1679 * @function 1680 * @param {Array} param parameter to set issuer name 1681 * @since asn1x509 1.0.8 1682 * @description 1683 * This method will set authorityCertIssuer name by param. 1684 * Issuer name can be set by following type of param argument: 1685 * <ul> 1686 * <li>str/ldapstr/hex/certsubject/certissuer - 1687 * set issuer by {@link KJUR.asn1.x509.X500Name} 1688 * object with specified parameters.</li> 1689 * <li>PEM CERTIFICATE STRING - extract its subject name from 1690 * specified issuer PEM certificate and set. 1691 * </ul> 1692 * NOTE1: Automatic authorityCertIssuer setting by certificate 1693 * is supported since jsrsasign 8.0.16. 1694 * 1695 * @see KJUR.asn1.x509.X500Name 1696 * @see KJUR.asn1.x509.GeneralNames 1697 * @see X509.getSubjectHex 1698 * 1699 * @example 1700 * var o = new KJUR.asn1.x509.AuthorityKeyIdentifier(); 1701 * // 1. set it by string 1702 * o.setCertIssuerByParam({str: '/C=US/O=Test'}); 1703 * // 2. set it by issuer PEM certificate 1704 * o.setCertIssuerByParam("-----BEGIN CERTIFICATE..."); 1705 * 1706 */ 1707 this.setCertIssuerByParam = function(param) { 1708 if (param.str !== undefined || 1709 param.ldapstr !== undefined || 1710 param.hex !== undefined || 1711 param.certsubject !== undefined || 1712 param.certissuer !== undefined) { 1713 this.asn1CertIssuer = new KJUR.asn1.x509.X500Name(param); 1714 } else if (typeof param === "string" && 1715 param.indexOf("BEGIN ") != -1 && 1716 param.indexOf("CERTIFICATE") != -1) { 1717 this.asn1CertIssuer = new KJUR.asn1.x509.X500Name({certissuer: param}); 1718 } 1719 }; 1720 1721 /** 1722 * set authorityCertSerialNumber value 1723 * @name setCertSerialNumberByParam 1724 * @memberOf KJUR.asn1.x509.AuthorityKeyIdentifier# 1725 * @function 1726 * @param {Object} param parameter to set serial number 1727 * @since asn1x509 1.0.8 1728 * @description 1729 * This method will set authorityCertSerialNumber by param. 1730 * Serial number can be set by following type of param argument: 1731 * 1732 * <ul> 1733 * <li>{int: 123} - by integer value</li> 1734 * <li>{hex: "01af"} - by hexadecimal integer value</li> 1735 * <li>{bigint: new BigInteger(...)} - by hexadecimal integer value</li> 1736 * <li>PEM CERTIFICATE STRING - extract serial number from issuer certificate and 1737 * set serial number. 1738 * 1739 * NOTE1: Automatic authorityCertSerialNumber setting by certificate 1740 * is supported since jsrsasign 8.0.16. 1741 * 1742 * @see X509.getSerialNumberHex 1743 */ 1744 this.setCertSNByParam = function(param) { 1745 if (param.str !== undefined || 1746 param.bigint !== undefined || 1747 param.hex !== undefined) { 1748 this.asn1CertSN = new KJUR.asn1.DERInteger(param); 1749 } else if (typeof param === "string" && 1750 param.indexOf("BEGIN ") != -1 && 1751 param.indexOf("CERTIFICATE")) { 1752 1753 var x = new X509(); 1754 x.readCertPEM(param); 1755 var sn = x.getSerialNumberHex(); 1756 this.asn1CertSN = new KJUR.asn1.DERInteger({hex: sn}); 1757 } 1758 }; 1759 1760 this.oid = "2.5.29.35"; 1761 if (params !== undefined) { 1762 if (params.kid !== undefined) { 1763 this.setKIDByParam(params.kid); 1764 } 1765 if (params.issuer !== undefined) { 1766 this.setCertIssuerByParam(params.issuer); 1767 } 1768 if (params.sn !== undefined) { 1769 this.setCertSNByParam(params.sn); 1770 } 1771 1772 if (params.issuersn !== undefined && 1773 typeof params.issuersn === "string" && 1774 params.issuersn.indexOf("BEGIN ") != -1 && 1775 params.issuersn.indexOf("CERTIFICATE")) { 1776 this.setCertSNByParam(params.issuersn); 1777 this.setCertIssuerByParam(params.issuersn); 1778 } 1779 } 1780 }; 1781 extendClass(KJUR.asn1.x509.AuthorityKeyIdentifier, KJUR.asn1.x509.Extension); 1782 1783 /** 1784 * SubjectKeyIdentifier extension ASN.1 structure class 1785 * @name KJUR.asn1.x509.SubjectKeyIdentifier 1786 * @class SubjectKeyIdentifier ASN.1 structure class 1787 * @param {Array} params associative array of parameters (ex. {kid: {hex: '89ab...'}, critical: true}) 1788 * @extends KJUR.asn1.x509.Extension 1789 * @since asn1x509 1.1.7 jsrsasign 8.0.14 1790 * @description 1791 * This class represents ASN.1 structure for 1792 * <a href="https://tools.ietf.org/html/rfc5280#section-4.2.1.2"> 1793 * SubjectKeyIdentifier in RFC 5280</a>. 1794 * Constructor of this class may have following parameters: 1795 * <ul> 1796 * <li>kid - When key object (RSA, KJUR.crypto.ECDSA/DSA) or PEM string of subject public key or certificate is specified, key identifier will be automatically calculated by the method specified in RFC 5280. When a hexadecimal string is specifed, kid will be set explicitly by it.</li> 1797 * <li>critical - boolean to specify criticality of this extension 1798 * however conforming CA must mark this extension as non-critical in RFC 5280.</li> 1799 * </ul> 1800 * <pre> 1801 * d-ce-subjectKeyIdentifier OBJECT IDENTIFIER ::= { id-ce 14 } 1802 * SubjectKeyIdentifier ::= KeyIdentifier 1803 * KeyIdentifier ::= OCTET STRING 1804 * </pre> 1805 * 1806 * @example 1807 * // set by hexadecimal string 1808 * e = new KJUR.asn1.x509.SubjectKeyIdentifier({kid: {hex: '89ab'}}); 1809 * // set by PEM public key or certificate string 1810 * e = new KJUR.asn1.x509.SubjectKeyIdentifier({kid: "-----BEGIN CERTIFICATE..."}); 1811 * // set by public key object 1812 * pubkey = KEYUTIL.getKey("-----BEGIN CERTIFICATE..."); 1813 * e = new KJUR.asn1.x509.SubjectKeyIdentifier({kid: pubkey}); 1814 */ 1815 KJUR.asn1.x509.SubjectKeyIdentifier = function(params) { 1816 KJUR.asn1.x509.SubjectKeyIdentifier.superclass.constructor.call(this, params); 1817 var _KJUR = KJUR, 1818 _KJUR_asn1 = _KJUR.asn1, 1819 _DEROctetString = _KJUR_asn1.DEROctetString; 1820 1821 this.asn1KID = null; 1822 1823 this.getExtnValueHex = function() { 1824 this.asn1ExtnValue = this.asn1KID; 1825 return this.asn1ExtnValue.tohex(); 1826 }; 1827 1828 /** 1829 * set keyIdentifier value by DEROctetString parameter, key object or PEM file 1830 * @name setKIDByParam 1831 * @memberOf KJUR.asn1.x509.SubjectKeyIdentifier# 1832 * @function 1833 * @param {Array} param array of {@link KJUR.asn1.DERInteger} parameter 1834 * @since asn1x509 1.1.7 jsrsasign 8.0.14 1835 * @description 1836 * <ul> 1837 * <li>{str: "123"} - by raw string</li> 1838 * <li>{hex: "01af..."} - by hexadecimal value</li> 1839 * <li>RSAKey/DSA/ECDSA - by RSAKey, KJUR.crypto.{DSA/ECDSA} public key object. 1840 * key identifier value will be calculated by the method described in 1841 * <a href="https://tools.ietf.org/html/rfc5280#section-4.2.1.2">RFC 5280 4.2.1.2 (1)</a>. 1842 * </li> 1843 * <li>certificate PEM string - extract subjectPublicKeyInfo from specified PEM 1844 * certificate and 1845 * key identifier value will be calculated by the method described in 1846 * <a href="https://tools.ietf.org/html/rfc5280#section-4.2.1.2">RFC 5280 4.2.1.2 (1)</a>. 1847 * <li>PKCS#1/#8 public key PEM string - pem will be converted to a key object and 1848 * to PKCS#8 ASN.1 structure then calculate 1849 * a key identifier value will be calculated by the method described in 1850 * <a href="https://tools.ietf.org/html/rfc5280#section-4.2.1.2">RFC 5280 4.2.1.2 (1)</a>. 1851 * </ul> 1852 * 1853 * NOTE1: Automatic key identifier calculation is supported 1854 * since jsrsasign 8.0.16. 1855 * 1856 * @see KEYUTIL.getKeyID 1857 * 1858 * @example 1859 * o = new KJUR.asn1.x509.SubjectKeyIdentifier(); 1860 * // set by hexadecimal string 1861 * o.setKIDByParam({hex: '1ad9...'}); 1862 * // set by SubjectPublicKeyInfo of PEM certificate string 1863 * o.setKIDByParam("-----BEGIN CERTIFICATE..."); 1864 * // set by PKCS#8 PEM public key string 1865 * o.setKIDByParam("-----BEGIN PUBLIC KEY..."); 1866 * // set by public key object 1867 * pubkey = KEYUTIL.getKey("-----BEGIN CERTIFICATE..."); 1868 * o.setKIDByParam(pubkey); 1869 */ 1870 this.setKIDByParam = function(param) { 1871 if (param.str !== undefined || 1872 param.hex !== undefined) { 1873 this.asn1KID = new _DEROctetString(param); 1874 } else if ((typeof param === "object" && 1875 KJUR.crypto.Util.isKey(param)) || 1876 (typeof param === "string" && 1877 param.indexOf("BEGIN") != -1)) { 1878 1879 var keyobj = param; 1880 if (typeof param === "string") { 1881 keyobj = KEYUTIL.getKey(param); 1882 } 1883 1884 var kid = KEYUTIL.getKeyID(keyobj); 1885 this.asn1KID = new KJUR.asn1.DEROctetString({hex: kid}); 1886 } 1887 }; 1888 1889 this.oid = "2.5.29.14"; 1890 if (params !== undefined) { 1891 if (params.kid !== undefined) { 1892 this.setKIDByParam(params.kid); 1893 } 1894 } 1895 }; 1896 extendClass(KJUR.asn1.x509.SubjectKeyIdentifier, KJUR.asn1.x509.Extension); 1897 1898 /** 1899 * AuthorityInfoAccess ASN.1 structure class 1900 * @name KJUR.asn1.x509.AuthorityInfoAccess 1901 * @class AuthorityInfoAccess ASN.1 structure class 1902 * @param {Array} params JSON object of AuthorityInfoAccess parameters 1903 * @extends KJUR.asn1.x509.Extension 1904 * @since asn1x509 1.0.8 1905 * @see {@link X509#getExtAuthorityInfoAccess} 1906 * @description 1907 * This class represents 1908 * <a href="https://tools.ietf.org/html/rfc5280#section-4.2.2.1"> 1909 * AuthorityInfoAccess extension defined in RFC 5280 4.2.2.1</a>. 1910 * <pre> 1911 * id-pe OBJECT IDENTIFIER ::= { id-pkix 1 } 1912 * id-pe-authorityInfoAccess OBJECT IDENTIFIER ::= { id-pe 1 } 1913 * AuthorityInfoAccessSyntax ::= 1914 * SEQUENCE SIZE (1..MAX) OF AccessDescription 1915 * AccessDescription ::= SEQUENCE { 1916 * accessMethod OBJECT IDENTIFIER, 1917 * accessLocation GeneralName } 1918 * id-ad OBJECT IDENTIFIER ::= { id-pkix 48 } 1919 * id-ad-caIssuers OBJECT IDENTIFIER ::= { id-ad 2 } 1920 * id-ad-ocsp OBJECT IDENTIFIER ::= { id-ad 1 } 1921 * </pre> 1922 * NOTE: Acceptable parameters have been changed since 1923 * from jsrsasign 9.0.0 asn1x509 2.0.0. 1924 * Parameter generated by {@link X509#getAuthorityInfoAccess} 1925 * can be accepted as a argument of this constructor. 1926 * @example 1927 * e1 = new KJUR.asn1.x509.AuthorityInfoAccess({ 1928 * array: [ 1929 * {ocsp: 'http://ocsp.example.org'}, 1930 * {caissuer: 'https://repository.example.org/aaa.crt'} 1931 * ] 1932 * }); 1933 */ 1934 KJUR.asn1.x509.AuthorityInfoAccess = function(params) { 1935 KJUR.asn1.x509.AuthorityInfoAccess.superclass.constructor.call(this, params); 1936 1937 this.setAccessDescriptionArray = function(aParam) { 1938 var aASN1 = new Array(), 1939 _KJUR = KJUR, 1940 _KJUR_asn1 = _KJUR.asn1, 1941 _DERSequence = _KJUR_asn1.DERSequence, 1942 _DERObjectIdentifier = _KJUR_asn1.DERObjectIdentifier, 1943 _GeneralName = _KJUR_asn1.x509.GeneralName; 1944 1945 for (var i = 0; i < aParam.length; i++) { 1946 var adseq; 1947 var adparam = aParam[i]; 1948 1949 if (adparam.ocsp !== undefined) { 1950 adseq = new _DERSequence({array: [ 1951 new _DERObjectIdentifier({oid: "1.3.6.1.5.5.7.48.1"}), 1952 new _GeneralName({uri: adparam.ocsp}) 1953 ]}); 1954 } else if (adparam.caissuer !== undefined) { 1955 adseq = new _DERSequence({array: [ 1956 new _DERObjectIdentifier({oid: "1.3.6.1.5.5.7.48.2"}), 1957 new _GeneralName({uri: adparam.caissuer}) 1958 ]}); 1959 } else { 1960 throw new Error("unknown AccessMethod parameter: " + 1961 JSON.stringify(adparam)); 1962 } 1963 aASN1.push(adseq); 1964 } 1965 this.asn1ExtnValue = new _DERSequence({'array':aASN1}); 1966 }; 1967 1968 this.getExtnValueHex = function() { 1969 return this.asn1ExtnValue.tohex(); 1970 }; 1971 1972 this.oid = "1.3.6.1.5.5.7.1.1"; 1973 if (params !== undefined) { 1974 if (params.array !== undefined) { 1975 this.setAccessDescriptionArray(params.array); 1976 } 1977 } 1978 }; 1979 extendClass(KJUR.asn1.x509.AuthorityInfoAccess, KJUR.asn1.x509.Extension); 1980 1981 /** 1982 * SubjectAltName ASN.1 structure class<br/> 1983 * @name KJUR.asn1.x509.SubjectAltName 1984 * @class SubjectAltName ASN.1 structure class 1985 * @param {Array} params associative array of parameters 1986 * @extends KJUR.asn1.x509.Extension 1987 * @since jsrsasign 6.2.3 asn1x509 1.0.19 1988 * @see KJUR.asn1.x509.GeneralNames 1989 * @see KJUR.asn1.x509.GeneralName 1990 * @description 1991 * This class provides X.509v3 SubjectAltName extension. 1992 * <pre> 1993 * id-ce-subjectAltName OBJECT IDENTIFIER ::= { id-ce 17 } 1994 * SubjectAltName ::= GeneralNames 1995 * GeneralNames ::= SEQUENCE SIZE (1..MAX) OF GeneralName 1996 * GeneralName ::= CHOICE { 1997 * otherName [0] OtherName, 1998 * rfc822Name [1] IA5String, 1999 * dNSName [2] IA5String, 2000 * x400Address [3] ORAddress, 2001 * directoryName [4] Name, 2002 * ediPartyName [5] EDIPartyName, 2003 * uniformResourceIdentifier [6] IA5String, 2004 * iPAddress [7] OCTET STRING, 2005 * registeredID [8] OBJECT IDENTIFIER } 2006 * </pre> 2007 * @example 2008 * e1 = new KJUR.asn1.x509.SubjectAltName({ 2009 * critical: true, 2010 * array: [{uri: 'http://aaa.com/'}, {uri: 'http://bbb.com/'}] 2011 * }); 2012 */ 2013 KJUR.asn1.x509.SubjectAltName = function(params) { 2014 KJUR.asn1.x509.SubjectAltName.superclass.constructor.call(this, params) 2015 2016 this.setNameArray = function(paramsArray) { 2017 this.asn1ExtnValue = new KJUR.asn1.x509.GeneralNames(paramsArray); 2018 }; 2019 2020 this.getExtnValueHex = function() { 2021 return this.asn1ExtnValue.tohex(); 2022 }; 2023 2024 this.oid = "2.5.29.17"; 2025 if (params !== undefined) { 2026 if (params.array !== undefined) { 2027 this.setNameArray(params.array); 2028 } 2029 } 2030 }; 2031 extendClass(KJUR.asn1.x509.SubjectAltName, KJUR.asn1.x509.Extension); 2032 2033 /** 2034 * IssuerAltName ASN.1 structure class<br/> 2035 * @name KJUR.asn1.x509.IssuerAltName 2036 * @class IssuerAltName ASN.1 structure class 2037 * @param {Array} params associative array of parameters 2038 * @extends KJUR.asn1.x509.Extension 2039 * @since jsrsasign 6.2.3 asn1x509 1.0.19 2040 * @see KJUR.asn1.x509.GeneralNames 2041 * @see KJUR.asn1.x509.GeneralName 2042 * @description 2043 * This class provides X.509v3 IssuerAltName extension. 2044 * <pre> 2045 * id-ce-subjectAltName OBJECT IDENTIFIER ::= { id-ce 18 } 2046 * IssuerAltName ::= GeneralNames 2047 * GeneralNames ::= SEQUENCE SIZE (1..MAX) OF GeneralName 2048 * GeneralName ::= CHOICE { 2049 * otherName [0] OtherName, 2050 * rfc822Name [1] IA5String, 2051 * dNSName [2] IA5String, 2052 * x400Address [3] ORAddress, 2053 * directoryName [4] Name, 2054 * ediPartyName [5] EDIPartyName, 2055 * uniformResourceIdentifier [6] IA5String, 2056 * iPAddress [7] OCTET STRING, 2057 * registeredID [8] OBJECT IDENTIFIER } 2058 * </pre> 2059 * @example 2060 * e1 = new KJUR.asn1.x509.IssuerAltName({ 2061 * critical: true, 2062 * array: [{uri: 'http://aaa.com/'}, {uri: 'http://bbb.com/'}] 2063 * }); 2064 */ 2065 KJUR.asn1.x509.IssuerAltName = function(params) { 2066 KJUR.asn1.x509.IssuerAltName.superclass.constructor.call(this, params) 2067 2068 this.setNameArray = function(paramsArray) { 2069 this.asn1ExtnValue = new KJUR.asn1.x509.GeneralNames(paramsArray); 2070 }; 2071 2072 this.getExtnValueHex = function() { 2073 return this.asn1ExtnValue.tohex(); 2074 }; 2075 2076 this.oid = "2.5.29.18"; 2077 if (params !== undefined) { 2078 if (params.array !== undefined) { 2079 this.setNameArray(params.array); 2080 } 2081 } 2082 }; 2083 extendClass(KJUR.asn1.x509.IssuerAltName, KJUR.asn1.x509.Extension); 2084 2085 /** 2086 * SubjectDirectoryAttributes ASN.1 structure class<br/> 2087 * @name KJUR.asn1.x509.SubjectDirectoryAttributes 2088 * @class SubjectDirectoryAttributes ASN.1 structure class 2089 * @param {Array} params associative array of parameters 2090 * @extends KJUR.asn1.x509.Extension 2091 * @since jsrsasign 10.1.9 asn1x509 2.1.7 2092 * @description 2093 * This class provides X.509v3 SubjectDirectoryAttributes extension 2094 * defined in <a href="https://tools.ietf.org/html/rfc3739#section-3.3.2"> 2095 * RFC 3739 Qualified Certificate Profile section 3.3.2</a>. 2096 * <pre> 2097 * SubjectDirectoryAttributes ::= Attributes 2098 * Attributes ::= SEQUENCE SIZE (1..MAX) OF Attribute 2099 * Attribute ::= SEQUENCE { 2100 * type AttributeType 2101 * values SET OF AttributeValue } 2102 * AttributeType ::= OBJECT IDENTIFIER 2103 * AttributeValue ::= ANY DEFINED BY AttributeType 2104 * </pre> 2105 * @example 2106 * e1 = new KJUR.asn1.x509.SubjectDirectoryAttributes({ 2107 * extname: "subjectDirectoryAttributes", 2108 * array: [ 2109 * { attr: "dateOfBirth", str: "19701231230000Z" }, 2110 * { attr: "placeOfBirth", str: "Tokyo" }, 2111 * { attr: "gender", str: "F" }, 2112 * { attr: "countryOfCitizenship", str: "JP" }, 2113 * { attr: "countryOfResidence", str: "JP" } 2114 * ] 2115 * }); 2116 */ 2117 KJUR.asn1.x509.SubjectDirectoryAttributes = function(params) { 2118 KJUR.asn1.x509.SubjectDirectoryAttributes.superclass.constructor.call(this, params); 2119 var _KJUR_asn1 = KJUR.asn1, 2120 _DERSequence = _KJUR_asn1.DERSequence, 2121 _newObject = _KJUR_asn1.ASN1Util.newObject, 2122 _name2oid = _KJUR_asn1.x509.OID.name2oid; 2123 2124 this.params = null; 2125 2126 this.getExtnValueHex = function() { 2127 var a = []; 2128 for (var i = 0; i < this.params.array.length; i++) { 2129 var pAttr = this.params.array[i]; 2130 2131 var newparam = { 2132 "seq": [ 2133 {"oid": "1.2.3.4"}, 2134 {"set": [{"utf8str": "DE"}]} 2135 ] 2136 }; 2137 2138 if (pAttr.attr == "dateOfBirth") { 2139 newparam.seq[0].oid = _name2oid(pAttr.attr); 2140 newparam.seq[1].set[0] = {"gentime": pAttr.str}; 2141 } else if (pAttr.attr == "placeOfBirth") { 2142 newparam.seq[0].oid = _name2oid(pAttr.attr); 2143 newparam.seq[1].set[0] = {"utf8str": pAttr.str}; 2144 } else if (pAttr.attr == "gender") { 2145 newparam.seq[0].oid = _name2oid(pAttr.attr); 2146 newparam.seq[1].set[0] = {"prnstr": pAttr.str}; 2147 } else if (pAttr.attr == "countryOfCitizenship") { 2148 newparam.seq[0].oid = _name2oid(pAttr.attr); 2149 newparam.seq[1].set[0] = {"prnstr": pAttr.str}; 2150 } else if (pAttr.attr == "countryOfResidence") { 2151 newparam.seq[0].oid = _name2oid(pAttr.attr); 2152 newparam.seq[1].set[0] = {"prnstr": pAttr.str}; 2153 } else { 2154 throw new Error("unsupported attribute: " + pAttr.attr); 2155 } 2156 a.push(new _newObject(newparam)); 2157 } 2158 var seq = new _DERSequence({array: a}); 2159 this.asn1ExtnValue = seq; 2160 return this.asn1ExtnValue.tohex(); 2161 }; 2162 2163 this.oid = "2.5.29.9"; 2164 if (params !== undefined) { 2165 this.params = params; 2166 } 2167 }; 2168 extendClass(KJUR.asn1.x509.SubjectDirectoryAttributes, KJUR.asn1.x509.Extension); 2169 2170 2171 /** 2172 * priavte extension ASN.1 structure class<br/> 2173 * @name KJUR.asn1.x509.PrivateExtension 2174 * @class private extension ASN.1 structure class 2175 * @param {Array} params JSON object of private extension 2176 * @extends KJUR.asn1.x509.Extension 2177 * @since jsrsasign 9.1.1 asn1x509 2178 * @see KJUR.asn1.ASN1Util.newObject 2179 * 2180 * @description 2181 * This class is to represent private extension or 2182 * unsupported extension. 2183 * <pre> 2184 * Extension ::= SEQUENCE { 2185 * extnID OBJECT IDENTIFIER, 2186 * critical BOOLEAN DEFAULT FALSE, 2187 * extnValue OCTET STRING } 2188 * </pre> 2189 * Following properties can be set for JSON parameter: 2190 * <ul> 2191 * <li>{String}extname - string of OID or predefined extension name</li> 2192 * <li>{Boolean}critical - critical flag</li> 2193 * <li>{Object}extn - hexadecimal string or 2194 * of {@link KJUR.asn1.ASN1Util.newObject} 2195 * JSON parameter for extnValue field</li> 2196 * </li> 2197 * </ul> 2198 * 2199 * @example 2200 * // extn by hexadecimal 2201 * new KJUR.asn1.x509.PrivateExtension({ 2202 * extname: "1.2.3.4", 2203 * critical: true, 2204 * extn: "13026161" // means PrintableString "aa" 2205 * }); 2206 * 2207 * // extn by JSON parameter 2208 * new KJUR.asn1.x509.PrivateExtension({ 2209 * extname: "1.2.3.5", 2210 * extn: {seq: [{prnstr:"abc"},{utf8str:"def"}]} 2211 * }); 2212 */ 2213 KJUR.asn1.x509.PrivateExtension = function(params) { 2214 KJUR.asn1.x509.PrivateExtension.superclass.constructor.call(this, params) 2215 2216 var _KJUR = KJUR, 2217 _isHex = _KJUR.lang.String.isHex, 2218 _KJUR_asn1 = _KJUR.asn1, 2219 _name2oid = _KJUR_asn1.x509.OID.name2oid, 2220 _newObject = _KJUR_asn1.ASN1Util.newObject; 2221 2222 this.params = null; 2223 2224 this.setByParam = function(params) { 2225 this.oid = _name2oid(params.extname); 2226 this.params = params; 2227 }; 2228 2229 this.getExtnValueHex = function() { 2230 if (this.params.extname == undefined || 2231 this.params.extn == undefined) { 2232 throw new Error("extname or extnhex not specified"); 2233 } 2234 2235 var extn = this.params.extn; 2236 if (typeof extn == "string" && _isHex(extn)) { 2237 return extn; 2238 } else if (typeof extn == "object") { 2239 try { 2240 return _newObject(extn).tohex(); 2241 } catch(ex) {} 2242 } 2243 throw new Error("unsupported extn value"); 2244 }; 2245 2246 if (params != undefined) { 2247 this.setByParam(params); 2248 } 2249 }; 2250 extendClass(KJUR.asn1.x509.PrivateExtension, KJUR.asn1.x509.Extension); 2251 2252 // === END X.509v3 Extensions Related ======================================= 2253 2254 // === BEGIN CRL Related =================================================== 2255 /** 2256 * X.509 CRL class to sign and generate hex encoded CRL<br/> 2257 * @name KJUR.asn1.x509.CRL 2258 * @class X.509 CRL class to sign and generate hex encoded certificate 2259 * @property {Array} params JSON object of parameters 2260 * @param {Array} params JSON object of CRL parameters 2261 * @extends KJUR.asn1.ASN1Object 2262 * @since 1.0.3 2263 * @see KJUR.asn1.x509.TBSCertList 2264 * 2265 * @description 2266 * This class represents CertificateList ASN.1 structur of X.509 CRL 2267 * defined in <a href="https://tools.ietf.org/html/rfc5280#section-5.1"> 2268 * RFC 5280 5.1</a> 2269 * <pre> 2270 * CertificateList ::= SEQUENCE { 2271 * tbsCertList TBSCertList, 2272 * signatureAlgorithm AlgorithmIdentifier, 2273 * signatureValue BIT STRING } 2274 * </pre> 2275 * NOTE: CRL class is updated without backward 2276 * compatibility from jsrsasign 9.1.0 asn1x509 2.1.0. 2277 * Most of methods are removed and parameters can be set 2278 * by JSON object. 2279 * <br/> 2280 * Constructor of this class can accept all 2281 * parameters of {@link KJUR.asn1.x509.TBSCertList}. 2282 * It also accept following parameters additionally: 2283 * <ul> 2284 * <li>{TBSCertList}tbsobj (OPTION) - 2285 * specifies {@link KJUR.asn1.x509.TBSCertList} 2286 * object to be signed if needed. 2287 * When this isn't specified, 2288 * this will be set from other parametes of TBSCertList.</li> 2289 * <li>{Object}cakey (OPTION) - specifies CRL signing private key. 2290 * Parameter "cakey" or "sighex" shall be specified. Following 2291 * values can be specified: 2292 * <ul> 2293 * <li>PKCS#1/5 or PKCS#8 PEM string of private key</li> 2294 * <li>RSAKey/DSA/ECDSA key object. {@link KEYUTIL.getKey} is useful 2295 * to generate a key object.</li> 2296 * </ul> 2297 * </li> 2298 * <li>{String}sighex (OPTION) - hexadecimal string of signature value 2299 * (i.e. ASN.1 value(V) of signatureValue BIT STRING without 2300 * unused bits)</li> 2301 * </ul> 2302 * 2303 * @example 2304 * var crl = new KJUR.asn1.x509.CRL({ 2305 * sigalg: "SHA256withRSA", 2306 * issuer: {str:'/C=JP/O=Test1'}, 2307 * thisupdate: "200821235959Z", 2308 * nextupdate: "200828235959Z", // OPTION 2309 * revcert: [{sn: {hex: "12ab"}, date: "200401235959Z"}], 2310 * ext: [ 2311 * {extname: "cRLNumber", num: {'int': 8}}, 2312 * {extname: "authorityKeyIdentifier", "kid": {hex: "12ab"}} 2313 * ], 2314 * cakey: prvkey 2315 * }); 2316 * crl.gettohex() → "30..." 2317 * crl.getPEM() → "-----BEGIN X509 CRL..." 2318 */ 2319 KJUR.asn1.x509.CRL = function(params) { 2320 KJUR.asn1.x509.CRL.superclass.constructor.call(this); 2321 var _KJUR = KJUR, 2322 _KJUR_asn1 = _KJUR.asn1, 2323 _DERSequence = _KJUR_asn1.DERSequence, 2324 _DERBitString = _KJUR_asn1.DERBitString, 2325 _KJUR_asn1_x509 = _KJUR_asn1.x509, 2326 _AlgorithmIdentifier = _KJUR_asn1_x509.AlgorithmIdentifier, 2327 _TBSCertList = _KJUR_asn1_x509.TBSCertList; 2328 2329 this.params = undefined; 2330 2331 this.setByParam = function(params) { 2332 this.params = params; 2333 }; 2334 2335 /** 2336 * sign CRL<br/> 2337 * @name sign 2338 * @memberOf KJUR.asn1.x509.CRL# 2339 * @function 2340 * @description 2341 * This method signs TBSCertList with a specified 2342 * private key and algorithm by 2343 * this.params.cakey and this.params.sigalg parameter. 2344 * @example 2345 * crl = new KJUR.asn1.x509.CRL({..., cakey:prvkey}); 2346 * crl.sign() 2347 */ 2348 this.sign = function() { 2349 var hTBSCL = (new _TBSCertList(this.params)).tohex(); 2350 var sig = new KJUR.crypto.Signature({alg: this.params.sigalg}); 2351 sig.init(this.params.cakey); 2352 sig.updateHex(hTBSCL); 2353 var sighex = sig.sign(); 2354 this.params.sighex = sighex; 2355 }; 2356 2357 /** 2358 * get PEM formatted CRL string after signed<br/> 2359 * @name getPEM 2360 * @memberOf KJUR.asn1.x509.CRL# 2361 * @function 2362 * @return PEM formatted string of CRL 2363 * @since jsrsasign 9.1.0 asn1hex 2.1.0 2364 * @description 2365 * This method returns a string of PEM formatted 2366 * CRL. 2367 * @example 2368 * crl = new KJUR.asn1.x509.CRL({...}); 2369 * crl.getPEM() → 2370 * "-----BEGIN X509 CRL-----\r\n..." 2371 */ 2372 this.getPEM = function() { 2373 return hextopem(this.tohex(), "X509 CRL"); 2374 }; 2375 2376 this.tohex = function() { 2377 var params = this.params; 2378 2379 if (params.tbsobj == undefined) { 2380 params.tbsobj = new _TBSCertList(params); 2381 } 2382 2383 if (params.sighex == undefined && params.cakey != undefined) { 2384 this.sign(); 2385 } 2386 2387 if (params.sighex == undefined) { 2388 throw new Error("sighex or cakey parameter not defined"); 2389 } 2390 2391 var a = []; 2392 a.push(params.tbsobj); 2393 a.push(new _AlgorithmIdentifier({name: params.sigalg})); 2394 a.push(new _DERBitString({hex: "00" + params.sighex})); 2395 var seq = new _DERSequence({array: a}); 2396 return seq.tohex(); 2397 }; 2398 this.getEncodedHex = function() { return this.tohex(); }; 2399 2400 if (params != undefined) this.params = params; 2401 }; 2402 extendClass(KJUR.asn1.x509.CRL, KJUR.asn1.ASN1Object); 2403 2404 /** 2405 * ASN.1 TBSCertList ASN.1 structure class for CRL<br/> 2406 * @name KJUR.asn1.x509.TBSCertList 2407 * @class TBSCertList ASN.1 structure class for CRL 2408 * @property {Array} params JSON object of parameters 2409 * @param {Array} params JSON object of TBSCertList parameters 2410 * @extends KJUR.asn1.ASN1Object 2411 * @since 1.0.3 2412 * 2413 * @description 2414 * This class represents TBSCertList of CRL defined in 2415 * <a href="https://tools.ietf.org/html/rfc5280#section-5.1"> 2416 * RFC 5280 5.1</a>. 2417 * <pre> 2418 * TBSCertList ::= SEQUENCE { 2419 * version Version OPTIONAL, 2420 * -- if present, MUST be v2 2421 * signature AlgorithmIdentifier, 2422 * issuer Name, 2423 * thisUpdate Time, 2424 * nextUpdate Time OPTIONAL, 2425 * revokedCertificates SEQUENCE OF SEQUENCE { 2426 * userCertificate CertificateSerialNumber, 2427 * revocationDate Time, 2428 * crlEntryExtensions Extensions OPTIONAL 2429 * -- if present, version MUST be v2 2430 * } OPTIONAL, 2431 * crlExtensions [0] EXPLICIT Extensions OPTIONAL 2432 * } 2433 * </pre> 2434 * NOTE: TBSCertList class is updated without backward 2435 * compatibility from jsrsasign 9.1.0 asn1x509 2.1.0. 2436 * Most of methods are removed and parameters can be set 2437 * by JSON object. 2438 * <br/> 2439 * Constructor of this class may have following parameters: 2440 * <ul> 2441 * <li>{Integer}version (OPTION) - version number. Omitted by default.</li> 2442 * <li>{String}sigalg - signature algorithm name</li> 2443 * <li>{Array}issuer - issuer parameter of {@link KJUR.asn1.x509.X500Name}</li> 2444 * <li>{String}thisupdate - thisUpdate field value</li> 2445 * <li>{String}nextupdate (OPTION) - thisUpdate field value</li> 2446 * <li>{Array}revcert (OPTION) - revokedCertificates field value as array 2447 * Its element may have following property: 2448 * <ul> 2449 * <li>{Array}sn - serialNumber of userCertificate field specified 2450 * by {@link KJUR.asn1.DERInteger}</li> 2451 * <li>{String}date - revocationDate field specified by 2452 * a string of {@link KJUR.asn1.x509.Time} parameter</li> 2453 * <li>{Array}ext (OPTION) - array of CRL entry extension parameter</li> 2454 * </ul> 2455 * </li> 2456 * </ul> 2457 * 2458 * @example 2459 * var o = new KJUR.asn1.x509.TBSCertList({ 2460 * sigalg: "SHA256withRSA", 2461 * issuer: {array: [[{type:'C',value:'JP',ds:'prn'}], 2462 * [{type:'O',value:'T1',ds:'prn'}]]}, 2463 * thisupdate: "200821235959Z", 2464 * nextupdate: "200828235959Z", // OPTION 2465 * revcert: [ 2466 * {sn: {hex: "12ab"}, date: "200401235959Z", ext: [{extname: "cRLReason", code:1}]}, 2467 * {sn: {hex: "12bc"}, date: "200405235959Z", ext: [{extname: "cRLReason", code:2}]} 2468 * ], 2469 * ext: [ 2470 * {extname: "cRLNumber", num: {'int': 8}}, 2471 * {extname: "authorityKeyIdentifier", "kid": {hex: "12ab"}} 2472 * ] 2473 * }); 2474 * o.tohex() → "30..." 2475 */ 2476 KJUR.asn1.x509.TBSCertList = function(params) { 2477 KJUR.asn1.x509.TBSCertList.superclass.constructor.call(this); 2478 var _KJUR = KJUR, 2479 _KJUR_asn1 = _KJUR.asn1, 2480 _DERInteger = _KJUR_asn1.DERInteger, 2481 _DERSequence = _KJUR_asn1.DERSequence, 2482 _DERTaggedObject = _KJUR_asn1.DERTaggedObject, 2483 _DERObjectIdentifier = _KJUR_asn1.DERObjectIdentifier, 2484 _KJUR_asn1_x509 = _KJUR_asn1.x509, 2485 _AlgorithmIdentifier = _KJUR_asn1_x509.AlgorithmIdentifier, 2486 _Time = _KJUR_asn1_x509.Time, 2487 _Extensions = _KJUR_asn1_x509.Extensions, 2488 _X500Name = _KJUR_asn1_x509.X500Name; 2489 this.params = null; 2490 2491 /** 2492 * get array of ASN.1 object for extensions<br/> 2493 * @name setByParam 2494 * @memberOf KJUR.asn1.x509.TBSCertList# 2495 * @function 2496 * @param {Array} JSON object of TBSCertList parameters 2497 * @example 2498 * tbsc = new KJUR.asn1.x509.TBSCertificate(); 2499 * tbsc.setByParam({version:3, serial:{hex:'1234...'},...}); 2500 */ 2501 this.setByParam = function(params) { 2502 this.params = params; 2503 }; 2504 2505 /** 2506 * get DERSequence for revokedCertificates<br/> 2507 * @name getRevCertSequence 2508 * @memberOf KJUR.asn1.x509.TBSCertList# 2509 * @function 2510 * @return {@link KJUR.asn1.DERSequence} of revokedCertificates 2511 */ 2512 this.getRevCertSequence = function() { 2513 var a = []; 2514 var aRevCert = this.params.revcert; 2515 for (var i = 0; i < aRevCert.length; i++) { 2516 var aEntry = [ 2517 new _DERInteger(aRevCert[i].sn), 2518 new _Time(aRevCert[i].date) 2519 ]; 2520 if (aRevCert[i].ext != undefined) { 2521 aEntry.push(new _Extensions(aRevCert[i].ext)); 2522 } 2523 a.push(new _DERSequence({array: aEntry})); 2524 } 2525 return new _DERSequence({array: a}); 2526 }; 2527 2528 this.tohex = function() { 2529 var a = []; 2530 var params = this.params; 2531 2532 if (params.version != undefined) { 2533 var version = params.version - 1; 2534 var obj = new _DERInteger({'int': version}); 2535 a.push(obj); 2536 } 2537 2538 a.push(new _AlgorithmIdentifier({name: params.sigalg})); 2539 a.push(new _X500Name(params.issuer)); 2540 a.push(new _Time(params.thisupdate)); 2541 if (params.nextupdate != undefined) 2542 a.push(new _Time(params.nextupdate)) 2543 if (params.revcert != undefined) { 2544 a.push(this.getRevCertSequence()); 2545 } 2546 if (params.ext != undefined) { 2547 var dExt = new _Extensions(params.ext); 2548 a.push(new _DERTaggedObject({tag:'a0', 2549 explicit:true, 2550 obj:dExt})); 2551 } 2552 2553 var seq = new _DERSequence({array: a}); 2554 return seq.tohex(); 2555 }; 2556 this.getEncodedHex = function() { return this.tohex(); }; 2557 2558 if (params !== undefined) this.setByParam(params); 2559 }; 2560 extendClass(KJUR.asn1.x509.TBSCertList, KJUR.asn1.ASN1Object); 2561 2562 /** 2563 * ASN.1 CRLEntry structure class for CRL (DEPRECATED)<br/> 2564 * @name KJUR.asn1.x509.CRLEntry 2565 * @class ASN.1 CRLEntry structure class for CRL 2566 * @param {Array} params JSON object for CRL entry parameter 2567 * @extends KJUR.asn1.ASN1Object 2568 * @since 1.0.3 2569 * @see KJUR.asn1.x509.TBSCertList 2570 * @deprecated since jsrsasign 9.1.0 asn1x509 2.1.0 2571 * @description 2572 * This class is to represent revokedCertificate in TBSCertList. 2573 * However this is no more used by TBSCertList since 2574 * jsrsasign 9.1.0. So this class have been deprecated in 2575 * jsrsasign 9.1.0. 2576 * <pre> 2577 * revokedCertificates SEQUENCE OF SEQUENCE { 2578 * userCertificate CertificateSerialNumber, 2579 * revocationDate Time, 2580 * crlEntryExtensions Extensions OPTIONAL 2581 * -- if present, version MUST be v2 } 2582 * </pre> 2583 * @example 2584 * var e = new KJUR.asn1.x509.CRLEntry({'time': {'str': '130514235959Z'}, 'sn': {'int': 234}}); 2585 */ 2586 KJUR.asn1.x509.CRLEntry = function(params) { 2587 KJUR.asn1.x509.CRLEntry.superclass.constructor.call(this); 2588 var sn = null, 2589 time = null, 2590 _KJUR = KJUR, 2591 _KJUR_asn1 = _KJUR.asn1; 2592 2593 /** 2594 * set DERInteger parameter for serial number of revoked certificate 2595 * @name setCertSerial 2596 * @memberOf KJUR.asn1.x509.CRLEntry 2597 * @function 2598 * @param {Array} intParam DERInteger parameter for certificate serial number 2599 * @description 2600 * @example 2601 * entry.setCertSerial({'int': 3}); 2602 */ 2603 this.setCertSerial = function(intParam) { 2604 this.sn = new _KJUR_asn1.DERInteger(intParam); 2605 }; 2606 2607 /** 2608 * set Time parameter for revocation date 2609 * @name setRevocationDate 2610 * @memberOf KJUR.asn1.x509.CRLEntry 2611 * @function 2612 * @param {Array} timeParam Time parameter for revocation date 2613 * @description 2614 * @example 2615 * entry.setRevocationDate({'str': '130508235959Z'}); 2616 */ 2617 this.setRevocationDate = function(timeParam) { 2618 this.time = new _KJUR_asn1.x509.Time(timeParam); 2619 }; 2620 2621 this.tohex = function() { 2622 var o = new _KJUR_asn1.DERSequence({"array": [this.sn, this.time]}); 2623 this.TLV = o.tohex(); 2624 return this.TLV; 2625 }; 2626 this.getEncodedHex = function() { return this.tohex(); }; 2627 2628 if (params !== undefined) { 2629 if (params.time !== undefined) { 2630 this.setRevocationDate(params.time); 2631 } 2632 if (params.sn !== undefined) { 2633 this.setCertSerial(params.sn); 2634 } 2635 } 2636 }; 2637 extendClass(KJUR.asn1.x509.CRLEntry, KJUR.asn1.ASN1Object); 2638 2639 /** 2640 * CRLNumber CRL extension ASN.1 structure class<br/> 2641 * @name KJUR.asn1.x509.CRLNumber 2642 * @class CRLNumber CRL extension ASN.1 structure class 2643 * @extends KJUR.asn1.x509.Extension 2644 * @since jsrsasign 9.1.0 asn1x509 2.1.0 2645 * @see KJUR.asn1.x509.TBSCertList 2646 * @see KJUR.asn1.x509.Extensions 2647 * @description 2648 * This class represents ASN.1 structure for 2649 * CRLNumber CRL extension defined in 2650 * <a href="https://tools.ietf.org/html/rfc5280#section-5.2.3"> 2651 * RFC 5280 5.2.3</a>. 2652 * <pre> 2653 * id-ce-cRLNumber OBJECT IDENTIFIER ::= { id-ce 20 } 2654 * CRLNumber ::= INTEGER (0..MAX) 2655 * </pre> 2656 * Constructor of this class may have following parameters: 2657 * <ul> 2658 * <li>{String}extname - name "cRLNumber". It is ignored in this class but 2659 * required to use with {@link KJUR.asn1.x509.Extensions} class. (OPTION)</li> 2660 * <li>{Object}num - CRLNumber value to specify 2661 * {@link KJUR.asn1.DERInteger} parameter.</li> 2662 * <li>{Boolean}critical - critical flag. Generally false and not specified 2663 * in this class.(OPTION)</li> 2664 * </ul> 2665 * 2666 * @example 2667 * new KJUR.asn1.x509.CRLNumber({extname:'cRLNumber', 2668 * num:{'int':147}}) 2669 */ 2670 KJUR.asn1.x509.CRLNumber = function(params) { 2671 KJUR.asn1.x509.CRLNumber.superclass.constructor.call(this, params); 2672 this.params = undefined; 2673 2674 this.getExtnValueHex = function() { 2675 this.asn1ExtnValue = new KJUR.asn1.DERInteger(this.params.num); 2676 return this.asn1ExtnValue.tohex(); 2677 }; 2678 2679 this.oid = "2.5.29.20"; 2680 if (params != undefined) this.params = params; 2681 }; 2682 extendClass(KJUR.asn1.x509.CRLNumber, KJUR.asn1.x509.Extension); 2683 2684 /** 2685 * CRLReason CRL entry extension ASN.1 structure class<br/> 2686 * @name KJUR.asn1.x509.CRLReason 2687 * @class CRLReason CRL entry extension ASN.1 structure class 2688 * @extends KJUR.asn1.x509.Extension 2689 * @since jsrsasign 9.1.0 asn1x509 2.1.0 2690 * @see KJUR.asn1.x509.TBSCertList 2691 * @see KJUR.asn1.x509.Extensions 2692 * @description 2693 * This class represents ASN.1 structure for 2694 * CRLReason CRL entry extension defined in 2695 * <a href="https://tools.ietf.org/html/rfc5280#section-5.3.1"> 2696 * RFC 5280 5.3.1</a> 2697 * <pre> 2698 * id-ce-cRLReasons OBJECT IDENTIFIER ::= { id-ce 21 } 2699 * -- reasonCode ::= { CRLReason } 2700 * CRLReason ::= ENUMERATED { 2701 * unspecified (0), 2702 * keyCompromise (1), 2703 * cACompromise (2), 2704 * affiliationChanged (3), 2705 * superseded (4), 2706 * cessationOfOperation (5), 2707 * certificateHold (6), 2708 * removeFromCRL (8), 2709 * privilegeWithdrawn (9), 2710 * aACompromise (10) } 2711 * </pre> 2712 * Constructor of this class may have following parameters: 2713 * <ul> 2714 * <li>{String}extname - name "cRLReason". It is ignored in this class but 2715 * required to use with {@link KJUR.asn1.x509.Extensions} class. (OPTION)</li> 2716 * <li>{Integer}code - reasonCode value</li> 2717 * <li>{Boolean}critical - critical flag. Generally false and not specified 2718 * in this class.(OPTION)</li> 2719 * </ul> 2720 * 2721 * @example 2722 * new KJUR.asn1.x509.CRLReason({extname:'cRLReason',code:4}) 2723 */ 2724 KJUR.asn1.x509.CRLReason = function(params) { 2725 KJUR.asn1.x509.CRLReason.superclass.constructor.call(this, params); 2726 this.params = undefined; 2727 2728 this.getExtnValueHex = function() { 2729 this.asn1ExtnValue = new KJUR.asn1.DEREnumerated(this.params.code); 2730 return this.asn1ExtnValue.tohex(); 2731 }; 2732 2733 this.oid = "2.5.29.21"; 2734 if (params != undefined) this.params = params; 2735 }; 2736 extendClass(KJUR.asn1.x509.CRLReason, KJUR.asn1.x509.Extension); 2737 2738 // === END CRL Related =================================================== 2739 2740 // === BEGIN OCSP Related =================================================== 2741 /** 2742 * Nonce OCSP extension ASN.1 structure class<br/> 2743 * @name KJUR.asn1.x509.OCSPNonce 2744 * @class Nonce OCSP extension ASN.1 structure class 2745 * @extends KJUR.asn1.x509.Extension 2746 * @since jsrsasign 9.1.6 asn1x509 2.1.2 2747 * @param {Array} params JSON object for Nonce extension 2748 * @see KJUR.asn1.ocsp.ResponseData 2749 * @see KJUR.asn1.x509.Extensions 2750 * @see X509#getExtOCSPNonce 2751 * @description 2752 * This class represents 2753 * Nonce OCSP extension value defined in 2754 * <a href="https://tools.ietf.org/html/rfc6960#section-4.4.1"> 2755 * RFC 6960 4.4.1</a> as JSON object. 2756 * <pre> 2757 * id-pkix-ocsp OBJECT IDENTIFIER ::= { id-ad-ocsp } 2758 * id-pkix-ocsp-nonce OBJECT IDENTIFIER ::= { id-pkix-ocsp 2 } 2759 * Nonce ::= OCTET STRING 2760 * </pre> 2761 * Constructor of this class may have following parameters: 2762 * <ul> 2763 * <li>{String}extname - name "ocspNonce". It is ignored in this class but 2764 * required to use with {@link KJUR.asn1.x509.Extensions} class. (OPTION)</li> 2765 * <li>{String}hex - hexadecimal string of nonce value</li> 2766 * <li>{Number}int - integer of nonce value. "hex" or "int" needs to be 2767 * specified.</li> 2768 * <li>{Boolean}critical - critical flag. Generally false and not specified 2769 * in this class.(OPTION)</li> 2770 * </ul> 2771 * 2772 * @example 2773 * new KJUR.asn1.x509.OCSPNonce({extname:'ocspNonce', 2774 * hex: '12ab...'}) 2775 */ 2776 KJUR.asn1.x509.OCSPNonce = function(params) { 2777 KJUR.asn1.x509.OCSPNonce.superclass.constructor.call(this, params); 2778 this.params = undefined; 2779 2780 this.getExtnValueHex = function() { 2781 this.asn1ExtnValue = new KJUR.asn1.DEROctetString(this.params); 2782 return this.asn1ExtnValue.tohex(); 2783 }; 2784 2785 this.oid = "1.3.6.1.5.5.7.48.1.2"; 2786 if (params != undefined) this.params = params; 2787 }; 2788 extendClass(KJUR.asn1.x509.OCSPNonce, KJUR.asn1.x509.Extension); 2789 2790 /** 2791 * OCSPNoCheck certificate ASN.1 structure class<br/> 2792 * @name KJUR.asn1.x509.OCSPNoCheck 2793 * @class OCSPNoCheck extension ASN.1 structure class 2794 * @extends KJUR.asn1.x509.Extension 2795 * @since jsrsasign 9.1.6 asn1x509 2.1.2 2796 * @param {Array} params JSON object for OCSPNoCheck extension 2797 * @see KJUR.asn1.x509.Extensions 2798 * @see X509#getExtOCSPNoCheck 2799 * @description 2800 * This class represents 2801 * OCSPNoCheck extension value defined in 2802 * <a href="https://tools.ietf.org/html/rfc6960#section-4.2.2.2.1"> 2803 * RFC 6960 4.2.2.2.1</a> as JSON object. 2804 * <pre> 2805 * id-pkix-ocsp-nocheck OBJECT IDENTIFIER ::= { id-pkix-ocsp 5 } 2806 * </pre> 2807 * Constructor of this class may have following parameters: 2808 * <ul> 2809 * <li>{String}extname - name "ocspNoCheck". It is ignored in this class but 2810 * required to use with {@link KJUR.asn1.x509.Extensions} class. (OPTION)</li> 2811 * <li>{Boolean}critical - critical flag. Generally false and not specified 2812 * in this class.(OPTION)</li> 2813 * </ul> 2814 * 2815 * @example 2816 * new KJUR.asn1.x509.OCSPNonce({extname:'ocspNoCheck'}) 2817 */ 2818 KJUR.asn1.x509.OCSPNoCheck = function(params) { 2819 KJUR.asn1.x509.OCSPNoCheck.superclass.constructor.call(this, params); 2820 this.params = undefined; 2821 2822 this.getExtnValueHex = function() { 2823 this.asn1ExtnValue = new KJUR.asn1.DERNull(); 2824 return this.asn1ExtnValue.tohex(); 2825 }; 2826 2827 this.oid = "1.3.6.1.5.5.7.48.1.5"; 2828 if (params != undefined) this.params = params; 2829 }; 2830 extendClass(KJUR.asn1.x509.OCSPNoCheck, KJUR.asn1.x509.Extension); 2831 2832 // === END OCSP Related =================================================== 2833 2834 // === BEGIN Other X.509v3 Extensions======================================== 2835 2836 /** 2837 * AdobeTimeStamp X.509v3 extension ASN.1 encoder class<br/> 2838 * @name KJUR.asn1.x509.AdobeTimeStamp 2839 * @class AdobeTimeStamp X.509v3 extension ASN.1 encoder class 2840 * @extends KJUR.asn1.x509.Extension 2841 * @since jsrsasign 10.0.1 asn1x509 2.1.4 2842 * @param {Array} params JSON object for AdobeTimeStamp extension parameter 2843 * @see KJUR.asn1.x509.Extensions 2844 * @see X509#getExtAdobeTimeStamp 2845 * @description 2846 * This class represents 2847 * AdobeTimeStamp X.509v3 extension value defined in 2848 * <a href="https://www.adobe.com/devnet-docs/acrobatetk/tools/DigSigDC/oids.html"> 2849 * Adobe site</a> as JSON object. 2850 * <pre> 2851 * adbe- OBJECT IDENTIFIER ::= { adbe(1.2.840.113583) acrobat(1) security(1) x509Ext(9) 1 } 2852 * ::= SEQUENCE { 2853 * version INTEGER { v1(1) }, -- extension version 2854 * location GeneralName (In v1 GeneralName can be only uniformResourceIdentifier) 2855 * requiresAuth boolean (default false), OPTIONAL } 2856 * </pre> 2857 * Constructor of this class may have following parameters: 2858 * <ul> 2859 * <li>{String}uri - RFC 3161 time stamp service URL</li> 2860 * <li>{Boolean}reqauth - authentication required or not</li> 2861 * </ul> 2862 * </pre> 2863 * <br/> 2864 * NOTE: This extesion doesn't seem to have official name. This may be called as "pdfTimeStamp". 2865 * @example 2866 * new KJUR.asn1.x509.AdobeTimesStamp({ 2867 * uri: "http://tsa.example.com/", 2868 * reqauth: true 2869 * } 2870 */ 2871 KJUR.asn1.x509.AdobeTimeStamp = function(params) { 2872 KJUR.asn1.x509.AdobeTimeStamp.superclass.constructor.call(this, params); 2873 2874 var _KJUR = KJUR, 2875 _KJUR_asn1 = _KJUR.asn1, 2876 _DERInteger = _KJUR_asn1.DERInteger, 2877 _DERBoolean = _KJUR_asn1.DERBoolean, 2878 _DERSequence = _KJUR_asn1.DERSequence, 2879 _GeneralName = _KJUR_asn1.x509.GeneralName; 2880 2881 this.params = null; 2882 2883 this.getExtnValueHex = function() { 2884 var params = this.params; 2885 var a = [new _DERInteger(1)]; 2886 a.push(new _GeneralName({uri: params.uri})); 2887 if (params.reqauth != undefined) { 2888 a.push(new _DERBoolean(params.reqauth)); 2889 } 2890 2891 this.asn1ExtnValue = new _DERSequence({array: a}); 2892 return this.asn1ExtnValue.tohex(); 2893 }; 2894 2895 this.oid = "1.2.840.113583.1.1.9.1"; 2896 if (params !== undefined) this.setByParam(params); 2897 }; 2898 extendClass(KJUR.asn1.x509.AdobeTimeStamp, KJUR.asn1.x509.Extension); 2899 2900 // === END Other X.509v3 Extensions======================================== 2901 2902 2903 // === BEGIN X500Name Related ================================================= 2904 /** 2905 * X500Name ASN.1 structure class 2906 * @name KJUR.asn1.x509.X500Name 2907 * @class X500Name ASN.1 structure class 2908 * @param {Array} params associative array of parameters (ex. {'str': '/C=US/O=a'}) 2909 * @extends KJUR.asn1.ASN1Object 2910 * @see KJUR.asn1.x509.X500Name 2911 * @see KJUR.asn1.x509.RDN 2912 * @see KJUR.asn1.x509.AttributeTypeAndValue 2913 * @see X509#getX500Name 2914 * @description 2915 * This class provides DistinguishedName ASN.1 class structure 2916 * defined in <a href="https://tools.ietf.org/html/rfc2253#section-2">RFC 2253 section 2</a>. 2917 * <blockquote><pre> 2918 * DistinguishedName ::= RDNSequence 2919 * RDNSequence ::= SEQUENCE OF RelativeDistinguishedName 2920 * RelativeDistinguishedName ::= SET SIZE (1..MAX) OF 2921 * AttributeTypeAndValue 2922 * AttributeTypeAndValue ::= SEQUENCE { 2923 * type AttributeType, 2924 * value AttributeValue } 2925 * </pre></blockquote> 2926 * <br/> 2927 * Argument for the constructor can be one of following parameters: 2928 * <ul> 2929 * <li>{Array}array - array of {@link KJUR.asn1.x509.RDN} parameter</li> 2930 * <li>`String}str - string for distingish name in OpenSSL One line foramt (ex: /C=US/O=test/CN=test) See <a href="https://github.com/kjur/jsrsasign/wiki/NOTE-distinguished-name-representation-in-jsrsasign">this</a> in detail.</li> 2931 * <li>{String}ldapstr - string for distinguish name in LDAP format (ex: CN=test,O=test,C=US)</li> 2932 * <li>{String}hex - hexadecimal string for ASN.1 distinguish name structure</li> 2933 * <li>{String}certissuer - issuer name in the specified PEM certificate</li> 2934 * <li>{String}certsubject - subject name in the specified PEM certificate</li> 2935 * <li>{String}rule - DirectoryString rule (ex. "prn" or "utf8")</li> 2936 * </ul> 2937 * <br/> 2938 * NOTE1: The "array" and "rule" parameters have been supported 2939 * since jsrsasign 9.0.0 asn1x509 2.0.0. 2940 * <br/> 2941 * NOTE2: Multi-valued RDN in "str" parameter have been 2942 * supported since jsrsasign 6.2.1 asn1x509 1.0.17. 2943 * @example 2944 * // 1. construct with array 2945 * new KJUR.asn1.x509.X500Name({array:[ 2946 * [{type:'C',value:'JP',ds:'prn'}], 2947 * [{type:'O',value:'aaa',ds:'utf8'}, // multi-valued RDN 2948 * {type:'CN',value:'bob@example.com',ds:'ia5'}] 2949 * ]}) 2950 * // 2. construct with string 2951 * new KJUR.asn1.x509.X500Name({str: "/C=US/ST=NY/L=Ballston Spa/STREET=915 Stillwater Ave"}); 2952 * new KJUR.asn1.x509.X500Name({str: "/CN=AAA/2.5.4.42=John/surname=Ray"}); 2953 * new KJUR.asn1.x509.X500Name({str: "/C=US/O=aaa+CN=contact@example.com"}); // multi valued 2954 * // 3. construct by LDAP string 2955 * new KJUR.asn1.x509.X500Name({ldapstr: "CN=foo@example.com,OU=bbb,C=US"}); 2956 * // 4. construct by ASN.1 hex string 2957 * new KJUR.asn1.x509.X500Name({hex: "304c3120..."}); 2958 * // 5. construct by issuer of PEM certificate 2959 * new KJUR.asn1.x509.X500Name({certsubject: "-----BEGIN CERT..."}); 2960 * // 6. construct by subject of PEM certificate 2961 * new KJUR.asn1.x509.X500Name({certissuer: "-----BEGIN CERT..."}); 2962 * // 7. construct by object (DEPRECATED) 2963 * new KJUR.asn1.x509.X500Name({C:"US",O:"aaa",CN:"http://example.com/"}); 2964 */ 2965 KJUR.asn1.x509.X500Name = function(params) { 2966 KJUR.asn1.x509.X500Name.superclass.constructor.call(this); 2967 this.asn1Array = []; 2968 this.paramArray = []; 2969 this.sRule = "utf8"; 2970 var _KJUR = KJUR, 2971 _KJUR_asn1 = _KJUR.asn1, 2972 _KJUR_asn1_x509 = _KJUR_asn1.x509, 2973 _RDN = _KJUR_asn1_x509.RDN, 2974 _pemtohex = pemtohex; 2975 2976 /** 2977 * set DN by OpenSSL oneline distinguished name string<br/> 2978 * @name setByString 2979 * @memberOf KJUR.asn1.x509.X500Name# 2980 * @function 2981 * @param {String} dnStr distinguished name by string (ex. /C=US/O=aaa) 2982 * @description 2983 * Sets distinguished name by string. 2984 * dnStr must be formatted as 2985 * "/type0=value0/type1=value1/type2=value2...". 2986 * No need to escape a slash in an attribute value. 2987 * @example 2988 * name = new KJUR.asn1.x509.X500Name(); 2989 * name.setByString("/C=US/O=aaa/OU=bbb/CN=foo@example.com"); 2990 * // no need to escape slash in an attribute value 2991 * name.setByString("/C=US/O=aaa/CN=1980/12/31"); 2992 */ 2993 this.setByString = function(dnStr, sRule) { 2994 if (sRule !== undefined) this.sRule = sRule; 2995 var a = dnStr.split('/'); 2996 a.shift(); 2997 2998 var a1 = []; 2999 for (var i = 0; i < a.length; i++) { 3000 if (a[i].match(/^[^=]+=.+$/)) { 3001 a1.push(a[i]); 3002 } else { 3003 var lastidx = a1.length - 1; 3004 a1[lastidx] = a1[lastidx] + "/" + a[i]; 3005 } 3006 } 3007 3008 for (var i = 0; i < a1.length; i++) { 3009 this.asn1Array.push(new _RDN({'str':a1[i], rule:this.sRule})); 3010 } 3011 }; 3012 3013 /** 3014 * set DN by LDAP(RFC 2253) distinguished name string<br/> 3015 * @name setByLdapString 3016 * @memberOf KJUR.asn1.x509.X500Name# 3017 * @function 3018 * @param {String} dnStr distinguished name by LDAP string (ex. O=aaa,C=US) 3019 * @since jsrsasign 6.2.2 asn1x509 1.0.18 3020 * @see {@link KJUR.asn1.x509.X500Name.ldapToCompat} 3021 * @description 3022 * @example 3023 * name = new KJUR.asn1.x509.X500Name(); 3024 * name.setByLdapString("CN=foo@example.com,OU=bbb,O=aaa,C=US"); 3025 */ 3026 this.setByLdapString = function(dnStr, sRule) { 3027 if (sRule !== undefined) this.sRule = sRule; 3028 var compat = _KJUR_asn1_x509.X500Name.ldapToCompat(dnStr); 3029 this.setByString(compat, sRule); 3030 }; 3031 3032 /** 3033 * set DN by associative array<br/> 3034 * @name setByObject 3035 * @memberOf KJUR.asn1.x509.X500Name# 3036 * @function 3037 * @param {Array} dnObj associative array of DN (ex. {C: "US", O: "aaa"}) 3038 * @since jsrsasign 4.9. asn1x509 1.0.13 3039 * @description 3040 * @example 3041 * name = new KJUR.asn1.x509.X500Name(); 3042 * name.setByObject({C: "US", O: "aaa", CN="http://example.com/"1}); 3043 */ 3044 this.setByObject = function(dnObj, sRule) { 3045 if (sRule !== undefined) this.sRule = sRule; 3046 3047 // Get all the dnObject attributes and stuff them in the ASN.1 array. 3048 for (var x in dnObj) { 3049 if (dnObj.hasOwnProperty(x)) { 3050 var newRDN = new _RDN({str: x + '=' + dnObj[x], rule: this.sRule}); 3051 // Initialize or push into the ANS1 array. 3052 this.asn1Array ? this.asn1Array.push(newRDN) 3053 : this.asn1Array = [newRDN]; 3054 } 3055 } 3056 }; 3057 3058 this.setByParam = function(params) { 3059 if (params.rule !== undefined) this.sRule = params.rule; 3060 3061 if (params.array !== undefined) { 3062 this.paramArray = params.array; 3063 } else { 3064 if (params.str !== undefined) { 3065 this.setByString(params.str); 3066 } else if (params.ldapstr !== undefined) { 3067 this.setByLdapString(params.ldapstr); 3068 } else if (params.hex !== undefined) { 3069 this.hTLV = params.hex; 3070 } else if (params.certissuer !== undefined) { 3071 var x = new X509(); 3072 x.readCertPEM(params.certissuer); 3073 this.hTLV = x.getIssuerHex(); 3074 } else if (params.certsubject !== undefined) { 3075 var x = new X509(); 3076 x.readCertPEM(params.certsubject); 3077 this.hTLV = x.getSubjectHex(); 3078 // If params is an object, then set the ASN1 array 3079 // just using the object attributes. 3080 // This is nice for fields that have lots of special 3081 // characters (i.e. CN: 'https://www.github.com/kjur//'). 3082 } else if (typeof params === "object" && 3083 params.certsubject === undefined && 3084 params.certissuer === undefined) { 3085 this.setByObject(params); 3086 } 3087 } 3088 } 3089 3090 this.tohex = function() { 3091 if (typeof this.hTLV == "string") return this.hTLV; 3092 3093 if (this.asn1Array.length == 0 && this.paramArray.length > 0) { 3094 for (var i = 0; i < this.paramArray.length; i++) { 3095 var param = {array: this.paramArray[i]}; 3096 if (this.sRule != "utf8") param.rule = this.sRule; 3097 var asn1RDN = new _RDN(param); 3098 this.asn1Array.push(asn1RDN); 3099 } 3100 } 3101 3102 var o = new _KJUR_asn1.DERSequence({"array": this.asn1Array}); 3103 this.hTLV = o.tohex(); 3104 return this.hTLV; 3105 }; 3106 this.getEncodedHex = function() { return this.tohex(); }; 3107 3108 if (params !== undefined) this.setByParam(params); 3109 }; 3110 extendClass(KJUR.asn1.x509.X500Name, KJUR.asn1.ASN1Object); 3111 3112 /** 3113 * convert OpenSSL compat distinguished name format string to LDAP(RFC 2253) format<br/> 3114 * @name compatToLDAP 3115 * @memberOf KJUR.asn1.x509.X500Name 3116 * @function 3117 * @param {String} s distinguished name string in OpenSSL oneline compat (ex. /C=US/O=test) 3118 * @return {String} distinguished name string in LDAP(RFC 2253) format (ex. O=test,C=US) 3119 * @since jsrsasign 8.0.19 asn1x509 1.1.20 3120 * @description 3121 * This static method converts a distinguished name string in OpenSSL compat 3122 * format to LDAP(RFC 2253) format. 3123 * @see <a href="https://github.com/kjur/jsrsasign/wiki/NOTE-distinguished-name-representation-in-jsrsasign">jsrsasign wiki: distinguished name string difference between OpenSSL compat and LDAP(RFC 2253)</a> 3124 * @see <a href="https://www.openssl.org/docs/man1.0.2/man1/openssl-x509.html#NAME-OPTIONS">OpenSSL x509 command manual - NAME OPTIONS</a> 3125 * @example 3126 * KJUR.asn1.x509.X500Name.compatToLDAP("/C=US/O=test") → 'O=test,C=US' 3127 * KJUR.asn1.x509.X500Name.compatToLDAP("/C=US/O=a,a") → 'O=a\,a,C=US' 3128 */ 3129 KJUR.asn1.x509.X500Name.compatToLDAP = function(s) { 3130 if (s.substr(0, 1) !== "/") throw "malformed input"; 3131 3132 var result = ""; 3133 s = s.substr(1); 3134 3135 var a = s.split("/"); 3136 a.reverse(); 3137 a = a.map(function(s) {return s.replace(/,/, "\\,")}); 3138 3139 return a.join(","); 3140 }; 3141 3142 /** 3143 * convert OpenSSL compat distinguished name format string to LDAP(RFC 2253) format (DEPRECATED)<br/> 3144 * @name onelineToLDAP 3145 * @memberOf KJUR.asn1.x509.X500Name 3146 * @function 3147 * @param {String} s distinguished name string in OpenSSL compat format (ex. /C=US/O=test) 3148 * @return {String} distinguished name string in LDAP(RFC 2253) format (ex. O=test,C=US) 3149 * @since jsrsasign 6.2.2 asn1x509 1.0.18 3150 * @see KJUR.asn1.x509.X500Name.compatToLDAP 3151 * @description 3152 * This method is deprecated. Please use 3153 * {@link KJUR.asn1.x509.X500Name.compatToLDAP} instead. 3154 */ 3155 KJUR.asn1.x509.X500Name.onelineToLDAP = function(s) { 3156 return KJUR.asn1.x509.X500Name.compatToLDAP(s); 3157 } 3158 3159 /** 3160 * convert LDAP(RFC 2253) distinguished name format string to OpenSSL compat format<br/> 3161 * @name ldapToCompat 3162 * @memberOf KJUR.asn1.x509.X500Name 3163 * @function 3164 * @param {String} s distinguished name string in LDAP(RFC 2253) format (ex. O=test,C=US) 3165 * @return {String} distinguished name string in OpenSSL compat format (ex. /C=US/O=test) 3166 * @since jsrsasign 8.0.19 asn1x509 1.1.10 3167 * @description 3168 * This static method converts a distinguished name string in 3169 * LDAP(RFC 2253) format to OpenSSL compat format. 3170 * @see <a href="https://github.com/kjur/jsrsasign/wiki/NOTE-distinguished-name-representation-in-jsrsasign">jsrsasign wiki: distinguished name string difference between OpenSSL compat and LDAP(RFC 2253)</a> 3171 * @example 3172 * KJUR.asn1.x509.X500Name.ldapToCompat('O=test,C=US') → '/C=US/O=test' 3173 * KJUR.asn1.x509.X500Name.ldapToCompat('O=a\,a,C=US') → '/C=US/O=a,a' 3174 * KJUR.asn1.x509.X500Name.ldapToCompat('O=a/a,C=US') → '/C=US/O=a\/a' 3175 */ 3176 KJUR.asn1.x509.X500Name.ldapToCompat = function(s) { 3177 var a = s.split(","); 3178 3179 // join \, 3180 var isBSbefore = false; 3181 var a2 = []; 3182 for (var i = 0; a.length > 0; i++) { 3183 var item = a.shift(); 3184 //console.log("item=" + item); 3185 3186 if (isBSbefore === true) { 3187 var a2last = a2.pop(); 3188 var newitem = (a2last + "," + item).replace(/\\,/g, ","); 3189 a2.push(newitem); 3190 isBSbefore = false; 3191 } else { 3192 a2.push(item); 3193 } 3194 3195 if (item.substr(-1, 1) === "\\") isBSbefore = true; 3196 } 3197 3198 a2 = a2.map(function(s) {return s.replace("/", "\\/")}); 3199 a2.reverse(); 3200 return "/" + a2.join("/"); 3201 }; 3202 3203 /** 3204 * convert LDAP(RFC 2253) distinguished name format string to OpenSSL compat format (DEPRECATED)<br/> 3205 * @name ldapToOneline 3206 * @memberOf KJUR.asn1.x509.X500Name 3207 * @function 3208 * @param {String} s distinguished name string in LDAP(RFC 2253) format (ex. O=test,C=US) 3209 * @return {String} distinguished name string in OpenSSL compat format (ex. /C=US/O=test) 3210 * @since jsrsasign 6.2.2 asn1x509 1.0.18 3211 * @description 3212 * This method is deprecated. Please use 3213 * {@link KJUR.asn1.x509.X500Name.ldapToCompat} instead. 3214 */ 3215 KJUR.asn1.x509.X500Name.ldapToOneline = function(s) { 3216 return KJUR.asn1.x509.X500Name.ldapToCompat(s); 3217 }; 3218 3219 /** 3220 * RDN (Relative Distinguished Name) ASN.1 structure class 3221 * @name KJUR.asn1.x509.RDN 3222 * @class RDN (Relative Distinguished Name) ASN.1 structure class 3223 * @param {Array} params associative array of parameters (ex. {'str': 'C=US'}) 3224 * @extends KJUR.asn1.ASN1Object 3225 * @see KJUR.asn1.x509.X500Name 3226 * @see KJUR.asn1.x509.RDN 3227 * @see KJUR.asn1.x509.AttributeTypeAndValue 3228 * @description 3229 * This class provides RelativeDistinguishedName ASN.1 class structure 3230 * defined in <a href="https://tools.ietf.org/html/rfc2253#section-2">RFC 2253 section 2</a>. 3231 * <blockquote><pre> 3232 * RelativeDistinguishedName ::= SET SIZE (1..MAX) OF 3233 * AttributeTypeAndValue 3234 * 3235 * AttributeTypeAndValue ::= SEQUENCE { 3236 * type AttributeType, 3237 * value AttributeValue } 3238 * </pre></blockquote> 3239 * <br/> 3240 * NOTE1: The "array" and "rule" parameters have been supported 3241 * since jsrsasign 9.0.0 asn1x509 2.0.0. 3242 * <br/> 3243 * NOTE2: Multi-valued RDN in "str" parameter have been 3244 * supported since jsrsasign 6.2.1 asn1x509 1.0.17. 3245 * @example 3246 * new KJUR.asn1.x509.RDN({array: [ // multi-valued 3247 * {type:"CN",value:"Bob",ds:"prn"}, 3248 * {type:"CN",value:"bob@example.com", ds:"ia5"} 3249 * ]}); 3250 * new KJUR.asn1.x509.RDN({str: "CN=test"}); 3251 * new KJUR.asn1.x509.RDN({str: "O=a+O=bb+O=c"}); // multi-valued 3252 * new KJUR.asn1.x509.RDN({str: "O=a+O=b\\+b+O=c"}); // plus escaped 3253 * new KJUR.asn1.x509.RDN({str: "O=a+O=\"b+b\"+O=c"}); // double quoted 3254 */ 3255 KJUR.asn1.x509.RDN = function(params) { 3256 KJUR.asn1.x509.RDN.superclass.constructor.call(this); 3257 this.asn1Array = []; 3258 this.paramArray = []; 3259 this.sRule = "utf8"; // DEFAULT "utf8" 3260 var _AttributeTypeAndValue = KJUR.asn1.x509.AttributeTypeAndValue; 3261 3262 this.setByParam = function(params) { 3263 if (params.rule !== undefined) this.sRule = params.rule; 3264 if (params.str !== undefined) { 3265 this.addByMultiValuedString(params.str); 3266 } 3267 if (params.array !== undefined) this.paramArray = params.array; 3268 }; 3269 3270 /** 3271 * add one AttributeTypeAndValue by string<br/> 3272 * @name addByString 3273 * @memberOf KJUR.asn1.x509.RDN# 3274 * @function 3275 * @param {String} s string of AttributeTypeAndValue 3276 * @return {Object} unspecified 3277 * @description 3278 * This method add one AttributeTypeAndValue to RDN object. 3279 * @example 3280 * rdn = new KJUR.asn1.x509.RDN(); 3281 * rdn.addByString("CN=john"); 3282 * rdn.addByString("serialNumber=1234"); // for multi-valued RDN 3283 */ 3284 this.addByString = function(s) { 3285 this.asn1Array.push(new KJUR.asn1.x509.AttributeTypeAndValue({'str': s, rule: this.sRule})); 3286 }; 3287 3288 /** 3289 * add one AttributeTypeAndValue by multi-valued string<br/> 3290 * @name addByMultiValuedString 3291 * @memberOf KJUR.asn1.x509.RDN# 3292 * @function 3293 * @param {String} s string of multi-valued RDN 3294 * @return {Object} unspecified 3295 * @since jsrsasign 6.2.1 asn1x509 1.0.17 3296 * @description 3297 * This method add multi-valued RDN to RDN object. 3298 * @example 3299 * rdn = new KJUR.asn1.x509.RDN(); 3300 * rdn.addByMultiValuedString("CN=john+O=test"); 3301 * rdn.addByMultiValuedString("O=a+O=b\+b\+b+O=c"); // multi-valued RDN with quoted plus 3302 * rdn.addByMultiValuedString("O=a+O=\"b+b+b\"+O=c"); // multi-valued RDN with quoted quotation 3303 */ 3304 this.addByMultiValuedString = function(s) { 3305 var a = KJUR.asn1.x509.RDN.parseString(s); 3306 for (var i = 0; i < a.length; i++) { 3307 this.addByString(a[i]); 3308 } 3309 }; 3310 3311 this.tohex = function() { 3312 if (this.asn1Array.length == 0 && this.paramArray.length > 0) { 3313 for (var i = 0; i < this.paramArray.length; i++) { 3314 var param = this.paramArray[i]; 3315 if (param.rule !== undefined && 3316 this.sRule != "utf8") { 3317 param.rule = this.sRule; 3318 } 3319 //alert(JSON.stringify(param)); 3320 var asn1ATV = new _AttributeTypeAndValue(param); 3321 this.asn1Array.push(asn1ATV); 3322 } 3323 } 3324 var o = new KJUR.asn1.DERSet({"array": this.asn1Array}); 3325 this.TLV = o.tohex(); 3326 return this.TLV; 3327 }; 3328 this.getEncodedHex = function() { return this.tohex(); }; 3329 3330 if (params !== undefined) { 3331 this.setByParam(params); 3332 } 3333 }; 3334 extendClass(KJUR.asn1.x509.RDN, KJUR.asn1.ASN1Object); 3335 3336 /** 3337 * parse multi-valued RDN string and split into array of 'AttributeTypeAndValue'<br/> 3338 * @name parseString 3339 * @memberOf KJUR.asn1.x509.RDN 3340 * @function 3341 * @param {String} s multi-valued string of RDN 3342 * @return {Array} array of string of AttributeTypeAndValue 3343 * @since jsrsasign 6.2.1 asn1x509 1.0.17 3344 * @description 3345 * This static method parses multi-valued RDN string and split into 3346 * array of AttributeTypeAndValue. 3347 * @example 3348 * KJUR.asn1.x509.RDN.parseString("CN=john") → ["CN=john"] 3349 * KJUR.asn1.x509.RDN.parseString("CN=john+OU=test") → ["CN=john", "OU=test"] 3350 * KJUR.asn1.x509.RDN.parseString('CN="jo+hn"+OU=test') → ["CN=jo+hn", "OU=test"] 3351 * KJUR.asn1.x509.RDN.parseString('CN=jo\+hn+OU=test') → ["CN=jo+hn", "OU=test"] 3352 * KJUR.asn1.x509.RDN.parseString("CN=john+OU=test+OU=t1") → ["CN=john", "OU=test", "OU=t1"] 3353 */ 3354 KJUR.asn1.x509.RDN.parseString = function(s) { 3355 var a = s.split(/\+/); 3356 3357 // join \+ 3358 var isBSbefore = false; 3359 var a2 = []; 3360 for (var i = 0; a.length > 0; i++) { 3361 var item = a.shift(); 3362 //console.log("item=" + item); 3363 3364 if (isBSbefore === true) { 3365 var a2last = a2.pop(); 3366 var newitem = (a2last + "+" + item).replace(/\\\+/g, "+"); 3367 a2.push(newitem); 3368 isBSbefore = false; 3369 } else { 3370 a2.push(item); 3371 } 3372 3373 if (item.substr(-1, 1) === "\\") isBSbefore = true; 3374 } 3375 3376 // join quote 3377 var beginQuote = false; 3378 var a3 = []; 3379 for (var i = 0; a2.length > 0; i++) { 3380 var item = a2.shift(); 3381 3382 if (beginQuote === true) { 3383 var a3last = a3.pop(); 3384 if (item.match(/"$/)) { 3385 var newitem = (a3last + "+" + item).replace(/^([^=]+)="(.*)"$/, "$1=$2"); 3386 a3.push(newitem); 3387 beginQuote = false; 3388 } else { 3389 a3.push(a3last + "+" + item); 3390 } 3391 } else { 3392 a3.push(item); 3393 } 3394 3395 if (item.match(/^[^=]+="/)) { 3396 //console.log(i + "=" + item); 3397 beginQuote = true; 3398 } 3399 } 3400 return a3; 3401 }; 3402 3403 /** 3404 * AttributeTypeAndValue ASN.1 structure class 3405 * @name KJUR.asn1.x509.AttributeTypeAndValue 3406 * @class AttributeTypeAndValue ASN.1 structure class 3407 * @param {Array} params JSON object for parameters (ex. {str: 'C=US'}) 3408 * @extends KJUR.asn1.ASN1Object 3409 * @see KJUR.asn1.x509.X500Name 3410 * @see KJUR.asn1.x509.RDN 3411 * @see KJUR.asn1.x509.AttributeTypeAndValue 3412 * @see X509#getAttrTypeAndValue 3413 * @description 3414 * This class generates AttributeTypeAndValue defined in 3415 * <a href="https://tools.ietf.org/html/rfc5280#section-4.1.2.4"> 3416 * RFC 5280 4.1.2.4</a>. 3417 * <pre> 3418 * AttributeTypeAndValue ::= SEQUENCE { 3419 * type AttributeType, 3420 * value AttributeValue } 3421 * AttributeType ::= OBJECT IDENTIFIER 3422 * AttributeValue ::= ANY -- DEFINED BY AttributeType 3423 * </pre> 3424 * The constructor argument can have following parameters: 3425 * <ul> 3426 * <li>{String}type - AttributeType name or OID(ex. C,O,CN)</li> 3427 * <li>{String}value - raw string of ASN.1 value of AttributeValue</li> 3428 * <li>{String}ds - DirectoryString type of AttributeValue</li> 3429 * <li>{String}rule - DirectoryString type rule (ex. "prn" or "utf8") 3430 * set DirectoryString type automatically when "ds" not specified.</li> 3431 * <li>{String}str - AttributeTypeAndVale string (ex. "C=US"). 3432 * When type and value don't exists, 3433 * this "str" will be converted to "type" and "value". 3434 * </li> 3435 * </ul> 3436 * <br 3437 * NOTE: Parameters "type", "value,", "ds" and "rule" have 3438 * been supported since jsrsasign 9.0.0 asn1x509 2.0.0. 3439 * @example 3440 * new KJUR.asn1.x509.AttributeTypeAndValue({type:'C',value:'US',ds:'prn'}) 3441 * new KJUR.asn1.x509.AttributeTypeAndValue({type:'givenName',value:'John',ds:'prn'}) 3442 * new KJUR.asn1.x509.AttributeTypeAndValue({type:'2.5.4.9',value:'71 Bowman St',ds:'prn'}) 3443 * new KJUR.asn1.x509.AttributeTypeAndValue({str:'O=T1'}) 3444 * new KJUR.asn1.x509.AttributeTypeAndValue({str:'streetAddress=71 Bowman St'}) 3445 * new KJUR.asn1.x509.AttributeTypeAndValue({str:'O=T1',rule='prn'}) 3446 * new KJUR.asn1.x509.AttributeTypeAndValue({str:'O=T1',rule='utf8'}) 3447 */ 3448 KJUR.asn1.x509.AttributeTypeAndValue = function(params) { 3449 KJUR.asn1.x509.AttributeTypeAndValue.superclass.constructor.call(this); 3450 this.sRule = "utf8"; 3451 this.sType = null; 3452 this.sValue = null; 3453 this.dsType = null; 3454 var _KJUR = KJUR, 3455 _KJUR_asn1 = _KJUR.asn1, 3456 _DERSequence = _KJUR_asn1.DERSequence, 3457 _DERUTF8String = _KJUR_asn1.DERUTF8String, 3458 _DERPrintableString = _KJUR_asn1.DERPrintableString, 3459 _DERTeletexString = _KJUR_asn1.DERTeletexString, 3460 _DERIA5String = _KJUR_asn1.DERIA5String, 3461 _DERVisibleString = _KJUR_asn1.DERVisibleString, 3462 _DERBMPString = _KJUR_asn1.DERBMPString, 3463 _isMail = _KJUR.lang.String.isMail, 3464 _isPrintable = _KJUR.lang.String.isPrintable; 3465 3466 this.setByParam = function(params) { 3467 if (params.rule !== undefined) this.sRule = params.rule; 3468 if (params.ds !== undefined) this.dsType = params.ds; 3469 3470 if (params.value === undefined && 3471 params.str !== undefined) { 3472 var str = params.str; 3473 var matchResult = str.match(/^([^=]+)=(.+)$/); 3474 if (matchResult) { 3475 this.sType = matchResult[1]; 3476 this.sValue = matchResult[2]; 3477 } else { 3478 throw new Error("malformed attrTypeAndValueStr: " + 3479 attrTypeAndValueStr); 3480 } 3481 3482 //this.setByString(params.str); 3483 } else { 3484 this.sType = params.type; 3485 this.sValue = params.value; 3486 } 3487 }; 3488 3489 /* 3490 * @deprecated 3491 */ 3492 this.setByString = function(sTypeValue, sRule) { 3493 if (sRule !== undefined) this.sRule = sRule; 3494 var matchResult = sTypeValue.match(/^([^=]+)=(.+)$/); 3495 if (matchResult) { 3496 this.setByAttrTypeAndValueStr(matchResult[1], matchResult[2]); 3497 } else { 3498 throw new Error("malformed attrTypeAndValueStr: " + 3499 attrTypeAndValueStr); 3500 } 3501 }; 3502 3503 this._getDsType = function() { 3504 var sType = this.sType; 3505 var sValue = this.sValue; 3506 var sRule = this.sRule; 3507 3508 if (sRule === "prn") { 3509 if (sType == "CN" && _isMail(sValue)) return "ia5"; 3510 if (_isPrintable(sValue)) return "prn"; 3511 return "utf8"; 3512 } else if (sRule === "utf8") { 3513 if (sType == "CN" && _isMail(sValue)) return "ia5"; 3514 if (sType == "C") return "prn"; 3515 return "utf8"; 3516 } 3517 return "utf8"; // default 3518 }; 3519 3520 this.setByAttrTypeAndValueStr = function(sType, sValue, sRule) { 3521 if (sRule !== undefined) this.sRule = sRule; 3522 this.sType = sType; 3523 this.sValue = sValue; 3524 }; 3525 3526 this.getValueObj = function(dsType, valueStr) { 3527 if (dsType == "utf8") return new _DERUTF8String({"str": valueStr}); 3528 if (dsType == "prn") return new _DERPrintableString({"str": valueStr}); 3529 if (dsType == "tel") return new _DERTeletexString({"str": valueStr}); 3530 if (dsType == "ia5") return new _DERIA5String({"str": valueStr}); 3531 if (dsType == "vis") return new _DERVisibleString({"str": valueStr}); 3532 if (dsType == "bmp") return new _DERBMPString({"str": valueStr}); 3533 throw new Error("unsupported directory string type: type=" + 3534 dsType + " value=" + valueStr); 3535 }; 3536 3537 this.tohex = function() { 3538 if (this.dsType == null) this.dsType = this._getDsType(); 3539 var asn1Type = KJUR.asn1.x509.OID.atype2obj(this.sType); 3540 var asn1Value = this.getValueObj(this.dsType, this.sValue); 3541 var o = new _DERSequence({"array": [asn1Type, asn1Value]}); 3542 this.TLV = o.tohex(); 3543 return this.TLV; 3544 } 3545 3546 this.getEncodedHex = function() { return this.tohex(); }; 3547 3548 if (params !== undefined) { 3549 this.setByParam(params); 3550 } 3551 }; 3552 extendClass(KJUR.asn1.x509.AttributeTypeAndValue, KJUR.asn1.ASN1Object); 3553 3554 // === END X500Name Related ================================================= 3555 3556 // === BEGIN Other ASN1 structure class ====================================== 3557 3558 /** 3559 * SubjectPublicKeyInfo ASN.1 structure class 3560 * @name KJUR.asn1.x509.SubjectPublicKeyInfo 3561 * @class SubjectPublicKeyInfo ASN.1 structure class 3562 * @param {Object} params parameter for subject public key 3563 * @extends KJUR.asn1.ASN1Object 3564 * @description 3565 * <br/> 3566 * As for argument 'params' for constructor, you can specify one of 3567 * following properties: 3568 * <ul> 3569 * <li>{@link RSAKey} object</li> 3570 * <li>{@link KJUR.crypto.ECDSA} object</li> 3571 * <li>{@link KJUR.crypto.DSA} object</li> 3572 * </ul> 3573 * NOTE1: 'params' can be omitted.<br/> 3574 * NOTE2: DSA/ECDSA key object is also supported since asn1x509 1.0.6.<br/> 3575 * <h4>EXAMPLE</h4> 3576 * @example 3577 * spki = new KJUR.asn1.x509.SubjectPublicKeyInfo(RSAKey_object); 3578 * spki = new KJUR.asn1.x509.SubjectPublicKeyInfo(KJURcryptoECDSA_object); 3579 * spki = new KJUR.asn1.x509.SubjectPublicKeyInfo(KJURcryptoDSA_object); 3580 */ 3581 KJUR.asn1.x509.SubjectPublicKeyInfo = function(params) { 3582 KJUR.asn1.x509.SubjectPublicKeyInfo.superclass.constructor.call(this); 3583 var asn1AlgId = null, 3584 asn1SubjPKey = null, 3585 _KJUR = KJUR, 3586 _KJUR_asn1 = _KJUR.asn1, 3587 _DERInteger = _KJUR_asn1.DERInteger, 3588 _DERBitString = _KJUR_asn1.DERBitString, 3589 _DERObjectIdentifier = _KJUR_asn1.DERObjectIdentifier, 3590 _DERSequence = _KJUR_asn1.DERSequence, 3591 _newObject = _KJUR_asn1.ASN1Util.newObject, 3592 _KJUR_asn1_x509 = _KJUR_asn1.x509, 3593 _AlgorithmIdentifier = _KJUR_asn1_x509.AlgorithmIdentifier, 3594 _KJUR_crypto = _KJUR.crypto, 3595 _KJUR_crypto_ECDSA = _KJUR_crypto.ECDSA, 3596 _KJUR_crypto_DSA = _KJUR_crypto.DSA; 3597 3598 /* 3599 * @since asn1x509 1.0.7 3600 */ 3601 this.getASN1Object = function() { 3602 if (this.asn1AlgId == null || this.asn1SubjPKey == null) 3603 throw "algId and/or subjPubKey not set"; 3604 var o = new _DERSequence({'array': 3605 [this.asn1AlgId, this.asn1SubjPKey]}); 3606 return o; 3607 }; 3608 3609 this.tohex = function() { 3610 var o = this.getASN1Object(); 3611 this.hTLV = o.tohex(); 3612 return this.hTLV; 3613 }; 3614 this.getEncodedHex = function() { return this.tohex(); }; 3615 3616 /** 3617 * @name setPubKey 3618 * @memberOf KJUR.asn1.x509.SubjectPublicKeyInfo# 3619 * @function 3620 * @param {Object} {@link RSAKey}, {@link KJUR.crypto.ECDSA} or {@link KJUR.crypto.DSA} object 3621 * @since jsrsasign 8.0.0 asn1x509 1.1.0 3622 * @description 3623 * @example 3624 * spki = new KJUR.asn1.x509.SubjectPublicKeyInfo(); 3625 * pubKey = KEYUTIL.getKey(PKCS8PUBKEYPEM); 3626 * spki.setPubKey(pubKey); 3627 */ 3628 this.setPubKey = function(key) { 3629 try { 3630 if (key instanceof RSAKey) { 3631 var asn1RsaPub = _newObject({ 3632 'seq': [{'int': {'bigint': key.n}}, {'int': {'int': key.e}}] 3633 }); 3634 var rsaKeyHex = asn1RsaPub.tohex(); 3635 this.asn1AlgId = new _AlgorithmIdentifier({'name':'rsaEncryption'}); 3636 this.asn1SubjPKey = new _DERBitString({'hex':'00'+rsaKeyHex}); 3637 } 3638 } catch(ex) {}; 3639 3640 try { 3641 if (key instanceof KJUR.crypto.ECDSA) { 3642 var asn1Params = new _DERObjectIdentifier({'name': key.curveName}); 3643 this.asn1AlgId = 3644 new _AlgorithmIdentifier({'name': 'ecPublicKey', 3645 'asn1params': asn1Params}); 3646 this.asn1SubjPKey = new _DERBitString({'hex': '00' + key.pubKeyHex}); 3647 } 3648 } catch(ex) {}; 3649 3650 try { 3651 if (key instanceof KJUR.crypto.DSA) { 3652 var asn1Params = new _newObject({ 3653 'seq': [{'int': {'bigint': key.p}}, 3654 {'int': {'bigint': key.q}}, 3655 {'int': {'bigint': key.g}}] 3656 }); 3657 this.asn1AlgId = 3658 new _AlgorithmIdentifier({'name': 'dsa', 3659 'asn1params': asn1Params}); 3660 var pubInt = new _DERInteger({'bigint': key.y}); 3661 this.asn1SubjPKey = 3662 new _DERBitString({'hex': '00' + pubInt.tohex()}); 3663 } 3664 } catch(ex) {}; 3665 }; 3666 3667 if (params !== undefined) { 3668 this.setPubKey(params); 3669 } 3670 }; 3671 extendClass(KJUR.asn1.x509.SubjectPublicKeyInfo, KJUR.asn1.ASN1Object); 3672 3673 /** 3674 * Time ASN.1 structure class<br/> 3675 * @name KJUR.asn1.x509.Time 3676 * @class Time ASN.1 structure class 3677 * @param {Array} params associative array of parameters (ex. {'str': '130508235959Z'}) 3678 * @extends KJUR.asn1.ASN1Object 3679 * @see KJUR.asn1.DERUTCTime 3680 * @see KJUR.asn1.DERGeneralizedTime 3681 * @description 3682 * This class represents Time ASN.1 structure defined in 3683 * <a href="https://tools.ietf.org/html/rfc5280">RFC 5280</a> 3684 * <pre> 3685 * Time ::= CHOICE { 3686 * utcTime UTCTime, 3687 * generalTime GeneralizedTime } 3688 * </pre> 3689 * 3690 * @example 3691 * var t1 = new KJUR.asn1.x509.Time{'str': '130508235959Z'} // UTCTime by default 3692 * var t2 = new KJUR.asn1.x509.Time{'type': 'gen', 'str': '20130508235959Z'} // GeneralizedTime 3693 */ 3694 KJUR.asn1.x509.Time = function(params) { 3695 KJUR.asn1.x509.Time.superclass.constructor.call(this); 3696 var type = null, 3697 timeParams = null, 3698 _KJUR = KJUR, 3699 _KJUR_asn1 = _KJUR.asn1, 3700 _DERUTCTime = _KJUR_asn1.DERUTCTime, 3701 _DERGeneralizedTime = _KJUR_asn1.DERGeneralizedTime; 3702 this.params = null; 3703 this.type = null; 3704 3705 // deprecated 3706 this.setTimeParams = function(timeParams) { 3707 this.timeParams = timeParams; 3708 } 3709 3710 this.setByParam = function(params) { 3711 this.params = params; 3712 }; 3713 3714 this.getType = function(s) { 3715 if (s.match(/^[0-9]{12}Z$/)) return "utc"; 3716 if (s.match(/^[0-9]{14}Z$/)) return "gen"; 3717 if (s.match(/^[0-9]{12}\.[0-9]+Z$/)) return "utc"; 3718 if (s.match(/^[0-9]{14}\.[0-9]+Z$/)) return "gen"; 3719 return null; 3720 }; 3721 3722 this.tohex = function() { 3723 var params = this.params; 3724 var o = null; 3725 3726 if (typeof params == "string") params = {str: params}; 3727 if (params != null && 3728 params.str && 3729 (params.type == null || params.type == undefined)) { 3730 params.type = this.getType(params.str); 3731 } 3732 3733 if (params != null && params.str) { 3734 if (params.type == "utc") o = new _DERUTCTime(params.str); 3735 if (params.type == "gen") o = new _DERGeneralizedTime(params.str); 3736 } else { 3737 if (this.type == "gen") { 3738 o = new _DERGeneralizedTime(); 3739 } else { 3740 o = new _DERUTCTime(); 3741 } 3742 } 3743 3744 if (o == null) throw new Error("wrong setting for Time"); 3745 this.TLV = o.tohex(); 3746 return this.TLV; 3747 }; 3748 this.getEncodedHex = function() { return this.tohex(); }; 3749 3750 if (params != undefined) this.setByParam(params); 3751 }; 3752 3753 KJUR.asn1.x509.Time_bak = function(params) { 3754 KJUR.asn1.x509.Time_bak.superclass.constructor.call(this); 3755 var type = null, 3756 timeParams = null, 3757 _KJUR = KJUR, 3758 _KJUR_asn1 = _KJUR.asn1, 3759 _DERUTCTime = _KJUR_asn1.DERUTCTime, 3760 _DERGeneralizedTime = _KJUR_asn1.DERGeneralizedTime; 3761 3762 this.setTimeParams = function(timeParams) { 3763 this.timeParams = timeParams; 3764 } 3765 3766 this.tohex = function() { 3767 var o = null; 3768 3769 if (this.timeParams != null) { 3770 if (this.type == "utc") { 3771 o = new _DERUTCTime(this.timeParams); 3772 } else { 3773 o = new _DERGeneralizedTime(this.timeParams); 3774 } 3775 } else { 3776 if (this.type == "utc") { 3777 o = new _DERUTCTime(); 3778 } else { 3779 o = new _DERGeneralizedTime(); 3780 } 3781 } 3782 this.TLV = o.tohex(); 3783 return this.TLV; 3784 }; 3785 this.getEncodedHex = function() { return this.tohex(); }; 3786 3787 this.type = "utc"; 3788 if (params !== undefined) { 3789 if (params.type !== undefined) { 3790 this.type = params.type; 3791 } else { 3792 if (params.str !== undefined) { 3793 if (params.str.match(/^[0-9]{12}Z$/)) this.type = "utc"; 3794 if (params.str.match(/^[0-9]{14}Z$/)) this.type = "gen"; 3795 } 3796 } 3797 this.timeParams = params; 3798 } 3799 }; 3800 extendClass(KJUR.asn1.x509.Time, KJUR.asn1.ASN1Object); 3801 3802 /** 3803 * AlgorithmIdentifier ASN.1 structure class 3804 * @name KJUR.asn1.x509.AlgorithmIdentifier 3805 * @class AlgorithmIdentifier ASN.1 structure class 3806 * @param {Array} params associative array of parameters (ex. {'name': 'SHA1withRSA'}) 3807 * @extends KJUR.asn1.ASN1Object 3808 * @description 3809 * The 'params' argument is an associative array and has following parameters: 3810 * <ul> 3811 * <li>name: algorithm name (MANDATORY, ex. sha1, SHA256withRSA)</li> 3812 * <li>asn1params: explicitly specify ASN.1 object for algorithm. 3813 * (OPTION)</li> 3814 * <li>paramempty: set algorithm parameter to NULL by force. 3815 * If paramempty is false, algorithm parameter will be set automatically. 3816 * If paramempty is false and algorithm name is "*withDSA" or "withECDSA" parameter field of 3817 * AlgorithmIdentifier will be ommitted otherwise 3818 * it will be NULL by default. 3819 * (OPTION, DEFAULT = false)</li> 3820 * </ul> 3821 * RSA-PSS algorithm names such as SHA{,256,384,512}withRSAandMGF1 are 3822 * special names. They will set a suite of algorithm OID and multiple algorithm 3823 * parameters. Its ASN.1 schema is defined in 3824 * <a href="https://tools.ietf.org/html/rfc3447#appendix-A.2.3">RFC 3447 PKCS#1 2.1 3825 * section A.2.3</a>. 3826 * <blockquote><pre> 3827 * id-RSASSA-PSS OBJECT IDENTIFIER ::= { pkcs-1 10 } 3828 * RSASSA-PSS-params ::= SEQUENCE { 3829 * hashAlgorithm [0] HashAlgorithm DEFAULT sha1, 3830 * maskGenAlgorithm [1] MaskGenAlgorithm DEFAULT mgf1SHA1, 3831 * saltLength [2] INTEGER DEFAULT 20, 3832 * trailerField [3] TrailerField DEFAULT trailerFieldBC } 3833 * mgf1SHA1 MaskGenAlgorithm ::= { 3834 * algorithm id-mgf1, 3835 * parameters HashAlgorithm : sha1 } 3836 * id-mgf1 OBJECT IDENTIFIER ::= { pkcs-1 8 } 3837 * TrailerField ::= INTEGER { trailerFieldBC(1) } 3838 * </pre></blockquote> 3839 * Here is a table for PSS parameters: 3840 * <table> 3841 * <tr><th>Name</th><th>alg oid</th><th>pss hash</th><th>maskgen</th></th><th>pss saltlen</th><th>trailer</th></tr> 3842 * <tr><td>SHAwithRSAandMGF1</td><td>1.2.840.113549.1.1.10(rsapss)</td><td>default(sha1)</td><td>default(mgf1sha1)</td><td>default(20)</td><td>default(1)</td></tr> 3843 * <tr><td>SHA256withRSAandMGF1</td><td>1.2.840.113549.1.1.10(rsapss)</td><td>sha256</td><td>mgf1sha256</td><td>32</td><td>default(1)</td></tr> 3844 * <tr><td>SHA384withRSAandMGF1</td><td>1.2.840.113549.1.1.10(rsapss)</td><td>sha384</td><td>mgf1sha384</td><td>48</td><td>default(1)</td></tr> 3845 * <tr><td>SHA512withRSAandMGF1</td><td>1.2.840.113549.1.1.10(rsapss)</td><td>sha512</td><td>mgf1sha512</td><td>64</td><td>default(1)</td></tr> 3846 * </table> 3847 * Default value is omitted as defined in ASN.1 schema. 3848 * These parameters are interoperable to OpenSSL or IAIK toolkit. 3849 * <br/> 3850 * NOTE: RSA-PSS algorihtm names are supported since jsrsasign 8.0.21. 3851 * @example 3852 * new KJUR.asn1.x509.AlgorithmIdentifier({name: "sha1"}) 3853 * new KJUR.asn1.x509.AlgorithmIdentifier({name: "SHA256withRSA"}) 3854 * new KJUR.asn1.x509.AlgorithmIdentifier({name: "SHA512withRSAandMGF1"}) // set parameters automatically 3855 * new KJUR.asn1.x509.AlgorithmIdentifier({name: "SHA256withRSA", paramempty: true}) 3856 * new KJUR.asn1.x509.AlgorithmIdentifier({name: "rsaEncryption"}) 3857 */ 3858 KJUR.asn1.x509.AlgorithmIdentifier = function(params) { 3859 KJUR.asn1.x509.AlgorithmIdentifier.superclass.constructor.call(this); 3860 this.nameAlg = null; 3861 this.asn1Alg = null; 3862 this.asn1Params = null; 3863 this.paramEmpty = false; 3864 3865 var _KJUR = KJUR, 3866 _KJUR_asn1 = _KJUR.asn1, 3867 _PSSNAME2ASN1TLV = _KJUR_asn1.x509.AlgorithmIdentifier.PSSNAME2ASN1TLV; 3868 3869 this.tohex = function() { 3870 if (this.nameAlg === null && this.asn1Alg === null) { 3871 throw new Error("algorithm not specified"); 3872 } 3873 3874 // for RSAPSS algorithm name 3875 // && this.hTLV === null 3876 if (this.nameAlg !== null) { 3877 var hTLV = null; 3878 for (var key in _PSSNAME2ASN1TLV) { 3879 if (key === this.nameAlg) { 3880 hTLV = _PSSNAME2ASN1TLV[key]; 3881 } 3882 } 3883 if (hTLV !== null) { 3884 this.hTLV = hTLV; 3885 return this.hTLV; 3886 } 3887 } 3888 3889 if (this.nameAlg !== null && this.asn1Alg === null) { 3890 this.asn1Alg = _KJUR_asn1.x509.OID.name2obj(this.nameAlg); 3891 } 3892 var a = [this.asn1Alg]; 3893 if (this.asn1Params !== null) a.push(this.asn1Params); 3894 3895 var o = new _KJUR_asn1.DERSequence({'array': a}); 3896 this.hTLV = o.tohex(); 3897 return this.hTLV; 3898 }; 3899 this.getEncodedHex = function() { return this.tohex(); }; 3900 3901 if (params !== undefined) { 3902 if (params.name !== undefined) { 3903 this.nameAlg = params.name; 3904 } 3905 if (params.asn1params !== undefined) { 3906 this.asn1Params = params.asn1params; 3907 } 3908 if (params.paramempty !== undefined) { 3909 this.paramEmpty = params.paramempty; 3910 } 3911 } 3912 3913 // set algorithm parameters will be ommitted for 3914 // "*withDSA" or "*withECDSA" otherwise will be NULL. 3915 if (this.asn1Params === null && 3916 this.paramEmpty === false && 3917 this.nameAlg !== null) { 3918 3919 if (this.nameAlg.name !== undefined) { 3920 this.nameAlg = this.nameAlg.name; 3921 } 3922 var lcNameAlg = this.nameAlg.toLowerCase(); 3923 3924 if (lcNameAlg.substr(-7, 7) !== "withdsa" && 3925 lcNameAlg.substr(-9, 9) !== "withecdsa") { 3926 this.asn1Params = new _KJUR_asn1.DERNull(); 3927 } 3928 } 3929 }; 3930 extendClass(KJUR.asn1.x509.AlgorithmIdentifier, KJUR.asn1.ASN1Object); 3931 3932 /** 3933 * AlgorithmIdentifier ASN.1 TLV string associative array for RSA-PSS algorithm names 3934 * @const 3935 */ 3936 KJUR.asn1.x509.AlgorithmIdentifier.PSSNAME2ASN1TLV = { 3937 "SHAwithRSAandMGF1": 3938 "300d06092a864886f70d01010a3000", 3939 "SHA256withRSAandMGF1": 3940 "303d06092a864886f70d01010a3030a00d300b0609608648016503040201a11a301806092a864886f70d010108300b0609608648016503040201a203020120", 3941 "SHA384withRSAandMGF1": 3942 "303d06092a864886f70d01010a3030a00d300b0609608648016503040202a11a301806092a864886f70d010108300b0609608648016503040202a203020130", 3943 "SHA512withRSAandMGF1": 3944 "303d06092a864886f70d01010a3030a00d300b0609608648016503040203a11a301806092a864886f70d010108300b0609608648016503040203a203020140" 3945 }; 3946 3947 /** 3948 * GeneralName ASN.1 structure class<br/> 3949 * @name KJUR.asn1.x509.GeneralName 3950 * @class GeneralName ASN.1 structure class 3951 * @see KJUR.asn1.x509.OtherName 3952 * @see KJUR.asn1.x509.X500Name 3953 * 3954 * @description 3955 * <br/> 3956 * As for argument 'params' for constructor, you can specify one of 3957 * following properties: 3958 * <ul> 3959 * <li>rfc822 - rfc822Name[1] (ex. user1@foo.com)</li> 3960 * <li>dns - dNSName[2] (ex. foo.com)</li> 3961 * <li>uri - uniformResourceIdentifier[6] (ex. http://foo.com/)</li> 3962 * <li>dn - directoryName[4] 3963 * distinguished name string or X500Name class parameters can be 3964 * specified (ex. "/C=US/O=Test", {hex: '301c...')</li> 3965 * <li>ldapdn - directoryName[4] (ex. O=Test,C=US)</li> 3966 * <li>certissuer - directoryName[4] (PEM or hex string of cert)</li> 3967 * <li>certsubj - directoryName[4] (PEM or hex string of cert)</li> 3968 * <li>ip - iPAddress[7] (ex. 192.168.1.1, 2001:db3::43, 3faa0101...)</li> 3969 * </ul> 3970 * NOTE1: certissuer and certsubj were supported since asn1x509 1.0.10.<br/> 3971 * NOTE2: dn and ldapdn were supported since jsrsasign 6.2.3 asn1x509 1.0.19.<br/> 3972 * NOTE3: ip were supported since jsrsasign 8.0.10 asn1x509 1.1.4.<br/> 3973 * NOTE4: X500Name parameters in dn were supported since jsrsasign 8.0.16.<br/> 3974 * NOTE5: otherName is supported since jsrsasign 10.5.3.<br/> 3975 * 3976 * Here is definition of the ASN.1 syntax: 3977 * <pre> 3978 * -- NOTE: under the CHOICE, it will always be explicit. 3979 * GeneralName ::= CHOICE { 3980 * otherName [0] OtherName, 3981 * rfc822Name [1] IA5String, 3982 * dNSName [2] IA5String, 3983 * x400Address [3] ORAddress, 3984 * directoryName [4] Name, 3985 * ediPartyName [5] EDIPartyName, 3986 * uniformResourceIdentifier [6] IA5String, 3987 * iPAddress [7] OCTET STRING, 3988 * registeredID [8] OBJECT IDENTIFIER } 3989 * 3990 * OtherName ::= SEQUENCE { 3991 * type-id OBJECT IDENTIFIER, 3992 * value [0] EXPLICIT ANY DEFINED BY type-id } 3993 * </pre> 3994 * 3995 * @example 3996 * gn = new KJUR.asn1.x509.GeneralName({dn: '/C=US/O=Test'}); 3997 * gn = new KJUR.asn1.x509.GeneralName({dn: X500NameObject); 3998 * gn = new KJUR.asn1.x509.GeneralName({dn: {str: /C=US/O=Test'}); 3999 * gn = new KJUR.asn1.x509.GeneralName({dn: {ldapstr: 'O=Test,C=US'}); 4000 * gn = new KJUR.asn1.x509.GeneralName({dn: {hex: '301c...'}); 4001 * gn = new KJUR.asn1.x509.GeneralName({dn: {certissuer: PEMCERTSTRING}); 4002 * gn = new KJUR.asn1.x509.GeneralName({dn: {certsubject: PEMCERTSTRING}); 4003 * gn = new KJUR.asn1.x509.GeneralName({ip: '192.168.1.1'}); 4004 * gn = new KJUR.asn1.x509.GeneralName({ip: '2001:db4::4:1'}); 4005 * gn = new KJUR.asn1.x509.GeneralName({ip: 'c0a80101'}); 4006 * gn = new KJUR.asn1.x509.GeneralName({rfc822: 'test@aaa.com'}); 4007 * gn = new KJUR.asn1.x509.GeneralName({dns: 'aaa.com'}); 4008 * gn = new KJUR.asn1.x509.GeneralName({uri: 'http://aaa.com/'}); 4009 * gn = new KJUR.asn1.x509.GeneralName({other: { 4010 * oid: "1.2.3.4", 4011 * value: {utf8: "example"} // any ASN.1 which passed to ASN1Util.newObject 4012 * }}); 4013 * 4014 * gn = new KJUR.asn1.x509.GeneralName({ldapdn: 'O=Test,C=US'}); // DEPRECATED 4015 * gn = new KJUR.asn1.x509.GeneralName({certissuer: certPEM}); // DEPRECATED 4016 * gn = new KJUR.asn1.x509.GeneralName({certsubj: certPEM}); // DEPRECATED 4017 */ 4018 KJUR.asn1.x509.GeneralName = function(params) { 4019 KJUR.asn1.x509.GeneralName.superclass.constructor.call(this); 4020 4021 var pTag = { rfc822: '81', dns: '82', dn: 'a4', 4022 uri: '86', ip: '87', otherName: 'a0'}, 4023 _KJUR = KJUR, 4024 _KJUR_asn1 = _KJUR.asn1, 4025 _KJUR_asn1_x509 = _KJUR_asn1.x509, 4026 _X500Name = _KJUR_asn1_x509.X500Name, 4027 _OtherName = _KJUR_asn1_x509.OtherName, 4028 _DERIA5String = _KJUR_asn1.DERIA5String, 4029 _DERPrintableString = _KJUR_asn1.DERPrintableString, 4030 _DEROctetString = _KJUR_asn1.DEROctetString, 4031 _DERTaggedObject = _KJUR_asn1.DERTaggedObject, 4032 _ASN1Object = _KJUR_asn1.ASN1Object, 4033 _Error = Error; 4034 4035 this.params = null; 4036 4037 this.setByParam = function(params) { 4038 this.params = params; 4039 }; 4040 4041 this.tohex = function() { 4042 var params = this.params; 4043 var hTag, explicitFlag, dObj; 4044 var explicitFlag = false; 4045 if (params.other !== undefined) { 4046 hTag = "a0", 4047 dObj = new _OtherName(params.other); 4048 } else if (params.rfc822 !== undefined) { 4049 hTag = "81"; 4050 dObj = new _DERIA5String({str: params.rfc822}); 4051 } else if (params.dns !== undefined) { 4052 hTag = "82"; 4053 dObj = new _DERIA5String({str: params.dns}); 4054 } else if (params.dn !== undefined) { 4055 hTag = "a4"; 4056 explicitFlag = true; 4057 if (typeof params.dn === "string") { 4058 dObj = new _X500Name({str: params.dn}); 4059 } else if (params.dn instanceof KJUR.asn1.x509.X500Name) { 4060 dObj = params.dn; 4061 } else { 4062 dObj = new _X500Name(params.dn); 4063 } 4064 } else if (params.ldapdn !== undefined) { 4065 hTag = "a4"; 4066 explicitFlag = true; 4067 dObj = new _X500Name({ldapstr: params.ldapdn}); 4068 } else if (params.certissuer !== undefined || 4069 params.certsubj !== undefined) { 4070 hTag = "a4"; 4071 explicitFlag = true; 4072 var isIssuer, certStr; 4073 var certHex = null; 4074 if (params.certsubj !== undefined) { 4075 isIssuer = false; 4076 certStr = params.certsubj; 4077 } else { 4078 isIssuer = true; 4079 certStr = params.certissuer; 4080 } 4081 4082 if (certStr.match(/^[0-9A-Fa-f]+$/)) { 4083 certHex == certStr; 4084 } 4085 if (certStr.indexOf("-----BEGIN ") != -1) { 4086 certHex = pemtohex(certStr); 4087 } 4088 if (certHex == null) 4089 throw new Error("certsubj/certissuer not cert"); 4090 4091 var x = new X509(); 4092 x.hex = certHex; 4093 4094 var hDN; 4095 if (isIssuer) { 4096 hDN = x.getIssuerHex(); 4097 } else { 4098 hDN = x.getSubjectHex(); 4099 } 4100 dObj = new _ASN1Object(); 4101 dObj.hTLV = hDN; 4102 } else if (params.uri !== undefined) { 4103 hTag = "86"; 4104 dObj = new _DERIA5String({str: params.uri}); 4105 } else if (params.ip !== undefined) { 4106 hTag = "87"; 4107 var hIP; 4108 var ip = params.ip; 4109 try { 4110 if (ip.match(/^[0-9a-f]+$/)) { 4111 var len = ip.length; 4112 if (len == 8 || len == 16 || len == 32 || len == 64) { 4113 hIP = ip; 4114 } else { 4115 throw "err"; 4116 } 4117 } else { 4118 hIP = iptohex(ip); 4119 } 4120 } catch(ex) { 4121 throw new _Error("malformed IP address: " + params.ip + ":" + ex.message); 4122 } 4123 dObj = new _DEROctetString({hex: hIP}); 4124 } else { 4125 throw new _Error("improper params"); 4126 } 4127 4128 var dTag = new _DERTaggedObject({tag: hTag, 4129 explicit: explicitFlag, 4130 obj: dObj}); 4131 return dTag.tohex(); 4132 }; 4133 this.getEncodedHex = function() { return this.tohex(); }; 4134 4135 if (params !== undefined) this.setByParam(params); 4136 }; 4137 extendClass(KJUR.asn1.x509.GeneralName, KJUR.asn1.ASN1Object); 4138 4139 /** 4140 * GeneralNames ASN.1 structure class<br/> 4141 * @name KJUR.asn1.x509.GeneralNames 4142 * @class GeneralNames ASN.1 structure class 4143 * @description 4144 * <br/> 4145 * <h4>EXAMPLE AND ASN.1 SYNTAX</h4> 4146 * @example 4147 * gns = new KJUR.asn1.x509.GeneralNames([{'uri': 'http://aaa.com/'}, {'uri': 'http://bbb.com/'}]); 4148 * 4149 * GeneralNames ::= SEQUENCE SIZE (1..MAX) OF GeneralName 4150 */ 4151 KJUR.asn1.x509.GeneralNames = function(paramsArray) { 4152 KJUR.asn1.x509.GeneralNames.superclass.constructor.call(this); 4153 var asn1Array = null, 4154 _KJUR = KJUR, 4155 _KJUR_asn1 = _KJUR.asn1; 4156 4157 /** 4158 * set a array of {@link KJUR.asn1.x509.GeneralName} parameters<br/> 4159 * @name setByParamArray 4160 * @memberOf KJUR.asn1.x509.GeneralNames# 4161 * @function 4162 * @param {Array} paramsArray Array of {@link KJUR.asn1.x509.GeneralNames} 4163 * @description 4164 * <br/> 4165 * <h4>EXAMPLES</h4> 4166 * @example 4167 * gns = new KJUR.asn1.x509.GeneralNames(); 4168 * gns.setByParamArray([{uri: 'http://aaa.com/'}, {uri: 'http://bbb.com/'}]); 4169 */ 4170 this.setByParamArray = function(paramsArray) { 4171 for (var i = 0; i < paramsArray.length; i++) { 4172 var o = new _KJUR_asn1.x509.GeneralName(paramsArray[i]); 4173 this.asn1Array.push(o); 4174 } 4175 }; 4176 4177 this.tohex = function() { 4178 var o = new _KJUR_asn1.DERSequence({'array': this.asn1Array}); 4179 return o.tohex(); 4180 }; 4181 this.getEncodedHex = function() { return this.tohex(); }; 4182 4183 this.asn1Array = new Array(); 4184 if (typeof paramsArray != "undefined") { 4185 this.setByParamArray(paramsArray); 4186 } 4187 }; 4188 extendClass(KJUR.asn1.x509.GeneralNames, KJUR.asn1.ASN1Object); 4189 4190 /** 4191 * OtherName of GeneralName ASN.1 structure class<br/> 4192 * @name KJUR.asn1.x509.OtherName 4193 * @class OtherName ASN.1 structure class 4194 * @since jsrsasign 10.5.3 asn1x509 2.1.12 4195 * @see KJUR.asn1.x509.GeneralName 4196 * @see KJUR.asn1.ASN1Util.newObject 4197 * 4198 * @description 4199 * This class is for OtherName of GeneralName ASN.1 structure. 4200 * Constructor has two members: 4201 * <ul> 4202 * <li>oid - oid string (ex. "1.2.3.4")</li> 4203 * <li>value - associative array passed to ASN1Util.newObject</li> 4204 * </ul> 4205 * 4206 * <pre> 4207 * OtherName ::= SEQUENCE { 4208 * type-id OBJECT IDENTIFIER, 4209 * value [0] EXPLICIT ANY DEFINED BY type-id } 4210 * </pre> 4211 * 4212 * @example 4213 * new KJUR.asn1.x509.OtherName({ 4214 * oid: "1.2.3.4", 4215 * value: {prnstr: {str: "abc"}} 4216 * }) 4217 */ 4218 KJUR.asn1.x509.OtherName = function(params) { 4219 KJUR.asn1.x509.OtherName.superclass.constructor.call(this); 4220 4221 var asn1Obj = null, 4222 type = null, 4223 _KJUR = KJUR, 4224 _KJUR_asn1 = _KJUR.asn1, 4225 _DERObjectIdentifier = _KJUR_asn1.DERObjectIdentifier, 4226 _DERSequence = _KJUR_asn1.DERSequence, 4227 _newObject = _KJUR_asn1.ASN1Util.newObject; 4228 4229 this.params = null; 4230 4231 this.setByParam = function(params) { 4232 this.params = params; 4233 }; 4234 4235 this.tohex = function() { 4236 var params = this.params; 4237 4238 if (params.oid == undefined || params.value == undefined) 4239 throw new Error("oid or value not specified"); 4240 4241 var dOid = new _DERObjectIdentifier({oid: params.oid}); 4242 var dValue = _newObject({tag: {tag: "a0", 4243 explicit: true, 4244 obj: params.value}}); 4245 var dSeq = new _DERSequence({array: [dOid, dValue]}); 4246 4247 return dSeq.tohex(); 4248 }; 4249 this.getEncodedHex = function() { return this.tohex(); }; 4250 4251 if (params !== undefined) this.setByParam(params); 4252 }; 4253 extendClass(KJUR.asn1.x509.OtherName, KJUR.asn1.ASN1Object); 4254 4255 /** 4256 * static object for OID 4257 * @name KJUR.asn1.x509.OID 4258 * @class static object for OID 4259 * @property {Assoc Array} atype2oidList for short attribute type name and oid (ex. 'C' and '2.5.4.6') 4260 * @property {Assoc Array} name2oidList for oid name and oid (ex. 'keyUsage' and '2.5.29.15') 4261 * @property {Assoc Array} objCache for caching name and DERObjectIdentifier object 4262 * 4263 * @description 4264 * This class defines OID name and values. 4265 * AttributeType names registered in OID.atype2oidList are following: 4266 * <table style="border-width: thin; border-style: solid; witdh: 100%"> 4267 * <tr><th>short</th><th>long</th><th>OID</th></tr> 4268 * <tr><td>CN</td>commonName<td></td><td>2.5.4.3</td></tr> 4269 * <tr><td>L</td><td>localityName</td><td>2.5.4.7</td></tr> 4270 * <tr><td>ST</td><td>stateOrProvinceName</td><td>2.5.4.8</td></tr> 4271 * <tr><td>O</td><td>organizationName</td><td>2.5.4.10</td></tr> 4272 * <tr><td>OU</td><td>organizationalUnitName</td><td>2.5.4.11</td></tr> 4273 * <tr><td>C</td><td></td>countryName<td>2.5.4.6</td></tr> 4274 * <tr><td>STREET</td>streetAddress<td></td><td>2.5.4.6</td></tr> 4275 * <tr><td>DC</td><td>domainComponent</td><td>0.9.2342.19200300.100.1.25</td></tr> 4276 * <tr><td>UID</td><td>userId</td><td>0.9.2342.19200300.100.1.1</td></tr> 4277 * <tr><td>SN</td><td>surname</td><td>2.5.4.4</td></tr> 4278 * <tr><td>DN</td><td>distinguishedName</td><td>2.5.4.49</td></tr> 4279 * <tr><td>E</td><td>emailAddress</td><td>1.2.840.113549.1.9.1</td></tr> 4280 * <tr><td></td><td>businessCategory</td><td>2.5.4.15</td></tr> 4281 * <tr><td></td><td>postalCode</td><td>2.5.4.17</td></tr> 4282 * <tr><td></td><td>jurisdictionOfIncorporationL</td><td>1.3.6.1.4.1.311.60.2.1.1</td></tr> 4283 * <tr><td></td><td>jurisdictionOfIncorporationSP</td><td>1.3.6.1.4.1.311.60.2.1.2</td></tr> 4284 * <tr><td></td><td>jurisdictionOfIncorporationC</td><td>1.3.6.1.4.1.311.60.2.1.3</td></tr> 4285 * </table> 4286 * 4287 * @example 4288 */ 4289 KJUR.asn1.x509.OID = new function() { 4290 var _DERObjectIdentifier = KJUR.asn1.DERObjectIdentifier; 4291 4292 this.name2oidList = { 4293 'sha1': '1.3.14.3.2.26', 4294 'sha256': '2.16.840.1.101.3.4.2.1', 4295 'sha384': '2.16.840.1.101.3.4.2.2', 4296 'sha512': '2.16.840.1.101.3.4.2.3', 4297 'sha224': '2.16.840.1.101.3.4.2.4', 4298 'md5': '1.2.840.113549.2.5', 4299 'md2': '1.3.14.7.2.2.1', 4300 'ripemd160': '1.3.36.3.2.1', 4301 4302 'MD2withRSA': '1.2.840.113549.1.1.2', 4303 'MD4withRSA': '1.2.840.113549.1.1.3', 4304 'MD5withRSA': '1.2.840.113549.1.1.4', 4305 'SHA1withRSA': '1.2.840.113549.1.1.5', 4306 'pkcs1-MGF': '1.2.840.113549.1.1.8', 4307 'rsaPSS': '1.2.840.113549.1.1.10', 4308 'SHA224withRSA': '1.2.840.113549.1.1.14', 4309 'SHA256withRSA': '1.2.840.113549.1.1.11', 4310 'SHA384withRSA': '1.2.840.113549.1.1.12', 4311 'SHA512withRSA': '1.2.840.113549.1.1.13', 4312 4313 'SHA1withECDSA': '1.2.840.10045.4.1', 4314 'SHA224withECDSA': '1.2.840.10045.4.3.1', 4315 'SHA256withECDSA': '1.2.840.10045.4.3.2', 4316 'SHA384withECDSA': '1.2.840.10045.4.3.3', 4317 'SHA512withECDSA': '1.2.840.10045.4.3.4', 4318 4319 'dsa': '1.2.840.10040.4.1', 4320 'SHA1withDSA': '1.2.840.10040.4.3', 4321 'SHA224withDSA': '2.16.840.1.101.3.4.3.1', 4322 'SHA256withDSA': '2.16.840.1.101.3.4.3.2', 4323 4324 'rsaEncryption': '1.2.840.113549.1.1.1', 4325 4326 // X.500 AttributeType defined in RFC 4514 4327 'commonName': '2.5.4.3', 4328 'countryName': '2.5.4.6', 4329 'localityName': '2.5.4.7', 4330 'stateOrProvinceName': '2.5.4.8', 4331 'streetAddress': '2.5.4.9', 4332 'organizationName': '2.5.4.10', 4333 'organizationalUnitName': '2.5.4.11', 4334 'domainComponent': '0.9.2342.19200300.100.1.25', 4335 'userId': '0.9.2342.19200300.100.1.1', 4336 // other AttributeType name string 4337 'surname': '2.5.4.4', 4338 'givenName': '2.5.4.42', 4339 'title': '2.5.4.12', 4340 'distinguishedName': '2.5.4.49', 4341 'emailAddress': '1.2.840.113549.1.9.1', 4342 // other AttributeType name string (no short name) 4343 'description': '2.5.4.13', 4344 'businessCategory': '2.5.4.15', 4345 'postalCode': '2.5.4.17', 4346 'uniqueIdentifier': '2.5.4.45', 4347 'organizationIdentifier': '2.5.4.97', 4348 'jurisdictionOfIncorporationL': '1.3.6.1.4.1.311.60.2.1.1', 4349 'jurisdictionOfIncorporationSP':'1.3.6.1.4.1.311.60.2.1.2', 4350 'jurisdictionOfIncorporationC': '1.3.6.1.4.1.311.60.2.1.3', 4351 4352 'subjectDirectoryAttributes': '2.5.29.9', 4353 'subjectKeyIdentifier': '2.5.29.14', 4354 'keyUsage': '2.5.29.15', 4355 'subjectAltName': '2.5.29.17', 4356 'issuerAltName': '2.5.29.18', 4357 'basicConstraints': '2.5.29.19', 4358 'cRLNumber': '2.5.29.20', 4359 'cRLReason': '2.5.29.21', 4360 'nameConstraints': '2.5.29.30', 4361 'cRLDistributionPoints':'2.5.29.31', 4362 'certificatePolicies': '2.5.29.32', 4363 'anyPolicy': '2.5.29.32.0', 4364 'authorityKeyIdentifier':'2.5.29.35', 4365 'policyConstraints': '2.5.29.36', 4366 'extKeyUsage': '2.5.29.37', 4367 'authorityInfoAccess': '1.3.6.1.5.5.7.1.1', 4368 'ocsp': '1.3.6.1.5.5.7.48.1', 4369 'ocspBasic': '1.3.6.1.5.5.7.48.1.1', 4370 'ocspNonce': '1.3.6.1.5.5.7.48.1.2', 4371 'ocspNoCheck': '1.3.6.1.5.5.7.48.1.5', 4372 'caIssuers': '1.3.6.1.5.5.7.48.2', 4373 4374 'anyExtendedKeyUsage': '2.5.29.37.0', 4375 'serverAuth': '1.3.6.1.5.5.7.3.1', 4376 'clientAuth': '1.3.6.1.5.5.7.3.2', 4377 'codeSigning': '1.3.6.1.5.5.7.3.3', 4378 'emailProtection': '1.3.6.1.5.5.7.3.4', 4379 'timeStamping': '1.3.6.1.5.5.7.3.8', 4380 'ocspSigning': '1.3.6.1.5.5.7.3.9', 4381 4382 'dateOfBirth': '1.3.6.1.5.5.7.9.1', 4383 'placeOfBirth': '1.3.6.1.5.5.7.9.2', 4384 'gender': '1.3.6.1.5.5.7.9.3', 4385 'countryOfCitizenship': '1.3.6.1.5.5.7.9.4', 4386 'countryOfResidence': '1.3.6.1.5.5.7.9.5', 4387 4388 'ecPublicKey': '1.2.840.10045.2.1', 4389 'P-256': '1.2.840.10045.3.1.7', 4390 'secp256r1': '1.2.840.10045.3.1.7', 4391 'secp256k1': '1.3.132.0.10', 4392 'secp384r1': '1.3.132.0.34', 4393 'secp521r1': '1.3.132.0.35', 4394 4395 'pkcs5PBES2': '1.2.840.113549.1.5.13', 4396 'pkcs5PBKDF2': '1.2.840.113549.1.5.12', 4397 4398 'des-EDE3-CBC': '1.2.840.113549.3.7', 4399 4400 'data': '1.2.840.113549.1.7.1', // CMS data 4401 'signed-data': '1.2.840.113549.1.7.2', // CMS signed-data 4402 'enveloped-data': '1.2.840.113549.1.7.3', // CMS enveloped-data 4403 'digested-data': '1.2.840.113549.1.7.5', // CMS digested-data 4404 'encrypted-data': '1.2.840.113549.1.7.6', // CMS encrypted-data 4405 'authenticated-data': '1.2.840.113549.1.9.16.1.2', // CMS authenticated-data 4406 'tstinfo': '1.2.840.113549.1.9.16.1.4', // RFC3161 TSTInfo 4407 'signingCertificate': '1.2.840.113549.1.9.16.2.12',// SMIME 4408 'timeStampToken': '1.2.840.113549.1.9.16.2.14',// sigTS 4409 'signaturePolicyIdentifier': '1.2.840.113549.1.9.16.2.15',// cades 4410 'etsArchiveTimeStamp': '1.2.840.113549.1.9.16.2.27',// SMIME 4411 'signingCertificateV2': '1.2.840.113549.1.9.16.2.47',// SMIME 4412 'etsArchiveTimeStampV2':'1.2.840.113549.1.9.16.2.48',// SMIME 4413 'extensionRequest': '1.2.840.113549.1.9.14',// CSR extensionRequest 4414 'contentType': '1.2.840.113549.1.9.3',//PKCS#9 4415 'messageDigest': '1.2.840.113549.1.9.4',//PKCS#9 4416 'signingTime': '1.2.840.113549.1.9.5',//PKCS#9 4417 'counterSignature': '1.2.840.113549.1.9.6',//PKCS#9 4418 'archiveTimeStampV3': '0.4.0.1733.2.4',//ETSI EN29319122/TS101733 4419 'pdfRevocationInfoArchival':'1.2.840.113583.1.1.8', //Adobe 4420 'adobeTimeStamp': '1.2.840.113583.1.1.9.1', // Adobe 4421 }; 4422 4423 this.atype2oidList = { 4424 // RFC 4514 AttributeType name string (MUST recognized) 4425 'CN': '2.5.4.3', 4426 'L': '2.5.4.7', 4427 'ST': '2.5.4.8', 4428 'O': '2.5.4.10', 4429 'OU': '2.5.4.11', 4430 'C': '2.5.4.6', 4431 'STREET': '2.5.4.9', 4432 'DC': '0.9.2342.19200300.100.1.25', 4433 'UID': '0.9.2342.19200300.100.1.1', 4434 // other AttributeType name string 4435 // http://blog.livedoor.jp/k_urushima/archives/656114.html 4436 'SN': '2.5.4.4', // surname 4437 'T': '2.5.4.12', // title 4438 'DN': '2.5.4.49', // distinguishedName 4439 'E': '1.2.840.113549.1.9.1', // emailAddress in MS.NET or Bouncy 4440 // other AttributeType name string (no short name) 4441 'description': '2.5.4.13', 4442 'businessCategory': '2.5.4.15', 4443 'postalCode': '2.5.4.17', 4444 'serialNumber': '2.5.4.5', 4445 'uniqueIdentifier': '2.5.4.45', 4446 'organizationIdentifier': '2.5.4.97', 4447 'jurisdictionOfIncorporationL': '1.3.6.1.4.1.311.60.2.1.1', 4448 'jurisdictionOfIncorporationSP':'1.3.6.1.4.1.311.60.2.1.2', 4449 'jurisdictionOfIncorporationC': '1.3.6.1.4.1.311.60.2.1.3' 4450 }; 4451 4452 this.objCache = {}; 4453 4454 /** 4455 * get DERObjectIdentifier by registered OID name 4456 * @name name2obj 4457 * @memberOf KJUR.asn1.x509.OID 4458 * @function 4459 * @param {String} name OID 4460 * @return {Object} DERObjectIdentifier instance 4461 * @see KJUR.asn1.DERObjectIdentifier 4462 * 4463 * @description 4464 * This static method returns DERObjectIdentifier object 4465 * for the specified OID. 4466 * 4467 * @example 4468 * var asn1ObjOID = KJUR.asn1.x509.OID.name2obj('SHA1withRSA'); 4469 */ 4470 this.name2obj = function(name) { 4471 if (typeof this.objCache[name] != "undefined") 4472 return this.objCache[name]; 4473 if (typeof this.name2oidList[name] == "undefined") 4474 throw "Name of ObjectIdentifier not defined: " + name; 4475 var oid = this.name2oidList[name]; 4476 var obj = new _DERObjectIdentifier({'oid': oid}); 4477 this.objCache[name] = obj; 4478 return obj; 4479 }; 4480 4481 /** 4482 * get DERObjectIdentifier by registered attribute type name such like 'C' or 'CN'<br/> 4483 * @name atype2obj 4484 * @memberOf KJUR.asn1.x509.OID 4485 * @function 4486 * @param {String} atype short attribute type name such like 'C', 'CN' or OID 4487 * @return KJUR.asn1.DERObjectIdentifier instance 4488 * @description 4489 * @example 4490 * KJUR.asn1.x509.OID.atype2obj('CN') → DERObjectIdentifier of 2.5.4.3 4491 * KJUR.asn1.x509.OID.atype2obj('OU') → DERObjectIdentifier of 2.5.4.11 4492 * KJUR.asn1.x509.OID.atype2obj('streetAddress') → DERObjectIdentifier of 2.5.4.9 4493 * KJUR.asn1.x509.OID.atype2obj('2.5.4.9') → DERObjectIdentifier of 2.5.4.9 4494 */ 4495 this.atype2obj = function(atype) { 4496 if (this.objCache[atype] !== undefined) 4497 return this.objCache[atype]; 4498 4499 var oid; 4500 4501 if (atype.match(/^\d+\.\d+\.[0-9.]+$/)) { 4502 oid = atype; 4503 } else if (this.atype2oidList[atype] !== undefined) { 4504 oid = this.atype2oidList[atype]; 4505 } else if (this.name2oidList[atype] !== undefined) { 4506 oid = this.name2oidList[atype]; 4507 } else { 4508 throw new Error("AttributeType name undefined: " + atype); 4509 } 4510 var obj = new _DERObjectIdentifier({'oid': oid}); 4511 this.objCache[atype] = obj; 4512 return obj; 4513 }; 4514 4515 /** 4516 * register OID list<br/> 4517 * @name registerOIDs 4518 * @memberOf KJUR.asn1.x509.OID 4519 * @function 4520 * @param {object} oids associative array of names and oids 4521 * @since jsrsasign 10.5.2 asn1x509 2.1.11 4522 * @see KJUR.asn1.x509.OID.checkOIDs 4523 * 4524 * @description 4525 * This static method to register an oids to existing list 4526 * additionally. 4527 * 4528 * @example 4529 * KJUR.asn1.x509.OID.checkOIDs({ 4530 * "test1": "4.5.7.8" 4531 * }) // do nothing for invalid list 4532 * 4533 * KJUR.asn1.x509.OID.registerOIDs({ 4534 * "test1": "1.2.3", 4535 * "test2": "0.2.3.4.23", 4536 * }) // successfully registered 4537 * 4538 * KJUR.asn1.x509.OID.name2oid("test1") → "1.2.3" 4539 */ 4540 this.registerOIDs = function(oids) { 4541 if (! this.checkOIDs(oids)) return; 4542 for (var name in oids) { 4543 this.name2oidList[name] = oids[name]; 4544 } 4545 }; 4546 4547 /** 4548 * check validity for OID list<br/> 4549 * @name checkOIDs 4550 * @memberOf KJUR.asn1.x509.OID 4551 * @function 4552 * @param {object} oids associative array of names and oids 4553 * @return {boolean} return true when valid OID list otherwise false 4554 * @since jsrsasign 10.5.2 asn1x509 2.1.11 4555 * @see KJUR.asn1.x509.OID.registOIDs 4556 * 4557 * @description 4558 * This static method validates an associative array 4559 * as oid list. 4560 * 4561 * @example 4562 * KJUR.asn1.x509.OID.checkOIDs(*non-assoc-array*) → false 4563 * KJUR.asn1.x509.OID.checkOIDs({}) → false 4564 * KJUR.asn1.x509.OID.checkOIDs({"test1": "apple"}) → false 4565 * KJUR.asn1.x509.OID.checkOIDs({ 4566 * "test1": "1.2.3", 4567 * "test2": "0.2.3.4.23", 4568 * }) → true // valid oids 4569 * KJUR.asn1.x509.OID.checkOIDs({ 4570 * "test1": "4.5.7.8" 4571 * }) → false // invalid oid 4572 */ 4573 this.checkOIDs = function(oids) { 4574 try { 4575 var nameList = Object.keys(oids); 4576 if (nameList.length == 0) 4577 return false; 4578 nameList.map(function(value, index, array) { 4579 var oid = this[value]; 4580 if (! oid.match(/^[0-2]\.[0-9.]+$/)) 4581 throw new Error("value is not OID"); 4582 }, oids); 4583 return true; 4584 } catch(ex) { 4585 return false; 4586 } 4587 }; 4588 4589 4590 }; 4591 4592 /** 4593 * convert OID to name<br/> 4594 * @name oid2name 4595 * @memberOf KJUR.asn1.x509.OID 4596 * @function 4597 * @param {String} oid dot noted Object Identifer string (ex. 1.2.3.4) 4598 * @return {String} OID name if registered otherwise empty string 4599 * @since asn1x509 1.0.9 4600 * @description 4601 * This static method converts OID string to its name. 4602 * If OID is undefined then it returns empty string (i.e. ''). 4603 * @example 4604 * KJUR.asn1.x509.OID.oid2name("1.3.6.1.5.5.7.1.1") → 'authorityInfoAccess' 4605 */ 4606 KJUR.asn1.x509.OID.oid2name = function(oid) { 4607 var list = KJUR.asn1.x509.OID.name2oidList; 4608 for (var name in list) { 4609 if (list[name] == oid) return name; 4610 } 4611 return ''; 4612 }; 4613 4614 /** 4615 * convert OID to AttributeType name<br/> 4616 * @name oid2atype 4617 * @memberOf KJUR.asn1.x509.OID 4618 * @function 4619 * @param {String} oid dot noted Object Identifer string (ex. 1.2.3.4) 4620 * @return {String} OID AttributeType name if registered otherwise oid 4621 * @since jsrsasign 6.2.2 asn1x509 1.0.18 4622 * @description 4623 * This static method converts OID string to its AttributeType name. 4624 * If OID is not defined in OID.atype2oidList associative array then it returns OID 4625 * specified as argument. 4626 * @example 4627 * KJUR.asn1.x509.OID.oid2atype("2.5.4.3") → CN 4628 * KJUR.asn1.x509.OID.oid2atype("1.3.6.1.4.1.311.60.2.1.3") → jurisdictionOfIncorporationC 4629 * KJUR.asn1.x509.OID.oid2atype("0.1.2.3.4") → 0.1.2.3.4 // unregistered OID 4630 */ 4631 KJUR.asn1.x509.OID.oid2atype = function(oid) { 4632 var list = KJUR.asn1.x509.OID.atype2oidList; 4633 for (var atype in list) { 4634 if (list[atype] == oid) return atype; 4635 } 4636 return oid; 4637 }; 4638 4639 /** 4640 * convert OID name to OID value<br/> 4641 * @name name2oid 4642 * @memberOf KJUR.asn1.x509.OID 4643 * @function 4644 * @param {String} name OID name or OID (ex. "sha1" or "1.2.3.4") 4645 * @return {String} dot noted Object Identifer string (ex. 1.2.3.4) 4646 * @since asn1x509 1.0.11 4647 * @description 4648 * This static method converts from OID name to OID string. 4649 * If OID is undefined then it returns empty string (i.e. ''). 4650 * @example 4651 * KJUR.asn1.x509.OID.name2oid("authorityInfoAccess") → "1.3.6.1.5.5.7.1.1" 4652 * KJUR.asn1.x509.OID.name2oid("1.2.3.4") → "1.2.3.4" 4653 * KJUR.asn1.x509.OID.name2oid("UNKNOWN NAME") → "" 4654 */ 4655 KJUR.asn1.x509.OID.name2oid = function(name) { 4656 if (name.match(/^[0-9.]+$/)) return name; 4657 var list = KJUR.asn1.x509.OID.name2oidList; 4658 if (list[name] === undefined) return ''; 4659 return list[name]; 4660 }; 4661 4662 /** 4663 * X.509 certificate and CRL utilities class<br/> 4664 * @name KJUR.asn1.x509.X509Util 4665 * @class X.509 certificate and CRL utilities class 4666 */ 4667 KJUR.asn1.x509.X509Util = {}; 4668 4669 /** 4670 * issue a certificate in PEM format (DEPRECATED) 4671 * @name newCertPEM 4672 * @memberOf KJUR.asn1.x509.X509Util 4673 * @function 4674 * @param {Array} param JSON object of parameter to issue a certificate 4675 * @since asn1x509 1.0.6 4676 * @deprecated since jsrsasign 9.0.0 asn1x509 2.0.0. please move to {@link KJUR.asn1.x509.Certificate} constructor 4677 * @description 4678 * This method can issue a certificate by a simple 4679 * JSON object. 4680 * Signature value will be provided by signing with 4681 * private key using 'cakey' parameter or 4682 * hexadecimal signature value by 'sighex' parameter. 4683 * <br/> 4684 * NOTE: Algorithm parameter of AlgorithmIdentifier will 4685 * be set automatically by default. 4686 * (see {@link KJUR.asn1.x509.AlgorithmIdentifier}) 4687 * from jsrsasign 7.1.1 asn1x509 1.0.20. 4688 * <br/> 4689 * NOTE2: 4690 * RSA-PSS algorithm has been supported from jsrsasign 8.0.21. 4691 * As for RSA-PSS signature algorithm names and signing parameters 4692 * such as MGF function and salt length, please see 4693 * {@link KJUR.asn1.x509.AlgorithmIdentifier} class. 4694 * 4695 * @example 4696 * var certPEM = KJUR.asn1.x509.X509Util.newCertPEM({ 4697 * serial: {int: 4}, 4698 * sigalg: {name: 'SHA1withECDSA'}, 4699 * issuer: {str: '/C=US/O=a'}, 4700 * notbefore: {'str': '130504235959Z'}, 4701 * notafter: {'str': '140504235959Z'}, 4702 * subject: {str: '/C=US/O=b'}, 4703 * sbjpubkey: pubKeyObj, 4704 * ext: [ 4705 * {basicConstraints: {cA: true, critical: true}}, 4706 * {keyUsage: {bin: '11'}}, 4707 * ], 4708 * cakey: prvKeyObj 4709 * }); 4710 * // -- or -- 4711 * var certPEM = KJUR.asn1.x509.X509Util.newCertPEM({ 4712 * serial: {int: 4}, 4713 * sigalg: {name: 'SHA1withECDSA'}, 4714 * issuer: {str: '/C=US/O=a'}, 4715 * notbefore: {'str': '130504235959Z'}, 4716 * notafter: {'str': '140504235959Z'}, 4717 * subject: {str: '/C=US/O=b'}, 4718 * sbjpubkey: pubKeyPEM, 4719 * ext: [ 4720 * {basicConstraints: {cA: true, critical: true}}, 4721 * {keyUsage: {bin: '11'}}, 4722 * ], 4723 * cakey: [prvkey, pass]} 4724 * ); 4725 * // -- or -- 4726 * var certPEM = KJUR.asn1.x509.X509Util.newCertPEM({ 4727 * serial: {int: 1}, 4728 * sigalg: {name: 'SHA1withRSA'}, 4729 * issuer: {str: '/C=US/O=T1'}, 4730 * notbefore: {'str': '130504235959Z'}, 4731 * notafter: {'str': '140504235959Z'}, 4732 * subject: {str: '/C=US/O=T1'}, 4733 * sbjpubkey: pubKeyObj, 4734 * sighex: '0102030405..' 4735 * }); 4736 * // for the issuer and subject field, another 4737 * // representation is also available 4738 * var certPEM = KJUR.asn1.x509.X509Util.newCertPEM({ 4739 * serial: {int: 1}, 4740 * sigalg: {name: 'SHA256withRSA'}, 4741 * issuer: {C: "US", O: "T1"}, 4742 * notbefore: {'str': '130504235959Z'}, 4743 * notafter: {'str': '140504235959Z'}, 4744 * subject: {C: "US", O: "T1", CN: "http://example.com/"}, 4745 * sbjpubkey: pubKeyObj, 4746 * sighex: '0102030405..' 4747 * }); 4748 */ 4749 KJUR.asn1.x509.X509Util.newCertPEM = function(param) { 4750 var _KJUR_asn1_x509 = KJUR.asn1.x509, 4751 _TBSCertificate = _KJUR_asn1_x509.TBSCertificate, 4752 _Certificate = _KJUR_asn1_x509.Certificate; 4753 var cert = new _Certificate(param); 4754 return cert.getPEM(); 4755 }; 4756 4757