1 /* asn1x509-2.1.2.js (c) 2013-2020 Kenji Urushima | kjur.github.com/jsrsasign/license 2 */ 3 /* 4 * asn1x509.js - ASN.1 DER encoder classes for X.509 certificate 5 * 6 * Copyright (c) 2013-2020 Kenji Urushima (kenji.urushima@gmail.com) 7 * 8 * This software is licensed under the terms of the MIT License. 9 * https://kjur.github.io/jsrsasign/license 10 * 11 * The above copyright and license notice shall be 12 * included in all copies or substantial portions of the Software. 13 */ 14 15 /** 16 * @fileOverview 17 * @name asn1x509-1.0.js 18 * @author Kenji Urushima kenji.urushima@gmail.com 19 * @version jsrsasign 9.1.6 asn1x509 2.1.2 (2020-Sep-04) 20 * @since jsrsasign 2.1 21 * @license <a href="https://kjur.github.io/jsrsasign/license/">MIT License</a> 22 */ 23 24 /** 25 * kjur's class library name space 26 * // already documented in asn1-1.0.js 27 * @name KJUR 28 * @namespace kjur's class library name space 29 */ 30 if (typeof KJUR == "undefined" || !KJUR) KJUR = {}; 31 32 /** 33 * kjur's ASN.1 class library name space 34 * // already documented in asn1-1.0.js 35 * @name KJUR.asn1 36 * @namespace 37 */ 38 if (typeof KJUR.asn1 == "undefined" || !KJUR.asn1) KJUR.asn1 = {}; 39 40 /** 41 * kjur's ASN.1 class for X.509 certificate library name space 42 * <p> 43 * <h4>FEATURES</h4> 44 * <ul> 45 * <li>easily issue any kind of certificate</li> 46 * <li>APIs are very similar to BouncyCastle library ASN.1 classes. So easy to learn.</li> 47 * </ul> 48 * </p> 49 * <h4>PROVIDED CLASSES</h4> 50 * <ul> 51 * <li>{@link KJUR.asn1.x509.Certificate}</li> 52 * <li>{@link KJUR.asn1.x509.TBSCertificate}</li> 53 * <li>{@link KJUR.asn1.x509.Extension} abstract class</li> 54 * <li>{@link KJUR.asn1.x509.Extensions}</li> 55 * <li>{@link KJUR.asn1.x509.SubjectPublicKeyInfo}</li> 56 * <li>{@link KJUR.asn1.x509.AlgorithmIdentifier}</li> 57 * <li>{@link KJUR.asn1.x509.GeneralNames}</li> 58 * <li>{@link KJUR.asn1.x509.GeneralName}</li> 59 * <li>{@link KJUR.asn1.x509.X500Name}</li> 60 * <li>{@link KJUR.asn1.x509.RDN}</li> 61 * <li>{@link KJUR.asn1.x509.AttributeTypeAndValue}</li> 62 * <li>{@link KJUR.asn1.x509.DistributionPointName}</li> 63 * <li>{@link KJUR.asn1.x509.DistributionPoint}</li> 64 * <li>{@link KJUR.asn1.x509.PolicyInformation}</li> 65 * <li>{@link KJUR.asn1.x509.PolicyQualifierInfo}</li> 66 * <li>{@link KJUR.asn1.x509.UserNotice}</li> 67 * <li>{@link KJUR.asn1.x509.NoticeReference}</li> 68 * <li>{@link KJUR.asn1.x509.DisplayText}</li> 69 * <li>{@link KJUR.asn1.x509.CRL}</li> 70 * <li>{@link KJUR.asn1.x509.TBSCertList}</li> 71 * <li>{@link KJUR.asn1.x509.CRLEntry} (DEPRECATED)</li> 72 * <li>{@link KJUR.asn1.x509.OID}</li> 73 * </ul> 74 * <h4>SUPPORTED EXTENSIONS</h4> 75 * <ul> 76 * <li>{@link KJUR.asn1.x509.BasicConstraints}</li> 77 * <li>{@link KJUR.asn1.x509.KeyUsage}</li> 78 * <li>{@link KJUR.asn1.x509.CRLDistributionPoints}</li> 79 * <li>{@link KJUR.asn1.x509.CertificatePolicies}</li> 80 * <li>{@link KJUR.asn1.x509.ExtKeyUsage}</li> 81 * <li>{@link KJUR.asn1.x509.AuthorityKeyIdentifier}</li> 82 * <li>{@link KJUR.asn1.x509.SubjectKeyIdentifier}</li> 83 * <li>{@link KJUR.asn1.x509.AuthorityInfoAccess}</li> 84 * <li>{@link KJUR.asn1.x509.SubjectAltName}</li> 85 * <li>{@link KJUR.asn1.x509.IssuerAltName}</li> 86 * <li>{@link KJUR.asn1.x509.CertificatePolicies}</li> 87 * <li>{@link KJUR.asn1.x509.CRLNumber}</li> 88 * <li>{@link KJUR.asn1.x509.CRLReason}</li> 89 * </ul> 90 * NOTE1: Please ignore method summary and document of this namespace. This caused by a bug of jsdoc2.<br/> 91 * NOTE2: SubjectAltName and IssuerAltName supported since 92 * jsrsasign 6.2.3 asn1x509 1.0.19.<br/> 93 * NOTE3: CeritifcatePolicies supported supported since 94 * jsrsasign 8.0.23 asn1x509 1.1.12<br/> 95 * @name KJUR.asn1.x509 96 * @namespace 97 */ 98 if (typeof KJUR.asn1.x509 == "undefined" || !KJUR.asn1.x509) KJUR.asn1.x509 = {}; 99 100 // === BEGIN Certificate =================================================== 101 102 /** 103 * X.509 Certificate class to sign and generate hex encoded certificate 104 * @name KJUR.asn1.x509.Certificate 105 * @class X.509 Certificate class to sign and generate hex encoded certificate 106 * @property {Array} params JSON object of parameters 107 * @param {Array} params JSON object for Certificate parameters 108 * @extends KJUR.asn1.ASN1Object 109 * @description 110 * <br/> 111 * This class provides Certificate ASN.1 class structure 112 * defined in 113 * <a href="https://tools.ietf.org/html/rfc5280#section-4.1"> 114 * RFC 5280 4.1</a>. 115 * <pre> 116 * Certificate ::= SEQUENCE { 117 * tbsCertificate TBSCertificate, 118 * signatureAlgorithm AlgorithmIdentifier, 119 * signatureValue BIT STRING } 120 * </pre> 121 * Parameter "params" JSON object can be 122 * the same as {@link KJUR.asn1.x509.TBSCertificate}. 123 * Then they are used to generate TBSCertificate. 124 * Additionally just for Certificate, following parameters can be used: 125 * <ul> 126 * <li>{TBSCertfificate}tbsobj - 127 * specifies {@link KJUR.asn1.x509.TBSCertificate} 128 * object to be signed if needed. 129 * When this isn't specified, 130 * this will be set from other parametes of TBSCertificate.</li> 131 * <li>{Object}cakey (OPTION) - specifies certificate signing private key. 132 * Parameter "cakey" or "sighex" shall be specified. Following 133 * values can be specified: 134 * <ul> 135 * <li>PKCS#1/5 or PKCS#8 PEM string of private key</li> 136 * <li>RSAKey/DSA/ECDSA key object. {@link KEYUTIL.getKey} is useful 137 * to generate a key object.</li> 138 * </ul> 139 * </li> 140 * <li>{String}sighex (OPTION) - hexadecimal string of signature value 141 * (i.e. ASN.1 value(V) of signatureValue BIT STRING without 142 * unused bits)</li> 143 * </ul> 144 * CAUTION: APIs of this class have been totally updated without 145 * backward compatibility since jsrsasign 9.0.0.<br/> 146 * NOTE1: 'params' can be omitted.<br/> 147 * NOTE2: DSA/ECDSA is also supported for CA signging key from asn1x509 1.0.6. 148 * @example 149 * var cert = new KJUR.asn1x509.Certificate({ 150 * version: 3, 151 * serial: {hex: "1234..."}, 152 * sigalg: "SHA256withRSAandMGF1", 153 * ... 154 * sighex: "1d3f..." // sign() method won't be called 155 * }); 156 * 157 * // sighex will by calculated by signing with cakey 158 * var cert = new KJUR.asn1x509.Certificate({ 159 * version: 3, 160 * serial: {hex: "2345..."}, 161 * sigalg: "SHA256withRSA", 162 * ... 163 * cakey: "-----BEGIN PRIVATE KEY..." 164 * }); 165 * 166 * // use TBSCertificate object to sign 167 * var cert = new KJUR.asn1x509.Certificate({ 168 * tbsobj: <<OBJ>>, 169 * sigalg: "SHA256withRSA", 170 * cakey: "-----BEGIN PRIVATE KEY..." 171 * }); 172 */ 173 KJUR.asn1.x509.Certificate = function(params) { 174 KJUR.asn1.x509.Certificate.superclass.constructor.call(this); 175 var _KJUR = KJUR, 176 _KJUR_asn1 = _KJUR.asn1, 177 _DERBitString = _KJUR_asn1.DERBitString, 178 _DERSequence = _KJUR_asn1.DERSequence, 179 _KJUR_asn1_x509 = _KJUR_asn1.x509, 180 _TBSCertificate = _KJUR_asn1_x509.TBSCertificate, 181 _AlgorithmIdentifier = _KJUR_asn1_x509.AlgorithmIdentifier; 182 183 this.params = undefined; 184 185 /** 186 * set parameter<br/> 187 * @name setByParam 188 * @memberOf KJUR.asn1.x509.Certificate# 189 * @function 190 * @param params {Array} JSON object of certificate parameters 191 * @since jsrsasign 9.0.0 asn1hex 2.0.0 192 * @description 193 * This method will set parameter 194 * {@link KJUR.asn1.x509.Certificate#params} 195 * to this object. 196 * @example 197 * cert = new KJUR.asn1.x509.Certificate(); 198 * cert.setByParam({ 199 * version: 3, 200 * serial: {hex: "1234..."}, 201 * ... 202 * }); 203 */ 204 this.setByParam = function(params) { 205 this.params = params; 206 }; 207 208 /** 209 * sign certificate<br/> 210 * @name sign 211 * @memberOf KJUR.asn1.x509.Certificate# 212 * @function 213 * @description 214 * This method signs TBSCertificate with a specified 215 * private key and algorithm by 216 * this.params.cakey and this.params.sigalg parameter. 217 * @example 218 * cert = new KJUR.asn1.x509.Certificate({...}); 219 * cert.sign() 220 */ 221 this.sign = function() { 222 var params = this.params; 223 var hTBS = params.tbsobj.getEncodedHex(); 224 var sig = new KJUR.crypto.Signature({alg: params.sigalg}); 225 sig.init(params.cakey); 226 sig.updateHex(hTBS); 227 params.sighex = sig.sign(); 228 }; 229 230 /** 231 * get PEM formatted certificate string after signed 232 * @name getPEM 233 * @memberOf KJUR.asn1.x509.Certificate# 234 * @function 235 * @return PEM formatted string of certificate 236 * @since jsrsasign 9.0.0 asn1hex 2.0.0 237 * @description 238 * This method returns a string of PEM formatted 239 * certificate. 240 * @example 241 * cert = new KJUR.asn1.x509.Certificate({...}); 242 * cert.getPEM() → 243 * "-----BEGIN CERTIFICATE-----\r\n..." 244 */ 245 this.getPEM = function() { 246 return hextopem(this.getEncodedHex(), "CERTIFICATE"); 247 }; 248 249 this.getEncodedHex = function() { 250 var params = this.params; 251 252 if (params.tbsobj == undefined || params.tbsobj == null) { 253 params.tbsobj = new _TBSCertificate(params); 254 } 255 256 if (params.sighex == undefined && params.cakey != undefined) { 257 this.sign(); 258 } 259 260 if (params.sighex == undefined) { 261 throw new Error("sighex or cakey parameter not defined"); 262 } 263 264 var a = []; 265 a.push(params.tbsobj); 266 a.push(new _AlgorithmIdentifier({name: params.sigalg})); 267 a.push(new _DERBitString({hex: "00" + params.sighex})); 268 var seq = new _DERSequence({array: a}); 269 return seq.getEncodedHex(); 270 }; 271 272 if (params != undefined) this.params = params; 273 }; 274 YAHOO.lang.extend(KJUR.asn1.x509.Certificate, KJUR.asn1.ASN1Object); 275 276 /** 277 * ASN.1 TBSCertificate structure class<br/> 278 * @name KJUR.asn1.x509.TBSCertificate 279 * @class ASN.1 TBSCertificate structure class 280 * @property {Array} params JSON object of parameters 281 * @param {Array} params JSON object of TBSCertificate parameters 282 * @extends KJUR.asn1.ASN1Object 283 * @see KJUR.asn1.x509.Certificate 284 * 285 * @description 286 * <br/> 287 * NOTE: TBSCertificate class is updated without backward 288 * compatibility from jsrsasign 9.0.0 asn1x509 2.0.0. 289 * Most of methods are removed and parameters can be set 290 * by JSON object. 291 * 292 * @example 293 * new TBSCertificate({ 294 * version: 3, // this can be omitted, the default is 3. 295 * serial: {hex: "1234..."}, // DERInteger parameter 296 * sigalg: "SHA256withRSA", 297 * issuer: {array:[[{type:'O',value:'Test',ds:'prn'}]]}, // X500Name parameter 298 * notbefore: "151231235959Z", // string, passed to Time 299 * notafter: "251231235959Z", // string, passed to Time 300 * subject: {array:[[{type:'O',value:'Test',ds:'prn'}]]}, // X500Name parameter 301 * sbjpubkey: "-----BEGIN...", // KEYUTIL.getKey pubkey parameter 302 * // As for extension parameters, please see extension class 303 * // All extension parameters need to have "extname" parameter additionaly. 304 * ext:[{ 305 * extname:"keyUsage",critical:true, 306 * names:["digitalSignature","keyEncipherment"] 307 * },{ 308 * extname:"cRLDistributionPoints", 309 * array:[{dpname:{full:[{uri:"http://example.com/a1.crl"}]}}] 310 * }, ...] 311 * }) 312 * 313 * var tbsc = new TBSCertificate(); 314 * tbsc.setByParam({version:3,serial:{hex:'1234...'},...}); 315 */ 316 KJUR.asn1.x509.TBSCertificate = function(params) { 317 KJUR.asn1.x509.TBSCertificate.superclass.constructor.call(this); 318 var _KJUR = KJUR, 319 _KJUR_asn1 = _KJUR.asn1, 320 _KJUR_asn1_x509 = _KJUR_asn1.x509, 321 _DERTaggedObject = _KJUR_asn1.DERTaggedObject, 322 _DERInteger = _KJUR_asn1.DERInteger, 323 _DERSequence = _KJUR_asn1.DERSequence, 324 _AlgorithmIdentifier = _KJUR_asn1_x509.AlgorithmIdentifier, 325 _Time = _KJUR_asn1_x509.Time, 326 _X500Name = _KJUR_asn1_x509.X500Name, 327 _Extensions = _KJUR_asn1_x509.Extensions, 328 _SubjectPublicKeyInfo = _KJUR_asn1_x509.SubjectPublicKeyInfo; 329 330 this.params = null; 331 332 /** 333 * get array of ASN.1 object for extensions<br/> 334 * @name setByParam 335 * @memberOf KJUR.asn1.x509.TBSCertificate# 336 * @function 337 * @param {Array} JSON object of TBSCertificate parameters 338 * @example 339 * tbsc = new KJUR.asn1.x509.TBSCertificate(); 340 * tbsc.setByParam({version:3, serial:{hex:'1234...'},...}); 341 */ 342 this.setByParam = function(params) { 343 this.params = params; 344 }; 345 346 this.getEncodedHex = function() { 347 var a = []; 348 var params = this.params; 349 350 // X.509v3 default if params.version not defined 351 if (params.version != undefined || params.version != 1) { 352 var version = 2; 353 if (params.version != undefined) version = params.version - 1; 354 var obj = 355 new _DERTaggedObject({obj: new _DERInteger({'int': version})}) 356 a.push(obj); 357 } 358 359 a.push(new _DERInteger(params.serial)); 360 a.push(new _AlgorithmIdentifier({name: params.sigalg})); 361 a.push(new _X500Name(params.issuer)); 362 a.push(new _DERSequence({array:[new _Time({str: params.notbefore}), 363 new _Time({str: params.notafter})]})); 364 a.push(new _X500Name(params.subject)); 365 a.push(new _SubjectPublicKeyInfo(KEYUTIL.getKey(params.sbjpubkey))); 366 if (params.ext !== undefined && params.ext.length > 0) { 367 a.push(new _DERTaggedObject({tag: "a3", 368 obj: new _Extensions(params.ext)})); 369 } 370 371 var seq = new KJUR.asn1.DERSequence({array: a}); 372 return seq.getEncodedHex(); 373 }; 374 375 if (params !== undefined) this.setByParam(params); 376 }; 377 YAHOO.lang.extend(KJUR.asn1.x509.TBSCertificate, KJUR.asn1.ASN1Object); 378 379 /** 380 * Extensions ASN.1 structure class<br/> 381 * @name KJUR.asn1.x509.Extensions 382 * @class Extensions ASN.1 structure class 383 * @param {Array} aParam array of JSON extension parameter 384 * @extends KJUR.asn1.ASN1Object 385 * @since jsrsasign 9.1.0 asn1x509 2.1.0 386 * @see KJUR.asn1.x509.TBSCertificate 387 * @see KJUR.asn1.x509.TBSCertList 388 * @see KJUR.asn1.csr.CertificationRequestInfo 389 * @see KJUR.asn1.x509.PrivateExtension 390 * 391 * @description 392 * This class represents 393 * <a href="https://tools.ietf.org/html/rfc5280#section-4.1"> 394 * Extensions defined in RFC 5280 4.1</a> and 395 * <a href="https://tools.ietf.org/html/rfc5280#section-4.1.2.9"> 396 * 4.1.2.9</a>. 397 * <pre> 398 * Extensions ::= SEQUENCE SIZE (1..MAX) OF Extension 399 * </pre> 400 * NOTE: From jsrsasign 9.1.1, private extension or 401 * undefined extension have been supported by 402 * {@link KJUR.asn1.x509.PrivateExtension}. 403 * 404 * @example 405 * o = new KJUR.asn1.x509.Extensions([ 406 * {extname:"keyUsage",critical:true,names:["digitalSignature"]}, 407 * {extname:"subjectAltName",array:[{dns:"example.com"}]}, 408 * {extname:"1.2.3.4",extn:{prnstr:"aa"}} // private extension 409 * ]); 410 * o.getEncodedHex() → "30..." 411 */ 412 KJUR.asn1.x509.Extensions = function(aParam) { 413 KJUR.asn1.x509.Extensions.superclass.constructor.call(this); 414 var _KJUR = KJUR, 415 _KJUR_asn1 = _KJUR.asn1, 416 _DERSequence = _KJUR_asn1.DERSequence, 417 _KJUR_asn1_x509 = _KJUR_asn1.x509; 418 this.aParam = []; 419 420 this.setByParam = function(aParam) { this.aParam = aParam; } 421 422 this.getEncodedHex = function() { 423 var a = []; 424 for (var i = 0; i < this.aParam.length; i++) { 425 var param = this.aParam[i]; 426 var extname = param.extname; 427 var obj = null; 428 429 if (param.extn != undefined) { 430 obj = new _KJUR_asn1_x509.PrivateExtension(param); 431 } else if (extname == "subjectKeyIdentifier") { 432 obj = new _KJUR_asn1_x509.SubjectKeyIdentifier(param); 433 } else if (extname == "keyUsage") { 434 obj = new _KJUR_asn1_x509.KeyUsage(param); 435 } else if (extname == "subjectAltName") { 436 obj = new _KJUR_asn1_x509.SubjectAltName(param); 437 } else if (extname == "issuerAltName") { 438 obj = new _KJUR_asn1_x509.IssuerAltName(param); 439 } else if (extname == "basicConstraints") { 440 obj = new _KJUR_asn1_x509.BasicConstraints(param); 441 } else if (extname == "cRLDistributionPoints") { 442 obj = new _KJUR_asn1_x509.CRLDistributionPoints(param); 443 } else if (extname == "certificatePolicies") { 444 obj = new _KJUR_asn1_x509.CertificatePolicies(param); 445 } else if (extname == "authorityKeyIdentifier") { 446 obj = new _KJUR_asn1_x509.AuthorityKeyIdentifier(param); 447 } else if (extname == "extKeyUsage") { 448 obj = new _KJUR_asn1_x509.ExtKeyUsage(param); 449 } else if (extname == "authorityInfoAccess") { 450 obj = new _KJUR_asn1_x509.AuthorityInfoAccess(param); 451 } else if (extname == "cRLNumber") { 452 obj = new _KJUR_asn1_x509.CRLNumber(param); 453 } else if (extname == "cRLReason") { 454 obj = new _KJUR_asn1_x509.CRLReason(param); 455 } else if (extname == "ocspNonce") { 456 obj = new _KJUR_asn1_x509.OCSPNonce(param); 457 } else if (extname == "ocspNoCheck") { 458 obj = new _KJUR_asn1_x509.OCSPNoCheck(param); 459 } else { 460 throw new Error("extension not supported:" 461 + JSON.stringify(param)); 462 } 463 if (obj != null) a.push(obj); 464 } 465 466 var seq = new _DERSequence({array: a}); 467 return seq.getEncodedHex(); 468 }; 469 470 if (aParam != undefined) this.setByParam(aParam); 471 }; 472 YAHOO.lang.extend(KJUR.asn1.x509.Extensions, KJUR.asn1.ASN1Object); 473 474 475 // === END TBSCertificate =================================================== 476 477 // === BEGIN X.509v3 Extensions Related ======================================= 478 479 /** 480 * base Extension ASN.1 structure class 481 * @name KJUR.asn1.x509.Extension 482 * @class base Extension ASN.1 structure class 483 * @param {Array} params associative array of parameters (ex. {'critical': true}) 484 * @extends KJUR.asn1.ASN1Object 485 * @description 486 * <pre> 487 * Extension ::= SEQUENCE { 488 * extnID OBJECT IDENTIFIER, 489 * critical BOOLEAN DEFAULT FALSE, 490 * extnValue OCTET STRING } 491 * </pre> 492 * @example 493 */ 494 KJUR.asn1.x509.Extension = function(params) { 495 KJUR.asn1.x509.Extension.superclass.constructor.call(this); 496 var asn1ExtnValue = null, 497 _KJUR = KJUR, 498 _KJUR_asn1 = _KJUR.asn1, 499 _DERObjectIdentifier = _KJUR_asn1.DERObjectIdentifier, 500 _DEROctetString = _KJUR_asn1.DEROctetString, 501 _DERBitString = _KJUR_asn1.DERBitString, 502 _DERBoolean = _KJUR_asn1.DERBoolean, 503 _DERSequence = _KJUR_asn1.DERSequence; 504 505 this.getEncodedHex = function() { 506 var asn1Oid = new _DERObjectIdentifier({'oid': this.oid}); 507 var asn1EncapExtnValue = 508 new _DEROctetString({'hex': this.getExtnValueHex()}); 509 510 var asn1Array = new Array(); 511 asn1Array.push(asn1Oid); 512 if (this.critical) asn1Array.push(new _DERBoolean()); 513 asn1Array.push(asn1EncapExtnValue); 514 515 var asn1Seq = new _DERSequence({'array': asn1Array}); 516 return asn1Seq.getEncodedHex(); 517 }; 518 519 this.critical = false; 520 if (params !== undefined) { 521 if (params.critical !== undefined) { 522 this.critical = params.critical; 523 } 524 } 525 }; 526 YAHOO.lang.extend(KJUR.asn1.x509.Extension, KJUR.asn1.ASN1Object); 527 528 /** 529 * KeyUsage ASN.1 structure class 530 * @name KJUR.asn1.x509.KeyUsage 531 * @class KeyUsage ASN.1 structure class 532 * @param {Array} params associative array of parameters (ex. {'bin': '11', 'critical': true}) 533 * @extends KJUR.asn1.x509.Extension 534 * @description 535 * This class is for <a href="https://tools.ietf.org/html/rfc5280#section-4.2.1.3" target="_blank">KeyUsage</a> X.509v3 extension. 536 * <pre> 537 * id-ce-keyUsage OBJECT IDENTIFIER ::= { id-ce 15 } 538 * KeyUsage ::= BIT STRING { 539 * digitalSignature (0), 540 * nonRepudiation (1), 541 * keyEncipherment (2), 542 * dataEncipherment (3), 543 * keyAgreement (4), 544 * keyCertSign (5), 545 * cRLSign (6), 546 * encipherOnly (7), 547 * decipherOnly (8) } 548 * </pre><br/> 549 * NOTE: 'names' parameter is supprted since jsrsasign 8.0.14. 550 * @example 551 * o = new KJUR.asn1.x509.KeyUsage({bin: "11"}); 552 * o = new KJUR.asn1.x509.KeyUsage({critical: true, bin: "11"}); 553 * o = new KJUR.asn1.x509.KeyUsage({names: ['digitalSignature', 'keyAgreement']}); 554 */ 555 KJUR.asn1.x509.KeyUsage = function(params) { 556 KJUR.asn1.x509.KeyUsage.superclass.constructor.call(this, params); 557 var _KEYUSAGE_NAME = X509.KEYUSAGE_NAME; 558 559 this.getExtnValueHex = function() { 560 return this.asn1ExtnValue.getEncodedHex(); 561 }; 562 563 this.oid = "2.5.29.15"; 564 if (params !== undefined) { 565 if (params.bin !== undefined) { 566 this.asn1ExtnValue = new KJUR.asn1.DERBitString(params); 567 } 568 if (params.names !== undefined && 569 params.names.length !== undefined) { 570 var names = params.names; 571 var s = "000000000"; 572 for (var i = 0; i < names.length; i++) { 573 for (var j = 0; j < _KEYUSAGE_NAME.length; j++) { 574 if (names[i] === _KEYUSAGE_NAME[j]) { 575 s = s.substring(0, j) + '1' + 576 s.substring(j + 1, s.length); 577 } 578 } 579 } 580 this.asn1ExtnValue = new KJUR.asn1.DERBitString({bin: s}); 581 } 582 } 583 }; 584 YAHOO.lang.extend(KJUR.asn1.x509.KeyUsage, KJUR.asn1.x509.Extension); 585 586 /** 587 * BasicConstraints ASN.1 structure class 588 * @name KJUR.asn1.x509.BasicConstraints 589 * @class BasicConstraints ASN.1 structure class 590 * @param {Array} params JSON object for parameters (ex. {cA:true,critical:true}) 591 * @extends KJUR.asn1.x509.Extension 592 * @see {@link X509#getExtBasicConstraints} 593 * @description 594 * This class represents 595 * <a href="https://tools.ietf.org/html/rfc5280#section-4.2.1.9"> 596 * BasicConstraints extension defined in RFC 5280 4.2.1.9</a>. 597 * <pre> 598 * id-ce-basicConstraints OBJECT IDENTIFIER ::= { id-ce 19 } 599 * BasicConstraints ::= SEQUENCE { 600 * cA BOOLEAN DEFAULT FALSE, 601 * pathLenConstraint INTEGER (0..MAX) OPTIONAL } 602 * </pre> 603 * Its constructor can have following parameters: 604 * <ul> 605 * <li>{Boolean}cA - cA flag</li> 606 * <li>{Integer}pathLen - pathLen field value</li> 607 * <li>{Boolean}critical - critical flag</li> 608 * </ul> 609 * @example 610 * new KJUR.asn1.x509.BasicConstraints({ 611 * cA: true, 612 * pathLen: 3, 613 * critical: true 614 * }) 615 */ 616 KJUR.asn1.x509.BasicConstraints = function(params) { 617 KJUR.asn1.x509.BasicConstraints.superclass.constructor.call(this, params); 618 var _KJUR_asn1 = KJUR.asn1, 619 _DERBoolean = _KJUR_asn1.DERBoolean, 620 _DERInteger = _KJUR_asn1.DERInteger, 621 _DERSequence = _KJUR_asn1.DERSequence; 622 623 var cA = false; 624 var pathLen = -1; 625 626 this.getExtnValueHex = function() { 627 var asn1Array = new Array(); 628 if (this.cA) asn1Array.push(new _DERBoolean()); 629 if (this.pathLen > -1) 630 asn1Array.push(new _DERInteger({'int': this.pathLen})); 631 var asn1Seq = new _DERSequence({'array': asn1Array}); 632 this.asn1ExtnValue = asn1Seq; 633 return this.asn1ExtnValue.getEncodedHex(); 634 }; 635 636 this.oid = "2.5.29.19"; 637 this.cA = false; 638 this.pathLen = -1; 639 if (params !== undefined) { 640 if (params.cA !== undefined) { 641 this.cA = params.cA; 642 } 643 if (params.pathLen !== undefined) { 644 this.pathLen = params.pathLen; 645 } 646 } 647 }; 648 YAHOO.lang.extend(KJUR.asn1.x509.BasicConstraints, KJUR.asn1.x509.Extension); 649 650 /** 651 * CRLDistributionPoints ASN.1 structure class 652 * @name KJUR.asn1.x509.CRLDistributionPoints 653 * @class CRLDistributionPoints ASN.1 structure class 654 * @param {Array} params associative array of parameters (ex. {'uri': 'http://a.com/', 'critical': true}) 655 * @extends KJUR.asn1.x509.Extension 656 * @see {@link X509#getExtCRLDistributionPoints} 657 * @see {@link KJUR.asn1.x509.DistributionPoint} 658 * @see {@link KJUR.asn1.x509.GeneralNames} 659 * @description 660 * This class represents 661 * <a href="https://tools.ietf.org/html/rfc5280#section-4.2.1.13"> 662 * CRLDistributionPoints extension defined in RFC 5280 4.2.1.13</a>. 663 * <pre> 664 * id-ce-cRLDistributionPoints OBJECT IDENTIFIER ::= { id-ce 31 } 665 * CRLDistributionPoints ::= SEQUENCE SIZE (1..MAX) OF DistributionPoint 666 * DistributionPoint ::= SEQUENCE { 667 * distributionPoint [0] DistributionPointName OPTIONAL, 668 * reasons [1] ReasonFlags OPTIONAL, 669 * cRLIssuer [2] GeneralNames OPTIONAL } 670 * DistributionPointName ::= CHOICE { 671 * fullName [0] GeneralNames, 672 * nameRelativeToCRLIssuer [1] RelativeDistinguishedName } 673 * </pre> 674 * Constructor can have following parameter: 675 * <ul> 676 * <li>{Array}array - array of {@link KJUR.asn1.x509.DistributionPoint} parameter</li> 677 * <li>{Boolean}critical - critical flag</li> 678 * </ul> 679 * @example 680 * new KJUR.asn1.x509.CRLDistributionPoints({ 681 * array: [{fulluri: "http://aaa.com/"}, {fulluri: "ldap://aaa.com/"}], 682 * critical: true 683 * }) 684 */ 685 KJUR.asn1.x509.CRLDistributionPoints = function(params) { 686 KJUR.asn1.x509.CRLDistributionPoints.superclass.constructor.call(this, params); 687 var _KJUR = KJUR, 688 _KJUR_asn1 = _KJUR.asn1, 689 _KJUR_asn1_x509 = _KJUR_asn1.x509; 690 691 this.getExtnValueHex = function() { 692 return this.asn1ExtnValue.getEncodedHex(); 693 }; 694 695 this.setByDPArray = function(dpArray) { 696 var asn1Array = []; 697 for (var i = 0; i < dpArray.length; i++) { 698 if (dpArray[i] instanceof KJUR.asn1.ASN1Object) { 699 asn1Array.push(dpArray[i]); 700 } else { 701 var dp = new _KJUR_asn1_x509.DistributionPoint(dpArray[i]); 702 asn1Array.push(dp); 703 } 704 } 705 this.asn1ExtnValue = new _KJUR_asn1.DERSequence({'array': asn1Array}); 706 }; 707 708 this.setByOneURI = function(uri) { 709 var dp1 = new _KJUR_asn1_x509.DistributionPoint({fulluri: uri}); 710 this.setByDPArray([dp1]); 711 }; 712 713 this.oid = "2.5.29.31"; 714 if (params !== undefined) { 715 if (params.array !== undefined) { 716 this.setByDPArray(params.array); 717 } else if (params.uri !== undefined) { 718 this.setByOneURI(params.uri); 719 } 720 } 721 }; 722 YAHOO.lang.extend(KJUR.asn1.x509.CRLDistributionPoints, KJUR.asn1.x509.Extension); 723 724 /** 725 * DistributionPoint ASN.1 structure class<br/> 726 * @name KJUR.asn1.x509.DistributionPoint 727 * @class DistributionPoint ASN.1 structure class 728 * @param {Array} params JSON object of parameters (OPTIONAL) 729 * @extends KJUR.asn1.ASN1Object 730 * @see {@link KJUR.asn1.x509.CRLDistributionPoints} 731 * @see {@link KJUR.asn1.x509.DistributionPointName} 732 * @see {@link KJUR.asn1.x509.GeneralNames} 733 * @see {@link X509#getDistributionPoint} 734 * @description 735 * This class represents 736 * <a href="https://tools.ietf.org/html/rfc5280#section-4.2.1.13"> 737 * DistributionPoint defined in RFC 5280 4.2.1.13</a>. 738 * <pre> 739 * DistributionPoint ::= SEQUENCE { 740 * distributionPoint [0] DistributionPointName OPTIONAL, 741 * reasons [1] ReasonFlags OPTIONAL, 742 * cRLIssuer [2] GeneralNames OPTIONAL } 743 * </pre> 744 * Constructor can have following parameter: 745 * <ul> 746 * <li>{String}fulluri - uri string for fullName uri. This has the same meaning for '{dpname: {full: [{uri: "..."]}}'.</li> 747 * <li>{Array}dpname - JSON object for {@link KJUR.asn1.x509.DistributionPointName} parameters</li> 748 * <li>{DistrubutionPoint}dpobj - {@link KJUR.asn1.x509.DistributionPointName} object (DEPRECATED)</li> 749 * </ul> 750 * <br/> 751 * NOTE1: Parameter "fulluri" and "dpname" supported 752 * since jsrsasign 9.0.0 asn1x509 2.0.0. 753 * <br/> 754 * NOTE2: The "reasons" and "cRLIssuer" fields are currently 755 * not supported. 756 * @example 757 * new KJUR.asn1.x509.DistributionPoint( 758 * {fulluri: "http://example.com/crl1.crl"}) 759 * new KJUR.asn1.x509.DistributionPoint( 760 * {dpname: {full: [{uri: "http://example.com/crl1.crl"}]}}) 761 * new KJUR.asn1.x509.DistributionPoint( 762 * {dpobj: new DistributionPoint(...)}) 763 */ 764 KJUR.asn1.x509.DistributionPoint = function(params) { 765 KJUR.asn1.x509.DistributionPoint.superclass.constructor.call(this); 766 var asn1DP = null, 767 _KJUR = KJUR, 768 _KJUR_asn1 = _KJUR.asn1, 769 _DistributionPointName = _KJUR_asn1.x509.DistributionPointName; 770 771 this.getEncodedHex = function() { 772 var seq = new _KJUR_asn1.DERSequence(); 773 if (this.asn1DP != null) { 774 var o1 = new _KJUR_asn1.DERTaggedObject({'explicit': true, 775 'tag': 'a0', 776 'obj': this.asn1DP}); 777 seq.appendASN1Object(o1); 778 } 779 this.hTLV = seq.getEncodedHex(); 780 return this.hTLV; 781 }; 782 783 if (params !== undefined) { 784 if (params.dpobj !== undefined) { 785 this.asn1DP = params.dpobj; 786 } else if (params.dpname !== undefined) { 787 this.asn1DP = new _DistributionPointName(params.dpname); 788 } else if (params.fulluri !== undefined) { 789 this.asn1DP = new _DistributionPointName({full: [{uri: params.fulluri}]}); 790 } 791 } 792 }; 793 YAHOO.lang.extend(KJUR.asn1.x509.DistributionPoint, KJUR.asn1.ASN1Object); 794 795 /** 796 * DistributionPointName ASN.1 structure class<br/> 797 * @name KJUR.asn1.x509.DistributionPointName 798 * @class DistributionPointName ASN.1 structure class 799 * @param {Array} params JSON object of parameters or GeneralNames object 800 * @extends KJUR.asn1.ASN1Object 801 * @see {@link KJUR.asn1.x509.CRLDistributionPoints} 802 * @see {@link KJUR.asn1.x509.DistributionPoint} 803 * @see {@link KJUR.asn1.x509.GeneralNames} 804 * @see {@link X509#getDistributionPointName} 805 * @description 806 * This class represents 807 * <a href="https://tools.ietf.org/html/rfc5280#section-4.2.1.13"> 808 * DistributionPointName defined in RFC 5280 4.2.1.13</a>. 809 * <pre> 810 * DistributionPointName ::= CHOICE { 811 * fullName [0] GeneralNames, 812 * nameRelativeToCRLIssuer [1] RelativeDistinguishedName } 813 * </pre> 814 * Constructor can have following parameter: 815 * <ul> 816 * <li>{String}full - JSON object parameter of {@link KJUR.asn1.x509.GeneralNames} for 'fullName' field</li> 817 * <li>{GeneralNames} - {@link KJUR.asn1.x509.GeneralNames} object for 'fullName'</li> 818 * </ul> 819 * NOTE1: 'full' parameter have been suppored since jsrsasign 9.0.0 asn1x509 2.0.0. 820 * <br> 821 * NOTE2: The 'nameRelativeToCRLIssuer' field is currently not supported. 822 * @example 823 * new KJUR.asn1.x509.DistributionPointName({full: <<GeneralNamesParameter>>}) 824 * new KJUR.asn1.x509.DistributionPointName({full: [{uri: <<CDPURI>>}]}) 825 * new KJUR.asn1.x509.DistributionPointName({full: [{dn: <<DN Parameter>>}]} 826 * new KJUR.asn1.x509.DistributionPointName({full: [{uri: "http://example.com/root.crl"}]}) 827 * new KJUR.asn1.x509.DistributionPointName({full: [{dn {str: "/C=US/O=Test"}}]}) 828 * new KJUR.asn1.x509.DistributionPointName(new GeneralNames(...)) 829 */ 830 KJUR.asn1.x509.DistributionPointName = function(params) { 831 KJUR.asn1.x509.DistributionPointName.superclass.constructor.call(this); 832 var asn1Obj = null, 833 type = null, 834 tag = null, 835 asn1V = null, 836 _KJUR = KJUR, 837 _KJUR_asn1 = _KJUR.asn1, 838 _DERTaggedObject = _KJUR_asn1.DERTaggedObject; 839 840 this.getEncodedHex = function() { 841 if (this.type != "full") 842 throw new Error("currently type shall be 'full': " + this.type); 843 this.asn1Obj = new _DERTaggedObject({'explicit': false, 844 'tag': this.tag, 845 'obj': this.asn1V}); 846 this.hTLV = this.asn1Obj.getEncodedHex(); 847 return this.hTLV; 848 }; 849 850 if (params !== undefined) { 851 if (_KJUR_asn1.x509.GeneralNames.prototype.isPrototypeOf(params)) { 852 this.type = "full"; 853 this.tag = "a0"; 854 this.asn1V = params; 855 } else if (params.full !== undefined) { 856 this.type = "full"; 857 this.tag = "a0"; 858 this.asn1V = new _KJUR_asn1.x509.GeneralNames(params.full); 859 } else { 860 throw new Error("This class supports GeneralNames only as argument"); 861 } 862 } 863 }; 864 YAHOO.lang.extend(KJUR.asn1.x509.DistributionPointName, KJUR.asn1.ASN1Object); 865 866 /** 867 * CertificatePolicies ASN.1 structure class 868 * @name KJUR.asn1.x509.CertificatePolicies 869 * @class CertificatePolicies ASN.1 structure class 870 * @param {Array} params associative array of parameters 871 * @extends KJUR.asn1.x509.Extension 872 * @since jsrsasign 8.0.23 asn1x509 1.1.12 873 * @see KJUR.asn1.x509.CertificatePolicies 874 * @see KJUR.asn1.x509.PolicyInformation 875 * @see KJUR.asn1.x509.PolicyQualifierInfo 876 * @see KJUR.asn1.x509.UserNotice 877 * @see KJUR.asn1.x509.NoticeReference 878 * @see KJUR.asn1.x509.DisplayText 879 * @description 880 * This class represents 881 * <a href="https://tools.ietf.org/html/rfc5280#section-4.2.1.4"> 882 * CertificatePolicies extension defined in RFC 5280 4.2.1.4</a>. 883 * <pre> 884 * id-ce-certificatePolicies OBJECT IDENTIFIER ::= { id-ce 32 } 885 * CertificatePolicies ::= SEQUENCE SIZE (1..MAX) OF PolicyInformation 886 * </pre> 887 * Its constructor can have following parameters: 888 * <ul> 889 * <li>array - array of {@link KJUR.asn1.x509.PolicyInformation} parameter</li> 890 * <li>critical - boolean: critical flag</li> 891 * </ul> 892 * NOTE: Returned JSON value format have been changed without 893 * backward compatibility since jsrsasign 9.0.0 asn1x509 2.0.0. 894 * @example 895 * e1 = new KJUR.asn1.x509.CertificatePolicies({ 896 * array: [ 897 * { policyoid: "1.2.3.4.5", 898 * array: [ 899 * { cps: "https://example.com/repository" }, 900 * { unotice: { 901 * noticeref: { // CA SHOULD NOT use this by RFC 902 * org: {type: "ia5", str: "Sample Org"}, 903 * noticenum: [{int: 5}, {hex: "01af"}] 904 * }, 905 * exptext: {type: "ia5", str: "Sample Policy"} 906 * }} 907 * ] 908 * } 909 * ], 910 * critical: true 911 * }); 912 */ 913 KJUR.asn1.x509.CertificatePolicies = function(params) { 914 KJUR.asn1.x509.CertificatePolicies.superclass.constructor.call(this, params); 915 var _KJUR = KJUR, 916 _KJUR_asn1 = _KJUR.asn1, 917 _KJUR_asn1_x509 = _KJUR_asn1.x509, 918 _DERSequence = _KJUR_asn1.DERSequence, 919 _PolicyInformation = _KJUR_asn1_x509.PolicyInformation; 920 921 this.params = null; 922 923 this.getExtnValueHex = function() { 924 var aPI = []; 925 for (var i = 0; i < this.params.array.length; i++) { 926 aPI.push(new _PolicyInformation(this.params.array[i])); 927 } 928 var seq = new _DERSequence({array: aPI}); 929 this.asn1ExtnValue = seq; 930 return this.asn1ExtnValue.getEncodedHex(); 931 }; 932 933 this.oid = "2.5.29.32"; 934 if (params !== undefined) { 935 this.params = params; 936 } 937 }; 938 YAHOO.lang.extend(KJUR.asn1.x509.CertificatePolicies, KJUR.asn1.x509.Extension); 939 940 // ===== BEGIN CertificatePolicies related classes ===== 941 /** 942 * PolicyInformation ASN.1 structure class 943 * @name KJUR.asn1.x509.PolicyInformation 944 * @class PolicyInformation ASN.1 structure class 945 * @param {Array} params JSON object of parameters 946 * @extends KJUR.asn1.ASN1Object 947 * @since jsrsasign 8.0.23 asn1x509 1.1.12 948 * @see KJUR.asn1.x509.CertificatePolicies 949 * @see KJUR.asn1.x509.PolicyInformation 950 * @see KJUR.asn1.x509.PolicyQualifierInfo 951 * @see KJUR.asn1.x509.UserNotice 952 * @see KJUR.asn1.x509.NoticeReference 953 * @see KJUR.asn1.x509.DisplayText 954 * @description 955 * This class represents 956 * <a href="https://tools.ietf.org/html/rfc5280#section-4.2.1.4"> 957 * PolicyInformation defined in RFC 5280 4.2.1.4</a>. 958 * <pre> 959 * PolicyInformation ::= SEQUENCE { 960 * policyIdentifier CertPolicyId, 961 * policyQualifiers SEQUENCE SIZE (1..MAX) OF 962 * PolicyQualifierInfo OPTIONAL } 963 * CertPolicyId ::= OBJECT IDENTIFIER 964 * Its constructor can have following parameters: 965 * <ul> 966 * <li>{String}policyoid - policy OID (ex. "1.2.3.4.5")</li> 967 * <li>{Object}array - array of {@link KJUR.asn1.x509.PolicyQualifierInfo} 968 * parameters (OPTIONAL)</li> 969 * </ul> 970 * @example 971 * new KJUR.asn1.x509.PolicyInformation({ 972 * policyoid: "1.2.3.4.5", 973 * array: [ 974 * { cps: "https://example.com/repository" }, 975 * { unotice: { 976 * noticeref: { // CA SHOULD NOT use this by RFC 977 * org: {type: "ia5", str: "Sample Org"}, 978 * noticenum: [{int: 5}, {hex: "01af"}] 979 * }, 980 * exptext: {type: "ia5", str: "Sample Policy"} 981 * }} 982 * ] 983 * }) 984 */ 985 KJUR.asn1.x509.PolicyInformation = function(params) { 986 KJUR.asn1.x509.PolicyInformation.superclass.constructor.call(this, 987 params); 988 var _KJUR_asn1 = KJUR.asn1, 989 _DERSequence = _KJUR_asn1.DERSequence, 990 _DERObjectIdentifier = _KJUR_asn1.DERObjectIdentifier, 991 _PolicyQualifierInfo = _KJUR_asn1.x509.PolicyQualifierInfo; 992 993 this.params = null; 994 995 this.getEncodedHex = function() { 996 if (this.params.policyoid === undefined && 997 this.params.array === undefined) 998 throw new Error("parameter oid and array missing"); 999 1000 // policy oid 1001 var a = [new _DERObjectIdentifier(this.params.policyoid)]; 1002 1003 // array of ASN1Object of PolicyQualifierInfo 1004 if (this.params.array !== undefined) { 1005 var aPQI = []; 1006 for (var i = 0; i < this.params.array.length; i++) { 1007 aPQI.push(new _PolicyQualifierInfo(this.params.array[i])); 1008 } 1009 if (aPQI.length > 0) { 1010 a.push(new _DERSequence({array: aPQI})); 1011 } 1012 } 1013 1014 var seq = new _DERSequence({array: a}); 1015 return seq.getEncodedHex(); 1016 }; 1017 1018 if (params !== undefined) { 1019 this.params = params; 1020 } 1021 }; 1022 YAHOO.lang.extend(KJUR.asn1.x509.PolicyInformation, KJUR.asn1.ASN1Object); 1023 1024 /** 1025 * PolicyQualifierInfo ASN.1 structure class 1026 * @name KJUR.asn1.x509.PolicyQualifierInfo 1027 * @class PolicyQualifierInfo ASN.1 structure class 1028 * @param {Array} params associative array of parameters 1029 * @extends KJUR.asn1.ASN1Object 1030 * @since jsrsasign 8.0.23 asn1x509 1.1.12 1031 * @description 1032 * This class represents 1033 * <a href="https://tools.ietf.org/html/rfc5280#section-4.2.1.4"> 1034 * PolicyQualifierInfo defined in RFC 5280 4.2.1.4</a>. 1035 * <pre> 1036 * PolicyQualifierInfo ::= SEQUENCE { 1037 * policyQualifierId PolicyQualifierId, 1038 * qualifier ANY DEFINED BY policyQualifierId } 1039 * PolicyQualifierId ::= OBJECT IDENTIFIER ( id-qt-cps | id-qt-unotice ) 1040 * CPSuri ::= IA5String 1041 * </pre> 1042 * Its constructor can have one of following two parameters: 1043 * <ul> 1044 * <li>{String}cps - URI string for CPS</li> 1045 * <li>{Object}unotice - {@link KJUR.asn1.x509.UserNotice} parameter</li> 1046 * </ul> 1047 * @example 1048 * new PolicyQualifierInfo({ 1049 * cps: "https://example.com/repository/cps" 1050 * }) 1051 * 1052 * new PolicyQualifierInfo({ 1053 * unotice: { 1054 * noticeref: { // CA SHOULD NOT use this by RFC 1055 * org: {type: "bmp", str: "Sample Org"}, 1056 * noticenum: [{int: 3}, {hex: "01af"}] 1057 * }, 1058 * exptext: {type: "ia5", str: "Sample Policy"} 1059 * } 1060 * }) 1061 */ 1062 KJUR.asn1.x509.PolicyQualifierInfo = function(params) { 1063 KJUR.asn1.x509.PolicyQualifierInfo.superclass.constructor.call(this, 1064 params); 1065 var _KJUR_asn1 = KJUR.asn1, 1066 _DERSequence = _KJUR_asn1.DERSequence, 1067 _DERIA5String = _KJUR_asn1.DERIA5String, 1068 _DERObjectIdentifier = _KJUR_asn1.DERObjectIdentifier, 1069 _UserNotice = _KJUR_asn1.x509.UserNotice; 1070 1071 this.params = null; 1072 1073 this.getEncodedHex = function() { 1074 if (this.params.cps !== undefined) { 1075 var seq = new _DERSequence({array: [ 1076 new _DERObjectIdentifier({oid: '1.3.6.1.5.5.7.2.1'}), 1077 new _DERIA5String({str: this.params.cps}) 1078 ]}); 1079 return seq.getEncodedHex(); 1080 } 1081 if (this.params.unotice != undefined) { 1082 var seq = new _DERSequence({array: [ 1083 new _DERObjectIdentifier({oid: '1.3.6.1.5.5.7.2.2'}), 1084 new _UserNotice(this.params.unotice) 1085 ]}); 1086 return seq.getEncodedHex(); 1087 } 1088 }; 1089 1090 if (params !== undefined) { 1091 this.params = params; 1092 } 1093 }; 1094 YAHOO.lang.extend(KJUR.asn1.x509.PolicyQualifierInfo, KJUR.asn1.ASN1Object); 1095 1096 1097 /** 1098 * UserNotice ASN.1 structure class 1099 * @name KJUR.asn1.x509.UserNotice 1100 * @class UserNotice ASN.1 structure class 1101 * @param {Array} params associative array of parameters 1102 * @extends KJUR.asn1.ASN1Object 1103 * @since jsrsasign 8.0.23 asn1x509 1.1.12 1104 * @description 1105 * This class represents 1106 * <a href="https://tools.ietf.org/html/rfc5280#section-4.2.1.4"> 1107 * UserNotice defined in RFC 5280 4.2.1.4</a>. 1108 * <pre> 1109 * UserNotice ::= SEQUENCE { 1110 * noticeRef NoticeReference OPTIONAL, 1111 * explicitText DisplayText OPTIONAL } 1112 * </pre> 1113 * Its constructor can have following two parameters: 1114 * <ul> 1115 * <li>{Object}noticeref - {@link KJUR.asn1.x509.NoticeReference} parameter. 1116 * This SHALL NOT be set for conforming CA by RFC 5280. (OPTIONAL)</li> 1117 * <li>{Object}exptext - explicitText value 1118 * by {@link KJUR.asn1.x509.DisplayText} parameter (OPTIONAL)</li> 1119 * </ul> 1120 * @example 1121 * new UserNotice({ 1122 * noticeref: { 1123 * org: {type: "bmp", str: "Sample Org"}, 1124 * noticenum: [{int: 3}, {hex: "01af"}] 1125 * }, 1126 * exptext: {type: "ia5", str: "Sample Policy"} 1127 * }) 1128 */ 1129 KJUR.asn1.x509.UserNotice = function(params) { 1130 KJUR.asn1.x509.UserNotice.superclass.constructor.call(this, params); 1131 var _DERSequence = KJUR.asn1.DERSequence, 1132 _DERInteger = KJUR.asn1.DERInteger, 1133 _DisplayText = KJUR.asn1.x509.DisplayText, 1134 _NoticeReference = KJUR.asn1.x509.NoticeReference; 1135 1136 this.params = null; 1137 1138 this.getEncodedHex = function() { 1139 var a = []; 1140 if (this.params.noticeref !== undefined) { 1141 a.push(new _NoticeReference(this.params.noticeref)); 1142 } 1143 if (this.params.exptext !== undefined) { 1144 a.push(new _DisplayText(this.params.exptext)); 1145 } 1146 var seq = new _DERSequence({array: a}); 1147 return seq.getEncodedHex(); 1148 }; 1149 1150 if (params !== undefined) { 1151 this.params = params; 1152 } 1153 }; 1154 YAHOO.lang.extend(KJUR.asn1.x509.UserNotice, KJUR.asn1.ASN1Object); 1155 1156 /** 1157 * NoticeReference ASN.1 structure class 1158 * @name KJUR.asn1.x509.NoticeReference 1159 * @class NoticeReference ASN.1 structure class 1160 * @param {Array} params associative array of parameters 1161 * @extends KJUR.asn1.ASN1Object 1162 * @since jsrsasign 8.0.23 asn1x509 1.1.12 1163 * @description 1164 * This class represents 1165 * <a href="https://tools.ietf.org/html/rfc5280#section-4.2.1.4"> 1166 * NoticeReference defined in RFC 5280 4.2.1.4</a>. 1167 * <pre> 1168 * NoticeReference ::= SEQUENCE { 1169 * organization DisplayText, 1170 * noticeNumbers SEQUENCE OF INTEGER } 1171 * </pre> 1172 * Its constructor can have following two parameters: 1173 * <ul> 1174 * <li>{Object}org - organization by {@link KJUR.asn1.x509.DisplayText} 1175 * parameter.</li> 1176 * <li>{Object}noticenum - noticeNumbers value by an array of 1177 * {@link KJUR.asn1.DERInteger} parameter</li> 1178 * </ul> 1179 * @example 1180 * new NoticeReference({ 1181 * org: {type: "bmp", str: "Sample Org"}, 1182 * noticenum: [{int: 3}, {hex: "01af"}] 1183 * }) 1184 */ 1185 KJUR.asn1.x509.NoticeReference = function(params) { 1186 KJUR.asn1.x509.NoticeReference.superclass.constructor.call(this, params); 1187 var _DERSequence = KJUR.asn1.DERSequence, 1188 _DERInteger = KJUR.asn1.DERInteger, 1189 _DisplayText = KJUR.asn1.x509.DisplayText; 1190 1191 this.params = null; 1192 1193 this.getEncodedHex = function() { 1194 var a = []; 1195 if (this.params.org !== undefined) { 1196 a.push(new _DisplayText(this.params.org)); 1197 } 1198 if (this.params.noticenum !== undefined) { 1199 var aNoticeNum = []; 1200 var aNumParam = this.params.noticenum; 1201 for (var i = 0; i < aNumParam.length; i++) { 1202 aNoticeNum.push(new _DERInteger(aNumParam[i])); 1203 } 1204 a.push(new _DERSequence({array: aNoticeNum})); 1205 } 1206 if (a.length == 0) throw new Error("parameter is empty"); 1207 var seq = new _DERSequence({array: a}); 1208 return seq.getEncodedHex(); 1209 } 1210 1211 if (params !== undefined) { 1212 this.params = params; 1213 } 1214 }; 1215 YAHOO.lang.extend(KJUR.asn1.x509.NoticeReference, KJUR.asn1.ASN1Object); 1216 1217 /** 1218 * DisplayText ASN.1 structure class 1219 * @name KJUR.asn1.x509.DisplayText 1220 * @class DisplayText ASN.1 structure class 1221 * @param {Array} params associative array of parameters 1222 * @extends KJUR.asn1.DERAbstractString 1223 * @since jsrsasign 8.0.23 asn1x509 1.1.12 1224 * @description 1225 * This class represents 1226 * <a href="https://tools.ietf.org/html/rfc5280#section-4.2.1.4"> 1227 * DisplayText defined in RFC 5280 4.2.1.4</a>. 1228 * <pre> 1229 * -- from RFC 5280 Appendix A 1230 * DisplayText ::= CHOICE { 1231 * ia5String IA5String (SIZE (1..200)), 1232 * visibleString VisibleString (SIZE (1..200)), 1233 * bmpString BMPString (SIZE (1..200)), 1234 * utf8String UTF8String (SIZE (1..200)) } 1235 * </pre> 1236 * {@link KJUR.asn1.DERAbstractString} parameters and methods 1237 * can be used. 1238 * Its constructor can also have following parameter: 1239 * <ul> 1240 * <li>{String} type - DirectoryString type of DisplayText. 1241 * "ia5" for IA5String, "vis" for VisibleString, 1242 * "bmp" for BMPString and "utf8" for UTF8String. 1243 * Default is "utf8". (OPTIONAL)</li> 1244 * </ul> 1245 * @example 1246 * new DisplayText({type: "bmp", str: "Sample Org"}) 1247 * new DisplayText({type: "ia5", str: "Sample Org"}) 1248 * new DisplayText({str: "Sample Org"}) 1249 */ 1250 KJUR.asn1.x509.DisplayText = function(params) { 1251 KJUR.asn1.x509.DisplayText.superclass.constructor.call(this, params); 1252 1253 this.hT = "0c"; // DEFAULT "utf8" 1254 1255 if (params !== undefined) { 1256 if (params.type === "ia5") { 1257 this.hT = "16"; 1258 } else if (params.type === "vis") { 1259 this.hT = "1a"; 1260 } else if (params.type === "bmp") { 1261 this.hT = "1e"; 1262 } 1263 } 1264 }; 1265 YAHOO.lang.extend(KJUR.asn1.x509.DisplayText, KJUR.asn1.DERAbstractString); 1266 // ===== END CertificatePolicies related classes ===== 1267 1268 // ===================================================================== 1269 /** 1270 * KeyUsage ASN.1 structure class 1271 * @name KJUR.asn1.x509.ExtKeyUsage 1272 * @class ExtKeyUsage ASN.1 structure class 1273 * @param {Array} params associative array of parameters 1274 * @extends KJUR.asn1.x509.Extension 1275 * @description 1276 * @example 1277 * e1 = new KJUR.asn1.x509.ExtKeyUsage({ 1278 * critical: true, 1279 * array: [ 1280 * {oid: '2.5.29.37.0'}, // anyExtendedKeyUsage 1281 * {name: 'clientAuth'}, 1282 * "1.2.3.4", 1283 * "serverAuth" 1284 * ] 1285 * }); 1286 * // id-ce-extKeyUsage OBJECT IDENTIFIER ::= { id-ce 37 } 1287 * // ExtKeyUsageSyntax ::= SEQUENCE SIZE (1..MAX) OF KeyPurposeId 1288 * // KeyPurposeId ::= OBJECT IDENTIFIER 1289 */ 1290 KJUR.asn1.x509.ExtKeyUsage = function(params) { 1291 KJUR.asn1.x509.ExtKeyUsage.superclass.constructor.call(this, params); 1292 var _KJUR = KJUR, 1293 _KJUR_asn1 = _KJUR.asn1; 1294 1295 this.setPurposeArray = function(purposeArray) { 1296 this.asn1ExtnValue = new _KJUR_asn1.DERSequence(); 1297 for (var i = 0; i < purposeArray.length; i++) { 1298 var o = new _KJUR_asn1.DERObjectIdentifier(purposeArray[i]); 1299 this.asn1ExtnValue.appendASN1Object(o); 1300 } 1301 }; 1302 1303 this.getExtnValueHex = function() { 1304 return this.asn1ExtnValue.getEncodedHex(); 1305 }; 1306 1307 this.oid = "2.5.29.37"; 1308 if (params !== undefined) { 1309 if (params.array !== undefined) { 1310 this.setPurposeArray(params.array); 1311 } 1312 } 1313 }; 1314 YAHOO.lang.extend(KJUR.asn1.x509.ExtKeyUsage, KJUR.asn1.x509.Extension); 1315 1316 /** 1317 * AuthorityKeyIdentifier ASN.1 structure class 1318 * @name KJUR.asn1.x509.AuthorityKeyIdentifier 1319 * @class AuthorityKeyIdentifier ASN.1 structure class 1320 * @param {Array} params associative array of parameters (ex. {kid: {hex: '89ab...'}, critical: true}) 1321 * @extends KJUR.asn1.x509.Extension 1322 * @since asn1x509 1.0.8 1323 * @description 1324 * This class represents ASN.1 structure for <a href="https://tools.ietf.org/html/rfc5280#section-4.2.1.1">AuthorityKeyIdentifier in RFC 5280</a>. 1325 * Constructor of this class may have following parameters.: 1326 * <ul> 1327 * <li>kid - When key object (RSA, KJUR.crypto.ECDSA/DSA) or PEM string of issuing authority public key or issuer certificate is specified, key identifier will be automatically calculated by the method specified in RFC 5280. When a hexadecimal string is specifed, kid will be set explicitly by it.</li> 1328 * <li>isscert - When PEM string of authority certificate is specified, both authorityCertIssuer and authorityCertSerialNumber will be set by the certificate.</li> 1329 * <li>issuer - {@link KJUR.asn1.x509.X500Name} parameter to specify issuer name explicitly.</li> 1330 * <li>sn - hexadecimal string to specify serial number explicitly.</li> 1331 * <li>critical - boolean to specify criticality of this extension 1332 * however conforming CA must mark this extension as non-critical in RFC 5280.</li> 1333 * </ul> 1334 * 1335 * <pre> 1336 * d-ce-authorityKeyIdentifier OBJECT IDENTIFIER ::= { id-ce 35 } 1337 * AuthorityKeyIdentifier ::= SEQUENCE { 1338 * keyIdentifier [0] KeyIdentifier OPTIONAL, 1339 * authorityCertIssuer [1] GeneralNames OPTIONAL, 1340 * authorityCertSerialNumber [2] CertificateSerialNumber OPTIONAL } 1341 * KeyIdentifier ::= OCTET STRING 1342 * </pre> 1343 * 1344 * @example 1345 * // 1. kid by key object 1346 * keyobj = KEYUTIL.getKey("-----BEGIN PUBLIC KEY..."); 1347 * e1 = new KJUR.asn1.x509.AuthorityKeyIdentifier({kid: keyobj}); 1348 * // 2. kid by PEM string of authority certificate or public key 1349 * e1 = new KJUR.asn1.x509.AuthorityKeyIdentifier({kid: "-----BEGIN..."}); 1350 * // 3. specify kid explicitly 1351 * e1 = new KJUR.asn1.x509.AuthorityKeyIdentifier({kid: "8ab1d3..."}); 1352 * }); 1353 * // 4. issuer and serial number by auhtority PEM certificate 1354 * e1 = new KJUR.asn1.x509.AuthorityKeyIdentifier({isscert: "-----BEGIN..."}); 1355 * // 5. issuer and serial number explicitly 1356 * e1 = new KJUR.asn1.x509.AuthorityKeyIdentifier({ 1357 * issuer: {ldapstr: "O=test,C=US"}, 1358 * sn: {hex: "1ac7..."}}); 1359 * // 6. combination 1360 * e1 = new KJUR.asn1.x509.AuthorityKeyIdentifier({ 1361 * kid: "-----BEGIN CERTIFICATE...", 1362 * isscert: "-----BEGIN CERTIFICATE..."}); 1363 */ 1364 KJUR.asn1.x509.AuthorityKeyIdentifier = function(params) { 1365 KJUR.asn1.x509.AuthorityKeyIdentifier.superclass.constructor.call(this, params); 1366 var _KJUR = KJUR, 1367 _KJUR_asn1 = _KJUR.asn1, 1368 _DERTaggedObject = _KJUR_asn1.DERTaggedObject, 1369 _GeneralNames = _KJUR_asn1.x509.GeneralNames, 1370 _isKey = _KJUR.crypto.Util.isKey; 1371 1372 this.asn1KID = null; 1373 this.asn1CertIssuer = null; // X500Name hTLV 1374 this.asn1CertSN = null; 1375 1376 this.getExtnValueHex = function() { 1377 var a = new Array(); 1378 if (this.asn1KID) 1379 a.push(new _DERTaggedObject({'explicit': false, 1380 'tag': '80', 1381 'obj': this.asn1KID})); 1382 1383 if (this.asn1CertIssuer) 1384 a.push(new _DERTaggedObject({'explicit': false, 1385 'tag': 'a1', 1386 'obj': new _GeneralNames([{dn: this.asn1CertIssuer}])})); 1387 1388 if (this.asn1CertSN) 1389 a.push(new _DERTaggedObject({'explicit': false, 1390 'tag': '82', 1391 'obj': this.asn1CertSN})); 1392 1393 var asn1Seq = new _KJUR_asn1.DERSequence({'array': a}); 1394 this.asn1ExtnValue = asn1Seq; 1395 return this.asn1ExtnValue.getEncodedHex(); 1396 }; 1397 1398 /** 1399 * set keyIdentifier value by DEROctetString parameter, key object or PEM file 1400 * @name setKIDByParam 1401 * @memberOf KJUR.asn1.x509.AuthorityKeyIdentifier# 1402 * @function 1403 * @param {Array} param parameter to set key identifier 1404 * @since asn1x509 1.0.8 1405 * @description 1406 * This method will set keyIdentifier by param. 1407 * Its key identifier value can be set by following type of param argument: 1408 * <ul> 1409 * <li>{str: "123"} - by raw string</li> 1410 * <li>{hex: "01af..."} - by hexadecimal value</li> 1411 * <li>RSAKey/DSA/ECDSA - by RSAKey, KJUR.crypto.{DSA/ECDSA} public key object. 1412 * key identifier value will be calculated by the method described in 1413 * <a href="https://tools.ietf.org/html/rfc5280#section-4.2.1.2">RFC 5280 4.2.1.2 (1)</a>. 1414 * </li> 1415 * <li>certificate PEM string - extract subjectPublicKeyInfo from specified PEM 1416 * certificate and 1417 * key identifier value will be calculated by the method described in 1418 * <a href="https://tools.ietf.org/html/rfc5280#section-4.2.1.2">RFC 5280 4.2.1.2 (1)</a>. 1419 * <li>PKCS#1/#8 public key PEM string - pem will be converted to a key object and 1420 * to PKCS#8 ASN.1 structure then calculate 1421 * a key identifier value will be calculated by the method described in 1422 * <a href="https://tools.ietf.org/html/rfc5280#section-4.2.1.2">RFC 5280 4.2.1.2 (1)</a>. 1423 * </ul> 1424 * 1425 * NOTE1: Automatic key identifier calculation is supported 1426 * since jsrsasign 8.0.16. 1427 * 1428 * @see KEYUTIL.getKeyID 1429 * 1430 * @example 1431 * o = new KJUR.asn1.x509.AuthorityKeyIdentifier(); 1432 * // set by hexadecimal string 1433 * o.setKIDByParam({hex: '1ad9...'}); 1434 * // set by SubjectPublicKeyInfo of PEM certificate string 1435 * o.setKIDByParam("-----BEGIN CERTIFICATE..."); 1436 * // set by PKCS#8 PEM public key string 1437 * o.setKIDByParam("-----BEGIN PUBLIC KEY..."); 1438 * // set by public key object 1439 * pubkey = KEYUTIL.getKey("-----BEGIN CERTIFICATE..."); 1440 * o.setKIDByParam(pubkey); 1441 */ 1442 this.setKIDByParam = function(param) { 1443 if (param.str !== undefined || 1444 param.hex !== undefined) { 1445 this.asn1KID = new KJUR.asn1.DEROctetString(param); 1446 } else if ((typeof param === "object" && 1447 KJUR.crypto.Util.isKey(param)) || 1448 (typeof param === "string" && 1449 param.indexOf("BEGIN ") != -1)) { 1450 1451 var keyobj = param; 1452 if (typeof param === "string") { 1453 keyobj = KEYUTIL.getKey(param); 1454 } 1455 1456 var kid = KEYUTIL.getKeyID(keyobj); 1457 this.asn1KID = new KJUR.asn1.DEROctetString({hex: kid}); 1458 } 1459 }; 1460 1461 /** 1462 * set authorityCertIssuer value by X500Name parameter 1463 * @name setCertIssuerByParam 1464 * @memberOf KJUR.asn1.x509.AuthorityKeyIdentifier# 1465 * @function 1466 * @param {Array} param parameter to set issuer name 1467 * @since asn1x509 1.0.8 1468 * @description 1469 * This method will set authorityCertIssuer name by param. 1470 * Issuer name can be set by following type of param argument: 1471 * <ul> 1472 * <li>str/ldapstr/hex/certsubject/certissuer - 1473 * set issuer by {@link KJUR.asn1.x509.X500Name} 1474 * object with specified parameters.</li> 1475 * <li>PEM CERTIFICATE STRING - extract its subject name from 1476 * specified issuer PEM certificate and set. 1477 * </ul> 1478 * NOTE1: Automatic authorityCertIssuer setting by certificate 1479 * is supported since jsrsasign 8.0.16. 1480 * 1481 * @see KJUR.asn1.x509.X500Name 1482 * @see KJUR.asn1.x509.GeneralNames 1483 * @see X509.getSubjectHex 1484 * 1485 * @example 1486 * var o = new KJUR.asn1.x509.AuthorityKeyIdentifier(); 1487 * // 1. set it by string 1488 * o.setCertIssuerByParam({str: '/C=US/O=Test'}); 1489 * // 2. set it by issuer PEM certificate 1490 * o.setCertIssuerByParam("-----BEGIN CERTIFICATE..."); 1491 * 1492 */ 1493 this.setCertIssuerByParam = function(param) { 1494 if (param.str !== undefined || 1495 param.ldapstr !== undefined || 1496 param.hex !== undefined || 1497 param.certsubject !== undefined || 1498 param.certissuer !== undefined) { 1499 this.asn1CertIssuer = new KJUR.asn1.x509.X500Name(param); 1500 } else if (typeof param === "string" && 1501 param.indexOf("BEGIN ") != -1 && 1502 param.indexOf("CERTIFICATE") != -1) { 1503 this.asn1CertIssuer = new KJUR.asn1.x509.X500Name({certissuer: param}); 1504 } 1505 }; 1506 1507 /** 1508 * set authorityCertSerialNumber value 1509 * @name setCertSerialNumberByParam 1510 * @memberOf KJUR.asn1.x509.AuthorityKeyIdentifier# 1511 * @function 1512 * @param {Object} param parameter to set serial number 1513 * @since asn1x509 1.0.8 1514 * @description 1515 * This method will set authorityCertSerialNumber by param. 1516 * Serial number can be set by following type of param argument: 1517 * 1518 * <ul> 1519 * <li>{int: 123} - by integer value</li> 1520 * <li>{hex: "01af"} - by hexadecimal integer value</li> 1521 * <li>{bigint: new BigInteger(...)} - by hexadecimal integer value</li> 1522 * <li>PEM CERTIFICATE STRING - extract serial number from issuer certificate and 1523 * set serial number. 1524 * 1525 * NOTE1: Automatic authorityCertSerialNumber setting by certificate 1526 * is supported since jsrsasign 8.0.16. 1527 * 1528 * @see X509.getSerialNumberHex 1529 */ 1530 this.setCertSNByParam = function(param) { 1531 if (param.str !== undefined || 1532 param.bigint !== undefined || 1533 param.hex !== undefined) { 1534 this.asn1CertSN = new KJUR.asn1.DERInteger(param); 1535 } else if (typeof param === "string" && 1536 param.indexOf("BEGIN ") != -1 && 1537 param.indexOf("CERTIFICATE")) { 1538 1539 var x = new X509(); 1540 x.readCertPEM(param); 1541 var sn = x.getSerialNumberHex(); 1542 this.asn1CertSN = new KJUR.asn1.DERInteger({hex: sn}); 1543 } 1544 }; 1545 1546 this.oid = "2.5.29.35"; 1547 if (params !== undefined) { 1548 if (params.kid !== undefined) { 1549 this.setKIDByParam(params.kid); 1550 } 1551 if (params.issuer !== undefined) { 1552 this.setCertIssuerByParam(params.issuer); 1553 } 1554 if (params.sn !== undefined) { 1555 this.setCertSNByParam(params.sn); 1556 } 1557 1558 if (params.issuersn !== undefined && 1559 typeof params.issuersn === "string" && 1560 params.issuersn.indexOf("BEGIN ") != -1 && 1561 params.issuersn.indexOf("CERTIFICATE")) { 1562 this.setCertSNByParam(params.issuersn); 1563 this.setCertIssuerByParam(params.issuersn); 1564 } 1565 } 1566 }; 1567 YAHOO.lang.extend(KJUR.asn1.x509.AuthorityKeyIdentifier, KJUR.asn1.x509.Extension); 1568 1569 /** 1570 * SubjectKeyIdentifier extension ASN.1 structure class 1571 * @name KJUR.asn1.x509.SubjectKeyIdentifier 1572 * @class SubjectKeyIdentifier ASN.1 structure class 1573 * @param {Array} params associative array of parameters (ex. {kid: {hex: '89ab...'}, critical: true}) 1574 * @extends KJUR.asn1.x509.Extension 1575 * @since asn1x509 1.1.7 jsrsasign 8.0.14 1576 * @description 1577 * This class represents ASN.1 structure for 1578 * <a href="https://tools.ietf.org/html/rfc5280#section-4.2.1.2"> 1579 * SubjectKeyIdentifier in RFC 5280</a>. 1580 * Constructor of this class may have following parameters: 1581 * <ul> 1582 * <li>kid - When key object (RSA, KJUR.crypto.ECDSA/DSA) or PEM string of subject public key or certificate is specified, key identifier will be automatically calculated by the method specified in RFC 5280. When a hexadecimal string is specifed, kid will be set explicitly by it.</li> 1583 * <li>critical - boolean to specify criticality of this extension 1584 * however conforming CA must mark this extension as non-critical in RFC 5280.</li> 1585 * </ul> 1586 * <pre> 1587 * d-ce-subjectKeyIdentifier OBJECT IDENTIFIER ::= { id-ce 14 } 1588 * SubjectKeyIdentifier ::= KeyIdentifier 1589 * KeyIdentifier ::= OCTET STRING 1590 * </pre> 1591 * 1592 * @example 1593 * // set by hexadecimal string 1594 * e = new KJUR.asn1.x509.SubjectKeyIdentifier({kid: {hex: '89ab'}}); 1595 * // set by PEM public key or certificate string 1596 * e = new KJUR.asn1.x509.SubjectKeyIdentifier({kid: "-----BEGIN CERTIFICATE..."}); 1597 * // set by public key object 1598 * pubkey = KEYUTIL.getKey("-----BEGIN CERTIFICATE..."); 1599 * e = new KJUR.asn1.x509.SubjectKeyIdentifier({kid: pubkey}); 1600 */ 1601 KJUR.asn1.x509.SubjectKeyIdentifier = function(params) { 1602 KJUR.asn1.x509.SubjectKeyIdentifier.superclass.constructor.call(this, params); 1603 var _KJUR = KJUR, 1604 _KJUR_asn1 = _KJUR.asn1, 1605 _DEROctetString = _KJUR_asn1.DEROctetString; 1606 1607 this.asn1KID = null; 1608 1609 this.getExtnValueHex = function() { 1610 this.asn1ExtnValue = this.asn1KID; 1611 return this.asn1ExtnValue.getEncodedHex(); 1612 }; 1613 1614 /** 1615 * set keyIdentifier value by DEROctetString parameter, key object or PEM file 1616 * @name setKIDByParam 1617 * @memberOf KJUR.asn1.x509.SubjectKeyIdentifier# 1618 * @function 1619 * @param {Array} param array of {@link KJUR.asn1.DERInteger} parameter 1620 * @since asn1x509 1.1.7 jsrsasign 8.0.14 1621 * @description 1622 * <ul> 1623 * <li>{str: "123"} - by raw string</li> 1624 * <li>{hex: "01af..."} - by hexadecimal value</li> 1625 * <li>RSAKey/DSA/ECDSA - by RSAKey, KJUR.crypto.{DSA/ECDSA} public key object. 1626 * key identifier value will be calculated by the method described in 1627 * <a href="https://tools.ietf.org/html/rfc5280#section-4.2.1.2">RFC 5280 4.2.1.2 (1)</a>. 1628 * </li> 1629 * <li>certificate PEM string - extract subjectPublicKeyInfo from specified PEM 1630 * certificate and 1631 * key identifier value will be calculated by the method described in 1632 * <a href="https://tools.ietf.org/html/rfc5280#section-4.2.1.2">RFC 5280 4.2.1.2 (1)</a>. 1633 * <li>PKCS#1/#8 public key PEM string - pem will be converted to a key object and 1634 * to PKCS#8 ASN.1 structure then calculate 1635 * a key identifier value will be calculated by the method described in 1636 * <a href="https://tools.ietf.org/html/rfc5280#section-4.2.1.2">RFC 5280 4.2.1.2 (1)</a>. 1637 * </ul> 1638 * 1639 * NOTE1: Automatic key identifier calculation is supported 1640 * since jsrsasign 8.0.16. 1641 * 1642 * @see KEYUTIL.getKeyID 1643 * 1644 * @example 1645 * o = new KJUR.asn1.x509.SubjectKeyIdentifier(); 1646 * // set by hexadecimal string 1647 * o.setKIDByParam({hex: '1ad9...'}); 1648 * // set by SubjectPublicKeyInfo of PEM certificate string 1649 * o.setKIDByParam("-----BEGIN CERTIFICATE..."); 1650 * // set by PKCS#8 PEM public key string 1651 * o.setKIDByParam("-----BEGIN PUBLIC KEY..."); 1652 * // set by public key object 1653 * pubkey = KEYUTIL.getKey("-----BEGIN CERTIFICATE..."); 1654 * o.setKIDByParam(pubkey); 1655 */ 1656 this.setKIDByParam = function(param) { 1657 if (param.str !== undefined || 1658 param.hex !== undefined) { 1659 this.asn1KID = new _DEROctetString(param); 1660 } else if ((typeof param === "object" && 1661 KJUR.crypto.Util.isKey(param)) || 1662 (typeof param === "string" && 1663 param.indexOf("BEGIN") != -1)) { 1664 1665 var keyobj = param; 1666 if (typeof param === "string") { 1667 keyobj = KEYUTIL.getKey(param); 1668 } 1669 1670 var kid = KEYUTIL.getKeyID(keyobj); 1671 this.asn1KID = new KJUR.asn1.DEROctetString({hex: kid}); 1672 } 1673 }; 1674 1675 this.oid = "2.5.29.14"; 1676 if (params !== undefined) { 1677 if (params.kid !== undefined) { 1678 this.setKIDByParam(params.kid); 1679 } 1680 } 1681 }; 1682 YAHOO.lang.extend(KJUR.asn1.x509.SubjectKeyIdentifier, KJUR.asn1.x509.Extension); 1683 1684 /** 1685 * AuthorityInfoAccess ASN.1 structure class 1686 * @name KJUR.asn1.x509.AuthorityInfoAccess 1687 * @class AuthorityInfoAccess ASN.1 structure class 1688 * @param {Array} params JSON object of AuthorityInfoAccess parameters 1689 * @extends KJUR.asn1.x509.Extension 1690 * @since asn1x509 1.0.8 1691 * @see {@link X509#getExtAuthorityInfoAccess} 1692 * @description 1693 * This class represents 1694 * <a href="https://tools.ietf.org/html/rfc5280#section-4.2.2.1"> 1695 * AuthorityInfoAccess extension defined in RFC 5280 4.2.2.1</a>. 1696 * <pre> 1697 * id-pe OBJECT IDENTIFIER ::= { id-pkix 1 } 1698 * id-pe-authorityInfoAccess OBJECT IDENTIFIER ::= { id-pe 1 } 1699 * AuthorityInfoAccessSyntax ::= 1700 * SEQUENCE SIZE (1..MAX) OF AccessDescription 1701 * AccessDescription ::= SEQUENCE { 1702 * accessMethod OBJECT IDENTIFIER, 1703 * accessLocation GeneralName } 1704 * id-ad OBJECT IDENTIFIER ::= { id-pkix 48 } 1705 * id-ad-caIssuers OBJECT IDENTIFIER ::= { id-ad 2 } 1706 * id-ad-ocsp OBJECT IDENTIFIER ::= { id-ad 1 } 1707 * </pre> 1708 * NOTE: Acceptable parameters have been changed since 1709 * from jsrsasign 9.0.0 asn1x509 2.0.0. 1710 * Parameter generated by {@link X509#getAuthorityInfoAccess} 1711 * can be accepted as a argument of this constructor. 1712 * @example 1713 * e1 = new KJUR.asn1.x509.AuthorityInfoAccess({ 1714 * array: [ 1715 * {ocsp: 'http://ocsp.example.org'}, 1716 * {caissuer: 'https://repository.example.org/aaa.crt'} 1717 * ] 1718 * }); 1719 */ 1720 KJUR.asn1.x509.AuthorityInfoAccess = function(params) { 1721 KJUR.asn1.x509.AuthorityInfoAccess.superclass.constructor.call(this, params); 1722 1723 this.setAccessDescriptionArray = function(aParam) { 1724 var aASN1 = new Array(), 1725 _KJUR = KJUR, 1726 _KJUR_asn1 = _KJUR.asn1, 1727 _DERSequence = _KJUR_asn1.DERSequence, 1728 _DERObjectIdentifier = _KJUR_asn1.DERObjectIdentifier, 1729 _GeneralName = _KJUR_asn1.x509.GeneralName; 1730 1731 for (var i = 0; i < aParam.length; i++) { 1732 var adseq; 1733 var adparam = aParam[i]; 1734 1735 if (adparam.ocsp !== undefined) { 1736 adseq = new _DERSequence({array: [ 1737 new _DERObjectIdentifier({oid: "1.3.6.1.5.5.7.48.1"}), 1738 new _GeneralName({uri: adparam.ocsp}) 1739 ]}); 1740 } else if (adparam.caissuer !== undefined) { 1741 adseq = new _DERSequence({array: [ 1742 new _DERObjectIdentifier({oid: "1.3.6.1.5.5.7.48.2"}), 1743 new _GeneralName({uri: adparam.caissuer}) 1744 ]}); 1745 } else { 1746 throw new Error("unknown AccessMethod parameter: " + 1747 JSON.stringify(adparam)); 1748 } 1749 aASN1.push(adseq); 1750 } 1751 this.asn1ExtnValue = new _DERSequence({'array':aASN1}); 1752 }; 1753 1754 this.getExtnValueHex = function() { 1755 return this.asn1ExtnValue.getEncodedHex(); 1756 }; 1757 1758 this.oid = "1.3.6.1.5.5.7.1.1"; 1759 if (params !== undefined) { 1760 if (params.array !== undefined) { 1761 this.setAccessDescriptionArray(params.array); 1762 } 1763 } 1764 }; 1765 YAHOO.lang.extend(KJUR.asn1.x509.AuthorityInfoAccess, KJUR.asn1.x509.Extension); 1766 1767 /** 1768 * SubjectAltName ASN.1 structure class<br/> 1769 * @name KJUR.asn1.x509.SubjectAltName 1770 * @class SubjectAltName ASN.1 structure class 1771 * @param {Array} params associative array of parameters 1772 * @extends KJUR.asn1.x509.Extension 1773 * @since jsrsasign 6.2.3 asn1x509 1.0.19 1774 * @see KJUR.asn1.x509.GeneralNames 1775 * @see KJUR.asn1.x509.GeneralName 1776 * @description 1777 * This class provides X.509v3 SubjectAltName extension. 1778 * <pre> 1779 * id-ce-subjectAltName OBJECT IDENTIFIER ::= { id-ce 17 } 1780 * SubjectAltName ::= GeneralNames 1781 * GeneralNames ::= SEQUENCE SIZE (1..MAX) OF GeneralName 1782 * GeneralName ::= CHOICE { 1783 * otherName [0] OtherName, 1784 * rfc822Name [1] IA5String, 1785 * dNSName [2] IA5String, 1786 * x400Address [3] ORAddress, 1787 * directoryName [4] Name, 1788 * ediPartyName [5] EDIPartyName, 1789 * uniformResourceIdentifier [6] IA5String, 1790 * iPAddress [7] OCTET STRING, 1791 * registeredID [8] OBJECT IDENTIFIER } 1792 * </pre> 1793 * @example 1794 * e1 = new KJUR.asn1.x509.SubjectAltName({ 1795 * critical: true, 1796 * array: [{uri: 'http://aaa.com/'}, {uri: 'http://bbb.com/'}] 1797 * }); 1798 */ 1799 KJUR.asn1.x509.SubjectAltName = function(params) { 1800 KJUR.asn1.x509.SubjectAltName.superclass.constructor.call(this, params) 1801 1802 this.setNameArray = function(paramsArray) { 1803 this.asn1ExtnValue = new KJUR.asn1.x509.GeneralNames(paramsArray); 1804 }; 1805 1806 this.getExtnValueHex = function() { 1807 return this.asn1ExtnValue.getEncodedHex(); 1808 }; 1809 1810 this.oid = "2.5.29.17"; 1811 if (params !== undefined) { 1812 if (params.array !== undefined) { 1813 this.setNameArray(params.array); 1814 } 1815 } 1816 }; 1817 YAHOO.lang.extend(KJUR.asn1.x509.SubjectAltName, KJUR.asn1.x509.Extension); 1818 1819 /** 1820 * IssuerAltName ASN.1 structure class<br/> 1821 * @name KJUR.asn1.x509.IssuerAltName 1822 * @class IssuerAltName ASN.1 structure class 1823 * @param {Array} params associative array of parameters 1824 * @extends KJUR.asn1.x509.Extension 1825 * @since jsrsasign 6.2.3 asn1x509 1.0.19 1826 * @see KJUR.asn1.x509.GeneralNames 1827 * @see KJUR.asn1.x509.GeneralName 1828 * @description 1829 * This class provides X.509v3 IssuerAltName extension. 1830 * <pre> 1831 * id-ce-subjectAltName OBJECT IDENTIFIER ::= { id-ce 18 } 1832 * IssuerAltName ::= GeneralNames 1833 * GeneralNames ::= SEQUENCE SIZE (1..MAX) OF GeneralName 1834 * GeneralName ::= CHOICE { 1835 * otherName [0] OtherName, 1836 * rfc822Name [1] IA5String, 1837 * dNSName [2] IA5String, 1838 * x400Address [3] ORAddress, 1839 * directoryName [4] Name, 1840 * ediPartyName [5] EDIPartyName, 1841 * uniformResourceIdentifier [6] IA5String, 1842 * iPAddress [7] OCTET STRING, 1843 * registeredID [8] OBJECT IDENTIFIER } 1844 * </pre> 1845 * @example 1846 * e1 = new KJUR.asn1.x509.IssuerAltName({ 1847 * critical: true, 1848 * array: [{uri: 'http://aaa.com/'}, {uri: 'http://bbb.com/'}] 1849 * }); 1850 */ 1851 KJUR.asn1.x509.IssuerAltName = function(params) { 1852 KJUR.asn1.x509.IssuerAltName.superclass.constructor.call(this, params) 1853 1854 this.setNameArray = function(paramsArray) { 1855 this.asn1ExtnValue = new KJUR.asn1.x509.GeneralNames(paramsArray); 1856 }; 1857 1858 this.getExtnValueHex = function() { 1859 return this.asn1ExtnValue.getEncodedHex(); 1860 }; 1861 1862 this.oid = "2.5.29.18"; 1863 if (params !== undefined) { 1864 if (params.array !== undefined) { 1865 this.setNameArray(params.array); 1866 } 1867 } 1868 }; 1869 YAHOO.lang.extend(KJUR.asn1.x509.IssuerAltName, KJUR.asn1.x509.Extension); 1870 1871 /** 1872 * priavte extension ASN.1 structure class<br/> 1873 * @name KJUR.asn1.x509.PrivateExtension 1874 * @class private extension ASN.1 structure class 1875 * @param {Array} params JSON object of private extension 1876 * @extends KJUR.asn1.x509.Extension 1877 * @since jsrsasign 9.1.1 asn1x509 1878 * @see KJUR.asn1.ASN1Util.newObject 1879 * 1880 * @description 1881 * This class is to represent private extension or 1882 * unsupported extension. 1883 * <pre> 1884 * Extension ::= SEQUENCE { 1885 * extnID OBJECT IDENTIFIER, 1886 * critical BOOLEAN DEFAULT FALSE, 1887 * extnValue OCTET STRING } 1888 * </pre> 1889 * Following properties can be set for JSON parameter: 1890 * <ul> 1891 * <li>{String}extname - string of OID or predefined extension name</li> 1892 * <li>{Boolean}critical - critical flag</li> 1893 * <li>{Object}extn - hexadecimal string or 1894 * of {@link KJUR.asn1.ASN1Util.newObject} 1895 * JSON parameter for extnValue field</li> 1896 * </li> 1897 * </ul> 1898 * 1899 * @example 1900 * // extn by hexadecimal 1901 * new KJUR.asn1.x509.PrivateExtension({ 1902 * extname: "1.2.3.4", 1903 * critical: true, 1904 * extn: "13026161" // means PrintableString "aa" 1905 * }); 1906 * 1907 * // extn by JSON parameter 1908 * new KJUR.asn1.x509.PrivateExtension({ 1909 * extname: "1.2.3.5", 1910 * extn: {seq: [{prnstr:"abc"},{utf8str:"def"}]} 1911 * }); 1912 */ 1913 KJUR.asn1.x509.PrivateExtension = function(params) { 1914 KJUR.asn1.x509.PrivateExtension.superclass.constructor.call(this, params) 1915 1916 var _KJUR = KJUR, 1917 _isHex = _KJUR.lang.String.isHex, 1918 _KJUR_asn1 = _KJUR.asn1, 1919 _name2oid = _KJUR_asn1.x509.OID.name2oid, 1920 _newObject = _KJUR_asn1.ASN1Util.newObject; 1921 1922 this.params = null; 1923 1924 this.setByParam = function(params) { 1925 this.oid = _name2oid(params.extname); 1926 this.params = params; 1927 }; 1928 1929 this.getExtnValueHex = function() { 1930 if (this.params.extname == undefined || 1931 this.params.extn == undefined) { 1932 throw new Error("extname or extnhex not specified"); 1933 } 1934 1935 var extn = this.params.extn; 1936 if (typeof extn == "string" && _isHex(extn)) { 1937 return extn; 1938 } else if (typeof extn == "object") { 1939 try { 1940 return _newObject(extn).getEncodedHex(); 1941 } catch(ex) {} 1942 } 1943 throw new Error("unsupported extn value"); 1944 }; 1945 1946 if (params != undefined) { 1947 this.setByParam(params); 1948 } 1949 }; 1950 YAHOO.lang.extend(KJUR.asn1.x509.PrivateExtension, KJUR.asn1.x509.Extension); 1951 1952 // === END X.509v3 Extensions Related ======================================= 1953 1954 // === BEGIN CRL Related =================================================== 1955 /** 1956 * X.509 CRL class to sign and generate hex encoded CRL<br/> 1957 * @name KJUR.asn1.x509.CRL 1958 * @class X.509 CRL class to sign and generate hex encoded certificate 1959 * @property {Array} params JSON object of parameters 1960 * @param {Array} params JSON object of CRL parameters 1961 * @extends KJUR.asn1.ASN1Object 1962 * @since 1.0.3 1963 * @see KJUR.asn1.x509.TBSCertList 1964 * 1965 * @description 1966 * This class represents CertificateList ASN.1 structur of X.509 CRL 1967 * defined in <a href="https://tools.ietf.org/html/rfc5280#section-5.1"> 1968 * RFC 5280 5.1</a> 1969 * <pre> 1970 * CertificateList ::= SEQUENCE { 1971 * tbsCertList TBSCertList, 1972 * signatureAlgorithm AlgorithmIdentifier, 1973 * signatureValue BIT STRING } 1974 * </pre> 1975 * NOTE: CRL class is updated without backward 1976 * compatibility from jsrsasign 9.1.0 asn1x509 2.1.0. 1977 * Most of methods are removed and parameters can be set 1978 * by JSON object. 1979 * <br/> 1980 * Constructor of this class can accept all 1981 * parameters of {@link KJUR.asn1.x509.TBSCertList}. 1982 * It also accept following parameters additionally: 1983 * <ul> 1984 * <li>{TBSCertList}tbsobj (OPTION) - 1985 * specifies {@link KJUR.asn1.x509.TBSCertList} 1986 * object to be signed if needed. 1987 * When this isn't specified, 1988 * this will be set from other parametes of TBSCertList.</li> 1989 * <li>{Object}cakey (OPTION) - specifies CRL signing private key. 1990 * Parameter "cakey" or "sighex" shall be specified. Following 1991 * values can be specified: 1992 * <ul> 1993 * <li>PKCS#1/5 or PKCS#8 PEM string of private key</li> 1994 * <li>RSAKey/DSA/ECDSA key object. {@link KEYUTIL.getKey} is useful 1995 * to generate a key object.</li> 1996 * </ul> 1997 * </li> 1998 * <li>{String}sighex (OPTION) - hexadecimal string of signature value 1999 * (i.e. ASN.1 value(V) of signatureValue BIT STRING without 2000 * unused bits)</li> 2001 * </ul> 2002 * 2003 * @example 2004 * var crl = new KJUR.asn1x509.CRL({ 2005 * sigalg: "SHA256withRSA", 2006 * issuer: {str:'/C=JP/O=Test1'}, 2007 * thisupdate: "200821235959Z", 2008 * nextupdate: "200828235959Z", // OPTION 2009 * revcert: [{sn: {hex: "12ab"}, date: "200401235959Z"}], 2010 * ext: [ 2011 * {extname: "cRLNumber", num: {'int': 8}}, 2012 * {extname: "authorityKeyIdentifier", "kid": {hex: "12ab"}} 2013 * ], 2014 * cakey: prvkey 2015 * }); 2016 * crl.getEncodedHex() → "30..." 2017 * crl.getPEM() → "-----BEGIN X509 CRL..." 2018 */ 2019 KJUR.asn1.x509.CRL = function(params) { 2020 KJUR.asn1.x509.CRL.superclass.constructor.call(this); 2021 var _KJUR = KJUR, 2022 _KJUR_asn1 = _KJUR.asn1, 2023 _DERSequence = _KJUR_asn1.DERSequence, 2024 _DERBitString = _KJUR_asn1.DERBitString, 2025 _KJUR_asn1_x509 = _KJUR_asn1.x509, 2026 _AlgorithmIdentifier = _KJUR_asn1_x509.AlgorithmIdentifier, 2027 _TBSCertList = _KJUR_asn1_x509.TBSCertList; 2028 2029 this.params = undefined; 2030 2031 this.setByParam = function(params) { 2032 this.params = params; 2033 }; 2034 2035 /** 2036 * sign CRL<br/> 2037 * @name sign 2038 * @memberOf KJUR.asn1.x509.CRL# 2039 * @function 2040 * @description 2041 * This method signs TBSCertList with a specified 2042 * private key and algorithm by 2043 * this.params.cakey and this.params.sigalg parameter. 2044 * @example 2045 * crl = new KJUR.asn1.x509.CRL({..., cakey:prvkey}); 2046 * crl.sign() 2047 */ 2048 this.sign = function() { 2049 var hTBSCL = (new _TBSCertList(this.params)).getEncodedHex(); 2050 var sig = new KJUR.crypto.Signature({alg: this.params.sigalg}); 2051 sig.init(this.params.cakey); 2052 sig.updateHex(hTBSCL); 2053 var sighex = sig.sign(); 2054 this.params.sighex = sighex; 2055 }; 2056 2057 /** 2058 * get PEM formatted CRL string after signed<br/> 2059 * @name getPEM 2060 * @memberOf KJUR.asn1.x509.CRL# 2061 * @function 2062 * @return PEM formatted string of CRL 2063 * @since jsrsasign 9.1.0 asn1hex 2.1.0 2064 * @description 2065 * This method returns a string of PEM formatted 2066 * CRL. 2067 * @example 2068 * crl = new KJUR.asn1.x509.CRL({...}); 2069 * crl.getPEM() → 2070 * "-----BEGIN X509 CRL-----\r\n..." 2071 */ 2072 this.getPEM = function() { 2073 return hextopem(this.getEncodedHex(), "X509 CRL"); 2074 }; 2075 2076 this.getEncodedHex = function() { 2077 var params = this.params; 2078 2079 if (params.tbsobj == undefined) { 2080 params.tbsobj = new _TBSCertList(params); 2081 } 2082 2083 if (params.sighex == undefined && params.cakey != undefined) { 2084 this.sign(); 2085 } 2086 2087 if (params.sighex == undefined) { 2088 throw new Error("sighex or cakey parameter not defined"); 2089 } 2090 2091 var a = []; 2092 a.push(params.tbsobj); 2093 a.push(new _AlgorithmIdentifier({name: params.sigalg})); 2094 a.push(new _DERBitString({hex: "00" + params.sighex})); 2095 var seq = new _DERSequence({array: a}); 2096 return seq.getEncodedHex(); 2097 }; 2098 2099 if (params != undefined) this.params = params; 2100 }; 2101 YAHOO.lang.extend(KJUR.asn1.x509.CRL, KJUR.asn1.ASN1Object); 2102 2103 /** 2104 * ASN.1 TBSCertList ASN.1 structure class for CRL<br/> 2105 * @name KJUR.asn1.x509.TBSCertList 2106 * @class TBSCertList ASN.1 structure class for CRL 2107 * @property {Array} params JSON object of parameters 2108 * @param {Array} params JSON object of TBSCertList parameters 2109 * @extends KJUR.asn1.ASN1Object 2110 * @since 1.0.3 2111 * 2112 * @description 2113 * This class represents TBSCertList of CRL defined in 2114 * <a href="https://tools.ietf.org/html/rfc5280#section-5.1"> 2115 * RFC 5280 5.1</a>. 2116 * <pre> 2117 * TBSCertList ::= SEQUENCE { 2118 * version Version OPTIONAL, 2119 * -- if present, MUST be v2 2120 * signature AlgorithmIdentifier, 2121 * issuer Name, 2122 * thisUpdate Time, 2123 * nextUpdate Time OPTIONAL, 2124 * revokedCertificates SEQUENCE OF SEQUENCE { 2125 * userCertificate CertificateSerialNumber, 2126 * revocationDate Time, 2127 * crlEntryExtensions Extensions OPTIONAL 2128 * -- if present, version MUST be v2 2129 * } OPTIONAL, 2130 * crlExtensions [0] EXPLICIT Extensions OPTIONAL 2131 * } 2132 * </pre> 2133 * NOTE: TBSCertList class is updated without backward 2134 * compatibility from jsrsasign 9.1.0 asn1x509 2.1.0. 2135 * Most of methods are removed and parameters can be set 2136 * by JSON object. 2137 * <br/> 2138 * Constructor of this class may have following parameters: 2139 * <ul> 2140 * <li>{Integer}version (OPTION) - version number. Omitted by default.</li> 2141 * <li>{String}sigalg - signature algorithm name</li> 2142 * <li>{Array}issuer - issuer parameter of {@link KJUR.asn1.x509.X500Name}</li> 2143 * <li>{String}thisupdate - thisUpdate field value</li> 2144 * <li>{String}nextupdate (OPTION) - thisUpdate field value</li> 2145 * <li>{Array}revcert (OPTION) - revokedCertificates field value as array 2146 * Its element may have following property: 2147 * <ul> 2148 * <li>{Array}sn - serialNumber of userCertificate field specified 2149 * by {@link KJUR.asn1.DERInteger}</li> 2150 * <li>{String}date - revocationDate field specified by 2151 * a string of {@link KJUR.asn1.x509.Time} parameter</li> 2152 * <li>{Array}ext (OPTION) - array of CRL entry extension parameter</li> 2153 * </ul> 2154 * </li> 2155 * </ul> 2156 * 2157 * @example 2158 * var o = new KJUR.asn1.x509.TBSCertList({ 2159 * sigalg: "SHA256withRSA", 2160 * issuer: {array: [[{type:'C',value:'JP',ds:'prn'}], 2161 * [{type:'O',value:'T1',ds:'prn'}]]}, 2162 * thisupdate: "200821235959Z", 2163 * nextupdate: "200828235959Z", // OPTION 2164 * revcert: [ 2165 * {sn: {hex: "12ab"}, date: "200401235959Z", ext: [{extname: "cRLReason", code:1}]}, 2166 * {sn: {hex: "12bc"}, date: "200405235959Z", ext: [{extname: "cRLReason", code:2}]} 2167 * ], 2168 * ext: [ 2169 * {extname: "cRLNumber", num: {'int': 8}}, 2170 * {extname: "authorityKeyIdentifier", "kid": {hex: "12ab"}} 2171 * ] 2172 * }); 2173 * o.getEncodedHex() → "30..." 2174 */ 2175 KJUR.asn1.x509.TBSCertList = function(params) { 2176 KJUR.asn1.x509.TBSCertList.superclass.constructor.call(this); 2177 var _KJUR = KJUR, 2178 _KJUR_asn1 = _KJUR.asn1, 2179 _DERInteger = _KJUR_asn1.DERInteger, 2180 _DERSequence = _KJUR_asn1.DERSequence, 2181 _DERTaggedObject = _KJUR_asn1.DERTaggedObject, 2182 _DERObjectIdentifier = _KJUR_asn1.DERObjectIdentifier, 2183 _KJUR_asn1_x509 = _KJUR_asn1.x509, 2184 _AlgorithmIdentifier = _KJUR_asn1_x509.AlgorithmIdentifier, 2185 _Time = _KJUR_asn1_x509.Time, 2186 _Extensions = _KJUR_asn1_x509.Extensions, 2187 _X500Name = _KJUR_asn1_x509.X500Name; 2188 this.params = null; 2189 2190 /** 2191 * get array of ASN.1 object for extensions<br/> 2192 * @name setByParam 2193 * @memberOf KJUR.asn1.x509.TBSCertList# 2194 * @function 2195 * @param {Array} JSON object of TBSCertList parameters 2196 * @example 2197 * tbsc = new KJUR.asn1.x509.TBSCertificate(); 2198 * tbsc.setByParam({version:3, serial:{hex:'1234...'},...}); 2199 */ 2200 this.setByParam = function(params) { 2201 this.params = params; 2202 }; 2203 2204 /** 2205 * get DERSequence for revokedCertificates<br/> 2206 * @name getRevCertSequence 2207 * @memberOf KJUR.asn1.x509.TBSCertList# 2208 * @function 2209 * @return {@link KJUR.asn1.DERSequence} of revokedCertificates 2210 */ 2211 this.getRevCertSequence = function() { 2212 var a = []; 2213 var aRevCert = this.params.revcert; 2214 for (var i = 0; i < aRevCert.length; i++) { 2215 var aEntry = [ 2216 new _DERInteger(aRevCert[i].sn), 2217 new _Time(aRevCert[i].date) 2218 ]; 2219 if (aRevCert[i].ext != undefined) { 2220 aEntry.push(new _Extensions(aRevCert[i].ext)); 2221 } 2222 a.push(new _DERSequence({array: aEntry})); 2223 } 2224 return new _DERSequence({array: a}); 2225 }; 2226 2227 this.getEncodedHex = function() { 2228 var a = []; 2229 var params = this.params; 2230 2231 if (params.version != undefined) { 2232 var version = params.version - 1; 2233 var obj = new _DERInteger({'int': version}); 2234 a.push(obj); 2235 } 2236 2237 a.push(new _AlgorithmIdentifier({name: params.sigalg})); 2238 a.push(new _X500Name(params.issuer)); 2239 a.push(new _Time(params.thisupdate)); 2240 if (params.nextupdate != undefined) 2241 a.push(new _Time(params.nextupdate)) 2242 if (params.revcert != undefined) { 2243 a.push(this.getRevCertSequence()); 2244 } 2245 if (params.ext != undefined) { 2246 var dExt = new _Extensions(params.ext); 2247 a.push(new _DERTaggedObject({tag:'a0', 2248 explicit:true, 2249 obj:dExt})); 2250 } 2251 2252 var seq = new _DERSequence({array: a}); 2253 return seq.getEncodedHex(); 2254 }; 2255 2256 if (params !== undefined) this.setByParam(params); 2257 }; 2258 YAHOO.lang.extend(KJUR.asn1.x509.TBSCertList, KJUR.asn1.ASN1Object); 2259 2260 /** 2261 * ASN.1 CRLEntry structure class for CRL (DEPRECATED)<br/> 2262 * @name KJUR.asn1.x509.CRLEntry 2263 * @class ASN.1 CRLEntry structure class for CRL 2264 * @param {Array} params JSON object for CRL entry parameter 2265 * @extends KJUR.asn1.ASN1Object 2266 * @since 1.0.3 2267 * @see KJUR.asn1.x509.TBSCertList 2268 * @deprecated since jsrsasign 9.1.0 asn1x509 2.1.0 2269 * @description 2270 * This class is to represent revokedCertificate in TBSCertList. 2271 * However this is no more used by TBSCertList since 2272 * jsrsasign 9.1.0. So this class have been deprecated in 2273 * jsrsasign 9.1.0. 2274 * <pre> 2275 * revokedCertificates SEQUENCE OF SEQUENCE { 2276 * userCertificate CertificateSerialNumber, 2277 * revocationDate Time, 2278 * crlEntryExtensions Extensions OPTIONAL 2279 * -- if present, version MUST be v2 } 2280 * </pre> 2281 * @example 2282 * var e = new KJUR.asn1.x509.CRLEntry({'time': {'str': '130514235959Z'}, 'sn': {'int': 234}}); 2283 */ 2284 KJUR.asn1.x509.CRLEntry = function(params) { 2285 KJUR.asn1.x509.CRLEntry.superclass.constructor.call(this); 2286 var sn = null, 2287 time = null, 2288 _KJUR = KJUR, 2289 _KJUR_asn1 = _KJUR.asn1; 2290 2291 /** 2292 * set DERInteger parameter for serial number of revoked certificate 2293 * @name setCertSerial 2294 * @memberOf KJUR.asn1.x509.CRLEntry 2295 * @function 2296 * @param {Array} intParam DERInteger parameter for certificate serial number 2297 * @description 2298 * @example 2299 * entry.setCertSerial({'int': 3}); 2300 */ 2301 this.setCertSerial = function(intParam) { 2302 this.sn = new _KJUR_asn1.DERInteger(intParam); 2303 }; 2304 2305 /** 2306 * set Time parameter for revocation date 2307 * @name setRevocationDate 2308 * @memberOf KJUR.asn1.x509.CRLEntry 2309 * @function 2310 * @param {Array} timeParam Time parameter for revocation date 2311 * @description 2312 * @example 2313 * entry.setRevocationDate({'str': '130508235959Z'}); 2314 */ 2315 this.setRevocationDate = function(timeParam) { 2316 this.time = new _KJUR_asn1.x509.Time(timeParam); 2317 }; 2318 2319 this.getEncodedHex = function() { 2320 var o = new _KJUR_asn1.DERSequence({"array": [this.sn, this.time]}); 2321 this.TLV = o.getEncodedHex(); 2322 return this.TLV; 2323 }; 2324 2325 if (params !== undefined) { 2326 if (params.time !== undefined) { 2327 this.setRevocationDate(params.time); 2328 } 2329 if (params.sn !== undefined) { 2330 this.setCertSerial(params.sn); 2331 } 2332 } 2333 }; 2334 YAHOO.lang.extend(KJUR.asn1.x509.CRLEntry, KJUR.asn1.ASN1Object); 2335 2336 /** 2337 * CRLNumber CRL extension ASN.1 structure class<br/> 2338 * @name KJUR.asn1.x509.CRLNumber 2339 * @class CRLNumber CRL extension ASN.1 structure class 2340 * @extends KJUR.asn1.x509.Extension 2341 * @since jsrsasign 9.1.0 asn1x509 2.1.0 2342 * @see KJUR.asn1.x509.TBSCertList 2343 * @see KJUR.asn1.x509.Extensions 2344 * @description 2345 * This class represents ASN.1 structure for 2346 * CRLNumber CRL extension defined in 2347 * <a href="https://tools.ietf.org/html/rfc5280#section-5.2.3"> 2348 * RFC 5280 5.2.3</a>. 2349 * <pre> 2350 * id-ce-cRLNumber OBJECT IDENTIFIER ::= { id-ce 20 } 2351 * CRLNumber ::= INTEGER (0..MAX) 2352 * </pre> 2353 * Constructor of this class may have following parameters: 2354 * <ul> 2355 * <li>{String}extname - name "cRLNumber". It is ignored in this class but 2356 * required to use with {@link KJUR.asn1.x509.Extensions} class. (OPTION)</li> 2357 * <li>{Object}num - CRLNumber value to specify 2358 * {@link KJUR.asn1.DERInteger} parameter.</li> 2359 * <li>{Boolean}critical - critical flag. Generally false and not specified 2360 * in this class.(OPTION)</li> 2361 * </ul> 2362 * 2363 * @example 2364 * new KJUR.asn1.x509.CRLNumber({extname:'cRLNumber', 2365 * num:{'int':147}}) 2366 */ 2367 KJUR.asn1.x509.CRLNumber = function(params) { 2368 KJUR.asn1.x509.CRLNumber.superclass.constructor.call(this, params); 2369 this.params = undefined; 2370 2371 this.getExtnValueHex = function() { 2372 this.asn1ExtnValue = new KJUR.asn1.DERInteger(this.params.num); 2373 return this.asn1ExtnValue.getEncodedHex(); 2374 }; 2375 2376 this.oid = "2.5.29.20"; 2377 if (params != undefined) this.params = params; 2378 }; 2379 YAHOO.lang.extend(KJUR.asn1.x509.CRLNumber, KJUR.asn1.x509.Extension); 2380 2381 /** 2382 * CRLReason CRL entry extension ASN.1 structure class<br/> 2383 * @name KJUR.asn1.x509.CRLReason 2384 * @class CRLReason CRL entry extension ASN.1 structure class 2385 * @extends KJUR.asn1.x509.Extension 2386 * @since jsrsasign 9.1.0 asn1x509 2.1.0 2387 * @see KJUR.asn1.x509.TBSCertList 2388 * @see KJUR.asn1.x509.Extensions 2389 * @description 2390 * This class represents ASN.1 structure for 2391 * CRLReason CRL entry extension defined in 2392 * <a href="https://tools.ietf.org/html/rfc5280#section-5.3.1"> 2393 * RFC 5280 5.3.1</a> 2394 * <pre> 2395 * id-ce-cRLReasons OBJECT IDENTIFIER ::= { id-ce 21 } 2396 * -- reasonCode ::= { CRLReason } 2397 * CRLReason ::= ENUMERATED { 2398 * unspecified (0), 2399 * keyCompromise (1), 2400 * cACompromise (2), 2401 * affiliationChanged (3), 2402 * superseded (4), 2403 * cessationOfOperation (5), 2404 * certificateHold (6), 2405 * removeFromCRL (8), 2406 * privilegeWithdrawn (9), 2407 * aACompromise (10) } 2408 * </pre> 2409 * Constructor of this class may have following parameters: 2410 * <ul> 2411 * <li>{String}extname - name "cRLReason". It is ignored in this class but 2412 * required to use with {@link KJUR.asn1.x509.Extensions} class. (OPTION)</li> 2413 * <li>{Integer}code - reasonCode value</li> 2414 * <li>{Boolean}critical - critical flag. Generally false and not specified 2415 * in this class.(OPTION)</li> 2416 * </ul> 2417 * 2418 * @example 2419 * new KJUR.asn1.x509.CRLReason({extname:'cRLNumber',code:4}) 2420 */ 2421 KJUR.asn1.x509.CRLReason = function(params) { 2422 KJUR.asn1.x509.CRLReason.superclass.constructor.call(this, params); 2423 this.params = undefined; 2424 2425 this.getExtnValueHex = function() { 2426 this.asn1ExtnValue = new KJUR.asn1.DEREnumerated(this.params.code); 2427 return this.asn1ExtnValue.getEncodedHex(); 2428 }; 2429 2430 this.oid = "2.5.29.21"; 2431 if (params != undefined) this.params = params; 2432 }; 2433 YAHOO.lang.extend(KJUR.asn1.x509.CRLReason, KJUR.asn1.x509.Extension); 2434 2435 // === END CRL Related =================================================== 2436 2437 // === BEGIN OCSP Related =================================================== 2438 /** 2439 * Nonce OCSP extension ASN.1 structure class<br/> 2440 * @name KJUR.asn1.x509.OCSPNonce 2441 * @class Nonce OCSP extension ASN.1 structure class 2442 * @extends KJUR.asn1.x509.Extension 2443 * @since jsrsasign 9.1.6 asn1x509 2.1.2 2444 * @param {Array} params JSON object for Nonce extension 2445 * @see KJUR.asn1.ocsp.ResponseData 2446 * @see KJUR.asn1.x509.Extensions 2447 * @see X509#getExtOCSPNonce 2448 * @description 2449 * This class represents 2450 * Nonce OCSP extension value defined in 2451 * <a href="https://tools.ietf.org/html/rfc6960#section-4.4.1"> 2452 * RFC 6960 4.4.1</a> as JSON object. 2453 * <pre> 2454 * id-pkix-ocsp OBJECT IDENTIFIER ::= { id-ad-ocsp } 2455 * id-pkix-ocsp-nonce OBJECT IDENTIFIER ::= { id-pkix-ocsp 2 } 2456 * Nonce ::= OCTET STRING 2457 * </pre> 2458 * Constructor of this class may have following parameters: 2459 * <ul> 2460 * <li>{String}extname - name "ocspNonce". It is ignored in this class but 2461 * required to use with {@link KJUR.asn1.x509.Extensions} class. (OPTION)</li> 2462 * <li>{String}hex - hexadecimal string of nonce value</li> 2463 * <li>{Number}int - integer of nonce value. "hex" or "int" needs to be 2464 * specified.</li> 2465 * <li>{Boolean}critical - critical flag. Generally false and not specified 2466 * in this class.(OPTION)</li> 2467 * </ul> 2468 * 2469 * @example 2470 * new KJUR.asn1.x509.OCSPNonce({extname:'ocspNonce', 2471 * hex: '12ab...'}) 2472 */ 2473 KJUR.asn1.x509.OCSPNonce = function(params) { 2474 KJUR.asn1.x509.OCSPNonce.superclass.constructor.call(this, params); 2475 this.params = undefined; 2476 2477 this.getExtnValueHex = function() { 2478 this.asn1ExtnValue = new KJUR.asn1.DEROctetString(this.params); 2479 return this.asn1ExtnValue.getEncodedHex(); 2480 }; 2481 2482 this.oid = "1.3.6.1.5.5.7.48.1.2"; 2483 if (params != undefined) this.params = params; 2484 }; 2485 YAHOO.lang.extend(KJUR.asn1.x509.OCSPNonce, KJUR.asn1.x509.Extension); 2486 2487 /** 2488 * OCSPNoCheck certificate ASN.1 structure class<br/> 2489 * @name KJUR.asn1.x509.OCSPNoCheck 2490 * @class OCSPNoCheck extension ASN.1 structure class 2491 * @extends KJUR.asn1.x509.Extension 2492 * @since jsrsasign 9.1.6 asn1x509 2.1.2 2493 * @param {Array} params JSON object for OCSPNoCheck extension 2494 * @see KJUR.asn1.x509.Extensions 2495 * @see X509#getExtOCSPNoCheck 2496 * @description 2497 * This class represents 2498 * OCSPNoCheck extension value defined in 2499 * <a href="https://tools.ietf.org/html/rfc6960#section-4.2.2.2.1"> 2500 * RFC 6960 4.2.2.2.1</a> as JSON object. 2501 * <pre> 2502 * id-pkix-ocsp-nocheck OBJECT IDENTIFIER ::= { id-pkix-ocsp 5 } 2503 * </pre> 2504 * Constructor of this class may have following parameters: 2505 * <ul> 2506 * <li>{String}extname - name "ocspNoCheck". It is ignored in this class but 2507 * required to use with {@link KJUR.asn1.x509.Extensions} class. (OPTION)</li> 2508 * <li>{Boolean}critical - critical flag. Generally false and not specified 2509 * in this class.(OPTION)</li> 2510 * </ul> 2511 * 2512 * @example 2513 * new KJUR.asn1.x509.OCSPNonce({extname:'ocspNoCheck'}) 2514 */ 2515 KJUR.asn1.x509.OCSPNoCheck = function(params) { 2516 KJUR.asn1.x509.OCSPNoCheck.superclass.constructor.call(this, params); 2517 this.params = undefined; 2518 2519 this.getExtnValueHex = function() { 2520 this.asn1ExtnValue = new KJUR.asn1.DERNull(); 2521 return this.asn1ExtnValue.getEncodedHex(); 2522 }; 2523 2524 this.oid = "1.3.6.1.5.5.7.48.1.5"; 2525 if (params != undefined) this.params = params; 2526 }; 2527 YAHOO.lang.extend(KJUR.asn1.x509.OCSPNoCheck, KJUR.asn1.x509.Extension); 2528 2529 // === END OCSP Related =================================================== 2530 2531 // === BEGIN X500Name Related ================================================= 2532 /** 2533 * X500Name ASN.1 structure class 2534 * @name KJUR.asn1.x509.X500Name 2535 * @class X500Name ASN.1 structure class 2536 * @param {Array} params associative array of parameters (ex. {'str': '/C=US/O=a'}) 2537 * @extends KJUR.asn1.ASN1Object 2538 * @see KJUR.asn1.x509.X500Name 2539 * @see KJUR.asn1.x509.RDN 2540 * @see KJUR.asn1.x509.AttributeTypeAndValue 2541 * @see X509#getX500Name 2542 * @description 2543 * This class provides DistinguishedName ASN.1 class structure 2544 * defined in <a href="https://tools.ietf.org/html/rfc2253#section-2">RFC 2253 section 2</a>. 2545 * <blockquote><pre> 2546 * DistinguishedName ::= RDNSequence 2547 * RDNSequence ::= SEQUENCE OF RelativeDistinguishedName 2548 * RelativeDistinguishedName ::= SET SIZE (1..MAX) OF 2549 * AttributeTypeAndValue 2550 * AttributeTypeAndValue ::= SEQUENCE { 2551 * type AttributeType, 2552 * value AttributeValue } 2553 * </pre></blockquote> 2554 * <br/> 2555 * Argument for the constructor can be one of following parameters: 2556 * <ul> 2557 * <li>{Array}array - array of {@link KJUR.asn1.x509.RDN} parameter</li> 2558 * <li>`String}str - string for distingish name in OpenSSL One line foramt (ex: /C=US/O=test/CN=test) See <a href="https://github.com/kjur/jsrsasign/wiki/NOTE-distinguished-name-representation-in-jsrsasign">this</a> in detail.</li> 2559 * <li>{String}ldapstr - string for distinguish name in LDAP format (ex: CN=test,O=test,C=US)</li> 2560 * <li>{String}hex - hexadecimal string for ASN.1 distinguish name structure</li> 2561 * <li>{String}certissuer - issuer name in the specified PEM certificate</li> 2562 * <li>{String}certsubject - subject name in the specified PEM certificate</li> 2563 * <li>{String}rule - DirectoryString rule (ex. "prn" or "utf8")</li> 2564 * </ul> 2565 * <br/> 2566 * NOTE1: The "array" and "rule" parameters have been supported 2567 * since jsrsasign 9.0.0 asn1x509 2.0.0. 2568 * <br/> 2569 * NOTE2: Multi-valued RDN in "str" parameter have been 2570 * supported since jsrsasign 6.2.1 asn1x509 1.0.17. 2571 * @example 2572 * // 1. construct with array 2573 * new KJUR.asn1.x509.X500Name({array:[ 2574 * [{type:'C',value:'JP',ds:'prn'}], 2575 * [{type:'O',value:'aaa',ds:'utf8'}, // multi-valued RDN 2576 * {type:'CN',value:'bob@example.com',ds:'ia5'}] 2577 * ]}) 2578 : "/C=US/O=aaa+CN=contact@example.com"}); // multi valued 2579 * // 2. construct with string 2580 * new KJUR.asn1.x509.X500Name({str: "/C=US/O=aaa+CN=contact@example.com"}); // multi valued 2581 * // 3. construct by LDAP string 2582 * new KJUR.asn1.x509.X500Name({ldapstr: "CN=foo@example.com,OU=bbb,C=US"}); 2583 * // 4. construct by ASN.1 hex string 2584 * new KJUR.asn1.x509.X500Name({hex: "304c3120..."}); 2585 * // 5. construct by issuer of PEM certificate 2586 * new KJUR.asn1.x509.X500Name({certsubject: "-----BEGIN CERT..."}); 2587 * // 6. construct by subject of PEM certificate 2588 * new KJUR.asn1.x509.X500Name({certissuer: "-----BEGIN CERT..."}); 2589 * // 7. construct by object (DEPRECATED) 2590 * new KJUR.asn1.x509.X500Name({C:"US",O:"aaa",CN:"http://example.com/"}); 2591 */ 2592 KJUR.asn1.x509.X500Name = function(params) { 2593 KJUR.asn1.x509.X500Name.superclass.constructor.call(this); 2594 this.asn1Array = []; 2595 this.paramArray = []; 2596 this.sRule = "utf8"; 2597 var _KJUR = KJUR, 2598 _KJUR_asn1 = _KJUR.asn1, 2599 _KJUR_asn1_x509 = _KJUR_asn1.x509, 2600 _RDN = _KJUR_asn1_x509.RDN, 2601 _pemtohex = pemtohex; 2602 2603 /** 2604 * set DN by OpenSSL oneline distinguished name string<br/> 2605 * @name setByString 2606 * @memberOf KJUR.asn1.x509.X500Name# 2607 * @function 2608 * @param {String} dnStr distinguished name by string (ex. /C=US/O=aaa) 2609 * @description 2610 * Sets distinguished name by string. 2611 * dnStr must be formatted as 2612 * "/type0=value0/type1=value1/type2=value2...". 2613 * No need to escape a slash in an attribute value. 2614 * @example 2615 * name = new KJUR.asn1.x509.X500Name(); 2616 * name.setByString("/C=US/O=aaa/OU=bbb/CN=foo@example.com"); 2617 * // no need to escape slash in an attribute value 2618 * name.setByString("/C=US/O=aaa/CN=1980/12/31"); 2619 */ 2620 this.setByString = function(dnStr, sRule) { 2621 if (sRule !== undefined) this.sRule = sRule; 2622 var a = dnStr.split('/'); 2623 a.shift(); 2624 2625 var a1 = []; 2626 for (var i = 0; i < a.length; i++) { 2627 if (a[i].match(/^[^=]+=.+$/)) { 2628 a1.push(a[i]); 2629 } else { 2630 var lastidx = a1.length - 1; 2631 a1[lastidx] = a1[lastidx] + "/" + a[i]; 2632 } 2633 } 2634 2635 for (var i = 0; i < a1.length; i++) { 2636 this.asn1Array.push(new _RDN({'str':a1[i], rule:this.sRule})); 2637 } 2638 }; 2639 2640 /** 2641 * set DN by LDAP(RFC 2253) distinguished name string<br/> 2642 * @name setByLdapString 2643 * @memberOf KJUR.asn1.x509.X500Name# 2644 * @function 2645 * @param {String} dnStr distinguished name by LDAP string (ex. O=aaa,C=US) 2646 * @since jsrsasign 6.2.2 asn1x509 1.0.18 2647 * @see {@link KJUR.asn1.x509.X500Name.ldapToCompat} 2648 * @description 2649 * @example 2650 * name = new KJUR.asn1.x509.X500Name(); 2651 * name.setByLdapString("CN=foo@example.com,OU=bbb,O=aaa,C=US"); 2652 */ 2653 this.setByLdapString = function(dnStr, sRule) { 2654 if (sRule !== undefined) this.sRule = sRule; 2655 var compat = _KJUR_asn1_x509.X500Name.ldapToCompat(dnStr); 2656 this.setByString(compat, sRule); 2657 }; 2658 2659 /** 2660 * set DN by associative array<br/> 2661 * @name setByObject 2662 * @memberOf KJUR.asn1.x509.X500Name# 2663 * @function 2664 * @param {Array} dnObj associative array of DN (ex. {C: "US", O: "aaa"}) 2665 * @since jsrsasign 4.9. asn1x509 1.0.13 2666 * @description 2667 * @example 2668 * name = new KJUR.asn1.x509.X500Name(); 2669 * name.setByObject({C: "US", O: "aaa", CN="http://example.com/"1}); 2670 */ 2671 this.setByObject = function(dnObj, sRule) { 2672 if (sRule !== undefined) this.sRule = sRule; 2673 2674 // Get all the dnObject attributes and stuff them in the ASN.1 array. 2675 for (var x in dnObj) { 2676 if (dnObj.hasOwnProperty(x)) { 2677 var newRDN = new _RDN({str: x + '=' + dnObj[x], rule: this.sRule}); 2678 // Initialize or push into the ANS1 array. 2679 this.asn1Array ? this.asn1Array.push(newRDN) 2680 : this.asn1Array = [newRDN]; 2681 } 2682 } 2683 }; 2684 2685 this.setByParam = function(params) { 2686 if (params.rule !== undefined) this.sRule = params.rule; 2687 2688 if (params.array !== undefined) { 2689 this.paramArray = params.array; 2690 } else { 2691 if (params.str !== undefined) { 2692 this.setByString(params.str); 2693 } else if (params.ldapstr !== undefined) { 2694 this.setByLdapString(params.ldapstr); 2695 } else if (params.hex !== undefined) { 2696 this.hTLV = params.hex; 2697 } else if (params.certissuer !== undefined) { 2698 var x = new X509(); 2699 x.readCertPEM(params.certissuer); 2700 this.hTLV = x.getIssuerHex(); 2701 } else if (params.certsubject !== undefined) { 2702 var x = new X509(); 2703 x.readCertPEM(params.certsubject); 2704 this.hTLV = x.getSubjectHex(); 2705 // If params is an object, then set the ASN1 array 2706 // just using the object attributes. 2707 // This is nice for fields that have lots of special 2708 // characters (i.e. CN: 'https://www.github.com/kjur//'). 2709 } else if (typeof params === "object" && 2710 params.certsubject === undefined && 2711 params.certissuer === undefined) { 2712 this.setByObject(params); 2713 } 2714 } 2715 } 2716 2717 this.getEncodedHex = function() { 2718 if (typeof this.hTLV == "string") return this.hTLV; 2719 2720 if (this.asn1Array.length == 0 && this.paramArray.length > 0) { 2721 for (var i = 0; i < this.paramArray.length; i++) { 2722 var param = {array: this.paramArray[i]}; 2723 if (this.sRule != "utf8") param.rule = this.sRule; 2724 var asn1RDN = new _RDN(param); 2725 this.asn1Array.push(asn1RDN); 2726 } 2727 } 2728 2729 var o = new _KJUR_asn1.DERSequence({"array": this.asn1Array}); 2730 this.hTLV = o.getEncodedHex(); 2731 return this.hTLV; 2732 }; 2733 2734 if (params !== undefined) this.setByParam(params); 2735 }; 2736 YAHOO.lang.extend(KJUR.asn1.x509.X500Name, KJUR.asn1.ASN1Object); 2737 2738 /** 2739 * convert OpenSSL compat distinguished name format string to LDAP(RFC 2253) format<br/> 2740 * @name compatToLDAP 2741 * @memberOf KJUR.asn1.x509.X500Name 2742 * @function 2743 * @param {String} s distinguished name string in OpenSSL oneline compat (ex. /C=US/O=test) 2744 * @return {String} distinguished name string in LDAP(RFC 2253) format (ex. O=test,C=US) 2745 * @since jsrsasign 8.0.19 asn1x509 1.1.20 2746 * @description 2747 * This static method converts a distinguished name string in OpenSSL compat 2748 * format to LDAP(RFC 2253) format. 2749 * @see <a href="https://github.com/kjur/jsrsasign/wiki/NOTE-distinguished-name-representation-in-jsrsasign">jsrsasign wiki: distinguished name string difference between OpenSSL compat and LDAP(RFC 2253)</a> 2750 * @see <a href="https://www.openssl.org/docs/man1.0.2/man1/openssl-x509.html#NAME-OPTIONS">OpenSSL x509 command manual - NAME OPTIONS</a> 2751 * @example 2752 * KJUR.asn1.x509.X500Name.compatToLDAP("/C=US/O=test") → 'O=test,C=US' 2753 * KJUR.asn1.x509.X500Name.compatToLDAP("/C=US/O=a,a") → 'O=a\,a,C=US' 2754 */ 2755 KJUR.asn1.x509.X500Name.compatToLDAP = function(s) { 2756 if (s.substr(0, 1) !== "/") throw "malformed input"; 2757 2758 var result = ""; 2759 s = s.substr(1); 2760 2761 var a = s.split("/"); 2762 a.reverse(); 2763 a = a.map(function(s) {return s.replace(/,/, "\\,")}); 2764 2765 return a.join(","); 2766 }; 2767 2768 /** 2769 * convert OpenSSL compat distinguished name format string to LDAP(RFC 2253) format (DEPRECATED)<br/> 2770 * @name onelineToLDAP 2771 * @memberOf KJUR.asn1.x509.X500Name 2772 * @function 2773 * @param {String} s distinguished name string in OpenSSL compat format (ex. /C=US/O=test) 2774 * @return {String} distinguished name string in LDAP(RFC 2253) format (ex. O=test,C=US) 2775 * @since jsrsasign 6.2.2 asn1x509 1.0.18 2776 * @see KJUR.asn1.x509.X500Name.compatToLDAP 2777 * @description 2778 * This method is deprecated. Please use 2779 * {@link KJUR.asn1.x509.X500Name.compatToLDAP} instead. 2780 */ 2781 KJUR.asn1.x509.X500Name.onelineToLDAP = function(s) { 2782 return KJUR.asn1.x509.X500Name.compatToLDAP(s); 2783 } 2784 2785 /** 2786 * convert LDAP(RFC 2253) distinguished name format string to OpenSSL compat format<br/> 2787 * @name ldapToCompat 2788 * @memberOf KJUR.asn1.x509.X500Name 2789 * @function 2790 * @param {String} s distinguished name string in LDAP(RFC 2253) format (ex. O=test,C=US) 2791 * @return {String} distinguished name string in OpenSSL compat format (ex. /C=US/O=test) 2792 * @since jsrsasign 8.0.19 asn1x509 1.1.10 2793 * @description 2794 * This static method converts a distinguished name string in 2795 * LDAP(RFC 2253) format to OpenSSL compat format. 2796 * @see <a href="https://github.com/kjur/jsrsasign/wiki/NOTE-distinguished-name-representation-in-jsrsasign">jsrsasign wiki: distinguished name string difference between OpenSSL compat and LDAP(RFC 2253)</a> 2797 * @example 2798 * KJUR.asn1.x509.X500Name.ldapToCompat('O=test,C=US') → '/C=US/O=test' 2799 * KJUR.asn1.x509.X500Name.ldapToCompat('O=a\,a,C=US') → '/C=US/O=a,a' 2800 * KJUR.asn1.x509.X500Name.ldapToCompat('O=a/a,C=US') → '/C=US/O=a\/a' 2801 */ 2802 KJUR.asn1.x509.X500Name.ldapToCompat = function(s) { 2803 var a = s.split(","); 2804 2805 // join \, 2806 var isBSbefore = false; 2807 var a2 = []; 2808 for (var i = 0; a.length > 0; i++) { 2809 var item = a.shift(); 2810 //console.log("item=" + item); 2811 2812 if (isBSbefore === true) { 2813 var a2last = a2.pop(); 2814 var newitem = (a2last + "," + item).replace(/\\,/g, ","); 2815 a2.push(newitem); 2816 isBSbefore = false; 2817 } else { 2818 a2.push(item); 2819 } 2820 2821 if (item.substr(-1, 1) === "\\") isBSbefore = true; 2822 } 2823 2824 a2 = a2.map(function(s) {return s.replace("/", "\\/")}); 2825 a2.reverse(); 2826 return "/" + a2.join("/"); 2827 }; 2828 2829 /** 2830 * convert LDAP(RFC 2253) distinguished name format string to OpenSSL compat format (DEPRECATED)<br/> 2831 * @name ldapToOneline 2832 * @memberOf KJUR.asn1.x509.X500Name 2833 * @function 2834 * @param {String} s distinguished name string in LDAP(RFC 2253) format (ex. O=test,C=US) 2835 * @return {String} distinguished name string in OpenSSL compat format (ex. /C=US/O=test) 2836 * @since jsrsasign 6.2.2 asn1x509 1.0.18 2837 * @description 2838 * This method is deprecated. Please use 2839 * {@link KJUR.asn1.x509.X500Name.ldapToCompat} instead. 2840 */ 2841 KJUR.asn1.x509.X500Name.ldapToOneline = function(s) { 2842 return KJUR.asn1.x509.X500Name.ldapToCompat(s); 2843 }; 2844 2845 /** 2846 * RDN (Relative Distinguished Name) ASN.1 structure class 2847 * @name KJUR.asn1.x509.RDN 2848 * @class RDN (Relative Distinguished Name) ASN.1 structure class 2849 * @param {Array} params associative array of parameters (ex. {'str': 'C=US'}) 2850 * @extends KJUR.asn1.ASN1Object 2851 * @see KJUR.asn1.x509.X500Name 2852 * @see KJUR.asn1.x509.RDN 2853 * @see KJUR.asn1.x509.AttributeTypeAndValue 2854 * @description 2855 * This class provides RelativeDistinguishedName ASN.1 class structure 2856 * defined in <a href="https://tools.ietf.org/html/rfc2253#section-2">RFC 2253 section 2</a>. 2857 * <blockquote><pre> 2858 * RelativeDistinguishedName ::= SET SIZE (1..MAX) OF 2859 * AttributeTypeAndValue 2860 * 2861 * AttributeTypeAndValue ::= SEQUENCE { 2862 * type AttributeType, 2863 * value AttributeValue } 2864 * </pre></blockquote> 2865 * <br/> 2866 * NOTE1: The "array" and "rule" parameters have been supported 2867 * since jsrsasign 9.0.0 asn1x509 2.0.0. 2868 * <br/> 2869 * NOTE2: Multi-valued RDN in "str" parameter have been 2870 * supported since jsrsasign 6.2.1 asn1x509 1.0.17. 2871 * @example 2872 * new KJUR.asn1.x509.RDN({array: [ // multi-valued 2873 * {type:"CN",value:"Bob",ds:"prn"}, 2874 * {type:"CN",value:"bob@example.com", ds:"ia5"} 2875 * ]}); 2876 * new KJUR.asn1.x509.RDN({str: "CN=test"}); 2877 * new KJUR.asn1.x509.RDN({str: "O=a+O=bb+O=c"}); // multi-valued 2878 * new KJUR.asn1.x509.RDN({str: "O=a+O=b\\+b+O=c"}); // plus escaped 2879 * new KJUR.asn1.x509.RDN({str: "O=a+O=\"b+b\"+O=c"}); // double quoted 2880 */ 2881 KJUR.asn1.x509.RDN = function(params) { 2882 KJUR.asn1.x509.RDN.superclass.constructor.call(this); 2883 this.asn1Array = []; 2884 this.paramArray = []; 2885 this.sRule = "utf8"; // DEFAULT "utf8" 2886 var _AttributeTypeAndValue = KJUR.asn1.x509.AttributeTypeAndValue; 2887 2888 this.setByParam = function(params) { 2889 if (params.rule !== undefined) this.sRule = params.rule; 2890 if (params.str !== undefined) { 2891 this.addByMultiValuedString(params.str); 2892 } 2893 if (params.array !== undefined) this.paramArray = params.array; 2894 }; 2895 2896 /** 2897 * add one AttributeTypeAndValue by string<br/> 2898 * @name addByString 2899 * @memberOf KJUR.asn1.x509.RDN# 2900 * @function 2901 * @param {String} s string of AttributeTypeAndValue 2902 * @return {Object} unspecified 2903 * @description 2904 * This method add one AttributeTypeAndValue to RDN object. 2905 * @example 2906 * rdn = new KJUR.asn1.x509.RDN(); 2907 * rdn.addByString("CN=john"); 2908 * rdn.addByString("serialNumber=1234"); // for multi-valued RDN 2909 */ 2910 this.addByString = function(s) { 2911 this.asn1Array.push(new KJUR.asn1.x509.AttributeTypeAndValue({'str': s, rule: this.sRule})); 2912 }; 2913 2914 /** 2915 * add one AttributeTypeAndValue by multi-valued string<br/> 2916 * @name addByMultiValuedString 2917 * @memberOf KJUR.asn1.x509.RDN# 2918 * @function 2919 * @param {String} s string of multi-valued RDN 2920 * @return {Object} unspecified 2921 * @since jsrsasign 6.2.1 asn1x509 1.0.17 2922 * @description 2923 * This method add multi-valued RDN to RDN object. 2924 * @example 2925 * rdn = new KJUR.asn1.x509.RDN(); 2926 * rdn.addByMultiValuedString("CN=john+O=test"); 2927 * rdn.addByMultiValuedString("O=a+O=b\+b\+b+O=c"); // multi-valued RDN with quoted plus 2928 * rdn.addByMultiValuedString("O=a+O=\"b+b+b\"+O=c"); // multi-valued RDN with quoted quotation 2929 */ 2930 this.addByMultiValuedString = function(s) { 2931 var a = KJUR.asn1.x509.RDN.parseString(s); 2932 for (var i = 0; i < a.length; i++) { 2933 this.addByString(a[i]); 2934 } 2935 }; 2936 2937 this.getEncodedHex = function() { 2938 if (this.asn1Array.length == 0 && this.paramArray.length > 0) { 2939 for (var i = 0; i < this.paramArray.length; i++) { 2940 var param = this.paramArray[i]; 2941 if (param.rule !== undefined && 2942 this.sRule != "utf8") { 2943 param.rule = this.sRule; 2944 } 2945 //alert(JSON.stringify(param)); 2946 var asn1ATV = new _AttributeTypeAndValue(param); 2947 this.asn1Array.push(asn1ATV); 2948 } 2949 } 2950 var o = new KJUR.asn1.DERSet({"array": this.asn1Array}); 2951 this.TLV = o.getEncodedHex(); 2952 return this.TLV; 2953 }; 2954 2955 if (params !== undefined) { 2956 this.setByParam(params); 2957 } 2958 }; 2959 YAHOO.lang.extend(KJUR.asn1.x509.RDN, KJUR.asn1.ASN1Object); 2960 2961 /** 2962 * parse multi-valued RDN string and split into array of 'AttributeTypeAndValue'<br/> 2963 * @name parseString 2964 * @memberOf KJUR.asn1.x509.RDN 2965 * @function 2966 * @param {String} s multi-valued string of RDN 2967 * @return {Array} array of string of AttributeTypeAndValue 2968 * @since jsrsasign 6.2.1 asn1x509 1.0.17 2969 * @description 2970 * This static method parses multi-valued RDN string and split into 2971 * array of AttributeTypeAndValue. 2972 * @example 2973 * KJUR.asn1.x509.RDN.parseString("CN=john") → ["CN=john"] 2974 * KJUR.asn1.x509.RDN.parseString("CN=john+OU=test") → ["CN=john", "OU=test"] 2975 * KJUR.asn1.x509.RDN.parseString('CN="jo+hn"+OU=test') → ["CN=jo+hn", "OU=test"] 2976 * KJUR.asn1.x509.RDN.parseString('CN=jo\+hn+OU=test') → ["CN=jo+hn", "OU=test"] 2977 * KJUR.asn1.x509.RDN.parseString("CN=john+OU=test+OU=t1") → ["CN=john", "OU=test", "OU=t1"] 2978 */ 2979 KJUR.asn1.x509.RDN.parseString = function(s) { 2980 var a = s.split(/\+/); 2981 2982 // join \+ 2983 var isBSbefore = false; 2984 var a2 = []; 2985 for (var i = 0; a.length > 0; i++) { 2986 var item = a.shift(); 2987 //console.log("item=" + item); 2988 2989 if (isBSbefore === true) { 2990 var a2last = a2.pop(); 2991 var newitem = (a2last + "+" + item).replace(/\\\+/g, "+"); 2992 a2.push(newitem); 2993 isBSbefore = false; 2994 } else { 2995 a2.push(item); 2996 } 2997 2998 if (item.substr(-1, 1) === "\\") isBSbefore = true; 2999 } 3000 3001 // join quote 3002 var beginQuote = false; 3003 var a3 = []; 3004 for (var i = 0; a2.length > 0; i++) { 3005 var item = a2.shift(); 3006 3007 if (beginQuote === true) { 3008 var a3last = a3.pop(); 3009 if (item.match(/"$/)) { 3010 var newitem = (a3last + "+" + item).replace(/^([^=]+)="(.*)"$/, "$1=$2"); 3011 a3.push(newitem); 3012 beginQuote = false; 3013 } else { 3014 a3.push(a3last + "+" + item); 3015 } 3016 } else { 3017 a3.push(item); 3018 } 3019 3020 if (item.match(/^[^=]+="/)) { 3021 //console.log(i + "=" + item); 3022 beginQuote = true; 3023 } 3024 } 3025 return a3; 3026 }; 3027 3028 /** 3029 * AttributeTypeAndValue ASN.1 structure class 3030 * @name KJUR.asn1.x509.AttributeTypeAndValue 3031 * @class AttributeTypeAndValue ASN.1 structure class 3032 * @param {Array} params JSON object for parameters (ex. {str: 'C=US'}) 3033 * @extends KJUR.asn1.ASN1Object 3034 * @see KJUR.asn1.x509.X500Name 3035 * @see KJUR.asn1.x509.RDN 3036 * @see KJUR.asn1.x509.AttributeTypeAndValue 3037 * @see X509#getAttrTypeAndValue 3038 * @description 3039 * This class generates AttributeTypeAndValue defined in 3040 * <a href="https://tools.ietf.org/html/rfc5280#section-4.1.2.4"> 3041 * RFC 5280 4.1.2.4</a>. 3042 * <pre> 3043 * AttributeTypeAndValue ::= SEQUENCE { 3044 * type AttributeType, 3045 * value AttributeValue } 3046 * AttributeType ::= OBJECT IDENTIFIER 3047 * AttributeValue ::= ANY -- DEFINED BY AttributeType 3048 * </pre> 3049 * The constructor argument can have following parameters: 3050 * <ul> 3051 * <li>{String}type - AttributeType name or OID(ex. C,O,CN)</li> 3052 * <li>{String}value - raw string of ASN.1 value of AttributeValue</li> 3053 * <li>{String}ds - DirectoryString type of AttributeValue</li> 3054 * <li>{String}rule - DirectoryString type rule (ex. "prn" or "utf8") 3055 * set DirectoryString type automatically when "ds" not specified.</li> 3056 * <li>{String}str - AttributeTypeAndVale string (ex. "C=US"). 3057 * When type and value don't exists, 3058 * this "str" will be converted to "type" and "value". 3059 * </li> 3060 * </ul> 3061 * <br 3062 * NOTE: Parameters "type", "value,", "ds" and "rule" have 3063 * been supported since jsrsasign 9.0.0 asn1x509 2.0.0. 3064 * @example 3065 * new KJUR.asn1.x509.AttributeTypeAndValue({type:'C',value:'US',ds:'prn'}) 3066 * new KJUR.asn1.x509.AttributeTypeAndValue({str:'O=T1'}) 3067 * new KJUR.asn1.x509.AttributeTypeAndValue({str:'O=T1',rule='prn'}) 3068 * new KJUR.asn1.x509.AttributeTypeAndValue({str:'O=T1',rule='utf8'}) 3069 */ 3070 KJUR.asn1.x509.AttributeTypeAndValue = function(params) { 3071 KJUR.asn1.x509.AttributeTypeAndValue.superclass.constructor.call(this); 3072 this.sRule = "utf8"; 3073 this.sType = null; 3074 this.sValue = null; 3075 this.dsType = null; 3076 var _KJUR = KJUR, 3077 _KJUR_asn1 = _KJUR.asn1, 3078 _DERSequence = _KJUR_asn1.DERSequence, 3079 _DERUTF8String = _KJUR_asn1.DERUTF8String, 3080 _DERPrintableString = _KJUR_asn1.DERPrintableString, 3081 _DERTeletexString = _KJUR_asn1.DERTeletexString, 3082 _DERIA5String = _KJUR_asn1.DERIA5String, 3083 _DERVisibleString = _KJUR_asn1.DERVisibleString, 3084 _DERBMPString = _KJUR_asn1.DERBMPString, 3085 _isMail = _KJUR.lang.String.isMail, 3086 _isPrintable = _KJUR.lang.String.isPrintable; 3087 3088 this.setByParam = function(params) { 3089 if (params.rule !== undefined) this.sRule = params.rule; 3090 if (params.ds !== undefined) this.dsType = params.ds; 3091 3092 if (params.value === undefined && 3093 params.str !== undefined) { 3094 var str = params.str; 3095 var matchResult = str.match(/^([^=]+)=(.+)$/); 3096 if (matchResult) { 3097 this.sType = matchResult[1]; 3098 this.sValue = matchResult[2]; 3099 } else { 3100 throw new Error("malformed attrTypeAndValueStr: " + 3101 attrTypeAndValueStr); 3102 } 3103 3104 //this.setByString(params.str); 3105 } else { 3106 this.sType = params.type; 3107 this.sValue = params.value; 3108 } 3109 }; 3110 3111 /* 3112 * @deprecated 3113 */ 3114 this.setByString = function(sTypeValue, sRule) { 3115 if (sRule !== undefined) this.sRule = sRule; 3116 var matchResult = sTypeValue.match(/^([^=]+)=(.+)$/); 3117 if (matchResult) { 3118 this.setByAttrTypeAndValueStr(matchResult[1], matchResult[2]); 3119 } else { 3120 throw new Error("malformed attrTypeAndValueStr: " + 3121 attrTypeAndValueStr); 3122 } 3123 }; 3124 3125 this._getDsType = function() { 3126 var sType = this.sType; 3127 var sValue = this.sValue; 3128 var sRule = this.sRule; 3129 3130 if (sRule === "prn") { 3131 if (sType == "CN" && _isMail(sValue)) return "ia5"; 3132 if (_isPrintable(sValue)) return "prn"; 3133 return "utf8"; 3134 } else if (sRule === "utf8") { 3135 if (sType == "CN" && _isMail(sValue)) return "ia5"; 3136 if (sType == "C") return "prn"; 3137 return "utf8"; 3138 } 3139 return "utf8"; // default 3140 }; 3141 3142 this.setByAttrTypeAndValueStr = function(sType, sValue, sRule) { 3143 if (sRule !== undefined) this.sRule = sRule; 3144 this.sType = sType; 3145 this.sValue = sValue; 3146 }; 3147 3148 this.getValueObj = function(dsType, valueStr) { 3149 if (dsType == "utf8") return new _DERUTF8String({"str": valueStr}); 3150 if (dsType == "prn") return new _DERPrintableString({"str": valueStr}); 3151 if (dsType == "tel") return new _DERTeletexString({"str": valueStr}); 3152 if (dsType == "ia5") return new _DERIA5String({"str": valueStr}); 3153 if (dsType == "vis") return new _DERVisibleString({"str": valueStr}); 3154 if (dsType == "bmp") return new _DERBMPString({"str": valueStr}); 3155 throw new Error("unsupported directory string type: type=" + 3156 dsType + " value=" + valueStr); 3157 }; 3158 3159 this.getEncodedHex = function() { 3160 if (this.dsType == null) this.dsType = this._getDsType(); 3161 var asn1Type = KJUR.asn1.x509.OID.atype2obj(this.sType); 3162 var asn1Value = this.getValueObj(this.dsType, this.sValue); 3163 var o = new _DERSequence({"array": [asn1Type, asn1Value]}); 3164 this.TLV = o.getEncodedHex(); 3165 return this.TLV; 3166 }; 3167 3168 if (params !== undefined) { 3169 this.setByParam(params); 3170 } 3171 }; 3172 YAHOO.lang.extend(KJUR.asn1.x509.AttributeTypeAndValue, KJUR.asn1.ASN1Object); 3173 3174 // === END X500Name Related ================================================= 3175 3176 // === BEGIN Other ASN1 structure class ====================================== 3177 3178 /** 3179 * SubjectPublicKeyInfo ASN.1 structure class 3180 * @name KJUR.asn1.x509.SubjectPublicKeyInfo 3181 * @class SubjectPublicKeyInfo ASN.1 structure class 3182 * @param {Object} params parameter for subject public key 3183 * @extends KJUR.asn1.ASN1Object 3184 * @description 3185 * <br/> 3186 * As for argument 'params' for constructor, you can specify one of 3187 * following properties: 3188 * <ul> 3189 * <li>{@link RSAKey} object</li> 3190 * <li>{@link KJUR.crypto.ECDSA} object</li> 3191 * <li>{@link KJUR.crypto.DSA} object</li> 3192 * </ul> 3193 * NOTE1: 'params' can be omitted.<br/> 3194 * NOTE2: DSA/ECDSA key object is also supported since asn1x509 1.0.6.<br/> 3195 * <h4>EXAMPLE</h4> 3196 * @example 3197 * spki = new KJUR.asn1.x509.SubjectPublicKeyInfo(RSAKey_object); 3198 * spki = new KJUR.asn1.x509.SubjectPublicKeyInfo(KJURcryptoECDSA_object); 3199 * spki = new KJUR.asn1.x509.SubjectPublicKeyInfo(KJURcryptoDSA_object); 3200 */ 3201 KJUR.asn1.x509.SubjectPublicKeyInfo = function(params) { 3202 KJUR.asn1.x509.SubjectPublicKeyInfo.superclass.constructor.call(this); 3203 var asn1AlgId = null, 3204 asn1SubjPKey = null, 3205 _KJUR = KJUR, 3206 _KJUR_asn1 = _KJUR.asn1, 3207 _DERInteger = _KJUR_asn1.DERInteger, 3208 _DERBitString = _KJUR_asn1.DERBitString, 3209 _DERObjectIdentifier = _KJUR_asn1.DERObjectIdentifier, 3210 _DERSequence = _KJUR_asn1.DERSequence, 3211 _newObject = _KJUR_asn1.ASN1Util.newObject, 3212 _KJUR_asn1_x509 = _KJUR_asn1.x509, 3213 _AlgorithmIdentifier = _KJUR_asn1_x509.AlgorithmIdentifier, 3214 _KJUR_crypto = _KJUR.crypto, 3215 _KJUR_crypto_ECDSA = _KJUR_crypto.ECDSA, 3216 _KJUR_crypto_DSA = _KJUR_crypto.DSA; 3217 3218 /* 3219 * @since asn1x509 1.0.7 3220 */ 3221 this.getASN1Object = function() { 3222 if (this.asn1AlgId == null || this.asn1SubjPKey == null) 3223 throw "algId and/or subjPubKey not set"; 3224 var o = new _DERSequence({'array': 3225 [this.asn1AlgId, this.asn1SubjPKey]}); 3226 return o; 3227 }; 3228 3229 this.getEncodedHex = function() { 3230 var o = this.getASN1Object(); 3231 this.hTLV = o.getEncodedHex(); 3232 return this.hTLV; 3233 }; 3234 3235 /** 3236 * @name setPubKey 3237 * @memberOf KJUR.asn1.x509.SubjectPublicKeyInfo# 3238 * @function 3239 * @param {Object} {@link RSAKey}, {@link KJUR.crypto.ECDSA} or {@link KJUR.crypto.DSA} object 3240 * @since jsrsasign 8.0.0 asn1x509 1.1.0 3241 * @description 3242 * @example 3243 * spki = new KJUR.asn1.x509.SubjectPublicKeyInfo(); 3244 * pubKey = KEYUTIL.getKey(PKCS8PUBKEYPEM); 3245 * spki.setPubKey(pubKey); 3246 */ 3247 this.setPubKey = function(key) { 3248 try { 3249 if (key instanceof RSAKey) { 3250 var asn1RsaPub = _newObject({ 3251 'seq': [{'int': {'bigint': key.n}}, {'int': {'int': key.e}}] 3252 }); 3253 var rsaKeyHex = asn1RsaPub.getEncodedHex(); 3254 this.asn1AlgId = new _AlgorithmIdentifier({'name':'rsaEncryption'}); 3255 this.asn1SubjPKey = new _DERBitString({'hex':'00'+rsaKeyHex}); 3256 } 3257 } catch(ex) {}; 3258 3259 try { 3260 if (key instanceof KJUR.crypto.ECDSA) { 3261 var asn1Params = new _DERObjectIdentifier({'name': key.curveName}); 3262 this.asn1AlgId = 3263 new _AlgorithmIdentifier({'name': 'ecPublicKey', 3264 'asn1params': asn1Params}); 3265 this.asn1SubjPKey = new _DERBitString({'hex': '00' + key.pubKeyHex}); 3266 } 3267 } catch(ex) {}; 3268 3269 try { 3270 if (key instanceof KJUR.crypto.DSA) { 3271 var asn1Params = new _newObject({ 3272 'seq': [{'int': {'bigint': key.p}}, 3273 {'int': {'bigint': key.q}}, 3274 {'int': {'bigint': key.g}}] 3275 }); 3276 this.asn1AlgId = 3277 new _AlgorithmIdentifier({'name': 'dsa', 3278 'asn1params': asn1Params}); 3279 var pubInt = new _DERInteger({'bigint': key.y}); 3280 this.asn1SubjPKey = 3281 new _DERBitString({'hex': '00' + pubInt.getEncodedHex()}); 3282 } 3283 } catch(ex) {}; 3284 }; 3285 3286 if (params !== undefined) { 3287 this.setPubKey(params); 3288 } 3289 }; 3290 YAHOO.lang.extend(KJUR.asn1.x509.SubjectPublicKeyInfo, KJUR.asn1.ASN1Object); 3291 3292 /** 3293 * Time ASN.1 structure class<br/> 3294 * @name KJUR.asn1.x509.Time 3295 * @class Time ASN.1 structure class 3296 * @param {Array} params associative array of parameters (ex. {'str': '130508235959Z'}) 3297 * @extends KJUR.asn1.ASN1Object 3298 * @see KJUR.asn1.DERUTCTime 3299 * @see KJUR.asn1.DERGeneralizedTime 3300 * @description 3301 * This class represents Time ASN.1 structure defined in 3302 * <a href="https://tools.ietf.org/html/rfc5280">RFC 5280</a> 3303 * <pre> 3304 * Time ::= CHOICE { 3305 * utcTime UTCTime, 3306 * generalTime GeneralizedTime } 3307 * </pre> 3308 * 3309 * @example 3310 * var t1 = new KJUR.asn1.x509.Time{'str': '130508235959Z'} // UTCTime by default 3311 * var t2 = new KJUR.asn1.x509.Time{'type': 'gen', 'str': '20130508235959Z'} // GeneralizedTime 3312 */ 3313 KJUR.asn1.x509.Time = function(params) { 3314 KJUR.asn1.x509.Time.superclass.constructor.call(this); 3315 var type = null, 3316 timeParams = null, 3317 _KJUR = KJUR, 3318 _KJUR_asn1 = _KJUR.asn1, 3319 _DERUTCTime = _KJUR_asn1.DERUTCTime, 3320 _DERGeneralizedTime = _KJUR_asn1.DERGeneralizedTime; 3321 3322 this.setTimeParams = function(timeParams) { 3323 this.timeParams = timeParams; 3324 } 3325 3326 this.getEncodedHex = function() { 3327 var o = null; 3328 3329 if (this.timeParams != null) { 3330 if (this.type == "utc") { 3331 o = new _DERUTCTime(this.timeParams); 3332 } else { 3333 o = new _DERGeneralizedTime(this.timeParams); 3334 } 3335 } else { 3336 if (this.type == "utc") { 3337 o = new _DERUTCTime(); 3338 } else { 3339 o = new _DERGeneralizedTime(); 3340 } 3341 } 3342 this.TLV = o.getEncodedHex(); 3343 return this.TLV; 3344 }; 3345 3346 this.type = "utc"; 3347 if (params !== undefined) { 3348 if (params.type !== undefined) { 3349 this.type = params.type; 3350 } else { 3351 if (params.str !== undefined) { 3352 if (params.str.match(/^[0-9]{12}Z$/)) this.type = "utc"; 3353 if (params.str.match(/^[0-9]{14}Z$/)) this.type = "gen"; 3354 } 3355 } 3356 this.timeParams = params; 3357 } 3358 }; 3359 YAHOO.lang.extend(KJUR.asn1.x509.Time, KJUR.asn1.ASN1Object); 3360 3361 /** 3362 * AlgorithmIdentifier ASN.1 structure class 3363 * @name KJUR.asn1.x509.AlgorithmIdentifier 3364 * @class AlgorithmIdentifier ASN.1 structure class 3365 * @param {Array} params associative array of parameters (ex. {'name': 'SHA1withRSA'}) 3366 * @extends KJUR.asn1.ASN1Object 3367 * @description 3368 * The 'params' argument is an associative array and has following parameters: 3369 * <ul> 3370 * <li>name: algorithm name (MANDATORY, ex. sha1, SHA256withRSA)</li> 3371 * <li>asn1params: explicitly specify ASN.1 object for algorithm. 3372 * (OPTION)</li> 3373 * <li>paramempty: set algorithm parameter to NULL by force. 3374 * If paramempty is false, algorithm parameter will be set automatically. 3375 * If paramempty is false and algorithm name is "*withDSA" or "withECDSA" parameter field of 3376 * AlgorithmIdentifier will be ommitted otherwise 3377 * it will be NULL by default. 3378 * (OPTION, DEFAULT = false)</li> 3379 * </ul> 3380 * RSA-PSS algorithm names such as SHA{,256,384,512}withRSAandMGF1 are 3381 * special names. They will set a suite of algorithm OID and multiple algorithm 3382 * parameters. Its ASN.1 schema is defined in 3383 * <a href="https://tools.ietf.org/html/rfc3447#appendix-A.2.3">RFC 3447 PKCS#1 2.1 3384 * section A.2.3</a>. 3385 * <blockquote><pre> 3386 * id-RSASSA-PSS OBJECT IDENTIFIER ::= { pkcs-1 10 } 3387 * RSASSA-PSS-params ::= SEQUENCE { 3388 * hashAlgorithm [0] HashAlgorithm DEFAULT sha1, 3389 * maskGenAlgorithm [1] MaskGenAlgorithm DEFAULT mgf1SHA1, 3390 * saltLength [2] INTEGER DEFAULT 20, 3391 * trailerField [3] TrailerField DEFAULT trailerFieldBC } 3392 * mgf1SHA1 MaskGenAlgorithm ::= { 3393 * algorithm id-mgf1, 3394 * parameters HashAlgorithm : sha1 } 3395 * id-mgf1 OBJECT IDENTIFIER ::= { pkcs-1 8 } 3396 * TrailerField ::= INTEGER { trailerFieldBC(1) } 3397 * </pre></blockquote> 3398 * Here is a table for PSS parameters: 3399 * <table> 3400 * <tr><th>Name</th><th>alg oid</th><th>pss hash</th><th>maskgen</th></th><th>pss saltlen</th><th>trailer</th></tr> 3401 * <tr><td>SHAwithRSAandMGF1</td><td>1.2.840.113549.1.1.10(rsapss)</td><td>default(sha1)</td><td>default(mgf1sha1)</td><td>default(20)</td><td>default(1)</td></tr> 3402 * <tr><td>SHA256withRSAandMGF1</td><td>1.2.840.113549.1.1.10(rsapss)</td><td>sha256</td><td>mgf1sha256</td><td>32</td><td>default(1)</td></tr> 3403 * <tr><td>SHA384withRSAandMGF1</td><td>1.2.840.113549.1.1.10(rsapss)</td><td>sha384</td><td>mgf1sha384</td><td>48</td><td>default(1)</td></tr> 3404 * <tr><td>SHA512withRSAandMGF1</td><td>1.2.840.113549.1.1.10(rsapss)</td><td>sha512</td><td>mgf1sha512</td><td>64</td><td>default(1)</td></tr> 3405 * </table> 3406 * Default value is omitted as defined in ASN.1 schema. 3407 * These parameters are interoperable to OpenSSL or IAIK toolkit. 3408 * <br/> 3409 * NOTE: RSA-PSS algorihtm names are supported since jsrsasign 8.0.21. 3410 * @example 3411 * new KJUR.asn1.x509.AlgorithmIdentifier({name: "sha1"}) 3412 * new KJUR.asn1.x509.AlgorithmIdentifier({name: "SHA256withRSA"}) 3413 * new KJUR.asn1.x509.AlgorithmIdentifier({name: "SHA512withRSAandMGF1"}) // set parameters automatically 3414 * new KJUR.asn1.x509.AlgorithmIdentifier({name: "SHA256withRSA", paramempty: true}) 3415 * new KJUR.asn1.x509.AlgorithmIdentifier({name: "rsaEncryption"}) 3416 */ 3417 KJUR.asn1.x509.AlgorithmIdentifier = function(params) { 3418 KJUR.asn1.x509.AlgorithmIdentifier.superclass.constructor.call(this); 3419 this.nameAlg = null; 3420 this.asn1Alg = null; 3421 this.asn1Params = null; 3422 this.paramEmpty = false; 3423 3424 var _KJUR = KJUR, 3425 _KJUR_asn1 = _KJUR.asn1, 3426 _PSSNAME2ASN1TLV = _KJUR_asn1.x509.AlgorithmIdentifier.PSSNAME2ASN1TLV; 3427 3428 this.getEncodedHex = function() { 3429 if (this.nameAlg === null && this.asn1Alg === null) { 3430 throw new Error("algorithm not specified"); 3431 } 3432 3433 // for RSAPSS algorithm name 3434 // && this.hTLV === null 3435 if (this.nameAlg !== null) { 3436 var hTLV = null; 3437 for (var key in _PSSNAME2ASN1TLV) { 3438 if (key === this.nameAlg) { 3439 hTLV = _PSSNAME2ASN1TLV[key]; 3440 } 3441 } 3442 if (hTLV !== null) { 3443 this.hTLV = hTLV; 3444 return this.hTLV; 3445 } 3446 } 3447 3448 if (this.nameAlg !== null && this.asn1Alg === null) { 3449 this.asn1Alg = _KJUR_asn1.x509.OID.name2obj(this.nameAlg); 3450 } 3451 var a = [this.asn1Alg]; 3452 if (this.asn1Params !== null) a.push(this.asn1Params); 3453 3454 var o = new _KJUR_asn1.DERSequence({'array': a}); 3455 this.hTLV = o.getEncodedHex(); 3456 return this.hTLV; 3457 }; 3458 3459 if (params !== undefined) { 3460 if (params.name !== undefined) { 3461 this.nameAlg = params.name; 3462 } 3463 if (params.asn1params !== undefined) { 3464 this.asn1Params = params.asn1params; 3465 } 3466 if (params.paramempty !== undefined) { 3467 this.paramEmpty = params.paramempty; 3468 } 3469 } 3470 3471 // set algorithm parameters will be ommitted for 3472 // "*withDSA" or "*withECDSA" otherwise will be NULL. 3473 if (this.asn1Params === null && 3474 this.paramEmpty === false && 3475 this.nameAlg !== null) { 3476 3477 if (this.nameAlg.name !== undefined) { 3478 this.nameAlg = this.nameAlg.name; 3479 } 3480 var lcNameAlg = this.nameAlg.toLowerCase(); 3481 3482 if (lcNameAlg.substr(-7, 7) !== "withdsa" && 3483 lcNameAlg.substr(-9, 9) !== "withecdsa") { 3484 this.asn1Params = new _KJUR_asn1.DERNull(); 3485 } 3486 } 3487 }; 3488 YAHOO.lang.extend(KJUR.asn1.x509.AlgorithmIdentifier, KJUR.asn1.ASN1Object); 3489 3490 /** 3491 * AlgorithmIdentifier ASN.1 TLV string associative array for RSA-PSS algorithm names 3492 * @const 3493 */ 3494 KJUR.asn1.x509.AlgorithmIdentifier.PSSNAME2ASN1TLV = { 3495 "SHAwithRSAandMGF1": 3496 "300d06092a864886f70d01010a3000", 3497 "SHA256withRSAandMGF1": 3498 "303d06092a864886f70d01010a3030a00d300b0609608648016503040201a11a301806092a864886f70d010108300b0609608648016503040201a203020120", 3499 "SHA384withRSAandMGF1": 3500 "303d06092a864886f70d01010a3030a00d300b0609608648016503040202a11a301806092a864886f70d010108300b0609608648016503040202a203020130", 3501 "SHA512withRSAandMGF1": 3502 "303d06092a864886f70d01010a3030a00d300b0609608648016503040203a11a301806092a864886f70d010108300b0609608648016503040203a203020140" 3503 }; 3504 3505 /** 3506 * GeneralName ASN.1 structure class<br/> 3507 * @name KJUR.asn1.x509.GeneralName 3508 * @class GeneralName ASN.1 structure class 3509 * @description 3510 * <br/> 3511 * As for argument 'params' for constructor, you can specify one of 3512 * following properties: 3513 * <ul> 3514 * <li>rfc822 - rfc822Name[1] (ex. user1@foo.com)</li> 3515 * <li>dns - dNSName[2] (ex. foo.com)</li> 3516 * <li>uri - uniformResourceIdentifier[6] (ex. http://foo.com/)</li> 3517 * <li>dn - directoryName[4] 3518 * distinguished name string or X500Name class parameters can be 3519 * specified (ex. "/C=US/O=Test", {hex: '301c...')</li> 3520 * <li>ldapdn - directoryName[4] (ex. O=Test,C=US)</li> 3521 * <li>certissuer - directoryName[4] (PEM or hex string of cert)</li> 3522 * <li>certsubj - directoryName[4] (PEM or hex string of cert)</li> 3523 * <li>ip - iPAddress[7] (ex. 192.168.1.1, 2001:db3::43, 3faa0101...)</li> 3524 * </ul> 3525 * NOTE1: certissuer and certsubj were supported since asn1x509 1.0.10.<br/> 3526 * NOTE2: dn and ldapdn were supported since jsrsasign 6.2.3 asn1x509 1.0.19.<br/> 3527 * NOTE3: ip were supported since jsrsasign 8.0.10 asn1x509 1.1.4.<br/> 3528 * NOTE4: X500Name parameters in dn were supported since jsrsasign 8.0.16.<br/> 3529 * 3530 * Here is definition of the ASN.1 syntax: 3531 * <pre> 3532 * -- NOTE: under the CHOICE, it will always be explicit. 3533 * GeneralName ::= CHOICE { 3534 * otherName [0] OtherName, 3535 * rfc822Name [1] IA5String, 3536 * dNSName [2] IA5String, 3537 * x400Address [3] ORAddress, 3538 * directoryName [4] Name, 3539 * ediPartyName [5] EDIPartyName, 3540 * uniformResourceIdentifier [6] IA5String, 3541 * iPAddress [7] OCTET STRING, 3542 * registeredID [8] OBJECT IDENTIFIER } 3543 * </pre> 3544 * 3545 * @example 3546 * gn = new KJUR.asn1.x509.GeneralName({dn: '/C=US/O=Test'}); 3547 * gn = new KJUR.asn1.x509.GeneralName({dn: X500NameObject); 3548 * gn = new KJUR.asn1.x509.GeneralName({dn: {str: /C=US/O=Test'}); 3549 * gn = new KJUR.asn1.x509.GeneralName({dn: {ldapstr: 'O=Test,C=US'}); 3550 * gn = new KJUR.asn1.x509.GeneralName({dn: {hex: '301c...'}); 3551 * gn = new KJUR.asn1.x509.GeneralName({dn: {certissuer: PEMCERTSTRING}); 3552 * gn = new KJUR.asn1.x509.GeneralName({dn: {certsubject: PEMCERTSTRING}); 3553 * gn = new KJUR.asn1.x509.GeneralName({ip: '192.168.1.1'}); 3554 * gn = new KJUR.asn1.x509.GeneralName({ip: '2001:db4::4:1'}); 3555 * gn = new KJUR.asn1.x509.GeneralName({ip: 'c0a80101'}); 3556 * gn = new KJUR.asn1.x509.GeneralName({rfc822: 'test@aaa.com'}); 3557 * gn = new KJUR.asn1.x509.GeneralName({dns: 'aaa.com'}); 3558 * gn = new KJUR.asn1.x509.GeneralName({uri: 'http://aaa.com/'}); 3559 * 3560 * gn = new KJUR.asn1.x509.GeneralName({ldapdn: 'O=Test,C=US'}); // DEPRECATED 3561 * gn = new KJUR.asn1.x509.GeneralName({certissuer: certPEM}); // DEPRECATED 3562 * gn = new KJUR.asn1.x509.GeneralName({certsubj: certPEM}); // DEPRECATED 3563 */ 3564 KJUR.asn1.x509.GeneralName = function(params) { 3565 KJUR.asn1.x509.GeneralName.superclass.constructor.call(this); 3566 var asn1Obj = null, 3567 type = null, 3568 pTag = {rfc822: '81', dns: '82', dn: 'a4', uri: '86', ip: '87'}, 3569 _KJUR = KJUR, 3570 _KJUR_asn1 = _KJUR.asn1, 3571 _DERSequence = _KJUR_asn1.DERSequence, 3572 _DEROctetString = _KJUR_asn1.DEROctetString, 3573 _DERIA5String = _KJUR_asn1.DERIA5String, 3574 _DERTaggedObject = _KJUR_asn1.DERTaggedObject, 3575 _ASN1Object = _KJUR_asn1.ASN1Object, 3576 _X500Name = _KJUR_asn1.x509.X500Name, 3577 _pemtohex = pemtohex; 3578 3579 this.explicit = false; 3580 3581 this.setByParam = function(params) { 3582 var str = null; 3583 var v = null; 3584 3585 if (params === undefined) return; 3586 3587 if (params.rfc822 !== undefined) { 3588 this.type = 'rfc822'; 3589 v = new _DERIA5String({str: params[this.type]}); 3590 } 3591 3592 if (params.dns !== undefined) { 3593 this.type = 'dns'; 3594 v = new _DERIA5String({str: params[this.type]}); 3595 } 3596 3597 if (params.uri !== undefined) { 3598 this.type = 'uri'; 3599 v = new _DERIA5String({str: params[this.type]}); 3600 } 3601 3602 if (params.dn !== undefined) { 3603 this.type = 'dn'; 3604 this.explicit = true; 3605 if (typeof params.dn === "string") { 3606 v = new _X500Name({str: params.dn}); 3607 } else if (params.dn instanceof KJUR.asn1.x509.X500Name) { 3608 v = params.dn; 3609 } else { 3610 v = new _X500Name(params.dn); 3611 } 3612 } 3613 3614 if (params.ldapdn !== undefined) { 3615 this.type = 'dn'; 3616 this.explicit = true; 3617 v = new _X500Name({ldapstr: params.ldapdn}); 3618 } 3619 3620 if (params.certissuer !== undefined) { 3621 this.type = 'dn'; 3622 this.explicit = true; 3623 var certStr = params.certissuer; 3624 var certHex = null; 3625 3626 if (certStr.match(/^[0-9A-Fa-f]+$/)) { 3627 certHex == certStr; 3628 } 3629 3630 if (certStr.indexOf("-----BEGIN ") != -1) { 3631 certHex = _pemtohex(certStr); 3632 } 3633 3634 if (certHex == null) throw "certissuer param not cert"; 3635 var x = new X509(); 3636 x.hex = certHex; 3637 var dnHex = x.getIssuerHex(); 3638 v = new _ASN1Object(); 3639 v.hTLV = dnHex; 3640 } 3641 3642 if (params.certsubj !== undefined) { 3643 this.type = 'dn'; 3644 this.explicit = true; 3645 var certStr = params.certsubj; 3646 var certHex = null; 3647 if (certStr.match(/^[0-9A-Fa-f]+$/)) { 3648 certHex == certStr; 3649 } 3650 if (certStr.indexOf("-----BEGIN ") != -1) { 3651 certHex = _pemtohex(certStr); 3652 } 3653 if (certHex == null) throw "certsubj param not cert"; 3654 var x = new X509(); 3655 x.hex = certHex; 3656 var dnHex = x.getSubjectHex(); 3657 v = new _ASN1Object(); 3658 v.hTLV = dnHex; 3659 } 3660 3661 if (params.ip !== undefined) { 3662 this.type = 'ip'; 3663 this.explicit = false; 3664 var ip = params.ip; 3665 var hIP; 3666 var malformedIPMsg = "malformed IP address"; 3667 if (ip.match(/^[0-9.]+[.][0-9.]+$/)) { // ipv4 3668 hIP = intarystrtohex("[" + ip.split(".").join(",") + "]"); 3669 if (hIP.length !== 8) throw malformedIPMsg; 3670 } else if (ip.match(/^[0-9A-Fa-f:]+:[0-9A-Fa-f:]+$/)) { // ipv6 3671 hIP = ipv6tohex(ip); 3672 } else if (ip.match(/^([0-9A-Fa-f][0-9A-Fa-f]){1,}$/)) { // hex 3673 hIP = ip; 3674 } else { 3675 throw malformedIPMsg; 3676 } 3677 v = new _DEROctetString({hex: hIP}); 3678 } 3679 3680 if (this.type == null) 3681 throw "unsupported type in params=" + params; 3682 this.asn1Obj = new _DERTaggedObject({'explicit': this.explicit, 3683 'tag': pTag[this.type], 3684 'obj': v}); 3685 }; 3686 3687 this.getEncodedHex = function() { 3688 return this.asn1Obj.getEncodedHex(); 3689 } 3690 3691 if (params !== undefined) { 3692 this.setByParam(params); 3693 } 3694 3695 }; 3696 YAHOO.lang.extend(KJUR.asn1.x509.GeneralName, KJUR.asn1.ASN1Object); 3697 3698 /** 3699 * GeneralNames ASN.1 structure class<br/> 3700 * @name KJUR.asn1.x509.GeneralNames 3701 * @class GeneralNames ASN.1 structure class 3702 * @description 3703 * <br/> 3704 * <h4>EXAMPLE AND ASN.1 SYNTAX</h4> 3705 * @example 3706 * gns = new KJUR.asn1.x509.GeneralNames([{'uri': 'http://aaa.com/'}, {'uri': 'http://bbb.com/'}]); 3707 * 3708 * GeneralNames ::= SEQUENCE SIZE (1..MAX) OF GeneralName 3709 */ 3710 KJUR.asn1.x509.GeneralNames = function(paramsArray) { 3711 KJUR.asn1.x509.GeneralNames.superclass.constructor.call(this); 3712 var asn1Array = null, 3713 _KJUR = KJUR, 3714 _KJUR_asn1 = _KJUR.asn1; 3715 3716 /** 3717 * set a array of {@link KJUR.asn1.x509.GeneralName} parameters<br/> 3718 * @name setByParamArray 3719 * @memberOf KJUR.asn1.x509.GeneralNames# 3720 * @function 3721 * @param {Array} paramsArray Array of {@link KJUR.asn1.x509.GeneralNames} 3722 * @description 3723 * <br/> 3724 * <h4>EXAMPLES</h4> 3725 * @example 3726 * gns = new KJUR.asn1.x509.GeneralNames(); 3727 * gns.setByParamArray([{uri: 'http://aaa.com/'}, {uri: 'http://bbb.com/'}]); 3728 */ 3729 this.setByParamArray = function(paramsArray) { 3730 for (var i = 0; i < paramsArray.length; i++) { 3731 var o = new _KJUR_asn1.x509.GeneralName(paramsArray[i]); 3732 this.asn1Array.push(o); 3733 } 3734 }; 3735 3736 this.getEncodedHex = function() { 3737 var o = new _KJUR_asn1.DERSequence({'array': this.asn1Array}); 3738 return o.getEncodedHex(); 3739 }; 3740 3741 this.asn1Array = new Array(); 3742 if (typeof paramsArray != "undefined") { 3743 this.setByParamArray(paramsArray); 3744 } 3745 }; 3746 YAHOO.lang.extend(KJUR.asn1.x509.GeneralNames, KJUR.asn1.ASN1Object); 3747 3748 /** 3749 * static object for OID 3750 * @name KJUR.asn1.x509.OID 3751 * @class static object for OID 3752 * @property {Assoc Array} atype2oidList for short attribute type name and oid (ex. 'C' and '2.5.4.6') 3753 * @property {Assoc Array} name2oidList for oid name and oid (ex. 'keyUsage' and '2.5.29.15') 3754 * @property {Assoc Array} objCache for caching name and DERObjectIdentifier object 3755 * @description 3756 * This class defines OID name and values. 3757 * AttributeType names registered in OID.atype2oidList are following: 3758 * <table style="border-width: thin; border-style: solid; witdh: 100%"> 3759 * <tr><th>short</th><th>long</th><th>OID</th></tr> 3760 * <tr><td>CN</td>commonName<td></td><td>2.5.4.3</td></tr> 3761 * <tr><td>L</td><td>localityName</td><td>2.5.4.7</td></tr> 3762 * <tr><td>ST</td><td>stateOrProvinceName</td><td>2.5.4.8</td></tr> 3763 * <tr><td>O</td><td>organizationName</td><td>2.5.4.10</td></tr> 3764 * <tr><td>OU</td><td>organizationalUnitName</td><td>2.5.4.11</td></tr> 3765 * <tr><td>C</td><td></td>countryName<td>2.5.4.6</td></tr> 3766 * <tr><td>STREET</td>streetAddress<td></td><td>2.5.4.6</td></tr> 3767 * <tr><td>DC</td><td>domainComponent</td><td>0.9.2342.19200300.100.1.25</td></tr> 3768 * <tr><td>UID</td><td>userId</td><td>0.9.2342.19200300.100.1.1</td></tr> 3769 * <tr><td>SN</td><td>surname</td><td>2.5.4.4</td></tr> 3770 * <tr><td>DN</td><td>distinguishedName</td><td>2.5.4.49</td></tr> 3771 * <tr><td>E</td><td>emailAddress</td><td>1.2.840.113549.1.9.1</td></tr> 3772 * <tr><td></td><td>businessCategory</td><td>2.5.4.15</td></tr> 3773 * <tr><td></td><td>postalCode</td><td>2.5.4.17</td></tr> 3774 * <tr><td></td><td>jurisdictionOfIncorporationL</td><td>1.3.6.1.4.1.311.60.2.1.1</td></tr> 3775 * <tr><td></td><td>jurisdictionOfIncorporationSP</td><td>1.3.6.1.4.1.311.60.2.1.2</td></tr> 3776 * <tr><td></td><td>jurisdictionOfIncorporationC</td><td>1.3.6.1.4.1.311.60.2.1.3</td></tr> 3777 * </table> 3778 * 3779 * @example 3780 */ 3781 KJUR.asn1.x509.OID = new function(params) { 3782 this.atype2oidList = { 3783 // RFC 4514 AttributeType name string (MUST recognized) 3784 'CN': '2.5.4.3', 3785 'L': '2.5.4.7', 3786 'ST': '2.5.4.8', 3787 'O': '2.5.4.10', 3788 'OU': '2.5.4.11', 3789 'C': '2.5.4.6', 3790 'STREET': '2.5.4.9', 3791 'DC': '0.9.2342.19200300.100.1.25', 3792 'UID': '0.9.2342.19200300.100.1.1', 3793 // other AttributeType name string 3794 // http://blog.livedoor.jp/k_urushima/archives/656114.html 3795 'SN': '2.5.4.4', // surname 3796 'T': '2.5.4.12', // title 3797 'DN': '2.5.4.49', // distinguishedName 3798 'E': '1.2.840.113549.1.9.1', // emailAddress in MS.NET or Bouncy 3799 // other AttributeType name string (no short name) 3800 'description': '2.5.4.13', 3801 'businessCategory': '2.5.4.15', 3802 'postalCode': '2.5.4.17', 3803 'serialNumber': '2.5.4.5', 3804 'uniqueIdentifier': '2.5.4.45', 3805 'organizationIdentifier': '2.5.4.97', 3806 'jurisdictionOfIncorporationL': '1.3.6.1.4.1.311.60.2.1.1', 3807 'jurisdictionOfIncorporationSP':'1.3.6.1.4.1.311.60.2.1.2', 3808 'jurisdictionOfIncorporationC': '1.3.6.1.4.1.311.60.2.1.3' 3809 }; 3810 this.name2oidList = { 3811 'sha1': '1.3.14.3.2.26', 3812 'sha256': '2.16.840.1.101.3.4.2.1', 3813 'sha384': '2.16.840.1.101.3.4.2.2', 3814 'sha512': '2.16.840.1.101.3.4.2.3', 3815 'sha224': '2.16.840.1.101.3.4.2.4', 3816 'md5': '1.2.840.113549.2.5', 3817 'md2': '1.3.14.7.2.2.1', 3818 'ripemd160': '1.3.36.3.2.1', 3819 3820 'MD2withRSA': '1.2.840.113549.1.1.2', 3821 'MD4withRSA': '1.2.840.113549.1.1.3', 3822 'MD5withRSA': '1.2.840.113549.1.1.4', 3823 'SHA1withRSA': '1.2.840.113549.1.1.5', 3824 'pkcs1-MGF': '1.2.840.113549.1.1.8', 3825 'rsaPSS': '1.2.840.113549.1.1.10', 3826 'SHA224withRSA': '1.2.840.113549.1.1.14', 3827 'SHA256withRSA': '1.2.840.113549.1.1.11', 3828 'SHA384withRSA': '1.2.840.113549.1.1.12', 3829 'SHA512withRSA': '1.2.840.113549.1.1.13', 3830 3831 'SHA1withECDSA': '1.2.840.10045.4.1', 3832 'SHA224withECDSA': '1.2.840.10045.4.3.1', 3833 'SHA256withECDSA': '1.2.840.10045.4.3.2', 3834 'SHA384withECDSA': '1.2.840.10045.4.3.3', 3835 'SHA512withECDSA': '1.2.840.10045.4.3.4', 3836 3837 'dsa': '1.2.840.10040.4.1', 3838 'SHA1withDSA': '1.2.840.10040.4.3', 3839 'SHA224withDSA': '2.16.840.1.101.3.4.3.1', 3840 'SHA256withDSA': '2.16.840.1.101.3.4.3.2', 3841 3842 'rsaEncryption': '1.2.840.113549.1.1.1', 3843 3844 // X.500 AttributeType defined in RFC 4514 3845 'commonName': '2.5.4.3', 3846 'countryName': '2.5.4.6', 3847 'localityName': '2.5.4.7', 3848 'stateOrProvinceName': '2.5.4.8', 3849 'streetAddress': '2.5.4.9', 3850 'organizationName': '2.5.4.10', 3851 'organizationalUnitName': '2.5.4.11', 3852 'domainComponent': '0.9.2342.19200300.100.1.25', 3853 'userId': '0.9.2342.19200300.100.1.1', 3854 // other AttributeType name string 3855 'surname': '2.5.4.4', 3856 'title': '2.5.4.12', 3857 'distinguishedName': '2.5.4.49', 3858 'emailAddress': '1.2.840.113549.1.9.1', 3859 // other AttributeType name string (no short name) 3860 'description': '2.5.4.13', 3861 'businessCategory': '2.5.4.15', 3862 'postalCode': '2.5.4.17', 3863 'uniqueIdentifier': '2.5.4.45', 3864 'organizationIdentifier': '2.5.4.97', 3865 'jurisdictionOfIncorporationL': '1.3.6.1.4.1.311.60.2.1.1', 3866 'jurisdictionOfIncorporationSP':'1.3.6.1.4.1.311.60.2.1.2', 3867 'jurisdictionOfIncorporationC': '1.3.6.1.4.1.311.60.2.1.3', 3868 3869 'subjectKeyIdentifier': '2.5.29.14', 3870 'keyUsage': '2.5.29.15', 3871 'subjectAltName': '2.5.29.17', 3872 'issuerAltName': '2.5.29.18', 3873 'basicConstraints': '2.5.29.19', 3874 'cRLNumber': '2.5.29.20', 3875 'cRLReason': '2.5.29.21', 3876 'nameConstraints': '2.5.29.30', 3877 'cRLDistributionPoints':'2.5.29.31', 3878 'certificatePolicies': '2.5.29.32', 3879 'anyPolicy': '2.5.29.32.0', 3880 'authorityKeyIdentifier':'2.5.29.35', 3881 'policyConstraints': '2.5.29.36', 3882 'extKeyUsage': '2.5.29.37', 3883 'authorityInfoAccess': '1.3.6.1.5.5.7.1.1', 3884 'ocsp': '1.3.6.1.5.5.7.48.1', 3885 'ocspBasic': '1.3.6.1.5.5.7.48.1.1', 3886 'ocspNonce': '1.3.6.1.5.5.7.48.1.2', 3887 'ocspNoCheck': '1.3.6.1.5.5.7.48.1.5', 3888 'caIssuers': '1.3.6.1.5.5.7.48.2', 3889 3890 'anyExtendedKeyUsage': '2.5.29.37.0', 3891 'serverAuth': '1.3.6.1.5.5.7.3.1', 3892 'clientAuth': '1.3.6.1.5.5.7.3.2', 3893 'codeSigning': '1.3.6.1.5.5.7.3.3', 3894 'emailProtection': '1.3.6.1.5.5.7.3.4', 3895 'timeStamping': '1.3.6.1.5.5.7.3.8', 3896 'ocspSigning': '1.3.6.1.5.5.7.3.9', 3897 3898 'ecPublicKey': '1.2.840.10045.2.1', 3899 'secp256r1': '1.2.840.10045.3.1.7', 3900 'secp256k1': '1.3.132.0.10', 3901 'secp384r1': '1.3.132.0.34', 3902 3903 'pkcs5PBES2': '1.2.840.113549.1.5.13', 3904 'pkcs5PBKDF2': '1.2.840.113549.1.5.12', 3905 3906 'des-EDE3-CBC': '1.2.840.113549.3.7', 3907 3908 'data': '1.2.840.113549.1.7.1', // CMS data 3909 'signed-data': '1.2.840.113549.1.7.2', // CMS signed-data 3910 'enveloped-data': '1.2.840.113549.1.7.3', // CMS enveloped-data 3911 'digested-data': '1.2.840.113549.1.7.5', // CMS digested-data 3912 'encrypted-data': '1.2.840.113549.1.7.6', // CMS encrypted-data 3913 'authenticated-data': '1.2.840.113549.1.9.16.1.2', // CMS authenticated-data 3914 'tstinfo': '1.2.840.113549.1.9.16.1.4', // RFC3161 TSTInfo 3915 'signingCertificate': '1.2.840.113549.1.9.16.2.12',// SMIME 3916 'timeStampToken': '1.2.840.113549.1.9.16.2.14',// sigTS 3917 'etsArchiveTimeStamp': '1.2.840.113549.1.9.16.2.27',// SMIME 3918 'signingCertificateV2': '1.2.840.113549.1.9.16.2.47',// SMIME 3919 'etsArchiveTimeStampV2':'1.2.840.113549.1.9.16.2.48',// SMIME 3920 'extensionRequest': '1.2.840.113549.1.9.14',// CSR extensionRequest 3921 'contentType': '1.2.840.113549.1.9.3',//PKCS#9 3922 'messageDigest': '1.2.840.113549.1.9.4',//PKCS#9 3923 'signingTime': '1.2.840.113549.1.9.5',//PKCS#9 3924 'counterSignature': '1.2.840.113549.1.9.6',//PKCS#9 3925 'archiveTimeStampV3': '0.4.0.1733.2.4',//ETSI EN29319122/TS101733 3926 'pdfRevocationInfoArchival':'1.2.840.113583.1.1.8'//Adobe 3927 }; 3928 3929 this.objCache = {}; 3930 3931 /** 3932 * get DERObjectIdentifier by registered OID name 3933 * @name name2obj 3934 * @memberOf KJUR.asn1.x509.OID 3935 * @function 3936 * @param {String} name OID 3937 * @description 3938 * @example 3939 * var asn1ObjOID = OID.name2obj('SHA1withRSA'); 3940 */ 3941 this.name2obj = function(name) { 3942 if (typeof this.objCache[name] != "undefined") 3943 return this.objCache[name]; 3944 if (typeof this.name2oidList[name] == "undefined") 3945 throw "Name of ObjectIdentifier not defined: " + name; 3946 var oid = this.name2oidList[name]; 3947 var obj = new KJUR.asn1.DERObjectIdentifier({'oid': oid}); 3948 this.objCache[name] = obj; 3949 return obj; 3950 }; 3951 3952 /** 3953 * get DERObjectIdentifier by registered attribute type name such like 'C' or 'CN'<br/> 3954 * @name atype2obj 3955 * @memberOf KJUR.asn1.x509.OID 3956 * @function 3957 * @param {String} atype short attribute type name such like 'C' or 'CN' 3958 * @description 3959 * @example 3960 * KJUR.asn1.x509.OID.atype2obj('CN') → 2.5.4.3 3961 * KJUR.asn1.x509.OID.atype2obj('OU') → 2.5.4.11 3962 */ 3963 this.atype2obj = function(atype) { 3964 if (typeof this.objCache[atype] != "undefined") 3965 return this.objCache[atype]; 3966 if (typeof this.atype2oidList[atype] == "undefined") 3967 throw "AttributeType name undefined: " + atype; 3968 var oid = this.atype2oidList[atype]; 3969 var obj = new KJUR.asn1.DERObjectIdentifier({'oid': oid}); 3970 this.objCache[atype] = obj; 3971 return obj; 3972 }; 3973 }; 3974 3975 /** 3976 * convert OID to name<br/> 3977 * @name oid2name 3978 * @memberOf KJUR.asn1.x509.OID 3979 * @function 3980 * @param {String} oid dot noted Object Identifer string (ex. 1.2.3.4) 3981 * @return {String} OID name if registered otherwise empty string 3982 * @since asn1x509 1.0.9 3983 * @description 3984 * This static method converts OID string to its name. 3985 * If OID is undefined then it returns empty string (i.e. ''). 3986 * @example 3987 * KJUR.asn1.x509.OID.oid2name("1.3.6.1.5.5.7.1.1") → 'authorityInfoAccess' 3988 */ 3989 KJUR.asn1.x509.OID.oid2name = function(oid) { 3990 var list = KJUR.asn1.x509.OID.name2oidList; 3991 for (var name in list) { 3992 if (list[name] == oid) return name; 3993 } 3994 return ''; 3995 }; 3996 3997 /** 3998 * convert OID to AttributeType name<br/> 3999 * @name oid2atype 4000 * @memberOf KJUR.asn1.x509.OID 4001 * @function 4002 * @param {String} oid dot noted Object Identifer string (ex. 1.2.3.4) 4003 * @return {String} OID AttributeType name if registered otherwise oid 4004 * @since jsrsasign 6.2.2 asn1x509 1.0.18 4005 * @description 4006 * This static method converts OID string to its AttributeType name. 4007 * If OID is not defined in OID.atype2oidList associative array then it returns OID 4008 * specified as argument. 4009 * @example 4010 * KJUR.asn1.x509.OID.oid2atype("2.5.4.3") → CN 4011 * KJUR.asn1.x509.OID.oid2atype("1.3.6.1.4.1.311.60.2.1.3") → jurisdictionOfIncorporationC 4012 * KJUR.asn1.x509.OID.oid2atype("0.1.2.3.4") → 0.1.2.3.4 // unregistered OID 4013 */ 4014 KJUR.asn1.x509.OID.oid2atype = function(oid) { 4015 var list = KJUR.asn1.x509.OID.atype2oidList; 4016 for (var atype in list) { 4017 if (list[atype] == oid) return atype; 4018 } 4019 return oid; 4020 }; 4021 4022 /** 4023 * convert OID name to OID value<br/> 4024 * @name name2oid 4025 * @memberOf KJUR.asn1.x509.OID 4026 * @function 4027 * @param {String} name OID name or OID (ex. "sha1" or "1.2.3.4") 4028 * @return {String} dot noted Object Identifer string (ex. 1.2.3.4) 4029 * @since asn1x509 1.0.11 4030 * @description 4031 * This static method converts from OID name to OID string. 4032 * If OID is undefined then it returns empty string (i.e. ''). 4033 * @example 4034 * KJUR.asn1.x509.OID.name2oid("authorityInfoAccess") → "1.3.6.1.5.5.7.1.1" 4035 * KJUR.asn1.x509.OID.name2oid("1.2.3.4") → "1.2.3.4" 4036 * KJUR.asn1.x509.OID.name2oid("UNKNOWN NAME") → "" 4037 */ 4038 KJUR.asn1.x509.OID.name2oid = function(name) { 4039 if (name.match(/^[0-9.]+$/)) return name; 4040 var list = KJUR.asn1.x509.OID.name2oidList; 4041 if (list[name] === undefined) return ''; 4042 return list[name]; 4043 }; 4044 4045 /** 4046 * X.509 certificate and CRL utilities class<br/> 4047 * @name KJUR.asn1.x509.X509Util 4048 * @class X.509 certificate and CRL utilities class 4049 */ 4050 KJUR.asn1.x509.X509Util = {}; 4051 4052 /** 4053 * issue a certificate in PEM format (DEPRECATED) 4054 * @name newCertPEM 4055 * @memberOf KJUR.asn1.x509.X509Util 4056 * @function 4057 * @param {Array} param JSON object of parameter to issue a certificate 4058 * @since asn1x509 1.0.6 4059 * @deprecated since jsrsasign 9.0.0 asn1x509 2.0.0. please move to {@link KJUR.asn1.x509.Certificate} constructor 4060 * @description 4061 * This method can issue a certificate by a simple 4062 * JSON object. 4063 * Signature value will be provided by signing with 4064 * private key using 'cakey' parameter or 4065 * hexadecimal signature value by 'sighex' parameter. 4066 * <br/> 4067 * NOTE: Algorithm parameter of AlgorithmIdentifier will 4068 * be set automatically by default. 4069 * (see {@link KJUR.asn1.x509.AlgorithmIdentifier}) 4070 * from jsrsasign 7.1.1 asn1x509 1.0.20. 4071 * <br/> 4072 * NOTE2: 4073 * RSA-PSS algorithm has been supported from jsrsasign 8.0.21. 4074 * As for RSA-PSS signature algorithm names and signing parameters 4075 * such as MGF function and salt length, please see 4076 * {@link KJUR.asn1.x509.AlgorithmIdentifier} class. 4077 * 4078 * @example 4079 * var certPEM = KJUR.asn1.x509.X509Util.newCertPEM({ 4080 * serial: {int: 4}, 4081 * sigalg: {name: 'SHA1withECDSA'}, 4082 * issuer: {str: '/C=US/O=a'}, 4083 * notbefore: {'str': '130504235959Z'}, 4084 * notafter: {'str': '140504235959Z'}, 4085 * subject: {str: '/C=US/O=b'}, 4086 * sbjpubkey: pubKeyObj, 4087 * ext: [ 4088 * {basicConstraints: {cA: true, critical: true}}, 4089 * {keyUsage: {bin: '11'}}, 4090 * ], 4091 * cakey: prvKeyObj 4092 * }); 4093 * // -- or -- 4094 * var certPEM = KJUR.asn1.x509.X509Util.newCertPEM({ 4095 * serial: {int: 4}, 4096 * sigalg: {name: 'SHA1withECDSA'}, 4097 * issuer: {str: '/C=US/O=a'}, 4098 * notbefore: {'str': '130504235959Z'}, 4099 * notafter: {'str': '140504235959Z'}, 4100 * subject: {str: '/C=US/O=b'}, 4101 * sbjpubkey: pubKeyPEM, 4102 * ext: [ 4103 * {basicConstraints: {cA: true, critical: true}}, 4104 * {keyUsage: {bin: '11'}}, 4105 * ], 4106 * cakey: [prvkey, pass]} 4107 * ); 4108 * // -- or -- 4109 * var certPEM = KJUR.asn1.x509.X509Util.newCertPEM({ 4110 * serial: {int: 1}, 4111 * sigalg: {name: 'SHA1withRSA'}, 4112 * issuer: {str: '/C=US/O=T1'}, 4113 * notbefore: {'str': '130504235959Z'}, 4114 * notafter: {'str': '140504235959Z'}, 4115 * subject: {str: '/C=US/O=T1'}, 4116 * sbjpubkey: pubKeyObj, 4117 * sighex: '0102030405..' 4118 * }); 4119 * // for the issuer and subject field, another 4120 * // representation is also available 4121 * var certPEM = KJUR.asn1.x509.X509Util.newCertPEM({ 4122 * serial: {int: 1}, 4123 * sigalg: {name: 'SHA256withRSA'}, 4124 * issuer: {C: "US", O: "T1"}, 4125 * notbefore: {'str': '130504235959Z'}, 4126 * notafter: {'str': '140504235959Z'}, 4127 * subject: {C: "US", O: "T1", CN: "http://example.com/"}, 4128 * sbjpubkey: pubKeyObj, 4129 * sighex: '0102030405..' 4130 * }); 4131 */ 4132 KJUR.asn1.x509.X509Util.newCertPEM = function(param) { 4133 var _KJUR_asn1_x509 = KJUR.asn1.x509, 4134 _TBSCertificate = _KJUR_asn1_x509.TBSCertificate, 4135 _Certificate = _KJUR_asn1_x509.Certificate; 4136 var cert = new _Certificate(param); 4137 return cert.getPEM(); 4138 }; 4139 4140