diff --git a/ChangeLog.txt b/ChangeLog.txt index 8fcdd8c6..7a9231d9 100755 --- a/ChangeLog.txt +++ b/ChangeLog.txt @@ -1,7 +1,32 @@ ChangeLog for jsrsasign -* Changes from 6.1.4 to next version +* Changes from 6.2.0 to 6.2.1 (2016-Nov-18) + - asn1x509 1.0.16 to 1.0.17 + - multi-valued RDN supported in X500Name and RDN class. + - KJUR.asn1.x509.RDN.parseString() static method added + - API document update + - x509 1.1.9 to 1.1.9 (same) + - X509.readCertPEMWithoutRSAInit fix by @lionello . Thanks. + - crypto 1.1.10 to 1.1.10 + - API document fix + - sample_node scripts + - dataencrypt, datadecrypt and jwsview added + +* Changes from 6.1.4 to 6.2.0 (2016-Nov-03) + - RSAKey + - CRITICAL BUGFIX: RSA-PSS and RSA-OAEP not working from jsrsasign 5.0.0 + because rstr_sha1 function is missingand. Now it was fixed. + (oaep_pad, oeap_unpad) + - API document added. + - crypto 1.1.9 to 1.1.10 + - KJUR.crypto.Cipher class added to encrypt/decrypt data. + Currently only RSA, RSAOAEP supported. Other ciphers like + AES, 3DES will be supported near in the future. + - KJUR.crypto.MessageDigest class + - HASHLENGTH, getCanonicalAlgName, getHashLength + - asn1x509 1.0.15 to 1.0.16 + - AuthorityInfoAccess class added by @lionello 's pull request. Thanks. - base64x - fix API document - npm diff --git a/api/files.html b/api/files.html index b79580e7..4675060d 100644 --- a/api/files.html +++ b/api/files.html @@ -340,6 +340,8 @@

Classes

  • KJUR.asn1.x509.AttributeTypeAndValue
  • +
  • KJUR.asn1.x509.AuthorityInfoAccess
  • +
  • KJUR.asn1.x509.AuthorityKeyIdentifier
  • KJUR.asn1.x509.BasicConstraints
  • @@ -384,6 +386,8 @@

    Classes

  • KJUR.crypto
  • +
  • KJUR.crypto.Cipher
  • +
  • KJUR.crypto.DSA
  • KJUR.crypto.ECDSA
  • @@ -568,7 +572,7 @@

    asn1x509-1.0.js

    Version:
    -
    1.0.15 (2016-Oct-08)
    +
    1.0.17 (2016-Nov-18)
    @@ -606,7 +610,7 @@

    crypto-1.1.js

    Version:
    -
    1.1.9 (2016-Oct-08)
    +
    1.1.10 (2016-Oct-29)
    diff --git a/api/index.html b/api/index.html index 5476af72..3f6a292a 100644 --- a/api/index.html +++ b/api/index.html @@ -340,6 +340,8 @@

    Classes

  • KJUR.asn1.x509.AttributeTypeAndValue
  • +
  • KJUR.asn1.x509.AuthorityInfoAccess
  • +
  • KJUR.asn1.x509.AuthorityKeyIdentifier
  • KJUR.asn1.x509.BasicConstraints
  • @@ -384,6 +386,8 @@

    Classes

  • KJUR.crypto
  • +
  • KJUR.crypto.Cipher
  • +
  • KJUR.crypto.DSA
  • KJUR.crypto.ECDSA
  • @@ -886,6 +890,12 @@

    KJUR.asn1.x509.A
    +
    +

    KJUR.asn1.x509.AuthorityInfoAccess

    + AuthorityInfoAccess ASN.1 structure class +
    +
    +

    KJUR.asn1.x509.AuthorityKeyIdentifier

    AuthorityKeyIdentifier ASN.1 structure class @@ -972,7 +982,7 @@

    KJUR.asn1.x509.OID

    KJUR.asn1.x509.RDN

    - RDN (Relative Distinguish Name) ASN.1 structure class + RDN (Relative Distinguished Name) ASN.1 structure class

    @@ -1018,6 +1028,12 @@

    KJUR.crypto


    +
    +

    KJUR.crypto.Cipher

    + Cipher class to encrypt and decrypt data
    +
    +
    +

    KJUR.crypto.DSA

    class for DSA signing and verifcation diff --git a/api/symbols/ASN1HEX.html b/api/symbols/ASN1HEX.html index f451268a..4abc91b0 100644 --- a/api/symbols/ASN1HEX.html +++ b/api/symbols/ASN1HEX.html @@ -345,6 +345,8 @@

    Classes

  • KJUR.asn1.x509.AttributeTypeAndValue
  • +
  • KJUR.asn1.x509.AuthorityInfoAccess
  • +
  • KJUR.asn1.x509.AuthorityKeyIdentifier
  • KJUR.asn1.x509.BasicConstraints
  • @@ -389,6 +391,8 @@

    Classes

  • KJUR.crypto
  • +
  • KJUR.crypto.Cipher
  • +
  • KJUR.crypto.DSA
  • KJUR.crypto.ECDSA
  • diff --git a/api/symbols/Base64x.html b/api/symbols/Base64x.html index e6ac63a2..72aa7628 100644 --- a/api/symbols/Base64x.html +++ b/api/symbols/Base64x.html @@ -345,6 +345,8 @@

    Classes

  • KJUR.asn1.x509.AttributeTypeAndValue
  • +
  • KJUR.asn1.x509.AuthorityInfoAccess
  • +
  • KJUR.asn1.x509.AuthorityKeyIdentifier
  • KJUR.asn1.x509.BasicConstraints
  • @@ -389,6 +391,8 @@

    Classes

  • KJUR.crypto
  • +
  • KJUR.crypto.Cipher
  • +
  • KJUR.crypto.DSA
  • KJUR.crypto.ECDSA
  • diff --git a/api/symbols/KEYUTIL.html b/api/symbols/KEYUTIL.html index e350771d..f32466c6 100644 --- a/api/symbols/KEYUTIL.html +++ b/api/symbols/KEYUTIL.html @@ -345,6 +345,8 @@

    Classes

  • KJUR.asn1.x509.AttributeTypeAndValue
  • +
  • KJUR.asn1.x509.AuthorityInfoAccess
  • +
  • KJUR.asn1.x509.AuthorityKeyIdentifier
  • KJUR.asn1.x509.BasicConstraints
  • @@ -389,6 +391,8 @@

    Classes

  • KJUR.crypto
  • +
  • KJUR.crypto.Cipher
  • +
  • KJUR.crypto.DSA
  • KJUR.crypto.ECDSA
  • diff --git a/api/symbols/KJUR.asn1.ASN1Object.html b/api/symbols/KJUR.asn1.ASN1Object.html index 58fa88e6..08e02ebe 100644 --- a/api/symbols/KJUR.asn1.ASN1Object.html +++ b/api/symbols/KJUR.asn1.ASN1Object.html @@ -345,6 +345,8 @@

    Classes

  • KJUR.asn1.x509.AttributeTypeAndValue
  • +
  • KJUR.asn1.x509.AuthorityInfoAccess
  • +
  • KJUR.asn1.x509.AuthorityKeyIdentifier
  • KJUR.asn1.x509.BasicConstraints
  • @@ -389,6 +391,8 @@

    Classes

  • KJUR.crypto
  • +
  • KJUR.crypto.Cipher
  • +
  • KJUR.crypto.DSA
  • KJUR.crypto.ECDSA
  • diff --git a/api/symbols/KJUR.asn1.ASN1Util.html b/api/symbols/KJUR.asn1.ASN1Util.html index 363c7b7b..5158654c 100644 --- a/api/symbols/KJUR.asn1.ASN1Util.html +++ b/api/symbols/KJUR.asn1.ASN1Util.html @@ -345,6 +345,8 @@

    Classes

  • KJUR.asn1.x509.AttributeTypeAndValue
  • +
  • KJUR.asn1.x509.AuthorityInfoAccess
  • +
  • KJUR.asn1.x509.AuthorityKeyIdentifier
  • KJUR.asn1.x509.BasicConstraints
  • @@ -389,6 +391,8 @@

    Classes

  • KJUR.crypto
  • +
  • KJUR.crypto.Cipher
  • +
  • KJUR.crypto.DSA
  • KJUR.crypto.ECDSA
  • diff --git a/api/symbols/KJUR.asn1.DERAbstractString.html b/api/symbols/KJUR.asn1.DERAbstractString.html index 51bbc736..aa4c1eb4 100644 --- a/api/symbols/KJUR.asn1.DERAbstractString.html +++ b/api/symbols/KJUR.asn1.DERAbstractString.html @@ -345,6 +345,8 @@

    Classes

  • KJUR.asn1.x509.AttributeTypeAndValue
  • +
  • KJUR.asn1.x509.AuthorityInfoAccess
  • +
  • KJUR.asn1.x509.AuthorityKeyIdentifier
  • KJUR.asn1.x509.BasicConstraints
  • @@ -389,6 +391,8 @@

    Classes

  • KJUR.crypto
  • +
  • KJUR.crypto.Cipher
  • +
  • KJUR.crypto.DSA
  • KJUR.crypto.ECDSA
  • diff --git a/api/symbols/KJUR.asn1.DERAbstractStructured.html b/api/symbols/KJUR.asn1.DERAbstractStructured.html index 43ab7fa7..fec57c18 100644 --- a/api/symbols/KJUR.asn1.DERAbstractStructured.html +++ b/api/symbols/KJUR.asn1.DERAbstractStructured.html @@ -345,6 +345,8 @@

    Classes

  • KJUR.asn1.x509.AttributeTypeAndValue
  • +
  • KJUR.asn1.x509.AuthorityInfoAccess
  • +
  • KJUR.asn1.x509.AuthorityKeyIdentifier
  • KJUR.asn1.x509.BasicConstraints
  • @@ -389,6 +391,8 @@

    Classes

  • KJUR.crypto
  • +
  • KJUR.crypto.Cipher
  • +
  • KJUR.crypto.DSA
  • KJUR.crypto.ECDSA
  • diff --git a/api/symbols/KJUR.asn1.DERAbstractTime.html b/api/symbols/KJUR.asn1.DERAbstractTime.html index fe409e70..9af6974d 100644 --- a/api/symbols/KJUR.asn1.DERAbstractTime.html +++ b/api/symbols/KJUR.asn1.DERAbstractTime.html @@ -345,6 +345,8 @@

    Classes

  • KJUR.asn1.x509.AttributeTypeAndValue
  • +
  • KJUR.asn1.x509.AuthorityInfoAccess
  • +
  • KJUR.asn1.x509.AuthorityKeyIdentifier
  • KJUR.asn1.x509.BasicConstraints
  • @@ -389,6 +391,8 @@

    Classes

  • KJUR.crypto
  • +
  • KJUR.crypto.Cipher
  • +
  • KJUR.crypto.DSA
  • KJUR.crypto.ECDSA
  • diff --git a/api/symbols/KJUR.asn1.DERBitString.html b/api/symbols/KJUR.asn1.DERBitString.html index cfdfed15..d000b59c 100644 --- a/api/symbols/KJUR.asn1.DERBitString.html +++ b/api/symbols/KJUR.asn1.DERBitString.html @@ -345,6 +345,8 @@

    Classes

  • KJUR.asn1.x509.AttributeTypeAndValue
  • +
  • KJUR.asn1.x509.AuthorityInfoAccess
  • +
  • KJUR.asn1.x509.AuthorityKeyIdentifier
  • KJUR.asn1.x509.BasicConstraints
  • @@ -389,6 +391,8 @@

    Classes

  • KJUR.crypto
  • +
  • KJUR.crypto.Cipher
  • +
  • KJUR.crypto.DSA
  • KJUR.crypto.ECDSA
  • diff --git a/api/symbols/KJUR.asn1.DERBoolean.html b/api/symbols/KJUR.asn1.DERBoolean.html index c1798c2a..bb71dd2a 100644 --- a/api/symbols/KJUR.asn1.DERBoolean.html +++ b/api/symbols/KJUR.asn1.DERBoolean.html @@ -345,6 +345,8 @@

    Classes

  • KJUR.asn1.x509.AttributeTypeAndValue
  • +
  • KJUR.asn1.x509.AuthorityInfoAccess
  • +
  • KJUR.asn1.x509.AuthorityKeyIdentifier
  • KJUR.asn1.x509.BasicConstraints
  • @@ -389,6 +391,8 @@

    Classes

  • KJUR.crypto
  • +
  • KJUR.crypto.Cipher
  • +
  • KJUR.crypto.DSA
  • KJUR.crypto.ECDSA
  • diff --git a/api/symbols/KJUR.asn1.DEREnumerated.html b/api/symbols/KJUR.asn1.DEREnumerated.html index 0763cf81..d19d75b0 100644 --- a/api/symbols/KJUR.asn1.DEREnumerated.html +++ b/api/symbols/KJUR.asn1.DEREnumerated.html @@ -345,6 +345,8 @@

    Classes

  • KJUR.asn1.x509.AttributeTypeAndValue
  • +
  • KJUR.asn1.x509.AuthorityInfoAccess
  • +
  • KJUR.asn1.x509.AuthorityKeyIdentifier
  • KJUR.asn1.x509.BasicConstraints
  • @@ -389,6 +391,8 @@

    Classes

  • KJUR.crypto
  • +
  • KJUR.crypto.Cipher
  • +
  • KJUR.crypto.DSA
  • KJUR.crypto.ECDSA
  • diff --git a/api/symbols/KJUR.asn1.DERGeneralizedTime.html b/api/symbols/KJUR.asn1.DERGeneralizedTime.html index 6140e6ab..f1c35635 100644 --- a/api/symbols/KJUR.asn1.DERGeneralizedTime.html +++ b/api/symbols/KJUR.asn1.DERGeneralizedTime.html @@ -345,6 +345,8 @@

    Classes

  • KJUR.asn1.x509.AttributeTypeAndValue
  • +
  • KJUR.asn1.x509.AuthorityInfoAccess
  • +
  • KJUR.asn1.x509.AuthorityKeyIdentifier
  • KJUR.asn1.x509.BasicConstraints
  • @@ -389,6 +391,8 @@

    Classes

  • KJUR.crypto
  • +
  • KJUR.crypto.Cipher
  • +
  • KJUR.crypto.DSA
  • KJUR.crypto.ECDSA
  • diff --git a/api/symbols/KJUR.asn1.DERIA5String.html b/api/symbols/KJUR.asn1.DERIA5String.html index 373f5a50..31bbced3 100644 --- a/api/symbols/KJUR.asn1.DERIA5String.html +++ b/api/symbols/KJUR.asn1.DERIA5String.html @@ -345,6 +345,8 @@

    Classes

  • KJUR.asn1.x509.AttributeTypeAndValue
  • +
  • KJUR.asn1.x509.AuthorityInfoAccess
  • +
  • KJUR.asn1.x509.AuthorityKeyIdentifier
  • KJUR.asn1.x509.BasicConstraints
  • @@ -389,6 +391,8 @@

    Classes

  • KJUR.crypto
  • +
  • KJUR.crypto.Cipher
  • +
  • KJUR.crypto.DSA
  • KJUR.crypto.ECDSA
  • diff --git a/api/symbols/KJUR.asn1.DERInteger.html b/api/symbols/KJUR.asn1.DERInteger.html index 4bfce70c..683b302d 100644 --- a/api/symbols/KJUR.asn1.DERInteger.html +++ b/api/symbols/KJUR.asn1.DERInteger.html @@ -345,6 +345,8 @@

    Classes

  • KJUR.asn1.x509.AttributeTypeAndValue
  • +
  • KJUR.asn1.x509.AuthorityInfoAccess
  • +
  • KJUR.asn1.x509.AuthorityKeyIdentifier
  • KJUR.asn1.x509.BasicConstraints
  • @@ -389,6 +391,8 @@

    Classes

  • KJUR.crypto
  • +
  • KJUR.crypto.Cipher
  • +
  • KJUR.crypto.DSA
  • KJUR.crypto.ECDSA
  • diff --git a/api/symbols/KJUR.asn1.DERNull.html b/api/symbols/KJUR.asn1.DERNull.html index 654a23cc..73c6a70a 100644 --- a/api/symbols/KJUR.asn1.DERNull.html +++ b/api/symbols/KJUR.asn1.DERNull.html @@ -345,6 +345,8 @@

    Classes

  • KJUR.asn1.x509.AttributeTypeAndValue
  • +
  • KJUR.asn1.x509.AuthorityInfoAccess
  • +
  • KJUR.asn1.x509.AuthorityKeyIdentifier
  • KJUR.asn1.x509.BasicConstraints
  • @@ -389,6 +391,8 @@

    Classes

  • KJUR.crypto
  • +
  • KJUR.crypto.Cipher
  • +
  • KJUR.crypto.DSA
  • KJUR.crypto.ECDSA
  • diff --git a/api/symbols/KJUR.asn1.DERNumericString.html b/api/symbols/KJUR.asn1.DERNumericString.html index 4f5412ce..782db2e3 100644 --- a/api/symbols/KJUR.asn1.DERNumericString.html +++ b/api/symbols/KJUR.asn1.DERNumericString.html @@ -345,6 +345,8 @@

    Classes

  • KJUR.asn1.x509.AttributeTypeAndValue
  • +
  • KJUR.asn1.x509.AuthorityInfoAccess
  • +
  • KJUR.asn1.x509.AuthorityKeyIdentifier
  • KJUR.asn1.x509.BasicConstraints
  • @@ -389,6 +391,8 @@

    Classes

  • KJUR.crypto
  • +
  • KJUR.crypto.Cipher
  • +
  • KJUR.crypto.DSA
  • KJUR.crypto.ECDSA
  • diff --git a/api/symbols/KJUR.asn1.DERObjectIdentifier.html b/api/symbols/KJUR.asn1.DERObjectIdentifier.html index bab5af86..ec08492c 100644 --- a/api/symbols/KJUR.asn1.DERObjectIdentifier.html +++ b/api/symbols/KJUR.asn1.DERObjectIdentifier.html @@ -345,6 +345,8 @@

    Classes

  • KJUR.asn1.x509.AttributeTypeAndValue
  • +
  • KJUR.asn1.x509.AuthorityInfoAccess
  • +
  • KJUR.asn1.x509.AuthorityKeyIdentifier
  • KJUR.asn1.x509.BasicConstraints
  • @@ -389,6 +391,8 @@

    Classes

  • KJUR.crypto
  • +
  • KJUR.crypto.Cipher
  • +
  • KJUR.crypto.DSA
  • KJUR.crypto.ECDSA
  • diff --git a/api/symbols/KJUR.asn1.DEROctetString.html b/api/symbols/KJUR.asn1.DEROctetString.html index 448a0446..dc975131 100644 --- a/api/symbols/KJUR.asn1.DEROctetString.html +++ b/api/symbols/KJUR.asn1.DEROctetString.html @@ -345,6 +345,8 @@

    Classes

  • KJUR.asn1.x509.AttributeTypeAndValue
  • +
  • KJUR.asn1.x509.AuthorityInfoAccess
  • +
  • KJUR.asn1.x509.AuthorityKeyIdentifier
  • KJUR.asn1.x509.BasicConstraints
  • @@ -389,6 +391,8 @@

    Classes

  • KJUR.crypto
  • +
  • KJUR.crypto.Cipher
  • +
  • KJUR.crypto.DSA
  • KJUR.crypto.ECDSA
  • diff --git a/api/symbols/KJUR.asn1.DERPrintableString.html b/api/symbols/KJUR.asn1.DERPrintableString.html index bd6df3b0..3876a24f 100644 --- a/api/symbols/KJUR.asn1.DERPrintableString.html +++ b/api/symbols/KJUR.asn1.DERPrintableString.html @@ -345,6 +345,8 @@

    Classes

  • KJUR.asn1.x509.AttributeTypeAndValue
  • +
  • KJUR.asn1.x509.AuthorityInfoAccess
  • +
  • KJUR.asn1.x509.AuthorityKeyIdentifier
  • KJUR.asn1.x509.BasicConstraints
  • @@ -389,6 +391,8 @@

    Classes

  • KJUR.crypto
  • +
  • KJUR.crypto.Cipher
  • +
  • KJUR.crypto.DSA
  • KJUR.crypto.ECDSA
  • diff --git a/api/symbols/KJUR.asn1.DERSequence.html b/api/symbols/KJUR.asn1.DERSequence.html index 71138aad..6f0a4da1 100644 --- a/api/symbols/KJUR.asn1.DERSequence.html +++ b/api/symbols/KJUR.asn1.DERSequence.html @@ -345,6 +345,8 @@

    Classes

  • KJUR.asn1.x509.AttributeTypeAndValue
  • +
  • KJUR.asn1.x509.AuthorityInfoAccess
  • +
  • KJUR.asn1.x509.AuthorityKeyIdentifier
  • KJUR.asn1.x509.BasicConstraints
  • @@ -389,6 +391,8 @@

    Classes

  • KJUR.crypto
  • +
  • KJUR.crypto.Cipher
  • +
  • KJUR.crypto.DSA
  • KJUR.crypto.ECDSA
  • diff --git a/api/symbols/KJUR.asn1.DERSet.html b/api/symbols/KJUR.asn1.DERSet.html index 3b1859ba..da9de10b 100644 --- a/api/symbols/KJUR.asn1.DERSet.html +++ b/api/symbols/KJUR.asn1.DERSet.html @@ -345,6 +345,8 @@

    Classes

  • KJUR.asn1.x509.AttributeTypeAndValue
  • +
  • KJUR.asn1.x509.AuthorityInfoAccess
  • +
  • KJUR.asn1.x509.AuthorityKeyIdentifier
  • KJUR.asn1.x509.BasicConstraints
  • @@ -389,6 +391,8 @@

    Classes

  • KJUR.crypto
  • +
  • KJUR.crypto.Cipher
  • +
  • KJUR.crypto.DSA
  • KJUR.crypto.ECDSA
  • diff --git a/api/symbols/KJUR.asn1.DERTaggedObject.html b/api/symbols/KJUR.asn1.DERTaggedObject.html index 2d8b01d1..9c0829d3 100644 --- a/api/symbols/KJUR.asn1.DERTaggedObject.html +++ b/api/symbols/KJUR.asn1.DERTaggedObject.html @@ -345,6 +345,8 @@

    Classes

  • KJUR.asn1.x509.AttributeTypeAndValue
  • +
  • KJUR.asn1.x509.AuthorityInfoAccess
  • +
  • KJUR.asn1.x509.AuthorityKeyIdentifier
  • KJUR.asn1.x509.BasicConstraints
  • @@ -389,6 +391,8 @@

    Classes

  • KJUR.crypto
  • +
  • KJUR.crypto.Cipher
  • +
  • KJUR.crypto.DSA
  • KJUR.crypto.ECDSA
  • diff --git a/api/symbols/KJUR.asn1.DERTeletexString.html b/api/symbols/KJUR.asn1.DERTeletexString.html index 83bff53d..f2098932 100644 --- a/api/symbols/KJUR.asn1.DERTeletexString.html +++ b/api/symbols/KJUR.asn1.DERTeletexString.html @@ -345,6 +345,8 @@

    Classes

  • KJUR.asn1.x509.AttributeTypeAndValue
  • +
  • KJUR.asn1.x509.AuthorityInfoAccess
  • +
  • KJUR.asn1.x509.AuthorityKeyIdentifier
  • KJUR.asn1.x509.BasicConstraints
  • @@ -389,6 +391,8 @@

    Classes

  • KJUR.crypto
  • +
  • KJUR.crypto.Cipher
  • +
  • KJUR.crypto.DSA
  • KJUR.crypto.ECDSA
  • diff --git a/api/symbols/KJUR.asn1.DERUTCTime.html b/api/symbols/KJUR.asn1.DERUTCTime.html index 66b06f64..9d9dae3f 100644 --- a/api/symbols/KJUR.asn1.DERUTCTime.html +++ b/api/symbols/KJUR.asn1.DERUTCTime.html @@ -345,6 +345,8 @@

    Classes

  • KJUR.asn1.x509.AttributeTypeAndValue
  • +
  • KJUR.asn1.x509.AuthorityInfoAccess
  • +
  • KJUR.asn1.x509.AuthorityKeyIdentifier
  • KJUR.asn1.x509.BasicConstraints
  • @@ -389,6 +391,8 @@

    Classes

  • KJUR.crypto
  • +
  • KJUR.crypto.Cipher
  • +
  • KJUR.crypto.DSA
  • KJUR.crypto.ECDSA
  • diff --git a/api/symbols/KJUR.asn1.DERUTF8String.html b/api/symbols/KJUR.asn1.DERUTF8String.html index a05e42e3..ce5f75eb 100644 --- a/api/symbols/KJUR.asn1.DERUTF8String.html +++ b/api/symbols/KJUR.asn1.DERUTF8String.html @@ -345,6 +345,8 @@

    Classes

  • KJUR.asn1.x509.AttributeTypeAndValue
  • +
  • KJUR.asn1.x509.AuthorityInfoAccess
  • +
  • KJUR.asn1.x509.AuthorityKeyIdentifier
  • KJUR.asn1.x509.BasicConstraints
  • @@ -389,6 +391,8 @@

    Classes

  • KJUR.crypto
  • +
  • KJUR.crypto.Cipher
  • +
  • KJUR.crypto.DSA
  • KJUR.crypto.ECDSA
  • diff --git a/api/symbols/KJUR.asn1.cades.CAdESUtil.html b/api/symbols/KJUR.asn1.cades.CAdESUtil.html index 0093b2e8..23ad6328 100644 --- a/api/symbols/KJUR.asn1.cades.CAdESUtil.html +++ b/api/symbols/KJUR.asn1.cades.CAdESUtil.html @@ -345,6 +345,8 @@

    Classes

  • KJUR.asn1.x509.AttributeTypeAndValue
  • +
  • KJUR.asn1.x509.AuthorityInfoAccess
  • +
  • KJUR.asn1.x509.AuthorityKeyIdentifier
  • KJUR.asn1.x509.BasicConstraints
  • @@ -389,6 +391,8 @@

    Classes

  • KJUR.crypto
  • +
  • KJUR.crypto.Cipher
  • +
  • KJUR.crypto.DSA
  • KJUR.crypto.ECDSA
  • diff --git a/api/symbols/KJUR.asn1.cades.CompleteCertificateRefs.html b/api/symbols/KJUR.asn1.cades.CompleteCertificateRefs.html index 41e0dcf9..0810c955 100644 --- a/api/symbols/KJUR.asn1.cades.CompleteCertificateRefs.html +++ b/api/symbols/KJUR.asn1.cades.CompleteCertificateRefs.html @@ -345,6 +345,8 @@

    Classes

  • KJUR.asn1.x509.AttributeTypeAndValue
  • +
  • KJUR.asn1.x509.AuthorityInfoAccess
  • +
  • KJUR.asn1.x509.AuthorityKeyIdentifier
  • KJUR.asn1.x509.BasicConstraints
  • @@ -389,6 +391,8 @@

    Classes

  • KJUR.crypto
  • +
  • KJUR.crypto.Cipher
  • +
  • KJUR.crypto.DSA
  • KJUR.crypto.ECDSA
  • diff --git a/api/symbols/KJUR.asn1.cades.OtherCertID.html b/api/symbols/KJUR.asn1.cades.OtherCertID.html index 8d0faad2..0a84f487 100644 --- a/api/symbols/KJUR.asn1.cades.OtherCertID.html +++ b/api/symbols/KJUR.asn1.cades.OtherCertID.html @@ -345,6 +345,8 @@

    Classes

  • KJUR.asn1.x509.AttributeTypeAndValue
  • +
  • KJUR.asn1.x509.AuthorityInfoAccess
  • +
  • KJUR.asn1.x509.AuthorityKeyIdentifier
  • KJUR.asn1.x509.BasicConstraints
  • @@ -389,6 +391,8 @@

    Classes

  • KJUR.crypto
  • +
  • KJUR.crypto.Cipher
  • +
  • KJUR.crypto.DSA
  • KJUR.crypto.ECDSA
  • diff --git a/api/symbols/KJUR.asn1.cades.OtherHash.html b/api/symbols/KJUR.asn1.cades.OtherHash.html index fd0f8d24..7504fccf 100644 --- a/api/symbols/KJUR.asn1.cades.OtherHash.html +++ b/api/symbols/KJUR.asn1.cades.OtherHash.html @@ -345,6 +345,8 @@

    Classes

  • KJUR.asn1.x509.AttributeTypeAndValue
  • +
  • KJUR.asn1.x509.AuthorityInfoAccess
  • +
  • KJUR.asn1.x509.AuthorityKeyIdentifier
  • KJUR.asn1.x509.BasicConstraints
  • @@ -389,6 +391,8 @@

    Classes

  • KJUR.crypto
  • +
  • KJUR.crypto.Cipher
  • +
  • KJUR.crypto.DSA
  • KJUR.crypto.ECDSA
  • diff --git a/api/symbols/KJUR.asn1.cades.OtherHashAlgAndValue.html b/api/symbols/KJUR.asn1.cades.OtherHashAlgAndValue.html index e7d42cd6..8e30b409 100644 --- a/api/symbols/KJUR.asn1.cades.OtherHashAlgAndValue.html +++ b/api/symbols/KJUR.asn1.cades.OtherHashAlgAndValue.html @@ -345,6 +345,8 @@

    Classes

  • KJUR.asn1.x509.AttributeTypeAndValue
  • +
  • KJUR.asn1.x509.AuthorityInfoAccess
  • +
  • KJUR.asn1.x509.AuthorityKeyIdentifier
  • KJUR.asn1.x509.BasicConstraints
  • @@ -389,6 +391,8 @@

    Classes

  • KJUR.crypto
  • +
  • KJUR.crypto.Cipher
  • +
  • KJUR.crypto.DSA
  • KJUR.crypto.ECDSA
  • diff --git a/api/symbols/KJUR.asn1.cades.SignaturePolicyIdentifier.html b/api/symbols/KJUR.asn1.cades.SignaturePolicyIdentifier.html index 586ba096..f255d6bf 100644 --- a/api/symbols/KJUR.asn1.cades.SignaturePolicyIdentifier.html +++ b/api/symbols/KJUR.asn1.cades.SignaturePolicyIdentifier.html @@ -345,6 +345,8 @@

    Classes

  • KJUR.asn1.x509.AttributeTypeAndValue
  • +
  • KJUR.asn1.x509.AuthorityInfoAccess
  • +
  • KJUR.asn1.x509.AuthorityKeyIdentifier
  • KJUR.asn1.x509.BasicConstraints
  • @@ -389,6 +391,8 @@

    Classes

  • KJUR.crypto
  • +
  • KJUR.crypto.Cipher
  • +
  • KJUR.crypto.DSA
  • KJUR.crypto.ECDSA
  • diff --git a/api/symbols/KJUR.asn1.cades.SignatureTimeStamp.html b/api/symbols/KJUR.asn1.cades.SignatureTimeStamp.html index d7851cbc..3559dbb5 100644 --- a/api/symbols/KJUR.asn1.cades.SignatureTimeStamp.html +++ b/api/symbols/KJUR.asn1.cades.SignatureTimeStamp.html @@ -345,6 +345,8 @@

    Classes

  • KJUR.asn1.x509.AttributeTypeAndValue
  • +
  • KJUR.asn1.x509.AuthorityInfoAccess
  • +
  • KJUR.asn1.x509.AuthorityKeyIdentifier
  • KJUR.asn1.x509.BasicConstraints
  • @@ -389,6 +391,8 @@

    Classes

  • KJUR.crypto
  • +
  • KJUR.crypto.Cipher
  • +
  • KJUR.crypto.DSA
  • KJUR.crypto.ECDSA
  • diff --git a/api/symbols/KJUR.asn1.cades.html b/api/symbols/KJUR.asn1.cades.html index f07bcc6f..246cbb28 100644 --- a/api/symbols/KJUR.asn1.cades.html +++ b/api/symbols/KJUR.asn1.cades.html @@ -345,6 +345,8 @@

    Classes

  • KJUR.asn1.x509.AttributeTypeAndValue
  • +
  • KJUR.asn1.x509.AuthorityInfoAccess
  • +
  • KJUR.asn1.x509.AuthorityKeyIdentifier
  • KJUR.asn1.x509.BasicConstraints
  • @@ -389,6 +391,8 @@

    Classes

  • KJUR.crypto
  • +
  • KJUR.crypto.Cipher
  • +
  • KJUR.crypto.DSA
  • KJUR.crypto.ECDSA
  • diff --git a/api/symbols/KJUR.asn1.cms.Attribute.html b/api/symbols/KJUR.asn1.cms.Attribute.html index b7755a14..09f45abd 100644 --- a/api/symbols/KJUR.asn1.cms.Attribute.html +++ b/api/symbols/KJUR.asn1.cms.Attribute.html @@ -345,6 +345,8 @@

    Classes

  • KJUR.asn1.x509.AttributeTypeAndValue
  • +
  • KJUR.asn1.x509.AuthorityInfoAccess
  • +
  • KJUR.asn1.x509.AuthorityKeyIdentifier
  • KJUR.asn1.x509.BasicConstraints
  • @@ -389,6 +391,8 @@

    Classes

  • KJUR.crypto
  • +
  • KJUR.crypto.Cipher
  • +
  • KJUR.crypto.DSA
  • KJUR.crypto.ECDSA
  • diff --git a/api/symbols/KJUR.asn1.cms.AttributeList.html b/api/symbols/KJUR.asn1.cms.AttributeList.html index 2f0a5de9..ca840e3e 100644 --- a/api/symbols/KJUR.asn1.cms.AttributeList.html +++ b/api/symbols/KJUR.asn1.cms.AttributeList.html @@ -345,6 +345,8 @@

    Classes

  • KJUR.asn1.x509.AttributeTypeAndValue
  • +
  • KJUR.asn1.x509.AuthorityInfoAccess
  • +
  • KJUR.asn1.x509.AuthorityKeyIdentifier
  • KJUR.asn1.x509.BasicConstraints
  • @@ -389,6 +391,8 @@

    Classes

  • KJUR.crypto
  • +
  • KJUR.crypto.Cipher
  • +
  • KJUR.crypto.DSA
  • KJUR.crypto.ECDSA
  • diff --git a/api/symbols/KJUR.asn1.cms.CMSUtil.html b/api/symbols/KJUR.asn1.cms.CMSUtil.html index 0960bf87..8088327e 100644 --- a/api/symbols/KJUR.asn1.cms.CMSUtil.html +++ b/api/symbols/KJUR.asn1.cms.CMSUtil.html @@ -345,6 +345,8 @@

    Classes

  • KJUR.asn1.x509.AttributeTypeAndValue
  • +
  • KJUR.asn1.x509.AuthorityInfoAccess
  • +
  • KJUR.asn1.x509.AuthorityKeyIdentifier
  • KJUR.asn1.x509.BasicConstraints
  • @@ -389,6 +391,8 @@

    Classes

  • KJUR.crypto
  • +
  • KJUR.crypto.Cipher
  • +
  • KJUR.crypto.DSA
  • KJUR.crypto.ECDSA
  • diff --git a/api/symbols/KJUR.asn1.cms.ContentInfo.html b/api/symbols/KJUR.asn1.cms.ContentInfo.html index 609adb15..b3998229 100644 --- a/api/symbols/KJUR.asn1.cms.ContentInfo.html +++ b/api/symbols/KJUR.asn1.cms.ContentInfo.html @@ -345,6 +345,8 @@

    Classes

  • KJUR.asn1.x509.AttributeTypeAndValue
  • +
  • KJUR.asn1.x509.AuthorityInfoAccess
  • +
  • KJUR.asn1.x509.AuthorityKeyIdentifier
  • KJUR.asn1.x509.BasicConstraints
  • @@ -389,6 +391,8 @@

    Classes

  • KJUR.crypto
  • +
  • KJUR.crypto.Cipher
  • +
  • KJUR.crypto.DSA
  • KJUR.crypto.ECDSA
  • diff --git a/api/symbols/KJUR.asn1.cms.ContentType.html b/api/symbols/KJUR.asn1.cms.ContentType.html index 126b04d7..2e0b8e0c 100644 --- a/api/symbols/KJUR.asn1.cms.ContentType.html +++ b/api/symbols/KJUR.asn1.cms.ContentType.html @@ -345,6 +345,8 @@

    Classes

  • KJUR.asn1.x509.AttributeTypeAndValue
  • +
  • KJUR.asn1.x509.AuthorityInfoAccess
  • +
  • KJUR.asn1.x509.AuthorityKeyIdentifier
  • KJUR.asn1.x509.BasicConstraints
  • @@ -389,6 +391,8 @@

    Classes

  • KJUR.crypto
  • +
  • KJUR.crypto.Cipher
  • +
  • KJUR.crypto.DSA
  • KJUR.crypto.ECDSA
  • diff --git a/api/symbols/KJUR.asn1.cms.EncapsulatedContentInfo.html b/api/symbols/KJUR.asn1.cms.EncapsulatedContentInfo.html index 1d5ca2c4..908abc78 100644 --- a/api/symbols/KJUR.asn1.cms.EncapsulatedContentInfo.html +++ b/api/symbols/KJUR.asn1.cms.EncapsulatedContentInfo.html @@ -345,6 +345,8 @@

    Classes

  • KJUR.asn1.x509.AttributeTypeAndValue
  • +
  • KJUR.asn1.x509.AuthorityInfoAccess
  • +
  • KJUR.asn1.x509.AuthorityKeyIdentifier
  • KJUR.asn1.x509.BasicConstraints
  • @@ -389,6 +391,8 @@

    Classes

  • KJUR.crypto
  • +
  • KJUR.crypto.Cipher
  • +
  • KJUR.crypto.DSA
  • KJUR.crypto.ECDSA
  • diff --git a/api/symbols/KJUR.asn1.cms.IssuerAndSerialNumber.html b/api/symbols/KJUR.asn1.cms.IssuerAndSerialNumber.html index 9617aa84..3f7dd5fb 100644 --- a/api/symbols/KJUR.asn1.cms.IssuerAndSerialNumber.html +++ b/api/symbols/KJUR.asn1.cms.IssuerAndSerialNumber.html @@ -345,6 +345,8 @@

    Classes

  • KJUR.asn1.x509.AttributeTypeAndValue
  • +
  • KJUR.asn1.x509.AuthorityInfoAccess
  • +
  • KJUR.asn1.x509.AuthorityKeyIdentifier
  • KJUR.asn1.x509.BasicConstraints
  • @@ -389,6 +391,8 @@

    Classes

  • KJUR.crypto
  • +
  • KJUR.crypto.Cipher
  • +
  • KJUR.crypto.DSA
  • KJUR.crypto.ECDSA
  • diff --git a/api/symbols/KJUR.asn1.cms.MessageDigest.html b/api/symbols/KJUR.asn1.cms.MessageDigest.html index 7b61e1a2..9dee19c7 100644 --- a/api/symbols/KJUR.asn1.cms.MessageDigest.html +++ b/api/symbols/KJUR.asn1.cms.MessageDigest.html @@ -345,6 +345,8 @@

    Classes

  • KJUR.asn1.x509.AttributeTypeAndValue
  • +
  • KJUR.asn1.x509.AuthorityInfoAccess
  • +
  • KJUR.asn1.x509.AuthorityKeyIdentifier
  • KJUR.asn1.x509.BasicConstraints
  • @@ -389,6 +391,8 @@

    Classes

  • KJUR.crypto
  • +
  • KJUR.crypto.Cipher
  • +
  • KJUR.crypto.DSA
  • KJUR.crypto.ECDSA
  • diff --git a/api/symbols/KJUR.asn1.cms.SignedData.html b/api/symbols/KJUR.asn1.cms.SignedData.html index 1ba52680..0926286b 100644 --- a/api/symbols/KJUR.asn1.cms.SignedData.html +++ b/api/symbols/KJUR.asn1.cms.SignedData.html @@ -345,6 +345,8 @@

    Classes

  • KJUR.asn1.x509.AttributeTypeAndValue
  • +
  • KJUR.asn1.x509.AuthorityInfoAccess
  • +
  • KJUR.asn1.x509.AuthorityKeyIdentifier
  • KJUR.asn1.x509.BasicConstraints
  • @@ -389,6 +391,8 @@

    Classes

  • KJUR.crypto
  • +
  • KJUR.crypto.Cipher
  • +
  • KJUR.crypto.DSA
  • KJUR.crypto.ECDSA
  • diff --git a/api/symbols/KJUR.asn1.cms.SignerInfo.html b/api/symbols/KJUR.asn1.cms.SignerInfo.html index 2bc02321..f79408b5 100644 --- a/api/symbols/KJUR.asn1.cms.SignerInfo.html +++ b/api/symbols/KJUR.asn1.cms.SignerInfo.html @@ -345,6 +345,8 @@

    Classes

  • KJUR.asn1.x509.AttributeTypeAndValue
  • +
  • KJUR.asn1.x509.AuthorityInfoAccess
  • +
  • KJUR.asn1.x509.AuthorityKeyIdentifier
  • KJUR.asn1.x509.BasicConstraints
  • @@ -389,6 +391,8 @@

    Classes

  • KJUR.crypto
  • +
  • KJUR.crypto.Cipher
  • +
  • KJUR.crypto.DSA
  • KJUR.crypto.ECDSA
  • diff --git a/api/symbols/KJUR.asn1.cms.SigningCertificate.html b/api/symbols/KJUR.asn1.cms.SigningCertificate.html index 4e81fc68..76d1427e 100644 --- a/api/symbols/KJUR.asn1.cms.SigningCertificate.html +++ b/api/symbols/KJUR.asn1.cms.SigningCertificate.html @@ -345,6 +345,8 @@

    Classes

  • KJUR.asn1.x509.AttributeTypeAndValue
  • +
  • KJUR.asn1.x509.AuthorityInfoAccess
  • +
  • KJUR.asn1.x509.AuthorityKeyIdentifier
  • KJUR.asn1.x509.BasicConstraints
  • @@ -389,6 +391,8 @@

    Classes

  • KJUR.crypto
  • +
  • KJUR.crypto.Cipher
  • +
  • KJUR.crypto.DSA
  • KJUR.crypto.ECDSA
  • diff --git a/api/symbols/KJUR.asn1.cms.SigningCertificateV2.html b/api/symbols/KJUR.asn1.cms.SigningCertificateV2.html index 80d0ca69..aaa0b90e 100644 --- a/api/symbols/KJUR.asn1.cms.SigningCertificateV2.html +++ b/api/symbols/KJUR.asn1.cms.SigningCertificateV2.html @@ -345,6 +345,8 @@

    Classes

  • KJUR.asn1.x509.AttributeTypeAndValue
  • +
  • KJUR.asn1.x509.AuthorityInfoAccess
  • +
  • KJUR.asn1.x509.AuthorityKeyIdentifier
  • KJUR.asn1.x509.BasicConstraints
  • @@ -389,6 +391,8 @@

    Classes

  • KJUR.crypto
  • +
  • KJUR.crypto.Cipher
  • +
  • KJUR.crypto.DSA
  • KJUR.crypto.ECDSA
  • diff --git a/api/symbols/KJUR.asn1.cms.SigningTime.html b/api/symbols/KJUR.asn1.cms.SigningTime.html index a43ddf50..69a5a58c 100644 --- a/api/symbols/KJUR.asn1.cms.SigningTime.html +++ b/api/symbols/KJUR.asn1.cms.SigningTime.html @@ -345,6 +345,8 @@

    Classes

  • KJUR.asn1.x509.AttributeTypeAndValue
  • +
  • KJUR.asn1.x509.AuthorityInfoAccess
  • +
  • KJUR.asn1.x509.AuthorityKeyIdentifier
  • KJUR.asn1.x509.BasicConstraints
  • @@ -389,6 +391,8 @@

    Classes

  • KJUR.crypto
  • +
  • KJUR.crypto.Cipher
  • +
  • KJUR.crypto.DSA
  • KJUR.crypto.ECDSA
  • diff --git a/api/symbols/KJUR.asn1.cms.html b/api/symbols/KJUR.asn1.cms.html index a2206aed..e8bc8853 100644 --- a/api/symbols/KJUR.asn1.cms.html +++ b/api/symbols/KJUR.asn1.cms.html @@ -345,6 +345,8 @@

    Classes

  • KJUR.asn1.x509.AttributeTypeAndValue
  • +
  • KJUR.asn1.x509.AuthorityInfoAccess
  • +
  • KJUR.asn1.x509.AuthorityKeyIdentifier
  • KJUR.asn1.x509.BasicConstraints
  • @@ -389,6 +391,8 @@

    Classes

  • KJUR.crypto
  • +
  • KJUR.crypto.Cipher
  • +
  • KJUR.crypto.DSA
  • KJUR.crypto.ECDSA
  • diff --git a/api/symbols/KJUR.asn1.csr.CSRUtil.html b/api/symbols/KJUR.asn1.csr.CSRUtil.html index fa99bec2..36671295 100644 --- a/api/symbols/KJUR.asn1.csr.CSRUtil.html +++ b/api/symbols/KJUR.asn1.csr.CSRUtil.html @@ -345,6 +345,8 @@

    Classes

  • KJUR.asn1.x509.AttributeTypeAndValue
  • +
  • KJUR.asn1.x509.AuthorityInfoAccess
  • +
  • KJUR.asn1.x509.AuthorityKeyIdentifier
  • KJUR.asn1.x509.BasicConstraints
  • @@ -389,6 +391,8 @@

    Classes

  • KJUR.crypto
  • +
  • KJUR.crypto.Cipher
  • +
  • KJUR.crypto.DSA
  • KJUR.crypto.ECDSA
  • diff --git a/api/symbols/KJUR.asn1.csr.CertificationRequest.html b/api/symbols/KJUR.asn1.csr.CertificationRequest.html index 15e83f0f..d2c85c3d 100644 --- a/api/symbols/KJUR.asn1.csr.CertificationRequest.html +++ b/api/symbols/KJUR.asn1.csr.CertificationRequest.html @@ -345,6 +345,8 @@

    Classes

  • KJUR.asn1.x509.AttributeTypeAndValue
  • +
  • KJUR.asn1.x509.AuthorityInfoAccess
  • +
  • KJUR.asn1.x509.AuthorityKeyIdentifier
  • KJUR.asn1.x509.BasicConstraints
  • @@ -389,6 +391,8 @@

    Classes

  • KJUR.crypto
  • +
  • KJUR.crypto.Cipher
  • +
  • KJUR.crypto.DSA
  • KJUR.crypto.ECDSA
  • diff --git a/api/symbols/KJUR.asn1.csr.CertificationRequestInfo.html b/api/symbols/KJUR.asn1.csr.CertificationRequestInfo.html index 03f71cd9..500aa666 100644 --- a/api/symbols/KJUR.asn1.csr.CertificationRequestInfo.html +++ b/api/symbols/KJUR.asn1.csr.CertificationRequestInfo.html @@ -345,6 +345,8 @@

    Classes

  • KJUR.asn1.x509.AttributeTypeAndValue
  • +
  • KJUR.asn1.x509.AuthorityInfoAccess
  • +
  • KJUR.asn1.x509.AuthorityKeyIdentifier
  • KJUR.asn1.x509.BasicConstraints
  • @@ -389,6 +391,8 @@

    Classes

  • KJUR.crypto
  • +
  • KJUR.crypto.Cipher
  • +
  • KJUR.crypto.DSA
  • KJUR.crypto.ECDSA
  • diff --git a/api/symbols/KJUR.asn1.csr.html b/api/symbols/KJUR.asn1.csr.html index 9dfa4e5f..60493562 100644 --- a/api/symbols/KJUR.asn1.csr.html +++ b/api/symbols/KJUR.asn1.csr.html @@ -345,6 +345,8 @@

    Classes

  • KJUR.asn1.x509.AttributeTypeAndValue
  • +
  • KJUR.asn1.x509.AuthorityInfoAccess
  • +
  • KJUR.asn1.x509.AuthorityKeyIdentifier
  • KJUR.asn1.x509.BasicConstraints
  • @@ -389,6 +391,8 @@

    Classes

  • KJUR.crypto
  • +
  • KJUR.crypto.Cipher
  • +
  • KJUR.crypto.DSA
  • KJUR.crypto.ECDSA
  • diff --git a/api/symbols/KJUR.asn1.html b/api/symbols/KJUR.asn1.html index bdfd6a82..60b40b82 100644 --- a/api/symbols/KJUR.asn1.html +++ b/api/symbols/KJUR.asn1.html @@ -345,6 +345,8 @@

    Classes

  • KJUR.asn1.x509.AttributeTypeAndValue
  • +
  • KJUR.asn1.x509.AuthorityInfoAccess
  • +
  • KJUR.asn1.x509.AuthorityKeyIdentifier
  • KJUR.asn1.x509.BasicConstraints
  • @@ -389,6 +391,8 @@

    Classes

  • KJUR.crypto
  • +
  • KJUR.crypto.Cipher
  • +
  • KJUR.crypto.DSA
  • KJUR.crypto.ECDSA
  • diff --git a/api/symbols/KJUR.asn1.ocsp.CertID.html b/api/symbols/KJUR.asn1.ocsp.CertID.html index b7c808db..8a707476 100644 --- a/api/symbols/KJUR.asn1.ocsp.CertID.html +++ b/api/symbols/KJUR.asn1.ocsp.CertID.html @@ -345,6 +345,8 @@

    Classes

  • KJUR.asn1.x509.AttributeTypeAndValue
  • +
  • KJUR.asn1.x509.AuthorityInfoAccess
  • +
  • KJUR.asn1.x509.AuthorityKeyIdentifier
  • KJUR.asn1.x509.BasicConstraints
  • @@ -389,6 +391,8 @@

    Classes

  • KJUR.crypto
  • +
  • KJUR.crypto.Cipher
  • +
  • KJUR.crypto.DSA
  • KJUR.crypto.ECDSA
  • diff --git a/api/symbols/KJUR.asn1.ocsp.OCSPRequest.html b/api/symbols/KJUR.asn1.ocsp.OCSPRequest.html index 4c9c76cd..0953704d 100644 --- a/api/symbols/KJUR.asn1.ocsp.OCSPRequest.html +++ b/api/symbols/KJUR.asn1.ocsp.OCSPRequest.html @@ -345,6 +345,8 @@

    Classes

  • KJUR.asn1.x509.AttributeTypeAndValue
  • +
  • KJUR.asn1.x509.AuthorityInfoAccess
  • +
  • KJUR.asn1.x509.AuthorityKeyIdentifier
  • KJUR.asn1.x509.BasicConstraints
  • @@ -389,6 +391,8 @@

    Classes

  • KJUR.crypto
  • +
  • KJUR.crypto.Cipher
  • +
  • KJUR.crypto.DSA
  • KJUR.crypto.ECDSA
  • diff --git a/api/symbols/KJUR.asn1.ocsp.OCSPUtil.html b/api/symbols/KJUR.asn1.ocsp.OCSPUtil.html index 53af18e8..cfd0baf3 100644 --- a/api/symbols/KJUR.asn1.ocsp.OCSPUtil.html +++ b/api/symbols/KJUR.asn1.ocsp.OCSPUtil.html @@ -345,6 +345,8 @@

    Classes

  • KJUR.asn1.x509.AttributeTypeAndValue
  • +
  • KJUR.asn1.x509.AuthorityInfoAccess
  • +
  • KJUR.asn1.x509.AuthorityKeyIdentifier
  • KJUR.asn1.x509.BasicConstraints
  • @@ -389,6 +391,8 @@

    Classes

  • KJUR.crypto
  • +
  • KJUR.crypto.Cipher
  • +
  • KJUR.crypto.DSA
  • KJUR.crypto.ECDSA
  • diff --git a/api/symbols/KJUR.asn1.ocsp.Request.html b/api/symbols/KJUR.asn1.ocsp.Request.html index 0dfe4692..b9f43da8 100644 --- a/api/symbols/KJUR.asn1.ocsp.Request.html +++ b/api/symbols/KJUR.asn1.ocsp.Request.html @@ -345,6 +345,8 @@

    Classes

  • KJUR.asn1.x509.AttributeTypeAndValue
  • +
  • KJUR.asn1.x509.AuthorityInfoAccess
  • +
  • KJUR.asn1.x509.AuthorityKeyIdentifier
  • KJUR.asn1.x509.BasicConstraints
  • @@ -389,6 +391,8 @@

    Classes

  • KJUR.crypto
  • +
  • KJUR.crypto.Cipher
  • +
  • KJUR.crypto.DSA
  • KJUR.crypto.ECDSA
  • diff --git a/api/symbols/KJUR.asn1.ocsp.TBSRequest.html b/api/symbols/KJUR.asn1.ocsp.TBSRequest.html index b9b338ac..31b0127a 100644 --- a/api/symbols/KJUR.asn1.ocsp.TBSRequest.html +++ b/api/symbols/KJUR.asn1.ocsp.TBSRequest.html @@ -345,6 +345,8 @@

    Classes

  • KJUR.asn1.x509.AttributeTypeAndValue
  • +
  • KJUR.asn1.x509.AuthorityInfoAccess
  • +
  • KJUR.asn1.x509.AuthorityKeyIdentifier
  • KJUR.asn1.x509.BasicConstraints
  • @@ -389,6 +391,8 @@

    Classes

  • KJUR.crypto
  • +
  • KJUR.crypto.Cipher
  • +
  • KJUR.crypto.DSA
  • KJUR.crypto.ECDSA
  • diff --git a/api/symbols/KJUR.asn1.ocsp.html b/api/symbols/KJUR.asn1.ocsp.html index 47e892f4..d94f1b26 100644 --- a/api/symbols/KJUR.asn1.ocsp.html +++ b/api/symbols/KJUR.asn1.ocsp.html @@ -345,6 +345,8 @@

    Classes

  • KJUR.asn1.x509.AttributeTypeAndValue
  • +
  • KJUR.asn1.x509.AuthorityInfoAccess
  • +
  • KJUR.asn1.x509.AuthorityKeyIdentifier
  • KJUR.asn1.x509.BasicConstraints
  • @@ -389,6 +391,8 @@

    Classes

  • KJUR.crypto
  • +
  • KJUR.crypto.Cipher
  • +
  • KJUR.crypto.DSA
  • KJUR.crypto.ECDSA
  • diff --git a/api/symbols/KJUR.asn1.tsp.AbstractTSAAdapter.html b/api/symbols/KJUR.asn1.tsp.AbstractTSAAdapter.html index 36635026..2ba7c88d 100644 --- a/api/symbols/KJUR.asn1.tsp.AbstractTSAAdapter.html +++ b/api/symbols/KJUR.asn1.tsp.AbstractTSAAdapter.html @@ -345,6 +345,8 @@

    Classes

  • KJUR.asn1.x509.AttributeTypeAndValue
  • +
  • KJUR.asn1.x509.AuthorityInfoAccess
  • +
  • KJUR.asn1.x509.AuthorityKeyIdentifier
  • KJUR.asn1.x509.BasicConstraints
  • @@ -389,6 +391,8 @@

    Classes

  • KJUR.crypto
  • +
  • KJUR.crypto.Cipher
  • +
  • KJUR.crypto.DSA
  • KJUR.crypto.ECDSA
  • diff --git a/api/symbols/KJUR.asn1.tsp.Accuracy.html b/api/symbols/KJUR.asn1.tsp.Accuracy.html index b1b17586..4822dbdf 100644 --- a/api/symbols/KJUR.asn1.tsp.Accuracy.html +++ b/api/symbols/KJUR.asn1.tsp.Accuracy.html @@ -345,6 +345,8 @@

    Classes

  • KJUR.asn1.x509.AttributeTypeAndValue
  • +
  • KJUR.asn1.x509.AuthorityInfoAccess
  • +
  • KJUR.asn1.x509.AuthorityKeyIdentifier
  • KJUR.asn1.x509.BasicConstraints
  • @@ -389,6 +391,8 @@

    Classes

  • KJUR.crypto
  • +
  • KJUR.crypto.Cipher
  • +
  • KJUR.crypto.DSA
  • KJUR.crypto.ECDSA
  • diff --git a/api/symbols/KJUR.asn1.tsp.FixedTSAAdapter.html b/api/symbols/KJUR.asn1.tsp.FixedTSAAdapter.html index e83fb69b..7ceb29c1 100644 --- a/api/symbols/KJUR.asn1.tsp.FixedTSAAdapter.html +++ b/api/symbols/KJUR.asn1.tsp.FixedTSAAdapter.html @@ -345,6 +345,8 @@

    Classes

  • KJUR.asn1.x509.AttributeTypeAndValue
  • +
  • KJUR.asn1.x509.AuthorityInfoAccess
  • +
  • KJUR.asn1.x509.AuthorityKeyIdentifier
  • KJUR.asn1.x509.BasicConstraints
  • @@ -389,6 +391,8 @@

    Classes

  • KJUR.crypto
  • +
  • KJUR.crypto.Cipher
  • +
  • KJUR.crypto.DSA
  • KJUR.crypto.ECDSA
  • diff --git a/api/symbols/KJUR.asn1.tsp.MessageImprint.html b/api/symbols/KJUR.asn1.tsp.MessageImprint.html index e46a8a1b..81141d30 100644 --- a/api/symbols/KJUR.asn1.tsp.MessageImprint.html +++ b/api/symbols/KJUR.asn1.tsp.MessageImprint.html @@ -345,6 +345,8 @@

    Classes

  • KJUR.asn1.x509.AttributeTypeAndValue
  • +
  • KJUR.asn1.x509.AuthorityInfoAccess
  • +
  • KJUR.asn1.x509.AuthorityKeyIdentifier
  • KJUR.asn1.x509.BasicConstraints
  • @@ -389,6 +391,8 @@

    Classes

  • KJUR.crypto
  • +
  • KJUR.crypto.Cipher
  • +
  • KJUR.crypto.DSA
  • KJUR.crypto.ECDSA
  • diff --git a/api/symbols/KJUR.asn1.tsp.PKIFailureInfo.html b/api/symbols/KJUR.asn1.tsp.PKIFailureInfo.html index 58cdf944..8752ee62 100644 --- a/api/symbols/KJUR.asn1.tsp.PKIFailureInfo.html +++ b/api/symbols/KJUR.asn1.tsp.PKIFailureInfo.html @@ -345,6 +345,8 @@

    Classes

  • KJUR.asn1.x509.AttributeTypeAndValue
  • +
  • KJUR.asn1.x509.AuthorityInfoAccess
  • +
  • KJUR.asn1.x509.AuthorityKeyIdentifier
  • KJUR.asn1.x509.BasicConstraints
  • @@ -389,6 +391,8 @@

    Classes

  • KJUR.crypto
  • +
  • KJUR.crypto.Cipher
  • +
  • KJUR.crypto.DSA
  • KJUR.crypto.ECDSA
  • diff --git a/api/symbols/KJUR.asn1.tsp.PKIFreeText.html b/api/symbols/KJUR.asn1.tsp.PKIFreeText.html index 3130e214..3ea529c8 100644 --- a/api/symbols/KJUR.asn1.tsp.PKIFreeText.html +++ b/api/symbols/KJUR.asn1.tsp.PKIFreeText.html @@ -345,6 +345,8 @@

    Classes

  • KJUR.asn1.x509.AttributeTypeAndValue
  • +
  • KJUR.asn1.x509.AuthorityInfoAccess
  • +
  • KJUR.asn1.x509.AuthorityKeyIdentifier
  • KJUR.asn1.x509.BasicConstraints
  • @@ -389,6 +391,8 @@

    Classes

  • KJUR.crypto
  • +
  • KJUR.crypto.Cipher
  • +
  • KJUR.crypto.DSA
  • KJUR.crypto.ECDSA
  • diff --git a/api/symbols/KJUR.asn1.tsp.PKIStatus.html b/api/symbols/KJUR.asn1.tsp.PKIStatus.html index 293aaa40..e156c415 100644 --- a/api/symbols/KJUR.asn1.tsp.PKIStatus.html +++ b/api/symbols/KJUR.asn1.tsp.PKIStatus.html @@ -345,6 +345,8 @@

    Classes

  • KJUR.asn1.x509.AttributeTypeAndValue
  • +
  • KJUR.asn1.x509.AuthorityInfoAccess
  • +
  • KJUR.asn1.x509.AuthorityKeyIdentifier
  • KJUR.asn1.x509.BasicConstraints
  • @@ -389,6 +391,8 @@

    Classes

  • KJUR.crypto
  • +
  • KJUR.crypto.Cipher
  • +
  • KJUR.crypto.DSA
  • KJUR.crypto.ECDSA
  • diff --git a/api/symbols/KJUR.asn1.tsp.PKIStatusInfo.html b/api/symbols/KJUR.asn1.tsp.PKIStatusInfo.html index e7e0f61a..fe8efdb8 100644 --- a/api/symbols/KJUR.asn1.tsp.PKIStatusInfo.html +++ b/api/symbols/KJUR.asn1.tsp.PKIStatusInfo.html @@ -345,6 +345,8 @@

    Classes

  • KJUR.asn1.x509.AttributeTypeAndValue
  • +
  • KJUR.asn1.x509.AuthorityInfoAccess
  • +
  • KJUR.asn1.x509.AuthorityKeyIdentifier
  • KJUR.asn1.x509.BasicConstraints
  • @@ -389,6 +391,8 @@

    Classes

  • KJUR.crypto
  • +
  • KJUR.crypto.Cipher
  • +
  • KJUR.crypto.DSA
  • KJUR.crypto.ECDSA
  • diff --git a/api/symbols/KJUR.asn1.tsp.SimpleTSAAdapter.html b/api/symbols/KJUR.asn1.tsp.SimpleTSAAdapter.html index e75cd6a6..0482c687 100644 --- a/api/symbols/KJUR.asn1.tsp.SimpleTSAAdapter.html +++ b/api/symbols/KJUR.asn1.tsp.SimpleTSAAdapter.html @@ -345,6 +345,8 @@

    Classes

  • KJUR.asn1.x509.AttributeTypeAndValue
  • +
  • KJUR.asn1.x509.AuthorityInfoAccess
  • +
  • KJUR.asn1.x509.AuthorityKeyIdentifier
  • KJUR.asn1.x509.BasicConstraints
  • @@ -389,6 +391,8 @@

    Classes

  • KJUR.crypto
  • +
  • KJUR.crypto.Cipher
  • +
  • KJUR.crypto.DSA
  • KJUR.crypto.ECDSA
  • diff --git a/api/symbols/KJUR.asn1.tsp.TSPUtil.html b/api/symbols/KJUR.asn1.tsp.TSPUtil.html index 833548c7..90c684bc 100644 --- a/api/symbols/KJUR.asn1.tsp.TSPUtil.html +++ b/api/symbols/KJUR.asn1.tsp.TSPUtil.html @@ -345,6 +345,8 @@

    Classes

  • KJUR.asn1.x509.AttributeTypeAndValue
  • +
  • KJUR.asn1.x509.AuthorityInfoAccess
  • +
  • KJUR.asn1.x509.AuthorityKeyIdentifier
  • KJUR.asn1.x509.BasicConstraints
  • @@ -389,6 +391,8 @@

    Classes

  • KJUR.crypto
  • +
  • KJUR.crypto.Cipher
  • +
  • KJUR.crypto.DSA
  • KJUR.crypto.ECDSA
  • diff --git a/api/symbols/KJUR.asn1.tsp.TSTInfo.html b/api/symbols/KJUR.asn1.tsp.TSTInfo.html index 04aff989..f292d5ef 100644 --- a/api/symbols/KJUR.asn1.tsp.TSTInfo.html +++ b/api/symbols/KJUR.asn1.tsp.TSTInfo.html @@ -345,6 +345,8 @@

    Classes

  • KJUR.asn1.x509.AttributeTypeAndValue
  • +
  • KJUR.asn1.x509.AuthorityInfoAccess
  • +
  • KJUR.asn1.x509.AuthorityKeyIdentifier
  • KJUR.asn1.x509.BasicConstraints
  • @@ -389,6 +391,8 @@

    Classes

  • KJUR.crypto
  • +
  • KJUR.crypto.Cipher
  • +
  • KJUR.crypto.DSA
  • KJUR.crypto.ECDSA
  • diff --git a/api/symbols/KJUR.asn1.tsp.TimeStampReq.html b/api/symbols/KJUR.asn1.tsp.TimeStampReq.html index 67e620e6..8f5f64e3 100644 --- a/api/symbols/KJUR.asn1.tsp.TimeStampReq.html +++ b/api/symbols/KJUR.asn1.tsp.TimeStampReq.html @@ -345,6 +345,8 @@

    Classes

  • KJUR.asn1.x509.AttributeTypeAndValue
  • +
  • KJUR.asn1.x509.AuthorityInfoAccess
  • +
  • KJUR.asn1.x509.AuthorityKeyIdentifier
  • KJUR.asn1.x509.BasicConstraints
  • @@ -389,6 +391,8 @@

    Classes

  • KJUR.crypto
  • +
  • KJUR.crypto.Cipher
  • +
  • KJUR.crypto.DSA
  • KJUR.crypto.ECDSA
  • diff --git a/api/symbols/KJUR.asn1.tsp.TimeStampResp.html b/api/symbols/KJUR.asn1.tsp.TimeStampResp.html index 51fb37fd..9b42c428 100644 --- a/api/symbols/KJUR.asn1.tsp.TimeStampResp.html +++ b/api/symbols/KJUR.asn1.tsp.TimeStampResp.html @@ -345,6 +345,8 @@

    Classes

  • KJUR.asn1.x509.AttributeTypeAndValue
  • +
  • KJUR.asn1.x509.AuthorityInfoAccess
  • +
  • KJUR.asn1.x509.AuthorityKeyIdentifier
  • KJUR.asn1.x509.BasicConstraints
  • @@ -389,6 +391,8 @@

    Classes

  • KJUR.crypto
  • +
  • KJUR.crypto.Cipher
  • +
  • KJUR.crypto.DSA
  • KJUR.crypto.ECDSA
  • diff --git a/api/symbols/KJUR.asn1.tsp.html b/api/symbols/KJUR.asn1.tsp.html index 123c1fb2..104f71ba 100644 --- a/api/symbols/KJUR.asn1.tsp.html +++ b/api/symbols/KJUR.asn1.tsp.html @@ -345,6 +345,8 @@

    Classes

  • KJUR.asn1.x509.AttributeTypeAndValue
  • +
  • KJUR.asn1.x509.AuthorityInfoAccess
  • +
  • KJUR.asn1.x509.AuthorityKeyIdentifier
  • KJUR.asn1.x509.BasicConstraints
  • @@ -389,6 +391,8 @@

    Classes

  • KJUR.crypto
  • +
  • KJUR.crypto.Cipher
  • +
  • KJUR.crypto.DSA
  • KJUR.crypto.ECDSA
  • diff --git a/api/symbols/KJUR.asn1.x509.AlgorithmIdentifier.html b/api/symbols/KJUR.asn1.x509.AlgorithmIdentifier.html index 941ea116..f91428ff 100644 --- a/api/symbols/KJUR.asn1.x509.AlgorithmIdentifier.html +++ b/api/symbols/KJUR.asn1.x509.AlgorithmIdentifier.html @@ -345,6 +345,8 @@

    Classes

  • KJUR.asn1.x509.AttributeTypeAndValue
  • +
  • KJUR.asn1.x509.AuthorityInfoAccess
  • +
  • KJUR.asn1.x509.AuthorityKeyIdentifier
  • KJUR.asn1.x509.BasicConstraints
  • @@ -389,6 +391,8 @@

    Classes

  • KJUR.crypto
  • +
  • KJUR.crypto.Cipher
  • +
  • KJUR.crypto.DSA
  • KJUR.crypto.ECDSA
  • diff --git a/api/symbols/KJUR.asn1.x509.AttributeTypeAndValue.html b/api/symbols/KJUR.asn1.x509.AttributeTypeAndValue.html index 4ca4f060..e609550a 100644 --- a/api/symbols/KJUR.asn1.x509.AttributeTypeAndValue.html +++ b/api/symbols/KJUR.asn1.x509.AttributeTypeAndValue.html @@ -345,6 +345,8 @@

    Classes

  • KJUR.asn1.x509.AttributeTypeAndValue
  • +
  • KJUR.asn1.x509.AuthorityInfoAccess
  • +
  • KJUR.asn1.x509.AuthorityKeyIdentifier
  • KJUR.asn1.x509.BasicConstraints
  • @@ -389,6 +391,8 @@

    Classes

  • KJUR.crypto
  • +
  • KJUR.crypto.Cipher
  • +
  • KJUR.crypto.DSA
  • KJUR.crypto.ECDSA
  • @@ -531,6 +535,17 @@

    +
    +
    See:
    + +
    KJUR.asn1.x509.X500Name
    + +
    KJUR.asn1.x509.RDN
    + +
    KJUR.asn1.x509.AttributeTypeAndValue
    + +
    +

    diff --git a/api/symbols/KJUR.asn1.x509.AuthorityInfoAccess.html b/api/symbols/KJUR.asn1.x509.AuthorityInfoAccess.html new file mode 100644 index 00000000..c543088a --- /dev/null +++ b/api/symbols/KJUR.asn1.x509.AuthorityInfoAccess.html @@ -0,0 +1,586 @@ + + + + + + + jsrsasign 4.8.7 JavaScript API Reference - KJUR.asn1.x509.AuthorityInfoAccess + + + + + + + + + + + + +
    + +
    Class Index +| File Index
    +
    +

    Classes

    + +
    + +
    + +
    + +

    + + Class KJUR.asn1.x509.AuthorityInfoAccess +

    + + +

    + +
    Extends + KJUR.asn1.x509.Extension.
    + + + AuthorityInfoAccess ASN.1 structure class + + +
    Defined in: asn1x509-1.0.js. + +

    + + + + + + + + + + + + + + + + + +
    Class Summary
    Constructor AttributesConstructor Name and Description
      + +
    AuthorityInfoAccess ASN.1 structure class +
    +id-pe OBJECT IDENTIFIER  ::=  { id-pkix 1 }
    +id-pe-authorityInfoAccess OBJECT IDENTIFIER ::= { id-pe 1 }
    +AuthorityInfoAccessSyntax  ::=
    +        SEQUENCE SIZE (1.
    +
    + + + + + + + + +
    +
    Fields borrowed from class KJUR.asn1.ASN1Object:
    hL, hT, hTLV, hV, isModified
    +
    + + + + + + + + + + +
    +
    + Class Detail +
    + +
    + KJUR.asn1.x509.AuthorityInfoAccess(params) +
    + +
    + AuthorityInfoAccess ASN.1 structure class +
    +id-pe OBJECT IDENTIFIER  ::=  { id-pkix 1 }
    +id-pe-authorityInfoAccess OBJECT IDENTIFIER ::= { id-pe 1 }
    +AuthorityInfoAccessSyntax  ::=
    +        SEQUENCE SIZE (1..MAX) OF AccessDescription
    +AccessDescription  ::=  SEQUENCE {
    +        accessMethod          OBJECT IDENTIFIER,
    +        accessLocation        GeneralName  }
    +id-ad OBJECT IDENTIFIER ::= { id-pkix 48 }
    +id-ad-caIssuers OBJECT IDENTIFIER ::= { id-ad 2 }
    +id-ad-ocsp OBJECT IDENTIFIER ::= { id-ad 1 }
    +
    + +
    + + + +
    var param = {'array':[
    +              { 'accessMethod':{'oid': '1.3.6.1.5.5.7.48.1'},
    +                'accessLocation':{'uri': 'http://ocsp.cacert.org'}
    +              } ]};
    +var e1 = new KJUR.asn1.x509.AuthorityInfoAccess(param);
    + + + + + +
    +
    Parameters:
    + +
    + {Array} params + +
    +
    associative array of parameters
    + +
    + + + +
    +
    Since:
    +
    asn1x509 1.0.8
    +
    + + + + + + +
    + + + + + + + + + + + +
    +
    + + + +
    + © 2012-2015 Kenji Urushima, All rights reserved
    + + Documentation generated by JsDoc Toolkit 2.4.0 +
    + + diff --git a/api/symbols/KJUR.asn1.x509.AuthorityKeyIdentifier.html b/api/symbols/KJUR.asn1.x509.AuthorityKeyIdentifier.html index 4ba9ff4d..b22d49b1 100644 --- a/api/symbols/KJUR.asn1.x509.AuthorityKeyIdentifier.html +++ b/api/symbols/KJUR.asn1.x509.AuthorityKeyIdentifier.html @@ -345,6 +345,8 @@

    Classes

  • KJUR.asn1.x509.AttributeTypeAndValue
  • +
  • KJUR.asn1.x509.AuthorityInfoAccess
  • +
  • KJUR.asn1.x509.AuthorityKeyIdentifier
  • KJUR.asn1.x509.BasicConstraints
  • @@ -389,6 +391,8 @@

    Classes

  • KJUR.crypto
  • +
  • KJUR.crypto.Cipher
  • +
  • KJUR.crypto.DSA
  • KJUR.crypto.ECDSA
  • @@ -511,7 +515,7 @@

    KJUR.asn1.x509.AuthorityKeyIdentifier.setCertIssuerByParam(param)
    set authorityCertIssuer value by X500Name parameter -NOTE: Automatic authorityCertIssuer name setting by an issuer +NOTE: Automatic authorityCertIssuer name setting by an issuer certificate will be supported in future version.
    @@ -522,7 +526,7 @@

    KJUR.asn1.x509.AuthorityKeyIdentifier.setCertSerialNumberByParam(param)
    set authorityCertSerialNumber value by DERInteger parameter -NOTE: Automatic authorityCertSerialNumber setting by an issuer +NOTE: Automatic authorityCertSerialNumber setting by an issuer certificate will be supported in future version.
    @@ -533,7 +537,7 @@

    KJUR.asn1.x509.AuthorityKeyIdentifier.setKIDByParam(param)
    set keyIdentifier value by DERInteger parameter -NOTE: Automatic keyIdentifier value calculation by an issuer +NOTE: Automatic keyIdentifier value calculation by an issuer public key will be supported in future version.
    @@ -631,7 +635,7 @@

    set authorityCertIssuer value by X500Name parameter -NOTE: Automatic authorityCertIssuer name setting by an issuer +NOTE: Automatic authorityCertIssuer name setting by an issuer certificate will be supported in future version. @@ -675,7 +679,7 @@

    set authorityCertSerialNumber value by DERInteger parameter -NOTE: Automatic authorityCertSerialNumber setting by an issuer +NOTE: Automatic authorityCertSerialNumber setting by an issuer certificate will be supported in future version. @@ -719,7 +723,7 @@

    set keyIdentifier value by DERInteger parameter -NOTE: Automatic keyIdentifier value calculation by an issuer +NOTE: Automatic keyIdentifier value calculation by an issuer public key will be supported in future version. diff --git a/api/symbols/KJUR.asn1.x509.BasicConstraints.html b/api/symbols/KJUR.asn1.x509.BasicConstraints.html index 0c35dae8..61f3e5ab 100644 --- a/api/symbols/KJUR.asn1.x509.BasicConstraints.html +++ b/api/symbols/KJUR.asn1.x509.BasicConstraints.html @@ -345,6 +345,8 @@

    Classes

  • KJUR.asn1.x509.AttributeTypeAndValue
  • +
  • KJUR.asn1.x509.AuthorityInfoAccess
  • +
  • KJUR.asn1.x509.AuthorityKeyIdentifier
  • KJUR.asn1.x509.BasicConstraints
  • @@ -389,6 +391,8 @@

    Classes

  • KJUR.crypto
  • +
  • KJUR.crypto.Cipher
  • +
  • KJUR.crypto.DSA
  • KJUR.crypto.ECDSA
  • diff --git a/api/symbols/KJUR.asn1.x509.CRL.html b/api/symbols/KJUR.asn1.x509.CRL.html index 7a003fbb..e96bfd24 100644 --- a/api/symbols/KJUR.asn1.x509.CRL.html +++ b/api/symbols/KJUR.asn1.x509.CRL.html @@ -345,6 +345,8 @@

    Classes

  • KJUR.asn1.x509.AttributeTypeAndValue
  • +
  • KJUR.asn1.x509.AuthorityInfoAccess
  • +
  • KJUR.asn1.x509.AuthorityKeyIdentifier
  • KJUR.asn1.x509.BasicConstraints
  • @@ -389,6 +391,8 @@

    Classes

  • KJUR.crypto
  • +
  • KJUR.crypto.Cipher
  • +
  • KJUR.crypto.DSA
  • KJUR.crypto.ECDSA
  • diff --git a/api/symbols/KJUR.asn1.x509.CRLDistributionPoints.html b/api/symbols/KJUR.asn1.x509.CRLDistributionPoints.html index 963b38bd..b5e30210 100644 --- a/api/symbols/KJUR.asn1.x509.CRLDistributionPoints.html +++ b/api/symbols/KJUR.asn1.x509.CRLDistributionPoints.html @@ -345,6 +345,8 @@

    Classes

  • KJUR.asn1.x509.AttributeTypeAndValue
  • +
  • KJUR.asn1.x509.AuthorityInfoAccess
  • +
  • KJUR.asn1.x509.AuthorityKeyIdentifier
  • KJUR.asn1.x509.BasicConstraints
  • @@ -389,6 +391,8 @@

    Classes

  • KJUR.crypto
  • +
  • KJUR.crypto.Cipher
  • +
  • KJUR.crypto.DSA
  • KJUR.crypto.ECDSA
  • diff --git a/api/symbols/KJUR.asn1.x509.CRLEntry.html b/api/symbols/KJUR.asn1.x509.CRLEntry.html index 7f96341d..13ebfa4c 100644 --- a/api/symbols/KJUR.asn1.x509.CRLEntry.html +++ b/api/symbols/KJUR.asn1.x509.CRLEntry.html @@ -345,6 +345,8 @@

    Classes

  • KJUR.asn1.x509.AttributeTypeAndValue
  • +
  • KJUR.asn1.x509.AuthorityInfoAccess
  • +
  • KJUR.asn1.x509.AuthorityKeyIdentifier
  • KJUR.asn1.x509.BasicConstraints
  • @@ -389,6 +391,8 @@

    Classes

  • KJUR.crypto
  • +
  • KJUR.crypto.Cipher
  • +
  • KJUR.crypto.DSA
  • KJUR.crypto.ECDSA
  • diff --git a/api/symbols/KJUR.asn1.x509.Certificate.html b/api/symbols/KJUR.asn1.x509.Certificate.html index 0259c859..2ef2eb0f 100644 --- a/api/symbols/KJUR.asn1.x509.Certificate.html +++ b/api/symbols/KJUR.asn1.x509.Certificate.html @@ -345,6 +345,8 @@

    Classes

  • KJUR.asn1.x509.AttributeTypeAndValue
  • +
  • KJUR.asn1.x509.AuthorityInfoAccess
  • +
  • KJUR.asn1.x509.AuthorityKeyIdentifier
  • KJUR.asn1.x509.BasicConstraints
  • @@ -389,6 +391,8 @@

    Classes

  • KJUR.crypto
  • +
  • KJUR.crypto.Cipher
  • +
  • KJUR.crypto.DSA
  • KJUR.crypto.ECDSA
  • @@ -652,7 +656,7 @@

    EXAMPLES

    var cert = new KJUR.asn1.x509.Certificate({'tbscertobj': tbs, 'rsaprvkey': prvKey});
     cert.sign();
    -var sPEM =  cert.getPEMString();
    +var sPEM = cert.getPEMString(); diff --git a/api/symbols/KJUR.asn1.x509.DistributionPoint.html b/api/symbols/KJUR.asn1.x509.DistributionPoint.html index 927f2d9c..889a94b1 100644 --- a/api/symbols/KJUR.asn1.x509.DistributionPoint.html +++ b/api/symbols/KJUR.asn1.x509.DistributionPoint.html @@ -345,6 +345,8 @@

    Classes

  • KJUR.asn1.x509.AttributeTypeAndValue
  • +
  • KJUR.asn1.x509.AuthorityInfoAccess
  • +
  • KJUR.asn1.x509.AuthorityKeyIdentifier
  • KJUR.asn1.x509.BasicConstraints
  • @@ -389,6 +391,8 @@

    Classes

  • KJUR.crypto
  • +
  • KJUR.crypto.Cipher
  • +
  • KJUR.crypto.DSA
  • KJUR.crypto.ECDSA
  • diff --git a/api/symbols/KJUR.asn1.x509.DistributionPointName.html b/api/symbols/KJUR.asn1.x509.DistributionPointName.html index 7d62f091..d79cd418 100644 --- a/api/symbols/KJUR.asn1.x509.DistributionPointName.html +++ b/api/symbols/KJUR.asn1.x509.DistributionPointName.html @@ -345,6 +345,8 @@

    Classes

  • KJUR.asn1.x509.AttributeTypeAndValue
  • +
  • KJUR.asn1.x509.AuthorityInfoAccess
  • +
  • KJUR.asn1.x509.AuthorityKeyIdentifier
  • KJUR.asn1.x509.BasicConstraints
  • @@ -389,6 +391,8 @@

    Classes

  • KJUR.crypto
  • +
  • KJUR.crypto.Cipher
  • +
  • KJUR.crypto.DSA
  • KJUR.crypto.ECDSA
  • diff --git a/api/symbols/KJUR.asn1.x509.ExtKeyUsage.html b/api/symbols/KJUR.asn1.x509.ExtKeyUsage.html index d9eb2dd5..7b7dfe9c 100644 --- a/api/symbols/KJUR.asn1.x509.ExtKeyUsage.html +++ b/api/symbols/KJUR.asn1.x509.ExtKeyUsage.html @@ -345,6 +345,8 @@

    Classes

  • KJUR.asn1.x509.AttributeTypeAndValue
  • +
  • KJUR.asn1.x509.AuthorityInfoAccess
  • +
  • KJUR.asn1.x509.AuthorityKeyIdentifier
  • KJUR.asn1.x509.BasicConstraints
  • @@ -389,6 +391,8 @@

    Classes

  • KJUR.crypto
  • +
  • KJUR.crypto.Cipher
  • +
  • KJUR.crypto.DSA
  • KJUR.crypto.ECDSA
  • @@ -508,7 +512,7 @@

    -
    var e1 = 
    +				
    var e1 =
         new KJUR.asn1.x509.ExtKeyUsage({'critical': true,
                                         'array':
                                         [{'oid': '2.5.29.37.0',  // anyExtendedKeyUsage
    diff --git a/api/symbols/KJUR.asn1.x509.Extension.html b/api/symbols/KJUR.asn1.x509.Extension.html
    index c78f499f..c98f8a23 100644
    --- a/api/symbols/KJUR.asn1.x509.Extension.html
    +++ b/api/symbols/KJUR.asn1.x509.Extension.html
    @@ -345,6 +345,8 @@ 

    Classes

  • KJUR.asn1.x509.AttributeTypeAndValue
  • +
  • KJUR.asn1.x509.AuthorityInfoAccess
  • +
  • KJUR.asn1.x509.AuthorityKeyIdentifier
  • KJUR.asn1.x509.BasicConstraints
  • @@ -389,6 +391,8 @@

    Classes

  • KJUR.crypto
  • +
  • KJUR.crypto.Cipher
  • +
  • KJUR.crypto.DSA
  • KJUR.crypto.ECDSA
  • diff --git a/api/symbols/KJUR.asn1.x509.GeneralName.html b/api/symbols/KJUR.asn1.x509.GeneralName.html index 44baec1c..fc056611 100644 --- a/api/symbols/KJUR.asn1.x509.GeneralName.html +++ b/api/symbols/KJUR.asn1.x509.GeneralName.html @@ -345,6 +345,8 @@

    Classes

  • KJUR.asn1.x509.AttributeTypeAndValue
  • +
  • KJUR.asn1.x509.AuthorityInfoAccess
  • +
  • KJUR.asn1.x509.AuthorityKeyIdentifier
  • KJUR.asn1.x509.BasicConstraints
  • @@ -389,6 +391,8 @@

    Classes

  • KJUR.crypto
  • +
  • KJUR.crypto.Cipher
  • +
  • KJUR.crypto.DSA
  • KJUR.crypto.ECDSA
  • @@ -519,7 +523,7 @@

    ediPartyName [5] EDIPartyName, uniformResourceIdentifier [6] IA5String, iPAddress [7] OCTET STRING, - registeredID [8] OBJECT IDENTIFIER } + registeredID [8] OBJECT IDENTIFIER }

    diff --git a/api/symbols/KJUR.asn1.x509.GeneralNames.html b/api/symbols/KJUR.asn1.x509.GeneralNames.html index eba62991..d632f26c 100644 --- a/api/symbols/KJUR.asn1.x509.GeneralNames.html +++ b/api/symbols/KJUR.asn1.x509.GeneralNames.html @@ -345,6 +345,8 @@

    Classes

  • KJUR.asn1.x509.AttributeTypeAndValue
  • +
  • KJUR.asn1.x509.AuthorityInfoAccess
  • +
  • KJUR.asn1.x509.AuthorityKeyIdentifier
  • KJUR.asn1.x509.BasicConstraints
  • @@ -389,6 +391,8 @@

    Classes

  • KJUR.crypto
  • +
  • KJUR.crypto.Cipher
  • +
  • KJUR.crypto.DSA
  • KJUR.crypto.ECDSA
  • @@ -528,7 +532,7 @@

    EXAMPLE AND ASN.1 SYNTAX

    -
    var gns = new KJUR.asn1.x509.GeneralNames([{'uri': 'http://aaa.com/'}, {'uri': 'http://bbb.com/'}]); 
    +				
    var gns = new KJUR.asn1.x509.GeneralNames([{'uri': 'http://aaa.com/'}, {'uri': 'http://bbb.com/'}]);
     
     GeneralNames ::= SEQUENCE SIZE (1..MAX) OF GeneralName
    diff --git a/api/symbols/KJUR.asn1.x509.KeyUsage.html b/api/symbols/KJUR.asn1.x509.KeyUsage.html index 9af1a2fd..79f4f3cc 100644 --- a/api/symbols/KJUR.asn1.x509.KeyUsage.html +++ b/api/symbols/KJUR.asn1.x509.KeyUsage.html @@ -345,6 +345,8 @@

    Classes

  • KJUR.asn1.x509.AttributeTypeAndValue
  • +
  • KJUR.asn1.x509.AuthorityInfoAccess
  • +
  • KJUR.asn1.x509.AuthorityKeyIdentifier
  • KJUR.asn1.x509.BasicConstraints
  • @@ -389,6 +391,8 @@

    Classes

  • KJUR.crypto
  • +
  • KJUR.crypto.Cipher
  • +
  • KJUR.crypto.DSA
  • KJUR.crypto.ECDSA
  • diff --git a/api/symbols/KJUR.asn1.x509.OID.html b/api/symbols/KJUR.asn1.x509.OID.html index db4b83fc..bd875531 100644 --- a/api/symbols/KJUR.asn1.x509.OID.html +++ b/api/symbols/KJUR.asn1.x509.OID.html @@ -345,6 +345,8 @@

    Classes

  • KJUR.asn1.x509.AttributeTypeAndValue
  • +
  • KJUR.asn1.x509.AuthorityInfoAccess
  • +
  • KJUR.asn1.x509.AuthorityKeyIdentifier
  • KJUR.asn1.x509.BasicConstraints
  • @@ -389,6 +391,8 @@

    Classes

  • KJUR.crypto
  • +
  • KJUR.crypto.Cipher
  • +
  • KJUR.crypto.DSA
  • KJUR.crypto.ECDSA
  • diff --git a/api/symbols/KJUR.asn1.x509.RDN.html b/api/symbols/KJUR.asn1.x509.RDN.html index df23482f..aa4dffb9 100644 --- a/api/symbols/KJUR.asn1.x509.RDN.html +++ b/api/symbols/KJUR.asn1.x509.RDN.html @@ -345,6 +345,8 @@

    Classes

  • KJUR.asn1.x509.AttributeTypeAndValue
  • +
  • KJUR.asn1.x509.AuthorityInfoAccess
  • +
  • KJUR.asn1.x509.AuthorityKeyIdentifier
  • KJUR.asn1.x509.BasicConstraints
  • @@ -389,6 +391,8 @@

    Classes

  • KJUR.crypto
  • +
  • KJUR.crypto.Cipher
  • +
  • KJUR.crypto.DSA
  • KJUR.crypto.ECDSA
  • @@ -440,7 +444,7 @@

    KJUR.asn1.ASN1Object.
    - RDN (Relative Distinguish Name) ASN.1 structure class + RDN (Relative Distinguished Name) ASN.1 structure class
    Defined in: asn1x509-1.0.js. @@ -464,8 +468,9 @@

    -
    RDN (Relative Distinguish Name) ASN.1 structure class -
    +
    RDN (Relative Distinguished Name) ASN.1 structure class +This class provides RelativeDistinguishedName ASN.1 class structure +defined in RFC 2253 section 2.
    @@ -486,6 +491,59 @@

    + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    Method Summary
    Method AttributesMethod Name and Description
      + +
    add one AttributeTypeAndValue by multi-valued string
    +This method add multi-valued RDN to RDN object.
    +
      + +
    add one AttributeTypeAndValue by string
    +This method add one AttributeTypeAndValue to RDN object.
    +
    <static>   +
    KJUR.asn1.x509.RDN.parseString(s) +
    +
    parse multi-valued RDN string and split into array of 'AttributeTypeAndValue'
    +This static method parses multi-valued RDN string and split into +array of AttributeTypeAndValue.
    +
    + + + +
    + +
    + + @@ -501,14 +559,28 @@

    - RDN (Relative Distinguish Name) ASN.1 structure class - + RDN (Relative Distinguished Name) ASN.1 structure class +This class provides RelativeDistinguishedName ASN.1 class structure +defined in RFC 2253 section 2. +
    +RelativeDistinguishedName ::= SET SIZE (1..MAX) OF
    +  AttributeTypeAndValue
    +
    +AttributeTypeAndValue ::= SEQUENCE {
    +  type  AttributeType,
    +  value AttributeValue }
    +
    +
    +NOTE: Multi-valued RDN is supported since jsrsasign 6.2.1 asn1x509 1.0.17.
    -
    
    +				
    rdn = new KJUR.asn1.x509.RDN({str: "CN=test"});
    +rdn = new KJUR.asn1.x509.RDN({str: "O=a+O=bb+O=c"}); // multi-valued
    +rdn = new KJUR.asn1.x509.RDN({str: "O=a+O=b\\+b+O=c"}); // plus escaped
    +rdn = new KJUR.asn1.x509.RDN({str: "O=a+O=\"b+b\"+O=c"}); // double quoted
    @@ -531,6 +603,17 @@

    +
    +
    See:
    + +
    KJUR.asn1.x509.X500Name
    + +
    KJUR.asn1.x509.RDN
    + +
    KJUR.asn1.x509.AttributeTypeAndValue
    + +
    + @@ -540,6 +623,177 @@

    +
    + Method Detail +
    + + +
    + + {Object} + addByMultiValuedString(s) + +
    +
    + add one AttributeTypeAndValue by multi-valued string
    +This method add multi-valued RDN to RDN object. + + +
    + + + +
    rdn = new KJUR.asn1.x509.RDN();
    +rdn.addByMultiValuedString("CN=john+O=test");
    +rdn.addByMultiValuedString("O=a+O=b\+b\+b+O=c"); // multi-valued RDN with quoted plus
    +rdn.addByMultiValuedString("O=a+O=\"b+b+b\"+O=c"); // multi-valued RDN with quoted quotation
    + + + + +
    +
    Parameters:
    + +
    + {String} s + +
    +
    string of multi-valued RDN
    + +
    + + + +
    +
    Since:
    +
    jsrsasign 6.2.1 asn1x509 1.0.17
    +
    + + + + +
    +
    Returns:
    + +
    {Object} unspecified
    + +
    + + + + +
    + + +
    + + {Object} + addByString(s) + +
    +
    + add one AttributeTypeAndValue by string
    +This method add one AttributeTypeAndValue to RDN object. + + +
    + + + +
    rdn = new KJUR.asn1.x509.RDN();
    +rdn.addByString("CN=john");
    +rdn.addByString("serialNumber=1234"); // for multi-valued RDN
    + + + + +
    +
    Parameters:
    + +
    + {String} s + +
    +
    string of AttributeTypeAndValue
    + +
    + + + + + +
    +
    Returns:
    + +
    {Object} unspecified
    + +
    + + + + +
    + + +
    <static> + + {Array} + KJUR.asn1.x509.RDN.parseString(s) + +
    +
    + parse multi-valued RDN string and split into array of 'AttributeTypeAndValue'
    +This static method parses multi-valued RDN string and split into +array of AttributeTypeAndValue. + + +
    + + + +
    KJUR.asn1.x509.RDN.parseString("CN=john") → ["CN=john"]
    +KJUR.asn1.x509.RDN.parseString("CN=john+OU=test") → ["CN=john", "OU=test"]
    +KJUR.asn1.x509.RDN.parseString('CN="jo+hn"+OU=test') → ["CN=jo+hn", "OU=test"]
    +KJUR.asn1.x509.RDN.parseString('CN=jo\+hn+OU=test') → ["CN=jo+hn", "OU=test"]
    +KJUR.asn1.x509.RDN.parseString("CN=john+OU=test+OU=t1") → ["CN=john", "OU=test", "OU=t1"]
    + + + + +
    +
    Parameters:
    + +
    + {String} s + +
    +
    multi-valued string of RDN
    + +
    + + + +
    +
    Since:
    +
    jsrsasign 6.2.1 asn1x509 1.0.17
    +
    + + + + +
    +
    Returns:
    + +
    {Array} array of string of AttributeTypeAndValue
    + +
    + + + + + + + diff --git a/api/symbols/KJUR.asn1.x509.SubjectPublicKeyInfo.html b/api/symbols/KJUR.asn1.x509.SubjectPublicKeyInfo.html index a45331d7..b20bc8e6 100644 --- a/api/symbols/KJUR.asn1.x509.SubjectPublicKeyInfo.html +++ b/api/symbols/KJUR.asn1.x509.SubjectPublicKeyInfo.html @@ -345,6 +345,8 @@

    Classes

  • KJUR.asn1.x509.AttributeTypeAndValue
  • +
  • KJUR.asn1.x509.AuthorityInfoAccess
  • +
  • KJUR.asn1.x509.AuthorityKeyIdentifier
  • KJUR.asn1.x509.BasicConstraints
  • @@ -389,6 +391,8 @@

    Classes

  • KJUR.crypto
  • +
  • KJUR.crypto.Cipher
  • +
  • KJUR.crypto.DSA
  • KJUR.crypto.ECDSA
  • diff --git a/api/symbols/KJUR.asn1.x509.TBSCertList.html b/api/symbols/KJUR.asn1.x509.TBSCertList.html index afbfea08..e09ea166 100644 --- a/api/symbols/KJUR.asn1.x509.TBSCertList.html +++ b/api/symbols/KJUR.asn1.x509.TBSCertList.html @@ -345,6 +345,8 @@

    Classes

  • KJUR.asn1.x509.AttributeTypeAndValue
  • +
  • KJUR.asn1.x509.AuthorityInfoAccess
  • +
  • KJUR.asn1.x509.AuthorityKeyIdentifier
  • KJUR.asn1.x509.BasicConstraints
  • @@ -389,6 +391,8 @@

    Classes

  • KJUR.crypto
  • +
  • KJUR.crypto.Cipher
  • +
  • KJUR.crypto.DSA
  • KJUR.crypto.ECDSA
  • diff --git a/api/symbols/KJUR.asn1.x509.TBSCertificate.html b/api/symbols/KJUR.asn1.x509.TBSCertificate.html index e860b502..490e57ea 100644 --- a/api/symbols/KJUR.asn1.x509.TBSCertificate.html +++ b/api/symbols/KJUR.asn1.x509.TBSCertificate.html @@ -345,6 +345,8 @@

    Classes

  • KJUR.asn1.x509.AttributeTypeAndValue
  • +
  • KJUR.asn1.x509.AuthorityInfoAccess
  • +
  • KJUR.asn1.x509.AuthorityKeyIdentifier
  • KJUR.asn1.x509.BasicConstraints
  • @@ -389,6 +391,8 @@

    Classes

  • KJUR.crypto
  • +
  • KJUR.crypto.Cipher
  • +
  • KJUR.crypto.DSA
  • KJUR.crypto.ECDSA
  • @@ -746,7 +750,8 @@

    EXAMPLE

    tbsc.appendExtensionByName('KeyUsage', {'bin':'11'}); tbsc.appendExtensionByName('CRLDistributionPoints', {uri: 'http://aaa.com/a.crl'}); tbsc.appendExtensionByName('ExtKeyUsage', {array: [{name: 'clientAuth'}]}); -tbsc.appendExtensionByName('AuthorityKeyIdentifier', {kid: '1234ab..'});
    +tbsc.appendExtensionByName('AuthorityKeyIdentifier', {kid: '1234ab..'}); +tbsc.appendExtensionByName('AuthorityInfoAccess', {array: [{accessMethod:{oid:...},accessLocation:{uri:...}}]});
    @@ -1074,8 +1079,8 @@

    EXAMPLE

    -
    tbsc.setSubjectPublicKeyByGetKeyParam(certPEMString); // or 
    -tbsc.setSubjectPublicKeyByGetKeyParam(pkcs8PublicKeyPEMString); // or 
    +					
    tbsc.setSubjectPublicKeyByGetKeyParam(certPEMString); // or
    +tbsc.setSubjectPublicKeyByGetKeyParam(pkcs8PublicKeyPEMString); // or
     tbsc.setSubjectPublicKeyByGetKeyParam(kjurCryptoECDSAKeyObject); // et.al.
    diff --git a/api/symbols/KJUR.asn1.x509.Time.html b/api/symbols/KJUR.asn1.x509.Time.html index 58f1058d..64475404 100644 --- a/api/symbols/KJUR.asn1.x509.Time.html +++ b/api/symbols/KJUR.asn1.x509.Time.html @@ -345,6 +345,8 @@

    Classes

  • KJUR.asn1.x509.AttributeTypeAndValue
  • +
  • KJUR.asn1.x509.AuthorityInfoAccess
  • +
  • KJUR.asn1.x509.AuthorityKeyIdentifier
  • KJUR.asn1.x509.BasicConstraints
  • @@ -389,6 +391,8 @@

    Classes

  • KJUR.crypto
  • +
  • KJUR.crypto.Cipher
  • +
  • KJUR.crypto.DSA
  • KJUR.crypto.ECDSA
  • diff --git a/api/symbols/KJUR.asn1.x509.X500Name.html b/api/symbols/KJUR.asn1.x509.X500Name.html index ede402fa..450adab7 100644 --- a/api/symbols/KJUR.asn1.x509.X500Name.html +++ b/api/symbols/KJUR.asn1.x509.X500Name.html @@ -345,6 +345,8 @@

    Classes

  • KJUR.asn1.x509.AttributeTypeAndValue
  • +
  • KJUR.asn1.x509.AuthorityInfoAccess
  • +
  • KJUR.asn1.x509.AuthorityKeyIdentifier
  • KJUR.asn1.x509.BasicConstraints
  • @@ -389,6 +391,8 @@

    Classes

  • KJUR.crypto
  • +
  • KJUR.crypto.Cipher
  • +
  • KJUR.crypto.DSA
  • KJUR.crypto.ECDSA
  • @@ -465,7 +469,8 @@

    KJUR.asn1.x509.X500Name(params)
    X500Name ASN.1 structure class -
    +This class provides DistinguishedName ASN.1 class structure +defined in RFC 2253 section 2. @@ -499,9 +504,9 @@

    - <static>   +   -
    KJUR.asn1.x509.X500Name.setByObject(dnObj) +
    setByObject(dnObj)
    set DN by associative array
    @@ -509,9 +514,9 @@

    - <static>   +   -
    KJUR.asn1.x509.X500Name.setByString(dnStr) +
    setByString(dnStr)
    set DN by string
    @@ -544,7 +549,25 @@

    X500Name ASN.1 structure class - +This class provides DistinguishedName ASN.1 class structure +defined in RFC 2253 section 2. +
    +DistinguishedName ::= RDNSequence
    +
    +RDNSequence ::= SEQUENCE OF RelativeDistinguishedName
    +
    +RelativeDistinguishedName ::= SET SIZE (1..MAX) OF
    +  AttributeTypeAndValue
    +
    +AttributeTypeAndValue ::= SEQUENCE {
    +  type  AttributeType,
    +  value AttributeValue }
    +
    +
    +For string representation of distinguished name in jsrsasign, +OpenSSL oneline format is used. Please see wiki article for it. +
    +NOTE: Multi-valued RDN is supported since jsrsasign 6.2.1 asn1x509 1.0.17.
    @@ -576,6 +599,17 @@

    +
    +
    See:
    + +
    KJUR.asn1.x509.X500Name
    + +
    KJUR.asn1.x509.RDN
    + +
    KJUR.asn1.x509.AttributeTypeAndValue
    + +
    +

    @@ -589,11 +623,11 @@

    Method Detail

    - -
    <static> + +
    - KJUR.asn1.x509.X500Name.setByObject(dnObj) + setByObject(dnObj)
    @@ -637,11 +671,11 @@


    - -
    <static> + +
    - KJUR.asn1.x509.X500Name.setByString(dnStr) + setByString(dnStr)
    diff --git a/api/symbols/KJUR.asn1.x509.X509Util.html b/api/symbols/KJUR.asn1.x509.X509Util.html index d9eaed13..00207bda 100644 --- a/api/symbols/KJUR.asn1.x509.X509Util.html +++ b/api/symbols/KJUR.asn1.x509.X509Util.html @@ -345,6 +345,8 @@

    Classes

  • KJUR.asn1.x509.AttributeTypeAndValue
  • +
  • KJUR.asn1.x509.AuthorityInfoAccess
  • +
  • KJUR.asn1.x509.AuthorityKeyIdentifier
  • KJUR.asn1.x509.BasicConstraints
  • @@ -389,6 +391,8 @@

    Classes

  • KJUR.crypto
  • +
  • KJUR.crypto.Cipher
  • +
  • KJUR.crypto.DSA
  • KJUR.crypto.ECDSA
  • @@ -607,8 +611,8 @@

    issue a certificate in PEM format This method can issue a certificate by a simple JSON object. -Signature value will be provided by signing with -private key using 'cakey' parameter or +Signature value will be provided by signing with +private key using 'cakey' parameter or hexa decimal signature value by 'sighex' parameter. NOTE: When using DSA or ECDSA CA signing key, diff --git a/api/symbols/KJUR.asn1.x509.html b/api/symbols/KJUR.asn1.x509.html index d1dcac0a..7e4d62e1 100644 --- a/api/symbols/KJUR.asn1.x509.html +++ b/api/symbols/KJUR.asn1.x509.html @@ -345,6 +345,8 @@

    Classes

  • KJUR.asn1.x509.AttributeTypeAndValue
  • +
  • KJUR.asn1.x509.AuthorityInfoAccess
  • +
  • KJUR.asn1.x509.AuthorityKeyIdentifier
  • KJUR.asn1.x509.BasicConstraints
  • @@ -389,6 +391,8 @@

    Classes

  • KJUR.crypto
  • +
  • KJUR.crypto.Cipher
  • +
  • KJUR.crypto.DSA
  • KJUR.crypto.ECDSA
  • @@ -618,6 +622,7 @@

    SUPPORTED EXTENSIONS

  • KJUR.asn1.x509.CRLDistributionPoints
  • KJUR.asn1.x509.ExtKeyUsage
  • KJUR.asn1.x509.AuthorityKeyIdentifier
  • +
  • KJUR.asn1.x509.AuthorityInfoAccess
  • NOTE: Please ignore method summary and document of this namespace. This caused by a bug of jsdoc2. diff --git a/api/symbols/KJUR.crypto.Cipher.html b/api/symbols/KJUR.crypto.Cipher.html new file mode 100644 index 00000000..6dcf9fb2 --- /dev/null +++ b/api/symbols/KJUR.crypto.Cipher.html @@ -0,0 +1,845 @@ + + + + + + + jsrsasign 4.8.7 JavaScript API Reference - KJUR.crypto.Cipher + + + + + + + + + + + + +
    + + +
    +

    Classes

    + +
    + +
    + +
    + +

    + + Class KJUR.crypto.Cipher +

    + + +

    + + + + Cipher class to encrypt and decrypt data
    + + +
    Defined in: crypto-1.1.js. + +

    + + + + + + + + + + + + + + + + + +
    Class Summary
    Constructor AttributesConstructor Name and Description
      +
    + KJUR.crypto.Cipher(params) +
    +
    Cipher class to encrypt and decrypt data
    +Here is supported canonicalized cipher algorithm names and its standard names: +
      +
    • RSA - RSA/ECB/PKCS1Padding (default for RSAKey)
    • +
    • RSAOAEP - RSA/ECB/OAEPWithSHA-1AndMGF1Padding
    • +
    • RSAOAEP224 - RSA/ECB/OAEPWithSHA-224AndMGF1Padding(*)
    • +
    • RSAOAEP256 - RSA/ECB/OAEPWithSHA-256AndMGF1Padding
    • +
    • RSAOAEP384 - RSA/ECB/OAEPWithSHA-384AndMGF1Padding(*)
    • +
    • RSAOAEP512 - RSA/ECB/OAEPWithSHA-512AndMGF1Padding(*)
    • +
    +NOTE: (*) is not supported in Java JCE.
    +
    + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    Method Summary
    Method AttributesMethod Name and Description
    <static>   +
    KJUR.crypto.Cipher.decrypt(hex, keyObj, algName) +
    +
    decrypt encrypted hexadecimal string with specified key and algorithm
    +This static method decrypts encrypted hexadecimal string with specified key and algorithm.
    +
    <static>   +
    KJUR.crypto.Cipher.encrypt(s, keyObj, algName) +
    +
    encrypt raw string by specified key and algorithm
    +This static method encrypts raw string with specified key and algorithm.
    +
    <static>   +
    KJUR.crypto.Cipher.getAlgByKeyAndName(keyObj, algName) +
    +
    get canonicalized encrypt/decrypt algorithm name by key and short/long algorithm name
    +Here is supported canonicalized cipher algorithm names and its standard names: +
      +
    • RSA - RSA/ECB/PKCS1Padding (default for RSAKey)
    • +
    • RSAOAEP - RSA/ECB/OAEPWithSHA-1AndMGF1Padding
    • +
    • RSAOAEP224 - RSA/ECB/OAEPWithSHA-224AndMGF1Padding(*)
    • +
    • RSAOAEP256 - RSA/ECB/OAEPWithSHA-256AndMGF1Padding
    • +
    • RSAOAEP384 - RSA/ECB/OAEPWithSHA-384AndMGF1Padding(*)
    • +
    • RSAOAEP512 - RSA/ECB/OAEPWithSHA-512AndMGF1Padding(*)
    • +
    +NOTE: (*) is not supported in Java JCE.
    +
    + + + + + + + + + +
    +
    + Class Detail +
    + +
    + KJUR.crypto.Cipher(params) +
    + +
    + Cipher class to encrypt and decrypt data
    +Here is supported canonicalized cipher algorithm names and its standard names: +
      +
    • RSA - RSA/ECB/PKCS1Padding (default for RSAKey)
    • +
    • RSAOAEP - RSA/ECB/OAEPWithSHA-1AndMGF1Padding
    • +
    • RSAOAEP224 - RSA/ECB/OAEPWithSHA-224AndMGF1Padding(*)
    • +
    • RSAOAEP256 - RSA/ECB/OAEPWithSHA-256AndMGF1Padding
    • +
    • RSAOAEP384 - RSA/ECB/OAEPWithSHA-384AndMGF1Padding(*)
    • +
    • RSAOAEP512 - RSA/ECB/OAEPWithSHA-512AndMGF1Padding(*)
    • +
    +NOTE: (*) is not supported in Java JCE.
    +Currently this class supports only RSA encryption and decryption. +However it is planning to implement also symmetric ciphers near in the future. + +
    + + + +
    
    +				
    +				
    +				
    +				
    +					
    +						
    +
    Parameters:
    + +
    + {Array} params + +
    +
    parameters for constructor
    + +
    + + + +
    +
    Since:
    +
    jsrsasign 6.2.0 crypto 1.1.10
    +
    + + + + + + +
    + + + + + + + +
    + Method Detail +
    + + +
    <static> + + {String} + KJUR.crypto.Cipher.decrypt(hex, keyObj, algName) + +
    +
    + decrypt encrypted hexadecimal string with specified key and algorithm
    +This static method decrypts encrypted hexadecimal string with specified key and algorithm. + + +
    + + + +
    +KJUR.crypto.Cipher.decrypt("aaa", prvRSAKeyObj) → "1abc2d..."
    +KJUR.crypto.Cipher.decrypt("aaa", prvRSAKeyObj, "RSAOAEP) → "23ab02..."
    + + + + +
    +
    Parameters:
    + +
    + {String} hex + +
    +
    hexadecial string of encrypted message
    + +
    + {Object} keyObj + +
    +
    RSAKey object or hexadecimal string of symmetric cipher key
    + +
    + {String} algName + +
    +
    short/long algorithm name for encryption/decryption
    + +
    + + + +
    +
    Since:
    +
    jsrsasign 6.2.0 crypto 1.1.10
    +
    + + + + +
    +
    Returns:
    + +
    {String} hexadecimal encrypted string
    + +
    + + + + +
    + + +
    <static> + + {String} + KJUR.crypto.Cipher.encrypt(s, keyObj, algName) + +
    +
    + encrypt raw string by specified key and algorithm
    +This static method encrypts raw string with specified key and algorithm. + + +
    + + + +
    +KJUR.crypto.Cipher.encrypt("aaa", pubRSAKeyObj) → "1abc2d..."
    +KJUR.crypto.Cipher.encrypt("aaa", pubRSAKeyObj, "RSAOAEP) → "23ab02..."
    + + + + +
    +
    Parameters:
    + +
    + {String} s + +
    +
    input string to encrypt
    + +
    + {Object} keyObj + +
    +
    RSAKey object or hexadecimal string of symmetric cipher key
    + +
    + {String} algName + +
    +
    short/long algorithm name for encryption/decryption
    + +
    + + + +
    +
    Since:
    +
    jsrsasign 6.2.0 crypto 1.1.10
    +
    + + + + +
    +
    Returns:
    + +
    {String} hexadecimal encrypted string
    + +
    + + + + +
    + + +
    <static> + + {String} + KJUR.crypto.Cipher.getAlgByKeyAndName(keyObj, algName) + +
    +
    + get canonicalized encrypt/decrypt algorithm name by key and short/long algorithm name
    +Here is supported canonicalized cipher algorithm names and its standard names: +
      +
    • RSA - RSA/ECB/PKCS1Padding (default for RSAKey)
    • +
    • RSAOAEP - RSA/ECB/OAEPWithSHA-1AndMGF1Padding
    • +
    • RSAOAEP224 - RSA/ECB/OAEPWithSHA-224AndMGF1Padding(*)
    • +
    • RSAOAEP256 - RSA/ECB/OAEPWithSHA-256AndMGF1Padding
    • +
    • RSAOAEP384 - RSA/ECB/OAEPWithSHA-384AndMGF1Padding(*)
    • +
    • RSAOAEP512 - RSA/ECB/OAEPWithSHA-512AndMGF1Padding(*)
    • +
    +NOTE: (*) is not supported in Java JCE. + + +
    + + + +
    +KJUR.crypto.Cipher.getAlgByKeyAndName(objRSAKey) → "RSA"
    +KJUR.crypto.Cipher.getAlgByKeyAndName(objRSAKey, "RSAOAEP") → "RSAOAEP"
    + + + + +
    +
    Parameters:
    + +
    + {Object} keyObj + +
    +
    RSAKey object or hexadecimal string of symmetric cipher key
    + +
    + {String} algName + +
    +
    short/long algorithm name for encryption/decryption
    + +
    + + + +
    +
    Since:
    +
    jsrsasign 6.2.0 crypto 1.1.10
    +
    + + + + +
    +
    Returns:
    + +
    {String} canonicalized algorithm name for encryption/decryption
    + +
    + + + + + + + + + + + +
    +
    + + + +
    + © 2012-2015 Kenji Urushima, All rights reserved
    + + Documentation generated by JsDoc Toolkit 2.4.0 +
    + + diff --git a/api/symbols/KJUR.crypto.DSA.html b/api/symbols/KJUR.crypto.DSA.html index c2ee2539..c9495e6f 100644 --- a/api/symbols/KJUR.crypto.DSA.html +++ b/api/symbols/KJUR.crypto.DSA.html @@ -345,6 +345,8 @@

    Classes

  • KJUR.asn1.x509.AttributeTypeAndValue
  • +
  • KJUR.asn1.x509.AuthorityInfoAccess
  • +
  • KJUR.asn1.x509.AuthorityKeyIdentifier
  • KJUR.asn1.x509.BasicConstraints
  • @@ -389,6 +391,8 @@

    Classes

  • KJUR.crypto
  • +
  • KJUR.crypto.Cipher
  • +
  • KJUR.crypto.DSA
  • KJUR.crypto.ECDSA
  • diff --git a/api/symbols/KJUR.crypto.ECDSA.html b/api/symbols/KJUR.crypto.ECDSA.html index ca32664e..e9a5de16 100644 --- a/api/symbols/KJUR.crypto.ECDSA.html +++ b/api/symbols/KJUR.crypto.ECDSA.html @@ -345,6 +345,8 @@

    Classes

  • KJUR.asn1.x509.AttributeTypeAndValue
  • +
  • KJUR.asn1.x509.AuthorityInfoAccess
  • +
  • KJUR.asn1.x509.AuthorityKeyIdentifier
  • KJUR.asn1.x509.BasicConstraints
  • @@ -389,6 +391,8 @@

    Classes

  • KJUR.crypto
  • +
  • KJUR.crypto.Cipher
  • +
  • KJUR.crypto.DSA
  • KJUR.crypto.ECDSA
  • diff --git a/api/symbols/KJUR.crypto.ECParameterDB.html b/api/symbols/KJUR.crypto.ECParameterDB.html index 97967cb3..d3a83a96 100644 --- a/api/symbols/KJUR.crypto.ECParameterDB.html +++ b/api/symbols/KJUR.crypto.ECParameterDB.html @@ -345,6 +345,8 @@

    Classes

  • KJUR.asn1.x509.AttributeTypeAndValue
  • +
  • KJUR.asn1.x509.AuthorityInfoAccess
  • +
  • KJUR.asn1.x509.AuthorityKeyIdentifier
  • KJUR.asn1.x509.BasicConstraints
  • @@ -389,6 +391,8 @@

    Classes

  • KJUR.crypto
  • +
  • KJUR.crypto.Cipher
  • +
  • KJUR.crypto.DSA
  • KJUR.crypto.ECDSA
  • diff --git a/api/symbols/KJUR.crypto.Mac.html b/api/symbols/KJUR.crypto.Mac.html index 46463047..8d370374 100644 --- a/api/symbols/KJUR.crypto.Mac.html +++ b/api/symbols/KJUR.crypto.Mac.html @@ -345,6 +345,8 @@

    Classes

  • KJUR.asn1.x509.AttributeTypeAndValue
  • +
  • KJUR.asn1.x509.AuthorityInfoAccess
  • +
  • KJUR.asn1.x509.AuthorityKeyIdentifier
  • KJUR.asn1.x509.BasicConstraints
  • @@ -389,6 +391,8 @@

    Classes

  • KJUR.crypto
  • +
  • KJUR.crypto.Cipher
  • +
  • KJUR.crypto.DSA
  • KJUR.crypto.ECDSA
  • @@ -498,9 +502,9 @@

    - <static>   +   -
    KJUR.crypto.Mac.doFinal() +
    completes hash calculation and returns hash result
    @@ -508,9 +512,9 @@

    - <static>   +   -
    KJUR.crypto.Mac.doFinalHex(hex) +
    performs final update on the digest using hexadecimal string, then completes the digest computation @@ -519,9 +523,9 @@

    - <static>   +   -
    KJUR.crypto.Mac.doFinalString(str) +
    performs final update on the digest using string, then completes the digest computation
    @@ -529,9 +533,9 @@

    - <static>   +   -
    KJUR.crypto.Mac.setPassword(pass) +
    set password for Mac This method will set password for (H)Mac internally.
    @@ -539,9 +543,9 @@

    - <static>   +   -
    KJUR.crypto.Mac.updateHex(hex) +
    updateHex(hex)
    update digest by specified hexadecimal string
    @@ -549,9 +553,9 @@

    - <static>   +   -
    KJUR.crypto.Mac.updateString(str) +
    update digest by specified string
    @@ -597,7 +601,7 @@

    NOTE2: Hmac signature bug was fixed in jsrsasign 4.9.0 by providing CryptoJS bug workaround.
    -Please see KJUR.crypto.Mac.setPassword, how to provide password +Please see KJUR.crypto.Mac.setPassword, how to provide password in various ways in detail.

    @@ -649,11 +653,11 @@

    Method Detail

    - -
    <static> + +
    - KJUR.crypto.Mac.doFinal() + doFinal()
    @@ -679,11 +683,11 @@


    - -
    <static> + +
    - KJUR.crypto.Mac.doFinalHex(hex) + doFinalHex(hex)
    @@ -721,11 +725,11 @@


    - -
    <static> + +
    - KJUR.crypto.Mac.doFinalString(str) + doFinalString(str)
    @@ -762,11 +766,11 @@


    - -
    <static> + +
    - KJUR.crypto.Mac.setPassword(pass) + setPassword(pass)
    @@ -838,11 +842,11 @@


    - -
    <static> + +
    - KJUR.crypto.Mac.updateHex(hex) + updateHex(hex)
    @@ -879,11 +883,11 @@


    - -
    <static> + +
    - KJUR.crypto.Mac.updateString(str) + updateString(str)
    diff --git a/api/symbols/KJUR.crypto.MessageDigest.html b/api/symbols/KJUR.crypto.MessageDigest.html index 85f84386..36fa06ae 100644 --- a/api/symbols/KJUR.crypto.MessageDigest.html +++ b/api/symbols/KJUR.crypto.MessageDigest.html @@ -345,6 +345,8 @@

    Classes

  • KJUR.asn1.x509.AttributeTypeAndValue
  • +
  • KJUR.asn1.x509.AuthorityInfoAccess
  • +
  • KJUR.asn1.x509.AuthorityKeyIdentifier
  • KJUR.asn1.x509.BasicConstraints
  • @@ -389,6 +391,8 @@

    Classes

  • KJUR.crypto
  • +
  • KJUR.crypto.Cipher
  • +
  • KJUR.crypto.DSA
  • KJUR.crypto.ECDSA
  • @@ -462,7 +466,7 @@

    -
    MessageDigest class which is very similar to java.security.MessageDigest class +
    MessageDigest class which is very similar to java.security.MessageDigest class

    Currently this supports following algorithm and providers combination:
      @@ -483,6 +487,34 @@

      + + + + + + + + + + + + + + + + + + +
      Field Summary
      Field AttributesField Name and Description
        + +
      static Array of resulted byte length of hash (ex.
      +
      + + + + @@ -499,9 +531,9 @@

      - <static>   +   -
      KJUR.crypto.MessageDigest.digest() +
      completes hash calculation and returns hash result
      @@ -509,9 +541,9 @@

      - <static>   +   -
      KJUR.crypto.MessageDigest.digestHex(hex) +
      digestHex(hex)
      performs final update on the digest using hexadecimal string, then completes the digest computation
      @@ -519,9 +551,9 @@

      - <static>   +   -
      KJUR.crypto.MessageDigest.digestString(str) +
      performs final update on the digest using string, then completes the digest computation
      @@ -531,17 +563,39 @@

      <static>   -
      KJUR.crypto.MessageDigest.setAlgAndProvider(alg, prov) +
      KJUR.crypto.MessageDigest.getCanonicalAlgName(alg)
      -
      set hash algorithm and provider -
      +
      get canonical hash algorithm name
      +This static method normalizes from any hash algorithm name such as +"SHA-1", "SHA1", "MD5", "sha512" to lower case name without hyphens +such as "sha1".
      <static>   -
      KJUR.crypto.MessageDigest.updateHex(hex) +
      KJUR.crypto.MessageDigest.getHashLength(alg) +
      +
      get resulted hash byte length for specified algorithm name
      +This static method returns resulted byte length for specified algorithm name such as "SHA-1".
      + + + + +   + +
      setAlgAndProvider(alg, prov) +
      +
      set hash algorithm and provider
      +This methods set an algorithm and a cryptographic provider.
      + + + + +   + +
      updateHex(hex)
      update digest by specified hexadecimal string
      @@ -549,9 +603,9 @@

      - <static>   +   -
      KJUR.crypto.MessageDigest.updateString(str) +
      update digest by specified string
      @@ -579,7 +633,7 @@

      - MessageDigest class which is very similar to java.security.MessageDigest class + MessageDigest class which is very similar to java.security.MessageDigest class

      Currently this supports following algorithm and providers combination:
        @@ -605,7 +659,11 @@

        // SJCL(Stanford JavaScript Crypto Library) provider sample var md = new KJUR.crypto.MessageDigest({alg: "sha256", prov: "sjcl"}); // sjcl supports sha256 only md.updateString('aaa') -var mdHex = md.digest()

    +var mdHex = md.digest() + +// HASHLENGTH property +KJUR.crypto.MessageDigest.HASHLENGTH['sha1'] &rarr 20 +KJUR.crypto.MessageDigest.HASHLENGTH['sha512'] &rarr 64 @@ -634,6 +692,33 @@

    +
    + Field Detail +
    + + +
    + + {Array} + HASHLENGTH + +
    +
    + static Array of resulted byte length of hash (ex. HASHLENGTH["sha1"] == 20) + + +
    + + + + + + + + + + + @@ -641,11 +726,11 @@

    Method Detail - -
    <static> + +
    - KJUR.crypto.MessageDigest.digest() + digest()
    @@ -671,11 +756,11 @@


    - -
    <static> + +
    - KJUR.crypto.MessageDigest.digestHex(hex) + digestHex(hex)
    @@ -712,11 +797,11 @@


    - -
    <static> + +
    - KJUR.crypto.MessageDigest.digestString(str) + digestString(str)
    @@ -753,16 +838,141 @@


    - +
    <static> + {String} + KJUR.crypto.MessageDigest.getCanonicalAlgName(alg) - KJUR.crypto.MessageDigest.setAlgAndProvider(alg, prov) +
    +
    + get canonical hash algorithm name
    +This static method normalizes from any hash algorithm name such as +"SHA-1", "SHA1", "MD5", "sha512" to lower case name without hyphens +such as "sha1". + + +
    + + + +
    KJUR.crypto.MessageDigest.getCanonicalAlgName("SHA-1") &rarr "sha1"
    +KJUR.crypto.MessageDigest.getCanonicalAlgName("MD5")   &rarr "md5"
    + + + + +
    +
    Parameters:
    + +
    + {String} alg + +
    +
    hash algorithm name (ex. MD5, SHA-1, SHA1, SHA512 et.al.)
    + +
    + + + +
    +
    Since:
    +
    jsrsasign 6.2.0 crypto 1.1.10
    +
    + + + + +
    +
    Returns:
    + +
    {String} canonical hash algorithm name
    + +
    + + + + +
    + + +
    <static> + + {Integer} + KJUR.crypto.MessageDigest.getHashLength(alg)
    - set hash algorithm and provider + get resulted hash byte length for specified algorithm name
    +This static method returns resulted byte length for specified algorithm name such as "SHA-1". + + +
    + + + +
    KJUR.crypto.MessageDigest.getHashLength("SHA-1") &rarr 20
    +KJUR.crypto.MessageDigest.getHashLength("sha1") &rarr 20
    + + + + +
    +
    Parameters:
    + +
    + {String} alg + +
    +
    non-canonicalized hash algorithm name (ex. MD5, SHA-1, SHA1, SHA512 et.al.)
    + +
    + + + +
    +
    Since:
    +
    jsrsasign 6.2.0 crypto 1.1.10
    +
    + + + + +
    +
    Returns:
    + +
    {Integer} resulted hash byte length
    + +
    + + + +
    + + +
    + + + setAlgAndProvider(alg, prov) + +
    +
    + set hash algorithm and provider
    +This methods set an algorithm and a cryptographic provider.
    +Here is acceptable algorithm names ignoring cases and hyphens: +
      +
    • MD5
    • +
    • SHA1
    • +
    • SHA224
    • +
    • SHA256
    • +
    • SHA384
    • +
    • SHA512
    • +
    • RIPEMD160
    • +
    +NOTE: Since jsrsasign 6.2.0 crypto 1.1.10, this method ignores +upper or lower cases. Also any hyphens (i.e. "-") will be ignored +so that "SHA1" or "SHA-1" will be acceptable.
    @@ -771,6 +981,7 @@

    // for SHA1
     md.setAlgAndProvider('sha1', 'cryptojs');
    +md.setAlgAndProvider('SHA1');
     // for RIPEMD160
     md.setAlgAndProvider('ripemd160', 'cryptojs');
    @@ -803,11 +1014,11 @@


    - -
    <static> + +
    - KJUR.crypto.MessageDigest.updateHex(hex) + updateHex(hex)
    @@ -844,11 +1055,11 @@


    - -
    <static> + +
    - KJUR.crypto.MessageDigest.updateString(str) + updateString(str)
    diff --git a/api/symbols/KJUR.crypto.OID.html b/api/symbols/KJUR.crypto.OID.html index ab8903d4..12305c03 100644 --- a/api/symbols/KJUR.crypto.OID.html +++ b/api/symbols/KJUR.crypto.OID.html @@ -345,6 +345,8 @@

    Classes

  • KJUR.asn1.x509.AttributeTypeAndValue
  • +
  • KJUR.asn1.x509.AuthorityInfoAccess
  • +
  • KJUR.asn1.x509.AuthorityKeyIdentifier
  • KJUR.asn1.x509.BasicConstraints
  • @@ -389,6 +391,8 @@

    Classes

  • KJUR.crypto
  • +
  • KJUR.crypto.Cipher
  • +
  • KJUR.crypto.DSA
  • KJUR.crypto.ECDSA
  • diff --git a/api/symbols/KJUR.crypto.Signature.html b/api/symbols/KJUR.crypto.Signature.html index e4c0f5c3..aee93cac 100644 --- a/api/symbols/KJUR.crypto.Signature.html +++ b/api/symbols/KJUR.crypto.Signature.html @@ -345,6 +345,8 @@

    Classes

  • KJUR.asn1.x509.AttributeTypeAndValue
  • +
  • KJUR.asn1.x509.AuthorityInfoAccess
  • +
  • KJUR.asn1.x509.AuthorityKeyIdentifier
  • KJUR.asn1.x509.BasicConstraints
  • @@ -389,6 +391,8 @@

    Classes

  • KJUR.crypto
  • +
  • KJUR.crypto.Cipher
  • +
  • KJUR.crypto.DSA
  • KJUR.crypto.ECDSA
  • @@ -519,9 +523,9 @@

    - <static>   +   -
    KJUR.crypto.Signature.init(key, pass) +
    init(key, pass)
    Initialize this object for signing or verifying depends on key This method is very useful initialize method for Signature class since @@ -531,9 +535,9 @@

    - <static>   +   -
    KJUR.crypto.Signature.initSign(param) +
    initSign(param)
    Initialize this object for signing Private key information will be provided as 'param' parameter and the value will be @@ -546,9 +550,9 @@

    - <static>   +   -
    KJUR.crypto.Signature.initVerifyByCertificatePEM(certPEM) +
    Initialize this object for verifying with a certficate
    @@ -556,9 +560,9 @@

    - <static>   +   -
    KJUR.crypto.Signature.initVerifyByPublicKey(param) +
    Initialize this object for verifying with a public key Public key information will be provided as 'param' parameter and the value will be @@ -571,9 +575,9 @@

    - <static>   +   -
    KJUR.crypto.Signature.setAlgAndProvider(alg, prov) +
    setAlgAndProvider(alg, prov)
    set signature algorithm and provider
    @@ -581,9 +585,9 @@

    - <static>   +   -
    KJUR.crypto.Signature.sign() +
    sign()
    Returns the signature bytes of all data updates as a hexadecimal string
    @@ -591,9 +595,9 @@

    - <static>   +   -
    KJUR.crypto.Signature.signHex(hex) +
    signHex(hex)
    performs final update on the sign using hexadecimal string, then returns the signature bytes of all data updates as a hexadecimal string
    @@ -601,9 +605,9 @@

    - <static>   +   -
    KJUR.crypto.Signature.signString(str) +
    performs final update on the sign using string, then returns the signature bytes of all data updates as a hexadecimal string
    @@ -611,9 +615,9 @@

    - <static>   +   -
    KJUR.crypto.Signature.updateHex(hex) +
    updateHex(hex)
    Updates the data to be signed or verified by a hexadecimal string
    @@ -621,9 +625,9 @@

    - <static>   +   -
    KJUR.crypto.Signature.updateString(str) +
    Updates the data to be signed or verified by a string
    @@ -631,9 +635,9 @@

    - <static>   +   -
    KJUR.crypto.Signature.verify(str) +
    verify(str)
    verifies the passed-in signature.
    @@ -793,11 +797,11 @@

    EXAMPLES

    Method Detail
    - -
    <static> + +
    - KJUR.crypto.Signature.init(key, pass) + init(key, pass)
    @@ -868,11 +872,11 @@
    verification

    - -
    <static> + +
    - KJUR.crypto.Signature.initSign(param) + initSign(param)
    @@ -922,11 +926,11 @@
    verification

    - -
    <static> + +
    - KJUR.crypto.Signature.initVerifyByCertificatePEM(certPEM) + initVerifyByCertificatePEM(certPEM)
    @@ -976,11 +980,11 @@
    verification

    - -
    <static> + +
    - KJUR.crypto.Signature.initVerifyByPublicKey(param) + initVerifyByPublicKey(param)
    @@ -1037,11 +1041,11 @@
    verification

    - -
    <static> + +
    - KJUR.crypto.Signature.setAlgAndProvider(alg, prov) + setAlgAndProvider(alg, prov)
    @@ -1084,11 +1088,11 @@
    verification

    - -
    <static> + +
    - KJUR.crypto.Signature.sign() + sign()
    @@ -1121,11 +1125,11 @@
    verification

    - -
    <static> + +
    - KJUR.crypto.Signature.signHex(hex) + signHex(hex)
    @@ -1169,11 +1173,11 @@
    verification

    - -
    <static> + +
    - KJUR.crypto.Signature.signString(str) + signString(str)
    @@ -1217,11 +1221,11 @@
    verification

    - -
    <static> + +
    - KJUR.crypto.Signature.updateHex(hex) + updateHex(hex)
    @@ -1258,11 +1262,11 @@
    verification

    - -
    <static> + +
    - KJUR.crypto.Signature.updateString(str) + updateString(str)
    @@ -1299,11 +1303,11 @@
    verification

    - -
    <static> + +
    {Boolean} - KJUR.crypto.Signature.verify(str) + verify(str)
    diff --git a/api/symbols/KJUR.crypto.Util.html b/api/symbols/KJUR.crypto.Util.html index dd9a0db3..1c7458c7 100644 --- a/api/symbols/KJUR.crypto.Util.html +++ b/api/symbols/KJUR.crypto.Util.html @@ -345,6 +345,8 @@

    Classes

  • KJUR.asn1.x509.AttributeTypeAndValue
  • +
  • KJUR.asn1.x509.AuthorityInfoAccess
  • +
  • KJUR.asn1.x509.AuthorityKeyIdentifier
  • KJUR.asn1.x509.BasicConstraints
  • @@ -389,6 +391,8 @@

    Classes

  • KJUR.crypto
  • +
  • KJUR.crypto.Cipher
  • +
  • KJUR.crypto.DSA
  • KJUR.crypto.ECDSA
  • diff --git a/api/symbols/KJUR.crypto.html b/api/symbols/KJUR.crypto.html index 20c0a579..214a4552 100644 --- a/api/symbols/KJUR.crypto.html +++ b/api/symbols/KJUR.crypto.html @@ -345,6 +345,8 @@

    Classes

  • KJUR.asn1.x509.AttributeTypeAndValue
  • +
  • KJUR.asn1.x509.AuthorityInfoAccess
  • +
  • KJUR.asn1.x509.AuthorityKeyIdentifier
  • KJUR.asn1.x509.BasicConstraints
  • @@ -389,6 +391,8 @@

    Classes

  • KJUR.crypto
  • +
  • KJUR.crypto.Cipher
  • +
  • KJUR.crypto.DSA
  • KJUR.crypto.ECDSA
  • @@ -686,6 +690,7 @@

    NOTE: Please ignore method summary and document of this namespace. This caused by a bug of jsdoc2. diff --git a/api/symbols/KJUR.html b/api/symbols/KJUR.html index 1b79497b..e89d8ac5 100644 --- a/api/symbols/KJUR.html +++ b/api/symbols/KJUR.html @@ -345,6 +345,8 @@

    Classes

  • KJUR.asn1.x509.AttributeTypeAndValue
  • +
  • KJUR.asn1.x509.AuthorityInfoAccess
  • +
  • KJUR.asn1.x509.AuthorityKeyIdentifier
  • KJUR.asn1.x509.BasicConstraints
  • @@ -389,6 +391,8 @@

    Classes

  • KJUR.crypto
  • +
  • KJUR.crypto.Cipher
  • +
  • KJUR.crypto.DSA
  • KJUR.crypto.ECDSA
  • diff --git a/api/symbols/KJUR.jws.IntDate.html b/api/symbols/KJUR.jws.IntDate.html index 56f89cb9..73c58c60 100644 --- a/api/symbols/KJUR.jws.IntDate.html +++ b/api/symbols/KJUR.jws.IntDate.html @@ -345,6 +345,8 @@

    Classes

  • KJUR.asn1.x509.AttributeTypeAndValue
  • +
  • KJUR.asn1.x509.AuthorityInfoAccess
  • +
  • KJUR.asn1.x509.AuthorityKeyIdentifier
  • KJUR.asn1.x509.BasicConstraints
  • @@ -389,6 +391,8 @@

    Classes

  • KJUR.crypto
  • +
  • KJUR.crypto.Cipher
  • +
  • KJUR.crypto.DSA
  • KJUR.crypto.ECDSA
  • diff --git a/api/symbols/KJUR.jws.JWS.html b/api/symbols/KJUR.jws.JWS.html index d5e0989d..dd93da60 100644 --- a/api/symbols/KJUR.jws.JWS.html +++ b/api/symbols/KJUR.jws.JWS.html @@ -345,6 +345,8 @@

    Classes

  • KJUR.asn1.x509.AttributeTypeAndValue
  • +
  • KJUR.asn1.x509.AuthorityInfoAccess
  • +
  • KJUR.asn1.x509.AuthorityKeyIdentifier
  • KJUR.asn1.x509.BasicConstraints
  • @@ -389,6 +391,8 @@

    Classes

  • KJUR.crypto
  • +
  • KJUR.crypto.Cipher
  • +
  • KJUR.crypto.DSA
  • KJUR.crypto.ECDSA
  • @@ -1302,8 +1306,8 @@

    SUPPORTED SIGNATURE ALGORITHMS

    NOTE3: From jsrsasign 4.10.0 jws 3.3.0, Way to provide password for HS* algorithm is changed. The 'key' attribute value is -passed to KJUR.crypto.Mac.setPassword so please see -KJUR.crypto.Mac.setPassword for detail. +passed to KJUR.crypto.Mac.setPassword so please see +KJUR.crypto.Mac.setPassword for detail. As for backword compatibility, if key is a string, has even length and 0..9, A-F or a-f characters, key string is treated as a hexadecimal otherwise it is treated as a raw string. @@ -1441,8 +1445,8 @@

    SUPPORTED SIGNATURE ALGORITHMS

    NOTE2: From jsrsasign 4.9.0 jws 3.2.5, Way to provide password for HS* algorithm is changed. The 'key' attribute value is -passed to KJUR.crypto.Mac.setPassword so please see -KJUR.crypto.Mac.setPassword for detail. +passed to KJUR.crypto.Mac.setPassword so please see +KJUR.crypto.Mac.setPassword for detail. As for backword compatibility, if key is a string, has even length and 0..9, A-F or a-f characters, key string is treated as a hexadecimal otherwise it is treated as a raw string. diff --git a/api/symbols/KJUR.jws.JWSJS.html b/api/symbols/KJUR.jws.JWSJS.html index 0e0abbe1..056fc6d2 100644 --- a/api/symbols/KJUR.jws.JWSJS.html +++ b/api/symbols/KJUR.jws.JWSJS.html @@ -345,6 +345,8 @@

    Classes

  • KJUR.asn1.x509.AttributeTypeAndValue
  • +
  • KJUR.asn1.x509.AuthorityInfoAccess
  • +
  • KJUR.asn1.x509.AuthorityKeyIdentifier
  • KJUR.asn1.x509.BasicConstraints
  • @@ -389,6 +391,8 @@

    Classes

  • KJUR.crypto
  • +
  • KJUR.crypto.Cipher
  • +
  • KJUR.crypto.DSA
  • KJUR.crypto.ECDSA
  • diff --git a/api/symbols/KJUR.jws.html b/api/symbols/KJUR.jws.html index 76a7a6f1..fd0f4ab3 100644 --- a/api/symbols/KJUR.jws.html +++ b/api/symbols/KJUR.jws.html @@ -345,6 +345,8 @@

    Classes

  • KJUR.asn1.x509.AttributeTypeAndValue
  • +
  • KJUR.asn1.x509.AuthorityInfoAccess
  • +
  • KJUR.asn1.x509.AuthorityKeyIdentifier
  • KJUR.asn1.x509.BasicConstraints
  • @@ -389,6 +391,8 @@

    Classes

  • KJUR.crypto
  • +
  • KJUR.crypto.Cipher
  • +
  • KJUR.crypto.DSA
  • KJUR.crypto.ECDSA
  • diff --git a/api/symbols/KJUR.lang.String.html b/api/symbols/KJUR.lang.String.html index 80c76ef9..4a676a74 100644 --- a/api/symbols/KJUR.lang.String.html +++ b/api/symbols/KJUR.lang.String.html @@ -345,6 +345,8 @@

    Classes

  • KJUR.asn1.x509.AttributeTypeAndValue
  • +
  • KJUR.asn1.x509.AuthorityInfoAccess
  • +
  • KJUR.asn1.x509.AuthorityKeyIdentifier
  • KJUR.asn1.x509.BasicConstraints
  • @@ -389,6 +391,8 @@

    Classes

  • KJUR.crypto
  • +
  • KJUR.crypto.Cipher
  • +
  • KJUR.crypto.DSA
  • KJUR.crypto.ECDSA
  • diff --git a/api/symbols/PKCS5PKEY.html b/api/symbols/PKCS5PKEY.html index a9c28ed5..baf6b561 100644 --- a/api/symbols/PKCS5PKEY.html +++ b/api/symbols/PKCS5PKEY.html @@ -345,6 +345,8 @@

    Classes

  • KJUR.asn1.x509.AttributeTypeAndValue
  • +
  • KJUR.asn1.x509.AuthorityInfoAccess
  • +
  • KJUR.asn1.x509.AuthorityKeyIdentifier
  • KJUR.asn1.x509.BasicConstraints
  • @@ -389,6 +391,8 @@

    Classes

  • KJUR.crypto
  • +
  • KJUR.crypto.Cipher
  • +
  • KJUR.crypto.DSA
  • KJUR.crypto.ECDSA
  • diff --git a/api/symbols/RSAKey.html b/api/symbols/RSAKey.html index 6f2005f0..a7d2cca5 100644 --- a/api/symbols/RSAKey.html +++ b/api/symbols/RSAKey.html @@ -345,6 +345,8 @@

    Classes

  • KJUR.asn1.x509.AttributeTypeAndValue
  • +
  • KJUR.asn1.x509.AuthorityInfoAccess
  • +
  • KJUR.asn1.x509.AuthorityKeyIdentifier
  • KJUR.asn1.x509.BasicConstraints
  • @@ -389,6 +391,8 @@

    Classes

  • KJUR.crypto
  • +
  • KJUR.crypto.Cipher
  • +
  • KJUR.crypto.DSA
  • KJUR.crypto.ECDSA
  • diff --git a/api/symbols/X509.html b/api/symbols/X509.html index 8d7bc416..2264e706 100644 --- a/api/symbols/X509.html +++ b/api/symbols/X509.html @@ -345,6 +345,8 @@

    Classes

  • KJUR.asn1.x509.AttributeTypeAndValue
  • +
  • KJUR.asn1.x509.AuthorityInfoAccess
  • +
  • KJUR.asn1.x509.AuthorityKeyIdentifier
  • KJUR.asn1.x509.BasicConstraints
  • @@ -389,6 +391,8 @@

    Classes

  • KJUR.crypto
  • +
  • KJUR.crypto.Cipher
  • +
  • KJUR.crypto.DSA
  • KJUR.crypto.ECDSA
  • @@ -854,8 +858,8 @@

    X509.getV3ExtItemInfo_AtObj(hCert, pos)
    get X.509 V3 extension value information at the specified position -This method will get some information of a X.509 V extension -which is referred by an index of hexadecimal string of X.509 +This method will get some information of a X.509 V extension +which is referred by an index of hexadecimal string of X.509 certificate.
    @@ -1419,7 +1423,7 @@

    bKeyUsage = X509.getExtKeyUsageBin(hCert);
     // bKeyUsage will be such like '101'.
    -// 1 - digitalSignature 
    +// 1 - digitalSignature
     // 0 - nonRepudiation
     // 1 - keyEncipherment
    @@ -1646,7 +1650,7 @@

    get X.509 V3 extension value ASN.1 TLV for specified oid or name This method will get X.509v3 extension value of ASN.1 TLV -which is specifyed by extension name or oid. +which is specifyed by extension name or oid. If there is no such extension in the certificate, it returns null. @@ -1709,7 +1713,7 @@

    get X.509 V3 extension value ASN.1 V for specified oid or name This method will get X.509v3 extension value of ASN.1 value -which is specifyed by extension name or oid. +which is specifyed by extension name or oid. If there is no such extension in the certificate, it returns null. Available extension names and oids are defined in the KJUR.asn1.x509.OID class. @@ -1790,7 +1794,7 @@

    notBefore: 061110000000Z notAfter: 311110000000Z subject: /C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert High Assurance EV Root CA - subject public key info: + subject public key info: key algorithm: RSA n=c6cce573e6fbd4bb... e=10001 @@ -1993,7 +1997,7 @@

    get index in the certificate hexa string for specified oid or name specified extension This method will get X.509v3 extension value of ASN.1 V(value) -which is specifyed by extension name or oid. +which is specifyed by extension name or oid. If there is no such extension in the certificate, it returns -1. Available extension names and oids are defined @@ -2645,9 +2649,9 @@

    get X.509 V3 extension value information at the specified position -This method will get some information of a X.509 V extension -which is referred by an index of hexadecimal string of X.509 -certificate. +This method will get some information of a X.509 V extension +which is referred by an index of hexadecimal string of X.509 +certificate. Resulting object has following properties:
    • posTLV - index of ASN.1 TLV for the extension. same as 'pos' argument.
    • diff --git a/api/symbols/global__.html b/api/symbols/global__.html index 4f655507..185aec98 100644 --- a/api/symbols/global__.html +++ b/api/symbols/global__.html @@ -345,6 +345,8 @@

      Classes

    • KJUR.asn1.x509.AttributeTypeAndValue
    • +
    • KJUR.asn1.x509.AuthorityInfoAccess
    • +
    • KJUR.asn1.x509.AuthorityKeyIdentifier
    • KJUR.asn1.x509.BasicConstraints
    • @@ -389,6 +391,8 @@

      Classes

    • KJUR.crypto
    • +
    • KJUR.crypto.Cipher
    • +
    • KJUR.crypto.DSA
    • KJUR.crypto.ECDSA
    • diff --git a/api/symbols/src/asn1x509-1.0.js.html b/api/symbols/src/asn1x509-1.0.js.html index 65ca9c07..8a0200f6 100644 --- a/api/symbols/src/asn1x509-1.0.js.html +++ b/api/symbols/src/asn1x509-1.0.js.html @@ -5,7 +5,7 @@ .STRN {color: #393;} .REGX {color: #339;} .line {border-right: 1px dotted #666; color: #666; font-style: normal;} -
        1 /*! asn1x509-1.0.15.js (c) 2013-2016 Kenji Urushima | kjur.github.com/jsrsasign/license
      +	
        1 /*! asn1x509-1.0.17.js (c) 2013-2016 Kenji Urushima | kjur.github.com/jsrsasign/license
         2  */
         3 /*
         4  * asn1x509.js - ASN.1 DER encoder classes for X.509 certificate
      @@ -15,7 +15,7 @@
         8  * This software is licensed under the terms of the MIT License.
         9  * http://kjur.github.com/jsrsasign/license
        10  *
      - 11  * The above copyright and license notice shall be 
      + 11  * The above copyright and license notice shall be
        12  * included in all copies or substantial portions of the Software.
        13  */
        14 
      @@ -23,12 +23,12 @@
        16  * @fileOverview
        17  * @name asn1x509-1.0.js
        18  * @author Kenji Urushima kenji.urushima@gmail.com
      - 19  * @version 1.0.15 (2016-Oct-08)
      + 19  * @version 1.0.17 (2016-Nov-18)
        20  * @since jsrsasign 2.1
        21  * @license <a href="http://kjur.github.io/jsrsasign/license/">MIT License</a>
        22  */
        23 
      - 24 /** 
      + 24 /**
        25  * kjur's class library name space
        26  * // already documented in asn1-1.0.js
        27  * @name KJUR
      @@ -79,2093 +79,2303 @@
        72  * <li>{@link KJUR.asn1.x509.CRLDistributionPoints}</li>
        73  * <li>{@link KJUR.asn1.x509.ExtKeyUsage}</li>
        74  * <li>{@link KJUR.asn1.x509.AuthorityKeyIdentifier}</li>
      - 75  * </ul>
      - 76  * NOTE: Please ignore method summary and document of this namespace. This caused by a bug of jsdoc2.
      - 77  * @name KJUR.asn1.x509
      - 78  * @namespace
      - 79  */
      - 80 if (typeof KJUR.asn1.x509 == "undefined" || !KJUR.asn1.x509) KJUR.asn1.x509 = {};
      - 81 
      - 82 // === BEGIN Certificate ===================================================
      - 83 
      - 84 /**
      - 85  * X.509 Certificate class to sign and generate hex encoded certificate
      - 86  * @name KJUR.asn1.x509.Certificate
      - 87  * @class X.509 Certificate class to sign and generate hex encoded certificate
      - 88  * @param {Array} params associative array of parameters (ex. {'tbscertobj': obj, 'prvkeyobj': key})
      - 89  * @extends KJUR.asn1.ASN1Object
      - 90  * @description
      - 91  * <br/>
      - 92  * As for argument 'params' for constructor, you can specify one of
      - 93  * following properties:
      - 94  * <ul>
      - 95  * <li>tbscertobj - specify {@link KJUR.asn1.x509.TBSCertificate} object</li>
      - 96  * <li>prvkeyobj - specify {@link RSAKey}, {@link KJUR.crypto.ECDSA} or {@link KJUR.crypto.DSA} object for CA private key to sign the certificate</li>
      - 97  * <li>(DEPRECATED)rsaprvkey - specify {@link RSAKey} object CA private key</li>
      - 98  * <li>(DEPRECATED)rsaprvpem - specify PEM string of RSA CA private key</li>
      - 99  * </ul>
      -100  * NOTE1: 'params' can be omitted.<br/>
      -101  * NOTE2: DSA/ECDSA is also supported for CA signging key from asn1x509 1.0.6.
      -102  * @example
      -103  * var caKey = KEYUTIL.getKey(caKeyPEM); // CA's private key
      -104  * var cert = new KJUR.asn1x509.Certificate({'tbscertobj': tbs, 'prvkeyobj': caKey});
      -105  * cert.sign(); // issue certificate by CA's private key
      -106  * var certPEM = cert.getPEMString();
      -107  *
      -108  * // Certificate  ::=  SEQUENCE  {
      -109  * //     tbsCertificate       TBSCertificate,
      -110  * //     signatureAlgorithm   AlgorithmIdentifier,
      -111  * //     signature            BIT STRING  }        
      -112  */
      -113 KJUR.asn1.x509.Certificate = function(params) {
      -114     KJUR.asn1.x509.Certificate.superclass.constructor.call(this);
      -115     var asn1TBSCert = null;
      -116     var asn1SignatureAlg = null;
      -117     var asn1Sig = null;
      -118     var hexSig = null;
      -119     var prvKey = null;
      -120     var rsaPrvKey = null; // DEPRECATED
      -121 
      -122     
      -123     /**
      -124      * set PKCS#5 encrypted RSA PEM private key as CA key
      -125      * @name setRsaPrvKeyByPEMandPass
      -126      * @memberOf KJUR.asn1.x509.Certificate
      -127      * @function
      -128      * @param {String} rsaPEM string of PKCS#5 encrypted RSA PEM private key
      -129      * @param {String} passPEM passcode string to decrypt private key
      -130      * @since 1.0.1
      -131      * @description
      -132      * <br/>
      -133      * <h4>EXAMPLES</h4>
      -134      * @example
      -135      * var cert = new KJUR.asn1.x509.Certificate({'tbscertobj': tbs});
      -136      * cert.setRsaPrvKeyByPEMandPass("-----BEGIN RSA PRIVATE..(snip)", "password");
      -137      */
      -138     this.setRsaPrvKeyByPEMandPass = function(rsaPEM, passPEM) {
      -139         var caKeyHex = PKCS5PKEY.getDecryptedKeyHex(rsaPEM, passPEM);
      -140         var caKey = new RSAKey();
      -141         caKey.readPrivateKeyFromASN1HexString(caKeyHex);  
      -142         this.prvKey = caKey;
      -143     };
      -144 
      -145     /**
      -146      * sign TBSCertificate and set signature value internally
      -147      * @name sign
      -148      * @memberOf KJUR.asn1.x509.Certificate
      -149      * @function
      -150      * @description
      -151      * @example
      -152      * var cert = new KJUR.asn1.x509.Certificate({'tbscertobj': tbs, 'rsaprvkey': prvKey});
      -153      * cert.sign();
      -154      */
      -155     this.sign = function() {
      -156         this.asn1SignatureAlg = this.asn1TBSCert.asn1SignatureAlg;
      -157 
      -158         sig = new KJUR.crypto.Signature({'alg': 'SHA1withRSA'});
      -159         sig.init(this.prvKey);
      -160         sig.updateHex(this.asn1TBSCert.getEncodedHex());
      -161         this.hexSig = sig.sign();
      -162 
      -163         this.asn1Sig = new KJUR.asn1.DERBitString({'hex': '00' + this.hexSig});
      -164         
      -165         var seq = new KJUR.asn1.DERSequence({'array': [this.asn1TBSCert,
      -166                                                        this.asn1SignatureAlg,
      -167                                                        this.asn1Sig]});
      -168         this.hTLV = seq.getEncodedHex();
      -169         this.isModified = false;
      -170     };
      -171 
      -172     /**
      -173      * set signature value internally by hex string
      -174      * @name setSignatureHex
      -175      * @memberOf KJUR.asn1.x509.Certificate
      -176      * @function
      -177      * @since asn1x509 1.0.8
      -178      * @description
      -179      * @example
      -180      * var cert = new KJUR.asn1.x509.Certificate({'tbscertobj': tbs});
      -181      * cert.setSignatureHex('01020304');
      -182      */
      -183     this.setSignatureHex = function(sigHex) {
      -184         this.asn1SignatureAlg = this.asn1TBSCert.asn1SignatureAlg;
      -185         this.hexSig = sigHex;
      -186         this.asn1Sig = new KJUR.asn1.DERBitString({'hex': '00' + this.hexSig});
      -187 
      -188         var seq = new KJUR.asn1.DERSequence({'array': [this.asn1TBSCert,
      -189                                                        this.asn1SignatureAlg,
      -190                                                        this.asn1Sig]});
      -191         this.hTLV = seq.getEncodedHex();
      -192         this.isModified = false;
      -193     };
      -194 
      -195     this.getEncodedHex = function() {
      -196         if (this.isModified == false && this.hTLV != null) return this.hTLV;
      -197         throw "not signed yet";
      -198     };
      -199 
      -200     /**
      -201      * get PEM formatted certificate string after signed
      -202      * @name getPEMString
      -203      * @memberOf KJUR.asn1.x509.Certificate
      -204      * @function
      -205      * @return PEM formatted string of certificate
      -206      * @description
      -207      * @example
      -208      * var cert = new KJUR.asn1.x509.Certificate({'tbscertobj': tbs, 'rsaprvkey': prvKey});
      -209      * cert.sign();
      -210      * var sPEM =  cert.getPEMString();
      -211      */
      -212     this.getPEMString = function() {
      -213         var hCert = this.getEncodedHex();
      -214         var wCert = CryptoJS.enc.Hex.parse(hCert);
      -215         var b64Cert = CryptoJS.enc.Base64.stringify(wCert);
      -216         var pemBody = b64Cert.replace(/(.{64})/g, "$1\r\n");
      -217         return "-----BEGIN CERTIFICATE-----\r\n" + pemBody + "\r\n-----END CERTIFICATE-----\r\n";
      -218     };
      -219 
      -220     if (typeof params != "undefined") {
      -221         if (typeof params['tbscertobj'] != "undefined") {
      -222             this.asn1TBSCert = params['tbscertobj'];
      -223         }
      -224         if (typeof params['prvkeyobj'] != "undefined") {
      -225             this.prvKey = params['prvkeyobj'];
      -226         } else if (typeof params['rsaprvkey'] != "undefined") {
      -227             this.prvKey = params['rsaprvkey'];
      -228         } else if ((typeof params['rsaprvpem'] != "undefined") &&
      -229                    (typeof params['rsaprvpas'] != "undefined")) {
      -230             this.setRsaPrvKeyByPEMandPass(params['rsaprvpem'], params['rsaprvpas']);
      -231         }
      -232     }
      -233 };
      -234 YAHOO.lang.extend(KJUR.asn1.x509.Certificate, KJUR.asn1.ASN1Object);
      -235 
      -236 /**
      -237  * ASN.1 TBSCertificate structure class
      -238  * @name KJUR.asn1.x509.TBSCertificate
      -239  * @class ASN.1 TBSCertificate structure class
      -240  * @param {Array} params associative array of parameters (ex. {})
      -241  * @extends KJUR.asn1.ASN1Object
      -242  * @description
      -243  * <br/>
      -244  * <h4>EXAMPLE</h4>
      -245  * @example
      -246  *  var o = new KJUR.asn1.x509.TBSCertificate();
      -247  *  o.setSerialNumberByParam({'int': 4});
      -248  *  o.setSignatureAlgByParam({'name': 'SHA1withRSA'});
      -249  *  o.setIssuerByParam({'str': '/C=US/O=a'});
      -250  *  o.setNotBeforeByParam({'str': '130504235959Z'});
      -251  *  o.setNotAfterByParam({'str': '140504235959Z'});
      -252  *  o.setSubjectByParam({'str': '/C=US/CN=b'});
      -253  *  o.setSubjectPublicKeyByParam({'rsakey': rsaKey});
      -254  *  o.appendExtension(new KJUR.asn1.x509.BasicConstraints({'cA':true}));
      -255  *  o.appendExtension(new KJUR.asn1.x509.KeyUsage({'bin':'11'}));
      -256  */
      -257 KJUR.asn1.x509.TBSCertificate = function(params) {
      -258     KJUR.asn1.x509.TBSCertificate.superclass.constructor.call(this);
      -259 
      -260     this._initialize = function() {
      -261         this.asn1Array = new Array();
      -262 
      -263         this.asn1Version = 
      -264             new KJUR.asn1.DERTaggedObject({'obj': new KJUR.asn1.DERInteger({'int': 2})});
      -265         this.asn1SerialNumber = null;
      -266         this.asn1SignatureAlg = null;
      -267         this.asn1Issuer = null;
      -268         this.asn1NotBefore = null;
      -269         this.asn1NotAfter = null;
      -270         this.asn1Subject = null;
      -271         this.asn1SubjPKey = null;
      -272         this.extensionsArray = new Array();
      -273     };
      -274 
      -275     /**
      -276      * set serial number field by parameter
      -277      * @name setSerialNumberByParam
      -278      * @memberOf KJUR.asn1.x509.TBSCertificate
      -279      * @function
      -280      * @param {Array} intParam DERInteger param
      -281      * @description
      -282      * @example
      -283      * tbsc.setSerialNumberByParam({'int': 3});
      -284      */
      -285     this.setSerialNumberByParam = function(intParam) {
      -286         this.asn1SerialNumber = new KJUR.asn1.DERInteger(intParam);
      -287     };
      -288 
      -289     /**
      -290      * set signature algorithm field by parameter
      -291      * @name setSignatureAlgByParam
      -292      * @memberOf KJUR.asn1.x509.TBSCertificate
      -293      * @function
      -294      * @param {Array} algIdParam AlgorithmIdentifier parameter
      -295      * @description
      -296      * @example
      -297      * tbsc.setSignatureAlgByParam({'name': 'SHA1withRSA'});
      -298      */
      -299     this.setSignatureAlgByParam = function(algIdParam) {
      -300         this.asn1SignatureAlg = new KJUR.asn1.x509.AlgorithmIdentifier(algIdParam);
      -301     };
      -302 
      -303     /**
      -304      * set issuer name field by parameter
      -305      * @name setIssuerByParam
      -306      * @memberOf KJUR.asn1.x509.TBSCertificate
      -307      * @function
      -308      * @param {Array} x500NameParam X500Name parameter
      -309      * @description
      -310      * @example
      -311      * tbsc.setIssuerParam({'str': '/C=US/CN=b'});
      -312      * @see KJUR.asn1.x509.X500Name
      -313      */
      -314     this.setIssuerByParam = function(x500NameParam) {
      -315         this.asn1Issuer = new KJUR.asn1.x509.X500Name(x500NameParam);
      -316     };
      -317 
      -318     /**
      -319      * set notBefore field by parameter
      -320      * @name setNotBeforeByParam
      -321      * @memberOf KJUR.asn1.x509.TBSCertificate
      -322      * @function
      -323      * @param {Array} timeParam Time parameter
      -324      * @description
      -325      * @example
      -326      * tbsc.setNotBeforeByParam({'str': '130508235959Z'});
      -327      * @see KJUR.asn1.x509.Time
      -328      */
      -329     this.setNotBeforeByParam = function(timeParam) {
      -330         this.asn1NotBefore = new KJUR.asn1.x509.Time(timeParam);
      -331     };
      -332     
      -333     /**
      -334      * set notAfter field by parameter
      -335      * @name setNotAfterByParam
      -336      * @memberOf KJUR.asn1.x509.TBSCertificate
      -337      * @function
      -338      * @param {Array} timeParam Time parameter
      -339      * @description
      -340      * @example
      -341      * tbsc.setNotAfterByParam({'str': '130508235959Z'});
      -342      * @see KJUR.asn1.x509.Time
      -343      */
      -344     this.setNotAfterByParam = function(timeParam) {
      -345         this.asn1NotAfter = new KJUR.asn1.x509.Time(timeParam);
      -346     };
      -347 
      -348     /**
      -349      * set subject name field by parameter
      -350      * @name setSubjectByParam
      -351      * @memberOf KJUR.asn1.x509.TBSCertificate
      -352      * @function
      -353      * @param {Array} x500NameParam X500Name parameter
      -354      * @description
      -355      * @example
      -356      * tbsc.setSubjectParam({'str': '/C=US/CN=b'});
      -357      * @see KJUR.asn1.x509.X500Name
      -358      */
      -359     this.setSubjectByParam = function(x500NameParam) {
      -360         this.asn1Subject = new KJUR.asn1.x509.X500Name(x500NameParam);
      -361     };
      -362 
      -363     /**
      -364      * (DEPRECATED) set subject public key info field by RSA key parameter
      -365      * @name setSubjectPublicKeyByParam
      -366      * @memberOf KJUR.asn1.x509.TBSCertificate
      -367      * @function
      -368      * @param {Array} subjPKeyParam SubjectPublicKeyInfo parameter of RSA
      -369      * @deprecated
      -370      * @description
      -371      * @example
      -372      * tbsc.setSubjectPublicKeyByParam({'rsakey': pubKey});
      -373      * @see KJUR.asn1.x509.SubjectPublicKeyInfo
      -374      */
      -375     this.setSubjectPublicKeyByParam = function(subjPKeyParam) {
      -376         this.asn1SubjPKey = new KJUR.asn1.x509.SubjectPublicKeyInfo(subjPKeyParam);
      -377     };
      -378 
      -379     /**
      -380      * set subject public key info by RSA/ECDSA/DSA key parameter
      -381      * @name setSubjectPublicKeyByGetKey
      -382      * @memberOf KJUR.asn1.x509.TBSCertificate
      -383      * @function
      -384      * @param {Object} keyParam public key parameter which passed to {@link KEYUTIL.getKey} argument
      -385      * @description
      -386      * @example
      -387      * tbsc.setSubjectPublicKeyByGetKeyParam(certPEMString); // or 
      -388      * tbsc.setSubjectPublicKeyByGetKeyParam(pkcs8PublicKeyPEMString); // or 
      -389      * tbsc.setSubjectPublicKeyByGetKeyParam(kjurCryptoECDSAKeyObject); // et.al.
      -390      * @see KJUR.asn1.x509.SubjectPublicKeyInfo
      -391      * @see KEYUTIL.getKey
      -392      * @since asn1x509 1.0.6
      -393      */
      -394     this.setSubjectPublicKeyByGetKey = function(keyParam) {
      -395         var keyObj = KEYUTIL.getKey(keyParam);
      -396         this.asn1SubjPKey = new KJUR.asn1.x509.SubjectPublicKeyInfo(keyObj);
      -397     };
      -398 
      -399     /**
      -400      * append X.509v3 extension to this object
      -401      * @name appendExtension
      -402      * @memberOf KJUR.asn1.x509.TBSCertificate
      -403      * @function
      -404      * @param {Extension} extObj X.509v3 Extension object
      -405      * @description
      -406      * @example
      -407      * tbsc.appendExtension(new KJUR.asn1.x509.BasicConstraints({'cA':true, 'critical': true}));
      -408      * tbsc.appendExtension(new KJUR.asn1.x509.KeyUsage({'bin':'11'}));
      -409      * @see KJUR.asn1.x509.Extension
      -410      */
      -411     this.appendExtension = function(extObj) {
      -412         this.extensionsArray.push(extObj);
      -413     };
      -414 
      -415     /**
      -416      * append X.509v3 extension to this object by name and parameters
      -417      * @name appendExtensionByName
      -418      * @memberOf KJUR.asn1.x509.TBSCertificate
      -419      * @function
      -420      * @param {name} name name of X.509v3 Extension object
      -421      * @param {Array} extParams parameters as argument of Extension constructor.
      -422      * @description
      -423      * @example
      -424      * tbsc.appendExtensionByName('BasicConstraints', {'cA':true, 'critical': true});
      -425      * tbsc.appendExtensionByName('KeyUsage', {'bin':'11'});
      -426      * tbsc.appendExtensionByName('CRLDistributionPoints', {uri: 'http://aaa.com/a.crl'});
      -427      * tbsc.appendExtensionByName('ExtKeyUsage', {array: [{name: 'clientAuth'}]});
      -428      * tbsc.appendExtensionByName('AuthorityKeyIdentifier', {kid: '1234ab..'});
      -429      * @see KJUR.asn1.x509.Extension
      -430      */
      -431     this.appendExtensionByName = function(name, extParams) {
      -432         if (name.toLowerCase() == "basicconstraints") {
      -433             var extObj = new KJUR.asn1.x509.BasicConstraints(extParams);
      -434             this.appendExtension(extObj);
      -435         } else if (name.toLowerCase() == "keyusage") {
      -436             var extObj = new KJUR.asn1.x509.KeyUsage(extParams);
      -437             this.appendExtension(extObj);
      -438         } else if (name.toLowerCase() == "crldistributionpoints") {
      -439             var extObj = new KJUR.asn1.x509.CRLDistributionPoints(extParams);
      -440             this.appendExtension(extObj);
      -441         } else if (name.toLowerCase() == "extkeyusage") {
      -442             var extObj = new KJUR.asn1.x509.ExtKeyUsage(extParams);
      -443             this.appendExtension(extObj);
      -444         } else if (name.toLowerCase() == "authoritykeyidentifier") {
      -445             var extObj = new KJUR.asn1.x509.AuthorityKeyIdentifier(extParams);
      -446             this.appendExtension(extObj);
      -447         } else {
      -448             throw "unsupported extension name: " + name;
      -449         }
      -450     };
      -451 
      -452     this.getEncodedHex = function() {
      -453         if (this.asn1NotBefore == null || this.asn1NotAfter == null)
      -454             throw "notBefore and/or notAfter not set";
      -455         var asn1Validity = 
      -456             new KJUR.asn1.DERSequence({'array':[this.asn1NotBefore, this.asn1NotAfter]});
      -457 
      -458         this.asn1Array = new Array();
      -459 
      -460         this.asn1Array.push(this.asn1Version);
      -461         this.asn1Array.push(this.asn1SerialNumber);
      -462         this.asn1Array.push(this.asn1SignatureAlg);
      -463         this.asn1Array.push(this.asn1Issuer);
      -464         this.asn1Array.push(asn1Validity);
      -465         this.asn1Array.push(this.asn1Subject);
      -466         this.asn1Array.push(this.asn1SubjPKey);
      -467 
      -468         if (this.extensionsArray.length > 0) {
      -469             var extSeq = new KJUR.asn1.DERSequence({"array": this.extensionsArray});
      -470             var extTagObj = new KJUR.asn1.DERTaggedObject({'explicit': true,
      -471                                                            'tag': 'a3',
      -472                                                            'obj': extSeq});
      -473             this.asn1Array.push(extTagObj);
      -474         }
      -475 
      -476         var o = new KJUR.asn1.DERSequence({"array": this.asn1Array});
      -477         this.hTLV = o.getEncodedHex();
      -478         this.isModified = false;
      -479         return this.hTLV;
      -480     };
      -481 
      -482     this._initialize();
      -483 };
      -484 YAHOO.lang.extend(KJUR.asn1.x509.TBSCertificate, KJUR.asn1.ASN1Object);
      -485 
      -486 // === END   TBSCertificate ===================================================
      -487 
      -488 // === BEGIN X.509v3 Extensions Related =======================================
      -489 
      -490 /**
      -491  * base Extension ASN.1 structure class
      -492  * @name KJUR.asn1.x509.Extension
      -493  * @class base Extension ASN.1 structure class
      -494  * @param {Array} params associative array of parameters (ex. {'critical': true})
      -495  * @extends KJUR.asn1.ASN1Object
      -496  * @description
      -497  * @example
      -498  * // Extension  ::=  SEQUENCE  {
      -499  * //     extnID      OBJECT IDENTIFIER,
      -500  * //     critical    BOOLEAN DEFAULT FALSE,
      -501  * //     extnValue   OCTET STRING  }
      -502  */
      -503 KJUR.asn1.x509.Extension = function(params) {
      -504     KJUR.asn1.x509.Extension.superclass.constructor.call(this);
      -505     var asn1ExtnValue = null;
      -506 
      -507     this.getEncodedHex = function() {
      -508         var asn1Oid = new KJUR.asn1.DERObjectIdentifier({'oid': this.oid});
      -509         var asn1EncapExtnValue = 
      -510             new KJUR.asn1.DEROctetString({'hex': this.getExtnValueHex()});
      + 75  * <li>{@link KJUR.asn1.x509.AuthorityInfoAccess}</li>
      + 76  * </ul>
      + 77  * NOTE: Please ignore method summary and document of this namespace. This caused by a bug of jsdoc2.
      + 78  * @name KJUR.asn1.x509
      + 79  * @namespace
      + 80  */
      + 81 if (typeof KJUR.asn1.x509 == "undefined" || !KJUR.asn1.x509) KJUR.asn1.x509 = {};
      + 82 
      + 83 // === BEGIN Certificate ===================================================
      + 84 
      + 85 /**
      + 86  * X.509 Certificate class to sign and generate hex encoded certificate
      + 87  * @name KJUR.asn1.x509.Certificate
      + 88  * @class X.509 Certificate class to sign and generate hex encoded certificate
      + 89  * @param {Array} params associative array of parameters (ex. {'tbscertobj': obj, 'prvkeyobj': key})
      + 90  * @extends KJUR.asn1.ASN1Object
      + 91  * @description
      + 92  * <br/>
      + 93  * As for argument 'params' for constructor, you can specify one of
      + 94  * following properties:
      + 95  * <ul>
      + 96  * <li>tbscertobj - specify {@link KJUR.asn1.x509.TBSCertificate} object</li>
      + 97  * <li>prvkeyobj - specify {@link RSAKey}, {@link KJUR.crypto.ECDSA} or {@link KJUR.crypto.DSA} object for CA private key to sign the certificate</li>
      + 98  * <li>(DEPRECATED)rsaprvkey - specify {@link RSAKey} object CA private key</li>
      + 99  * <li>(DEPRECATED)rsaprvpem - specify PEM string of RSA CA private key</li>
      +100  * </ul>
      +101  * NOTE1: 'params' can be omitted.<br/>
      +102  * NOTE2: DSA/ECDSA is also supported for CA signging key from asn1x509 1.0.6.
      +103  * @example
      +104  * var caKey = KEYUTIL.getKey(caKeyPEM); // CA's private key
      +105  * var cert = new KJUR.asn1x509.Certificate({'tbscertobj': tbs, 'prvkeyobj': caKey});
      +106  * cert.sign(); // issue certificate by CA's private key
      +107  * var certPEM = cert.getPEMString();
      +108  *
      +109  * // Certificate  ::=  SEQUENCE  {
      +110  * //     tbsCertificate       TBSCertificate,
      +111  * //     signatureAlgorithm   AlgorithmIdentifier,
      +112  * //     signature            BIT STRING  }
      +113  */
      +114 KJUR.asn1.x509.Certificate = function(params) {
      +115     KJUR.asn1.x509.Certificate.superclass.constructor.call(this);
      +116     var asn1TBSCert = null;
      +117     var asn1SignatureAlg = null;
      +118     var asn1Sig = null;
      +119     var hexSig = null;
      +120     var prvKey = null;
      +121     var rsaPrvKey = null; // DEPRECATED
      +122 
      +123 
      +124     /**
      +125      * set PKCS#5 encrypted RSA PEM private key as CA key
      +126      * @name setRsaPrvKeyByPEMandPass
      +127      * @memberOf KJUR.asn1.x509.Certificate
      +128      * @function
      +129      * @param {String} rsaPEM string of PKCS#5 encrypted RSA PEM private key
      +130      * @param {String} passPEM passcode string to decrypt private key
      +131      * @since 1.0.1
      +132      * @description
      +133      * <br/>
      +134      * <h4>EXAMPLES</h4>
      +135      * @example
      +136      * var cert = new KJUR.asn1.x509.Certificate({'tbscertobj': tbs});
      +137      * cert.setRsaPrvKeyByPEMandPass("-----BEGIN RSA PRIVATE..(snip)", "password");
      +138      */
      +139     this.setRsaPrvKeyByPEMandPass = function(rsaPEM, passPEM) {
      +140         var caKeyHex = PKCS5PKEY.getDecryptedKeyHex(rsaPEM, passPEM);
      +141         var caKey = new RSAKey();
      +142         caKey.readPrivateKeyFromASN1HexString(caKeyHex);
      +143         this.prvKey = caKey;
      +144     };
      +145 
      +146     /**
      +147      * sign TBSCertificate and set signature value internally
      +148      * @name sign
      +149      * @memberOf KJUR.asn1.x509.Certificate
      +150      * @function
      +151      * @description
      +152      * @example
      +153      * var cert = new KJUR.asn1.x509.Certificate({'tbscertobj': tbs, 'rsaprvkey': prvKey});
      +154      * cert.sign();
      +155      */
      +156     this.sign = function() {
      +157         this.asn1SignatureAlg = this.asn1TBSCert.asn1SignatureAlg;
      +158 
      +159         sig = new KJUR.crypto.Signature({'alg': 'SHA1withRSA'});
      +160         sig.init(this.prvKey);
      +161         sig.updateHex(this.asn1TBSCert.getEncodedHex());
      +162         this.hexSig = sig.sign();
      +163 
      +164         this.asn1Sig = new KJUR.asn1.DERBitString({'hex': '00' + this.hexSig});
      +165 
      +166         var seq = new KJUR.asn1.DERSequence({'array': [this.asn1TBSCert,
      +167                                                        this.asn1SignatureAlg,
      +168                                                        this.asn1Sig]});
      +169         this.hTLV = seq.getEncodedHex();
      +170         this.isModified = false;
      +171     };
      +172 
      +173     /**
      +174      * set signature value internally by hex string
      +175      * @name setSignatureHex
      +176      * @memberOf KJUR.asn1.x509.Certificate
      +177      * @function
      +178      * @since asn1x509 1.0.8
      +179      * @description
      +180      * @example
      +181      * var cert = new KJUR.asn1.x509.Certificate({'tbscertobj': tbs});
      +182      * cert.setSignatureHex('01020304');
      +183      */
      +184     this.setSignatureHex = function(sigHex) {
      +185         this.asn1SignatureAlg = this.asn1TBSCert.asn1SignatureAlg;
      +186         this.hexSig = sigHex;
      +187         this.asn1Sig = new KJUR.asn1.DERBitString({'hex': '00' + this.hexSig});
      +188 
      +189         var seq = new KJUR.asn1.DERSequence({'array': [this.asn1TBSCert,
      +190                                                        this.asn1SignatureAlg,
      +191                                                        this.asn1Sig]});
      +192         this.hTLV = seq.getEncodedHex();
      +193         this.isModified = false;
      +194     };
      +195 
      +196     this.getEncodedHex = function() {
      +197         if (this.isModified == false && this.hTLV != null) return this.hTLV;
      +198         throw "not signed yet";
      +199     };
      +200 
      +201     /**
      +202      * get PEM formatted certificate string after signed
      +203      * @name getPEMString
      +204      * @memberOf KJUR.asn1.x509.Certificate
      +205      * @function
      +206      * @return PEM formatted string of certificate
      +207      * @description
      +208      * @example
      +209      * var cert = new KJUR.asn1.x509.Certificate({'tbscertobj': tbs, 'rsaprvkey': prvKey});
      +210      * cert.sign();
      +211      * var sPEM = cert.getPEMString();
      +212      */
      +213     this.getPEMString = function() {
      +214         var hCert = this.getEncodedHex();
      +215         var wCert = CryptoJS.enc.Hex.parse(hCert);
      +216         var b64Cert = CryptoJS.enc.Base64.stringify(wCert);
      +217         var pemBody = b64Cert.replace(/(.{64})/g, "$1\r\n");
      +218         return "-----BEGIN CERTIFICATE-----\r\n" + pemBody + "\r\n-----END CERTIFICATE-----\r\n";
      +219     };
      +220 
      +221     if (typeof params != "undefined") {
      +222         if (typeof params['tbscertobj'] != "undefined") {
      +223             this.asn1TBSCert = params['tbscertobj'];
      +224         }
      +225         if (typeof params['prvkeyobj'] != "undefined") {
      +226             this.prvKey = params['prvkeyobj'];
      +227         } else if (typeof params['rsaprvkey'] != "undefined") {
      +228             this.prvKey = params['rsaprvkey'];
      +229         } else if ((typeof params['rsaprvpem'] != "undefined") &&
      +230                    (typeof params['rsaprvpas'] != "undefined")) {
      +231             this.setRsaPrvKeyByPEMandPass(params['rsaprvpem'], params['rsaprvpas']);
      +232         }
      +233     }
      +234 };
      +235 YAHOO.lang.extend(KJUR.asn1.x509.Certificate, KJUR.asn1.ASN1Object);
      +236 
      +237 /**
      +238  * ASN.1 TBSCertificate structure class
      +239  * @name KJUR.asn1.x509.TBSCertificate
      +240  * @class ASN.1 TBSCertificate structure class
      +241  * @param {Array} params associative array of parameters (ex. {})
      +242  * @extends KJUR.asn1.ASN1Object
      +243  * @description
      +244  * <br/>
      +245  * <h4>EXAMPLE</h4>
      +246  * @example
      +247  *  var o = new KJUR.asn1.x509.TBSCertificate();
      +248  *  o.setSerialNumberByParam({'int': 4});
      +249  *  o.setSignatureAlgByParam({'name': 'SHA1withRSA'});
      +250  *  o.setIssuerByParam({'str': '/C=US/O=a'});
      +251  *  o.setNotBeforeByParam({'str': '130504235959Z'});
      +252  *  o.setNotAfterByParam({'str': '140504235959Z'});
      +253  *  o.setSubjectByParam({'str': '/C=US/CN=b'});
      +254  *  o.setSubjectPublicKeyByParam({'rsakey': rsaKey});
      +255  *  o.appendExtension(new KJUR.asn1.x509.BasicConstraints({'cA':true}));
      +256  *  o.appendExtension(new KJUR.asn1.x509.KeyUsage({'bin':'11'}));
      +257  */
      +258 KJUR.asn1.x509.TBSCertificate = function(params) {
      +259     KJUR.asn1.x509.TBSCertificate.superclass.constructor.call(this);
      +260 
      +261     this._initialize = function() {
      +262         this.asn1Array = new Array();
      +263 
      +264         this.asn1Version =
      +265             new KJUR.asn1.DERTaggedObject({'obj': new KJUR.asn1.DERInteger({'int': 2})});
      +266         this.asn1SerialNumber = null;
      +267         this.asn1SignatureAlg = null;
      +268         this.asn1Issuer = null;
      +269         this.asn1NotBefore = null;
      +270         this.asn1NotAfter = null;
      +271         this.asn1Subject = null;
      +272         this.asn1SubjPKey = null;
      +273         this.extensionsArray = new Array();
      +274     };
      +275 
      +276     /**
      +277      * set serial number field by parameter
      +278      * @name setSerialNumberByParam
      +279      * @memberOf KJUR.asn1.x509.TBSCertificate
      +280      * @function
      +281      * @param {Array} intParam DERInteger param
      +282      * @description
      +283      * @example
      +284      * tbsc.setSerialNumberByParam({'int': 3});
      +285      */
      +286     this.setSerialNumberByParam = function(intParam) {
      +287         this.asn1SerialNumber = new KJUR.asn1.DERInteger(intParam);
      +288     };
      +289 
      +290     /**
      +291      * set signature algorithm field by parameter
      +292      * @name setSignatureAlgByParam
      +293      * @memberOf KJUR.asn1.x509.TBSCertificate
      +294      * @function
      +295      * @param {Array} algIdParam AlgorithmIdentifier parameter
      +296      * @description
      +297      * @example
      +298      * tbsc.setSignatureAlgByParam({'name': 'SHA1withRSA'});
      +299      */
      +300     this.setSignatureAlgByParam = function(algIdParam) {
      +301         this.asn1SignatureAlg = new KJUR.asn1.x509.AlgorithmIdentifier(algIdParam);
      +302     };
      +303 
      +304     /**
      +305      * set issuer name field by parameter
      +306      * @name setIssuerByParam
      +307      * @memberOf KJUR.asn1.x509.TBSCertificate
      +308      * @function
      +309      * @param {Array} x500NameParam X500Name parameter
      +310      * @description
      +311      * @example
      +312      * tbsc.setIssuerParam({'str': '/C=US/CN=b'});
      +313      * @see KJUR.asn1.x509.X500Name
      +314      */
      +315     this.setIssuerByParam = function(x500NameParam) {
      +316         this.asn1Issuer = new KJUR.asn1.x509.X500Name(x500NameParam);
      +317     };
      +318 
      +319     /**
      +320      * set notBefore field by parameter
      +321      * @name setNotBeforeByParam
      +322      * @memberOf KJUR.asn1.x509.TBSCertificate
      +323      * @function
      +324      * @param {Array} timeParam Time parameter
      +325      * @description
      +326      * @example
      +327      * tbsc.setNotBeforeByParam({'str': '130508235959Z'});
      +328      * @see KJUR.asn1.x509.Time
      +329      */
      +330     this.setNotBeforeByParam = function(timeParam) {
      +331         this.asn1NotBefore = new KJUR.asn1.x509.Time(timeParam);
      +332     };
      +333 
      +334     /**
      +335      * set notAfter field by parameter
      +336      * @name setNotAfterByParam
      +337      * @memberOf KJUR.asn1.x509.TBSCertificate
      +338      * @function
      +339      * @param {Array} timeParam Time parameter
      +340      * @description
      +341      * @example
      +342      * tbsc.setNotAfterByParam({'str': '130508235959Z'});
      +343      * @see KJUR.asn1.x509.Time
      +344      */
      +345     this.setNotAfterByParam = function(timeParam) {
      +346         this.asn1NotAfter = new KJUR.asn1.x509.Time(timeParam);
      +347     };
      +348 
      +349     /**
      +350      * set subject name field by parameter
      +351      * @name setSubjectByParam
      +352      * @memberOf KJUR.asn1.x509.TBSCertificate
      +353      * @function
      +354      * @param {Array} x500NameParam X500Name parameter
      +355      * @description
      +356      * @example
      +357      * tbsc.setSubjectParam({'str': '/C=US/CN=b'});
      +358      * @see KJUR.asn1.x509.X500Name
      +359      */
      +360     this.setSubjectByParam = function(x500NameParam) {
      +361         this.asn1Subject = new KJUR.asn1.x509.X500Name(x500NameParam);
      +362     };
      +363 
      +364     /**
      +365      * (DEPRECATED) set subject public key info field by RSA key parameter
      +366      * @name setSubjectPublicKeyByParam
      +367      * @memberOf KJUR.asn1.x509.TBSCertificate
      +368      * @function
      +369      * @param {Array} subjPKeyParam SubjectPublicKeyInfo parameter of RSA
      +370      * @deprecated
      +371      * @description
      +372      * @example
      +373      * tbsc.setSubjectPublicKeyByParam({'rsakey': pubKey});
      +374      * @see KJUR.asn1.x509.SubjectPublicKeyInfo
      +375      */
      +376     this.setSubjectPublicKeyByParam = function(subjPKeyParam) {
      +377         this.asn1SubjPKey = new KJUR.asn1.x509.SubjectPublicKeyInfo(subjPKeyParam);
      +378     };
      +379 
      +380     /**
      +381      * set subject public key info by RSA/ECDSA/DSA key parameter
      +382      * @name setSubjectPublicKeyByGetKey
      +383      * @memberOf KJUR.asn1.x509.TBSCertificate
      +384      * @function
      +385      * @param {Object} keyParam public key parameter which passed to {@link KEYUTIL.getKey} argument
      +386      * @description
      +387      * @example
      +388      * tbsc.setSubjectPublicKeyByGetKeyParam(certPEMString); // or
      +389      * tbsc.setSubjectPublicKeyByGetKeyParam(pkcs8PublicKeyPEMString); // or
      +390      * tbsc.setSubjectPublicKeyByGetKeyParam(kjurCryptoECDSAKeyObject); // et.al.
      +391      * @see KJUR.asn1.x509.SubjectPublicKeyInfo
      +392      * @see KEYUTIL.getKey
      +393      * @since asn1x509 1.0.6
      +394      */
      +395     this.setSubjectPublicKeyByGetKey = function(keyParam) {
      +396         var keyObj = KEYUTIL.getKey(keyParam);
      +397         this.asn1SubjPKey = new KJUR.asn1.x509.SubjectPublicKeyInfo(keyObj);
      +398     };
      +399 
      +400     /**
      +401      * append X.509v3 extension to this object
      +402      * @name appendExtension
      +403      * @memberOf KJUR.asn1.x509.TBSCertificate
      +404      * @function
      +405      * @param {Extension} extObj X.509v3 Extension object
      +406      * @description
      +407      * @example
      +408      * tbsc.appendExtension(new KJUR.asn1.x509.BasicConstraints({'cA':true, 'critical': true}));
      +409      * tbsc.appendExtension(new KJUR.asn1.x509.KeyUsage({'bin':'11'}));
      +410      * @see KJUR.asn1.x509.Extension
      +411      */
      +412     this.appendExtension = function(extObj) {
      +413         this.extensionsArray.push(extObj);
      +414     };
      +415 
      +416     /**
      +417      * append X.509v3 extension to this object by name and parameters
      +418      * @name appendExtensionByName
      +419      * @memberOf KJUR.asn1.x509.TBSCertificate
      +420      * @function
      +421      * @param {name} name name of X.509v3 Extension object
      +422      * @param {Array} extParams parameters as argument of Extension constructor.
      +423      * @description
      +424      * @example
      +425      * tbsc.appendExtensionByName('BasicConstraints', {'cA':true, 'critical': true});
      +426      * tbsc.appendExtensionByName('KeyUsage', {'bin':'11'});
      +427      * tbsc.appendExtensionByName('CRLDistributionPoints', {uri: 'http://aaa.com/a.crl'});
      +428      * tbsc.appendExtensionByName('ExtKeyUsage', {array: [{name: 'clientAuth'}]});
      +429      * tbsc.appendExtensionByName('AuthorityKeyIdentifier', {kid: '1234ab..'});
      +430      * tbsc.appendExtensionByName('AuthorityInfoAccess', {array: [{accessMethod:{oid:...},accessLocation:{uri:...}}]});
      +431      * @see KJUR.asn1.x509.Extension
      +432      */
      +433     this.appendExtensionByName = function(name, extParams) {
      +434         if (name.toLowerCase() == "basicconstraints") {
      +435             var extObj = new KJUR.asn1.x509.BasicConstraints(extParams);
      +436             this.appendExtension(extObj);
      +437         } else if (name.toLowerCase() == "keyusage") {
      +438             var extObj = new KJUR.asn1.x509.KeyUsage(extParams);
      +439             this.appendExtension(extObj);
      +440         } else if (name.toLowerCase() == "crldistributionpoints") {
      +441             var extObj = new KJUR.asn1.x509.CRLDistributionPoints(extParams);
      +442             this.appendExtension(extObj);
      +443         } else if (name.toLowerCase() == "extkeyusage") {
      +444             var extObj = new KJUR.asn1.x509.ExtKeyUsage(extParams);
      +445             this.appendExtension(extObj);
      +446         } else if (name.toLowerCase() == "authoritykeyidentifier") {
      +447             var extObj = new KJUR.asn1.x509.AuthorityKeyIdentifier(extParams);
      +448             this.appendExtension(extObj);
      +449         } else if (name.toLowerCase() == "authorityinfoaccess") {
      +450             var extObj = new KJUR.asn1.x509.AuthorityInfoAccess(extParams);
      +451             this.appendExtension(extObj);
      +452         } else {
      +453             throw "unsupported extension name: " + name;
      +454         }
      +455     };
      +456 
      +457     this.getEncodedHex = function() {
      +458         if (this.asn1NotBefore == null || this.asn1NotAfter == null)
      +459             throw "notBefore and/or notAfter not set";
      +460         var asn1Validity =
      +461             new KJUR.asn1.DERSequence({'array':[this.asn1NotBefore, this.asn1NotAfter]});
      +462 
      +463         this.asn1Array = new Array();
      +464 
      +465         this.asn1Array.push(this.asn1Version);
      +466         this.asn1Array.push(this.asn1SerialNumber);
      +467         this.asn1Array.push(this.asn1SignatureAlg);
      +468         this.asn1Array.push(this.asn1Issuer);
      +469         this.asn1Array.push(asn1Validity);
      +470         this.asn1Array.push(this.asn1Subject);
      +471         this.asn1Array.push(this.asn1SubjPKey);
      +472 
      +473         if (this.extensionsArray.length > 0) {
      +474             var extSeq = new KJUR.asn1.DERSequence({"array": this.extensionsArray});
      +475             var extTagObj = new KJUR.asn1.DERTaggedObject({'explicit': true,
      +476                                                            'tag': 'a3',
      +477                                                            'obj': extSeq});
      +478             this.asn1Array.push(extTagObj);
      +479         }
      +480 
      +481         var o = new KJUR.asn1.DERSequence({"array": this.asn1Array});
      +482         this.hTLV = o.getEncodedHex();
      +483         this.isModified = false;
      +484         return this.hTLV;
      +485     };
      +486 
      +487     this._initialize();
      +488 };
      +489 YAHOO.lang.extend(KJUR.asn1.x509.TBSCertificate, KJUR.asn1.ASN1Object);
      +490 
      +491 // === END   TBSCertificate ===================================================
      +492 
      +493 // === BEGIN X.509v3 Extensions Related =======================================
      +494 
      +495 /**
      +496  * base Extension ASN.1 structure class
      +497  * @name KJUR.asn1.x509.Extension
      +498  * @class base Extension ASN.1 structure class
      +499  * @param {Array} params associative array of parameters (ex. {'critical': true})
      +500  * @extends KJUR.asn1.ASN1Object
      +501  * @description
      +502  * @example
      +503  * // Extension  ::=  SEQUENCE  {
      +504  * //     extnID      OBJECT IDENTIFIER,
      +505  * //     critical    BOOLEAN DEFAULT FALSE,
      +506  * //     extnValue   OCTET STRING  }
      +507  */
      +508 KJUR.asn1.x509.Extension = function(params) {
      +509     KJUR.asn1.x509.Extension.superclass.constructor.call(this);
      +510     var asn1ExtnValue = null;
       511 
      -512         var asn1Array = new Array();
      -513         asn1Array.push(asn1Oid);
      -514         if (this.critical) asn1Array.push(new KJUR.asn1.DERBoolean());
      -515         asn1Array.push(asn1EncapExtnValue);
      +512     this.getEncodedHex = function() {
      +513         var asn1Oid = new KJUR.asn1.DERObjectIdentifier({'oid': this.oid});
      +514         var asn1EncapExtnValue =
      +515             new KJUR.asn1.DEROctetString({'hex': this.getExtnValueHex()});
       516 
      -517         var asn1Seq = new KJUR.asn1.DERSequence({'array': asn1Array});
      -518         return asn1Seq.getEncodedHex();
      -519     };
      -520 
      -521     this.critical = false;
      -522     if (typeof params != "undefined") {
      -523         if (typeof params['critical'] != "undefined") {
      -524             this.critical = params['critical'];
      -525         }
      -526     }
      -527 };
      -528 YAHOO.lang.extend(KJUR.asn1.x509.Extension, KJUR.asn1.ASN1Object);
      -529 
      -530 /**
      -531  * KeyUsage ASN.1 structure class
      -532  * @name KJUR.asn1.x509.KeyUsage
      -533  * @class KeyUsage ASN.1 structure class
      -534  * @param {Array} params associative array of parameters (ex. {'bin': '11', 'critical': true})
      -535  * @extends KJUR.asn1.x509.Extension
      -536  * @description
      -537  * @example
      -538  */
      -539 KJUR.asn1.x509.KeyUsage = function(params) {
      -540     KJUR.asn1.x509.KeyUsage.superclass.constructor.call(this, params);
      -541 
      -542     this.getExtnValueHex = function() {
      -543         return this.asn1ExtnValue.getEncodedHex();
      -544     };
      -545 
      -546     this.oid = "2.5.29.15";
      -547     if (typeof params != "undefined") {
      -548         if (typeof params['bin'] != "undefined") {
      -549             this.asn1ExtnValue = new KJUR.asn1.DERBitString(params);
      -550         }
      -551     }
      -552 };
      -553 YAHOO.lang.extend(KJUR.asn1.x509.KeyUsage, KJUR.asn1.x509.Extension);
      -554 
      -555 /**
      -556  * BasicConstraints ASN.1 structure class
      -557  * @name KJUR.asn1.x509.BasicConstraints
      -558  * @class BasicConstraints ASN.1 structure class
      -559  * @param {Array} params associative array of parameters (ex. {'cA': true, 'critical': true})
      -560  * @extends KJUR.asn1.x509.Extension
      -561  * @description
      -562  * @example
      -563  */
      -564 KJUR.asn1.x509.BasicConstraints = function(params) {
      -565     KJUR.asn1.x509.BasicConstraints.superclass.constructor.call(this, params);
      -566     var cA = false;
      -567     var pathLen = -1;
      -568 
      -569     this.getExtnValueHex = function() {
      -570         var asn1Array = new Array();
      -571         if (this.cA) asn1Array.push(new KJUR.asn1.DERBoolean());
      -572         if (this.pathLen > -1) 
      -573             asn1Array.push(new KJUR.asn1.DERInteger({'int': this.pathLen}));
      -574         var asn1Seq = new KJUR.asn1.DERSequence({'array': asn1Array});
      -575         this.asn1ExtnValue = asn1Seq;
      -576         return this.asn1ExtnValue.getEncodedHex();
      -577     };
      -578 
      -579     this.oid = "2.5.29.19";
      -580     this.cA = false;
      -581     this.pathLen = -1;
      -582     if (typeof params != "undefined") {
      -583         if (typeof params['cA'] != "undefined") {
      -584             this.cA = params['cA'];
      -585         }
      -586         if (typeof params['pathLen'] != "undefined") {
      -587             this.pathLen = params['pathLen'];
      -588         }
      -589     }
      -590 };
      -591 YAHOO.lang.extend(KJUR.asn1.x509.BasicConstraints, KJUR.asn1.x509.Extension);
      -592 
      -593 /**
      -594  * CRLDistributionPoints ASN.1 structure class
      -595  * @name KJUR.asn1.x509.CRLDistributionPoints
      -596  * @class CRLDistributionPoints ASN.1 structure class
      -597  * @param {Array} params associative array of parameters (ex. {'uri': 'http://a.com/', 'critical': true})
      -598  * @extends KJUR.asn1.x509.Extension
      -599  * @description
      -600  * @example
      -601  */
      -602 KJUR.asn1.x509.CRLDistributionPoints = function(params) {
      -603     KJUR.asn1.x509.CRLDistributionPoints.superclass.constructor.call(this, params);
      -604 
      -605     this.getExtnValueHex = function() {
      -606         return this.asn1ExtnValue.getEncodedHex();
      -607     };
      -608 
      -609     this.setByDPArray = function(dpArray) {
      -610         this.asn1ExtnValue = new KJUR.asn1.DERSequence({'array': dpArray});
      -611     };
      -612 
      -613     this.setByOneURI = function(uri) {
      -614         var gn1 = new KJUR.asn1.x509.GeneralNames([{'uri': uri}]);
      -615         var dpn1 = new KJUR.asn1.x509.DistributionPointName(gn1);
      -616         var dp1 = new KJUR.asn1.x509.DistributionPoint({'dpobj': dpn1});
      -617         this.setByDPArray([dp1]);
      -618     };
      -619 
      -620     this.oid = "2.5.29.31";
      -621     if (typeof params != "undefined") {
      -622         if (typeof params['array'] != "undefined") {
      -623             this.setByDPArray(params['array']);
      -624         } else if (typeof params['uri'] != "undefined") {
      -625             this.setByOneURI(params['uri']);
      -626         }
      -627     }
      -628 };
      -629 YAHOO.lang.extend(KJUR.asn1.x509.CRLDistributionPoints, KJUR.asn1.x509.Extension);
      -630 
      -631 /**
      -632  * KeyUsage ASN.1 structure class
      -633  * @name KJUR.asn1.x509.ExtKeyUsage
      -634  * @class ExtKeyUsage ASN.1 structure class
      -635  * @param {Array} params associative array of parameters
      -636  * @extends KJUR.asn1.x509.Extension
      -637  * @description
      -638  * @example
      -639  * var e1 = 
      -640  *     new KJUR.asn1.x509.ExtKeyUsage({'critical': true,
      -641  *                                     'array':
      -642  *                                     [{'oid': '2.5.29.37.0',  // anyExtendedKeyUsage
      -643  *                                       'name': 'clientAuth'}]});
      -644  *
      -645  * // id-ce-extKeyUsage OBJECT IDENTIFIER ::= { id-ce 37 }
      -646  * // ExtKeyUsageSyntax ::= SEQUENCE SIZE (1..MAX) OF KeyPurposeId
      -647  * // KeyPurposeId ::= OBJECT IDENTIFIER
      -648  */
      -649 KJUR.asn1.x509.ExtKeyUsage = function(params) {
      -650     KJUR.asn1.x509.ExtKeyUsage.superclass.constructor.call(this, params);
      -651 
      -652     this.setPurposeArray = function(purposeArray) {
      -653         this.asn1ExtnValue = new KJUR.asn1.DERSequence();
      -654         for (var i = 0; i < purposeArray.length; i++) {
      -655             var o = new KJUR.asn1.DERObjectIdentifier(purposeArray[i]);
      -656             this.asn1ExtnValue.appendASN1Object(o);
      -657         }
      -658     };
      -659 
      -660     this.getExtnValueHex = function() {
      -661         return this.asn1ExtnValue.getEncodedHex();
      -662     };
      -663 
      -664     this.oid = "2.5.29.37";
      -665     if (typeof params != "undefined") {
      -666         if (typeof params['array'] != "undefined") {
      -667             this.setPurposeArray(params['array']);
      -668         }
      -669     }
      -670 };
      -671 YAHOO.lang.extend(KJUR.asn1.x509.ExtKeyUsage, KJUR.asn1.x509.Extension);
      -672 
      -673 /**
      -674  * AuthorityKeyIdentifier ASN.1 structure class
      -675  * @name KJUR.asn1.x509.AuthorityKeyIdentifier
      -676  * @class AuthorityKeyIdentifier ASN.1 structure class
      -677  * @param {Array} params associative array of parameters (ex. {'uri': 'http://a.com/', 'critical': true})
      -678  * @extends KJUR.asn1.x509.Extension
      -679  * @since asn1x509 1.0.8
      -680  * @description
      -681  * <pre>
      -682  * d-ce-authorityKeyIdentifier OBJECT IDENTIFIER ::=  { id-ce 35 }
      -683  * AuthorityKeyIdentifier ::= SEQUENCE {
      -684  *    keyIdentifier             [0] KeyIdentifier           OPTIONAL,
      -685  *    authorityCertIssuer       [1] GeneralNames            OPTIONAL,
      -686  *    authorityCertSerialNumber [2] CertificateSerialNumber OPTIONAL  }
      -687  * KeyIdentifier ::= OCTET STRING
      -688  * </pre>
      -689  * @example
      -690  * var param = {'kid': {'hex': '89ab'},
      -691  *              'issuer': {'str': '/C=US/CN=a'},
      -692  *              'sn': {'hex': '1234'},
      -693  *              'critical': true});
      -694  * var e1 = new KJUR.asn1.x509.AuthorityKeyIdentifier(param);
      -695  */
      -696 KJUR.asn1.x509.AuthorityKeyIdentifier = function(params) {
      -697     KJUR.asn1.x509.AuthorityKeyIdentifier.superclass.constructor.call(this, params);
      -698     this.asn1KID = null;
      -699     this.asn1CertIssuer = null;
      -700     this.asn1CertSN = null;
      -701 
      -702     this.getExtnValueHex = function() {
      -703         var a = new Array();
      -704         if (this.asn1KID)
      -705             a.push(new KJUR.asn1.DERTaggedObject({'explicit': false,
      -706                                                   'tag': '80',
      -707                                                   'obj': this.asn1KID}));
      -708         if (this.asn1CertIssuer)
      -709             a.push(new KJUR.asn1.DERTaggedObject({'explicit': false,
      -710                                                   'tag': 'a1',
      -711                                                   'obj': this.asn1CertIssuer}));
      -712         if (this.asn1CertSN)
      -713             a.push(new KJUR.asn1.DERTaggedObject({'explicit': false,
      -714                                                   'tag': '82',
      -715                                                   'obj': this.asn1CertSN}));
      -716 
      -717         var asn1Seq = new KJUR.asn1.DERSequence({'array': a});
      -718         this.asn1ExtnValue = asn1Seq;
      -719         return this.asn1ExtnValue.getEncodedHex();
      -720     };
      +517         var asn1Array = new Array();
      +518         asn1Array.push(asn1Oid);
      +519         if (this.critical) asn1Array.push(new KJUR.asn1.DERBoolean());
      +520         asn1Array.push(asn1EncapExtnValue);
      +521 
      +522         var asn1Seq = new KJUR.asn1.DERSequence({'array': asn1Array});
      +523         return asn1Seq.getEncodedHex();
      +524     };
      +525 
      +526     this.critical = false;
      +527     if (typeof params != "undefined") {
      +528         if (typeof params['critical'] != "undefined") {
      +529             this.critical = params['critical'];
      +530         }
      +531     }
      +532 };
      +533 YAHOO.lang.extend(KJUR.asn1.x509.Extension, KJUR.asn1.ASN1Object);
      +534 
      +535 /**
      +536  * KeyUsage ASN.1 structure class
      +537  * @name KJUR.asn1.x509.KeyUsage
      +538  * @class KeyUsage ASN.1 structure class
      +539  * @param {Array} params associative array of parameters (ex. {'bin': '11', 'critical': true})
      +540  * @extends KJUR.asn1.x509.Extension
      +541  * @description
      +542  * @example
      +543  */
      +544 KJUR.asn1.x509.KeyUsage = function(params) {
      +545     KJUR.asn1.x509.KeyUsage.superclass.constructor.call(this, params);
      +546 
      +547     this.getExtnValueHex = function() {
      +548         return this.asn1ExtnValue.getEncodedHex();
      +549     };
      +550 
      +551     this.oid = "2.5.29.15";
      +552     if (typeof params != "undefined") {
      +553         if (typeof params['bin'] != "undefined") {
      +554             this.asn1ExtnValue = new KJUR.asn1.DERBitString(params);
      +555         }
      +556     }
      +557 };
      +558 YAHOO.lang.extend(KJUR.asn1.x509.KeyUsage, KJUR.asn1.x509.Extension);
      +559 
      +560 /**
      +561  * BasicConstraints ASN.1 structure class
      +562  * @name KJUR.asn1.x509.BasicConstraints
      +563  * @class BasicConstraints ASN.1 structure class
      +564  * @param {Array} params associative array of parameters (ex. {'cA': true, 'critical': true})
      +565  * @extends KJUR.asn1.x509.Extension
      +566  * @description
      +567  * @example
      +568  */
      +569 KJUR.asn1.x509.BasicConstraints = function(params) {
      +570     KJUR.asn1.x509.BasicConstraints.superclass.constructor.call(this, params);
      +571     var cA = false;
      +572     var pathLen = -1;
      +573 
      +574     this.getExtnValueHex = function() {
      +575         var asn1Array = new Array();
      +576         if (this.cA) asn1Array.push(new KJUR.asn1.DERBoolean());
      +577         if (this.pathLen > -1)
      +578             asn1Array.push(new KJUR.asn1.DERInteger({'int': this.pathLen}));
      +579         var asn1Seq = new KJUR.asn1.DERSequence({'array': asn1Array});
      +580         this.asn1ExtnValue = asn1Seq;
      +581         return this.asn1ExtnValue.getEncodedHex();
      +582     };
      +583 
      +584     this.oid = "2.5.29.19";
      +585     this.cA = false;
      +586     this.pathLen = -1;
      +587     if (typeof params != "undefined") {
      +588         if (typeof params['cA'] != "undefined") {
      +589             this.cA = params['cA'];
      +590         }
      +591         if (typeof params['pathLen'] != "undefined") {
      +592             this.pathLen = params['pathLen'];
      +593         }
      +594     }
      +595 };
      +596 YAHOO.lang.extend(KJUR.asn1.x509.BasicConstraints, KJUR.asn1.x509.Extension);
      +597 
      +598 /**
      +599  * CRLDistributionPoints ASN.1 structure class
      +600  * @name KJUR.asn1.x509.CRLDistributionPoints
      +601  * @class CRLDistributionPoints ASN.1 structure class
      +602  * @param {Array} params associative array of parameters (ex. {'uri': 'http://a.com/', 'critical': true})
      +603  * @extends KJUR.asn1.x509.Extension
      +604  * @description
      +605  * @example
      +606  */
      +607 KJUR.asn1.x509.CRLDistributionPoints = function(params) {
      +608     KJUR.asn1.x509.CRLDistributionPoints.superclass.constructor.call(this, params);
      +609 
      +610     this.getExtnValueHex = function() {
      +611         return this.asn1ExtnValue.getEncodedHex();
      +612     };
      +613 
      +614     this.setByDPArray = function(dpArray) {
      +615         this.asn1ExtnValue = new KJUR.asn1.DERSequence({'array': dpArray});
      +616     };
      +617 
      +618     this.setByOneURI = function(uri) {
      +619         var gn1 = new KJUR.asn1.x509.GeneralNames([{'uri': uri}]);
      +620         var dpn1 = new KJUR.asn1.x509.DistributionPointName(gn1);
      +621         var dp1 = new KJUR.asn1.x509.DistributionPoint({'dpobj': dpn1});
      +622         this.setByDPArray([dp1]);
      +623     };
      +624 
      +625     this.oid = "2.5.29.31";
      +626     if (typeof params != "undefined") {
      +627         if (typeof params['array'] != "undefined") {
      +628             this.setByDPArray(params['array']);
      +629         } else if (typeof params['uri'] != "undefined") {
      +630             this.setByOneURI(params['uri']);
      +631         }
      +632     }
      +633 };
      +634 YAHOO.lang.extend(KJUR.asn1.x509.CRLDistributionPoints, KJUR.asn1.x509.Extension);
      +635 
      +636 /**
      +637  * KeyUsage ASN.1 structure class
      +638  * @name KJUR.asn1.x509.ExtKeyUsage
      +639  * @class ExtKeyUsage ASN.1 structure class
      +640  * @param {Array} params associative array of parameters
      +641  * @extends KJUR.asn1.x509.Extension
      +642  * @description
      +643  * @example
      +644  * var e1 =
      +645  *     new KJUR.asn1.x509.ExtKeyUsage({'critical': true,
      +646  *                                     'array':
      +647  *                                     [{'oid': '2.5.29.37.0',  // anyExtendedKeyUsage
      +648  *                                       'name': 'clientAuth'}]});
      +649  *
      +650  * // id-ce-extKeyUsage OBJECT IDENTIFIER ::= { id-ce 37 }
      +651  * // ExtKeyUsageSyntax ::= SEQUENCE SIZE (1..MAX) OF KeyPurposeId
      +652  * // KeyPurposeId ::= OBJECT IDENTIFIER
      +653  */
      +654 KJUR.asn1.x509.ExtKeyUsage = function(params) {
      +655     KJUR.asn1.x509.ExtKeyUsage.superclass.constructor.call(this, params);
      +656 
      +657     this.setPurposeArray = function(purposeArray) {
      +658         this.asn1ExtnValue = new KJUR.asn1.DERSequence();
      +659         for (var i = 0; i < purposeArray.length; i++) {
      +660             var o = new KJUR.asn1.DERObjectIdentifier(purposeArray[i]);
      +661             this.asn1ExtnValue.appendASN1Object(o);
      +662         }
      +663     };
      +664 
      +665     this.getExtnValueHex = function() {
      +666         return this.asn1ExtnValue.getEncodedHex();
      +667     };
      +668 
      +669     this.oid = "2.5.29.37";
      +670     if (typeof params != "undefined") {
      +671         if (typeof params['array'] != "undefined") {
      +672             this.setPurposeArray(params['array']);
      +673         }
      +674     }
      +675 };
      +676 YAHOO.lang.extend(KJUR.asn1.x509.ExtKeyUsage, KJUR.asn1.x509.Extension);
      +677 
      +678 /**
      +679  * AuthorityKeyIdentifier ASN.1 structure class
      +680  * @name KJUR.asn1.x509.AuthorityKeyIdentifier
      +681  * @class AuthorityKeyIdentifier ASN.1 structure class
      +682  * @param {Array} params associative array of parameters (ex. {'uri': 'http://a.com/', 'critical': true})
      +683  * @extends KJUR.asn1.x509.Extension
      +684  * @since asn1x509 1.0.8
      +685  * @description
      +686  * <pre>
      +687  * d-ce-authorityKeyIdentifier OBJECT IDENTIFIER ::=  { id-ce 35 }
      +688  * AuthorityKeyIdentifier ::= SEQUENCE {
      +689  *    keyIdentifier             [0] KeyIdentifier           OPTIONAL,
      +690  *    authorityCertIssuer       [1] GeneralNames            OPTIONAL,
      +691  *    authorityCertSerialNumber [2] CertificateSerialNumber OPTIONAL  }
      +692  * KeyIdentifier ::= OCTET STRING
      +693  * </pre>
      +694  * @example
      +695  * var param = {'kid': {'hex': '89ab'},
      +696  *              'issuer': {'str': '/C=US/CN=a'},
      +697  *              'sn': {'hex': '1234'},
      +698  *              'critical': true});
      +699  * var e1 = new KJUR.asn1.x509.AuthorityKeyIdentifier(param);
      +700  */
      +701 KJUR.asn1.x509.AuthorityKeyIdentifier = function(params) {
      +702     KJUR.asn1.x509.AuthorityKeyIdentifier.superclass.constructor.call(this, params);
      +703     this.asn1KID = null;
      +704     this.asn1CertIssuer = null;
      +705     this.asn1CertSN = null;
      +706 
      +707     this.getExtnValueHex = function() {
      +708         var a = new Array();
      +709         if (this.asn1KID)
      +710             a.push(new KJUR.asn1.DERTaggedObject({'explicit': false,
      +711                                                   'tag': '80',
      +712                                                   'obj': this.asn1KID}));
      +713         if (this.asn1CertIssuer)
      +714             a.push(new KJUR.asn1.DERTaggedObject({'explicit': false,
      +715                                                   'tag': 'a1',
      +716                                                   'obj': this.asn1CertIssuer}));
      +717         if (this.asn1CertSN)
      +718             a.push(new KJUR.asn1.DERTaggedObject({'explicit': false,
      +719                                                   'tag': '82',
      +720                                                   'obj': this.asn1CertSN}));
       721 
      -722     /**
      -723      * set keyIdentifier value by DERInteger parameter
      -724      * @name setKIDByParam
      -725      * @memberOf KJUR.asn1.x509.AuthorityKeyIdentifier
      -726      * @function
      -727      * @param {Array} param array of {@link KJUR.asn1.DERInteger} parameter
      -728      * @since asn1x509 1.0.8
      -729      * @description
      -730      * NOTE: Automatic keyIdentifier value calculation by an issuer 
      -731      * public key will be supported in future version.
      -732      */
      -733     this.setKIDByParam = function(param) {
      -734         this.asn1KID = new KJUR.asn1.DEROctetString(param);
      -735     };
      -736 
      -737     /**
      -738      * set authorityCertIssuer value by X500Name parameter
      -739      * @name setCertIssuerByParam
      -740      * @memberOf KJUR.asn1.x509.AuthorityKeyIdentifier
      -741      * @function
      -742      * @param {Array} param array of {@link KJUR.asn1.x509.X500Name} parameter
      -743      * @since asn1x509 1.0.8
      -744      * @description
      -745      * NOTE: Automatic authorityCertIssuer name setting by an issuer 
      -746      * certificate will be supported in future version.
      -747      */
      -748     this.setCertIssuerByParam = function(param) {
      -749         this.asn1CertIssuer = new KJUR.asn1.x509.X500Name(param);
      -750     };
      -751 
      -752     /**
      -753      * set authorityCertSerialNumber value by DERInteger parameter
      -754      * @name setCertSerialNumberByParam
      -755      * @memberOf KJUR.asn1.x509.AuthorityKeyIdentifier
      -756      * @function
      -757      * @param {Array} param array of {@link KJUR.asn1.DERInteger} parameter
      -758      * @since asn1x509 1.0.8
      -759      * @description
      -760      * NOTE: Automatic authorityCertSerialNumber setting by an issuer 
      -761      * certificate will be supported in future version.
      -762      */
      -763     this.setCertSNByParam = function(param) {
      -764         this.asn1CertSN = new KJUR.asn1.DERInteger(param);
      -765     };
      -766 
      -767     this.oid = "2.5.29.35";
      -768     if (typeof params != "undefined") {
      -769         if (typeof params['kid'] != "undefined") {
      -770             this.setKIDByParam(params['kid']);
      -771         }
      -772         if (typeof params['issuer'] != "undefined") {
      -773             this.setCertIssuerByParam(params['issuer']);
      -774         }
      -775         if (typeof params['sn'] != "undefined") {
      -776             this.setCertSNByParam(params['sn']);
      -777         }
      -778     }
      -779 };
      -780 YAHOO.lang.extend(KJUR.asn1.x509.AuthorityKeyIdentifier, KJUR.asn1.x509.Extension);
      -781 
      -782 // === END   X.509v3 Extensions Related =======================================
      -783 
      -784 // === BEGIN CRL Related ===================================================
      -785 /**
      -786  * X.509 CRL class to sign and generate hex encoded CRL
      -787  * @name KJUR.asn1.x509.CRL
      -788  * @class X.509 CRL class to sign and generate hex encoded certificate
      -789  * @param {Array} params associative array of parameters (ex. {'tbsobj': obj, 'rsaprvkey': key})
      -790  * @extends KJUR.asn1.ASN1Object
      -791  * @since 1.0.3
      -792  * @description
      -793  * <br/>
      -794  * As for argument 'params' for constructor, you can specify one of
      -795  * following properties:
      -796  * <ul>
      -797  * <li>tbsobj - specify {@link KJUR.asn1.x509.TBSCertList} object to be signed</li>
      -798  * <li>rsaprvkey - specify {@link RSAKey} object CA private key</li>
      -799  * </ul>
      -800  * NOTE: 'params' can be omitted.
      -801  * <h4>EXAMPLE</h4>
      -802  * @example
      -803  * var prvKey = new RSAKey(); // CA's private key
      -804  * prvKey.readPrivateKeyFromASN1HexString("3080...");
      -805  * var crl = new KJUR.asn1x509.CRL({'tbsobj': tbs, 'rsaprvkey': prvKey});
      -806  * crl.sign(); // issue CRL by CA's private key
      -807  * var hCRL = crl.getEncodedHex();
      -808  *
      -809  * // CertificateList  ::=  SEQUENCE  {
      -810  * //     tbsCertList          TBSCertList,
      -811  * //     signatureAlgorithm   AlgorithmIdentifier,
      -812  * //     signatureValue       BIT STRING  }
      +722         var asn1Seq = new KJUR.asn1.DERSequence({'array': a});
      +723         this.asn1ExtnValue = asn1Seq;
      +724         return this.asn1ExtnValue.getEncodedHex();
      +725     };
      +726 
      +727     /**
      +728      * set keyIdentifier value by DERInteger parameter
      +729      * @name setKIDByParam
      +730      * @memberOf KJUR.asn1.x509.AuthorityKeyIdentifier
      +731      * @function
      +732      * @param {Array} param array of {@link KJUR.asn1.DERInteger} parameter
      +733      * @since asn1x509 1.0.8
      +734      * @description
      +735      * NOTE: Automatic keyIdentifier value calculation by an issuer
      +736      * public key will be supported in future version.
      +737      */
      +738     this.setKIDByParam = function(param) {
      +739         this.asn1KID = new KJUR.asn1.DEROctetString(param);
      +740     };
      +741 
      +742     /**
      +743      * set authorityCertIssuer value by X500Name parameter
      +744      * @name setCertIssuerByParam
      +745      * @memberOf KJUR.asn1.x509.AuthorityKeyIdentifier
      +746      * @function
      +747      * @param {Array} param array of {@link KJUR.asn1.x509.X500Name} parameter
      +748      * @since asn1x509 1.0.8
      +749      * @description
      +750      * NOTE: Automatic authorityCertIssuer name setting by an issuer
      +751      * certificate will be supported in future version.
      +752      */
      +753     this.setCertIssuerByParam = function(param) {
      +754         this.asn1CertIssuer = new KJUR.asn1.x509.X500Name(param);
      +755     };
      +756 
      +757     /**
      +758      * set authorityCertSerialNumber value by DERInteger parameter
      +759      * @name setCertSerialNumberByParam
      +760      * @memberOf KJUR.asn1.x509.AuthorityKeyIdentifier
      +761      * @function
      +762      * @param {Array} param array of {@link KJUR.asn1.DERInteger} parameter
      +763      * @since asn1x509 1.0.8
      +764      * @description
      +765      * NOTE: Automatic authorityCertSerialNumber setting by an issuer
      +766      * certificate will be supported in future version.
      +767      */
      +768     this.setCertSNByParam = function(param) {
      +769         this.asn1CertSN = new KJUR.asn1.DERInteger(param);
      +770     };
      +771 
      +772     this.oid = "2.5.29.35";
      +773     if (typeof params != "undefined") {
      +774         if (typeof params['kid'] != "undefined") {
      +775             this.setKIDByParam(params['kid']);
      +776         }
      +777         if (typeof params['issuer'] != "undefined") {
      +778             this.setCertIssuerByParam(params['issuer']);
      +779         }
      +780         if (typeof params['sn'] != "undefined") {
      +781             this.setCertSNByParam(params['sn']);
      +782         }
      +783     }
      +784 };
      +785 YAHOO.lang.extend(KJUR.asn1.x509.AuthorityKeyIdentifier, KJUR.asn1.x509.Extension);
      +786 
      +787 /**
      +788  * AuthorityInfoAccess ASN.1 structure class
      +789  * @name KJUR.asn1.x509.AuthorityInfoAccess
      +790  * @class AuthorityInfoAccess ASN.1 structure class
      +791  * @param {Array} params associative array of parameters
      +792  * @extends KJUR.asn1.x509.Extension
      +793  * @since asn1x509 1.0.8
      +794  * @description
      +795  * <pre>
      +796  * id-pe OBJECT IDENTIFIER  ::=  { id-pkix 1 }
      +797  * id-pe-authorityInfoAccess OBJECT IDENTIFIER ::= { id-pe 1 }
      +798  * AuthorityInfoAccessSyntax  ::=
      +799  *         SEQUENCE SIZE (1..MAX) OF AccessDescription
      +800  * AccessDescription  ::=  SEQUENCE {
      +801  *         accessMethod          OBJECT IDENTIFIER,
      +802  *         accessLocation        GeneralName  }
      +803  * id-ad OBJECT IDENTIFIER ::= { id-pkix 48 }
      +804  * id-ad-caIssuers OBJECT IDENTIFIER ::= { id-ad 2 }
      +805  * id-ad-ocsp OBJECT IDENTIFIER ::= { id-ad 1 }
      +806  * </pre>
      +807  * @example
      +808  * var param = {'array':[
      +809  *               { 'accessMethod':{'oid': '1.3.6.1.5.5.7.48.1'},
      +810  *                 'accessLocation':{'uri': 'http://ocsp.cacert.org'}
      +811  *               } ]};
      +812  * var e1 = new KJUR.asn1.x509.AuthorityInfoAccess(param);
       813  */
      -814 KJUR.asn1.x509.CRL = function(params) {
      -815     KJUR.asn1.x509.CRL.superclass.constructor.call(this);
      +814 KJUR.asn1.x509.AuthorityInfoAccess = function(params) {
      +815     KJUR.asn1.x509.AuthorityInfoAccess.superclass.constructor.call(this, params);
       816 
      -817     var asn1TBSCertList = null;
      -818     var asn1SignatureAlg = null;
      -819     var asn1Sig = null;
      -820     var hexSig = null;
      -821     var rsaPrvKey = null;
      -822     
      -823     /**
      -824      * set PKCS#5 encrypted RSA PEM private key as CA key
      -825      * @name setRsaPrvKeyByPEMandPass
      -826      * @memberOf KJUR.asn1.x509.CRL
      -827      * @function
      -828      * @param {String} rsaPEM string of PKCS#5 encrypted RSA PEM private key
      -829      * @param {String} passPEM passcode string to decrypt private key
      -830      * @description
      -831      * <br/>
      -832      * <h4>EXAMPLES</h4>
      -833      * @example
      -834      */
      -835     this.setRsaPrvKeyByPEMandPass = function(rsaPEM, passPEM) {
      -836         var caKeyHex = PKCS5PKEY.getDecryptedKeyHex(rsaPEM, passPEM);
      -837         var caKey = new RSAKey();
      -838         caKey.readPrivateKeyFromASN1HexString(caKeyHex);  
      -839         this.rsaPrvKey = caKey;
      -840     };
      -841 
      -842     /**
      -843      * sign TBSCertList and set signature value internally
      -844      * @name sign
      -845      * @memberOf KJUR.asn1.x509.CRL
      -846      * @function
      -847      * @description
      -848      * @example
      -849      * var cert = new KJUR.asn1.x509.CRL({'tbsobj': tbs, 'rsaprvkey': prvKey});
      -850      * cert.sign();
      -851      */
      -852     this.sign = function() {
      -853         this.asn1SignatureAlg = this.asn1TBSCertList.asn1SignatureAlg;
      -854 
      -855         sig = new KJUR.crypto.Signature({'alg': 'SHA1withRSA', 'prov': 'cryptojs/jsrsa'});
      -856         sig.initSign(this.rsaPrvKey);
      -857         sig.updateHex(this.asn1TBSCertList.getEncodedHex());
      -858         this.hexSig = sig.sign();
      -859 
      -860         this.asn1Sig = new KJUR.asn1.DERBitString({'hex': '00' + this.hexSig});
      -861         
      -862         var seq = new KJUR.asn1.DERSequence({'array': [this.asn1TBSCertList,
      -863                                                        this.asn1SignatureAlg,
      -864                                                        this.asn1Sig]});
      -865         this.hTLV = seq.getEncodedHex();
      -866         this.isModified = false;
      -867     };
      -868 
      -869     this.getEncodedHex = function() {
      -870         if (this.isModified == false && this.hTLV != null) return this.hTLV;
      -871         throw "not signed yet";
      -872     };
      -873 
      -874     /**
      -875      * get PEM formatted CRL string after signed
      -876      * @name getPEMString
      -877      * @memberOf KJUR.asn1.x509.CRL
      -878      * @function
      -879      * @return PEM formatted string of certificate
      -880      * @description
      -881      * @example
      -882      * var cert = new KJUR.asn1.x509.CRL({'tbsobj': tbs, 'rsaprvkey': prvKey});
      -883      * cert.sign();
      -884      * var sPEM =  cert.getPEMString();
      -885      */
      -886     this.getPEMString = function() {
      -887         var hCert = this.getEncodedHex();
      -888         var wCert = CryptoJS.enc.Hex.parse(hCert);
      -889         var b64Cert = CryptoJS.enc.Base64.stringify(wCert);
      -890         var pemBody = b64Cert.replace(/(.{64})/g, "$1\r\n");
      -891         return "-----BEGIN X509 CRL-----\r\n" + pemBody + "\r\n-----END X509 CRL-----\r\n";
      -892     };
      -893 
      -894     if (typeof params != "undefined") {
      -895         if (typeof params['tbsobj'] != "undefined") {
      -896             this.asn1TBSCertList = params['tbsobj'];
      -897         }
      -898         if (typeof params['rsaprvkey'] != "undefined") {
      -899             this.rsaPrvKey = params['rsaprvkey'];
      -900         }
      -901         if ((typeof params['rsaprvpem'] != "undefined") &&
      -902             (typeof params['rsaprvpas'] != "undefined")) {
      -903             this.setRsaPrvKeyByPEMandPass(params['rsaprvpem'], params['rsaprvpas']);
      -904         }
      -905     }
      -906 };
      -907 YAHOO.lang.extend(KJUR.asn1.x509.CRL, KJUR.asn1.ASN1Object);
      -908 
      -909 /**
      -910  * ASN.1 TBSCertList structure class for CRL
      -911  * @name KJUR.asn1.x509.TBSCertList
      -912  * @class ASN.1 TBSCertList structure class for CRL
      -913  * @param {Array} params associative array of parameters (ex. {})
      -914  * @extends KJUR.asn1.ASN1Object
      -915  * @since 1.0.3
      -916  * @description
      -917  * <br/>
      -918  * <h4>EXAMPLE</h4>
      -919  * @example
      -920  *  var o = new KJUR.asn1.x509.TBSCertList();
      -921  *  o.setSignatureAlgByParam({'name': 'SHA1withRSA'});
      -922  *  o.setIssuerByParam({'str': '/C=US/O=a'});
      -923  *  o.setNotThisUpdateByParam({'str': '130504235959Z'});
      -924  *  o.setNotNextUpdateByParam({'str': '140504235959Z'});
      -925  *  o.addRevokedCert({'int': 4}, {'str':'130514235959Z'}));
      -926  *  o.addRevokedCert({'hex': '0f34dd'}, {'str':'130514235959Z'}));
      -927  * 
      -928  * // TBSCertList  ::=  SEQUENCE  {
      -929  * //        version                 Version OPTIONAL,
      -930  * //                                     -- if present, MUST be v2
      -931  * //        signature               AlgorithmIdentifier,
      -932  * //        issuer                  Name,
      -933  * //        thisUpdate              Time,
      -934  * //        nextUpdate              Time OPTIONAL,
      -935  * //        revokedCertificates     SEQUENCE OF SEQUENCE  {
      -936  * //             userCertificate         CertificateSerialNumber,
      -937  * //             revocationDate          Time,
      -938  * //             crlEntryExtensions      Extensions OPTIONAL
      -939  * //                                      -- if present, version MUST be v2
      -940  * //                                  }  OPTIONAL,
      -941  * //        crlExtensions           [0]  EXPLICIT Extensions OPTIONAL
      -942  */
      -943 KJUR.asn1.x509.TBSCertList = function(params) {
      -944     KJUR.asn1.x509.TBSCertList.superclass.constructor.call(this);
      -945     var aRevokedCert = null;
      -946 
      -947     /**
      -948      * set signature algorithm field by parameter
      -949      * @name setSignatureAlgByParam
      -950      * @memberOf KJUR.asn1.x509.TBSCertList
      -951      * @function
      -952      * @param {Array} algIdParam AlgorithmIdentifier parameter
      -953      * @description
      -954      * @example
      -955      * tbsc.setSignatureAlgByParam({'name': 'SHA1withRSA'});
      -956      */
      -957     this.setSignatureAlgByParam = function(algIdParam) {
      -958         this.asn1SignatureAlg = new KJUR.asn1.x509.AlgorithmIdentifier(algIdParam);
      -959     };
      -960 
      -961     /**
      -962      * set issuer name field by parameter
      -963      * @name setIssuerByParam
      -964      * @memberOf KJUR.asn1.x509.TBSCertList
      -965      * @function
      -966      * @param {Array} x500NameParam X500Name parameter
      -967      * @description
      -968      * @example
      -969      * tbsc.setIssuerParam({'str': '/C=US/CN=b'});
      -970      * @see KJUR.asn1.x509.X500Name
      -971      */
      -972     this.setIssuerByParam = function(x500NameParam) {
      -973         this.asn1Issuer = new KJUR.asn1.x509.X500Name(x500NameParam);
      -974     };
      -975 
      -976     /**
      -977      * set thisUpdate field by parameter
      -978      * @name setThisUpdateByParam
      -979      * @memberOf KJUR.asn1.x509.TBSCertList
      -980      * @function
      -981      * @param {Array} timeParam Time parameter
      -982      * @description
      -983      * @example
      -984      * tbsc.setThisUpdateByParam({'str': '130508235959Z'});
      -985      * @see KJUR.asn1.x509.Time
      -986      */
      -987     this.setThisUpdateByParam = function(timeParam) {
      -988         this.asn1ThisUpdate = new KJUR.asn1.x509.Time(timeParam);
      -989     };
      -990 
      -991     /**
      -992      * set nextUpdate field by parameter
      -993      * @name setNextUpdateByParam
      -994      * @memberOf KJUR.asn1.x509.TBSCertList
      -995      * @function
      -996      * @param {Array} timeParam Time parameter
      -997      * @description
      -998      * @example
      -999      * tbsc.setNextUpdateByParam({'str': '130508235959Z'});
      -1000      * @see KJUR.asn1.x509.Time
      -1001      */
      -1002     this.setNextUpdateByParam = function(timeParam) {
      -1003         this.asn1NextUpdate = new KJUR.asn1.x509.Time(timeParam);
      -1004     };
      +817     this.setAccessDescriptionArray = function(accessDescriptionArray) {
      +818         var array = new Array();
      +819         for (var i = 0; i < accessDescriptionArray.length; i++) {
      +820             var o = new KJUR.asn1.DERObjectIdentifier(accessDescriptionArray[i].accessMethod);
      +821             var gn = new KJUR.asn1.x509.GeneralName(accessDescriptionArray[i].accessLocation);
      +822             var accessDescription = new KJUR.asn1.DERSequence({'array':[o, gn]});
      +823             array.push(accessDescription);
      +824         }
      +825         this.asn1ExtnValue = new KJUR.asn1.DERSequence({'array':array});
      +826     };
      +827 
      +828     this.getExtnValueHex = function() {
      +829         return this.asn1ExtnValue.getEncodedHex();
      +830     };
      +831 
      +832     this.oid = "1.3.6.1.5.5.7.1.1";
      +833     if (typeof params != "undefined") {
      +834         if (typeof params['array'] != "undefined") {
      +835             this.setAccessDescriptionArray(params['array']);
      +836         }
      +837     }
      +838 };
      +839 YAHOO.lang.extend(KJUR.asn1.x509.AuthorityInfoAccess, KJUR.asn1.x509.Extension);
      +840 
      +841 // === END   X.509v3 Extensions Related =======================================
      +842 
      +843 // === BEGIN CRL Related ===================================================
      +844 /**
      +845  * X.509 CRL class to sign and generate hex encoded CRL
      +846  * @name KJUR.asn1.x509.CRL
      +847  * @class X.509 CRL class to sign and generate hex encoded certificate
      +848  * @param {Array} params associative array of parameters (ex. {'tbsobj': obj, 'rsaprvkey': key})
      +849  * @extends KJUR.asn1.ASN1Object
      +850  * @since 1.0.3
      +851  * @description
      +852  * <br/>
      +853  * As for argument 'params' for constructor, you can specify one of
      +854  * following properties:
      +855  * <ul>
      +856  * <li>tbsobj - specify {@link KJUR.asn1.x509.TBSCertList} object to be signed</li>
      +857  * <li>rsaprvkey - specify {@link RSAKey} object CA private key</li>
      +858  * </ul>
      +859  * NOTE: 'params' can be omitted.
      +860  * <h4>EXAMPLE</h4>
      +861  * @example
      +862  * var prvKey = new RSAKey(); // CA's private key
      +863  * prvKey.readPrivateKeyFromASN1HexString("3080...");
      +864  * var crl = new KJUR.asn1x509.CRL({'tbsobj': tbs, 'rsaprvkey': prvKey});
      +865  * crl.sign(); // issue CRL by CA's private key
      +866  * var hCRL = crl.getEncodedHex();
      +867  *
      +868  * // CertificateList  ::=  SEQUENCE  {
      +869  * //     tbsCertList          TBSCertList,
      +870  * //     signatureAlgorithm   AlgorithmIdentifier,
      +871  * //     signatureValue       BIT STRING  }
      +872  */
      +873 KJUR.asn1.x509.CRL = function(params) {
      +874     KJUR.asn1.x509.CRL.superclass.constructor.call(this);
      +875 
      +876     var asn1TBSCertList = null;
      +877     var asn1SignatureAlg = null;
      +878     var asn1Sig = null;
      +879     var hexSig = null;
      +880     var rsaPrvKey = null;
      +881 
      +882     /**
      +883      * set PKCS#5 encrypted RSA PEM private key as CA key
      +884      * @name setRsaPrvKeyByPEMandPass
      +885      * @memberOf KJUR.asn1.x509.CRL
      +886      * @function
      +887      * @param {String} rsaPEM string of PKCS#5 encrypted RSA PEM private key
      +888      * @param {String} passPEM passcode string to decrypt private key
      +889      * @description
      +890      * <br/>
      +891      * <h4>EXAMPLES</h4>
      +892      * @example
      +893      */
      +894     this.setRsaPrvKeyByPEMandPass = function(rsaPEM, passPEM) {
      +895         var caKeyHex = PKCS5PKEY.getDecryptedKeyHex(rsaPEM, passPEM);
      +896         var caKey = new RSAKey();
      +897         caKey.readPrivateKeyFromASN1HexString(caKeyHex);
      +898         this.rsaPrvKey = caKey;
      +899     };
      +900 
      +901     /**
      +902      * sign TBSCertList and set signature value internally
      +903      * @name sign
      +904      * @memberOf KJUR.asn1.x509.CRL
      +905      * @function
      +906      * @description
      +907      * @example
      +908      * var cert = new KJUR.asn1.x509.CRL({'tbsobj': tbs, 'rsaprvkey': prvKey});
      +909      * cert.sign();
      +910      */
      +911     this.sign = function() {
      +912         this.asn1SignatureAlg = this.asn1TBSCertList.asn1SignatureAlg;
      +913 
      +914         sig = new KJUR.crypto.Signature({'alg': 'SHA1withRSA', 'prov': 'cryptojs/jsrsa'});
      +915         sig.initSign(this.rsaPrvKey);
      +916         sig.updateHex(this.asn1TBSCertList.getEncodedHex());
      +917         this.hexSig = sig.sign();
      +918 
      +919         this.asn1Sig = new KJUR.asn1.DERBitString({'hex': '00' + this.hexSig});
      +920 
      +921         var seq = new KJUR.asn1.DERSequence({'array': [this.asn1TBSCertList,
      +922                                                        this.asn1SignatureAlg,
      +923                                                        this.asn1Sig]});
      +924         this.hTLV = seq.getEncodedHex();
      +925         this.isModified = false;
      +926     };
      +927 
      +928     this.getEncodedHex = function() {
      +929         if (this.isModified == false && this.hTLV != null) return this.hTLV;
      +930         throw "not signed yet";
      +931     };
      +932 
      +933     /**
      +934      * get PEM formatted CRL string after signed
      +935      * @name getPEMString
      +936      * @memberOf KJUR.asn1.x509.CRL
      +937      * @function
      +938      * @return PEM formatted string of certificate
      +939      * @description
      +940      * @example
      +941      * var cert = new KJUR.asn1.x509.CRL({'tbsobj': tbs, 'rsaprvkey': prvKey});
      +942      * cert.sign();
      +943      * var sPEM =  cert.getPEMString();
      +944      */
      +945     this.getPEMString = function() {
      +946         var hCert = this.getEncodedHex();
      +947         var wCert = CryptoJS.enc.Hex.parse(hCert);
      +948         var b64Cert = CryptoJS.enc.Base64.stringify(wCert);
      +949         var pemBody = b64Cert.replace(/(.{64})/g, "$1\r\n");
      +950         return "-----BEGIN X509 CRL-----\r\n" + pemBody + "\r\n-----END X509 CRL-----\r\n";
      +951     };
      +952 
      +953     if (typeof params != "undefined") {
      +954         if (typeof params['tbsobj'] != "undefined") {
      +955             this.asn1TBSCertList = params['tbsobj'];
      +956         }
      +957         if (typeof params['rsaprvkey'] != "undefined") {
      +958             this.rsaPrvKey = params['rsaprvkey'];
      +959         }
      +960         if ((typeof params['rsaprvpem'] != "undefined") &&
      +961             (typeof params['rsaprvpas'] != "undefined")) {
      +962             this.setRsaPrvKeyByPEMandPass(params['rsaprvpem'], params['rsaprvpas']);
      +963         }
      +964     }
      +965 };
      +966 YAHOO.lang.extend(KJUR.asn1.x509.CRL, KJUR.asn1.ASN1Object);
      +967 
      +968 /**
      +969  * ASN.1 TBSCertList structure class for CRL
      +970  * @name KJUR.asn1.x509.TBSCertList
      +971  * @class ASN.1 TBSCertList structure class for CRL
      +972  * @param {Array} params associative array of parameters (ex. {})
      +973  * @extends KJUR.asn1.ASN1Object
      +974  * @since 1.0.3
      +975  * @description
      +976  * <br/>
      +977  * <h4>EXAMPLE</h4>
      +978  * @example
      +979  *  var o = new KJUR.asn1.x509.TBSCertList();
      +980  *  o.setSignatureAlgByParam({'name': 'SHA1withRSA'});
      +981  *  o.setIssuerByParam({'str': '/C=US/O=a'});
      +982  *  o.setNotThisUpdateByParam({'str': '130504235959Z'});
      +983  *  o.setNotNextUpdateByParam({'str': '140504235959Z'});
      +984  *  o.addRevokedCert({'int': 4}, {'str':'130514235959Z'}));
      +985  *  o.addRevokedCert({'hex': '0f34dd'}, {'str':'130514235959Z'}));
      +986  *
      +987  * // TBSCertList  ::=  SEQUENCE  {
      +988  * //        version                 Version OPTIONAL,
      +989  * //                                     -- if present, MUST be v2
      +990  * //        signature               AlgorithmIdentifier,
      +991  * //        issuer                  Name,
      +992  * //        thisUpdate              Time,
      +993  * //        nextUpdate              Time OPTIONAL,
      +994  * //        revokedCertificates     SEQUENCE OF SEQUENCE  {
      +995  * //             userCertificate         CertificateSerialNumber,
      +996  * //             revocationDate          Time,
      +997  * //             crlEntryExtensions      Extensions OPTIONAL
      +998  * //                                      -- if present, version MUST be v2
      +999  * //                                  }  OPTIONAL,
      +1000  * //        crlExtensions           [0]  EXPLICIT Extensions OPTIONAL
      +1001  */
      +1002 KJUR.asn1.x509.TBSCertList = function(params) {
      +1003     KJUR.asn1.x509.TBSCertList.superclass.constructor.call(this);
      +1004     var aRevokedCert = null;
       1005 
       1006     /**
      -1007      * add revoked certficate by parameter
      -1008      * @name addRevokedCert
      +1007      * set signature algorithm field by parameter
      +1008      * @name setSignatureAlgByParam
       1009      * @memberOf KJUR.asn1.x509.TBSCertList
       1010      * @function
      -1011      * @param {Array} snParam DERInteger parameter for certificate serial number
      -1012      * @param {Array} timeParam Time parameter for revocation date
      -1013      * @description
      -1014      * @example
      -1015      * tbsc.addRevokedCert({'int': 3}, {'str': '130508235959Z'});
      -1016      * @see KJUR.asn1.x509.Time
      -1017      */
      -1018     this.addRevokedCert = function(snParam, timeParam) {
      -1019         var param = {};
      -1020         if (snParam != undefined && snParam != null) param['sn'] = snParam;
      -1021         if (timeParam != undefined && timeParam != null) param['time'] = timeParam;
      -1022         var o = new KJUR.asn1.x509.CRLEntry(param);
      -1023         this.aRevokedCert.push(o);
      -1024     };
      -1025 
      -1026     this.getEncodedHex = function() {
      -1027         this.asn1Array = new Array();
      -1028 
      -1029         if (this.asn1Version != null) this.asn1Array.push(this.asn1Version);
      -1030         this.asn1Array.push(this.asn1SignatureAlg);
      -1031         this.asn1Array.push(this.asn1Issuer);
      -1032         this.asn1Array.push(this.asn1ThisUpdate);
      -1033         if (this.asn1NextUpdate != null) this.asn1Array.push(this.asn1NextUpdate);
      +1011      * @param {Array} algIdParam AlgorithmIdentifier parameter
      +1012      * @description
      +1013      * @example
      +1014      * tbsc.setSignatureAlgByParam({'name': 'SHA1withRSA'});
      +1015      */
      +1016     this.setSignatureAlgByParam = function(algIdParam) {
      +1017         this.asn1SignatureAlg = new KJUR.asn1.x509.AlgorithmIdentifier(algIdParam);
      +1018     };
      +1019 
      +1020     /**
      +1021      * set issuer name field by parameter
      +1022      * @name setIssuerByParam
      +1023      * @memberOf KJUR.asn1.x509.TBSCertList
      +1024      * @function
      +1025      * @param {Array} x500NameParam X500Name parameter
      +1026      * @description
      +1027      * @example
      +1028      * tbsc.setIssuerParam({'str': '/C=US/CN=b'});
      +1029      * @see KJUR.asn1.x509.X500Name
      +1030      */
      +1031     this.setIssuerByParam = function(x500NameParam) {
      +1032         this.asn1Issuer = new KJUR.asn1.x509.X500Name(x500NameParam);
      +1033     };
       1034 
      -1035         if (this.aRevokedCert.length > 0) {
      -1036             var seq = new KJUR.asn1.DERSequence({'array': this.aRevokedCert});
      -1037             this.asn1Array.push(seq);
      -1038         }
      -1039 
      -1040         var o = new KJUR.asn1.DERSequence({"array": this.asn1Array});
      -1041         this.hTLV = o.getEncodedHex();
      -1042         this.isModified = false;
      -1043         return this.hTLV;
      -1044     };
      -1045 
      -1046     this._initialize = function() {
      -1047         this.asn1Version = null;
      -1048         this.asn1SignatureAlg = null;
      -1049         this.asn1Issuer = null;
      -1050         this.asn1ThisUpdate = null;
      -1051         this.asn1NextUpdate = null;
      -1052         this.aRevokedCert = new Array();
      -1053     };
      -1054 
      -1055     this._initialize();
      -1056 };
      -1057 YAHOO.lang.extend(KJUR.asn1.x509.TBSCertList, KJUR.asn1.ASN1Object);
      -1058 
      -1059 /**
      -1060  * ASN.1 CRLEntry structure class for CRL
      -1061  * @name KJUR.asn1.x509.CRLEntry
      -1062  * @class ASN.1 CRLEntry structure class for CRL
      -1063  * @param {Array} params associative array of parameters (ex. {})
      -1064  * @extends KJUR.asn1.ASN1Object
      -1065  * @since 1.0.3
      -1066  * @description
      -1067  * @example
      -1068  * var e = new KJUR.asn1.x509.CRLEntry({'time': {'str': '130514235959Z'}, 'sn': {'int': 234}});
      -1069  * 
      -1070  * // revokedCertificates     SEQUENCE OF SEQUENCE  {
      -1071  * //     userCertificate         CertificateSerialNumber,
      -1072  * //     revocationDate          Time,
      -1073  * //     crlEntryExtensions      Extensions OPTIONAL
      -1074  * //                             -- if present, version MUST be v2 }
      -1075  */
      -1076 KJUR.asn1.x509.CRLEntry = function(params) {
      -1077     KJUR.asn1.x509.CRLEntry.superclass.constructor.call(this);
      -1078     var sn = null;
      -1079     var time = null;
      -1080 
      -1081     /**
      -1082      * set DERInteger parameter for serial number of revoked certificate 
      -1083      * @name setCertSerial
      -1084      * @memberOf KJUR.asn1.x509.CRLEntry
      -1085      * @function
      -1086      * @param {Array} intParam DERInteger parameter for certificate serial number
      -1087      * @description
      -1088      * @example
      -1089      * entry.setCertSerial({'int': 3});
      -1090      */
      -1091     this.setCertSerial = function(intParam) {
      -1092         this.sn = new KJUR.asn1.DERInteger(intParam);
      -1093     };
      -1094 
      -1095     /**
      -1096      * set Time parameter for revocation date
      -1097      * @name setRevocationDate
      -1098      * @memberOf KJUR.asn1.x509.CRLEntry
      -1099      * @function
      -1100      * @param {Array} timeParam Time parameter for revocation date
      -1101      * @description
      -1102      * @example
      -1103      * entry.setRevocationDate({'str': '130508235959Z'});
      -1104      */
      -1105     this.setRevocationDate = function(timeParam) {
      -1106         this.time = new KJUR.asn1.x509.Time(timeParam);
      -1107     };
      -1108 
      -1109     this.getEncodedHex = function() {
      -1110         var o = new KJUR.asn1.DERSequence({"array": [this.sn, this.time]});
      -1111         this.TLV = o.getEncodedHex();
      -1112         return this.TLV;
      -1113     };
      -1114     
      -1115     if (typeof params != "undefined") {
      -1116         if (typeof params['time'] != "undefined") {
      -1117             this.setRevocationDate(params['time']);
      -1118         }
      -1119         if (typeof params['sn'] != "undefined") {
      -1120             this.setCertSerial(params['sn']);
      -1121         }
      -1122     }
      -1123 };
      -1124 YAHOO.lang.extend(KJUR.asn1.x509.CRLEntry, KJUR.asn1.ASN1Object);
      -1125 
      -1126 // === END   CRL Related ===================================================
      -1127 
      -1128 // === BEGIN X500Name Related =================================================
      -1129 /**
      -1130  * X500Name ASN.1 structure class
      -1131  * @name KJUR.asn1.x509.X500Name
      -1132  * @class X500Name ASN.1 structure class
      -1133  * @param {Array} params associative array of parameters (ex. {'str': '/C=US/O=a'})
      -1134  * @extends KJUR.asn1.ASN1Object
      -1135  * @description
      -1136  * @example
      -1137  * // 1. construct with string
      -1138  * o = new KJUR.asn1.x509.X500Name({str: "/C=US/O=aaa/OU=bbb/CN=foo@example.com"});
      -1139  * // 2. construct by object
      -1140  * o = new KJUR.asn1.x509.X500Name({C: "US", O: "aaa", CN: "http://example.com/"});
      -1141  */
      -1142 KJUR.asn1.x509.X500Name = function(params) {
      -1143     KJUR.asn1.x509.X500Name.superclass.constructor.call(this);
      -1144     this.asn1Array = new Array();
      -1145 
      -1146     /**
      -1147      * set DN by string
      -1148      * @name setByString
      -1149      * @memberOf KJUR.asn1.x509.X500Name
      -1150      * @function
      -1151      * @param {Array} dnStr distinguished name by string (ex. /C=US/O=aaa)
      -1152      * @description
      -1153      * @example
      -1154      * name = new KJUR.asn1.x509.X500Name();
      -1155      * name.setByString("/C=US/O=aaa/OU=bbb/CN=foo@example.com");
      -1156      */
      -1157     this.setByString = function(dnStr) {
      -1158         var a = dnStr.split('/');
      -1159         a.shift();
      -1160         for (var i = 0; i < a.length; i++) {
      -1161             this.asn1Array.push(new KJUR.asn1.x509.RDN({'str':a[i]}));
      -1162         }
      -1163     };
      -1164     
      -1165     /**
      -1166      * set DN by associative array
      -1167      * @name setByObject
      -1168      * @memberOf KJUR.asn1.x509.X500Name
      -1169      * @function
      -1170      * @param {Array} dnObj associative array of DN (ex. {C: "US", O: "aaa"})
      -1171      * @since jsrsasign 4.9. asn1x509 1.0.13
      -1172      * @description
      -1173      * @example
      -1174      * name = new KJUR.asn1.x509.X500Name();
      -1175      * name.setByObject({C: "US", O: "aaa", CN="http://example.com/"1});
      -1176      */
      -1177     this.setByObject = function(dnObj) {
      -1178         // Get all the dnObject attributes and stuff them in the ASN.1 array.
      -1179         for (var x in dnObj) {
      -1180             if (dnObj.hasOwnProperty(x)) {
      -1181                 var newRDN = new KJUR.asn1.x509.RDN(
      -1182                     {'str': x + '=' + dnObj[x]});
      -1183                 // Initialize or push into the ANS1 array.
      -1184                 this.asn1Array ? this.asn1Array.push(newRDN)
      -1185                     : this.asn1Array = [newRDN];
      -1186             }
      -1187         }
      -1188     };
      -1189 
      -1190     this.getEncodedHex = function() {
      -1191         if (typeof this.hTLV == "string") return this.hTLV;
      -1192         var o = new KJUR.asn1.DERSequence({"array": this.asn1Array});
      -1193         this.hTLV = o.getEncodedHex();
      -1194         return this.hTLV;
      -1195     };
      -1196 
      -1197     if (typeof params != "undefined") {
      -1198         if (typeof params['str'] != "undefined") {
      -1199             this.setByString(params['str']);
      -1200         // If params is an object, then set the ASN1 array just using the object
      -1201         // attributes. This is nice for fields that have lots of special
      -1202         // characters (i.e. CN: 'http://www.github.com/kjur//').
      -1203         } else if (typeof params === "object") {
      -1204             this.setByObject(params);
      -1205         }
      -1206         
      -1207         if (typeof params.certissuer != "undefined") {
      -1208             var x = new X509();
      -1209             x.hex = X509.pemToHex(params.certissuer);
      -1210             this.hTLV = x.getIssuerHex();
      -1211         }
      -1212         if (typeof params.certsubject != "undefined") {
      -1213             var x = new X509();
      -1214             x.hex = X509.pemToHex(params.certsubject);
      -1215             this.hTLV = x.getSubjectHex();
      -1216         }
      -1217     }
      -1218 };
      -1219 YAHOO.lang.extend(KJUR.asn1.x509.X500Name, KJUR.asn1.ASN1Object);
      -1220 
      -1221 /**
      -1222  * RDN (Relative Distinguish Name) ASN.1 structure class
      -1223  * @name KJUR.asn1.x509.RDN
      -1224  * @class RDN (Relative Distinguish Name) ASN.1 structure class
      -1225  * @param {Array} params associative array of parameters (ex. {'str': 'C=US'})
      -1226  * @extends KJUR.asn1.ASN1Object
      -1227  * @description
      -1228  * @example
      -1229  */
      -1230 KJUR.asn1.x509.RDN = function(params) {
      -1231     KJUR.asn1.x509.RDN.superclass.constructor.call(this);
      -1232     this.asn1Array = new Array();
      -1233 
      -1234     this.addByString = function(rdnStr) {
      -1235         this.asn1Array.push(new KJUR.asn1.x509.AttributeTypeAndValue({'str':rdnStr}));
      -1236     };
      -1237 
      -1238     this.getEncodedHex = function() {
      -1239         var o = new KJUR.asn1.DERSet({"array": this.asn1Array});
      -1240         this.TLV = o.getEncodedHex();
      -1241         return this.TLV;
      -1242     };
      -1243 
      -1244     if (typeof params != "undefined") {
      -1245         if (typeof params['str'] != "undefined") {
      -1246             this.addByString(params['str']);
      -1247         }
      -1248     }
      -1249 };
      -1250 YAHOO.lang.extend(KJUR.asn1.x509.RDN, KJUR.asn1.ASN1Object);
      -1251 
      -1252 /**
      -1253  * AttributeTypeAndValue ASN.1 structure class
      -1254  * @name KJUR.asn1.x509.AttributeTypeAndValue
      -1255  * @class AttributeTypeAndValue ASN.1 structure class
      -1256  * @param {Array} params associative array of parameters (ex. {'str': 'C=US'})
      -1257  * @extends KJUR.asn1.ASN1Object
      -1258  * @description
      -1259  * @example
      -1260  */
      -1261 KJUR.asn1.x509.AttributeTypeAndValue = function(params) {
      -1262     KJUR.asn1.x509.AttributeTypeAndValue.superclass.constructor.call(this);
      -1263     var typeObj = null;
      -1264     var valueObj = null;
      -1265     var defaultDSType = "utf8";
      -1266 
      -1267     this.setByString = function(attrTypeAndValueStr) {
      -1268         var matchResult = attrTypeAndValueStr.match(/^([^=]+)=(.+)$/);
      -1269         if (matchResult) {
      -1270             this.setByAttrTypeAndValueStr(matchResult[1], matchResult[2]);
      -1271         } else {
      -1272             throw "malformed attrTypeAndValueStr: " + attrTypeAndValueStr;
      -1273         }
      -1274     };
      -1275 
      -1276     this.setByAttrTypeAndValueStr = function(shortAttrType, valueStr) {
      -1277         this.typeObj = KJUR.asn1.x509.OID.atype2obj(shortAttrType);
      -1278         var dsType = defaultDSType;
      -1279         if (shortAttrType == "C") dsType = "prn";
      -1280         this.valueObj = this.getValueObj(dsType, valueStr);
      -1281     };
      -1282 
      -1283     this.getValueObj = function(dsType, valueStr) {
      -1284         if (dsType == "utf8")   return new KJUR.asn1.DERUTF8String({"str": valueStr});
      -1285         if (dsType == "prn")    return new KJUR.asn1.DERPrintableString({"str": valueStr});
      -1286         if (dsType == "tel")    return new KJUR.asn1.DERTeletexString({"str": valueStr});
      -1287         if (dsType == "ia5")    return new KJUR.asn1.DERIA5String({"str": valueStr});
      -1288         throw "unsupported directory string type: type=" + dsType + " value=" + valueStr;
      -1289     };
      -1290 
      -1291     this.getEncodedHex = function() {
      -1292         var o = new KJUR.asn1.DERSequence({"array": [this.typeObj, this.valueObj]});
      -1293         this.TLV = o.getEncodedHex();
      -1294         return this.TLV;
      -1295     };
      -1296 
      -1297     if (typeof params != "undefined") {
      -1298         if (typeof params['str'] != "undefined") {
      -1299             this.setByString(params['str']);
      -1300         }
      -1301     }
      -1302 };
      -1303 YAHOO.lang.extend(KJUR.asn1.x509.AttributeTypeAndValue, KJUR.asn1.ASN1Object);
      -1304 
      -1305 // === END   X500Name Related =================================================
      -1306 
      -1307 // === BEGIN Other ASN1 structure class  ======================================
      -1308 
      -1309 /**
      -1310  * SubjectPublicKeyInfo ASN.1 structure class
      -1311  * @name KJUR.asn1.x509.SubjectPublicKeyInfo
      -1312  * @class SubjectPublicKeyInfo ASN.1 structure class
      -1313  * @param {Object} params parameter for subject public key
      -1314  * @extends KJUR.asn1.ASN1Object
      -1315  * @description
      -1316  * <br/>
      -1317  * As for argument 'params' for constructor, you can specify one of
      -1318  * following properties:
      -1319  * <ul>
      -1320  * <li>{@link RSAKey} object</li>
      -1321  * <li>{@link KJUR.crypto.ECDSA} object</li>
      -1322  * <li>{@link KJUR.crypto.DSA} object</li>
      -1323  * <li>(DEPRECATED)rsakey - specify {@link RSAKey} object of subject public key</li>
      -1324  * <li>(DEPRECATED)rsapem - specify a string of PEM public key of RSA key</li>
      -1325  * </ul>
      -1326  * NOTE1: 'params' can be omitted.<br/>
      -1327  * NOTE2: DSA/ECDSA key object is also supported since asn1x509 1.0.6.<br/>
      -1328  * <h4>EXAMPLE</h4>
      -1329  * @example
      -1330  * var spki = new KJUR.asn1.x509.SubjectPublicKeyInfo(RSAKey_object);
      -1331  * var spki = new KJUR.asn1.x509.SubjectPublicKeyInfo(KJURcryptoECDSA_object);
      -1332  * var spki = new KJUR.asn1.x509.SubjectPublicKeyInfo(KJURcryptoDSA_object);
      -1333  */
      -1334 KJUR.asn1.x509.SubjectPublicKeyInfo = function(params) {
      -1335     KJUR.asn1.x509.SubjectPublicKeyInfo.superclass.constructor.call(this);
      -1336     var asn1AlgId = null;
      -1337     var asn1SubjPKey = null;
      -1338     var rsaKey = null;
      -1339 
      -1340     /**
      -1341      * (DEPRECATED) set RSAKey object as subject public key
      -1342      * @name setRSAKey
      -1343      * @memberOf KJUR.asn1.x509.SubjectPublicKeyInfo
      -1344      * @function
      -1345      * @param {RSAKey} rsaKey {@link RSAKey} object for RSA public key
      -1346      * @description
      -1347      * @deprecated
      -1348      * @example
      -1349      * spki.setRSAKey(rsaKey);
      -1350      */
      -1351     this.setRSAKey = function(rsaKey) {
      -1352         if (! RSAKey.prototype.isPrototypeOf(rsaKey))
      -1353             throw "argument is not RSAKey instance";
      -1354         this.rsaKey = rsaKey;
      -1355         var asn1RsaN = new KJUR.asn1.DERInteger({'bigint': rsaKey.n});
      -1356         var asn1RsaE = new KJUR.asn1.DERInteger({'int': rsaKey.e});
      -1357         var asn1RsaPub = new KJUR.asn1.DERSequence({'array': [asn1RsaN, asn1RsaE]});
      -1358         var rsaKeyHex = asn1RsaPub.getEncodedHex();
      -1359         this.asn1AlgId = new KJUR.asn1.x509.AlgorithmIdentifier({'name':'rsaEncryption'});
      -1360         this.asn1SubjPKey = new KJUR.asn1.DERBitString({'hex':'00'+rsaKeyHex});
      -1361     };
      -1362 
      -1363     /**
      -1364      * (DEPRECATED) set a PEM formatted RSA public key string as RSA public key
      -1365      * @name setRSAPEM
      -1366      * @memberOf KJUR.asn1.x509.SubjectPublicKeyInfo
      -1367      * @function
      -1368      * @param {String} rsaPubPEM PEM formatted RSA public key string
      -1369      * @deprecated
      -1370      * @description
      -1371      * @example
      -1372      * spki.setRSAPEM(rsaPubPEM);
      -1373      */
      -1374     this.setRSAPEM = function(rsaPubPEM) {
      -1375         if (rsaPubPEM.match(/-----BEGIN PUBLIC KEY-----/)) {
      -1376             var s = rsaPubPEM;
      -1377             s = s.replace(/^-----[^-]+-----/, '');
      -1378             s = s.replace(/-----[^-]+-----\s*$/, '');
      -1379             var rsaB64 = s.replace(/\s+/g, '');
      -1380             var rsaWA = CryptoJS.enc.Base64.parse(rsaB64);
      -1381             var rsaP8Hex = CryptoJS.enc.Hex.stringify(rsaWA);
      -1382             var a = _rsapem_getHexValueArrayOfChildrenFromHex(rsaP8Hex);
      -1383             var hBitStrVal = a[1];
      -1384             var rsaHex = hBitStrVal.substr(2);
      -1385             var a3 = _rsapem_getHexValueArrayOfChildrenFromHex(rsaHex);
      -1386             var rsaKey = new RSAKey();
      -1387             rsaKey.setPublic(a3[0], a3[1]);
      -1388             this.setRSAKey(rsaKey);
      -1389         } else {
      -1390             throw "key not supported";
      -1391         }
      -1392     };
      -1393 
      -1394     /*
      -1395      * @since asn1x509 1.0.7
      -1396      */
      -1397     this.getASN1Object = function() {
      -1398         if (this.asn1AlgId == null || this.asn1SubjPKey == null)
      -1399             throw "algId and/or subjPubKey not set";
      -1400         var o = new KJUR.asn1.DERSequence({'array':
      -1401                                            [this.asn1AlgId, this.asn1SubjPKey]});
      -1402         return o;
      -1403     };
      -1404 
      -1405     this.getEncodedHex = function() {
      -1406         var o = this.getASN1Object();
      -1407         this.hTLV = o.getEncodedHex();
      -1408         return this.hTLV;
      -1409     };
      -1410 
      -1411     this._setRSAKey = function(key) {
      -1412         var asn1RsaPub = KJUR.asn1.ASN1Util.newObject({
      -1413             'seq': [{'int': {'bigint': key.n}}, {'int': {'int': key.e}}]
      -1414         });
      -1415         var rsaKeyHex = asn1RsaPub.getEncodedHex();
      -1416         this.asn1AlgId = new KJUR.asn1.x509.AlgorithmIdentifier({'name':'rsaEncryption'});
      -1417         this.asn1SubjPKey = new KJUR.asn1.DERBitString({'hex':'00'+rsaKeyHex});
      -1418     };
      -1419 
      -1420     this._setEC = function(key) {
      -1421         var asn1Params = new KJUR.asn1.DERObjectIdentifier({'name': key.curveName});
      -1422         this.asn1AlgId = 
      -1423             new KJUR.asn1.x509.AlgorithmIdentifier({'name': 'ecPublicKey',
      -1424                                                     'asn1params': asn1Params});
      -1425         this.asn1SubjPKey = new KJUR.asn1.DERBitString({'hex': '00' + key.pubKeyHex});
      -1426     };
      -1427 
      -1428     this._setDSA = function(key) {
      -1429         var asn1Params = new KJUR.asn1.ASN1Util.newObject({
      -1430             'seq': [{'int': {'bigint': key.p}},
      -1431                     {'int': {'bigint': key.q}},
      -1432                     {'int': {'bigint': key.g}}]
      -1433         });
      -1434         this.asn1AlgId = 
      -1435             new KJUR.asn1.x509.AlgorithmIdentifier({'name': 'dsa',
      -1436                                                     'asn1params': asn1Params});
      -1437         var pubInt = new KJUR.asn1.DERInteger({'bigint': key.y});
      -1438         this.asn1SubjPKey = new KJUR.asn1.DERBitString({'hex': '00' + pubInt.getEncodedHex()});
      -1439     };
      -1440 
      -1441     if (typeof params != "undefined") {
      -1442         if (typeof RSAKey != 'undefined' && params instanceof RSAKey) {
      -1443             this._setRSAKey(params);
      -1444         } else if (typeof KJUR.crypto.ECDSA != 'undefined' &&
      -1445                    params instanceof KJUR.crypto.ECDSA) {
      -1446             this._setEC(params);
      -1447         } else if (typeof KJUR.crypto.DSA != 'undefined' &&
      -1448                    params instanceof KJUR.crypto.DSA) {
      -1449             this._setDSA(params);
      -1450         } else if (typeof params['rsakey'] != "undefined") {
      -1451             this.setRSAKey(params['rsakey']);
      -1452         } else if (typeof params['rsapem'] != "undefined") {
      -1453             this.setRSAPEM(params['rsapem']);
      -1454         }
      -1455     }
      -1456 };
      -1457 YAHOO.lang.extend(KJUR.asn1.x509.SubjectPublicKeyInfo, KJUR.asn1.ASN1Object);
      -1458 
      -1459 /**
      -1460  * Time ASN.1 structure class
      -1461  * @name KJUR.asn1.x509.Time
      -1462  * @class Time ASN.1 structure class
      -1463  * @param {Array} params associative array of parameters (ex. {'str': '130508235959Z'})
      -1464  * @extends KJUR.asn1.ASN1Object
      -1465  * @description
      -1466  * <br/>
      -1467  * <h4>EXAMPLES</h4>
      -1468  * @example
      -1469  * var t1 = new KJUR.asn1.x509.Time{'str': '130508235959Z'} // UTCTime by default
      -1470  * var t2 = new KJUR.asn1.x509.Time{'type': 'gen',  'str': '20130508235959Z'} // GeneralizedTime
      -1471  */
      -1472 KJUR.asn1.x509.Time = function(params) {
      -1473     KJUR.asn1.x509.Time.superclass.constructor.call(this);
      -1474     var type = null;
      -1475     var timeParams = null;
      -1476 
      -1477     this.setTimeParams = function(timeParams) {
      -1478         this.timeParams = timeParams;
      -1479     }
      -1480 
      -1481     this.getEncodedHex = function() {
      -1482         var o = null;
      +1035     /**
      +1036      * set thisUpdate field by parameter
      +1037      * @name setThisUpdateByParam
      +1038      * @memberOf KJUR.asn1.x509.TBSCertList
      +1039      * @function
      +1040      * @param {Array} timeParam Time parameter
      +1041      * @description
      +1042      * @example
      +1043      * tbsc.setThisUpdateByParam({'str': '130508235959Z'});
      +1044      * @see KJUR.asn1.x509.Time
      +1045      */
      +1046     this.setThisUpdateByParam = function(timeParam) {
      +1047         this.asn1ThisUpdate = new KJUR.asn1.x509.Time(timeParam);
      +1048     };
      +1049 
      +1050     /**
      +1051      * set nextUpdate field by parameter
      +1052      * @name setNextUpdateByParam
      +1053      * @memberOf KJUR.asn1.x509.TBSCertList
      +1054      * @function
      +1055      * @param {Array} timeParam Time parameter
      +1056      * @description
      +1057      * @example
      +1058      * tbsc.setNextUpdateByParam({'str': '130508235959Z'});
      +1059      * @see KJUR.asn1.x509.Time
      +1060      */
      +1061     this.setNextUpdateByParam = function(timeParam) {
      +1062         this.asn1NextUpdate = new KJUR.asn1.x509.Time(timeParam);
      +1063     };
      +1064 
      +1065     /**
      +1066      * add revoked certficate by parameter
      +1067      * @name addRevokedCert
      +1068      * @memberOf KJUR.asn1.x509.TBSCertList
      +1069      * @function
      +1070      * @param {Array} snParam DERInteger parameter for certificate serial number
      +1071      * @param {Array} timeParam Time parameter for revocation date
      +1072      * @description
      +1073      * @example
      +1074      * tbsc.addRevokedCert({'int': 3}, {'str': '130508235959Z'});
      +1075      * @see KJUR.asn1.x509.Time
      +1076      */
      +1077     this.addRevokedCert = function(snParam, timeParam) {
      +1078         var param = {};
      +1079         if (snParam != undefined && snParam != null) param['sn'] = snParam;
      +1080         if (timeParam != undefined && timeParam != null) param['time'] = timeParam;
      +1081         var o = new KJUR.asn1.x509.CRLEntry(param);
      +1082         this.aRevokedCert.push(o);
      +1083     };
      +1084 
      +1085     this.getEncodedHex = function() {
      +1086         this.asn1Array = new Array();
      +1087 
      +1088         if (this.asn1Version != null) this.asn1Array.push(this.asn1Version);
      +1089         this.asn1Array.push(this.asn1SignatureAlg);
      +1090         this.asn1Array.push(this.asn1Issuer);
      +1091         this.asn1Array.push(this.asn1ThisUpdate);
      +1092         if (this.asn1NextUpdate != null) this.asn1Array.push(this.asn1NextUpdate);
      +1093 
      +1094         if (this.aRevokedCert.length > 0) {
      +1095             var seq = new KJUR.asn1.DERSequence({'array': this.aRevokedCert});
      +1096             this.asn1Array.push(seq);
      +1097         }
      +1098 
      +1099         var o = new KJUR.asn1.DERSequence({"array": this.asn1Array});
      +1100         this.hTLV = o.getEncodedHex();
      +1101         this.isModified = false;
      +1102         return this.hTLV;
      +1103     };
      +1104 
      +1105     this._initialize = function() {
      +1106         this.asn1Version = null;
      +1107         this.asn1SignatureAlg = null;
      +1108         this.asn1Issuer = null;
      +1109         this.asn1ThisUpdate = null;
      +1110         this.asn1NextUpdate = null;
      +1111         this.aRevokedCert = new Array();
      +1112     };
      +1113 
      +1114     this._initialize();
      +1115 };
      +1116 YAHOO.lang.extend(KJUR.asn1.x509.TBSCertList, KJUR.asn1.ASN1Object);
      +1117 
      +1118 /**
      +1119  * ASN.1 CRLEntry structure class for CRL
      +1120  * @name KJUR.asn1.x509.CRLEntry
      +1121  * @class ASN.1 CRLEntry structure class for CRL
      +1122  * @param {Array} params associative array of parameters (ex. {})
      +1123  * @extends KJUR.asn1.ASN1Object
      +1124  * @since 1.0.3
      +1125  * @description
      +1126  * @example
      +1127  * var e = new KJUR.asn1.x509.CRLEntry({'time': {'str': '130514235959Z'}, 'sn': {'int': 234}});
      +1128  *
      +1129  * // revokedCertificates     SEQUENCE OF SEQUENCE  {
      +1130  * //     userCertificate         CertificateSerialNumber,
      +1131  * //     revocationDate          Time,
      +1132  * //     crlEntryExtensions      Extensions OPTIONAL
      +1133  * //                             -- if present, version MUST be v2 }
      +1134  */
      +1135 KJUR.asn1.x509.CRLEntry = function(params) {
      +1136     KJUR.asn1.x509.CRLEntry.superclass.constructor.call(this);
      +1137     var sn = null;
      +1138     var time = null;
      +1139 
      +1140     /**
      +1141      * set DERInteger parameter for serial number of revoked certificate
      +1142      * @name setCertSerial
      +1143      * @memberOf KJUR.asn1.x509.CRLEntry
      +1144      * @function
      +1145      * @param {Array} intParam DERInteger parameter for certificate serial number
      +1146      * @description
      +1147      * @example
      +1148      * entry.setCertSerial({'int': 3});
      +1149      */
      +1150     this.setCertSerial = function(intParam) {
      +1151         this.sn = new KJUR.asn1.DERInteger(intParam);
      +1152     };
      +1153 
      +1154     /**
      +1155      * set Time parameter for revocation date
      +1156      * @name setRevocationDate
      +1157      * @memberOf KJUR.asn1.x509.CRLEntry
      +1158      * @function
      +1159      * @param {Array} timeParam Time parameter for revocation date
      +1160      * @description
      +1161      * @example
      +1162      * entry.setRevocationDate({'str': '130508235959Z'});
      +1163      */
      +1164     this.setRevocationDate = function(timeParam) {
      +1165         this.time = new KJUR.asn1.x509.Time(timeParam);
      +1166     };
      +1167 
      +1168     this.getEncodedHex = function() {
      +1169         var o = new KJUR.asn1.DERSequence({"array": [this.sn, this.time]});
      +1170         this.TLV = o.getEncodedHex();
      +1171         return this.TLV;
      +1172     };
      +1173 
      +1174     if (typeof params != "undefined") {
      +1175         if (typeof params['time'] != "undefined") {
      +1176             this.setRevocationDate(params['time']);
      +1177         }
      +1178         if (typeof params['sn'] != "undefined") {
      +1179             this.setCertSerial(params['sn']);
      +1180         }
      +1181     }
      +1182 };
      +1183 YAHOO.lang.extend(KJUR.asn1.x509.CRLEntry, KJUR.asn1.ASN1Object);
      +1184 
      +1185 // === END   CRL Related ===================================================
      +1186 
      +1187 // === BEGIN X500Name Related =================================================
      +1188 /**
      +1189  * X500Name ASN.1 structure class
      +1190  * @name KJUR.asn1.x509.X500Name
      +1191  * @class X500Name ASN.1 structure class
      +1192  * @param {Array} params associative array of parameters (ex. {'str': '/C=US/O=a'})
      +1193  * @extends KJUR.asn1.ASN1Object
      +1194  * @see KJUR.asn1.x509.X500Name
      +1195  * @see KJUR.asn1.x509.RDN
      +1196  * @see KJUR.asn1.x509.AttributeTypeAndValue
      +1197  * @description
      +1198  * This class provides DistinguishedName ASN.1 class structure
      +1199  * defined in <a href="https://tools.ietf.org/html/rfc2253#section-2">RFC 2253 section 2</a>.
      +1200  * <blockquote><pre>
      +1201  * DistinguishedName ::= RDNSequence
      +1202  *
      +1203  * RDNSequence ::= SEQUENCE OF RelativeDistinguishedName
      +1204  *
      +1205  * RelativeDistinguishedName ::= SET SIZE (1..MAX) OF
      +1206  *   AttributeTypeAndValue
      +1207  *
      +1208  * AttributeTypeAndValue ::= SEQUENCE {
      +1209  *   type  AttributeType,
      +1210  *   value AttributeValue }
      +1211  * </pre></blockquote>
      +1212  * <br/>
      +1213  * For string representation of distinguished name in jsrsasign,
      +1214  * OpenSSL oneline format is used. Please see <a href="https://github.com/kjur/jsrsasign/wiki/NOTE-distinguished-name-representation-in-jsrsasign">wiki article</a> for it.
      +1215  * <br/>
      +1216  * NOTE: Multi-valued RDN is supported since jsrsasign 6.2.1 asn1x509 1.0.17.
      +1217  * @example
      +1218  * // 1. construct with string
      +1219  * o = new KJUR.asn1.x509.X500Name({str: "/C=US/O=aaa/OU=bbb/CN=foo@example.com"});
      +1220  * // 2. construct by object
      +1221  * o = new KJUR.asn1.x509.X500Name({C: "US", O: "aaa", CN: "http://example.com/"});
      +1222  */
      +1223 KJUR.asn1.x509.X500Name = function(params) {
      +1224     KJUR.asn1.x509.X500Name.superclass.constructor.call(this);
      +1225     this.asn1Array = new Array();
      +1226 
      +1227     /**
      +1228      * set DN by string
      +1229      * @name setByString
      +1230      * @memberOf KJUR.asn1.x509.X500Name#
      +1231      * @function
      +1232      * @param {Array} dnStr distinguished name by string (ex. /C=US/O=aaa)
      +1233      * @description
      +1234      * @example
      +1235      * name = new KJUR.asn1.x509.X500Name();
      +1236      * name.setByString("/C=US/O=aaa/OU=bbb/CN=foo@example.com");
      +1237      */
      +1238     this.setByString = function(dnStr) {
      +1239         var a = dnStr.split('/');
      +1240         a.shift();
      +1241         for (var i = 0; i < a.length; i++) {
      +1242             this.asn1Array.push(new KJUR.asn1.x509.RDN({'str':a[i]}));
      +1243         }
      +1244     };
      +1245 
      +1246     /**
      +1247      * set DN by associative array
      +1248      * @name setByObject
      +1249      * @memberOf KJUR.asn1.x509.X500Name#
      +1250      * @function
      +1251      * @param {Array} dnObj associative array of DN (ex. {C: "US", O: "aaa"})
      +1252      * @since jsrsasign 4.9. asn1x509 1.0.13
      +1253      * @description
      +1254      * @example
      +1255      * name = new KJUR.asn1.x509.X500Name();
      +1256      * name.setByObject({C: "US", O: "aaa", CN="http://example.com/"1});
      +1257      */
      +1258     this.setByObject = function(dnObj) {
      +1259         // Get all the dnObject attributes and stuff them in the ASN.1 array.
      +1260         for (var x in dnObj) {
      +1261             if (dnObj.hasOwnProperty(x)) {
      +1262                 var newRDN = new KJUR.asn1.x509.RDN(
      +1263                     {'str': x + '=' + dnObj[x]});
      +1264                 // Initialize or push into the ANS1 array.
      +1265                 this.asn1Array ? this.asn1Array.push(newRDN)
      +1266                     : this.asn1Array = [newRDN];
      +1267             }
      +1268         }
      +1269     };
      +1270 
      +1271     this.getEncodedHex = function() {
      +1272         if (typeof this.hTLV == "string") return this.hTLV;
      +1273         var o = new KJUR.asn1.DERSequence({"array": this.asn1Array});
      +1274         this.hTLV = o.getEncodedHex();
      +1275         return this.hTLV;
      +1276     };
      +1277 
      +1278     if (typeof params != "undefined") {
      +1279         if (typeof params['str'] != "undefined") {
      +1280             this.setByString(params['str']);
      +1281         // If params is an object, then set the ASN1 array just using the object
      +1282         // attributes. This is nice for fields that have lots of special
      +1283         // characters (i.e. CN: 'http://www.github.com/kjur//').
      +1284         } else if (typeof params === "object") {
      +1285             this.setByObject(params);
      +1286         }
      +1287 
      +1288         if (typeof params.certissuer != "undefined") {
      +1289             var x = new X509();
      +1290             x.hex = X509.pemToHex(params.certissuer);
      +1291             this.hTLV = x.getIssuerHex();
      +1292         }
      +1293         if (typeof params.certsubject != "undefined") {
      +1294             var x = new X509();
      +1295             x.hex = X509.pemToHex(params.certsubject);
      +1296             this.hTLV = x.getSubjectHex();
      +1297         }
      +1298     }
      +1299 };
      +1300 YAHOO.lang.extend(KJUR.asn1.x509.X500Name, KJUR.asn1.ASN1Object);
      +1301 
      +1302 /**
      +1303  * RDN (Relative Distinguished Name) ASN.1 structure class
      +1304  * @name KJUR.asn1.x509.RDN
      +1305  * @class RDN (Relative Distinguished Name) ASN.1 structure class
      +1306  * @param {Array} params associative array of parameters (ex. {'str': 'C=US'})
      +1307  * @extends KJUR.asn1.ASN1Object
      +1308  * @see KJUR.asn1.x509.X500Name
      +1309  * @see KJUR.asn1.x509.RDN
      +1310  * @see KJUR.asn1.x509.AttributeTypeAndValue
      +1311  * @description
      +1312  * This class provides RelativeDistinguishedName ASN.1 class structure
      +1313  * defined in <a href="https://tools.ietf.org/html/rfc2253#section-2">RFC 2253 section 2</a>.
      +1314  * <blockquote><pre>
      +1315  * RelativeDistinguishedName ::= SET SIZE (1..MAX) OF
      +1316  *   AttributeTypeAndValue
      +1317  *
      +1318  * AttributeTypeAndValue ::= SEQUENCE {
      +1319  *   type  AttributeType,
      +1320  *   value AttributeValue }
      +1321  * </pre></blockquote>
      +1322  * <br/>
      +1323  * NOTE: Multi-valued RDN is supported since jsrsasign 6.2.1 asn1x509 1.0.17.
      +1324  * @example
      +1325  * rdn = new KJUR.asn1.x509.RDN({str: "CN=test"});
      +1326  * rdn = new KJUR.asn1.x509.RDN({str: "O=a+O=bb+O=c"}); // multi-valued
      +1327  * rdn = new KJUR.asn1.x509.RDN({str: "O=a+O=b\\+b+O=c"}); // plus escaped
      +1328  * rdn = new KJUR.asn1.x509.RDN({str: "O=a+O=\"b+b\"+O=c"}); // double quoted
      +1329  */
      +1330 KJUR.asn1.x509.RDN = function(params) {
      +1331     KJUR.asn1.x509.RDN.superclass.constructor.call(this);
      +1332     this.asn1Array = new Array();
      +1333 
      +1334     /**
      +1335      * add one AttributeTypeAndValue by string<br/>
      +1336      * @name addByString
      +1337      * @memberOf KJUR.asn1.x509.RDN#
      +1338      * @function
      +1339      * @param {String} s string of AttributeTypeAndValue
      +1340      * @return {Object} unspecified
      +1341      * @description
      +1342      * This method add one AttributeTypeAndValue to RDN object.
      +1343      * @example
      +1344      * rdn = new KJUR.asn1.x509.RDN();
      +1345      * rdn.addByString("CN=john");
      +1346      * rdn.addByString("serialNumber=1234"); // for multi-valued RDN
      +1347      */
      +1348     this.addByString = function(s) {
      +1349         this.asn1Array.push(new KJUR.asn1.x509.AttributeTypeAndValue({'str': s}));
      +1350     };
      +1351 
      +1352     /**
      +1353      * add one AttributeTypeAndValue by multi-valued string<br/>
      +1354      * @name addByMultiValuedString
      +1355      * @memberOf KJUR.asn1.x509.RDN#
      +1356      * @function
      +1357      * @param {String} s string of multi-valued RDN
      +1358      * @return {Object} unspecified
      +1359      * @since jsrsasign 6.2.1 asn1x509 1.0.17
      +1360      * @description
      +1361      * This method add multi-valued RDN to RDN object.
      +1362      * @example
      +1363      * rdn = new KJUR.asn1.x509.RDN();
      +1364      * rdn.addByMultiValuedString("CN=john+O=test");
      +1365      * rdn.addByMultiValuedString("O=a+O=b\+b\+b+O=c"); // multi-valued RDN with quoted plus
      +1366      * rdn.addByMultiValuedString("O=a+O=\"b+b+b\"+O=c"); // multi-valued RDN with quoted quotation
      +1367      */
      +1368     this.addByMultiValuedString = function(s) {
      +1369 	var a = KJUR.asn1.x509.RDN.parseString(s);
      +1370 	for (var i = 0; i < a.length; i++) {
      +1371 	    this.addByString(a[i]);
      +1372 	}
      +1373     };
      +1374 
      +1375     this.getEncodedHex = function() {
      +1376         var o = new KJUR.asn1.DERSet({"array": this.asn1Array});
      +1377         this.TLV = o.getEncodedHex();
      +1378         return this.TLV;
      +1379     };
      +1380 
      +1381     if (typeof params != "undefined") {
      +1382         if (typeof params['str'] != "undefined") {
      +1383             this.addByMultiValuedString(params['str']);
      +1384         }
      +1385     }
      +1386 };
      +1387 YAHOO.lang.extend(KJUR.asn1.x509.RDN, KJUR.asn1.ASN1Object);
      +1388 
      +1389 /**
      +1390  * parse multi-valued RDN string and split into array of 'AttributeTypeAndValue'<br/>
      +1391  * @name parseString
      +1392  * @memberOf KJUR.asn1.x509.RDN
      +1393  * @function
      +1394  * @param {String} s multi-valued string of RDN
      +1395  * @return {Array} array of string of AttributeTypeAndValue
      +1396  * @since jsrsasign 6.2.1 asn1x509 1.0.17
      +1397  * @description
      +1398  * This static method parses multi-valued RDN string and split into
      +1399  * array of AttributeTypeAndValue.
      +1400  * @example
      +1401  * KJUR.asn1.x509.RDN.parseString("CN=john") → ["CN=john"]
      +1402  * KJUR.asn1.x509.RDN.parseString("CN=john+OU=test") → ["CN=john", "OU=test"]
      +1403  * KJUR.asn1.x509.RDN.parseString('CN="jo+hn"+OU=test') → ["CN=jo+hn", "OU=test"]
      +1404  * KJUR.asn1.x509.RDN.parseString('CN=jo\+hn+OU=test') → ["CN=jo+hn", "OU=test"]
      +1405  * KJUR.asn1.x509.RDN.parseString("CN=john+OU=test+OU=t1") → ["CN=john", "OU=test", "OU=t1"]
      +1406  */
      +1407 KJUR.asn1.x509.RDN.parseString = function(s) {
      +1408     var a = s.split(/\+/);
      +1409 
      +1410     // join \+
      +1411     var isBSbefore = false;
      +1412     var a2 = [];
      +1413     for (var i = 0; a.length > 0; i++) {
      +1414 	var item = a.shift();
      +1415 	//console.log("item=" + item);
      +1416 
      +1417 	if (isBSbefore === true) {
      +1418 	    var a2last = a2.pop();
      +1419 	    var newitem = (a2last + "+" + item).replace(/\\\+/g, "+");
      +1420 	    a2.push(newitem);
      +1421 	    isBSbefore = false;
      +1422 	} else {
      +1423 	    a2.push(item);
      +1424 	}
      +1425 
      +1426 	if (item.substr(-1, 1) === "\\") isBSbefore = true;
      +1427     }
      +1428 
      +1429     // join quote
      +1430     var beginQuote = false;
      +1431     var a3 = [];
      +1432     for (var i = 0; a2.length > 0; i++) {
      +1433 	var item = a2.shift();
      +1434 
      +1435 	if (beginQuote === true) {
      +1436 	    var a3last = a3.pop();
      +1437 	    if (item.match(/"$/)) {
      +1438 		var newitem = (a3last + "+" + item).replace(/^([^=]+)="(.*)"$/, "$1=$2");
      +1439 		a3.push(newitem);
      +1440 		beginQuote = false;
      +1441 	    } else {
      +1442 		a3.push(a3last + "+" + item);
      +1443 	    }
      +1444 	} else {
      +1445 	    a3.push(item);
      +1446 	}
      +1447 
      +1448 	if (item.match(/^[^=]+="/)) {
      +1449 	    //console.log(i + "=" + item);
      +1450 	    beginQuote = true;
      +1451 	}
      +1452     }
      +1453 
      +1454     return a3;
      +1455 };
      +1456 
      +1457 /**
      +1458  * AttributeTypeAndValue ASN.1 structure class
      +1459  * @name KJUR.asn1.x509.AttributeTypeAndValue
      +1460  * @class AttributeTypeAndValue ASN.1 structure class
      +1461  * @param {Array} params associative array of parameters (ex. {'str': 'C=US'})
      +1462  * @extends KJUR.asn1.ASN1Object
      +1463  * @description
      +1464  * @see KJUR.asn1.x509.X500Name
      +1465  * @see KJUR.asn1.x509.RDN
      +1466  * @see KJUR.asn1.x509.AttributeTypeAndValue
      +1467  * @example
      +1468  */
      +1469 KJUR.asn1.x509.AttributeTypeAndValue = function(params) {
      +1470     KJUR.asn1.x509.AttributeTypeAndValue.superclass.constructor.call(this);
      +1471     var typeObj = null;
      +1472     var valueObj = null;
      +1473     var defaultDSType = "utf8";
      +1474 
      +1475     this.setByString = function(attrTypeAndValueStr) {
      +1476         var matchResult = attrTypeAndValueStr.match(/^([^=]+)=(.+)$/);
      +1477         if (matchResult) {
      +1478             this.setByAttrTypeAndValueStr(matchResult[1], matchResult[2]);
      +1479         } else {
      +1480             throw "malformed attrTypeAndValueStr: " + attrTypeAndValueStr;
      +1481         }
      +1482     };
       1483 
      -1484         if (this.timeParams != null) {
      -1485             if (this.type == "utc") {
      -1486                 o = new KJUR.asn1.DERUTCTime(this.timeParams);
      -1487             } else {
      -1488                 o = new KJUR.asn1.DERGeneralizedTime(this.timeParams);
      -1489             }
      -1490         } else {
      -1491             if (this.type == "utc") {
      -1492                 o = new KJUR.asn1.DERUTCTime();
      -1493             } else {
      -1494                 o = new KJUR.asn1.DERGeneralizedTime();
      -1495             }
      -1496         }
      -1497         this.TLV = o.getEncodedHex();
      -1498         return this.TLV;
      -1499     };
      -1500     
      -1501     this.type = "utc";
      -1502     if (typeof params != "undefined") {
      -1503         if (typeof params.type != "undefined") {
      -1504             this.type = params.type;
      -1505         } else {
      -1506             if (typeof params.str != "undefined") {
      -1507                 if (params.str.match(/^[0-9]{12}Z$/)) this.type = "utc";
      -1508                 if (params.str.match(/^[0-9]{14}Z$/)) this.type = "gen";
      -1509             }
      -1510         }
      -1511         this.timeParams = params;
      -1512     }
      -1513 };
      -1514 YAHOO.lang.extend(KJUR.asn1.x509.Time, KJUR.asn1.ASN1Object);
      -1515 
      -1516 /**
      -1517  * AlgorithmIdentifier ASN.1 structure class
      -1518  * @name KJUR.asn1.x509.AlgorithmIdentifier
      -1519  * @class AlgorithmIdentifier ASN.1 structure class
      -1520  * @param {Array} params associative array of parameters (ex. {'name': 'SHA1withRSA'})
      -1521  * @extends KJUR.asn1.ASN1Object
      -1522  * @description
      -1523  * @example
      -1524  * algId1 = new KJUR.asn1.x509.AlgorithmIdentifier({name: "sha1"});
      -1525  */
      -1526 KJUR.asn1.x509.AlgorithmIdentifier = function(params) {
      -1527     KJUR.asn1.x509.AlgorithmIdentifier.superclass.constructor.call(this);
      -1528     var nameAlg = null;
      -1529     var asn1Alg = null;
      -1530     var asn1Params = null;
      -1531     var paramEmpty = false;
      -1532 
      -1533     this.getEncodedHex = function() {
      -1534         if (this.nameAlg == null && this.asn1Alg == null) {
      -1535             throw "algorithm not specified";
      -1536         }
      -1537         if (this.nameAlg != null && this.asn1Alg == null) {
      -1538             this.asn1Alg = KJUR.asn1.x509.OID.name2obj(this.nameAlg);
      -1539         }
      -1540         var a = [this.asn1Alg];
      -1541         if (! this.paramEmpty) a.push(this.asn1Params);
      -1542         var o = new KJUR.asn1.DERSequence({'array': a});
      -1543         this.hTLV = o.getEncodedHex();
      -1544         return this.hTLV;
      -1545     };
      -1546 
      -1547     if (typeof params != "undefined") {
      -1548         if (typeof params['name'] != "undefined") {
      -1549             this.nameAlg = params['name'];
      -1550         }
      -1551         if (typeof params['asn1params'] != "undefined") {
      -1552             this.asn1Params = params['asn1params'];
      -1553         }
      -1554         if (typeof params['paramempty'] != "undefined") {
      -1555             this.paramEmpty = params['paramempty'];
      -1556         }
      -1557     }
      -1558     if (this.asn1Params == null) {
      -1559         this.asn1Params = new KJUR.asn1.DERNull();
      -1560     }
      -1561 };
      -1562 YAHOO.lang.extend(KJUR.asn1.x509.AlgorithmIdentifier, KJUR.asn1.ASN1Object);
      -1563 
      -1564 /**
      -1565  * GeneralName ASN.1 structure class
      -1566  * @name KJUR.asn1.x509.GeneralName
      -1567  * @class GeneralName ASN.1 structure class
      -1568  * @description
      -1569  * <br/>
      -1570  * As for argument 'params' for constructor, you can specify one of
      -1571  * following properties:
      -1572  * <ul>
      -1573  * <li>rfc822 - rfc822Name[1] (ex. user1@foo.com)</li>
      -1574  * <li>dns - dNSName[2] (ex. foo.com)</li>
      -1575  * <li>uri - uniformResourceIdentifier[6] (ex. http://foo.com/)</li>
      -1576  * <li>certissuer - directoryName[4] (PEM or hex string of cert)</li>
      -1577  * <li>certsubj - directoryName[4] (PEM or hex string of cert)</li>
      -1578  * </ul>
      -1579  * NOTE1: certissuer and certsubj is supported since asn1x509 1.0.10.
      -1580  *
      -1581  * Here is definition of the ASN.1 syntax:
      -1582  * <pre>
      -1583  * -- NOTE: under the CHOICE, it will always be explicit.
      -1584  * GeneralName ::= CHOICE {
      -1585  *         otherName                       [0]     OtherName,
      -1586  *         rfc822Name                      [1]     IA5String,
      -1587  *         dNSName                         [2]     IA5String,
      -1588  *         x400Address                     [3]     ORAddress,
      -1589  *         directoryName                   [4]     Name,
      -1590  *         ediPartyName                    [5]     EDIPartyName,
      -1591  *         uniformResourceIdentifier       [6]     IA5String,
      -1592  *         iPAddress                       [7]     OCTET STRING,
      -1593  *         registeredID                    [8]     OBJECT IDENTIFIER } 
      -1594  * </pre>
      -1595  *
      -1596  * 
      -1597  *
      -1598  * @example
      -1599  * gn = new KJUR.asn1.x509.GeneralName({rfc822:      'test@aaa.com'});
      -1600  * gn = new KJUR.asn1.x509.GeneralName({dns:         'aaa.com'});
      -1601  * gn = new KJUR.asn1.x509.GeneralName({uri:         'http://aaa.com/'});
      -1602  * gn = new KJUR.asn1.x509.GeneralName({certissuer:  certPEM});
      -1603  * gn = new KJUR.asn1.x509.GeneralName({certsubj:    certPEM});
      -1604  */
      -1605 KJUR.asn1.x509.GeneralName = function(params) {
      -1606     KJUR.asn1.x509.GeneralName.superclass.constructor.call(this);
      -1607     var asn1Obj = null;
      -1608     var type = null;
      -1609     var pTag = {rfc822: '81', dns: '82', dn: 'a4',  uri: '86'};
      -1610     this.explicit = false;
      -1611 
      -1612     this.setByParam = function(params) {
      -1613         var str = null;
      -1614         var v = null;
      -1615 
      -1616 		if (typeof params == "undefined") return;
      -1617 		
      -1618         if (typeof params.rfc822 != "undefined") {
      -1619             this.type = 'rfc822';
      -1620             v = new KJUR.asn1.DERIA5String({'str': params[this.type]});
      -1621         }
      -1622         if (typeof params.dns != "undefined") {
      -1623             this.type = 'dns';
      -1624             v = new KJUR.asn1.DERIA5String({'str': params[this.type]});
      -1625         }
      -1626         if (typeof params.uri != "undefined") {
      -1627             this.type = 'uri';
      -1628             v = new KJUR.asn1.DERIA5String({'str': params[this.type]});
      -1629         }
      -1630 		if (typeof params.certissuer != "undefined") {
      -1631 			this.type = 'dn';
      -1632 			this.explicit = true;
      -1633 			var certStr = params.certissuer;
      -1634 			var certHex = null;
      -1635 			if (certStr.match(/^[0-9A-Fa-f]+$/)) {
      -1636 				certHex == certStr;
      -1637             }
      -1638 		    if (certStr.indexOf("-----BEGIN ") != -1) {
      -1639 				certHex = X509.pemToHex(certStr);
      -1640 			}
      -1641 		    if (certHex == null) throw "certissuer param not cert";
      -1642 			var x = new X509();
      -1643 			x.hex = certHex;
      -1644 			var dnHex = x.getIssuerHex();
      -1645 			v = new KJUR.asn1.ASN1Object();
      -1646 			v.hTLV = dnHex;
      -1647 		}
      -1648 		if (typeof params.certsubj != "undefined") {
      -1649 			this.type = 'dn';
      -1650 			this.explicit = true;
      -1651 			var certStr = params.certsubj;
      -1652 			var certHex = null;
      -1653 			if (certStr.match(/^[0-9A-Fa-f]+$/)) {
      -1654 				certHex == certStr;
      -1655             }
      -1656 		    if (certStr.indexOf("-----BEGIN ") != -1) {
      -1657 				certHex = X509.pemToHex(certStr);
      -1658 			}
      -1659 		    if (certHex == null) throw "certsubj param not cert";
      -1660 			var x = new X509();
      -1661 			x.hex = certHex;
      -1662 			var dnHex = x.getSubjectHex();
      -1663 			v = new KJUR.asn1.ASN1Object();
      -1664 			v.hTLV = dnHex;
      -1665 		}
      +1484     this.setByAttrTypeAndValueStr = function(shortAttrType, valueStr) {
      +1485         this.typeObj = KJUR.asn1.x509.OID.atype2obj(shortAttrType);
      +1486         var dsType = defaultDSType;
      +1487         if (shortAttrType == "C") dsType = "prn";
      +1488         this.valueObj = this.getValueObj(dsType, valueStr);
      +1489     };
      +1490 
      +1491     this.getValueObj = function(dsType, valueStr) {
      +1492         if (dsType == "utf8")   return new KJUR.asn1.DERUTF8String({"str": valueStr});
      +1493         if (dsType == "prn")    return new KJUR.asn1.DERPrintableString({"str": valueStr});
      +1494         if (dsType == "tel")    return new KJUR.asn1.DERTeletexString({"str": valueStr});
      +1495         if (dsType == "ia5")    return new KJUR.asn1.DERIA5String({"str": valueStr});
      +1496         throw "unsupported directory string type: type=" + dsType + " value=" + valueStr;
      +1497     };
      +1498 
      +1499     this.getEncodedHex = function() {
      +1500         var o = new KJUR.asn1.DERSequence({"array": [this.typeObj, this.valueObj]});
      +1501         this.TLV = o.getEncodedHex();
      +1502         return this.TLV;
      +1503     };
      +1504 
      +1505     if (typeof params != "undefined") {
      +1506         if (typeof params['str'] != "undefined") {
      +1507             this.setByString(params['str']);
      +1508         }
      +1509     }
      +1510 };
      +1511 YAHOO.lang.extend(KJUR.asn1.x509.AttributeTypeAndValue, KJUR.asn1.ASN1Object);
      +1512 
      +1513 // === END   X500Name Related =================================================
      +1514 
      +1515 // === BEGIN Other ASN1 structure class  ======================================
      +1516 
      +1517 /**
      +1518  * SubjectPublicKeyInfo ASN.1 structure class
      +1519  * @name KJUR.asn1.x509.SubjectPublicKeyInfo
      +1520  * @class SubjectPublicKeyInfo ASN.1 structure class
      +1521  * @param {Object} params parameter for subject public key
      +1522  * @extends KJUR.asn1.ASN1Object
      +1523  * @description
      +1524  * <br/>
      +1525  * As for argument 'params' for constructor, you can specify one of
      +1526  * following properties:
      +1527  * <ul>
      +1528  * <li>{@link RSAKey} object</li>
      +1529  * <li>{@link KJUR.crypto.ECDSA} object</li>
      +1530  * <li>{@link KJUR.crypto.DSA} object</li>
      +1531  * <li>(DEPRECATED)rsakey - specify {@link RSAKey} object of subject public key</li>
      +1532  * <li>(DEPRECATED)rsapem - specify a string of PEM public key of RSA key</li>
      +1533  * </ul>
      +1534  * NOTE1: 'params' can be omitted.<br/>
      +1535  * NOTE2: DSA/ECDSA key object is also supported since asn1x509 1.0.6.<br/>
      +1536  * <h4>EXAMPLE</h4>
      +1537  * @example
      +1538  * var spki = new KJUR.asn1.x509.SubjectPublicKeyInfo(RSAKey_object);
      +1539  * var spki = new KJUR.asn1.x509.SubjectPublicKeyInfo(KJURcryptoECDSA_object);
      +1540  * var spki = new KJUR.asn1.x509.SubjectPublicKeyInfo(KJURcryptoDSA_object);
      +1541  */
      +1542 KJUR.asn1.x509.SubjectPublicKeyInfo = function(params) {
      +1543     KJUR.asn1.x509.SubjectPublicKeyInfo.superclass.constructor.call(this);
      +1544     var asn1AlgId = null;
      +1545     var asn1SubjPKey = null;
      +1546     var rsaKey = null;
      +1547 
      +1548     /**
      +1549      * (DEPRECATED) set RSAKey object as subject public key
      +1550      * @name setRSAKey
      +1551      * @memberOf KJUR.asn1.x509.SubjectPublicKeyInfo
      +1552      * @function
      +1553      * @param {RSAKey} rsaKey {@link RSAKey} object for RSA public key
      +1554      * @description
      +1555      * @deprecated
      +1556      * @example
      +1557      * spki.setRSAKey(rsaKey);
      +1558      */
      +1559     this.setRSAKey = function(rsaKey) {
      +1560         if (! RSAKey.prototype.isPrototypeOf(rsaKey))
      +1561             throw "argument is not RSAKey instance";
      +1562         this.rsaKey = rsaKey;
      +1563         var asn1RsaN = new KJUR.asn1.DERInteger({'bigint': rsaKey.n});
      +1564         var asn1RsaE = new KJUR.asn1.DERInteger({'int': rsaKey.e});
      +1565         var asn1RsaPub = new KJUR.asn1.DERSequence({'array': [asn1RsaN, asn1RsaE]});
      +1566         var rsaKeyHex = asn1RsaPub.getEncodedHex();
      +1567         this.asn1AlgId = new KJUR.asn1.x509.AlgorithmIdentifier({'name':'rsaEncryption'});
      +1568         this.asn1SubjPKey = new KJUR.asn1.DERBitString({'hex':'00'+rsaKeyHex});
      +1569     };
      +1570 
      +1571     /**
      +1572      * (DEPRECATED) set a PEM formatted RSA public key string as RSA public key
      +1573      * @name setRSAPEM
      +1574      * @memberOf KJUR.asn1.x509.SubjectPublicKeyInfo
      +1575      * @function
      +1576      * @param {String} rsaPubPEM PEM formatted RSA public key string
      +1577      * @deprecated
      +1578      * @description
      +1579      * @example
      +1580      * spki.setRSAPEM(rsaPubPEM);
      +1581      */
      +1582     this.setRSAPEM = function(rsaPubPEM) {
      +1583         if (rsaPubPEM.match(/-----BEGIN PUBLIC KEY-----/)) {
      +1584             var s = rsaPubPEM;
      +1585             s = s.replace(/^-----[^-]+-----/, '');
      +1586             s = s.replace(/-----[^-]+-----\s*$/, '');
      +1587             var rsaB64 = s.replace(/\s+/g, '');
      +1588             var rsaWA = CryptoJS.enc.Base64.parse(rsaB64);
      +1589             var rsaP8Hex = CryptoJS.enc.Hex.stringify(rsaWA);
      +1590             var a = _rsapem_getHexValueArrayOfChildrenFromHex(rsaP8Hex);
      +1591             var hBitStrVal = a[1];
      +1592             var rsaHex = hBitStrVal.substr(2);
      +1593             var a3 = _rsapem_getHexValueArrayOfChildrenFromHex(rsaHex);
      +1594             var rsaKey = new RSAKey();
      +1595             rsaKey.setPublic(a3[0], a3[1]);
      +1596             this.setRSAKey(rsaKey);
      +1597         } else {
      +1598             throw "key not supported";
      +1599         }
      +1600     };
      +1601 
      +1602     /*
      +1603      * @since asn1x509 1.0.7
      +1604      */
      +1605     this.getASN1Object = function() {
      +1606         if (this.asn1AlgId == null || this.asn1SubjPKey == null)
      +1607             throw "algId and/or subjPubKey not set";
      +1608         var o = new KJUR.asn1.DERSequence({'array':
      +1609                                            [this.asn1AlgId, this.asn1SubjPKey]});
      +1610         return o;
      +1611     };
      +1612 
      +1613     this.getEncodedHex = function() {
      +1614         var o = this.getASN1Object();
      +1615         this.hTLV = o.getEncodedHex();
      +1616         return this.hTLV;
      +1617     };
      +1618 
      +1619     this._setRSAKey = function(key) {
      +1620         var asn1RsaPub = KJUR.asn1.ASN1Util.newObject({
      +1621             'seq': [{'int': {'bigint': key.n}}, {'int': {'int': key.e}}]
      +1622         });
      +1623         var rsaKeyHex = asn1RsaPub.getEncodedHex();
      +1624         this.asn1AlgId = new KJUR.asn1.x509.AlgorithmIdentifier({'name':'rsaEncryption'});
      +1625         this.asn1SubjPKey = new KJUR.asn1.DERBitString({'hex':'00'+rsaKeyHex});
      +1626     };
      +1627 
      +1628     this._setEC = function(key) {
      +1629         var asn1Params = new KJUR.asn1.DERObjectIdentifier({'name': key.curveName});
      +1630         this.asn1AlgId =
      +1631             new KJUR.asn1.x509.AlgorithmIdentifier({'name': 'ecPublicKey',
      +1632                                                     'asn1params': asn1Params});
      +1633         this.asn1SubjPKey = new KJUR.asn1.DERBitString({'hex': '00' + key.pubKeyHex});
      +1634     };
      +1635 
      +1636     this._setDSA = function(key) {
      +1637         var asn1Params = new KJUR.asn1.ASN1Util.newObject({
      +1638             'seq': [{'int': {'bigint': key.p}},
      +1639                     {'int': {'bigint': key.q}},
      +1640                     {'int': {'bigint': key.g}}]
      +1641         });
      +1642         this.asn1AlgId =
      +1643             new KJUR.asn1.x509.AlgorithmIdentifier({'name': 'dsa',
      +1644                                                     'asn1params': asn1Params});
      +1645         var pubInt = new KJUR.asn1.DERInteger({'bigint': key.y});
      +1646         this.asn1SubjPKey = new KJUR.asn1.DERBitString({'hex': '00' + pubInt.getEncodedHex()});
      +1647     };
      +1648 
      +1649     if (typeof params != "undefined") {
      +1650         if (typeof RSAKey != 'undefined' && params instanceof RSAKey) {
      +1651             this._setRSAKey(params);
      +1652         } else if (typeof KJUR.crypto.ECDSA != 'undefined' &&
      +1653                    params instanceof KJUR.crypto.ECDSA) {
      +1654             this._setEC(params);
      +1655         } else if (typeof KJUR.crypto.DSA != 'undefined' &&
      +1656                    params instanceof KJUR.crypto.DSA) {
      +1657             this._setDSA(params);
      +1658         } else if (typeof params['rsakey'] != "undefined") {
      +1659             this.setRSAKey(params['rsakey']);
      +1660         } else if (typeof params['rsapem'] != "undefined") {
      +1661             this.setRSAPEM(params['rsapem']);
      +1662         }
      +1663     }
      +1664 };
      +1665 YAHOO.lang.extend(KJUR.asn1.x509.SubjectPublicKeyInfo, KJUR.asn1.ASN1Object);
       1666 
      -1667         if (this.type == null)
      -1668             throw "unsupported type in params=" + params;
      -1669         this.asn1Obj = new KJUR.asn1.DERTaggedObject({'explicit': this.explicit,
      -1670                                                       'tag': pTag[this.type],
      -1671                                                       'obj': v});
      -1672     };
      -1673 
      -1674     this.getEncodedHex = function() {
      -1675         return this.asn1Obj.getEncodedHex();
      -1676     }
      -1677 
      -1678     if (typeof params != "undefined") {
      -1679         this.setByParam(params);
      -1680     }
      -1681 
      -1682 };
      -1683 YAHOO.lang.extend(KJUR.asn1.x509.GeneralName, KJUR.asn1.ASN1Object);
      +1667 /**
      +1668  * Time ASN.1 structure class
      +1669  * @name KJUR.asn1.x509.Time
      +1670  * @class Time ASN.1 structure class
      +1671  * @param {Array} params associative array of parameters (ex. {'str': '130508235959Z'})
      +1672  * @extends KJUR.asn1.ASN1Object
      +1673  * @description
      +1674  * <br/>
      +1675  * <h4>EXAMPLES</h4>
      +1676  * @example
      +1677  * var t1 = new KJUR.asn1.x509.Time{'str': '130508235959Z'} // UTCTime by default
      +1678  * var t2 = new KJUR.asn1.x509.Time{'type': 'gen',  'str': '20130508235959Z'} // GeneralizedTime
      +1679  */
      +1680 KJUR.asn1.x509.Time = function(params) {
      +1681     KJUR.asn1.x509.Time.superclass.constructor.call(this);
      +1682     var type = null;
      +1683     var timeParams = null;
       1684 
      -1685 /**
      -1686  * GeneralNames ASN.1 structure class
      -1687  * @name KJUR.asn1.x509.GeneralNames
      -1688  * @class GeneralNames ASN.1 structure class
      -1689  * @description
      -1690  * <br/>
      -1691  * <h4>EXAMPLE AND ASN.1 SYNTAX</h4>
      -1692  * @example
      -1693  * var gns = new KJUR.asn1.x509.GeneralNames([{'uri': 'http://aaa.com/'}, {'uri': 'http://bbb.com/'}]); 
      -1694  *
      -1695  * GeneralNames ::= SEQUENCE SIZE (1..MAX) OF GeneralName
      -1696  */
      -1697 KJUR.asn1.x509.GeneralNames = function(paramsArray) {
      -1698     KJUR.asn1.x509.GeneralNames.superclass.constructor.call(this);
      -1699     var asn1Array = null;
      -1700 
      -1701     /**
      -1702      * set a array of {@link KJUR.asn1.x509.GeneralName} parameters
      -1703      * @name setByParamArray
      -1704      * @memberOf KJUR.asn1.x509.GeneralNames
      -1705      * @function
      -1706      * @param {Array} paramsArray Array of {@link KJUR.asn1.x509.GeneralNames}
      -1707      * @description
      -1708      * <br/>
      -1709      * <h4>EXAMPLES</h4>
      -1710      * @example
      -1711      * var gns = new KJUR.asn1.x509.GeneralNames();
      -1712      * gns.setByParamArray([{'uri': 'http://aaa.com/'}, {'uri': 'http://bbb.com/'}]);
      -1713      */
      -1714     this.setByParamArray = function(paramsArray) {
      -1715         for (var i = 0; i < paramsArray.length; i++) {
      -1716             var o = new KJUR.asn1.x509.GeneralName(paramsArray[i]);
      -1717             this.asn1Array.push(o);
      +1685     this.setTimeParams = function(timeParams) {
      +1686         this.timeParams = timeParams;
      +1687     }
      +1688 
      +1689     this.getEncodedHex = function() {
      +1690         var o = null;
      +1691 
      +1692         if (this.timeParams != null) {
      +1693             if (this.type == "utc") {
      +1694                 o = new KJUR.asn1.DERUTCTime(this.timeParams);
      +1695             } else {
      +1696                 o = new KJUR.asn1.DERGeneralizedTime(this.timeParams);
      +1697             }
      +1698         } else {
      +1699             if (this.type == "utc") {
      +1700                 o = new KJUR.asn1.DERUTCTime();
      +1701             } else {
      +1702                 o = new KJUR.asn1.DERGeneralizedTime();
      +1703             }
      +1704         }
      +1705         this.TLV = o.getEncodedHex();
      +1706         return this.TLV;
      +1707     };
      +1708 
      +1709     this.type = "utc";
      +1710     if (typeof params != "undefined") {
      +1711         if (typeof params.type != "undefined") {
      +1712             this.type = params.type;
      +1713         } else {
      +1714             if (typeof params.str != "undefined") {
      +1715                 if (params.str.match(/^[0-9]{12}Z$/)) this.type = "utc";
      +1716                 if (params.str.match(/^[0-9]{14}Z$/)) this.type = "gen";
      +1717             }
       1718         }
      -1719     };
      -1720 
      -1721     this.getEncodedHex = function() {
      -1722         var o = new KJUR.asn1.DERSequence({'array': this.asn1Array});
      -1723         return o.getEncodedHex();
      -1724     };
      -1725 
      -1726     this.asn1Array = new Array();
      -1727     if (typeof paramsArray != "undefined") {
      -1728         this.setByParamArray(paramsArray);
      -1729     }
      -1730 };
      -1731 YAHOO.lang.extend(KJUR.asn1.x509.GeneralNames, KJUR.asn1.ASN1Object);
      -1732 
      -1733 /**
      -1734  * DistributionPointName ASN.1 structure class
      -1735  * @name KJUR.asn1.x509.DistributionPointName
      -1736  * @class DistributionPointName ASN.1 structure class
      -1737  * @description
      -1738  * @example
      -1739  */
      -1740 KJUR.asn1.x509.DistributionPointName = function(gnOrRdn) {
      -1741     KJUR.asn1.x509.DistributionPointName.superclass.constructor.call(this);
      -1742     var asn1Obj = null;
      -1743     var type = null;
      -1744     var tag = null;
      -1745     var asn1V = null;
      -1746 
      -1747     this.getEncodedHex = function() {
      -1748         if (this.type != "full")
      -1749             throw "currently type shall be 'full': " + this.type;
      -1750         this.asn1Obj = new KJUR.asn1.DERTaggedObject({'explicit': false,
      -1751                                                       'tag': this.tag,
      -1752                                                       'obj': this.asn1V});
      -1753         this.hTLV = this.asn1Obj.getEncodedHex();
      -1754         return this.hTLV;
      -1755     };
      -1756 
      -1757     if (typeof gnOrRdn != "undefined") {
      -1758         if (KJUR.asn1.x509.GeneralNames.prototype.isPrototypeOf(gnOrRdn)) {
      -1759             this.type = "full";
      -1760             this.tag = "a0";
      -1761             this.asn1V = gnOrRdn;
      -1762         } else {
      -1763             throw "This class supports GeneralNames only as argument";
      +1719         this.timeParams = params;
      +1720     }
      +1721 };
      +1722 YAHOO.lang.extend(KJUR.asn1.x509.Time, KJUR.asn1.ASN1Object);
      +1723 
      +1724 /**
      +1725  * AlgorithmIdentifier ASN.1 structure class
      +1726  * @name KJUR.asn1.x509.AlgorithmIdentifier
      +1727  * @class AlgorithmIdentifier ASN.1 structure class
      +1728  * @param {Array} params associative array of parameters (ex. {'name': 'SHA1withRSA'})
      +1729  * @extends KJUR.asn1.ASN1Object
      +1730  * @description
      +1731  * @example
      +1732  * algId1 = new KJUR.asn1.x509.AlgorithmIdentifier({name: "sha1"});
      +1733  */
      +1734 KJUR.asn1.x509.AlgorithmIdentifier = function(params) {
      +1735     KJUR.asn1.x509.AlgorithmIdentifier.superclass.constructor.call(this);
      +1736     var nameAlg = null;
      +1737     var asn1Alg = null;
      +1738     var asn1Params = null;
      +1739     var paramEmpty = false;
      +1740 
      +1741     this.getEncodedHex = function() {
      +1742         if (this.nameAlg == null && this.asn1Alg == null) {
      +1743             throw "algorithm not specified";
      +1744         }
      +1745         if (this.nameAlg != null && this.asn1Alg == null) {
      +1746             this.asn1Alg = KJUR.asn1.x509.OID.name2obj(this.nameAlg);
      +1747         }
      +1748         var a = [this.asn1Alg];
      +1749         if (! this.paramEmpty) a.push(this.asn1Params);
      +1750         var o = new KJUR.asn1.DERSequence({'array': a});
      +1751         this.hTLV = o.getEncodedHex();
      +1752         return this.hTLV;
      +1753     };
      +1754 
      +1755     if (typeof params != "undefined") {
      +1756         if (typeof params['name'] != "undefined") {
      +1757             this.nameAlg = params['name'];
      +1758         }
      +1759         if (typeof params['asn1params'] != "undefined") {
      +1760             this.asn1Params = params['asn1params'];
      +1761         }
      +1762         if (typeof params['paramempty'] != "undefined") {
      +1763             this.paramEmpty = params['paramempty'];
       1764         }
       1765     }
      -1766 };
      -1767 YAHOO.lang.extend(KJUR.asn1.x509.DistributionPointName, KJUR.asn1.ASN1Object);
      -1768 
      -1769 /**
      -1770  * DistributionPoint ASN.1 structure class
      -1771  * @name KJUR.asn1.x509.DistributionPoint
      -1772  * @class DistributionPoint ASN.1 structure class
      -1773  * @description
      -1774  * @example
      -1775  */
      -1776 KJUR.asn1.x509.DistributionPoint = function(params) {
      -1777     KJUR.asn1.x509.DistributionPoint.superclass.constructor.call(this);
      -1778     var asn1DP = null;
      -1779 
      -1780     this.getEncodedHex = function() {
      -1781         var seq = new KJUR.asn1.DERSequence();
      -1782         if (this.asn1DP != null) {
      -1783             var o1 = new KJUR.asn1.DERTaggedObject({'explicit': true,
      -1784                                                     'tag': 'a0',
      -1785                                                     'obj': this.asn1DP});
      -1786             seq.appendASN1Object(o1);
      -1787         }
      -1788         this.hTLV = seq.getEncodedHex();
      -1789         return this.hTLV;
      -1790     };
      -1791 
      -1792     if (typeof params != "undefined") {
      -1793         if (typeof params['dpobj'] != "undefined") {
      -1794             this.asn1DP = params['dpobj'];
      -1795         }
      -1796     }
      -1797 };
      -1798 YAHOO.lang.extend(KJUR.asn1.x509.DistributionPoint, KJUR.asn1.ASN1Object);
      -1799 
      -1800 /**
      -1801  * static object for OID
      -1802  * @name KJUR.asn1.x509.OID
      -1803  * @class static object for OID
      -1804  * @property {Assoc Array} atype2oidList for short attribyte type name and oid (i.e. 'C' and '2.5.4.6')
      -1805  * @property {Assoc Array} name2oidList for oid name and oid (i.e. 'keyUsage' and '2.5.29.15')
      -1806  * @property {Assoc Array} objCache for caching name and DERObjectIdentifier object 
      -1807  * @description
      -1808  * <dl>
      -1809  * <dt><b>atype2oidList</b>
      -1810  * <dd>currently supports 'C', 'O', 'OU', 'ST', 'L' and 'CN' only.
      -1811  * <dt><b>name2oidList</b>
      -1812  * <dd>currently supports 'SHA1withRSA', 'rsaEncryption' and some extension OIDs
      -1813  * </dl>
      -1814  * @example
      -1815  */
      -1816 KJUR.asn1.x509.OID = new function(params) {
      -1817     this.atype2oidList = {
      -1818         'C':    '2.5.4.6',
      -1819         'O':    '2.5.4.10',
      -1820         'OU':   '2.5.4.11',
      -1821         'ST':   '2.5.4.8',
      -1822         'L':    '2.5.4.7',
      -1823         'CN':   '2.5.4.3',
      -1824         'SN':   '2.5.4.4',
      -1825         'DN':   '2.5.4.49',
      -1826         'DC':   '0.9.2342.19200300.100.1.25',
      -1827     };
      -1828     this.name2oidList = {
      -1829         'sha1':                 '1.3.14.3.2.26',
      -1830         'sha256':               '2.16.840.1.101.3.4.2.1',
      -1831         'sha384':               '2.16.840.1.101.3.4.2.2',
      -1832         'sha512':               '2.16.840.1.101.3.4.2.3',
      -1833         'sha224':               '2.16.840.1.101.3.4.2.4',
      -1834         'md5':                  '1.2.840.113549.2.5',
      -1835         'md2':                  '1.3.14.7.2.2.1',
      -1836         'ripemd160':            '1.3.36.3.2.1',
      -1837 
      -1838         'MD2withRSA':           '1.2.840.113549.1.1.2',
      -1839         'MD4withRSA':           '1.2.840.113549.1.1.3',
      -1840         'MD5withRSA':           '1.2.840.113549.1.1.4',
      -1841         'SHA1withRSA':          '1.2.840.113549.1.1.5',
      -1842         'SHA224withRSA':        '1.2.840.113549.1.1.14',
      -1843         'SHA256withRSA':        '1.2.840.113549.1.1.11',
      -1844         'SHA384withRSA':        '1.2.840.113549.1.1.12',
      -1845         'SHA512withRSA':        '1.2.840.113549.1.1.13',
      -1846 
      -1847         'SHA1withECDSA':        '1.2.840.10045.4.1',
      -1848         'SHA224withECDSA':      '1.2.840.10045.4.3.1',
      -1849         'SHA256withECDSA':      '1.2.840.10045.4.3.2',
      -1850         'SHA384withECDSA':      '1.2.840.10045.4.3.3',
      -1851         'SHA512withECDSA':      '1.2.840.10045.4.3.4',
      -1852 
      -1853         'dsa':                  '1.2.840.10040.4.1',
      -1854         'SHA1withDSA':          '1.2.840.10040.4.3',
      -1855         'SHA224withDSA':        '2.16.840.1.101.3.4.3.1',
      -1856         'SHA256withDSA':        '2.16.840.1.101.3.4.3.2',
      -1857 
      -1858         'rsaEncryption':        '1.2.840.113549.1.1.1',
      -1859 
      -1860         'countryName':          '2.5.4.6',
      -1861         'organization':         '2.5.4.10',
      -1862         'organizationalUnit':   '2.5.4.11',
      -1863         'stateOrProvinceName':  '2.5.4.8',
      -1864         'locality':             '2.5.4.7',
      -1865         'commonName':           '2.5.4.3',
      -1866 
      -1867         'subjectKeyIdentifier': '2.5.29.14',
      -1868         'keyUsage':             '2.5.29.15',
      -1869         'subjectAltName':       '2.5.29.17',
      -1870         'basicConstraints':     '2.5.29.19',
      -1871         'nameConstraints':      '2.5.29.30',
      -1872         'cRLDistributionPoints':'2.5.29.31',
      -1873         'certificatePolicies':  '2.5.29.32',
      -1874         'authorityKeyIdentifier':'2.5.29.35',
      -1875         'policyConstraints':    '2.5.29.36',
      -1876         'extKeyUsage':          '2.5.29.37',
      -1877 	'authorityInfoAccess':  '1.3.6.1.5.5.7.1.1',
      -1878 
      -1879         'anyExtendedKeyUsage':  '2.5.29.37.0',
      -1880         'serverAuth':           '1.3.6.1.5.5.7.3.1',
      -1881         'clientAuth':           '1.3.6.1.5.5.7.3.2',
      -1882         'codeSigning':          '1.3.6.1.5.5.7.3.3',
      -1883         'emailProtection':      '1.3.6.1.5.5.7.3.4',
      -1884         'timeStamping':         '1.3.6.1.5.5.7.3.8',
      -1885         'ocspSigning':          '1.3.6.1.5.5.7.3.9',
      -1886 
      -1887         'ecPublicKey':          '1.2.840.10045.2.1',
      -1888         'secp256r1':            '1.2.840.10045.3.1.7',
      -1889         'secp256k1':            '1.3.132.0.10',
      -1890         'secp384r1':            '1.3.132.0.34',
      -1891 
      -1892         'pkcs5PBES2':           '1.2.840.113549.1.5.13',
      -1893         'pkcs5PBKDF2':          '1.2.840.113549.1.5.12',
      -1894 
      -1895         'des-EDE3-CBC':         '1.2.840.113549.3.7',
      -1896 
      -1897         'data':                 '1.2.840.113549.1.7.1', // CMS data
      -1898         'signed-data':          '1.2.840.113549.1.7.2', // CMS signed-data
      -1899         'enveloped-data':       '1.2.840.113549.1.7.3', // CMS enveloped-data
      -1900         'digested-data':        '1.2.840.113549.1.7.5', // CMS digested-data
      -1901         'encrypted-data':       '1.2.840.113549.1.7.6', // CMS encrypted-data
      -1902         'authenticated-data':   '1.2.840.113549.1.9.16.1.2', // CMS authenticated-data
      -1903         'tstinfo':              '1.2.840.113549.1.9.16.1.4', // RFC3161 TSTInfo
      -1904     };
      -1905 
      -1906     this.objCache = {};
      -1907 
      -1908     /**
      -1909      * get DERObjectIdentifier by registered OID name
      -1910      * @name name2obj
      -1911      * @memberOf KJUR.asn1.x509.OID
      -1912      * @function
      -1913      * @param {String} name OID
      -1914      * @description
      -1915      * @example
      -1916      * var asn1ObjOID = OID.name2obj('SHA1withRSA');
      -1917      */
      -1918     this.name2obj = function(name) {
      -1919         if (typeof this.objCache[name] != "undefined")
      -1920             return this.objCache[name];
      -1921         if (typeof this.name2oidList[name] == "undefined")
      -1922             throw "Name of ObjectIdentifier not defined: " + name;
      -1923         var oid = this.name2oidList[name];
      -1924         var obj = new KJUR.asn1.DERObjectIdentifier({'oid': oid});
      -1925         this.objCache[name] = obj;
      -1926         return obj;
      +1766     if (this.asn1Params == null) {
      +1767         this.asn1Params = new KJUR.asn1.DERNull();
      +1768     }
      +1769 };
      +1770 YAHOO.lang.extend(KJUR.asn1.x509.AlgorithmIdentifier, KJUR.asn1.ASN1Object);
      +1771 
      +1772 /**
      +1773  * GeneralName ASN.1 structure class
      +1774  * @name KJUR.asn1.x509.GeneralName
      +1775  * @class GeneralName ASN.1 structure class
      +1776  * @description
      +1777  * <br/>
      +1778  * As for argument 'params' for constructor, you can specify one of
      +1779  * following properties:
      +1780  * <ul>
      +1781  * <li>rfc822 - rfc822Name[1] (ex. user1@foo.com)</li>
      +1782  * <li>dns - dNSName[2] (ex. foo.com)</li>
      +1783  * <li>uri - uniformResourceIdentifier[6] (ex. http://foo.com/)</li>
      +1784  * <li>certissuer - directoryName[4] (PEM or hex string of cert)</li>
      +1785  * <li>certsubj - directoryName[4] (PEM or hex string of cert)</li>
      +1786  * </ul>
      +1787  * NOTE1: certissuer and certsubj is supported since asn1x509 1.0.10.
      +1788  *
      +1789  * Here is definition of the ASN.1 syntax:
      +1790  * <pre>
      +1791  * -- NOTE: under the CHOICE, it will always be explicit.
      +1792  * GeneralName ::= CHOICE {
      +1793  *         otherName                       [0]     OtherName,
      +1794  *         rfc822Name                      [1]     IA5String,
      +1795  *         dNSName                         [2]     IA5String,
      +1796  *         x400Address                     [3]     ORAddress,
      +1797  *         directoryName                   [4]     Name,
      +1798  *         ediPartyName                    [5]     EDIPartyName,
      +1799  *         uniformResourceIdentifier       [6]     IA5String,
      +1800  *         iPAddress                       [7]     OCTET STRING,
      +1801  *         registeredID                    [8]     OBJECT IDENTIFIER }
      +1802  * </pre>
      +1803  *
      +1804  *
      +1805  *
      +1806  * @example
      +1807  * gn = new KJUR.asn1.x509.GeneralName({rfc822:      'test@aaa.com'});
      +1808  * gn = new KJUR.asn1.x509.GeneralName({dns:         'aaa.com'});
      +1809  * gn = new KJUR.asn1.x509.GeneralName({uri:         'http://aaa.com/'});
      +1810  * gn = new KJUR.asn1.x509.GeneralName({certissuer:  certPEM});
      +1811  * gn = new KJUR.asn1.x509.GeneralName({certsubj:    certPEM});
      +1812  */
      +1813 KJUR.asn1.x509.GeneralName = function(params) {
      +1814     KJUR.asn1.x509.GeneralName.superclass.constructor.call(this);
      +1815     var asn1Obj = null;
      +1816     var type = null;
      +1817     var pTag = {rfc822: '81', dns: '82', dn: 'a4',  uri: '86'};
      +1818     this.explicit = false;
      +1819 
      +1820     this.setByParam = function(params) {
      +1821         var str = null;
      +1822         var v = null;
      +1823 
      +1824 		if (typeof params == "undefined") return;
      +1825 
      +1826         if (typeof params.rfc822 != "undefined") {
      +1827             this.type = 'rfc822';
      +1828             v = new KJUR.asn1.DERIA5String({'str': params[this.type]});
      +1829         }
      +1830         if (typeof params.dns != "undefined") {
      +1831             this.type = 'dns';
      +1832             v = new KJUR.asn1.DERIA5String({'str': params[this.type]});
      +1833         }
      +1834         if (typeof params.uri != "undefined") {
      +1835             this.type = 'uri';
      +1836             v = new KJUR.asn1.DERIA5String({'str': params[this.type]});
      +1837         }
      +1838 		if (typeof params.certissuer != "undefined") {
      +1839 			this.type = 'dn';
      +1840 			this.explicit = true;
      +1841 			var certStr = params.certissuer;
      +1842 			var certHex = null;
      +1843 			if (certStr.match(/^[0-9A-Fa-f]+$/)) {
      +1844 				certHex == certStr;
      +1845             }
      +1846 		    if (certStr.indexOf("-----BEGIN ") != -1) {
      +1847 				certHex = X509.pemToHex(certStr);
      +1848 			}
      +1849 		    if (certHex == null) throw "certissuer param not cert";
      +1850 			var x = new X509();
      +1851 			x.hex = certHex;
      +1852 			var dnHex = x.getIssuerHex();
      +1853 			v = new KJUR.asn1.ASN1Object();
      +1854 			v.hTLV = dnHex;
      +1855 		}
      +1856 		if (typeof params.certsubj != "undefined") {
      +1857 			this.type = 'dn';
      +1858 			this.explicit = true;
      +1859 			var certStr = params.certsubj;
      +1860 			var certHex = null;
      +1861 			if (certStr.match(/^[0-9A-Fa-f]+$/)) {
      +1862 				certHex == certStr;
      +1863             }
      +1864 		    if (certStr.indexOf("-----BEGIN ") != -1) {
      +1865 				certHex = X509.pemToHex(certStr);
      +1866 			}
      +1867 		    if (certHex == null) throw "certsubj param not cert";
      +1868 			var x = new X509();
      +1869 			x.hex = certHex;
      +1870 			var dnHex = x.getSubjectHex();
      +1871 			v = new KJUR.asn1.ASN1Object();
      +1872 			v.hTLV = dnHex;
      +1873 		}
      +1874 
      +1875         if (this.type == null)
      +1876             throw "unsupported type in params=" + params;
      +1877         this.asn1Obj = new KJUR.asn1.DERTaggedObject({'explicit': this.explicit,
      +1878                                                       'tag': pTag[this.type],
      +1879                                                       'obj': v});
      +1880     };
      +1881 
      +1882     this.getEncodedHex = function() {
      +1883         return this.asn1Obj.getEncodedHex();
      +1884     }
      +1885 
      +1886     if (typeof params != "undefined") {
      +1887         this.setByParam(params);
      +1888     }
      +1889 
      +1890 };
      +1891 YAHOO.lang.extend(KJUR.asn1.x509.GeneralName, KJUR.asn1.ASN1Object);
      +1892 
      +1893 /**
      +1894  * GeneralNames ASN.1 structure class
      +1895  * @name KJUR.asn1.x509.GeneralNames
      +1896  * @class GeneralNames ASN.1 structure class
      +1897  * @description
      +1898  * <br/>
      +1899  * <h4>EXAMPLE AND ASN.1 SYNTAX</h4>
      +1900  * @example
      +1901  * var gns = new KJUR.asn1.x509.GeneralNames([{'uri': 'http://aaa.com/'}, {'uri': 'http://bbb.com/'}]);
      +1902  *
      +1903  * GeneralNames ::= SEQUENCE SIZE (1..MAX) OF GeneralName
      +1904  */
      +1905 KJUR.asn1.x509.GeneralNames = function(paramsArray) {
      +1906     KJUR.asn1.x509.GeneralNames.superclass.constructor.call(this);
      +1907     var asn1Array = null;
      +1908 
      +1909     /**
      +1910      * set a array of {@link KJUR.asn1.x509.GeneralName} parameters
      +1911      * @name setByParamArray
      +1912      * @memberOf KJUR.asn1.x509.GeneralNames
      +1913      * @function
      +1914      * @param {Array} paramsArray Array of {@link KJUR.asn1.x509.GeneralNames}
      +1915      * @description
      +1916      * <br/>
      +1917      * <h4>EXAMPLES</h4>
      +1918      * @example
      +1919      * var gns = new KJUR.asn1.x509.GeneralNames();
      +1920      * gns.setByParamArray([{'uri': 'http://aaa.com/'}, {'uri': 'http://bbb.com/'}]);
      +1921      */
      +1922     this.setByParamArray = function(paramsArray) {
      +1923         for (var i = 0; i < paramsArray.length; i++) {
      +1924             var o = new KJUR.asn1.x509.GeneralName(paramsArray[i]);
      +1925             this.asn1Array.push(o);
      +1926         }
       1927     };
       1928 
      -1929     /**
      -1930      * get DERObjectIdentifier by registered attribyte type name such like 'C' or 'CN'
      -1931      * @name atype2obj
      -1932      * @memberOf KJUR.asn1.x509.OID
      -1933      * @function
      -1934      * @param {String} atype short attribute type name such like 'C' or 'CN'
      -1935      * @description
      -1936      * @example
      -1937      * var asn1ObjOID = OID.atype2obj('CN');
      -1938      */
      -1939     this.atype2obj = function(atype) {
      -1940         if (typeof this.objCache[atype] != "undefined")
      -1941             return this.objCache[atype];
      -1942         if (typeof this.atype2oidList[atype] == "undefined")
      -1943             throw "AttributeType name undefined: " + atype;
      -1944         var oid = this.atype2oidList[atype];
      -1945         var obj = new KJUR.asn1.DERObjectIdentifier({'oid': oid});
      -1946         this.objCache[atype] = obj;
      -1947         return obj;
      -1948     };
      -1949 };
      -1950 
      -1951 /*
      -1952  * convert OID to name
      -1953  * @name oid2name
      -1954  * @memberOf KJUR.asn1.x509.OID
      -1955  * @function
      -1956  * @param {String} dot noted Object Identifer string (ex. 1.2.3.4)
      -1957  * @return {String} OID name
      -1958  * @description
      -1959  * This static method converts OID string to its name.
      -1960  * If OID is undefined then it returns empty string (i.e. '').
      -1961  * @example
      -1962  * name = KJUR.asn1.x509.OID.oid2name("1.3.6.1.5.5.7.1.1");
      -1963  * // name will be 'authorityInfoAccess'.
      -1964  * @since asn1x509 1.0.9
      -1965  */
      -1966 KJUR.asn1.x509.OID.oid2name = function(oid) {
      -1967     var list = KJUR.asn1.x509.OID.name2oidList;
      -1968     for (var name in list) {
      -1969         if (list[name] == oid) return name;
      -1970     }
      -1971     return '';
      -1972 };
      -1973 
      -1974 /*
      -1975  * convert name to OID
      -1976  * @name name2oid
      -1977  * @memberOf KJUR.asn1.x509.OID
      -1978  * @function
      -1979  * @param {String} OID name
      -1980  * @return {String} dot noted Object Identifer string (ex. 1.2.3.4)
      +1929     this.getEncodedHex = function() {
      +1930         var o = new KJUR.asn1.DERSequence({'array': this.asn1Array});
      +1931         return o.getEncodedHex();
      +1932     };
      +1933 
      +1934     this.asn1Array = new Array();
      +1935     if (typeof paramsArray != "undefined") {
      +1936         this.setByParamArray(paramsArray);
      +1937     }
      +1938 };
      +1939 YAHOO.lang.extend(KJUR.asn1.x509.GeneralNames, KJUR.asn1.ASN1Object);
      +1940 
      +1941 /**
      +1942  * DistributionPointName ASN.1 structure class
      +1943  * @name KJUR.asn1.x509.DistributionPointName
      +1944  * @class DistributionPointName ASN.1 structure class
      +1945  * @description
      +1946  * @example
      +1947  */
      +1948 KJUR.asn1.x509.DistributionPointName = function(gnOrRdn) {
      +1949     KJUR.asn1.x509.DistributionPointName.superclass.constructor.call(this);
      +1950     var asn1Obj = null;
      +1951     var type = null;
      +1952     var tag = null;
      +1953     var asn1V = null;
      +1954 
      +1955     this.getEncodedHex = function() {
      +1956         if (this.type != "full")
      +1957             throw "currently type shall be 'full': " + this.type;
      +1958         this.asn1Obj = new KJUR.asn1.DERTaggedObject({'explicit': false,
      +1959                                                       'tag': this.tag,
      +1960                                                       'obj': this.asn1V});
      +1961         this.hTLV = this.asn1Obj.getEncodedHex();
      +1962         return this.hTLV;
      +1963     };
      +1964 
      +1965     if (typeof gnOrRdn != "undefined") {
      +1966         if (KJUR.asn1.x509.GeneralNames.prototype.isPrototypeOf(gnOrRdn)) {
      +1967             this.type = "full";
      +1968             this.tag = "a0";
      +1969             this.asn1V = gnOrRdn;
      +1970         } else {
      +1971             throw "This class supports GeneralNames only as argument";
      +1972         }
      +1973     }
      +1974 };
      +1975 YAHOO.lang.extend(KJUR.asn1.x509.DistributionPointName, KJUR.asn1.ASN1Object);
      +1976 
      +1977 /**
      +1978  * DistributionPoint ASN.1 structure class
      +1979  * @name KJUR.asn1.x509.DistributionPoint
      +1980  * @class DistributionPoint ASN.1 structure class
       1981  * @description
      -1982  * This static method converts from OID name to OID string.
      -1983  * If OID is undefined then it returns empty string (i.e. '').
      -1984  * @example
      -1985  * name = KJUR.asn1.x509.OID.name2oid("authorityInfoAccess");
      -1986  * // name will be '1.3.6.1.5.5.7.1.1'.
      -1987  * @since asn1x509 1.0.11
      -1988  */
      -1989 KJUR.asn1.x509.OID.name2oid = function(name) {
      -1990     var list = KJUR.asn1.x509.OID.name2oidList;
      -1991     if (list[name] === undefined) return '';
      -1992     return list[name];
      -1993 };
      -1994 
      -1995 /**
      -1996  * X.509 certificate and CRL utilities class
      -1997  * @name KJUR.asn1.x509.X509Util
      -1998  * @class X.509 certificate and CRL utilities class
      -1999  */
      -2000 KJUR.asn1.x509.X509Util = new function() {
      -2001     /**
      -2002      * get PKCS#8 PEM public key string from RSAKey object
      -2003      * @name getPKCS8PubKeyPEMfromRSAKey
      -2004      * @memberOf KJUR.asn1.x509.X509Util
      -2005      * @function
      -2006      * @param {RSAKey} rsaKey RSA public key of {@link RSAKey} object
      -2007      * @description
      -2008      * @example
      -2009      * var pem = KJUR.asn1.x509.X509Util.getPKCS8PubKeyPEMfromRSAKey(pubKey);
      -2010      */
      -2011     this.getPKCS8PubKeyPEMfromRSAKey = function(rsaKey) {
      -2012         var pem = null;
      -2013         var hN = KJUR.asn1.ASN1Util.bigIntToMinTwosComplementsHex(rsaKey.n);
      -2014         var hE = KJUR.asn1.ASN1Util.integerToByteHex(rsaKey.e);
      -2015         var iN = new KJUR.asn1.DERInteger({hex: hN});
      -2016         var iE = new KJUR.asn1.DERInteger({hex: hE});
      -2017         var asn1PubKey = new KJUR.asn1.DERSequence({array: [iN, iE]});
      -2018         var hPubKey = asn1PubKey.getEncodedHex();
      -2019         var o1 = new KJUR.asn1.x509.AlgorithmIdentifier({name: 'rsaEncryption'});
      -2020         var o2 = new KJUR.asn1.DERBitString({hex: '00' + hPubKey});
      -2021         var seq = new KJUR.asn1.DERSequence({array: [o1, o2]});
      -2022         var hP8 = seq.getEncodedHex();
      -2023         var pem = KJUR.asn1.ASN1Util.getPEMStringFromHex(hP8, "PUBLIC KEY");
      -2024         return pem;
      -2025     };
      -2026 };
      -2027 /**
      -2028  * issue a certificate in PEM format
      -2029  * @name newCertPEM
      -2030  * @memberOf KJUR.asn1.x509.X509Util
      -2031  * @function
      -2032  * @param {Array} param parameter to issue a certificate
      -2033  * @since asn1x509 1.0.6
      -2034  * @description
      -2035  * This method can issue a certificate by a simple
      -2036  * JSON object.
      -2037  * Signature value will be provided by signing with 
      -2038  * private key using 'cakey' parameter or 
      -2039  * hexa decimal signature value by 'sighex' parameter.
      -2040  *
      -2041  * NOTE: When using DSA or ECDSA CA signing key,
      -2042  * use 'paramempty' in 'sigalg' to ommit parameter field
      -2043  * of AlgorithmIdentifer. In case of RSA, parameter
      -2044  * NULL will be specified by default.
      -2045  *
      -2046  * @example
      -2047  * var certPEM = KJUR.asn1.x509.X509Util.newCertPEM(
      -2048  * { serial: {int: 4},
      -2049  *   sigalg: {name: 'SHA1withECDSA', paramempty: true},
      -2050  *   issuer: {str: '/C=US/O=a'},
      -2051  *   notbefore: {'str': '130504235959Z'},
      -2052  *   notafter: {'str': '140504235959Z'},
      -2053  *   subject: {str: '/C=US/O=b'},
      -2054  *   sbjpubkey: pubKeyPEM,
      -2055  *   ext: [
      -2056  *     {basicConstraints: {cA: true, critical: true}},
      -2057  *     {keyUsage: {bin: '11'}},
      -2058  *   ],
      -2059  *   cakey: [prvkey, pass]}
      -2060  * );
      -2061  * // -- or --
      -2062  * var certPEM = KJUR.asn1.x509.X509Util.newCertPEM(
      -2063  * { serial: {int: 1},
      -2064  *   sigalg: {name: 'SHA1withRSA', paramempty: true},
      -2065  *   issuer: {str: '/C=US/O=T1'},
      -2066  *   notbefore: {'str': '130504235959Z'},
      -2067  *   notafter: {'str': '140504235959Z'},
      -2068  *   subject: {str: '/C=US/O=T1'},
      -2069  *   sbjpubkey: pubKeyObj,
      -2070  *   sighex: '0102030405..'}
      -2071  * );
      -2072  * // for the issuer and subject field, another
      -2073  * // representation is also available
      -2074  * var certPEM = KJUR.asn1.x509.X509Util.newCertPEM(
      -2075  * { serial: {int: 1},
      -2076  *   sigalg: {name: 'SHA1withRSA', paramempty: true},
      -2077  *   issuer: {C: "US", O: "T1"},
      -2078  *   notbefore: {'str': '130504235959Z'},
      -2079  *   notafter: {'str': '140504235959Z'},
      -2080  *   subject: {C: "US", O: "T1", CN: "http://example.com/"},
      -2081  *   sbjpubkey: pubKeyObj,
      -2082  *   sighex: '0102030405..'}
      -2083  * );
      -2084  */
      -2085 KJUR.asn1.x509.X509Util.newCertPEM = function(param) {
      -2086     var ns1 = KJUR.asn1.x509;
      -2087     var o = new ns1.TBSCertificate();
      +1982  * @example
      +1983  */
      +1984 KJUR.asn1.x509.DistributionPoint = function(params) {
      +1985     KJUR.asn1.x509.DistributionPoint.superclass.constructor.call(this);
      +1986     var asn1DP = null;
      +1987 
      +1988     this.getEncodedHex = function() {
      +1989         var seq = new KJUR.asn1.DERSequence();
      +1990         if (this.asn1DP != null) {
      +1991             var o1 = new KJUR.asn1.DERTaggedObject({'explicit': true,
      +1992                                                     'tag': 'a0',
      +1993                                                     'obj': this.asn1DP});
      +1994             seq.appendASN1Object(o1);
      +1995         }
      +1996         this.hTLV = seq.getEncodedHex();
      +1997         return this.hTLV;
      +1998     };
      +1999 
      +2000     if (typeof params != "undefined") {
      +2001         if (typeof params['dpobj'] != "undefined") {
      +2002             this.asn1DP = params['dpobj'];
      +2003         }
      +2004     }
      +2005 };
      +2006 YAHOO.lang.extend(KJUR.asn1.x509.DistributionPoint, KJUR.asn1.ASN1Object);
      +2007 
      +2008 /**
      +2009  * static object for OID
      +2010  * @name KJUR.asn1.x509.OID
      +2011  * @class static object for OID
      +2012  * @property {Assoc Array} atype2oidList for short attribyte type name and oid (i.e. 'C' and '2.5.4.6')
      +2013  * @property {Assoc Array} name2oidList for oid name and oid (i.e. 'keyUsage' and '2.5.29.15')
      +2014  * @property {Assoc Array} objCache for caching name and DERObjectIdentifier object
      +2015  * @description
      +2016  * <dl>
      +2017  * <dt><b>atype2oidList</b>
      +2018  * <dd>currently supports 'C', 'O', 'OU', 'ST', 'L' and 'CN' only.
      +2019  * <dt><b>name2oidList</b>
      +2020  * <dd>currently supports 'SHA1withRSA', 'rsaEncryption' and some extension OIDs
      +2021  * </dl>
      +2022  * @example
      +2023  */
      +2024 KJUR.asn1.x509.OID = new function(params) {
      +2025     this.atype2oidList = {
      +2026         'C':    '2.5.4.6',
      +2027         'O':    '2.5.4.10',
      +2028         'OU':   '2.5.4.11',
      +2029         'ST':   '2.5.4.8',
      +2030         'L':    '2.5.4.7',
      +2031         'CN':   '2.5.4.3',
      +2032         'SN':   '2.5.4.4',
      +2033         'DN':   '2.5.4.49',
      +2034         'DC':   '0.9.2342.19200300.100.1.25',
      +2035     };
      +2036     this.name2oidList = {
      +2037         'sha1':                 '1.3.14.3.2.26',
      +2038         'sha256':               '2.16.840.1.101.3.4.2.1',
      +2039         'sha384':               '2.16.840.1.101.3.4.2.2',
      +2040         'sha512':               '2.16.840.1.101.3.4.2.3',
      +2041         'sha224':               '2.16.840.1.101.3.4.2.4',
      +2042         'md5':                  '1.2.840.113549.2.5',
      +2043         'md2':                  '1.3.14.7.2.2.1',
      +2044         'ripemd160':            '1.3.36.3.2.1',
      +2045 
      +2046         'MD2withRSA':           '1.2.840.113549.1.1.2',
      +2047         'MD4withRSA':           '1.2.840.113549.1.1.3',
      +2048         'MD5withRSA':           '1.2.840.113549.1.1.4',
      +2049         'SHA1withRSA':          '1.2.840.113549.1.1.5',
      +2050         'SHA224withRSA':        '1.2.840.113549.1.1.14',
      +2051         'SHA256withRSA':        '1.2.840.113549.1.1.11',
      +2052         'SHA384withRSA':        '1.2.840.113549.1.1.12',
      +2053         'SHA512withRSA':        '1.2.840.113549.1.1.13',
      +2054 
      +2055         'SHA1withECDSA':        '1.2.840.10045.4.1',
      +2056         'SHA224withECDSA':      '1.2.840.10045.4.3.1',
      +2057         'SHA256withECDSA':      '1.2.840.10045.4.3.2',
      +2058         'SHA384withECDSA':      '1.2.840.10045.4.3.3',
      +2059         'SHA512withECDSA':      '1.2.840.10045.4.3.4',
      +2060 
      +2061         'dsa':                  '1.2.840.10040.4.1',
      +2062         'SHA1withDSA':          '1.2.840.10040.4.3',
      +2063         'SHA224withDSA':        '2.16.840.1.101.3.4.3.1',
      +2064         'SHA256withDSA':        '2.16.840.1.101.3.4.3.2',
      +2065 
      +2066         'rsaEncryption':        '1.2.840.113549.1.1.1',
      +2067 
      +2068         'countryName':          '2.5.4.6',
      +2069         'organization':         '2.5.4.10',
      +2070         'organizationalUnit':   '2.5.4.11',
      +2071         'stateOrProvinceName':  '2.5.4.8',
      +2072         'locality':             '2.5.4.7',
      +2073         'commonName':           '2.5.4.3',
      +2074 
      +2075         'subjectKeyIdentifier': '2.5.29.14',
      +2076         'keyUsage':             '2.5.29.15',
      +2077         'subjectAltName':       '2.5.29.17',
      +2078         'basicConstraints':     '2.5.29.19',
      +2079         'nameConstraints':      '2.5.29.30',
      +2080         'cRLDistributionPoints':'2.5.29.31',
      +2081         'certificatePolicies':  '2.5.29.32',
      +2082         'authorityKeyIdentifier':'2.5.29.35',
      +2083         'policyConstraints':    '2.5.29.36',
      +2084         'extKeyUsage':          '2.5.29.37',
      +2085         'authorityInfoAccess':  '1.3.6.1.5.5.7.1.1',
      +2086         'ocsp':                 '1.3.6.1.5.5.7.48.1',
      +2087         'caIssuers':            '1.3.6.1.5.5.7.48.2',
       2088 
      -2089     if (param.serial !== undefined)
      -2090         o.setSerialNumberByParam(param.serial);
      -2091     else
      -2092         throw "serial number undefined.";
      -2093 
      -2094     if (typeof param.sigalg.name == 'string')
      -2095         o.setSignatureAlgByParam(param.sigalg);
      -2096     else 
      -2097         throw "unproper signature algorithm name";
      -2098 
      -2099     if (param.issuer !== undefined)
      -2100         o.setIssuerByParam(param.issuer);
      -2101     else
      -2102         throw "issuer name undefined.";
      -2103     
      -2104     if (param.notbefore !== undefined)
      -2105         o.setNotBeforeByParam(param.notbefore);
      -2106     else
      -2107         throw "notbefore undefined.";
      -2108 
      -2109     if (param.notafter !== undefined)
      -2110         o.setNotAfterByParam(param.notafter);
      -2111     else
      -2112         throw "notafter undefined.";
      -2113 
      -2114     if (param.subject !== undefined)
      -2115         o.setSubjectByParam(param.subject);
      -2116     else
      -2117         throw "subject name undefined.";
      -2118 
      -2119     if (param.sbjpubkey !== undefined)
      -2120         o.setSubjectPublicKeyByGetKey(param.sbjpubkey);
      -2121     else
      -2122         throw "subject public key undefined.";
      -2123 
      -2124     if (param.ext !== undefined && param.ext.length !== undefined) {
      -2125         for (var i = 0; i < param.ext.length; i++) {
      -2126             for (key in param.ext[i]) {
      -2127                 o.appendExtensionByName(key, param.ext[i][key]);
      -2128             }
      -2129         }
      -2130     }
      -2131 
      -2132     // set signature
      -2133     if (param.cakey === undefined && param.sighex === undefined)
      -2134         throw "param cakey and sighex undefined.";
      -2135 
      -2136     var caKey = null;
      -2137     var cert = null;
      +2089         'anyExtendedKeyUsage':  '2.5.29.37.0',
      +2090         'serverAuth':           '1.3.6.1.5.5.7.3.1',
      +2091         'clientAuth':           '1.3.6.1.5.5.7.3.2',
      +2092         'codeSigning':          '1.3.6.1.5.5.7.3.3',
      +2093         'emailProtection':      '1.3.6.1.5.5.7.3.4',
      +2094         'timeStamping':         '1.3.6.1.5.5.7.3.8',
      +2095         'ocspSigning':          '1.3.6.1.5.5.7.3.9',
      +2096 
      +2097         'ecPublicKey':          '1.2.840.10045.2.1',
      +2098         'secp256r1':            '1.2.840.10045.3.1.7',
      +2099         'secp256k1':            '1.3.132.0.10',
      +2100         'secp384r1':            '1.3.132.0.34',
      +2101 
      +2102         'pkcs5PBES2':           '1.2.840.113549.1.5.13',
      +2103         'pkcs5PBKDF2':          '1.2.840.113549.1.5.12',
      +2104 
      +2105         'des-EDE3-CBC':         '1.2.840.113549.3.7',
      +2106 
      +2107         'data':                 '1.2.840.113549.1.7.1', // CMS data
      +2108         'signed-data':          '1.2.840.113549.1.7.2', // CMS signed-data
      +2109         'enveloped-data':       '1.2.840.113549.1.7.3', // CMS enveloped-data
      +2110         'digested-data':        '1.2.840.113549.1.7.5', // CMS digested-data
      +2111         'encrypted-data':       '1.2.840.113549.1.7.6', // CMS encrypted-data
      +2112         'authenticated-data':   '1.2.840.113549.1.9.16.1.2', // CMS authenticated-data
      +2113         'tstinfo':              '1.2.840.113549.1.9.16.1.4', // RFC3161 TSTInfo
      +2114     };
      +2115 
      +2116     this.objCache = {};
      +2117 
      +2118     /**
      +2119      * get DERObjectIdentifier by registered OID name
      +2120      * @name name2obj
      +2121      * @memberOf KJUR.asn1.x509.OID
      +2122      * @function
      +2123      * @param {String} name OID
      +2124      * @description
      +2125      * @example
      +2126      * var asn1ObjOID = OID.name2obj('SHA1withRSA');
      +2127      */
      +2128     this.name2obj = function(name) {
      +2129         if (typeof this.objCache[name] != "undefined")
      +2130             return this.objCache[name];
      +2131         if (typeof this.name2oidList[name] == "undefined")
      +2132             throw "Name of ObjectIdentifier not defined: " + name;
      +2133         var oid = this.name2oidList[name];
      +2134         var obj = new KJUR.asn1.DERObjectIdentifier({'oid': oid});
      +2135         this.objCache[name] = obj;
      +2136         return obj;
      +2137     };
       2138 
      -2139     if (param.cakey) {
      -2140         caKey = KEYUTIL.getKey.apply(null, param.cakey);
      -2141         cert = new ns1.Certificate({'tbscertobj': o, 'prvkeyobj': caKey});
      -2142         cert.sign();
      -2143     }
      -2144 
      -2145     if (param.sighex) {
      -2146         cert = new ns1.Certificate({'tbscertobj': o});
      -2147         cert.setSignatureHex(param.sighex);
      -2148     }
      -2149 
      -2150     return cert.getPEMString();
      -2151 };
      -2152 
      -2153 /*
      -2154   org.bouncycastle.asn1.x500
      -2155   AttributeTypeAndValue
      -2156   DirectoryString
      -2157   RDN
      -2158   X500Name
      -2159   X500NameBuilder
      +2139     /**
      +2140      * get DERObjectIdentifier by registered attribyte type name such like 'C' or 'CN'
      +2141      * @name atype2obj
      +2142      * @memberOf KJUR.asn1.x509.OID
      +2143      * @function
      +2144      * @param {String} atype short attribute type name such like 'C' or 'CN'
      +2145      * @description
      +2146      * @example
      +2147      * var asn1ObjOID = OID.atype2obj('CN');
      +2148      */
      +2149     this.atype2obj = function(atype) {
      +2150         if (typeof this.objCache[atype] != "undefined")
      +2151             return this.objCache[atype];
      +2152         if (typeof this.atype2oidList[atype] == "undefined")
      +2153             throw "AttributeType name undefined: " + atype;
      +2154         var oid = this.atype2oidList[atype];
      +2155         var obj = new KJUR.asn1.DERObjectIdentifier({'oid': oid});
      +2156         this.objCache[atype] = obj;
      +2157         return obj;
      +2158     };
      +2159 };
       2160 
      -2161   org.bouncycastleasn1.x509
      -2162   TBSCertificate
      -2163 */
      -2164 
      \ No newline at end of file +2161
      /* +2162 * convert OID to name +2163 * @name oid2name +2164 * @memberOf KJUR.asn1.x509.OID +2165 * @function +2166 * @param {String} dot noted Object Identifer string (ex. 1.2.3.4) +2167 * @return {String} OID name +2168 * @description +2169 * This static method converts OID string to its name. +2170 * If OID is undefined then it returns empty string (i.e. ''). +2171 * @example +2172 * name = KJUR.asn1.x509.OID.oid2name("1.3.6.1.5.5.7.1.1"); +2173 * // name will be 'authorityInfoAccess'. +2174 * @since asn1x509 1.0.9 +2175 */ +2176 KJUR.asn1.x509.OID.oid2name = function(oid) { +2177 var list = KJUR.asn1.x509.OID.name2oidList; +2178 for (var name in list) { +2179 if (list[name] == oid) return name; +2180 } +2181 return ''; +2182 }; +2183 +2184 /* +2185 * convert name to OID +2186 * @name name2oid +2187 * @memberOf KJUR.asn1.x509.OID +2188 * @function +2189 * @param {String} OID name +2190 * @return {String} dot noted Object Identifer string (ex. 1.2.3.4) +2191 * @description +2192 * This static method converts from OID name to OID string. +2193 * If OID is undefined then it returns empty string (i.e. ''). +2194 * @example +2195 * name = KJUR.asn1.x509.OID.name2oid("authorityInfoAccess"); +2196 * // name will be '1.3.6.1.5.5.7.1.1'. +2197 * @since asn1x509 1.0.11 +2198 */ +2199 KJUR.asn1.x509.OID.name2oid = function(name) { +2200 var list = KJUR.asn1.x509.OID.name2oidList; +2201 if (list[name] === undefined) return ''; +2202 return list[name]; +2203 }; +2204 +2205 /** +2206 * X.509 certificate and CRL utilities class +2207 * @name KJUR.asn1.x509.X509Util +2208 * @class X.509 certificate and CRL utilities class +2209 */ +2210 KJUR.asn1.x509.X509Util = new function() { +2211 /** +2212 * get PKCS#8 PEM public key string from RSAKey object +2213 * @name getPKCS8PubKeyPEMfromRSAKey +2214 * @memberOf KJUR.asn1.x509.X509Util +2215 * @function +2216 * @param {RSAKey} rsaKey RSA public key of {@link RSAKey} object +2217 * @description +2218 * @example +2219 * var pem = KJUR.asn1.x509.X509Util.getPKCS8PubKeyPEMfromRSAKey(pubKey); +2220 */ +2221 this.getPKCS8PubKeyPEMfromRSAKey = function(rsaKey) { +2222 var pem = null; +2223 var hN = KJUR.asn1.ASN1Util.bigIntToMinTwosComplementsHex(rsaKey.n); +2224 var hE = KJUR.asn1.ASN1Util.integerToByteHex(rsaKey.e); +2225 var iN = new KJUR.asn1.DERInteger({hex: hN}); +2226 var iE = new KJUR.asn1.DERInteger({hex: hE}); +2227 var asn1PubKey = new KJUR.asn1.DERSequence({array: [iN, iE]}); +2228 var hPubKey = asn1PubKey.getEncodedHex(); +2229 var o1 = new KJUR.asn1.x509.AlgorithmIdentifier({name: 'rsaEncryption'}); +2230 var o2 = new KJUR.asn1.DERBitString({hex: '00' + hPubKey}); +2231 var seq = new KJUR.asn1.DERSequence({array: [o1, o2]}); +2232 var hP8 = seq.getEncodedHex(); +2233 var pem = KJUR.asn1.ASN1Util.getPEMStringFromHex(hP8, "PUBLIC KEY"); +2234 return pem; +2235 }; +2236 }; +2237 /** +2238 * issue a certificate in PEM format +2239 * @name newCertPEM +2240 * @memberOf KJUR.asn1.x509.X509Util +2241 * @function +2242 * @param {Array} param parameter to issue a certificate +2243 * @since asn1x509 1.0.6 +2244 * @description +2245 * This method can issue a certificate by a simple +2246 * JSON object. +2247 * Signature value will be provided by signing with +2248 * private key using 'cakey' parameter or +2249 * hexa decimal signature value by 'sighex' parameter. +2250 * +2251 * NOTE: When using DSA or ECDSA CA signing key, +2252 * use 'paramempty' in 'sigalg' to ommit parameter field +2253 * of AlgorithmIdentifer. In case of RSA, parameter +2254 * NULL will be specified by default. +2255 * +2256 * @example +2257 * var certPEM = KJUR.asn1.x509.X509Util.newCertPEM( +2258 * { serial: {int: 4}, +2259 * sigalg: {name: 'SHA1withECDSA', paramempty: true}, +2260 * issuer: {str: '/C=US/O=a'}, +2261 * notbefore: {'str': '130504235959Z'}, +2262 * notafter: {'str': '140504235959Z'}, +2263 * subject: {str: '/C=US/O=b'}, +2264 * sbjpubkey: pubKeyPEM, +2265 * ext: [ +2266 * {basicConstraints: {cA: true, critical: true}}, +2267 * {keyUsage: {bin: '11'}}, +2268 * ], +2269 * cakey: [prvkey, pass]} +2270 * ); +2271 * // -- or -- +2272 * var certPEM = KJUR.asn1.x509.X509Util.newCertPEM( +2273 * { serial: {int: 1}, +2274 * sigalg: {name: 'SHA1withRSA', paramempty: true}, +2275 * issuer: {str: '/C=US/O=T1'}, +2276 * notbefore: {'str': '130504235959Z'}, +2277 * notafter: {'str': '140504235959Z'}, +2278 * subject: {str: '/C=US/O=T1'}, +2279 * sbjpubkey: pubKeyObj, +2280 * sighex: '0102030405..'} +2281 * ); +2282 * // for the issuer and subject field, another +2283 * // representation is also available +2284 * var certPEM = KJUR.asn1.x509.X509Util.newCertPEM( +2285 * { serial: {int: 1}, +2286 * sigalg: {name: 'SHA1withRSA', paramempty: true}, +2287 * issuer: {C: "US", O: "T1"}, +2288 * notbefore: {'str': '130504235959Z'}, +2289 * notafter: {'str': '140504235959Z'}, +2290 * subject: {C: "US", O: "T1", CN: "http://example.com/"}, +2291 * sbjpubkey: pubKeyObj, +2292 * sighex: '0102030405..'} +2293 * ); +2294 */ +2295 KJUR.asn1.x509.X509Util.newCertPEM = function(param) { +2296 var ns1 = KJUR.asn1.x509; +2297 var o = new ns1.TBSCertificate(); +2298 +2299 if (param.serial !== undefined) +2300 o.setSerialNumberByParam(param.serial); +2301 else +2302 throw "serial number undefined."; +2303 +2304 if (typeof param.sigalg.name == 'string') +2305 o.setSignatureAlgByParam(param.sigalg); +2306 else +2307 throw "unproper signature algorithm name"; +2308 +2309 if (param.issuer !== undefined) +2310 o.setIssuerByParam(param.issuer); +2311 else +2312 throw "issuer name undefined."; +2313 +2314 if (param.notbefore !== undefined) +2315 o.setNotBeforeByParam(param.notbefore); +2316 else +2317 throw "notbefore undefined."; +2318 +2319 if (param.notafter !== undefined) +2320 o.setNotAfterByParam(param.notafter); +2321 else +2322 throw "notafter undefined."; +2323 +2324 if (param.subject !== undefined) +2325 o.setSubjectByParam(param.subject); +2326 else +2327 throw "subject name undefined."; +2328 +2329 if (param.sbjpubkey !== undefined) +2330 o.setSubjectPublicKeyByGetKey(param.sbjpubkey); +2331 else +2332 throw "subject public key undefined."; +2333 +2334 if (param.ext !== undefined && param.ext.length !== undefined) { +2335 for (var i = 0; i < param.ext.length; i++) { +2336 for (key in param.ext[i]) { +2337 o.appendExtensionByName(key, param.ext[i][key]); +2338 } +2339 } +2340 } +2341 +2342 // set signature +2343 if (param.cakey === undefined && param.sighex === undefined) +2344 throw "param cakey and sighex undefined."; +2345 +2346 var caKey = null; +2347 var cert = null; +2348 +2349 if (param.cakey) { +2350 caKey = KEYUTIL.getKey.apply(null, param.cakey); +2351 cert = new ns1.Certificate({'tbscertobj': o, 'prvkeyobj': caKey}); +2352 cert.sign(); +2353 } +2354 +2355 if (param.sighex) { +2356 cert = new ns1.Certificate({'tbscertobj': o}); +2357 cert.setSignatureHex(param.sighex); +2358 } +2359 +2360 return cert.getPEMString(); +2361 }; +2362 +2363 /* +2364 org.bouncycastle.asn1.x500 +2365 AttributeTypeAndValue +2366 DirectoryString +2367 RDN +2368 X500Name +2369 X500NameBuilder +2370 +2371 org.bouncycastleasn1.x509 +2372 TBSCertificate +2373 */ +2374
      \ No newline at end of file diff --git a/api/symbols/src/crypto-1.1.js.html b/api/symbols/src/crypto-1.1.js.html index 5916f016..76595dff 100644 --- a/api/symbols/src/crypto-1.1.js.html +++ b/api/symbols/src/crypto-1.1.js.html @@ -5,7 +5,7 @@ .STRN {color: #393;} .REGX {color: #339;} .line {border-right: 1px dotted #666; color: #666; font-style: normal;} -
        1 /*! crypto-1.1.9.js (c) 2013-2016 Kenji Urushima | kjur.github.com/jsrsasign/license
      +	
        1 /*! crypto-1.1.10.js (c) 2013-2016 Kenji Urushima | kjur.github.com/jsrsasign/license
         2  */
         3 /*
         4  * crypto.js - Cryptographic Algorithm Provider class
      @@ -23,7 +23,7 @@
        16  * @fileOverview
        17  * @name crypto-1.1.js
        18  * @author Kenji Urushima kenji.urushima@gmail.com
      - 19  * @version 1.1.9 (2016-Oct-08)
      + 19  * @version 1.1.10 (2016-Oct-29)
        20  * @since jsrsasign 2.2
        21  * @license <a href="http://kjur.github.io/jsrsasign/license/">MIT License</a>
        22  */
      @@ -41,1198 +41,1404 @@
        34  * <ul>
        35  * <li>{@link KJUR.crypto.MessageDigest} - Java JCE(cryptograhic extension) style MessageDigest class</li>
        36  * <li>{@link KJUR.crypto.Signature} - Java JCE(cryptograhic extension) style Signature class</li>
      - 37  * <li>{@link KJUR.crypto.Util} - cryptographic utility functions and properties</li>
      - 38  * </ul>
      - 39  * NOTE: Please ignore method summary and document of this namespace. This caused by a bug of jsdoc2.
      - 40  * </p>
      - 41  * @name KJUR.crypto
      - 42  * @namespace
      - 43  */
      - 44 if (typeof KJUR.crypto == "undefined" || !KJUR.crypto) KJUR.crypto = {};
      - 45 
      - 46 /**
      - 47  * static object for cryptographic function utilities
      - 48  * @name KJUR.crypto.Util
      - 49  * @class static object for cryptographic function utilities
      - 50  * @property {Array} DIGESTINFOHEAD PKCS#1 DigestInfo heading hexadecimal bytes for each hash algorithms
      - 51  * @property {Array} DEFAULTPROVIDER associative array of default provider name for each hash and signature algorithms
      - 52  * @description
      - 53  */
      - 54 KJUR.crypto.Util = new function() {
      - 55     this.DIGESTINFOHEAD = {
      - 56 	'sha1':      "3021300906052b0e03021a05000414",
      - 57         'sha224':    "302d300d06096086480165030402040500041c",
      - 58 	'sha256':    "3031300d060960864801650304020105000420",
      - 59 	'sha384':    "3041300d060960864801650304020205000430",
      - 60 	'sha512':    "3051300d060960864801650304020305000440",
      - 61 	'md2':       "3020300c06082a864886f70d020205000410",
      - 62 	'md5':       "3020300c06082a864886f70d020505000410",
      - 63 	'ripemd160': "3021300906052b2403020105000414",
      - 64     };
      - 65 
      - 66     /*
      - 67      * @since crypto 1.1.1
      - 68      */
      - 69     this.DEFAULTPROVIDER = {
      - 70 	'md5':			'cryptojs',
      - 71 	'sha1':			'cryptojs',
      - 72 	'sha224':		'cryptojs',
      - 73 	'sha256':		'cryptojs',
      - 74 	'sha384':		'cryptojs',
      - 75 	'sha512':		'cryptojs',
      - 76 	'ripemd160':		'cryptojs',
      - 77 	'hmacmd5':		'cryptojs',
      - 78 	'hmacsha1':		'cryptojs',
      - 79 	'hmacsha224':		'cryptojs',
      - 80 	'hmacsha256':		'cryptojs',
      - 81 	'hmacsha384':		'cryptojs',
      - 82 	'hmacsha512':		'cryptojs',
      - 83 	'hmacripemd160':	'cryptojs',
      - 84 
      - 85 	'MD5withRSA':		'cryptojs/jsrsa',
      - 86 	'SHA1withRSA':		'cryptojs/jsrsa',
      - 87 	'SHA224withRSA':	'cryptojs/jsrsa',
      - 88 	'SHA256withRSA':	'cryptojs/jsrsa',
      - 89 	'SHA384withRSA':	'cryptojs/jsrsa',
      - 90 	'SHA512withRSA':	'cryptojs/jsrsa',
      - 91 	'RIPEMD160withRSA':	'cryptojs/jsrsa',
      - 92 
      - 93 	'MD5withECDSA':		'cryptojs/jsrsa',
      - 94 	'SHA1withECDSA':	'cryptojs/jsrsa',
      - 95 	'SHA224withECDSA':	'cryptojs/jsrsa',
      - 96 	'SHA256withECDSA':	'cryptojs/jsrsa',
      - 97 	'SHA384withECDSA':	'cryptojs/jsrsa',
      - 98 	'SHA512withECDSA':	'cryptojs/jsrsa',
      - 99 	'RIPEMD160withECDSA':	'cryptojs/jsrsa',
      -100 
      -101 	'SHA1withDSA':		'cryptojs/jsrsa',
      -102 	'SHA224withDSA':	'cryptojs/jsrsa',
      -103 	'SHA256withDSA':	'cryptojs/jsrsa',
      -104 
      -105 	'MD5withRSAandMGF1':		'cryptojs/jsrsa',
      -106 	'SHA1withRSAandMGF1':		'cryptojs/jsrsa',
      -107 	'SHA224withRSAandMGF1':		'cryptojs/jsrsa',
      -108 	'SHA256withRSAandMGF1':		'cryptojs/jsrsa',
      -109 	'SHA384withRSAandMGF1':		'cryptojs/jsrsa',
      -110 	'SHA512withRSAandMGF1':		'cryptojs/jsrsa',
      -111 	'RIPEMD160withRSAandMGF1':	'cryptojs/jsrsa',
      -112     };
      -113 
      -114     /*
      -115      * @since crypto 1.1.2
      -116      */
      -117     this.CRYPTOJSMESSAGEDIGESTNAME = {
      -118 	'md5':		CryptoJS.algo.MD5,
      -119 	'sha1':		CryptoJS.algo.SHA1,
      -120 	'sha224':	CryptoJS.algo.SHA224,
      -121 	'sha256':	CryptoJS.algo.SHA256,
      -122 	'sha384':	CryptoJS.algo.SHA384,
      -123 	'sha512':	CryptoJS.algo.SHA512,
      -124 	'ripemd160':	CryptoJS.algo.RIPEMD160
      -125     };
      -126 
      -127     /**
      -128      * get hexadecimal DigestInfo
      -129      * @name getDigestInfoHex
      -130      * @memberOf KJUR.crypto.Util
      -131      * @function
      -132      * @param {String} hHash hexadecimal hash value
      -133      * @param {String} alg hash algorithm name (ex. 'sha1')
      -134      * @return {String} hexadecimal string DigestInfo ASN.1 structure
      -135      */
      -136     this.getDigestInfoHex = function(hHash, alg) {
      -137 	if (typeof this.DIGESTINFOHEAD[alg] == "undefined")
      -138 	    throw "alg not supported in Util.DIGESTINFOHEAD: " + alg;
      -139 	return this.DIGESTINFOHEAD[alg] + hHash;
      -140     };
      -141 
      -142     /**
      -143      * get PKCS#1 padded hexadecimal DigestInfo
      -144      * @name getPaddedDigestInfoHex
      -145      * @memberOf KJUR.crypto.Util
      -146      * @function
      -147      * @param {String} hHash hexadecimal hash value of message to be signed
      -148      * @param {String} alg hash algorithm name (ex. 'sha1')
      -149      * @param {Integer} keySize key bit length (ex. 1024)
      -150      * @return {String} hexadecimal string of PKCS#1 padded DigestInfo
      -151      */
      -152     this.getPaddedDigestInfoHex = function(hHash, alg, keySize) {
      -153 	var hDigestInfo = this.getDigestInfoHex(hHash, alg);
      -154 	var pmStrLen = keySize / 4; // minimum PM length
      -155 
      -156 	if (hDigestInfo.length + 22 > pmStrLen) // len(0001+ff(*8)+00+hDigestInfo)=22
      -157 	    throw "key is too short for SigAlg: keylen=" + keySize + "," + alg;
      -158 
      -159 	var hHead = "0001";
      -160 	var hTail = "00" + hDigestInfo;
      -161 	var hMid = "";
      -162 	var fLen = pmStrLen - hHead.length - hTail.length;
      -163 	for (var i = 0; i < fLen; i += 2) {
      -164 	    hMid += "ff";
      -165 	}
      -166 	var hPaddedMessage = hHead + hMid + hTail;
      -167 	return hPaddedMessage;
      -168     };
      -169 
      -170     /**
      -171      * get hexadecimal hash of string with specified algorithm
      -172      * @name hashString
      -173      * @memberOf KJUR.crypto.Util
      -174      * @function
      -175      * @param {String} s input string to be hashed
      -176      * @param {String} alg hash algorithm name
      -177      * @return {String} hexadecimal string of hash value
      -178      * @since 1.1.1
      -179      */
      -180     this.hashString = function(s, alg) {
      -181         var md = new KJUR.crypto.MessageDigest({'alg': alg});
      -182         return md.digestString(s);
      -183     };
      -184 
      -185     /**
      -186      * get hexadecimal hash of hexadecimal string with specified algorithm
      -187      * @name hashHex
      -188      * @memberOf KJUR.crypto.Util
      -189      * @function
      -190      * @param {String} sHex input hexadecimal string to be hashed
      -191      * @param {String} alg hash algorithm name
      -192      * @return {String} hexadecimal string of hash value
      -193      * @since 1.1.1
      -194      */
      -195     this.hashHex = function(sHex, alg) {
      -196         var md = new KJUR.crypto.MessageDigest({'alg': alg});
      -197         return md.digestHex(sHex);
      -198     };
      -199 
      -200     /**
      -201      * get hexadecimal SHA1 hash of string
      -202      * @name sha1
      -203      * @memberOf KJUR.crypto.Util
      -204      * @function
      -205      * @param {String} s input string to be hashed
      -206      * @return {String} hexadecimal string of hash value
      -207      * @since 1.0.3
      -208      */
      -209     this.sha1 = function(s) {
      -210         var md = new KJUR.crypto.MessageDigest({'alg':'sha1', 'prov':'cryptojs'});
      -211         return md.digestString(s);
      -212     };
      -213 
      -214     /**
      -215      * get hexadecimal SHA256 hash of string
      -216      * @name sha256
      -217      * @memberOf KJUR.crypto.Util
      -218      * @function
      -219      * @param {String} s input string to be hashed
      -220      * @return {String} hexadecimal string of hash value
      -221      * @since 1.0.3
      -222      */
      -223     this.sha256 = function(s) {
      -224         var md = new KJUR.crypto.MessageDigest({'alg':'sha256', 'prov':'cryptojs'});
      -225         return md.digestString(s);
      -226     };
      -227 
      -228     this.sha256Hex = function(s) {
      -229         var md = new KJUR.crypto.MessageDigest({'alg':'sha256', 'prov':'cryptojs'});
      -230         return md.digestHex(s);
      -231     };
      -232 
      -233     /**
      -234      * get hexadecimal SHA512 hash of string
      -235      * @name sha512
      -236      * @memberOf KJUR.crypto.Util
      -237      * @function
      -238      * @param {String} s input string to be hashed
      -239      * @return {String} hexadecimal string of hash value
      -240      * @since 1.0.3
      -241      */
      -242     this.sha512 = function(s) {
      -243         var md = new KJUR.crypto.MessageDigest({'alg':'sha512', 'prov':'cryptojs'});
      -244         return md.digestString(s);
      -245     };
      -246 
      -247     this.sha512Hex = function(s) {
      -248         var md = new KJUR.crypto.MessageDigest({'alg':'sha512', 'prov':'cryptojs'});
      -249         return md.digestHex(s);
      -250     };
      -251 
      -252     /**
      -253      * get hexadecimal MD5 hash of string
      -254      * @name md5
      -255      * @memberOf KJUR.crypto.Util
      -256      * @function
      -257      * @param {String} s input string to be hashed
      -258      * @return {String} hexadecimal string of hash value
      -259      * @since 1.0.3
      -260      */
      -261     this.md5 = function(s) {
      -262         var md = new KJUR.crypto.MessageDigest({'alg':'md5', 'prov':'cryptojs'});
      -263         return md.digestString(s);
      -264     };
      -265 
      -266     /**
      -267      * get hexadecimal RIPEMD160 hash of string
      -268      * @name ripemd160
      -269      * @memberOf KJUR.crypto.Util
      -270      * @function
      -271      * @param {String} s input string to be hashed
      -272      * @return {String} hexadecimal string of hash value
      -273      * @since 1.0.3
      -274      */
      -275     this.ripemd160 = function(s) {
      -276         var md = new KJUR.crypto.MessageDigest({'alg':'ripemd160', 'prov':'cryptojs'});
      -277         return md.digestString(s);
      -278     };
      -279 
      -280     /*
      -281      * @since 1.1.2
      -282      */
      -283     this.getCryptoJSMDByName = function(s) {
      -284 	
      -285     };
      -286 };
      -287 
      -288 /**
      -289  * MessageDigest class which is very similar to java.security.MessageDigest class
      -290  * @name KJUR.crypto.MessageDigest
      -291  * @class MessageDigest class which is very similar to java.security.MessageDigest class
      -292  * @param {Array} params parameters for constructor
      -293  * @description
      -294  * <br/>
      -295  * Currently this supports following algorithm and providers combination:
      -296  * <ul>
      -297  * <li>md5 - cryptojs</li>
      -298  * <li>sha1 - cryptojs</li>
      -299  * <li>sha224 - cryptojs</li>
      -300  * <li>sha256 - cryptojs</li>
      -301  * <li>sha384 - cryptojs</li>
      -302  * <li>sha512 - cryptojs</li>
      -303  * <li>ripemd160 - cryptojs</li>
      -304  * <li>sha256 - sjcl (NEW from crypto.js 1.0.4)</li>
      -305  * </ul>
      -306  * @example
      -307  * // CryptoJS provider sample
      -308  * var md = new KJUR.crypto.MessageDigest({alg: "sha1", prov: "cryptojs"});
      -309  * md.updateString('aaa')
      -310  * var mdHex = md.digest()
      -311  *
      -312  * // SJCL(Stanford JavaScript Crypto Library) provider sample
      -313  * var md = new KJUR.crypto.MessageDigest({alg: "sha256", prov: "sjcl"}); // sjcl supports sha256 only
      -314  * md.updateString('aaa')
      -315  * var mdHex = md.digest()
      -316  */
      -317 KJUR.crypto.MessageDigest = function(params) {
      -318     var md = null;
      -319     var algName = null;
      -320     var provName = null;
      -321 
      -322     /**
      -323      * set hash algorithm and provider
      -324      * @name setAlgAndProvider
      -325      * @memberOf KJUR.crypto.MessageDigest
      -326      * @function
      -327      * @param {String} alg hash algorithm name
      -328      * @param {String} prov provider name
      -329      * @description
      -330      * @example
      -331      * // for SHA1
      -332      * md.setAlgAndProvider('sha1', 'cryptojs');
      -333      * // for RIPEMD160
      -334      * md.setAlgAndProvider('ripemd160', 'cryptojs');
      -335      */
      -336     this.setAlgAndProvider = function(alg, prov) {
      -337 	if (alg != null && prov === undefined) prov = KJUR.crypto.Util.DEFAULTPROVIDER[alg];
      -338 
      -339 	// for cryptojs
      -340 	if (':md5:sha1:sha224:sha256:sha384:sha512:ripemd160:'.indexOf(alg) != -1 &&
      -341 	    prov == 'cryptojs') {
      -342 	    try {
      -343 		this.md = KJUR.crypto.Util.CRYPTOJSMESSAGEDIGESTNAME[alg].create();
      -344 	    } catch (ex) {
      -345 		throw "setAlgAndProvider hash alg set fail alg=" + alg + "/" + ex;
      -346 	    }
      -347 	    this.updateString = function(str) {
      -348 		this.md.update(str);
      -349 	    };
      -350 	    this.updateHex = function(hex) {
      -351 		var wHex = CryptoJS.enc.Hex.parse(hex);
      -352 		this.md.update(wHex);
      -353 	    };
      -354 	    this.digest = function() {
      -355 		var hash = this.md.finalize();
      -356 		return hash.toString(CryptoJS.enc.Hex);
      -357 	    };
      -358 	    this.digestString = function(str) {
      -359 		this.updateString(str);
      -360 		return this.digest();
      -361 	    };
      -362 	    this.digestHex = function(hex) {
      -363 		this.updateHex(hex);
      -364 		return this.digest();
      -365 	    };
      -366 	}
      -367 	if (':sha256:'.indexOf(alg) != -1 &&
      -368 	    prov == 'sjcl') {
      -369 	    try {
      -370 		this.md = new sjcl.hash.sha256();
      -371 	    } catch (ex) {
      -372 		throw "setAlgAndProvider hash alg set fail alg=" + alg + "/" + ex;
      -373 	    }
      -374 	    this.updateString = function(str) {
      -375 		this.md.update(str);
      -376 	    };
      -377 	    this.updateHex = function(hex) {
      -378 		var baHex = sjcl.codec.hex.toBits(hex);
      -379 		this.md.update(baHex);
      -380 	    };
      -381 	    this.digest = function() {
      -382 		var hash = this.md.finalize();
      -383 		return sjcl.codec.hex.fromBits(hash);
      -384 	    };
      -385 	    this.digestString = function(str) {
      -386 		this.updateString(str);
      -387 		return this.digest();
      -388 	    };
      -389 	    this.digestHex = function(hex) {
      -390 		this.updateHex(hex);
      -391 		return this.digest();
      -392 	    };
      -393 	}
      -394     };
      -395 
      -396     /**
      -397      * update digest by specified string
      -398      * @name updateString
      -399      * @memberOf KJUR.crypto.MessageDigest
      -400      * @function
      -401      * @param {String} str string to update
      -402      * @description
      -403      * @example
      -404      * md.updateString('New York');
      -405      */
      -406     this.updateString = function(str) {
      -407 	throw "updateString(str) not supported for this alg/prov: " + this.algName + "/" + this.provName;
      -408     };
      -409 
      -410     /**
      -411      * update digest by specified hexadecimal string
      -412      * @name updateHex
      -413      * @memberOf KJUR.crypto.MessageDigest
      -414      * @function
      -415      * @param {String} hex hexadecimal string to update
      -416      * @description
      -417      * @example
      -418      * md.updateHex('0afe36');
      -419      */
      -420     this.updateHex = function(hex) {
      -421 	throw "updateHex(hex) not supported for this alg/prov: " + this.algName + "/" + this.provName;
      -422     };
      -423 
      -424     /**
      -425      * completes hash calculation and returns hash result
      -426      * @name digest
      -427      * @memberOf KJUR.crypto.MessageDigest
      -428      * @function
      -429      * @description
      -430      * @example
      -431      * md.digest()
      -432      */
      -433     this.digest = function() {
      -434 	throw "digest() not supported for this alg/prov: " + this.algName + "/" + this.provName;
      -435     };
      -436 
      -437     /**
      -438      * performs final update on the digest using string, then completes the digest computation
      -439      * @name digestString
      -440      * @memberOf KJUR.crypto.MessageDigest
      -441      * @function
      -442      * @param {String} str string to final update
      -443      * @description
      -444      * @example
      -445      * md.digestString('aaa')
      -446      */
      -447     this.digestString = function(str) {
      -448 	throw "digestString(str) not supported for this alg/prov: " + this.algName + "/" + this.provName;
      -449     };
      -450 
      -451     /**
      -452      * performs final update on the digest using hexadecimal string, then completes the digest computation
      -453      * @name digestHex
      -454      * @memberOf KJUR.crypto.MessageDigest
      -455      * @function
      -456      * @param {String} hex hexadecimal string to final update
      -457      * @description
      -458      * @example
      -459      * md.digestHex('0f2abd')
      -460      */
      -461     this.digestHex = function(hex) {
      -462 	throw "digestHex(hex) not supported for this alg/prov: " + this.algName + "/" + this.provName;
      -463     };
      -464 
      -465     if (params !== undefined) {
      -466 	if (params['alg'] !== undefined) {
      -467 	    this.algName = params['alg'];
      -468 	    if (params['prov'] === undefined)
      -469 		this.provName = KJUR.crypto.Util.DEFAULTPROVIDER[this.algName];
      -470 	    this.setAlgAndProvider(this.algName, this.provName);
      -471 	}
      -472     }
      -473 };
      -474 
      -475 /**
      -476  * Mac(Message Authentication Code) class which is very similar to java.security.Mac class 
      -477  * @name KJUR.crypto.Mac
      -478  * @class Mac class which is very similar to java.security.Mac class
      -479  * @param {Array} params parameters for constructor
      -480  * @description
      -481  * <br/>
      -482  * Currently this supports following algorithm and providers combination:
      -483  * <ul>
      -484  * <li>hmacmd5 - cryptojs</li>
      -485  * <li>hmacsha1 - cryptojs</li>
      -486  * <li>hmacsha224 - cryptojs</li>
      -487  * <li>hmacsha256 - cryptojs</li>
      -488  * <li>hmacsha384 - cryptojs</li>
      -489  * <li>hmacsha512 - cryptojs</li>
      -490  * </ul>
      -491  * NOTE: HmacSHA224 and HmacSHA384 issue was fixed since jsrsasign 4.1.4.
      -492  * Please use 'ext/cryptojs-312-core-fix*.js' instead of 'core.js' of original CryptoJS
      -493  * to avoid those issue.
      -494  * <br/>
      -495  * NOTE2: Hmac signature bug was fixed in jsrsasign 4.9.0 by providing CryptoJS
      -496  * bug workaround.
      -497  * <br/>
      -498  * Please see {@link KJUR.crypto.Mac.setPassword}, how to provide password
      -499  * in various ways in detail.
      -500  * @example
      -501  * var mac = new KJUR.crypto.Mac({alg: "HmacSHA1", "pass": "pass"});
      -502  * mac.updateString('aaa')
      -503  * var macHex = md.doFinal()
      -504  *
      -505  * // other password representation 
      -506  * var mac = new KJUR.crypto.Mac({alg: "HmacSHA256", "pass": {"hex":  "6161"}});
      -507  * var mac = new KJUR.crypto.Mac({alg: "HmacSHA256", "pass": {"utf8": "aa"}});
      -508  * var mac = new KJUR.crypto.Mac({alg: "HmacSHA256", "pass": {"rstr": "\x61\x61"}});
      -509  * var mac = new KJUR.crypto.Mac({alg: "HmacSHA256", "pass": {"b64":  "Mi02/+...a=="}});
      -510  * var mac = new KJUR.crypto.Mac({alg: "HmacSHA256", "pass": {"b64u": "Mi02_-...a"}});
      -511  */
      -512 KJUR.crypto.Mac = function(params) {
      -513     var mac = null;
      -514     var pass = null;
      -515     var algName = null;
      -516     var provName = null;
      -517     var algProv = null;
      -518 
      -519     this.setAlgAndProvider = function(alg, prov) {
      -520 	alg = alg.toLowerCase();
      -521 
      -522 	if (alg == null) alg = "hmacsha1";
      + 37  * <li>{@link KJUR.crypto.Cipher} - class for encrypting and decrypting data</li>
      + 38  * <li>{@link KJUR.crypto.Util} - cryptographic utility functions and properties</li>
      + 39  * </ul>
      + 40  * NOTE: Please ignore method summary and document of this namespace. This caused by a bug of jsdoc2.
      + 41  * </p>
      + 42  * @name KJUR.crypto
      + 43  * @namespace
      + 44  */
      + 45 if (typeof KJUR.crypto == "undefined" || !KJUR.crypto) KJUR.crypto = {};
      + 46 
      + 47 /**
      + 48  * static object for cryptographic function utilities
      + 49  * @name KJUR.crypto.Util
      + 50  * @class static object for cryptographic function utilities
      + 51  * @property {Array} DIGESTINFOHEAD PKCS#1 DigestInfo heading hexadecimal bytes for each hash algorithms
      + 52  * @property {Array} DEFAULTPROVIDER associative array of default provider name for each hash and signature algorithms
      + 53  * @description
      + 54  */
      + 55 KJUR.crypto.Util = new function() {
      + 56     this.DIGESTINFOHEAD = {
      + 57 	'sha1':      "3021300906052b0e03021a05000414",
      + 58         'sha224':    "302d300d06096086480165030402040500041c",
      + 59 	'sha256':    "3031300d060960864801650304020105000420",
      + 60 	'sha384':    "3041300d060960864801650304020205000430",
      + 61 	'sha512':    "3051300d060960864801650304020305000440",
      + 62 	'md2':       "3020300c06082a864886f70d020205000410",
      + 63 	'md5':       "3020300c06082a864886f70d020505000410",
      + 64 	'ripemd160': "3021300906052b2403020105000414",
      + 65     };
      + 66 
      + 67     /*
      + 68      * @since crypto 1.1.1
      + 69      */
      + 70     this.DEFAULTPROVIDER = {
      + 71 	'md5':			'cryptojs',
      + 72 	'sha1':			'cryptojs',
      + 73 	'sha224':		'cryptojs',
      + 74 	'sha256':		'cryptojs',
      + 75 	'sha384':		'cryptojs',
      + 76 	'sha512':		'cryptojs',
      + 77 	'ripemd160':		'cryptojs',
      + 78 	'hmacmd5':		'cryptojs',
      + 79 	'hmacsha1':		'cryptojs',
      + 80 	'hmacsha224':		'cryptojs',
      + 81 	'hmacsha256':		'cryptojs',
      + 82 	'hmacsha384':		'cryptojs',
      + 83 	'hmacsha512':		'cryptojs',
      + 84 	'hmacripemd160':	'cryptojs',
      + 85 
      + 86 	'MD5withRSA':		'cryptojs/jsrsa',
      + 87 	'SHA1withRSA':		'cryptojs/jsrsa',
      + 88 	'SHA224withRSA':	'cryptojs/jsrsa',
      + 89 	'SHA256withRSA':	'cryptojs/jsrsa',
      + 90 	'SHA384withRSA':	'cryptojs/jsrsa',
      + 91 	'SHA512withRSA':	'cryptojs/jsrsa',
      + 92 	'RIPEMD160withRSA':	'cryptojs/jsrsa',
      + 93 
      + 94 	'MD5withECDSA':		'cryptojs/jsrsa',
      + 95 	'SHA1withECDSA':	'cryptojs/jsrsa',
      + 96 	'SHA224withECDSA':	'cryptojs/jsrsa',
      + 97 	'SHA256withECDSA':	'cryptojs/jsrsa',
      + 98 	'SHA384withECDSA':	'cryptojs/jsrsa',
      + 99 	'SHA512withECDSA':	'cryptojs/jsrsa',
      +100 	'RIPEMD160withECDSA':	'cryptojs/jsrsa',
      +101 
      +102 	'SHA1withDSA':		'cryptojs/jsrsa',
      +103 	'SHA224withDSA':	'cryptojs/jsrsa',
      +104 	'SHA256withDSA':	'cryptojs/jsrsa',
      +105 
      +106 	'MD5withRSAandMGF1':		'cryptojs/jsrsa',
      +107 	'SHA1withRSAandMGF1':		'cryptojs/jsrsa',
      +108 	'SHA224withRSAandMGF1':		'cryptojs/jsrsa',
      +109 	'SHA256withRSAandMGF1':		'cryptojs/jsrsa',
      +110 	'SHA384withRSAandMGF1':		'cryptojs/jsrsa',
      +111 	'SHA512withRSAandMGF1':		'cryptojs/jsrsa',
      +112 	'RIPEMD160withRSAandMGF1':	'cryptojs/jsrsa',
      +113     };
      +114 
      +115     /*
      +116      * @since crypto 1.1.2
      +117      */
      +118     this.CRYPTOJSMESSAGEDIGESTNAME = {
      +119 	'md5':		CryptoJS.algo.MD5,
      +120 	'sha1':		CryptoJS.algo.SHA1,
      +121 	'sha224':	CryptoJS.algo.SHA224,
      +122 	'sha256':	CryptoJS.algo.SHA256,
      +123 	'sha384':	CryptoJS.algo.SHA384,
      +124 	'sha512':	CryptoJS.algo.SHA512,
      +125 	'ripemd160':	CryptoJS.algo.RIPEMD160
      +126     };
      +127 
      +128     /**
      +129      * get hexadecimal DigestInfo
      +130      * @name getDigestInfoHex
      +131      * @memberOf KJUR.crypto.Util
      +132      * @function
      +133      * @param {String} hHash hexadecimal hash value
      +134      * @param {String} alg hash algorithm name (ex. 'sha1')
      +135      * @return {String} hexadecimal string DigestInfo ASN.1 structure
      +136      */
      +137     this.getDigestInfoHex = function(hHash, alg) {
      +138 	if (typeof this.DIGESTINFOHEAD[alg] == "undefined")
      +139 	    throw "alg not supported in Util.DIGESTINFOHEAD: " + alg;
      +140 	return this.DIGESTINFOHEAD[alg] + hHash;
      +141     };
      +142 
      +143     /**
      +144      * get PKCS#1 padded hexadecimal DigestInfo
      +145      * @name getPaddedDigestInfoHex
      +146      * @memberOf KJUR.crypto.Util
      +147      * @function
      +148      * @param {String} hHash hexadecimal hash value of message to be signed
      +149      * @param {String} alg hash algorithm name (ex. 'sha1')
      +150      * @param {Integer} keySize key bit length (ex. 1024)
      +151      * @return {String} hexadecimal string of PKCS#1 padded DigestInfo
      +152      */
      +153     this.getPaddedDigestInfoHex = function(hHash, alg, keySize) {
      +154 	var hDigestInfo = this.getDigestInfoHex(hHash, alg);
      +155 	var pmStrLen = keySize / 4; // minimum PM length
      +156 
      +157 	if (hDigestInfo.length + 22 > pmStrLen) // len(0001+ff(*8)+00+hDigestInfo)=22
      +158 	    throw "key is too short for SigAlg: keylen=" + keySize + "," + alg;
      +159 
      +160 	var hHead = "0001";
      +161 	var hTail = "00" + hDigestInfo;
      +162 	var hMid = "";
      +163 	var fLen = pmStrLen - hHead.length - hTail.length;
      +164 	for (var i = 0; i < fLen; i += 2) {
      +165 	    hMid += "ff";
      +166 	}
      +167 	var hPaddedMessage = hHead + hMid + hTail;
      +168 	return hPaddedMessage;
      +169     };
      +170 
      +171     /**
      +172      * get hexadecimal hash of string with specified algorithm
      +173      * @name hashString
      +174      * @memberOf KJUR.crypto.Util
      +175      * @function
      +176      * @param {String} s input string to be hashed
      +177      * @param {String} alg hash algorithm name
      +178      * @return {String} hexadecimal string of hash value
      +179      * @since 1.1.1
      +180      */
      +181     this.hashString = function(s, alg) {
      +182         var md = new KJUR.crypto.MessageDigest({'alg': alg});
      +183         return md.digestString(s);
      +184     };
      +185 
      +186     /**
      +187      * get hexadecimal hash of hexadecimal string with specified algorithm
      +188      * @name hashHex
      +189      * @memberOf KJUR.crypto.Util
      +190      * @function
      +191      * @param {String} sHex input hexadecimal string to be hashed
      +192      * @param {String} alg hash algorithm name
      +193      * @return {String} hexadecimal string of hash value
      +194      * @since 1.1.1
      +195      */
      +196     this.hashHex = function(sHex, alg) {
      +197         var md = new KJUR.crypto.MessageDigest({'alg': alg});
      +198         return md.digestHex(sHex);
      +199     };
      +200 
      +201     /**
      +202      * get hexadecimal SHA1 hash of string
      +203      * @name sha1
      +204      * @memberOf KJUR.crypto.Util
      +205      * @function
      +206      * @param {String} s input string to be hashed
      +207      * @return {String} hexadecimal string of hash value
      +208      * @since 1.0.3
      +209      */
      +210     this.sha1 = function(s) {
      +211         var md = new KJUR.crypto.MessageDigest({'alg':'sha1', 'prov':'cryptojs'});
      +212         return md.digestString(s);
      +213     };
      +214 
      +215     /**
      +216      * get hexadecimal SHA256 hash of string
      +217      * @name sha256
      +218      * @memberOf KJUR.crypto.Util
      +219      * @function
      +220      * @param {String} s input string to be hashed
      +221      * @return {String} hexadecimal string of hash value
      +222      * @since 1.0.3
      +223      */
      +224     this.sha256 = function(s) {
      +225         var md = new KJUR.crypto.MessageDigest({'alg':'sha256', 'prov':'cryptojs'});
      +226         return md.digestString(s);
      +227     };
      +228 
      +229     this.sha256Hex = function(s) {
      +230         var md = new KJUR.crypto.MessageDigest({'alg':'sha256', 'prov':'cryptojs'});
      +231         return md.digestHex(s);
      +232     };
      +233 
      +234     /**
      +235      * get hexadecimal SHA512 hash of string
      +236      * @name sha512
      +237      * @memberOf KJUR.crypto.Util
      +238      * @function
      +239      * @param {String} s input string to be hashed
      +240      * @return {String} hexadecimal string of hash value
      +241      * @since 1.0.3
      +242      */
      +243     this.sha512 = function(s) {
      +244         var md = new KJUR.crypto.MessageDigest({'alg':'sha512', 'prov':'cryptojs'});
      +245         return md.digestString(s);
      +246     };
      +247 
      +248     this.sha512Hex = function(s) {
      +249         var md = new KJUR.crypto.MessageDigest({'alg':'sha512', 'prov':'cryptojs'});
      +250         return md.digestHex(s);
      +251     };
      +252 
      +253     /**
      +254      * get hexadecimal MD5 hash of string
      +255      * @name md5
      +256      * @memberOf KJUR.crypto.Util
      +257      * @function
      +258      * @param {String} s input string to be hashed
      +259      * @return {String} hexadecimal string of hash value
      +260      * @since 1.0.3
      +261      */
      +262     this.md5 = function(s) {
      +263         var md = new KJUR.crypto.MessageDigest({'alg':'md5', 'prov':'cryptojs'});
      +264         return md.digestString(s);
      +265     };
      +266 
      +267     /**
      +268      * get hexadecimal RIPEMD160 hash of string
      +269      * @name ripemd160
      +270      * @memberOf KJUR.crypto.Util
      +271      * @function
      +272      * @param {String} s input string to be hashed
      +273      * @return {String} hexadecimal string of hash value
      +274      * @since 1.0.3
      +275      */
      +276     this.ripemd160 = function(s) {
      +277         var md = new KJUR.crypto.MessageDigest({'alg':'ripemd160', 'prov':'cryptojs'});
      +278         return md.digestString(s);
      +279     };
      +280 
      +281     /*
      +282      * @since 1.1.2
      +283      */
      +284     this.getCryptoJSMDByName = function(s) {
      +285 	
      +286     };
      +287 };
      +288 
      +289 // === Mac ===============================================================
      +290 
      +291 /**
      +292  * MessageDigest class which is very similar to java.security.MessageDigest class<br/>
      +293  * @name KJUR.crypto.MessageDigest
      +294  * @class MessageDigest class which is very similar to java.security.MessageDigest class
      +295  * @param {Array} params parameters for constructor
      +296  * @property {Array} HASHLENGTH static Array of resulted byte length of hash (ex. HASHLENGTH["sha1"] == 20)
      +297  * @description
      +298  * <br/>
      +299  * Currently this supports following algorithm and providers combination:
      +300  * <ul>
      +301  * <li>md5 - cryptojs</li>
      +302  * <li>sha1 - cryptojs</li>
      +303  * <li>sha224 - cryptojs</li>
      +304  * <li>sha256 - cryptojs</li>
      +305  * <li>sha384 - cryptojs</li>
      +306  * <li>sha512 - cryptojs</li>
      +307  * <li>ripemd160 - cryptojs</li>
      +308  * <li>sha256 - sjcl (NEW from crypto.js 1.0.4)</li>
      +309  * </ul>
      +310  * @example
      +311  * // CryptoJS provider sample
      +312  * var md = new KJUR.crypto.MessageDigest({alg: "sha1", prov: "cryptojs"});
      +313  * md.updateString('aaa')
      +314  * var mdHex = md.digest()
      +315  *
      +316  * // SJCL(Stanford JavaScript Crypto Library) provider sample
      +317  * var md = new KJUR.crypto.MessageDigest({alg: "sha256", prov: "sjcl"}); // sjcl supports sha256 only
      +318  * md.updateString('aaa')
      +319  * var mdHex = md.digest()
      +320  *
      +321  * // HASHLENGTH property
      +322  * KJUR.crypto.MessageDigest.HASHLENGTH['sha1'] &rarr 20
      +323  * KJUR.crypto.MessageDigest.HASHLENGTH['sha512'] &rarr 64
      +324  */
      +325 KJUR.crypto.MessageDigest = function(params) {
      +326     var md = null;
      +327     var algName = null;
      +328     var provName = null;
      +329 
      +330     /**
      +331      * set hash algorithm and provider<br/>
      +332      * @name setAlgAndProvider
      +333      * @memberOf KJUR.crypto.MessageDigest#
      +334      * @function
      +335      * @param {String} alg hash algorithm name
      +336      * @param {String} prov provider name
      +337      * @description
      +338      * This methods set an algorithm and a cryptographic provider.<br/>
      +339      * Here is acceptable algorithm names ignoring cases and hyphens:
      +340      * <ul>
      +341      * <li>MD5</li>
      +342      * <li>SHA1</li>
      +343      * <li>SHA224</li>
      +344      * <li>SHA256</li>
      +345      * <li>SHA384</li>
      +346      * <li>SHA512</li>
      +347      * <li>RIPEMD160</li>
      +348      * </ul>
      +349      * NOTE: Since jsrsasign 6.2.0 crypto 1.1.10, this method ignores
      +350      * upper or lower cases. Also any hyphens (i.e. "-") will be ignored
      +351      * so that "SHA1" or "SHA-1" will be acceptable.
      +352      * @example
      +353      * // for SHA1
      +354      * md.setAlgAndProvider('sha1', 'cryptojs');
      +355      * md.setAlgAndProvider('SHA1');
      +356      * // for RIPEMD160
      +357      * md.setAlgAndProvider('ripemd160', 'cryptojs');
      +358      */
      +359     this.setAlgAndProvider = function(alg, prov) {
      +360 	alg = KJUR.crypto.MessageDigest.getCanonicalAlgName(alg);
      +361 
      +362 	if (alg !== null && prov === undefined) prov = KJUR.crypto.Util.DEFAULTPROVIDER[alg];
      +363 
      +364 	// for cryptojs
      +365 	if (':md5:sha1:sha224:sha256:sha384:sha512:ripemd160:'.indexOf(alg) != -1 &&
      +366 	    prov == 'cryptojs') {
      +367 	    try {
      +368 		this.md = KJUR.crypto.Util.CRYPTOJSMESSAGEDIGESTNAME[alg].create();
      +369 	    } catch (ex) {
      +370 		throw "setAlgAndProvider hash alg set fail alg=" + alg + "/" + ex;
      +371 	    }
      +372 	    this.updateString = function(str) {
      +373 		this.md.update(str);
      +374 	    };
      +375 	    this.updateHex = function(hex) {
      +376 		var wHex = CryptoJS.enc.Hex.parse(hex);
      +377 		this.md.update(wHex);
      +378 	    };
      +379 	    this.digest = function() {
      +380 		var hash = this.md.finalize();
      +381 		return hash.toString(CryptoJS.enc.Hex);
      +382 	    };
      +383 	    this.digestString = function(str) {
      +384 		this.updateString(str);
      +385 		return this.digest();
      +386 	    };
      +387 	    this.digestHex = function(hex) {
      +388 		this.updateHex(hex);
      +389 		return this.digest();
      +390 	    };
      +391 	}
      +392 	if (':sha256:'.indexOf(alg) != -1 &&
      +393 	    prov == 'sjcl') {
      +394 	    try {
      +395 		this.md = new sjcl.hash.sha256();
      +396 	    } catch (ex) {
      +397 		throw "setAlgAndProvider hash alg set fail alg=" + alg + "/" + ex;
      +398 	    }
      +399 	    this.updateString = function(str) {
      +400 		this.md.update(str);
      +401 	    };
      +402 	    this.updateHex = function(hex) {
      +403 		var baHex = sjcl.codec.hex.toBits(hex);
      +404 		this.md.update(baHex);
      +405 	    };
      +406 	    this.digest = function() {
      +407 		var hash = this.md.finalize();
      +408 		return sjcl.codec.hex.fromBits(hash);
      +409 	    };
      +410 	    this.digestString = function(str) {
      +411 		this.updateString(str);
      +412 		return this.digest();
      +413 	    };
      +414 	    this.digestHex = function(hex) {
      +415 		this.updateHex(hex);
      +416 		return this.digest();
      +417 	    };
      +418 	}
      +419     };
      +420 
      +421     /**
      +422      * update digest by specified string
      +423      * @name updateString
      +424      * @memberOf KJUR.crypto.MessageDigest#
      +425      * @function
      +426      * @param {String} str string to update
      +427      * @description
      +428      * @example
      +429      * md.updateString('New York');
      +430      */
      +431     this.updateString = function(str) {
      +432 	throw "updateString(str) not supported for this alg/prov: " + this.algName + "/" + this.provName;
      +433     };
      +434 
      +435     /**
      +436      * update digest by specified hexadecimal string
      +437      * @name updateHex
      +438      * @memberOf KJUR.crypto.MessageDigest#
      +439      * @function
      +440      * @param {String} hex hexadecimal string to update
      +441      * @description
      +442      * @example
      +443      * md.updateHex('0afe36');
      +444      */
      +445     this.updateHex = function(hex) {
      +446 	throw "updateHex(hex) not supported for this alg/prov: " + this.algName + "/" + this.provName;
      +447     };
      +448 
      +449     /**
      +450      * completes hash calculation and returns hash result
      +451      * @name digest
      +452      * @memberOf KJUR.crypto.MessageDigest#
      +453      * @function
      +454      * @description
      +455      * @example
      +456      * md.digest()
      +457      */
      +458     this.digest = function() {
      +459 	throw "digest() not supported for this alg/prov: " + this.algName + "/" + this.provName;
      +460     };
      +461 
      +462     /**
      +463      * performs final update on the digest using string, then completes the digest computation
      +464      * @name digestString
      +465      * @memberOf KJUR.crypto.MessageDigest#
      +466      * @function
      +467      * @param {String} str string to final update
      +468      * @description
      +469      * @example
      +470      * md.digestString('aaa')
      +471      */
      +472     this.digestString = function(str) {
      +473 	throw "digestString(str) not supported for this alg/prov: " + this.algName + "/" + this.provName;
      +474     };
      +475 
      +476     /**
      +477      * performs final update on the digest using hexadecimal string, then completes the digest computation
      +478      * @name digestHex
      +479      * @memberOf KJUR.crypto.MessageDigest#
      +480      * @function
      +481      * @param {String} hex hexadecimal string to final update
      +482      * @description
      +483      * @example
      +484      * md.digestHex('0f2abd')
      +485      */
      +486     this.digestHex = function(hex) {
      +487 	throw "digestHex(hex) not supported for this alg/prov: " + this.algName + "/" + this.provName;
      +488     };
      +489 
      +490     if (params !== undefined) {
      +491 	if (params['alg'] !== undefined) {
      +492 	    this.algName = params['alg'];
      +493 	    if (params['prov'] === undefined)
      +494 		this.provName = KJUR.crypto.Util.DEFAULTPROVIDER[this.algName];
      +495 	    this.setAlgAndProvider(this.algName, this.provName);
      +496 	}
      +497     }
      +498 };
      +499 
      +500 /**
      +501  * get canonical hash algorithm name<br/>
      +502  * @name getCanonicalAlgName
      +503  * @memberOf KJUR.crypto.MessageDigest
      +504  * @function
      +505  * @param {String} alg hash algorithm name (ex. MD5, SHA-1, SHA1, SHA512 et.al.)
      +506  * @return {String} canonical hash algorithm name
      +507  * @since jsrsasign 6.2.0 crypto 1.1.10
      +508  * @description
      +509  * This static method normalizes from any hash algorithm name such as
      +510  * "SHA-1", "SHA1", "MD5", "sha512" to lower case name without hyphens
      +511  * such as "sha1".
      +512  * @example
      +513  * KJUR.crypto.MessageDigest.getCanonicalAlgName("SHA-1") &rarr "sha1"
      +514  * KJUR.crypto.MessageDigest.getCanonicalAlgName("MD5")   &rarr "md5"
      +515  */
      +516 KJUR.crypto.MessageDigest.getCanonicalAlgName = function(alg) {
      +517     if (typeof alg === "string") {
      +518 	alg = alg.toLowerCase();
      +519 	alg = alg.replace(/-/, '');
      +520     }
      +521     return alg;
      +522 };
       523 
      -524 	alg = alg.toLowerCase();
      -525         if (alg.substr(0, 4) != "hmac") {
      -526 	    throw "setAlgAndProvider unsupported HMAC alg: " + alg;
      -527 	}
      -528 
      -529 	if (prov === undefined) prov = KJUR.crypto.Util.DEFAULTPROVIDER[alg];
      -530 	this.algProv = alg + "/" + prov;
      -531 
      -532 	var hashAlg = alg.substr(4);
      -533 
      -534 	// for cryptojs
      -535 	if (':md5:sha1:sha224:sha256:sha384:sha512:ripemd160:'.indexOf(hashAlg) != -1 &&
      -536 	    prov == 'cryptojs') {
      -537 	    try {
      -538 		var mdObj = KJUR.crypto.Util.CRYPTOJSMESSAGEDIGESTNAME[hashAlg];
      -539 		this.mac = CryptoJS.algo.HMAC.create(mdObj, this.pass);
      -540 	    } catch (ex) {
      -541 		throw "setAlgAndProvider hash alg set fail hashAlg=" + hashAlg + "/" + ex;
      -542 	    }
      -543 	    this.updateString = function(str) {
      -544 		this.mac.update(str);
      -545 	    };
      -546 	    this.updateHex = function(hex) {
      -547 		var wHex = CryptoJS.enc.Hex.parse(hex);
      -548 		this.mac.update(wHex);
      -549 	    };
      -550 	    this.doFinal = function() {
      -551 		var hash = this.mac.finalize();
      -552 		return hash.toString(CryptoJS.enc.Hex);
      -553 	    };
      -554 	    this.doFinalString = function(str) {
      -555 		this.updateString(str);
      -556 		return this.doFinal();
      -557 	    };
      -558 	    this.doFinalHex = function(hex) {
      -559 		this.updateHex(hex);
      -560 		return this.doFinal();
      -561 	    };
      -562 	}
      -563     };
      -564 
      -565     /**
      -566      * update digest by specified string
      -567      * @name updateString
      -568      * @memberOf KJUR.crypto.Mac
      -569      * @function
      -570      * @param {String} str string to update
      -571      * @description
      -572      * @example
      -573      * md.updateString('New York');
      -574      */
      -575     this.updateString = function(str) {
      -576 	throw "updateString(str) not supported for this alg/prov: " + this.algProv;
      -577     };
      -578 
      -579     /**
      -580      * update digest by specified hexadecimal string
      -581      * @name updateHex
      -582      * @memberOf KJUR.crypto.Mac
      -583      * @function
      -584      * @param {String} hex hexadecimal string to update
      -585      * @description
      -586      * @example
      -587      * md.updateHex('0afe36');
      -588      */
      -589     this.updateHex = function(hex) {
      -590 	throw "updateHex(hex) not supported for this alg/prov: " + this.algProv;
      -591     };
      -592 
      -593     /**
      -594      * completes hash calculation and returns hash result
      -595      * @name doFinal
      -596      * @memberOf KJUR.crypto.Mac
      -597      * @function
      -598      * @description
      -599      * @example
      -600      * md.digest()
      -601      */
      -602     this.doFinal = function() {
      -603 	throw "digest() not supported for this alg/prov: " + this.algProv;
      -604     };
      +524 /**
      +525  * get resulted hash byte length for specified algorithm name<br/>
      +526  * @name getHashLength
      +527  * @memberOf KJUR.crypto.MessageDigest
      +528  * @function
      +529  * @param {String} alg non-canonicalized hash algorithm name (ex. MD5, SHA-1, SHA1, SHA512 et.al.)
      +530  * @return {Integer} resulted hash byte length
      +531  * @since jsrsasign 6.2.0 crypto 1.1.10
      +532  * @description
      +533  * This static method returns resulted byte length for specified algorithm name such as "SHA-1".
      +534  * @example
      +535  * KJUR.crypto.MessageDigest.getHashLength("SHA-1") &rarr 20
      +536  * KJUR.crypto.MessageDigest.getHashLength("sha1") &rarr 20
      +537  */
      +538 KJUR.crypto.MessageDigest.getHashLength = function(alg) {
      +539     var MD = KJUR.crypto.MessageDigest
      +540     var alg2 = MD.getCanonicalAlgName(alg);
      +541     if (MD.HASHLENGTH[alg2] === undefined)
      +542 	throw "not supported algorithm: " + alg;
      +543     return MD.HASHLENGTH[alg2];
      +544 };
      +545 
      +546 // described in KJUR.crypto.MessageDigest class (since jsrsasign 6.2.0 crypto 1.1.10)
      +547 KJUR.crypto.MessageDigest.HASHLENGTH = {
      +548     'md5':		16,
      +549     'sha1':		20,
      +550     'sha224':		28,
      +551     'sha256':		32,
      +552     'sha384':		48,
      +553     'sha512':		64,
      +554     'ripemd160':	20
      +555 };
      +556 
      +557 // === Mac ===============================================================
      +558 
      +559 /**
      +560  * Mac(Message Authentication Code) class which is very similar to java.security.Mac class 
      +561  * @name KJUR.crypto.Mac
      +562  * @class Mac class which is very similar to java.security.Mac class
      +563  * @param {Array} params parameters for constructor
      +564  * @description
      +565  * <br/>
      +566  * Currently this supports following algorithm and providers combination:
      +567  * <ul>
      +568  * <li>hmacmd5 - cryptojs</li>
      +569  * <li>hmacsha1 - cryptojs</li>
      +570  * <li>hmacsha224 - cryptojs</li>
      +571  * <li>hmacsha256 - cryptojs</li>
      +572  * <li>hmacsha384 - cryptojs</li>
      +573  * <li>hmacsha512 - cryptojs</li>
      +574  * </ul>
      +575  * NOTE: HmacSHA224 and HmacSHA384 issue was fixed since jsrsasign 4.1.4.
      +576  * Please use 'ext/cryptojs-312-core-fix*.js' instead of 'core.js' of original CryptoJS
      +577  * to avoid those issue.
      +578  * <br/>
      +579  * NOTE2: Hmac signature bug was fixed in jsrsasign 4.9.0 by providing CryptoJS
      +580  * bug workaround.
      +581  * <br/>
      +582  * Please see {@link KJUR.crypto.Mac.setPassword}, how to provide password
      +583  * in various ways in detail.
      +584  * @example
      +585  * var mac = new KJUR.crypto.Mac({alg: "HmacSHA1", "pass": "pass"});
      +586  * mac.updateString('aaa')
      +587  * var macHex = md.doFinal()
      +588  *
      +589  * // other password representation 
      +590  * var mac = new KJUR.crypto.Mac({alg: "HmacSHA256", "pass": {"hex":  "6161"}});
      +591  * var mac = new KJUR.crypto.Mac({alg: "HmacSHA256", "pass": {"utf8": "aa"}});
      +592  * var mac = new KJUR.crypto.Mac({alg: "HmacSHA256", "pass": {"rstr": "\x61\x61"}});
      +593  * var mac = new KJUR.crypto.Mac({alg: "HmacSHA256", "pass": {"b64":  "Mi02/+...a=="}});
      +594  * var mac = new KJUR.crypto.Mac({alg: "HmacSHA256", "pass": {"b64u": "Mi02_-...a"}});
      +595  */
      +596 KJUR.crypto.Mac = function(params) {
      +597     var mac = null;
      +598     var pass = null;
      +599     var algName = null;
      +600     var provName = null;
      +601     var algProv = null;
      +602 
      +603     this.setAlgAndProvider = function(alg, prov) {
      +604 	alg = alg.toLowerCase();
       605 
      -606     /**
      -607      * performs final update on the digest using string, then completes the digest computation
      -608      * @name doFinalString
      -609      * @memberOf KJUR.crypto.Mac
      -610      * @function
      -611      * @param {String} str string to final update
      -612      * @description
      -613      * @example
      -614      * md.digestString('aaa')
      -615      */
      -616     this.doFinalString = function(str) {
      -617 	throw "digestString(str) not supported for this alg/prov: " + this.algProv;
      -618     };
      -619 
      -620     /**
      -621      * performs final update on the digest using hexadecimal string, 
      -622      * then completes the digest computation
      -623      * @name doFinalHex
      -624      * @memberOf KJUR.crypto.Mac
      -625      * @function
      -626      * @param {String} hex hexadecimal string to final update
      -627      * @description
      -628      * @example
      -629      * md.digestHex('0f2abd')
      -630      */
      -631     this.doFinalHex = function(hex) {
      -632 	throw "digestHex(hex) not supported for this alg/prov: " + this.algProv;
      -633     };
      -634 
      -635     /**
      -636      * set password for Mac
      -637      * @name setPassword
      -638      * @memberOf KJUR.crypto.Mac
      -639      * @function
      -640      * @param {Object} pass password for Mac
      -641      * @since crypto 1.1.7 jsrsasign 4.9.0
      -642      * @description
      -643      * This method will set password for (H)Mac internally.
      -644      * Argument 'pass' can be specified as following:
      -645      * <ul>
      -646      * <li>even length string of 0..9, a..f or A-F: implicitly specified as hexadecimal string</li>
      -647      * <li>not above string: implicitly specified as raw string</li>
      -648      * <li>{rstr: "\x65\x70"}: explicitly specified as raw string</li>
      -649      * <li>{hex: "6570"}: explicitly specified as hexacedimal string</li>
      -650      * <li>{utf8: "秘密"}: explicitly specified as UTF8 string</li>
      -651      * <li>{b64: "Mi78..=="}: explicitly specified as Base64 string</li>
      -652      * <li>{b64u: "Mi7-_"}: explicitly specified as Base64URL string</li>
      -653      * </ul>
      -654      * It is *STRONGLY RECOMMENDED* that explicit representation of password argument
      -655      * to avoid ambiguity. For example string  "6161" can mean a string "6161" or 
      -656      * a hexadecimal string of "aa" (i.e. \x61\x61).
      -657      * @example
      -658      * mac = KJUR.crypto.Mac({'alg': 'hmacsha256'});
      -659      * // set password by implicit raw string
      -660      * mac.setPassword("\x65\x70\xb9\x0b");
      -661      * mac.setPassword("password");
      -662      * // set password by implicit hexadecimal string
      -663      * mac.setPassword("6570b90b");
      -664      * mac.setPassword("6570B90B");
      -665      * // set password by explicit raw string
      -666      * mac.setPassword({"rstr": "\x65\x70\xb9\x0b"});
      -667      * // set password by explicit hexadecimal string
      -668      * mac.setPassword({"hex": "6570b90b"});
      -669      * // set password by explicit utf8 string
      -670      * mac.setPassword({"utf8": "passwordパスワード");
      -671      * // set password by explicit Base64 string
      -672      * mac.setPassword({"b64": "Mb+c3f/=="});
      -673      * // set password by explicit Base64URL string
      -674      * mac.setPassword({"b64u": "Mb-c3f_"});
      -675      */
      -676     this.setPassword = function(pass) {
      -677 	// internal this.pass shall be CryptoJS DWord Object for CryptoJS bug
      -678 	// work around. CrytoJS HMac password can be passed by
      -679 	// raw string as described in the manual however it doesn't
      -680 	// work properly in some case. If password was passed
      -681 	// by CryptoJS DWord which is not described in the manual
      -682 	// it seems to work. (fixed since crypto 1.1.7)
      -683 
      -684 	if (typeof pass == 'string') {
      -685 	    var hPass = pass;
      -686 	    if (pass.length % 2 == 1 || ! pass.match(/^[0-9A-Fa-f]+$/)) { // raw str
      -687 		hPass = rstrtohex(pass);
      -688 	    }
      -689 	    this.pass = CryptoJS.enc.Hex.parse(hPass);
      -690 	    return;
      -691 	}
      -692 
      -693 	if (typeof pass != 'object')
      -694 	    throw "KJUR.crypto.Mac unsupported password type: " + pass;
      -695 	
      -696 	var hPass = null;
      -697 	if (pass.hex  !== undefined) {
      -698 	    if (pass.hex.length % 2 != 0 || ! pass.hex.match(/^[0-9A-Fa-f]+$/))
      -699 		throw "Mac: wrong hex password: " + pass.hex;
      -700 	    hPass = pass.hex;
      -701 	}
      -702 	if (pass.utf8 !== undefined) hPass = utf8tohex(pass.utf8);
      -703 	if (pass.rstr !== undefined) hPass = rstrtohex(pass.rstr);
      -704 	if (pass.b64  !== undefined) hPass = b64tohex(pass.b64);
      -705 	if (pass.b64u !== undefined) hPass = b64utohex(pass.b64u);
      -706 
      -707 	if (hPass == null)
      -708 	    throw "KJUR.crypto.Mac unsupported password type: " + pass;
      -709 
      -710 	this.pass = CryptoJS.enc.Hex.parse(hPass);
      -711     };
      -712 
      -713     if (params !== undefined) {
      -714 	if (params.pass !== undefined) {
      -715 	    this.setPassword(params.pass);
      -716 	}
      -717 	if (params.alg !== undefined) {
      -718 	    this.algName = params.alg;
      -719 	    if (params['prov'] === undefined)
      -720 		this.provName = KJUR.crypto.Util.DEFAULTPROVIDER[this.algName];
      -721 	    this.setAlgAndProvider(this.algName, this.provName);
      -722 	}
      -723     }
      -724 };
      -725 
      -726 /**
      -727  * Signature class which is very similar to java.security.Signature class
      -728  * @name KJUR.crypto.Signature
      -729  * @class Signature class which is very similar to java.security.Signature class
      -730  * @param {Array} params parameters for constructor
      -731  * @property {String} state Current state of this signature object whether 'SIGN', 'VERIFY' or null
      -732  * @description
      -733  * <br/>
      -734  * As for params of constructor's argument, it can be specify following attributes:
      -735  * <ul>
      -736  * <li>alg - signature algorithm name (ex. {MD5,SHA1,SHA224,SHA256,SHA384,SHA512,RIPEMD160}with{RSA,ECDSA,DSA})</li>
      -737  * <li>provider - currently 'cryptojs/jsrsa' only</li>
      -738  * </ul>
      -739  * <h4>SUPPORTED ALGORITHMS AND PROVIDERS</h4>
      -740  * This Signature class supports following signature algorithm and provider names:
      -741  * <ul>
      -742  * <li>MD5withRSA - cryptojs/jsrsa</li>
      -743  * <li>SHA1withRSA - cryptojs/jsrsa</li>
      -744  * <li>SHA224withRSA - cryptojs/jsrsa</li>
      -745  * <li>SHA256withRSA - cryptojs/jsrsa</li>
      -746  * <li>SHA384withRSA - cryptojs/jsrsa</li>
      -747  * <li>SHA512withRSA - cryptojs/jsrsa</li>
      -748  * <li>RIPEMD160withRSA - cryptojs/jsrsa</li>
      -749  * <li>MD5withECDSA - cryptojs/jsrsa</li>
      -750  * <li>SHA1withECDSA - cryptojs/jsrsa</li>
      -751  * <li>SHA224withECDSA - cryptojs/jsrsa</li>
      -752  * <li>SHA256withECDSA - cryptojs/jsrsa</li>
      -753  * <li>SHA384withECDSA - cryptojs/jsrsa</li>
      -754  * <li>SHA512withECDSA - cryptojs/jsrsa</li>
      -755  * <li>RIPEMD160withECDSA - cryptojs/jsrsa</li>
      -756  * <li>MD5withRSAandMGF1 - cryptojs/jsrsa</li>
      -757  * <li>SHA1withRSAandMGF1 - cryptojs/jsrsa</li>
      -758  * <li>SHA224withRSAandMGF1 - cryptojs/jsrsa</li>
      -759  * <li>SHA256withRSAandMGF1 - cryptojs/jsrsa</li>
      -760  * <li>SHA384withRSAandMGF1 - cryptojs/jsrsa</li>
      -761  * <li>SHA512withRSAandMGF1 - cryptojs/jsrsa</li>
      -762  * <li>RIPEMD160withRSAandMGF1 - cryptojs/jsrsa</li>
      -763  * <li>SHA1withDSA - cryptojs/jsrsa</li>
      -764  * <li>SHA224withDSA - cryptojs/jsrsa</li>
      -765  * <li>SHA256withDSA - cryptojs/jsrsa</li>
      -766  * </ul>
      -767  * Here are supported elliptic cryptographic curve names and their aliases for ECDSA:
      -768  * <ul>
      -769  * <li>secp256k1</li>
      -770  * <li>secp256r1, NIST P-256, P-256, prime256v1</li>
      -771  * <li>secp384r1, NIST P-384, P-384</li>
      -772  * </ul>
      -773  * NOTE1: DSA signing algorithm is also supported since crypto 1.1.5.
      -774  * <h4>EXAMPLES</h4>
      -775  * @example
      -776  * // RSA signature generation
      -777  * var sig = new KJUR.crypto.Signature({"alg": "SHA1withRSA"});
      -778  * sig.init(prvKeyPEM);
      -779  * sig.updateString('aaa');
      -780  * var hSigVal = sig.sign();
      -781  *
      -782  * // DSA signature validation
      -783  * var sig2 = new KJUR.crypto.Signature({"alg": "SHA1withDSA"});
      -784  * sig2.init(certPEM);
      -785  * sig.updateString('aaa');
      -786  * var isValid = sig2.verify(hSigVal);
      -787  * 
      -788  * // ECDSA signing
      -789  * var sig = new KJUR.crypto.Signature({'alg':'SHA1withECDSA'});
      -790  * sig.init(prvKeyPEM);
      -791  * sig.updateString('aaa');
      -792  * var sigValueHex = sig.sign();
      -793  *
      -794  * // ECDSA verifying
      -795  * var sig2 = new KJUR.crypto.Signature({'alg':'SHA1withECDSA'});
      -796  * sig.init(certPEM);
      -797  * sig.updateString('aaa');
      -798  * var isValid = sig.verify(sigValueHex);
      -799  */
      -800 KJUR.crypto.Signature = function(params) {
      -801     var prvKey = null; // RSAKey/KJUR.crypto.{ECDSA,DSA} object for signing
      -802     var pubKey = null; // RSAKey/KJUR.crypto.{ECDSA,DSA} object for verifying
      -803 
      -804     var md = null; // KJUR.crypto.MessageDigest object
      -805     var sig = null;
      -806     var algName = null;
      -807     var provName = null;
      -808     var algProvName = null;
      -809     var mdAlgName = null;
      -810     var pubkeyAlgName = null;	// rsa,ecdsa,rsaandmgf1(=rsapss)
      -811     var state = null;
      -812     var pssSaltLen = -1;
      -813     var initParams = null;
      -814 
      -815     var sHashHex = null; // hex hash value for hex
      -816     var hDigestInfo = null;
      -817     var hPaddedDigestInfo = null;
      -818     var hSign = null;
      -819 
      -820     this._setAlgNames = function() {
      -821     var matchResult = this.algName.match(/^(.+)with(.+)$/);
      -822 	if (matchResult) {
      -823 	    this.mdAlgName = matchResult[1].toLowerCase();
      -824 	    this.pubkeyAlgName = matchResult[2].toLowerCase();
      -825 	}
      -826     };
      -827 
      -828     this._zeroPaddingOfSignature = function(hex, bitLength) {
      -829 	var s = "";
      -830 	var nZero = bitLength / 4 - hex.length;
      -831 	for (var i = 0; i < nZero; i++) {
      -832 	    s = s + "0";
      -833 	}
      -834 	return s + hex;
      -835     };
      -836 
      -837     /**
      -838      * set signature algorithm and provider
      -839      * @name setAlgAndProvider
      -840      * @memberOf KJUR.crypto.Signature
      -841      * @function
      -842      * @param {String} alg signature algorithm name
      -843      * @param {String} prov provider name
      -844      * @description
      -845      * @example
      -846      * md.setAlgAndProvider('SHA1withRSA', 'cryptojs/jsrsa');
      -847      */
      -848     this.setAlgAndProvider = function(alg, prov) {
      -849 	this._setAlgNames();
      -850 	if (prov != 'cryptojs/jsrsa')
      -851 	    throw "provider not supported: " + prov;
      -852 
      -853 	if (':md5:sha1:sha224:sha256:sha384:sha512:ripemd160:'.indexOf(this.mdAlgName) != -1) {
      -854 	    try {
      -855 		this.md = new KJUR.crypto.MessageDigest({'alg':this.mdAlgName});
      -856 	    } catch (ex) {
      -857 		throw "setAlgAndProvider hash alg set fail alg=" +
      -858                       this.mdAlgName + "/" + ex;
      -859 	    }
      -860 
      -861 	    this.init = function(keyparam, pass) {
      -862 		var keyObj = null;
      -863 		try {
      -864 		    if (pass === undefined) {
      -865 			keyObj = KEYUTIL.getKey(keyparam);
      -866 		    } else {
      -867 			keyObj = KEYUTIL.getKey(keyparam, pass);
      -868 		    }
      -869 		} catch (ex) {
      -870 		    throw "init failed:" + ex;
      -871 		}
      -872 
      -873 		if (keyObj.isPrivate === true) {
      -874 		    this.prvKey = keyObj;
      -875 		    this.state = "SIGN";
      -876 		} else if (keyObj.isPublic === true) {
      -877 		    this.pubKey = keyObj;
      -878 		    this.state = "VERIFY";
      -879 		} else {
      -880 		    throw "init failed.:" + keyObj;
      -881 		}
      -882 	    };
      -883 
      -884 	    this.initSign = function(params) {
      -885 		if (typeof params['ecprvhex'] == 'string' &&
      -886                     typeof params['eccurvename'] == 'string') {
      -887 		    this.ecprvhex = params['ecprvhex'];
      -888 		    this.eccurvename = params['eccurvename'];
      -889 		} else {
      -890 		    this.prvKey = params;
      -891 		}
      -892 		this.state = "SIGN";
      -893 	    };
      -894 
      -895 	    this.initVerifyByPublicKey = function(params) {
      -896 		if (typeof params['ecpubhex'] == 'string' &&
      -897 		    typeof params['eccurvename'] == 'string') {
      -898 		    this.ecpubhex = params['ecpubhex'];
      -899 		    this.eccurvename = params['eccurvename'];
      -900 		} else if (params instanceof KJUR.crypto.ECDSA) {
      -901 		    this.pubKey = params;
      -902 		} else if (params instanceof RSAKey) {
      -903 		    this.pubKey = params;
      -904 		}
      -905 		this.state = "VERIFY";
      -906 	    };
      -907 
      -908 	    this.initVerifyByCertificatePEM = function(certPEM) {
      -909 		var x509 = new X509();
      -910 		x509.readCertPEM(certPEM);
      -911 		this.pubKey = x509.subjectPublicKeyRSA;
      -912 		this.state = "VERIFY";
      -913 	    };
      -914 
      -915 	    this.updateString = function(str) {
      -916 		this.md.updateString(str);
      -917 	    };
      -918 
      -919 	    this.updateHex = function(hex) {
      -920 		this.md.updateHex(hex);
      -921 	    };
      -922 
      -923 	    this.sign = function() {
      -924 		this.sHashHex = this.md.digest();
      -925 		if (typeof this.ecprvhex != "undefined" &&
      -926 		    typeof this.eccurvename != "undefined") {
      -927 		    var ec = new KJUR.crypto.ECDSA({'curve': this.eccurvename});
      -928 		    this.hSign = ec.signHex(this.sHashHex, this.ecprvhex);
      -929 		} else if (this.prvKey instanceof RSAKey &&
      -930 		           this.pubkeyAlgName == "rsaandmgf1") {
      -931 		    this.hSign = this.prvKey.signWithMessageHashPSS(this.sHashHex,
      -932 								    this.mdAlgName,
      -933 								    this.pssSaltLen);
      -934 		} else if (this.prvKey instanceof RSAKey &&
      -935 			   this.pubkeyAlgName == "rsa") {
      -936 		    this.hSign = this.prvKey.signWithMessageHash(this.sHashHex,
      -937 								 this.mdAlgName);
      -938 		} else if (this.prvKey instanceof KJUR.crypto.ECDSA) {
      -939 		    this.hSign = this.prvKey.signWithMessageHash(this.sHashHex);
      -940 		} else if (this.prvKey instanceof KJUR.crypto.DSA) {
      -941 		    this.hSign = this.prvKey.signWithMessageHash(this.sHashHex);
      -942 		} else {
      -943 		    throw "Signature: unsupported public key alg: " + this.pubkeyAlgName;
      -944 		}
      -945 		return this.hSign;
      -946 	    };
      -947 	    this.signString = function(str) {
      -948 		this.updateString(str);
      -949 		return this.sign();
      -950 	    };
      -951 	    this.signHex = function(hex) {
      -952 		this.updateHex(hex);
      -953 		return this.sign();
      -954 	    };
      -955 	    this.verify = function(hSigVal) {
      -956 	        this.sHashHex = this.md.digest();
      -957 		if (typeof this.ecpubhex != "undefined" &&
      -958 		    typeof this.eccurvename != "undefined") {
      -959 		    var ec = new KJUR.crypto.ECDSA({curve: this.eccurvename});
      -960 		    return ec.verifyHex(this.sHashHex, hSigVal, this.ecpubhex);
      -961 		} else if (this.pubKey instanceof RSAKey &&
      -962 			   this.pubkeyAlgName == "rsaandmgf1") {
      -963 		    return this.pubKey.verifyWithMessageHashPSS(this.sHashHex, hSigVal, 
      -964 								this.mdAlgName,
      -965 								this.pssSaltLen);
      -966 		} else if (this.pubKey instanceof RSAKey &&
      -967 			   this.pubkeyAlgName == "rsa") {
      -968 		    return this.pubKey.verifyWithMessageHash(this.sHashHex, hSigVal);
      -969 		} else if (this.pubKey instanceof KJUR.crypto.ECDSA) {
      -970 		    return this.pubKey.verifyWithMessageHash(this.sHashHex, hSigVal);
      -971 		} else if (this.pubKey instanceof KJUR.crypto.DSA) {
      -972 		    return this.pubKey.verifyWithMessageHash(this.sHashHex, hSigVal);
      -973 		} else {
      -974 		    throw "Signature: unsupported public key alg: " + this.pubkeyAlgName;
      -975 		}
      -976 	    };
      -977 	}
      -978     };
      +606 	if (alg == null) alg = "hmacsha1";
      +607 
      +608 	alg = alg.toLowerCase();
      +609         if (alg.substr(0, 4) != "hmac") {
      +610 	    throw "setAlgAndProvider unsupported HMAC alg: " + alg;
      +611 	}
      +612 
      +613 	if (prov === undefined) prov = KJUR.crypto.Util.DEFAULTPROVIDER[alg];
      +614 	this.algProv = alg + "/" + prov;
      +615 
      +616 	var hashAlg = alg.substr(4);
      +617 
      +618 	// for cryptojs
      +619 	if (':md5:sha1:sha224:sha256:sha384:sha512:ripemd160:'.indexOf(hashAlg) != -1 &&
      +620 	    prov == 'cryptojs') {
      +621 	    try {
      +622 		var mdObj = KJUR.crypto.Util.CRYPTOJSMESSAGEDIGESTNAME[hashAlg];
      +623 		this.mac = CryptoJS.algo.HMAC.create(mdObj, this.pass);
      +624 	    } catch (ex) {
      +625 		throw "setAlgAndProvider hash alg set fail hashAlg=" + hashAlg + "/" + ex;
      +626 	    }
      +627 	    this.updateString = function(str) {
      +628 		this.mac.update(str);
      +629 	    };
      +630 	    this.updateHex = function(hex) {
      +631 		var wHex = CryptoJS.enc.Hex.parse(hex);
      +632 		this.mac.update(wHex);
      +633 	    };
      +634 	    this.doFinal = function() {
      +635 		var hash = this.mac.finalize();
      +636 		return hash.toString(CryptoJS.enc.Hex);
      +637 	    };
      +638 	    this.doFinalString = function(str) {
      +639 		this.updateString(str);
      +640 		return this.doFinal();
      +641 	    };
      +642 	    this.doFinalHex = function(hex) {
      +643 		this.updateHex(hex);
      +644 		return this.doFinal();
      +645 	    };
      +646 	}
      +647     };
      +648 
      +649     /**
      +650      * update digest by specified string
      +651      * @name updateString
      +652      * @memberOf KJUR.crypto.Mac#
      +653      * @function
      +654      * @param {String} str string to update
      +655      * @description
      +656      * @example
      +657      * md.updateString('New York');
      +658      */
      +659     this.updateString = function(str) {
      +660 	throw "updateString(str) not supported for this alg/prov: " + this.algProv;
      +661     };
      +662 
      +663     /**
      +664      * update digest by specified hexadecimal string
      +665      * @name updateHex
      +666      * @memberOf KJUR.crypto.Mac#
      +667      * @function
      +668      * @param {String} hex hexadecimal string to update
      +669      * @description
      +670      * @example
      +671      * md.updateHex('0afe36');
      +672      */
      +673     this.updateHex = function(hex) {
      +674 	throw "updateHex(hex) not supported for this alg/prov: " + this.algProv;
      +675     };
      +676 
      +677     /**
      +678      * completes hash calculation and returns hash result
      +679      * @name doFinal
      +680      * @memberOf KJUR.crypto.Mac#
      +681      * @function
      +682      * @description
      +683      * @example
      +684      * md.digest()
      +685      */
      +686     this.doFinal = function() {
      +687 	throw "digest() not supported for this alg/prov: " + this.algProv;
      +688     };
      +689 
      +690     /**
      +691      * performs final update on the digest using string, then completes the digest computation
      +692      * @name doFinalString
      +693      * @memberOf KJUR.crypto.Mac#
      +694      * @function
      +695      * @param {String} str string to final update
      +696      * @description
      +697      * @example
      +698      * md.digestString('aaa')
      +699      */
      +700     this.doFinalString = function(str) {
      +701 	throw "digestString(str) not supported for this alg/prov: " + this.algProv;
      +702     };
      +703 
      +704     /**
      +705      * performs final update on the digest using hexadecimal string, 
      +706      * then completes the digest computation
      +707      * @name doFinalHex
      +708      * @memberOf KJUR.crypto.Mac#
      +709      * @function
      +710      * @param {String} hex hexadecimal string to final update
      +711      * @description
      +712      * @example
      +713      * md.digestHex('0f2abd')
      +714      */
      +715     this.doFinalHex = function(hex) {
      +716 	throw "digestHex(hex) not supported for this alg/prov: " + this.algProv;
      +717     };
      +718 
      +719     /**
      +720      * set password for Mac
      +721      * @name setPassword
      +722      * @memberOf KJUR.crypto.Mac#
      +723      * @function
      +724      * @param {Object} pass password for Mac
      +725      * @since crypto 1.1.7 jsrsasign 4.9.0
      +726      * @description
      +727      * This method will set password for (H)Mac internally.
      +728      * Argument 'pass' can be specified as following:
      +729      * <ul>
      +730      * <li>even length string of 0..9, a..f or A-F: implicitly specified as hexadecimal string</li>
      +731      * <li>not above string: implicitly specified as raw string</li>
      +732      * <li>{rstr: "\x65\x70"}: explicitly specified as raw string</li>
      +733      * <li>{hex: "6570"}: explicitly specified as hexacedimal string</li>
      +734      * <li>{utf8: "秘密"}: explicitly specified as UTF8 string</li>
      +735      * <li>{b64: "Mi78..=="}: explicitly specified as Base64 string</li>
      +736      * <li>{b64u: "Mi7-_"}: explicitly specified as Base64URL string</li>
      +737      * </ul>
      +738      * It is *STRONGLY RECOMMENDED* that explicit representation of password argument
      +739      * to avoid ambiguity. For example string  "6161" can mean a string "6161" or 
      +740      * a hexadecimal string of "aa" (i.e. \x61\x61).
      +741      * @example
      +742      * mac = KJUR.crypto.Mac({'alg': 'hmacsha256'});
      +743      * // set password by implicit raw string
      +744      * mac.setPassword("\x65\x70\xb9\x0b");
      +745      * mac.setPassword("password");
      +746      * // set password by implicit hexadecimal string
      +747      * mac.setPassword("6570b90b");
      +748      * mac.setPassword("6570B90B");
      +749      * // set password by explicit raw string
      +750      * mac.setPassword({"rstr": "\x65\x70\xb9\x0b"});
      +751      * // set password by explicit hexadecimal string
      +752      * mac.setPassword({"hex": "6570b90b"});
      +753      * // set password by explicit utf8 string
      +754      * mac.setPassword({"utf8": "passwordパスワード");
      +755      * // set password by explicit Base64 string
      +756      * mac.setPassword({"b64": "Mb+c3f/=="});
      +757      * // set password by explicit Base64URL string
      +758      * mac.setPassword({"b64u": "Mb-c3f_"});
      +759      */
      +760     this.setPassword = function(pass) {
      +761 	// internal this.pass shall be CryptoJS DWord Object for CryptoJS bug
      +762 	// work around. CrytoJS HMac password can be passed by
      +763 	// raw string as described in the manual however it doesn't
      +764 	// work properly in some case. If password was passed
      +765 	// by CryptoJS DWord which is not described in the manual
      +766 	// it seems to work. (fixed since crypto 1.1.7)
      +767 
      +768 	if (typeof pass == 'string') {
      +769 	    var hPass = pass;
      +770 	    if (pass.length % 2 == 1 || ! pass.match(/^[0-9A-Fa-f]+$/)) { // raw str
      +771 		hPass = rstrtohex(pass);
      +772 	    }
      +773 	    this.pass = CryptoJS.enc.Hex.parse(hPass);
      +774 	    return;
      +775 	}
      +776 
      +777 	if (typeof pass != 'object')
      +778 	    throw "KJUR.crypto.Mac unsupported password type: " + pass;
      +779 	
      +780 	var hPass = null;
      +781 	if (pass.hex  !== undefined) {
      +782 	    if (pass.hex.length % 2 != 0 || ! pass.hex.match(/^[0-9A-Fa-f]+$/))
      +783 		throw "Mac: wrong hex password: " + pass.hex;
      +784 	    hPass = pass.hex;
      +785 	}
      +786 	if (pass.utf8 !== undefined) hPass = utf8tohex(pass.utf8);
      +787 	if (pass.rstr !== undefined) hPass = rstrtohex(pass.rstr);
      +788 	if (pass.b64  !== undefined) hPass = b64tohex(pass.b64);
      +789 	if (pass.b64u !== undefined) hPass = b64utohex(pass.b64u);
      +790 
      +791 	if (hPass == null)
      +792 	    throw "KJUR.crypto.Mac unsupported password type: " + pass;
      +793 
      +794 	this.pass = CryptoJS.enc.Hex.parse(hPass);
      +795     };
      +796 
      +797     if (params !== undefined) {
      +798 	if (params.pass !== undefined) {
      +799 	    this.setPassword(params.pass);
      +800 	}
      +801 	if (params.alg !== undefined) {
      +802 	    this.algName = params.alg;
      +803 	    if (params['prov'] === undefined)
      +804 		this.provName = KJUR.crypto.Util.DEFAULTPROVIDER[this.algName];
      +805 	    this.setAlgAndProvider(this.algName, this.provName);
      +806 	}
      +807     }
      +808 };
      +809 
      +810 // ====== Signature class =========================================================
      +811 /**
      +812  * Signature class which is very similar to java.security.Signature class
      +813  * @name KJUR.crypto.Signature
      +814  * @class Signature class which is very similar to java.security.Signature class
      +815  * @param {Array} params parameters for constructor
      +816  * @property {String} state Current state of this signature object whether 'SIGN', 'VERIFY' or null
      +817  * @description
      +818  * <br/>
      +819  * As for params of constructor's argument, it can be specify following attributes:
      +820  * <ul>
      +821  * <li>alg - signature algorithm name (ex. {MD5,SHA1,SHA224,SHA256,SHA384,SHA512,RIPEMD160}with{RSA,ECDSA,DSA})</li>
      +822  * <li>provider - currently 'cryptojs/jsrsa' only</li>
      +823  * </ul>
      +824  * <h4>SUPPORTED ALGORITHMS AND PROVIDERS</h4>
      +825  * This Signature class supports following signature algorithm and provider names:
      +826  * <ul>
      +827  * <li>MD5withRSA - cryptojs/jsrsa</li>
      +828  * <li>SHA1withRSA - cryptojs/jsrsa</li>
      +829  * <li>SHA224withRSA - cryptojs/jsrsa</li>
      +830  * <li>SHA256withRSA - cryptojs/jsrsa</li>
      +831  * <li>SHA384withRSA - cryptojs/jsrsa</li>
      +832  * <li>SHA512withRSA - cryptojs/jsrsa</li>
      +833  * <li>RIPEMD160withRSA - cryptojs/jsrsa</li>
      +834  * <li>MD5withECDSA - cryptojs/jsrsa</li>
      +835  * <li>SHA1withECDSA - cryptojs/jsrsa</li>
      +836  * <li>SHA224withECDSA - cryptojs/jsrsa</li>
      +837  * <li>SHA256withECDSA - cryptojs/jsrsa</li>
      +838  * <li>SHA384withECDSA - cryptojs/jsrsa</li>
      +839  * <li>SHA512withECDSA - cryptojs/jsrsa</li>
      +840  * <li>RIPEMD160withECDSA - cryptojs/jsrsa</li>
      +841  * <li>MD5withRSAandMGF1 - cryptojs/jsrsa</li>
      +842  * <li>SHA1withRSAandMGF1 - cryptojs/jsrsa</li>
      +843  * <li>SHA224withRSAandMGF1 - cryptojs/jsrsa</li>
      +844  * <li>SHA256withRSAandMGF1 - cryptojs/jsrsa</li>
      +845  * <li>SHA384withRSAandMGF1 - cryptojs/jsrsa</li>
      +846  * <li>SHA512withRSAandMGF1 - cryptojs/jsrsa</li>
      +847  * <li>RIPEMD160withRSAandMGF1 - cryptojs/jsrsa</li>
      +848  * <li>SHA1withDSA - cryptojs/jsrsa</li>
      +849  * <li>SHA224withDSA - cryptojs/jsrsa</li>
      +850  * <li>SHA256withDSA - cryptojs/jsrsa</li>
      +851  * </ul>
      +852  * Here are supported elliptic cryptographic curve names and their aliases for ECDSA:
      +853  * <ul>
      +854  * <li>secp256k1</li>
      +855  * <li>secp256r1, NIST P-256, P-256, prime256v1</li>
      +856  * <li>secp384r1, NIST P-384, P-384</li>
      +857  * </ul>
      +858  * NOTE1: DSA signing algorithm is also supported since crypto 1.1.5.
      +859  * <h4>EXAMPLES</h4>
      +860  * @example
      +861  * // RSA signature generation
      +862  * var sig = new KJUR.crypto.Signature({"alg": "SHA1withRSA"});
      +863  * sig.init(prvKeyPEM);
      +864  * sig.updateString('aaa');
      +865  * var hSigVal = sig.sign();
      +866  *
      +867  * // DSA signature validation
      +868  * var sig2 = new KJUR.crypto.Signature({"alg": "SHA1withDSA"});
      +869  * sig2.init(certPEM);
      +870  * sig.updateString('aaa');
      +871  * var isValid = sig2.verify(hSigVal);
      +872  * 
      +873  * // ECDSA signing
      +874  * var sig = new KJUR.crypto.Signature({'alg':'SHA1withECDSA'});
      +875  * sig.init(prvKeyPEM);
      +876  * sig.updateString('aaa');
      +877  * var sigValueHex = sig.sign();
      +878  *
      +879  * // ECDSA verifying
      +880  * var sig2 = new KJUR.crypto.Signature({'alg':'SHA1withECDSA'});
      +881  * sig.init(certPEM);
      +882  * sig.updateString('aaa');
      +883  * var isValid = sig.verify(sigValueHex);
      +884  */
      +885 KJUR.crypto.Signature = function(params) {
      +886     var prvKey = null; // RSAKey/KJUR.crypto.{ECDSA,DSA} object for signing
      +887     var pubKey = null; // RSAKey/KJUR.crypto.{ECDSA,DSA} object for verifying
      +888 
      +889     var md = null; // KJUR.crypto.MessageDigest object
      +890     var sig = null;
      +891     var algName = null;
      +892     var provName = null;
      +893     var algProvName = null;
      +894     var mdAlgName = null;
      +895     var pubkeyAlgName = null;	// rsa,ecdsa,rsaandmgf1(=rsapss)
      +896     var state = null;
      +897     var pssSaltLen = -1;
      +898     var initParams = null;
      +899 
      +900     var sHashHex = null; // hex hash value for hex
      +901     var hDigestInfo = null;
      +902     var hPaddedDigestInfo = null;
      +903     var hSign = null;
      +904 
      +905     this._setAlgNames = function() {
      +906     var matchResult = this.algName.match(/^(.+)with(.+)$/);
      +907 	if (matchResult) {
      +908 	    this.mdAlgName = matchResult[1].toLowerCase();
      +909 	    this.pubkeyAlgName = matchResult[2].toLowerCase();
      +910 	}
      +911     };
      +912 
      +913     this._zeroPaddingOfSignature = function(hex, bitLength) {
      +914 	var s = "";
      +915 	var nZero = bitLength / 4 - hex.length;
      +916 	for (var i = 0; i < nZero; i++) {
      +917 	    s = s + "0";
      +918 	}
      +919 	return s + hex;
      +920     };
      +921 
      +922     /**
      +923      * set signature algorithm and provider
      +924      * @name setAlgAndProvider
      +925      * @memberOf KJUR.crypto.Signature#
      +926      * @function
      +927      * @param {String} alg signature algorithm name
      +928      * @param {String} prov provider name
      +929      * @description
      +930      * @example
      +931      * md.setAlgAndProvider('SHA1withRSA', 'cryptojs/jsrsa');
      +932      */
      +933     this.setAlgAndProvider = function(alg, prov) {
      +934 	this._setAlgNames();
      +935 	if (prov != 'cryptojs/jsrsa')
      +936 	    throw "provider not supported: " + prov;
      +937 
      +938 	if (':md5:sha1:sha224:sha256:sha384:sha512:ripemd160:'.indexOf(this.mdAlgName) != -1) {
      +939 	    try {
      +940 		this.md = new KJUR.crypto.MessageDigest({'alg':this.mdAlgName});
      +941 	    } catch (ex) {
      +942 		throw "setAlgAndProvider hash alg set fail alg=" +
      +943                       this.mdAlgName + "/" + ex;
      +944 	    }
      +945 
      +946 	    this.init = function(keyparam, pass) {
      +947 		var keyObj = null;
      +948 		try {
      +949 		    if (pass === undefined) {
      +950 			keyObj = KEYUTIL.getKey(keyparam);
      +951 		    } else {
      +952 			keyObj = KEYUTIL.getKey(keyparam, pass);
      +953 		    }
      +954 		} catch (ex) {
      +955 		    throw "init failed:" + ex;
      +956 		}
      +957 
      +958 		if (keyObj.isPrivate === true) {
      +959 		    this.prvKey = keyObj;
      +960 		    this.state = "SIGN";
      +961 		} else if (keyObj.isPublic === true) {
      +962 		    this.pubKey = keyObj;
      +963 		    this.state = "VERIFY";
      +964 		} else {
      +965 		    throw "init failed.:" + keyObj;
      +966 		}
      +967 	    };
      +968 
      +969 	    this.initSign = function(params) {
      +970 		if (typeof params['ecprvhex'] == 'string' &&
      +971                     typeof params['eccurvename'] == 'string') {
      +972 		    this.ecprvhex = params['ecprvhex'];
      +973 		    this.eccurvename = params['eccurvename'];
      +974 		} else {
      +975 		    this.prvKey = params;
      +976 		}
      +977 		this.state = "SIGN";
      +978 	    };
       979 
      -980     /**
      -981      * Initialize this object for signing or verifying depends on key
      -982      * @name init
      -983      * @memberOf KJUR.crypto.Signature
      -984      * @function
      -985      * @param {Object} key specifying public or private key as plain/encrypted PKCS#5/8 PEM file, certificate PEM or {@link RSAKey}, {@link KJUR.crypto.DSA} or {@link KJUR.crypto.ECDSA} object
      -986      * @param {String} pass (OPTION) passcode for encrypted private key
      -987      * @since crypto 1.1.3
      -988      * @description
      -989      * This method is very useful initialize method for Signature class since
      -990      * you just specify key then this method will automatically initialize it
      -991      * using {@link KEYUTIL.getKey} method.
      -992      * As for 'key',  following argument type are supported:
      -993      * <h5>signing</h5>
      -994      * <ul>
      -995      * <li>PEM formatted PKCS#8 encrypted RSA/ECDSA private key concluding "BEGIN ENCRYPTED PRIVATE KEY"</li>
      -996      * <li>PEM formatted PKCS#5 encrypted RSA/DSA private key concluding "BEGIN RSA/DSA PRIVATE KEY" and ",ENCRYPTED"</li>
      -997      * <li>PEM formatted PKCS#8 plain RSA/ECDSA private key concluding "BEGIN PRIVATE KEY"</li>
      -998      * <li>PEM formatted PKCS#5 plain RSA/DSA private key concluding "BEGIN RSA/DSA PRIVATE KEY" without ",ENCRYPTED"</li>
      -999      * <li>RSAKey object of private key</li>
      -1000      * <li>KJUR.crypto.ECDSA object of private key</li>
      -1001      * <li>KJUR.crypto.DSA object of private key</li>
      -1002      * </ul>
      -1003      * <h5>verification</h5>
      -1004      * <ul>
      -1005      * <li>PEM formatted PKCS#8 RSA/EC/DSA public key concluding "BEGIN PUBLIC KEY"</li>
      -1006      * <li>PEM formatted X.509 certificate with RSA/EC/DSA public key concluding
      -1007      *     "BEGIN CERTIFICATE", "BEGIN X509 CERTIFICATE" or "BEGIN TRUSTED CERTIFICATE".</li>
      -1008      * <li>RSAKey object of public key</li>
      -1009      * <li>KJUR.crypto.ECDSA object of public key</li>
      -1010      * <li>KJUR.crypto.DSA object of public key</li>
      -1011      * </ul>
      -1012      * @example
      -1013      * sig.init(sCertPEM)
      -1014      */
      -1015     this.init = function(key, pass) {
      -1016 	throw "init(key, pass) not supported for this alg:prov=" +
      -1017 	      this.algProvName;
      -1018     };
      -1019 
      -1020     /**
      -1021      * Initialize this object for verifying with a public key
      -1022      * @name initVerifyByPublicKey
      -1023      * @memberOf KJUR.crypto.Signature
      -1024      * @function
      -1025      * @param {Object} param RSAKey object of public key or associative array for ECDSA
      -1026      * @since 1.0.2
      -1027      * @deprecated from crypto 1.1.5. please use init() method instead.
      -1028      * @description
      -1029      * Public key information will be provided as 'param' parameter and the value will be
      -1030      * following:
      -1031      * <ul>
      -1032      * <li>{@link RSAKey} object for RSA verification</li>
      -1033      * <li>associative array for ECDSA verification
      -1034      *     (ex. <code>{'ecpubhex': '041f..', 'eccurvename': 'secp256r1'}</code>)
      -1035      * </li>
      -1036      * </ul>
      -1037      * @example
      -1038      * sig.initVerifyByPublicKey(rsaPrvKey)
      -1039      */
      -1040     this.initVerifyByPublicKey = function(rsaPubKey) {
      -1041 	throw "initVerifyByPublicKey(rsaPubKeyy) not supported for this alg:prov=" +
      -1042 	      this.algProvName;
      -1043     };
      -1044 
      -1045     /**
      -1046      * Initialize this object for verifying with a certficate
      -1047      * @name initVerifyByCertificatePEM
      -1048      * @memberOf KJUR.crypto.Signature
      -1049      * @function
      -1050      * @param {String} certPEM PEM formatted string of certificate
      -1051      * @since 1.0.2
      -1052      * @deprecated from crypto 1.1.5. please use init() method instead.
      -1053      * @description
      -1054      * @example
      -1055      * sig.initVerifyByCertificatePEM(certPEM)
      -1056      */
      -1057     this.initVerifyByCertificatePEM = function(certPEM) {
      -1058 	throw "initVerifyByCertificatePEM(certPEM) not supported for this alg:prov=" +
      -1059 	    this.algProvName;
      -1060     };
      -1061 
      -1062     /**
      -1063      * Initialize this object for signing
      -1064      * @name initSign
      -1065      * @memberOf KJUR.crypto.Signature
      -1066      * @function
      -1067      * @param {Object} param RSAKey object of public key or associative array for ECDSA
      -1068      * @deprecated from crypto 1.1.5. please use init() method instead.
      -1069      * @description
      -1070      * Private key information will be provided as 'param' parameter and the value will be
      -1071      * following:
      -1072      * <ul>
      -1073      * <li>{@link RSAKey} object for RSA signing</li>
      -1074      * <li>associative array for ECDSA signing
      -1075      *     (ex. <code>{'ecprvhex': '1d3f..', 'eccurvename': 'secp256r1'}</code>)</li>
      -1076      * </ul>
      -1077      * @example
      -1078      * sig.initSign(prvKey)
      -1079      */
      -1080     this.initSign = function(prvKey) {
      -1081 	throw "initSign(prvKey) not supported for this alg:prov=" + this.algProvName;
      -1082     };
      -1083 
      -1084     /**
      -1085      * Updates the data to be signed or verified by a string
      -1086      * @name updateString
      -1087      * @memberOf KJUR.crypto.Signature
      -1088      * @function
      -1089      * @param {String} str string to use for the update
      -1090      * @description
      -1091      * @example
      -1092      * sig.updateString('aaa')
      -1093      */
      -1094     this.updateString = function(str) {
      -1095 	throw "updateString(str) not supported for this alg:prov=" + this.algProvName;
      -1096     };
      -1097 
      -1098     /**
      -1099      * Updates the data to be signed or verified by a hexadecimal string
      -1100      * @name updateHex
      -1101      * @memberOf KJUR.crypto.Signature
      -1102      * @function
      -1103      * @param {String} hex hexadecimal string to use for the update
      -1104      * @description
      -1105      * @example
      -1106      * sig.updateHex('1f2f3f')
      -1107      */
      -1108     this.updateHex = function(hex) {
      -1109 	throw "updateHex(hex) not supported for this alg:prov=" + this.algProvName;
      -1110     };
      -1111 
      -1112     /**
      -1113      * Returns the signature bytes of all data updates as a hexadecimal string
      -1114      * @name sign
      -1115      * @memberOf KJUR.crypto.Signature
      -1116      * @function
      -1117      * @return the signature bytes as a hexadecimal string
      -1118      * @description
      -1119      * @example
      -1120      * var hSigValue = sig.sign()
      -1121      */
      -1122     this.sign = function() {
      -1123 	throw "sign() not supported for this alg:prov=" + this.algProvName;
      -1124     };
      -1125 
      -1126     /**
      -1127      * performs final update on the sign using string, then returns the signature bytes of all data updates as a hexadecimal string
      -1128      * @name signString
      -1129      * @memberOf KJUR.crypto.Signature
      -1130      * @function
      -1131      * @param {String} str string to final update
      -1132      * @return the signature bytes of a hexadecimal string
      -1133      * @description
      -1134      * @example
      -1135      * var hSigValue = sig.signString('aaa')
      -1136      */
      -1137     this.signString = function(str) {
      -1138 	throw "digestString(str) not supported for this alg:prov=" + this.algProvName;
      -1139     };
      -1140 
      -1141     /**
      -1142      * performs final update on the sign using hexadecimal string, then returns the signature bytes of all data updates as a hexadecimal string
      -1143      * @name signHex
      -1144      * @memberOf KJUR.crypto.Signature
      -1145      * @function
      -1146      * @param {String} hex hexadecimal string to final update
      -1147      * @return the signature bytes of a hexadecimal string
      -1148      * @description
      -1149      * @example
      -1150      * var hSigValue = sig.signHex('1fdc33')
      -1151      */
      -1152     this.signHex = function(hex) {
      -1153 	throw "digestHex(hex) not supported for this alg:prov=" + this.algProvName;
      -1154     };
      -1155 
      -1156     /**
      -1157      * verifies the passed-in signature.
      -1158      * @name verify
      -1159      * @memberOf KJUR.crypto.Signature
      -1160      * @function
      -1161      * @param {String} str string to final update
      -1162      * @return {Boolean} true if the signature was verified, otherwise false
      -1163      * @description
      -1164      * @example
      -1165      * var isValid = sig.verify('1fbcefdca4823a7(snip)')
      -1166      */
      -1167     this.verify = function(hSigVal) {
      -1168 	throw "verify(hSigVal) not supported for this alg:prov=" + this.algProvName;
      -1169     };
      -1170 
      -1171     this.initParams = params;
      -1172 
      -1173     if (params !== undefined) {
      -1174 	if (params['alg'] !== undefined) {
      -1175 	    this.algName = params['alg'];
      -1176 	    if (params['prov'] === undefined) {
      -1177 		this.provName = KJUR.crypto.Util.DEFAULTPROVIDER[this.algName];
      -1178 	    } else {
      -1179 		this.provName = params['prov'];
      -1180 	    }
      -1181 	    this.algProvName = this.algName + ":" + this.provName;
      -1182 	    this.setAlgAndProvider(this.algName, this.provName);
      -1183 	    this._setAlgNames();
      -1184 	}
      -1185 
      -1186 	if (params['psssaltlen'] !== undefined) this.pssSaltLen = params['psssaltlen'];
      -1187 
      -1188 	if (params['prvkeypem'] !== undefined) {
      -1189 	    if (params['prvkeypas'] !== undefined) {
      -1190 		throw "both prvkeypem and prvkeypas parameters not supported";
      -1191 	    } else {
      -1192 		try {
      -1193 		    var prvKey = new RSAKey();
      -1194 		    prvKey.readPrivateKeyFromPEMString(params['prvkeypem']);
      -1195 		    this.initSign(prvKey);
      -1196 		} catch (ex) {
      -1197 		    throw "fatal error to load pem private key: " + ex;
      -1198 		}
      -1199 	    }
      -1200 	}
      -1201     }
      -1202 };
      -1203 
      -1204 /**
      -1205  * static object for cryptographic function utilities
      -1206  * @name KJUR.crypto.OID
      -1207  * @class static object for cryptography related OIDs
      -1208  * @property {Array} oidhex2name key value of hexadecimal OID and its name
      -1209  *           (ex. '2a8648ce3d030107' and 'secp256r1')
      -1210  * @since crypto 1.1.3
      -1211  * @description
      -1212  */
      -1213 
      -1214 
      -1215 KJUR.crypto.OID = new function() {
      -1216     this.oidhex2name = {
      -1217 	'2a864886f70d010101': 'rsaEncryption',
      -1218 	'2a8648ce3d0201': 'ecPublicKey',
      -1219 	'2a8648ce380401': 'dsa',
      -1220 	'2a8648ce3d030107': 'secp256r1',
      -1221 	'2b8104001f': 'secp192k1',
      -1222 	'2b81040021': 'secp224r1',
      -1223 	'2b8104000a': 'secp256k1',
      -1224 	'2b81040023': 'secp521r1',
      -1225 	'2b81040022': 'secp384r1',
      -1226 	'2a8648ce380403': 'SHA1withDSA', // 1.2.840.10040.4.3
      -1227 	'608648016503040301': 'SHA224withDSA', // 2.16.840.1.101.3.4.3.1
      -1228 	'608648016503040302': 'SHA256withDSA', // 2.16.840.1.101.3.4.3.2
      -1229     };
      -1230 };
      -1231 
      \ No newline at end of file +980
      this.initVerifyByPublicKey = function(params) { +981 if (typeof params['ecpubhex'] == 'string' && +982 typeof params['eccurvename'] == 'string') { +983 this.ecpubhex = params['ecpubhex']; +984 this.eccurvename = params['eccurvename']; +985 } else if (params instanceof KJUR.crypto.ECDSA) { +986 this.pubKey = params; +987 } else if (params instanceof RSAKey) { +988 this.pubKey = params; +989 } +990 this.state = "VERIFY"; +991 }; +992 +993 this.initVerifyByCertificatePEM = function(certPEM) { +994 var x509 = new X509(); +995 x509.readCertPEM(certPEM); +996 this.pubKey = x509.subjectPublicKeyRSA; +997 this.state = "VERIFY"; +998 }; +999 +1000 this.updateString = function(str) { +1001 this.md.updateString(str); +1002 }; +1003 +1004 this.updateHex = function(hex) { +1005 this.md.updateHex(hex); +1006 }; +1007 +1008 this.sign = function() { +1009 this.sHashHex = this.md.digest(); +1010 if (typeof this.ecprvhex != "undefined" && +1011 typeof this.eccurvename != "undefined") { +1012 var ec = new KJUR.crypto.ECDSA({'curve': this.eccurvename}); +1013 this.hSign = ec.signHex(this.sHashHex, this.ecprvhex); +1014 } else if (this.prvKey instanceof RSAKey && +1015 this.pubkeyAlgName == "rsaandmgf1") { +1016 this.hSign = this.prvKey.signWithMessageHashPSS(this.sHashHex, +1017 this.mdAlgName, +1018 this.pssSaltLen); +1019 } else if (this.prvKey instanceof RSAKey && +1020 this.pubkeyAlgName == "rsa") { +1021 this.hSign = this.prvKey.signWithMessageHash(this.sHashHex, +1022 this.mdAlgName); +1023 } else if (this.prvKey instanceof KJUR.crypto.ECDSA) { +1024 this.hSign = this.prvKey.signWithMessageHash(this.sHashHex); +1025 } else if (this.prvKey instanceof KJUR.crypto.DSA) { +1026 this.hSign = this.prvKey.signWithMessageHash(this.sHashHex); +1027 } else { +1028 throw "Signature: unsupported public key alg: " + this.pubkeyAlgName; +1029 } +1030 return this.hSign; +1031 }; +1032 this.signString = function(str) { +1033 this.updateString(str); +1034 return this.sign(); +1035 }; +1036 this.signHex = function(hex) { +1037 this.updateHex(hex); +1038 return this.sign(); +1039 }; +1040 this.verify = function(hSigVal) { +1041 this.sHashHex = this.md.digest(); +1042 if (typeof this.ecpubhex != "undefined" && +1043 typeof this.eccurvename != "undefined") { +1044 var ec = new KJUR.crypto.ECDSA({curve: this.eccurvename}); +1045 return ec.verifyHex(this.sHashHex, hSigVal, this.ecpubhex); +1046 } else if (this.pubKey instanceof RSAKey && +1047 this.pubkeyAlgName == "rsaandmgf1") { +1048 return this.pubKey.verifyWithMessageHashPSS(this.sHashHex, hSigVal, +1049 this.mdAlgName, +1050 this.pssSaltLen); +1051 } else if (this.pubKey instanceof RSAKey && +1052 this.pubkeyAlgName == "rsa") { +1053 return this.pubKey.verifyWithMessageHash(this.sHashHex, hSigVal); +1054 } else if (this.pubKey instanceof KJUR.crypto.ECDSA) { +1055 return this.pubKey.verifyWithMessageHash(this.sHashHex, hSigVal); +1056 } else if (this.pubKey instanceof KJUR.crypto.DSA) { +1057 return this.pubKey.verifyWithMessageHash(this.sHashHex, hSigVal); +1058 } else { +1059 throw "Signature: unsupported public key alg: " + this.pubkeyAlgName; +1060 } +1061 }; +1062 } +1063 }; +1064 +1065 /** +1066 * Initialize this object for signing or verifying depends on key +1067 * @name init +1068 * @memberOf KJUR.crypto.Signature# +1069 * @function +1070 * @param {Object} key specifying public or private key as plain/encrypted PKCS#5/8 PEM file, certificate PEM or {@link RSAKey}, {@link KJUR.crypto.DSA} or {@link KJUR.crypto.ECDSA} object +1071 * @param {String} pass (OPTION) passcode for encrypted private key +1072 * @since crypto 1.1.3 +1073 * @description +1074 * This method is very useful initialize method for Signature class since +1075 * you just specify key then this method will automatically initialize it +1076 * using {@link KEYUTIL.getKey} method. +1077 * As for 'key', following argument type are supported: +1078 * <h5>signing</h5> +1079 * <ul> +1080 * <li>PEM formatted PKCS#8 encrypted RSA/ECDSA private key concluding "BEGIN ENCRYPTED PRIVATE KEY"</li> +1081 * <li>PEM formatted PKCS#5 encrypted RSA/DSA private key concluding "BEGIN RSA/DSA PRIVATE KEY" and ",ENCRYPTED"</li> +1082 * <li>PEM formatted PKCS#8 plain RSA/ECDSA private key concluding "BEGIN PRIVATE KEY"</li> +1083 * <li>PEM formatted PKCS#5 plain RSA/DSA private key concluding "BEGIN RSA/DSA PRIVATE KEY" without ",ENCRYPTED"</li> +1084 * <li>RSAKey object of private key</li> +1085 * <li>KJUR.crypto.ECDSA object of private key</li> +1086 * <li>KJUR.crypto.DSA object of private key</li> +1087 * </ul> +1088 * <h5>verification</h5> +1089 * <ul> +1090 * <li>PEM formatted PKCS#8 RSA/EC/DSA public key concluding "BEGIN PUBLIC KEY"</li> +1091 * <li>PEM formatted X.509 certificate with RSA/EC/DSA public key concluding +1092 * "BEGIN CERTIFICATE", "BEGIN X509 CERTIFICATE" or "BEGIN TRUSTED CERTIFICATE".</li> +1093 * <li>RSAKey object of public key</li> +1094 * <li>KJUR.crypto.ECDSA object of public key</li> +1095 * <li>KJUR.crypto.DSA object of public key</li> +1096 * </ul> +1097 * @example +1098 * sig.init(sCertPEM) +1099 */ +1100 this.init = function(key, pass) { +1101 throw "init(key, pass) not supported for this alg:prov=" + +1102 this.algProvName; +1103 }; +1104 +1105 /** +1106 * Initialize this object for verifying with a public key +1107 * @name initVerifyByPublicKey +1108 * @memberOf KJUR.crypto.Signature# +1109 * @function +1110 * @param {Object} param RSAKey object of public key or associative array for ECDSA +1111 * @since 1.0.2 +1112 * @deprecated from crypto 1.1.5. please use init() method instead. +1113 * @description +1114 * Public key information will be provided as 'param' parameter and the value will be +1115 * following: +1116 * <ul> +1117 * <li>{@link RSAKey} object for RSA verification</li> +1118 * <li>associative array for ECDSA verification +1119 * (ex. <code>{'ecpubhex': '041f..', 'eccurvename': 'secp256r1'}</code>) +1120 * </li> +1121 * </ul> +1122 * @example +1123 * sig.initVerifyByPublicKey(rsaPrvKey) +1124 */ +1125 this.initVerifyByPublicKey = function(rsaPubKey) { +1126 throw "initVerifyByPublicKey(rsaPubKeyy) not supported for this alg:prov=" + +1127 this.algProvName; +1128 }; +1129 +1130 /** +1131 * Initialize this object for verifying with a certficate +1132 * @name initVerifyByCertificatePEM +1133 * @memberOf KJUR.crypto.Signature# +1134 * @function +1135 * @param {String} certPEM PEM formatted string of certificate +1136 * @since 1.0.2 +1137 * @deprecated from crypto 1.1.5. please use init() method instead. +1138 * @description +1139 * @example +1140 * sig.initVerifyByCertificatePEM(certPEM) +1141 */ +1142 this.initVerifyByCertificatePEM = function(certPEM) { +1143 throw "initVerifyByCertificatePEM(certPEM) not supported for this alg:prov=" + +1144 this.algProvName; +1145 }; +1146 +1147 /** +1148 * Initialize this object for signing +1149 * @name initSign +1150 * @memberOf KJUR.crypto.Signature# +1151 * @function +1152 * @param {Object} param RSAKey object of public key or associative array for ECDSA +1153 * @deprecated from crypto 1.1.5. please use init() method instead. +1154 * @description +1155 * Private key information will be provided as 'param' parameter and the value will be +1156 * following: +1157 * <ul> +1158 * <li>{@link RSAKey} object for RSA signing</li> +1159 * <li>associative array for ECDSA signing +1160 * (ex. <code>{'ecprvhex': '1d3f..', 'eccurvename': 'secp256r1'}</code>)</li> +1161 * </ul> +1162 * @example +1163 * sig.initSign(prvKey) +1164 */ +1165 this.initSign = function(prvKey) { +1166 throw "initSign(prvKey) not supported for this alg:prov=" + this.algProvName; +1167 }; +1168 +1169 /** +1170 * Updates the data to be signed or verified by a string +1171 * @name updateString +1172 * @memberOf KJUR.crypto.Signature# +1173 * @function +1174 * @param {String} str string to use for the update +1175 * @description +1176 * @example +1177 * sig.updateString('aaa') +1178 */ +1179 this.updateString = function(str) { +1180 throw "updateString(str) not supported for this alg:prov=" + this.algProvName; +1181 }; +1182 +1183 /** +1184 * Updates the data to be signed or verified by a hexadecimal string +1185 * @name updateHex +1186 * @memberOf KJUR.crypto.Signature# +1187 * @function +1188 * @param {String} hex hexadecimal string to use for the update +1189 * @description +1190 * @example +1191 * sig.updateHex('1f2f3f') +1192 */ +1193 this.updateHex = function(hex) { +1194 throw "updateHex(hex) not supported for this alg:prov=" + this.algProvName; +1195 }; +1196 +1197 /** +1198 * Returns the signature bytes of all data updates as a hexadecimal string +1199 * @name sign +1200 * @memberOf KJUR.crypto.Signature# +1201 * @function +1202 * @return the signature bytes as a hexadecimal string +1203 * @description +1204 * @example +1205 * var hSigValue = sig.sign() +1206 */ +1207 this.sign = function() { +1208 throw "sign() not supported for this alg:prov=" + this.algProvName; +1209 }; +1210 +1211 /** +1212 * performs final update on the sign using string, then returns the signature bytes of all data updates as a hexadecimal string +1213 * @name signString +1214 * @memberOf KJUR.crypto.Signature# +1215 * @function +1216 * @param {String} str string to final update +1217 * @return the signature bytes of a hexadecimal string +1218 * @description +1219 * @example +1220 * var hSigValue = sig.signString('aaa') +1221 */ +1222 this.signString = function(str) { +1223 throw "digestString(str) not supported for this alg:prov=" + this.algProvName; +1224 }; +1225 +1226 /** +1227 * performs final update on the sign using hexadecimal string, then returns the signature bytes of all data updates as a hexadecimal string +1228 * @name signHex +1229 * @memberOf KJUR.crypto.Signature# +1230 * @function +1231 * @param {String} hex hexadecimal string to final update +1232 * @return the signature bytes of a hexadecimal string +1233 * @description +1234 * @example +1235 * var hSigValue = sig.signHex('1fdc33') +1236 */ +1237 this.signHex = function(hex) { +1238 throw "digestHex(hex) not supported for this alg:prov=" + this.algProvName; +1239 }; +1240 +1241 /** +1242 * verifies the passed-in signature. +1243 * @name verify +1244 * @memberOf KJUR.crypto.Signature# +1245 * @function +1246 * @param {String} str string to final update +1247 * @return {Boolean} true if the signature was verified, otherwise false +1248 * @description +1249 * @example +1250 * var isValid = sig.verify('1fbcefdca4823a7(snip)') +1251 */ +1252 this.verify = function(hSigVal) { +1253 throw "verify(hSigVal) not supported for this alg:prov=" + this.algProvName; +1254 }; +1255 +1256 this.initParams = params; +1257 +1258 if (params !== undefined) { +1259 if (params['alg'] !== undefined) { +1260 this.algName = params['alg']; +1261 if (params['prov'] === undefined) { +1262 this.provName = KJUR.crypto.Util.DEFAULTPROVIDER[this.algName]; +1263 } else { +1264 this.provName = params['prov']; +1265 } +1266 this.algProvName = this.algName + ":" + this.provName; +1267 this.setAlgAndProvider(this.algName, this.provName); +1268 this._setAlgNames(); +1269 } +1270 +1271 if (params['psssaltlen'] !== undefined) this.pssSaltLen = params['psssaltlen']; +1272 +1273 if (params['prvkeypem'] !== undefined) { +1274 if (params['prvkeypas'] !== undefined) { +1275 throw "both prvkeypem and prvkeypas parameters not supported"; +1276 } else { +1277 try { +1278 var prvKey = new RSAKey(); +1279 prvKey.readPrivateKeyFromPEMString(params['prvkeypem']); +1280 this.initSign(prvKey); +1281 } catch (ex) { +1282 throw "fatal error to load pem private key: " + ex; +1283 } +1284 } +1285 } +1286 } +1287 }; +1288 +1289 // ====== Cipher class ============================================================ +1290 /** +1291 * Cipher class to encrypt and decrypt data<br/> +1292 * @name KJUR.crypto.Cipher +1293 * @class Cipher class to encrypt and decrypt data<br/> +1294 * @param {Array} params parameters for constructor +1295 * @since jsrsasign 6.2.0 crypto 1.1.10 +1296 * @description +1297 * Here is supported canonicalized cipher algorithm names and its standard names: +1298 * <ul> +1299 * <li>RSA - RSA/ECB/PKCS1Padding (default for RSAKey)</li> +1300 * <li>RSAOAEP - RSA/ECB/OAEPWithSHA-1AndMGF1Padding</li> +1301 * <li>RSAOAEP224 - RSA/ECB/OAEPWithSHA-224AndMGF1Padding(*)</li> +1302 * <li>RSAOAEP256 - RSA/ECB/OAEPWithSHA-256AndMGF1Padding</li> +1303 * <li>RSAOAEP384 - RSA/ECB/OAEPWithSHA-384AndMGF1Padding(*)</li> +1304 * <li>RSAOAEP512 - RSA/ECB/OAEPWithSHA-512AndMGF1Padding(*)</li> +1305 * </ul> +1306 * NOTE: (*) is not supported in Java JCE.<br/> +1307 * Currently this class supports only RSA encryption and decryption. +1308 * However it is planning to implement also symmetric ciphers near in the future. +1309 * @example +1310 */ +1311 KJUR.crypto.Cipher = function(params) { +1312 }; +1313 +1314 /** +1315 * encrypt raw string by specified key and algorithm<br/> +1316 * @name encrypt +1317 * @memberOf KJUR.crypto.Cipher +1318 * @function +1319 * @param {String} s input string to encrypt +1320 * @param {Object} keyObj RSAKey object or hexadecimal string of symmetric cipher key +1321 * @param {String} algName short/long algorithm name for encryption/decryption +1322 * @return {String} hexadecimal encrypted string +1323 * @since jsrsasign 6.2.0 crypto 1.1.10 +1324 * @description +1325 * This static method encrypts raw string with specified key and algorithm. +1326 * @example +1327 * KJUR.crypto.Cipher.encrypt("aaa", pubRSAKeyObj) → "1abc2d..." +1328 * KJUR.crypto.Cipher.encrypt("aaa", pubRSAKeyObj, "RSAOAEP) → "23ab02..." +1329 */ +1330 KJUR.crypto.Cipher.encrypt = function(s, keyObj, algName) { +1331 if (keyObj instanceof RSAKey && keyObj.isPublic) { +1332 var algName2 = KJUR.crypto.Cipher.getAlgByKeyAndName(keyObj, algName); +1333 if (algName2 === "RSA") return keyObj.encrypt(s); +1334 if (algName2 === "RSAOAEP") return keyObj.encryptOAEP(s, "sha1"); +1335 +1336 var a = algName2.match(/^RSAOAEP(\d+)$/); +1337 if (a !== null) return keyObj.encryptOAEP(s, "sha" + a[1]); +1338 +1339 throw "Cipher.encrypt: unsupported algorithm for RSAKey: " + algName; +1340 } else { +1341 throw "Cipher.encrypt: unsupported key or algorithm"; +1342 } +1343 }; +1344 +1345 /** +1346 * decrypt encrypted hexadecimal string with specified key and algorithm<br/> +1347 * @name decrypt +1348 * @memberOf KJUR.crypto.Cipher +1349 * @function +1350 * @param {String} hex hexadecial string of encrypted message +1351 * @param {Object} keyObj RSAKey object or hexadecimal string of symmetric cipher key +1352 * @param {String} algName short/long algorithm name for encryption/decryption +1353 * @return {String} hexadecimal encrypted string +1354 * @since jsrsasign 6.2.0 crypto 1.1.10 +1355 * @description +1356 * This static method decrypts encrypted hexadecimal string with specified key and algorithm. +1357 * @example +1358 * KJUR.crypto.Cipher.decrypt("aaa", prvRSAKeyObj) → "1abc2d..." +1359 * KJUR.crypto.Cipher.decrypt("aaa", prvRSAKeyObj, "RSAOAEP) → "23ab02..." +1360 */ +1361 KJUR.crypto.Cipher.decrypt = function(hex, keyObj, algName) { +1362 if (keyObj instanceof RSAKey && keyObj.isPrivate) { +1363 var algName2 = KJUR.crypto.Cipher.getAlgByKeyAndName(keyObj, algName); +1364 if (algName2 === "RSA") return keyObj.decrypt(hex); +1365 if (algName2 === "RSAOAEP") return keyObj.decryptOAEP(hex, "sha1"); +1366 +1367 var a = algName2.match(/^RSAOAEP(\d+)$/); +1368 if (a !== null) return keyObj.decryptOAEP(hex, "sha" + a[1]); +1369 +1370 throw "Cipher.decrypt: unsupported algorithm for RSAKey: " + algName; +1371 } else { +1372 throw "Cipher.decrypt: unsupported key or algorithm"; +1373 } +1374 }; +1375 +1376 /** +1377 * get canonicalized encrypt/decrypt algorithm name by key and short/long algorithm name<br/> +1378 * @name getAlgByKeyAndName +1379 * @memberOf KJUR.crypto.Cipher +1380 * @function +1381 * @param {Object} keyObj RSAKey object or hexadecimal string of symmetric cipher key +1382 * @param {String} algName short/long algorithm name for encryption/decryption +1383 * @return {String} canonicalized algorithm name for encryption/decryption +1384 * @since jsrsasign 6.2.0 crypto 1.1.10 +1385 * @description +1386 * Here is supported canonicalized cipher algorithm names and its standard names: +1387 * <ul> +1388 * <li>RSA - RSA/ECB/PKCS1Padding (default for RSAKey)</li> +1389 * <li>RSAOAEP - RSA/ECB/OAEPWithSHA-1AndMGF1Padding</li> +1390 * <li>RSAOAEP224 - RSA/ECB/OAEPWithSHA-224AndMGF1Padding(*)</li> +1391 * <li>RSAOAEP256 - RSA/ECB/OAEPWithSHA-256AndMGF1Padding</li> +1392 * <li>RSAOAEP384 - RSA/ECB/OAEPWithSHA-384AndMGF1Padding(*)</li> +1393 * <li>RSAOAEP512 - RSA/ECB/OAEPWithSHA-512AndMGF1Padding(*)</li> +1394 * </ul> +1395 * NOTE: (*) is not supported in Java JCE. +1396 * @example +1397 * KJUR.crypto.Cipher.getAlgByKeyAndName(objRSAKey) → "RSA" +1398 * KJUR.crypto.Cipher.getAlgByKeyAndName(objRSAKey, "RSAOAEP") → "RSAOAEP" +1399 */ +1400 KJUR.crypto.Cipher.getAlgByKeyAndName = function(keyObj, algName) { +1401 if (keyObj instanceof RSAKey) { +1402 if (":RSA:RSAOAEP:RSAOAEP224:RSAOAEP256:RSAOAEP384:RSAOAEP512:".indexOf(algName) != -1) +1403 return algName; +1404 if (algName === null || algName === undefined) return "RSA"; +1405 throw "getAlgByKeyAndName: not supported algorithm name for RSAKey: " + algName; +1406 } +1407 throw "getAlgByKeyAndName: not supported algorithm name: " + algName; +1408 } +1409 +1410 // ====== Other Utility class ===================================================== +1411 +1412 /** +1413 * static object for cryptographic function utilities +1414 * @name KJUR.crypto.OID +1415 * @class static object for cryptography related OIDs +1416 * @property {Array} oidhex2name key value of hexadecimal OID and its name +1417 * (ex. '2a8648ce3d030107' and 'secp256r1') +1418 * @since crypto 1.1.3 +1419 * @description +1420 */ +1421 KJUR.crypto.OID = new function() { +1422 this.oidhex2name = { +1423 '2a864886f70d010101': 'rsaEncryption', +1424 '2a8648ce3d0201': 'ecPublicKey', +1425 '2a8648ce380401': 'dsa', +1426 '2a8648ce3d030107': 'secp256r1', +1427 '2b8104001f': 'secp192k1', +1428 '2b81040021': 'secp224r1', +1429 '2b8104000a': 'secp256k1', +1430 '2b81040023': 'secp521r1', +1431 '2b81040022': 'secp384r1', +1432 '2a8648ce380403': 'SHA1withDSA', // 1.2.840.10040.4.3 +1433 '608648016503040301': 'SHA224withDSA', // 2.16.840.1.101.3.4.3.1 +1434 '608648016503040302': 'SHA256withDSA', // 2.16.840.1.101.3.4.3.2 +1435 }; +1436 }; +1437
      \ No newline at end of file diff --git a/api/symbols/src/x509-1.1.js.html b/api/symbols/src/x509-1.1.js.html index 97210b1c..29df7a5b 100644 --- a/api/symbols/src/x509-1.1.js.html +++ b/api/symbols/src/x509-1.1.js.html @@ -7,7 +7,7 @@ .line {border-right: 1px dotted #666; color: #666; font-style: normal;}
        1 /*! x509-1.1.9.js (c) 2012-2016 Kenji Urushima | kjur.github.com/jsrsasign/license
         2  */
      -  3 /* 
      +  3 /*
         4  * x509.js - X509 class to read subject public key from certificate.
         5  *
         6  * Copyright (c) 2010-2016 Kenji Urushima (kenji.urushima@gmail.com)
      @@ -15,7 +15,7 @@
         8  * This software is licensed under the terms of the MIT License.
         9  * http://kjur.github.com/jsrsasign/license
        10  *
      - 11  * The above copyright and license notice shall be 
      + 11  * The above copyright and license notice shall be
        12  * included in all copies or substantial portions of the Software.
        13  */
        14 
      @@ -52,7 +52,7 @@
        45  * <li>get basic fields, extensions, signature algorithms and signature values</li>
        46  * <li>read PEM certificate</li>
        47  * </ul>
      - 48  * 
      + 48  *
        49  * <ul>
        50  * <li><b>TO GET FIELDS</b>
        51  *   <ul>
      @@ -261,1004 +261,1006 @@
       254     this.readCertPEMWithoutRSAInit = function(sCertPEM) {
       255         var hCert = X509.pemToHex(sCertPEM);
       256         var a = X509.getPublicKeyHexArrayFromCertHex(hCert);
      -257         this.subjectPublicKeyRSA.setPublic(a[0], a[1]);
      -258         this.subjectPublicKeyRSA_hN = a[0];
      -259         this.subjectPublicKeyRSA_hE = a[1];
      -260         this.hex = hCert;
      -261     };
      -262 
      -263     /**
      -264      * get certificate information as string.<br/>
      -265      * @name getInfo
      -266      * @memberOf X509#
      -267      * @function
      -268      * @return {String} certificate information string
      -269      * @since jsrsasign 5.0.10 x509 1.1.8
      -270      * @example
      -271      * x = new X509();
      -272      * x.readCertPEM(certPEM);
      -273      * console.log(x.getInfo());
      -274      * // this shows as following
      -275      * Basic Fields
      -276      *   serial number: 02ac5c266a0b409b8f0b79f2ae462577
      -277      *   signature algorithm: SHA1withRSA
      -278      *   issuer: /C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert High Assurance EV Root CA
      -279      *   notBefore: 061110000000Z
      -280      *   notAfter: 311110000000Z
      -281      *   subject: /C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert High Assurance EV Root CA
      -282      *   subject public key info: 
      -283      *     key algorithm: RSA
      -284      *     n=c6cce573e6fbd4bb...
      -285      *     e=10001
      -286      * X509v3 Extensions:
      -287      *   keyUsage CRITICAL:
      -288      *     digitalSignature,keyCertSign,cRLSign
      -289      *   basicConstraints CRITICAL:
      -290      *     cA=true
      -291      *   subjectKeyIdentifier :
      -292      *     b13ec36903f8bf4701d498261a0802ef63642bc3
      -293      *   authorityKeyIdentifier :
      -294      *     kid=b13ec36903f8bf4701d498261a0802ef63642bc3
      -295      * signature algorithm: SHA1withRSA
      -296      * signature: 1c1a0697dcd79c9f...
      -297      */
      -298     this.getInfo = function() {
      -299 	var s = "Basic Fields\n";
      -300         s += "  serial number: " + this.getSerialNumberHex() + "\n";
      -301 	s += "  signature algorithm: " + this.getSignatureAlgorithmField() + "\n";
      -302 	s += "  issuer: " + this.getIssuerString() + "\n";
      -303 	s += "  notBefore: " + this.getNotBefore() + "\n";
      -304 	s += "  notAfter: " + this.getNotAfter() + "\n";
      -305 	s += "  subject: " + this.getSubjectString() + "\n";
      -306 	s += "  subject public key info: " + "\n";
      -307 
      -308 	// subject public key info
      -309 	var pSPKI = X509.getSubjectPublicKeyInfoPosFromCertHex(this.hex);
      -310 	var hSPKI = ASN1HEX.getHexOfTLV_AtObj(this.hex, pSPKI);
      -311 	var keyObj = KEYUTIL.getKey(hSPKI, null, "pkcs8pub");
      -312 	//s += "    " + JSON.stringify(keyObj) + "\n";
      -313 	if (keyObj instanceof RSAKey) {
      -314 	    s += "    key algorithm: RSA\n";
      -315 	    s += "    n=" + keyObj.n.toString(16).substr(0, 16) + "...\n";
      -316 	    s += "    e=" + keyObj.e.toString(16) + "\n";
      -317 	}
      -318 
      -319         s += "X509v3 Extensions:\n";
      +257         if (typeof this.subjectPublicKeyRSA.setPublic === "function") {
      +258             this.subjectPublicKeyRSA.setPublic(a[0], a[1]);
      +259         }
      +260         this.subjectPublicKeyRSA_hN = a[0];
      +261         this.subjectPublicKeyRSA_hE = a[1];
      +262         this.hex = hCert;
      +263     };
      +264 
      +265     /**
      +266      * get certificate information as string.<br/>
      +267      * @name getInfo
      +268      * @memberOf X509#
      +269      * @function
      +270      * @return {String} certificate information string
      +271      * @since jsrsasign 5.0.10 x509 1.1.8
      +272      * @example
      +273      * x = new X509();
      +274      * x.readCertPEM(certPEM);
      +275      * console.log(x.getInfo());
      +276      * // this shows as following
      +277      * Basic Fields
      +278      *   serial number: 02ac5c266a0b409b8f0b79f2ae462577
      +279      *   signature algorithm: SHA1withRSA
      +280      *   issuer: /C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert High Assurance EV Root CA
      +281      *   notBefore: 061110000000Z
      +282      *   notAfter: 311110000000Z
      +283      *   subject: /C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert High Assurance EV Root CA
      +284      *   subject public key info:
      +285      *     key algorithm: RSA
      +286      *     n=c6cce573e6fbd4bb...
      +287      *     e=10001
      +288      * X509v3 Extensions:
      +289      *   keyUsage CRITICAL:
      +290      *     digitalSignature,keyCertSign,cRLSign
      +291      *   basicConstraints CRITICAL:
      +292      *     cA=true
      +293      *   subjectKeyIdentifier :
      +294      *     b13ec36903f8bf4701d498261a0802ef63642bc3
      +295      *   authorityKeyIdentifier :
      +296      *     kid=b13ec36903f8bf4701d498261a0802ef63642bc3
      +297      * signature algorithm: SHA1withRSA
      +298      * signature: 1c1a0697dcd79c9f...
      +299      */
      +300     this.getInfo = function() {
      +301 	var s = "Basic Fields\n";
      +302         s += "  serial number: " + this.getSerialNumberHex() + "\n";
      +303 	s += "  signature algorithm: " + this.getSignatureAlgorithmField() + "\n";
      +304 	s += "  issuer: " + this.getIssuerString() + "\n";
      +305 	s += "  notBefore: " + this.getNotBefore() + "\n";
      +306 	s += "  notAfter: " + this.getNotAfter() + "\n";
      +307 	s += "  subject: " + this.getSubjectString() + "\n";
      +308 	s += "  subject public key info: " + "\n";
      +309 
      +310 	// subject public key info
      +311 	var pSPKI = X509.getSubjectPublicKeyInfoPosFromCertHex(this.hex);
      +312 	var hSPKI = ASN1HEX.getHexOfTLV_AtObj(this.hex, pSPKI);
      +313 	var keyObj = KEYUTIL.getKey(hSPKI, null, "pkcs8pub");
      +314 	//s += "    " + JSON.stringify(keyObj) + "\n";
      +315 	if (keyObj instanceof RSAKey) {
      +316 	    s += "    key algorithm: RSA\n";
      +317 	    s += "    n=" + keyObj.n.toString(16).substr(0, 16) + "...\n";
      +318 	    s += "    e=" + keyObj.e.toString(16) + "\n";
      +319 	}
       320 
      -321 	var aExt = X509.getV3ExtInfoListOfCertHex(this.hex);
      -322         for (var i = 0; i < aExt.length; i++) {
      -323 	    var info = aExt[i];
      -324 
      -325 	    // show extension name and critical flag
      -326 	    var extName = KJUR.asn1.x509.OID.oid2name(info["oid"]);
      -327 	    if (extName === '') extName = info["oid"];
      -328 
      -329 	    var critical = '';
      -330 	    if (info["critical"] === true) critical = "CRITICAL";
      -331 
      -332 	    s += "  " + extName + " " + critical + ":\n";
      +321         s += "X509v3 Extensions:\n";
      +322 
      +323 	var aExt = X509.getV3ExtInfoListOfCertHex(this.hex);
      +324         for (var i = 0; i < aExt.length; i++) {
      +325 	    var info = aExt[i];
      +326 
      +327 	    // show extension name and critical flag
      +328 	    var extName = KJUR.asn1.x509.OID.oid2name(info["oid"]);
      +329 	    if (extName === '') extName = info["oid"];
      +330 
      +331 	    var critical = '';
      +332 	    if (info["critical"] === true) critical = "CRITICAL";
       333 
      -334 	    // show extension value if supported
      -335 	    if (extName === "basicConstraints") {
      -336 		var bc = X509.getExtBasicConstraints(this.hex);
      -337 		if (bc.cA === undefined) {
      -338 		    s += "    {}\n";
      -339 		} else {
      -340 		    s += "    cA=true";
      -341 		    if (bc.pathLen !== undefined) 
      -342 			s += ", pathLen=" + bc.pathLen;
      -343 		    s += "\n";
      -344 		}
      -345 	    } else if (extName === "keyUsage") {
      -346 		s += "    " + X509.getExtKeyUsageString(this.hex) + "\n";
      -347 	    } else if (extName === "subjectKeyIdentifier") {
      -348 		s += "    " + X509.getExtSubjectKeyIdentifier(this.hex) + "\n";
      -349 	    } else if (extName === "authorityKeyIdentifier") {
      -350 		var akid = X509.getExtAuthorityKeyIdentifier(this.hex);
      -351 		if (akid.kid !== undefined)
      -352 		    s += "    kid=" + akid.kid + "\n";
      -353 	    } else if (extName === "extKeyUsage") {
      -354 		var eku = X509.getExtExtKeyUsageName(this.hex);
      -355 		s += "    " + eku.join(", ") + "\n";
      -356 	    } else if (extName === "subjectAltName") {
      -357 		var san = X509.getExtSubjectAltName(this.hex);
      -358 		s += "    " + san.join(", ") + "\n";
      -359 	    } else if (extName === "cRLDistributionPoints") {
      -360 		var cdp = X509.getExtCRLDistributionPointsURI(this.hex);
      -361 		s += "    " + cdp + "\n";
      -362 	    } else if (extName === "authorityInfoAccess") {
      -363 		var aia = X509.getExtAIAInfo(this.hex);
      -364 		if (aia.ocsp !== undefined)
      -365 		    s += "    ocsp: " + aia.ocsp.join(",") + "\n";
      -366 		if (aia.caissuer !== undefined)
      -367 		    s += "    caissuer: " + aia.caissuer.join(",") + "\n";
      -368 	    }
      -369         }
      -370 
      -371 	s += "signature algorithm: " + X509.getSignatureAlgorithmName(this.hex) + "\n";
      -372 	s += "signature: " + X509.getSignatureValueHex(this.hex).substr(0, 16) + "...\n";
      -373 	return s;
      -374     };
      -375 };
      -376 
      -377 /**
      -378  * get Base64 string from PEM certificate string
      -379  * @name pemToBase64
      -380  * @memberOf X509
      -381  * @function
      -382  * @param {String} sCertPEM PEM formatted RSA/ECDSA/DSA X.509 certificate
      -383  * @return {String} Base64 string of PEM certificate
      -384  * @example
      -385  * b64 = X509.pemToBase64(certPEM);
      -386  */
      -387 X509.pemToBase64 = function(sCertPEM) {
      -388     var s = sCertPEM;
      -389     s = s.replace("-----BEGIN CERTIFICATE-----", "");
      -390     s = s.replace("-----END CERTIFICATE-----", "");
      -391     s = s.replace(/[ \n]+/g, "");
      -392     return s;
      -393 };
      -394 
      -395 /**
      -396  * get a hexa decimal string from PEM certificate string
      -397  * @name pemToHex
      -398  * @memberOf X509
      -399  * @function
      -400  * @param {String} sCertPEM PEM formatted RSA/ECDSA/DSA X.509 certificate
      -401  * @return {String} hexadecimal string of PEM certificate
      -402  * @example
      -403  * hex = X509.pemToHex(certPEM);
      -404  */
      -405 X509.pemToHex = function(sCertPEM) {
      -406     var b64Cert = X509.pemToBase64(sCertPEM);
      -407     var hCert = b64tohex(b64Cert);
      -408     return hCert;
      -409 };
      -410 
      -411 /**
      -412  * get a string index of contents of subjectPublicKeyInfo BITSTRING value from hexadecimal certificate<br/>
      -413  * @name getSubjectPublicKeyPosFromCertHex
      -414  * @memberOf X509
      -415  * @function
      -416  * @param {String} hexadecimal string of DER RSA/ECDSA/DSA X.509 certificate
      -417  * @return {Integer} string index of key contents
      -418  * @example
      -419  * idx = X509.getSubjectPublicKeyPosFromCertHex("3082...");
      -420  */
      -421 // NOTE: Without BITSTRING encapsulation.
      -422 X509.getSubjectPublicKeyPosFromCertHex = function(hCert) {
      -423     var pInfo = X509.getSubjectPublicKeyInfoPosFromCertHex(hCert);
      -424     if (pInfo == -1) return -1;    
      -425     var a = ASN1HEX.getPosArrayOfChildren_AtObj(hCert, pInfo); 
      -426     if (a.length != 2) return -1;
      -427     var pBitString = a[1];
      -428     if (hCert.substring(pBitString, pBitString + 2) != '03') return -1;
      -429     var pBitStringV = ASN1HEX.getStartPosOfV_AtObj(hCert, pBitString);
      -430     
      -431     if (hCert.substring(pBitStringV, pBitStringV + 2) != '00') return -1;
      -432     return pBitStringV + 2;
      -433 };
      -434 
      -435 /**
      -436  * get a string index of subjectPublicKeyInfo field from hexadecimal certificate<br/>
      -437  * @name getSubjectPublicKeyInfoPosFromCertHex
      -438  * @memberOf X509
      -439  * @function
      -440  * @param {String} hexadecimal string of DER RSA/ECDSA/DSA X.509 certificate
      -441  * @return {Integer} string index of subjectPublicKeyInfo field
      -442  * @description
      -443  * This static method gets a string index of subjectPublicKeyInfo field from hexadecimal certificate.<br/>
      -444  * NOTE1: privateKeyUsagePeriod field of X509v2 not supported.<br/>
      -445  * NOTE2: X.509v1 and X.509v3 certificate are supported.<br/>
      -446  * @example
      -447  * idx = X509.getSubjectPublicKeyInfoPosFromCertHex("3082...");
      -448  */
      -449 X509.getSubjectPublicKeyInfoPosFromCertHex = function(hCert) {
      -450     var pTbsCert = ASN1HEX.getStartPosOfV_AtObj(hCert, 0);
      -451     var a = ASN1HEX.getPosArrayOfChildren_AtObj(hCert, pTbsCert); 
      -452     if (a.length < 1) return -1;
      -453     if (hCert.substring(a[0], a[0] + 10) == "a003020102") { // v3
      -454         if (a.length < 6) return -1;
      -455         return a[6];
      -456     } else {
      -457         if (a.length < 5) return -1;
      -458         return a[5];
      -459     }
      -460 };
      -461 
      -462 X509.getPublicKeyHexArrayFromCertHex = function(hCert) {
      -463     var p = X509.getSubjectPublicKeyPosFromCertHex(hCert);
      -464     var a = ASN1HEX.getPosArrayOfChildren_AtObj(hCert, p); 
      -465     if (a.length != 2) return [];
      -466     var hN = ASN1HEX.getHexOfV_AtObj(hCert, a[0]);
      -467     var hE = ASN1HEX.getHexOfV_AtObj(hCert, a[1]);
      -468     if (hN != null && hE != null) {
      -469         return [hN, hE];
      -470     } else {
      -471         return [];
      -472     }
      -473 };
      -474 
      -475 X509.getHexTbsCertificateFromCert = function(hCert) {
      -476     var pTbsCert = ASN1HEX.getStartPosOfV_AtObj(hCert, 0);
      -477     return pTbsCert;
      -478 };
      -479 
      -480 X509.getPublicKeyHexArrayFromCertPEM = function(sCertPEM) {
      -481     var hCert = X509.pemToHex(sCertPEM);
      -482     var a = X509.getPublicKeyHexArrayFromCertHex(hCert);
      -483     return a;
      -484 };
      -485 
      -486 X509.hex2dn = function(hDN) {
      -487     var s = "";
      -488     var a = ASN1HEX.getPosArrayOfChildren_AtObj(hDN, 0);
      -489     for (var i = 0; i < a.length; i++) {
      -490         var hRDN = ASN1HEX.getHexOfTLV_AtObj(hDN, a[i]);
      -491         s = s + "/" + X509.hex2rdn(hRDN);
      -492     }
      -493     return s;
      -494 };
      -495 
      -496 X509.hex2rdn = function(hRDN) {
      -497     var hType = ASN1HEX.getDecendantHexTLVByNthList(hRDN, 0, [0, 0]);
      -498     var hValue = ASN1HEX.getDecendantHexVByNthList(hRDN, 0, [0, 1]);
      -499     var type = "";
      -500     try { type = X509.DN_ATTRHEX[hType]; } catch (ex) { type = hType; }
      -501     hValue = hValue.replace(/(..)/g, "%$1");
      -502     var value = decodeURIComponent(hValue);
      -503     return type + "=" + value;
      -504 };
      -505 
      -506 X509.DN_ATTRHEX = {
      -507     "0603550406": "C",
      -508     "060355040a": "O",
      -509     "060355040b": "OU",
      -510     "0603550403": "CN",
      -511     "0603550405": "SN",
      -512     "0603550408": "ST",
      -513     "0603550407": "L",
      -514     "0603550409": "streetAddress",
      -515     "060355040f": "businessCategory",
      -516     "0603550411": "postalCode",
      -517     "060b2b0601040182373c020102": "jurisdictionOfIncorporationSP",
      -518     "060b2b0601040182373c020103": "jurisdictionOfIncorporationC",
      -519 };
      -520 
      -521 /**
      -522  * get RSAKey/ECDSA public key object from PEM certificate string
      -523  * @name getPublicKeyFromCertPEM
      -524  * @memberOf X509
      -525  * @function
      -526  * @param {String} sCertPEM PEM formatted RSA/ECDSA/DSA X.509 certificate
      -527  * @return returns RSAKey/KJUR.crypto.{ECDSA,DSA} object of public key
      -528  * @since x509 1.1.1
      -529  * @description
      -530  * NOTE: DSA is also supported since x509 1.1.2.
      -531  */
      -532 X509.getPublicKeyFromCertPEM = function(sCertPEM) {
      -533     var info = X509.getPublicKeyInfoPropOfCertPEM(sCertPEM);
      -534 
      -535     if (info.algoid == "2a864886f70d010101") { // RSA
      -536         var aRSA = KEYUTIL.parsePublicRawRSAKeyHex(info.keyhex);
      -537         var key = new RSAKey();
      -538         key.setPublic(aRSA.n, aRSA.e);
      -539         return key;
      -540     } else if (info.algoid == "2a8648ce3d0201") { // ECC
      -541         var curveName = KJUR.crypto.OID.oidhex2name[info.algparam];
      -542         var key = new KJUR.crypto.ECDSA({'curve': curveName, 'info': info.keyhex});
      -543         key.setPublicKeyHex(info.keyhex);
      -544         return key;
      -545     } else if (info.algoid == "2a8648ce380401") { // DSA 1.2.840.10040.4.1
      -546         var p = ASN1HEX.getVbyList(info.algparam, 0, [0], "02");
      -547         var q = ASN1HEX.getVbyList(info.algparam, 0, [1], "02");
      -548         var g = ASN1HEX.getVbyList(info.algparam, 0, [2], "02");
      -549         var y = ASN1HEX.getHexOfV_AtObj(info.keyhex, 0);
      -550         y = y.substr(2);
      -551         var key = new KJUR.crypto.DSA();
      -552         key.setPublic(new BigInteger(p, 16),
      -553                       new BigInteger(q, 16),
      -554                       new BigInteger(g, 16),
      -555                       new BigInteger(y, 16));
      -556         return key;
      -557     } else {
      -558         throw "unsupported key";
      -559     }
      -560 };
      -561 
      -562 /**
      -563  * get public key information from PEM certificate
      -564  * @name getPublicKeyInfoPropOfCertPEM
      -565  * @memberOf X509
      -566  * @function
      -567  * @param {String} sCertPEM string of PEM formatted certificate
      -568  * @return {Hash} hash of information for public key
      -569  * @since x509 1.1.1
      -570  * @description
      -571  * Resulted associative array has following properties:<br/>
      -572  * <ul>
      -573  * <li>algoid - hexadecimal string of OID of asymmetric key algorithm</li>
      -574  * <li>algparam - hexadecimal string of OID of ECC curve name or null</li>
      -575  * <li>keyhex - hexadecimal string of key in the certificate</li>
      -576  * </ul>
      -577  * NOTE: X509v1 certificate is also supported since x509.js 1.1.9.
      -578  */
      -579 X509.getPublicKeyInfoPropOfCertPEM = function(sCertPEM) {
      -580     var result = {};
      -581     result.algparam = null;
      -582     var hCert = X509.pemToHex(sCertPEM);
      -583 
      -584     // 1. Certificate ASN.1
      -585     var a1 = ASN1HEX.getPosArrayOfChildren_AtObj(hCert, 0); 
      -586     if (a1.length != 3)
      -587         throw "malformed X.509 certificate PEM (code:001)"; // not 3 item of seq Cert
      -588 
      -589     // 2. tbsCertificate
      -590     if (hCert.substr(a1[0], 2) != "30")
      -591         throw "malformed X.509 certificate PEM (code:002)"; // tbsCert not seq 
      -592 
      -593     var a2 = ASN1HEX.getPosArrayOfChildren_AtObj(hCert, a1[0]); 
      +334 	    s += "  " + extName + " " + critical + ":\n";
      +335 
      +336 	    // show extension value if supported
      +337 	    if (extName === "basicConstraints") {
      +338 		var bc = X509.getExtBasicConstraints(this.hex);
      +339 		if (bc.cA === undefined) {
      +340 		    s += "    {}\n";
      +341 		} else {
      +342 		    s += "    cA=true";
      +343 		    if (bc.pathLen !== undefined)
      +344 			s += ", pathLen=" + bc.pathLen;
      +345 		    s += "\n";
      +346 		}
      +347 	    } else if (extName === "keyUsage") {
      +348 		s += "    " + X509.getExtKeyUsageString(this.hex) + "\n";
      +349 	    } else if (extName === "subjectKeyIdentifier") {
      +350 		s += "    " + X509.getExtSubjectKeyIdentifier(this.hex) + "\n";
      +351 	    } else if (extName === "authorityKeyIdentifier") {
      +352 		var akid = X509.getExtAuthorityKeyIdentifier(this.hex);
      +353 		if (akid.kid !== undefined)
      +354 		    s += "    kid=" + akid.kid + "\n";
      +355 	    } else if (extName === "extKeyUsage") {
      +356 		var eku = X509.getExtExtKeyUsageName(this.hex);
      +357 		s += "    " + eku.join(", ") + "\n";
      +358 	    } else if (extName === "subjectAltName") {
      +359 		var san = X509.getExtSubjectAltName(this.hex);
      +360 		s += "    " + san.join(", ") + "\n";
      +361 	    } else if (extName === "cRLDistributionPoints") {
      +362 		var cdp = X509.getExtCRLDistributionPointsURI(this.hex);
      +363 		s += "    " + cdp + "\n";
      +364 	    } else if (extName === "authorityInfoAccess") {
      +365 		var aia = X509.getExtAIAInfo(this.hex);
      +366 		if (aia.ocsp !== undefined)
      +367 		    s += "    ocsp: " + aia.ocsp.join(",") + "\n";
      +368 		if (aia.caissuer !== undefined)
      +369 		    s += "    caissuer: " + aia.caissuer.join(",") + "\n";
      +370 	    }
      +371         }
      +372 
      +373 	s += "signature algorithm: " + X509.getSignatureAlgorithmName(this.hex) + "\n";
      +374 	s += "signature: " + X509.getSignatureValueHex(this.hex).substr(0, 16) + "...\n";
      +375 	return s;
      +376     };
      +377 };
      +378 
      +379 /**
      +380  * get Base64 string from PEM certificate string
      +381  * @name pemToBase64
      +382  * @memberOf X509
      +383  * @function
      +384  * @param {String} sCertPEM PEM formatted RSA/ECDSA/DSA X.509 certificate
      +385  * @return {String} Base64 string of PEM certificate
      +386  * @example
      +387  * b64 = X509.pemToBase64(certPEM);
      +388  */
      +389 X509.pemToBase64 = function(sCertPEM) {
      +390     var s = sCertPEM;
      +391     s = s.replace("-----BEGIN CERTIFICATE-----", "");
      +392     s = s.replace("-----END CERTIFICATE-----", "");
      +393     s = s.replace(/[ \n]+/g, "");
      +394     return s;
      +395 };
      +396 
      +397 /**
      +398  * get a hexa decimal string from PEM certificate string
      +399  * @name pemToHex
      +400  * @memberOf X509
      +401  * @function
      +402  * @param {String} sCertPEM PEM formatted RSA/ECDSA/DSA X.509 certificate
      +403  * @return {String} hexadecimal string of PEM certificate
      +404  * @example
      +405  * hex = X509.pemToHex(certPEM);
      +406  */
      +407 X509.pemToHex = function(sCertPEM) {
      +408     var b64Cert = X509.pemToBase64(sCertPEM);
      +409     var hCert = b64tohex(b64Cert);
      +410     return hCert;
      +411 };
      +412 
      +413 /**
      +414  * get a string index of contents of subjectPublicKeyInfo BITSTRING value from hexadecimal certificate<br/>
      +415  * @name getSubjectPublicKeyPosFromCertHex
      +416  * @memberOf X509
      +417  * @function
      +418  * @param {String} hexadecimal string of DER RSA/ECDSA/DSA X.509 certificate
      +419  * @return {Integer} string index of key contents
      +420  * @example
      +421  * idx = X509.getSubjectPublicKeyPosFromCertHex("3082...");
      +422  */
      +423 // NOTE: Without BITSTRING encapsulation.
      +424 X509.getSubjectPublicKeyPosFromCertHex = function(hCert) {
      +425     var pInfo = X509.getSubjectPublicKeyInfoPosFromCertHex(hCert);
      +426     if (pInfo == -1) return -1;
      +427     var a = ASN1HEX.getPosArrayOfChildren_AtObj(hCert, pInfo);
      +428     if (a.length != 2) return -1;
      +429     var pBitString = a[1];
      +430     if (hCert.substring(pBitString, pBitString + 2) != '03') return -1;
      +431     var pBitStringV = ASN1HEX.getStartPosOfV_AtObj(hCert, pBitString);
      +432 
      +433     if (hCert.substring(pBitStringV, pBitStringV + 2) != '00') return -1;
      +434     return pBitStringV + 2;
      +435 };
      +436 
      +437 /**
      +438  * get a string index of subjectPublicKeyInfo field from hexadecimal certificate<br/>
      +439  * @name getSubjectPublicKeyInfoPosFromCertHex
      +440  * @memberOf X509
      +441  * @function
      +442  * @param {String} hexadecimal string of DER RSA/ECDSA/DSA X.509 certificate
      +443  * @return {Integer} string index of subjectPublicKeyInfo field
      +444  * @description
      +445  * This static method gets a string index of subjectPublicKeyInfo field from hexadecimal certificate.<br/>
      +446  * NOTE1: privateKeyUsagePeriod field of X509v2 not supported.<br/>
      +447  * NOTE2: X.509v1 and X.509v3 certificate are supported.<br/>
      +448  * @example
      +449  * idx = X509.getSubjectPublicKeyInfoPosFromCertHex("3082...");
      +450  */
      +451 X509.getSubjectPublicKeyInfoPosFromCertHex = function(hCert) {
      +452     var pTbsCert = ASN1HEX.getStartPosOfV_AtObj(hCert, 0);
      +453     var a = ASN1HEX.getPosArrayOfChildren_AtObj(hCert, pTbsCert);
      +454     if (a.length < 1) return -1;
      +455     if (hCert.substring(a[0], a[0] + 10) == "a003020102") { // v3
      +456         if (a.length < 6) return -1;
      +457         return a[6];
      +458     } else {
      +459         if (a.length < 5) return -1;
      +460         return a[5];
      +461     }
      +462 };
      +463 
      +464 X509.getPublicKeyHexArrayFromCertHex = function(hCert) {
      +465     var p = X509.getSubjectPublicKeyPosFromCertHex(hCert);
      +466     var a = ASN1HEX.getPosArrayOfChildren_AtObj(hCert, p);
      +467     if (a.length != 2) return [];
      +468     var hN = ASN1HEX.getHexOfV_AtObj(hCert, a[0]);
      +469     var hE = ASN1HEX.getHexOfV_AtObj(hCert, a[1]);
      +470     if (hN != null && hE != null) {
      +471         return [hN, hE];
      +472     } else {
      +473         return [];
      +474     }
      +475 };
      +476 
      +477 X509.getHexTbsCertificateFromCert = function(hCert) {
      +478     var pTbsCert = ASN1HEX.getStartPosOfV_AtObj(hCert, 0);
      +479     return pTbsCert;
      +480 };
      +481 
      +482 X509.getPublicKeyHexArrayFromCertPEM = function(sCertPEM) {
      +483     var hCert = X509.pemToHex(sCertPEM);
      +484     var a = X509.getPublicKeyHexArrayFromCertHex(hCert);
      +485     return a;
      +486 };
      +487 
      +488 X509.hex2dn = function(hDN) {
      +489     var s = "";
      +490     var a = ASN1HEX.getPosArrayOfChildren_AtObj(hDN, 0);
      +491     for (var i = 0; i < a.length; i++) {
      +492         var hRDN = ASN1HEX.getHexOfTLV_AtObj(hDN, a[i]);
      +493         s = s + "/" + X509.hex2rdn(hRDN);
      +494     }
      +495     return s;
      +496 };
      +497 
      +498 X509.hex2rdn = function(hRDN) {
      +499     var hType = ASN1HEX.getDecendantHexTLVByNthList(hRDN, 0, [0, 0]);
      +500     var hValue = ASN1HEX.getDecendantHexVByNthList(hRDN, 0, [0, 1]);
      +501     var type = "";
      +502     try { type = X509.DN_ATTRHEX[hType]; } catch (ex) { type = hType; }
      +503     hValue = hValue.replace(/(..)/g, "%$1");
      +504     var value = decodeURIComponent(hValue);
      +505     return type + "=" + value;
      +506 };
      +507 
      +508 X509.DN_ATTRHEX = {
      +509     "0603550406": "C",
      +510     "060355040a": "O",
      +511     "060355040b": "OU",
      +512     "0603550403": "CN",
      +513     "0603550405": "SN",
      +514     "0603550408": "ST",
      +515     "0603550407": "L",
      +516     "0603550409": "streetAddress",
      +517     "060355040f": "businessCategory",
      +518     "0603550411": "postalCode",
      +519     "060b2b0601040182373c020102": "jurisdictionOfIncorporationSP",
      +520     "060b2b0601040182373c020103": "jurisdictionOfIncorporationC",
      +521 };
      +522 
      +523 /**
      +524  * get RSAKey/ECDSA public key object from PEM certificate string
      +525  * @name getPublicKeyFromCertPEM
      +526  * @memberOf X509
      +527  * @function
      +528  * @param {String} sCertPEM PEM formatted RSA/ECDSA/DSA X.509 certificate
      +529  * @return returns RSAKey/KJUR.crypto.{ECDSA,DSA} object of public key
      +530  * @since x509 1.1.1
      +531  * @description
      +532  * NOTE: DSA is also supported since x509 1.1.2.
      +533  */
      +534 X509.getPublicKeyFromCertPEM = function(sCertPEM) {
      +535     var info = X509.getPublicKeyInfoPropOfCertPEM(sCertPEM);
      +536 
      +537     if (info.algoid == "2a864886f70d010101") { // RSA
      +538         var aRSA = KEYUTIL.parsePublicRawRSAKeyHex(info.keyhex);
      +539         var key = new RSAKey();
      +540         key.setPublic(aRSA.n, aRSA.e);
      +541         return key;
      +542     } else if (info.algoid == "2a8648ce3d0201") { // ECC
      +543         var curveName = KJUR.crypto.OID.oidhex2name[info.algparam];
      +544         var key = new KJUR.crypto.ECDSA({'curve': curveName, 'info': info.keyhex});
      +545         key.setPublicKeyHex(info.keyhex);
      +546         return key;
      +547     } else if (info.algoid == "2a8648ce380401") { // DSA 1.2.840.10040.4.1
      +548         var p = ASN1HEX.getVbyList(info.algparam, 0, [0], "02");
      +549         var q = ASN1HEX.getVbyList(info.algparam, 0, [1], "02");
      +550         var g = ASN1HEX.getVbyList(info.algparam, 0, [2], "02");
      +551         var y = ASN1HEX.getHexOfV_AtObj(info.keyhex, 0);
      +552         y = y.substr(2);
      +553         var key = new KJUR.crypto.DSA();
      +554         key.setPublic(new BigInteger(p, 16),
      +555                       new BigInteger(q, 16),
      +556                       new BigInteger(g, 16),
      +557                       new BigInteger(y, 16));
      +558         return key;
      +559     } else {
      +560         throw "unsupported key";
      +561     }
      +562 };
      +563 
      +564 /**
      +565  * get public key information from PEM certificate
      +566  * @name getPublicKeyInfoPropOfCertPEM
      +567  * @memberOf X509
      +568  * @function
      +569  * @param {String} sCertPEM string of PEM formatted certificate
      +570  * @return {Hash} hash of information for public key
      +571  * @since x509 1.1.1
      +572  * @description
      +573  * Resulted associative array has following properties:<br/>
      +574  * <ul>
      +575  * <li>algoid - hexadecimal string of OID of asymmetric key algorithm</li>
      +576  * <li>algparam - hexadecimal string of OID of ECC curve name or null</li>
      +577  * <li>keyhex - hexadecimal string of key in the certificate</li>
      +578  * </ul>
      +579  * NOTE: X509v1 certificate is also supported since x509.js 1.1.9.
      +580  */
      +581 X509.getPublicKeyInfoPropOfCertPEM = function(sCertPEM) {
      +582     var result = {};
      +583     result.algparam = null;
      +584     var hCert = X509.pemToHex(sCertPEM);
      +585 
      +586     // 1. Certificate ASN.1
      +587     var a1 = ASN1HEX.getPosArrayOfChildren_AtObj(hCert, 0);
      +588     if (a1.length != 3)
      +589         throw "malformed X.509 certificate PEM (code:001)"; // not 3 item of seq Cert
      +590 
      +591     // 2. tbsCertificate
      +592     if (hCert.substr(a1[0], 2) != "30")
      +593         throw "malformed X.509 certificate PEM (code:002)"; // tbsCert not seq
       594 
      -595     // 3. subjectPublicKeyInfo
      -596     var idx_spi = 6; // subjectPublicKeyInfo index in tbsCert for v3 cert
      -597     if (hCert.substr(a2[0], 2) !== "a0") idx_spi = 5;
      -598 
      -599     if (a2.length < idx_spi + 1)
      -600         throw "malformed X.509 certificate PEM (code:003)"; // no subjPubKeyInfo
      -601 
      -602     var a3 = ASN1HEX.getPosArrayOfChildren_AtObj(hCert, a2[idx_spi]); 
      +595     var a2 = ASN1HEX.getPosArrayOfChildren_AtObj(hCert, a1[0]);
      +596 
      +597     // 3. subjectPublicKeyInfo
      +598     var idx_spi = 6; // subjectPublicKeyInfo index in tbsCert for v3 cert
      +599     if (hCert.substr(a2[0], 2) !== "a0") idx_spi = 5;
      +600 
      +601     if (a2.length < idx_spi + 1)
      +602         throw "malformed X.509 certificate PEM (code:003)"; // no subjPubKeyInfo
       603 
      -604     if (a3.length != 2)
      -605         throw "malformed X.509 certificate PEM (code:004)"; // not AlgId and PubKey
      -606 
      -607     // 4. AlgId
      -608     var a4 = ASN1HEX.getPosArrayOfChildren_AtObj(hCert, a3[0]); 
      -609 
      -610     if (a4.length != 2)
      -611         throw "malformed X.509 certificate PEM (code:005)"; // not 2 item in AlgId
      -612 
      -613     result.algoid = ASN1HEX.getHexOfV_AtObj(hCert, a4[0]);
      +604     var a3 = ASN1HEX.getPosArrayOfChildren_AtObj(hCert, a2[idx_spi]);
      +605 
      +606     if (a3.length != 2)
      +607         throw "malformed X.509 certificate PEM (code:004)"; // not AlgId and PubKey
      +608 
      +609     // 4. AlgId
      +610     var a4 = ASN1HEX.getPosArrayOfChildren_AtObj(hCert, a3[0]);
      +611 
      +612     if (a4.length != 2)
      +613         throw "malformed X.509 certificate PEM (code:005)"; // not 2 item in AlgId
       614 
      -615     if (hCert.substr(a4[1], 2) == "06") { // EC
      -616         result.algparam = ASN1HEX.getHexOfV_AtObj(hCert, a4[1]);
      -617     } else if (hCert.substr(a4[1], 2) == "30") { // DSA
      -618         result.algparam = ASN1HEX.getHexOfTLV_AtObj(hCert, a4[1]);
      -619     }
      -620 
      -621     // 5. Public Key Hex
      -622     if (hCert.substr(a3[1], 2) != "03")
      -623         throw "malformed X.509 certificate PEM (code:006)"; // not bitstring
      -624 
      -625     var unusedBitAndKeyHex = ASN1HEX.getHexOfV_AtObj(hCert, a3[1]);
      -626     result.keyhex = unusedBitAndKeyHex.substr(2);
      -627 
      -628     return result;
      -629 };
      -630 
      -631 /**
      -632  * get position of subjectPublicKeyInfo field from HEX certificate
      -633  * @name getPublicKeyInfoPosOfCertHEX
      -634  * @memberOf X509
      -635  * @function
      -636  * @param {String} hCert hexadecimal string of certificate
      -637  * @return {Integer} position in hexadecimal string
      -638  * @since x509 1.1.4
      -639  * @description
      -640  * get position for SubjectPublicKeyInfo field in the hexadecimal string of
      -641  * certificate.
      -642  */
      -643 X509.getPublicKeyInfoPosOfCertHEX = function(hCert) {
      -644     // 1. Certificate ASN.1
      -645     var a1 = ASN1HEX.getPosArrayOfChildren_AtObj(hCert, 0); 
      -646     if (a1.length != 3)
      -647         throw "malformed X.509 certificate PEM (code:001)"; // not 3 item of seq Cert
      -648 
      -649     // 2. tbsCertificate
      -650     if (hCert.substr(a1[0], 2) != "30")
      -651         throw "malformed X.509 certificate PEM (code:002)"; // tbsCert not seq 
      -652 
      -653     var a2 = ASN1HEX.getPosArrayOfChildren_AtObj(hCert, a1[0]); 
      +615     result.algoid = ASN1HEX.getHexOfV_AtObj(hCert, a4[0]);
      +616 
      +617     if (hCert.substr(a4[1], 2) == "06") { // EC
      +618         result.algparam = ASN1HEX.getHexOfV_AtObj(hCert, a4[1]);
      +619     } else if (hCert.substr(a4[1], 2) == "30") { // DSA
      +620         result.algparam = ASN1HEX.getHexOfTLV_AtObj(hCert, a4[1]);
      +621     }
      +622 
      +623     // 5. Public Key Hex
      +624     if (hCert.substr(a3[1], 2) != "03")
      +625         throw "malformed X.509 certificate PEM (code:006)"; // not bitstring
      +626 
      +627     var unusedBitAndKeyHex = ASN1HEX.getHexOfV_AtObj(hCert, a3[1]);
      +628     result.keyhex = unusedBitAndKeyHex.substr(2);
      +629 
      +630     return result;
      +631 };
      +632 
      +633 /**
      +634  * get position of subjectPublicKeyInfo field from HEX certificate
      +635  * @name getPublicKeyInfoPosOfCertHEX
      +636  * @memberOf X509
      +637  * @function
      +638  * @param {String} hCert hexadecimal string of certificate
      +639  * @return {Integer} position in hexadecimal string
      +640  * @since x509 1.1.4
      +641  * @description
      +642  * get position for SubjectPublicKeyInfo field in the hexadecimal string of
      +643  * certificate.
      +644  */
      +645 X509.getPublicKeyInfoPosOfCertHEX = function(hCert) {
      +646     // 1. Certificate ASN.1
      +647     var a1 = ASN1HEX.getPosArrayOfChildren_AtObj(hCert, 0);
      +648     if (a1.length != 3)
      +649         throw "malformed X.509 certificate PEM (code:001)"; // not 3 item of seq Cert
      +650 
      +651     // 2. tbsCertificate
      +652     if (hCert.substr(a1[0], 2) != "30")
      +653         throw "malformed X.509 certificate PEM (code:002)"; // tbsCert not seq
       654 
      -655     // 3. subjectPublicKeyInfo
      -656     if (a2.length < 7)
      -657         throw "malformed X.509 certificate PEM (code:003)"; // no subjPubKeyInfo
      -658     
      -659     return a2[6];
      -660 };
      -661 
      -662 /**
      -663  * get array of X.509 V3 extension value information in hex string of certificate
      -664  * @name getV3ExtInfoListOfCertHex
      -665  * @memberOf X509
      -666  * @function
      -667  * @param {String} hCert hexadecimal string of X.509 certificate binary
      -668  * @return {Array} array of result object by {@link X509.getV3ExtInfoListOfCertHex}
      -669  * @since x509 1.1.5
      -670  * @description
      -671  * This method will get all extension information of a X.509 certificate.
      -672  * Items of resulting array has following properties:
      -673  * <ul>
      -674  * <li>posTLV - index of ASN.1 TLV for the extension. same as 'pos' argument.</li>
      -675  * <li>oid - dot noted string of extension oid (ex. 2.5.29.14)</li>
      -676  * <li>critical - critical flag value for this extension</li>
      -677  * <li>posV - index of ASN.1 TLV for the extension value.
      -678  * This is a position of a content of ENCAPSULATED OCTET STRING.</li>
      -679  * </ul>
      -680  * @example
      -681  * hCert = X509.pemToHex(certGithubPEM);
      -682  * a = X509.getV3ExtInfoListOfCertHex(hCert);
      -683  * // Then a will be an array of like following:
      -684  * [{posTLV: 1952, oid: "2.5.29.35", critical: false, posV: 1968},
      -685  *  {posTLV: 1974, oid: "2.5.29.19", critical: true, posV: 1986}, ...]
      -686  */
      -687 X509.getV3ExtInfoListOfCertHex = function(hCert) {
      -688     // 1. Certificate ASN.1
      -689     var a1 = ASN1HEX.getPosArrayOfChildren_AtObj(hCert, 0); 
      -690     if (a1.length != 3)
      -691         throw "malformed X.509 certificate PEM (code:001)"; // not 3 item of seq Cert
      -692 
      -693     // 2. tbsCertificate
      -694     if (hCert.substr(a1[0], 2) != "30")
      -695         throw "malformed X.509 certificate PEM (code:002)"; // tbsCert not seq 
      -696 
      -697     var a2 = ASN1HEX.getPosArrayOfChildren_AtObj(hCert, a1[0]); 
      +655     var a2 = ASN1HEX.getPosArrayOfChildren_AtObj(hCert, a1[0]);
      +656 
      +657     // 3. subjectPublicKeyInfo
      +658     if (a2.length < 7)
      +659         throw "malformed X.509 certificate PEM (code:003)"; // no subjPubKeyInfo
      +660 
      +661     return a2[6];
      +662 };
      +663 
      +664 /**
      +665  * get array of X.509 V3 extension value information in hex string of certificate
      +666  * @name getV3ExtInfoListOfCertHex
      +667  * @memberOf X509
      +668  * @function
      +669  * @param {String} hCert hexadecimal string of X.509 certificate binary
      +670  * @return {Array} array of result object by {@link X509.getV3ExtInfoListOfCertHex}
      +671  * @since x509 1.1.5
      +672  * @description
      +673  * This method will get all extension information of a X.509 certificate.
      +674  * Items of resulting array has following properties:
      +675  * <ul>
      +676  * <li>posTLV - index of ASN.1 TLV for the extension. same as 'pos' argument.</li>
      +677  * <li>oid - dot noted string of extension oid (ex. 2.5.29.14)</li>
      +678  * <li>critical - critical flag value for this extension</li>
      +679  * <li>posV - index of ASN.1 TLV for the extension value.
      +680  * This is a position of a content of ENCAPSULATED OCTET STRING.</li>
      +681  * </ul>
      +682  * @example
      +683  * hCert = X509.pemToHex(certGithubPEM);
      +684  * a = X509.getV3ExtInfoListOfCertHex(hCert);
      +685  * // Then a will be an array of like following:
      +686  * [{posTLV: 1952, oid: "2.5.29.35", critical: false, posV: 1968},
      +687  *  {posTLV: 1974, oid: "2.5.29.19", critical: true, posV: 1986}, ...]
      +688  */
      +689 X509.getV3ExtInfoListOfCertHex = function(hCert) {
      +690     // 1. Certificate ASN.1
      +691     var a1 = ASN1HEX.getPosArrayOfChildren_AtObj(hCert, 0);
      +692     if (a1.length != 3)
      +693         throw "malformed X.509 certificate PEM (code:001)"; // not 3 item of seq Cert
      +694 
      +695     // 2. tbsCertificate
      +696     if (hCert.substr(a1[0], 2) != "30")
      +697         throw "malformed X.509 certificate PEM (code:002)"; // tbsCert not seq
       698 
      -699     // 3. v3Extension EXPLICIT Tag [3]
      -700     // ver, seri, alg, iss, validity, subj, spki, (iui,) (sui,) ext
      -701     if (a2.length < 8)
      -702         throw "malformed X.509 certificate PEM (code:003)"; // tbsCert num field too short
      -703 
      -704     if (hCert.substr(a2[7], 2) != "a3")
      -705         throw "malformed X.509 certificate PEM (code:004)"; // not [3] tag
      -706 
      -707     var a3 = ASN1HEX.getPosArrayOfChildren_AtObj(hCert, a2[7]);
      -708     if (a3.length != 1)
      -709         throw "malformed X.509 certificate PEM (code:005)"; // [3]tag numChild!=1
      -710 
      -711     // 4. v3Extension SEQUENCE
      -712     if (hCert.substr(a3[0], 2) != "30")
      -713         throw "malformed X.509 certificate PEM (code:006)"; // not SEQ
      -714 
      -715     var a4 = ASN1HEX.getPosArrayOfChildren_AtObj(hCert, a3[0]);
      +699     var a2 = ASN1HEX.getPosArrayOfChildren_AtObj(hCert, a1[0]);
      +700 
      +701     // 3. v3Extension EXPLICIT Tag [3]
      +702     // ver, seri, alg, iss, validity, subj, spki, (iui,) (sui,) ext
      +703     if (a2.length < 8)
      +704         throw "malformed X.509 certificate PEM (code:003)"; // tbsCert num field too short
      +705 
      +706     if (hCert.substr(a2[7], 2) != "a3")
      +707         throw "malformed X.509 certificate PEM (code:004)"; // not [3] tag
      +708 
      +709     var a3 = ASN1HEX.getPosArrayOfChildren_AtObj(hCert, a2[7]);
      +710     if (a3.length != 1)
      +711         throw "malformed X.509 certificate PEM (code:005)"; // [3]tag numChild!=1
      +712 
      +713     // 4. v3Extension SEQUENCE
      +714     if (hCert.substr(a3[0], 2) != "30")
      +715         throw "malformed X.509 certificate PEM (code:006)"; // not SEQ
       716 
      -717     // 5. v3Extension item position
      -718     var numExt = a4.length;
      -719     var aInfo = new Array(numExt);
      -720     for (var i = 0; i < numExt; i++) {
      -721 	aInfo[i] = X509.getV3ExtItemInfo_AtObj(hCert, a4[i]);
      -722     }
      -723     return aInfo;
      -724 };
      -725 
      -726 /**
      -727  * get X.509 V3 extension value information at the specified position
      -728  * @name getV3ExtItemInfo_AtObj
      -729  * @memberOf X509
      -730  * @function
      -731  * @param {String} hCert hexadecimal string of X.509 certificate binary
      -732  * @param {Integer} pos index of hexadecimal string for the extension
      -733  * @return {Object} properties for the extension
      -734  * @since x509 1.1.5
      -735  * @description
      -736  * This method will get some information of a X.509 V extension 
      -737  * which is referred by an index of hexadecimal string of X.509 
      -738  * certificate. 
      -739  * Resulting object has following properties:
      -740  * <ul>
      -741  * <li>posTLV - index of ASN.1 TLV for the extension. same as 'pos' argument.</li>
      -742  * <li>oid - dot noted string of extension oid (ex. 2.5.29.14)</li>
      -743  * <li>critical - critical flag value for this extension</li>
      -744  * <li>posV - index of ASN.1 TLV for the extension value.
      -745  * This is a position of a content of ENCAPSULATED OCTET STRING.</li>
      -746  * </ul>
      -747  * This method is used by {@link X509.getV3ExtInfoListOfCertHex} internally.
      -748  */
      -749 X509.getV3ExtItemInfo_AtObj = function(hCert, pos) {
      -750     var info = {};
      -751 
      -752     // posTLV - extension TLV
      -753     info.posTLV = pos;
      -754 
      -755     var a  = ASN1HEX.getPosArrayOfChildren_AtObj(hCert, pos);
      -756     if (a.length != 2 && a.length != 3)
      -757         throw "malformed X.509v3 Ext (code:001)"; // oid,(critical,)val
      -758 
      -759     // oid - extension OID
      -760     if (hCert.substr(a[0], 2) != "06")
      -761         throw "malformed X.509v3 Ext (code:002)"; // not OID "06"
      -762     var valueHex = ASN1HEX.getHexOfV_AtObj(hCert, a[0]);
      -763     info.oid = ASN1HEX.hextooidstr(valueHex); 
      -764 
      -765     // critical - extension critical flag
      -766     info.critical = false; // critical false by default
      -767     if (a.length == 3) info.critical = true;
      -768 
      -769     // posV - content TLV position of encapsulated
      -770     //        octet string of V3 extension value.
      -771     var posExtV = a[a.length - 1];
      -772     if (hCert.substr(posExtV, 2) != "04")
      -773         throw "malformed X.509v3 Ext (code:003)"; // not EncapOctet "04"
      -774     info.posV = ASN1HEX.getStartPosOfV_AtObj(hCert, posExtV);
      -775     
      -776     return info;
      -777 };
      -778 
      -779 /**
      -780  * get X.509 V3 extension value ASN.1 TLV for specified oid or name
      -781  * @name getHexOfTLV_V3ExtValue
      -782  * @memberOf X509
      -783  * @function
      -784  * @param {String} hCert hexadecimal string of X.509 certificate binary
      -785  * @param {String} oidOrName oid or name for extension (ex. 'keyUsage' or '2.5.29.15')
      -786  * @return {String} hexadecimal string of extension ASN.1 TLV
      -787  * @since x509 1.1.6
      -788  * @description
      -789  * This method will get X.509v3 extension value of ASN.1 TLV
      -790  * which is specifyed by extension name or oid. 
      -791  * If there is no such extension in the certificate, it returns null.
      -792  * @example
      -793  * hExtValue = X509.getHexOfTLV_V3ExtValue(hCert, "keyUsage");
      -794  * // hExtValue will be such like '030205a0'.
      -795  */
      -796 X509.getHexOfTLV_V3ExtValue = function(hCert, oidOrName) {
      -797     var pos = X509.getPosOfTLV_V3ExtValue(hCert, oidOrName);
      -798     if (pos == -1) return null;
      -799     return ASN1HEX.getHexOfTLV_AtObj(hCert, pos);
      -800 };
      -801 
      -802 /**
      -803  * get X.509 V3 extension value ASN.1 V for specified oid or name
      -804  * @name getHexOfV_V3ExtValue
      -805  * @memberOf X509
      -806  * @function
      -807  * @param {String} hCert hexadecimal string of X.509 certificate binary
      -808  * @param {String} oidOrName oid or name for extension (ex. 'keyUsage' or '2.5.29.15')
      -809  * @return {String} hexadecimal string of extension ASN.1 TLV
      -810  * @since x509 1.1.6
      -811  * @description
      -812  * This method will get X.509v3 extension value of ASN.1 value
      -813  * which is specifyed by extension name or oid. 
      -814  * If there is no such extension in the certificate, it returns null.
      -815  * Available extension names and oids are defined
      -816  * in the {@link KJUR.asn1.x509.OID} class.
      -817  * @example
      -818  * hExtValue = X509.getHexOfV_V3ExtValue(hCert, "keyUsage");
      -819  * // hExtValue will be such like '05a0'.
      -820  */
      -821 X509.getHexOfV_V3ExtValue = function(hCert, oidOrName) {
      -822     var pos = X509.getPosOfTLV_V3ExtValue(hCert, oidOrName);
      -823     if (pos == -1) return null;
      -824     return ASN1HEX.getHexOfV_AtObj(hCert, pos);
      -825 };
      -826 
      -827 /**
      -828  * get index in the certificate hexa string for specified oid or name specified extension
      -829  * @name getPosOfTLV_V3ExtValue
      -830  * @memberOf X509
      -831  * @function
      -832  * @param {String} hCert hexadecimal string of X.509 certificate binary
      -833  * @param {String} oidOrName oid or name for extension (ex. 'keyUsage' or '2.5.29.15')
      -834  * @return {Integer} index in the hexadecimal string of certficate for specified extension
      -835  * @since x509 1.1.6
      -836  * @description
      -837  * This method will get X.509v3 extension value of ASN.1 V(value)
      -838  * which is specifyed by extension name or oid. 
      -839  * If there is no such extension in the certificate,
      -840  * it returns -1.
      -841  * Available extension names and oids are defined
      -842  * in the {@link KJUR.asn1.x509.OID} class.
      -843  * @example
      -844  * idx = X509.getPosOfV_V3ExtValue(hCert, "keyUsage");
      -845  * // The 'idx' will be index in the string for keyUsage value ASN.1 TLV.
      -846  */
      -847 X509.getPosOfTLV_V3ExtValue = function(hCert, oidOrName) {
      -848     var oid = oidOrName;
      -849     if (! oidOrName.match(/^[0-9.]+$/)) oid = KJUR.asn1.x509.OID.name2oid(oidOrName);
      -850     if (oid == '') return -1;
      -851 
      -852     var infoList = X509.getV3ExtInfoListOfCertHex(hCert);
      -853     for (var i = 0; i < infoList.length; i++) {
      -854 	var info = infoList[i];
      -855 	if (info.oid == oid) return info.posV;
      -856     }
      -857     return -1;
      -858 };
      -859 
      -860 /* ======================================================================
      -861  *   Specific V3 Extensions
      -862  * ====================================================================== */
      -863 
      -864 /**
      -865  * get BasicConstraints extension value as object in the certificate
      -866  * @name getExtBasicConstraints
      -867  * @memberOf X509
      -868  * @function
      -869  * @param {String} hCert hexadecimal string of X.509 certificate binary
      -870  * @return {Object} associative array which may have "cA" and "pathLen" parameters
      -871  * @since x509 1.1.7
      -872  * @description
      -873  * This method will get basic constraints extension value as object with following paramters.
      -874  * <ul>
      -875  * <li>cA - CA flag whether CA or not</li>
      -876  * <li>pathLen - maximum intermediate certificate length</li>
      -877  * </ul>
      -878  * There are use cases for return values:
      -879  * <ul>
      -880  * <li>{cA:true, pathLen:3} - cA flag is true and pathLen is 3</li>
      -881  * <li>{cA:true} - cA flag is true and no pathLen</li>
      -882  * <li>{} - basic constraints has no value in case of end entity certificate</li>
      -883  * <li>null - there is no basic constraints extension</li>
      -884  * </ul>
      -885  * @example
      -886  * obj = X509.getExtBasicConstraints(hCert);
      -887  */
      -888 X509.getExtBasicConstraints = function(hCert) {
      -889     var hBC = X509.getHexOfV_V3ExtValue(hCert, "basicConstraints");
      -890     if (hBC === null) return null;
      -891     if (hBC === '') return {};
      -892     if (hBC === '0101ff') return { "cA": true };
      -893     if (hBC.substr(0, 8) === '0101ff02') {
      -894 	var pathLexHex = ASN1HEX.getHexOfV_AtObj(hBC, 6);
      -895 	var pathLen = parseInt(pathLexHex, 16);
      -896 	return { "cA": true, "pathLen": pathLen };
      -897     }
      -898     throw "unknown error";
      -899 };
      -900 
      -901 X509.KEYUSAGE_NAME = [
      -902     "digitalSignature",
      -903     "nonRepudiation",
      -904     "keyEncipherment",
      -905     "dataEncipherment",
      -906     "keyAgreement",
      -907     "keyCertSign",
      -908     "cRLSign",
      -909     "encipherOnly",
      -910     "decipherOnly"
      -911 ];
      -912 
      -913 /**
      -914  * get KeyUsage extension value as binary string in the certificate
      -915  * @name getExtKeyUsageBin
      -916  * @memberOf X509
      -917  * @function
      -918  * @param {String} hCert hexadecimal string of X.509 certificate binary
      -919  * @return {String} binary string of key usage bits (ex. '101')
      -920  * @since x509 1.1.6
      -921  * @description
      -922  * This method will get key usage extension value
      -923  * as binary string such like '101'.
      -924  * Key usage bits definition is in the RFC 5280.
      -925  * If there is no key usage extension in the certificate,
      -926  * it returns empty string (i.e. '').
      -927  * @example
      -928  * bKeyUsage = X509.getExtKeyUsageBin(hCert);
      -929  * // bKeyUsage will be such like '101'.
      -930  * // 1 - digitalSignature 
      -931  * // 0 - nonRepudiation
      -932  * // 1 - keyEncipherment
      -933  */
      -934 X509.getExtKeyUsageBin = function(hCert) {
      -935     var hKeyUsage = X509.getHexOfV_V3ExtValue(hCert, "keyUsage");
      -936     if (hKeyUsage == '') return '';
      -937     if (hKeyUsage.length % 2 != 0 || hKeyUsage.length <= 2)
      -938 	throw "malformed key usage value";
      -939     var unusedBits = parseInt(hKeyUsage.substr(0, 2));
      -940     var bKeyUsage = parseInt(hKeyUsage.substr(2), 16).toString(2);
      -941     return bKeyUsage.substr(0, bKeyUsage.length - unusedBits);
      -942 };
      -943 
      -944 /**
      -945  * get KeyUsage extension value as names in the certificate
      -946  * @name getExtKeyUsageString
      -947  * @memberOf X509
      -948  * @function
      -949  * @param {String} hCert hexadecimal string of X.509 certificate binary
      -950  * @return {String} comma separated string of key usage
      -951  * @since x509 1.1.6
      -952  * @description
      -953  * This method will get key usage extension value
      -954  * as comma separated string of usage names.
      -955  * If there is no key usage extension in the certificate,
      -956  * it returns empty string (i.e. '').
      -957  * @example
      -958  * sKeyUsage = X509.getExtKeyUsageString(hCert);
      -959  * // sKeyUsage will be such like 'digitalSignature,keyEncipherment'.
      -960  */
      -961 X509.getExtKeyUsageString = function(hCert) {
      -962     var bKeyUsage = X509.getExtKeyUsageBin(hCert);
      -963     var a = new Array();
      -964     for (var i = 0; i < bKeyUsage.length; i++) {
      -965 	if (bKeyUsage.substr(i, 1) == "1") a.push(X509.KEYUSAGE_NAME[i]);
      -966     }
      -967     return a.join(",");
      -968 };
      -969 
      -970 /**
      -971  * get subjectKeyIdentifier value as hexadecimal string in the certificate
      -972  * @name getExtSubjectKeyIdentifier
      -973  * @memberOf X509
      -974  * @function
      -975  * @param {String} hCert hexadecimal string of X.509 certificate binary
      -976  * @return {String} hexadecimal string of subject key identifier or null
      -977  * @since jsrsasign 5.0.10 x509 1.1.8
      -978  * @description
      -979  * This method will get subject key identifier extension value
      -980  * as hexadecimal string.
      -981  * If there is no its extension in the certificate,
      -982  * it returns null.
      -983  * @example
      -984  * skid = X509.getExtSubjectKeyIdentifier(hCert);
      -985  */
      -986 X509.getExtSubjectKeyIdentifier = function(hCert) {
      -987     var hSKID = X509.getHexOfV_V3ExtValue(hCert, "subjectKeyIdentifier");
      -988     return hSKID;
      -989 };
      -990 
      -991 /**
      -992  * get authorityKeyIdentifier value as JSON object in the certificate
      -993  * @name getExtAuthorityKeyIdentifier
      -994  * @memberOf X509
      -995  * @function
      -996  * @param {String} hCert hexadecimal string of X.509 certificate binary
      -997  * @return {Object} JSON object of authority key identifier or null
      -998  * @since jsrsasign 5.0.10 x509 1.1.8
      -999  * @description
      -1000  * This method will get authority key identifier extension value
      -1001  * as JSON object.
      -1002  * If there is no its extension in the certificate,
      -1003  * it returns null.
      -1004  * <br>
      -1005  * NOTE: Currently this method only supports keyIdentifier so that
      -1006  * authorityCertIssuer and authorityCertSerialNumber will not
      -1007  * be return in the JSON object.
      -1008  * @example
      -1009  * akid = X509.getExtAuthorityKeyIdentifier(hCert);
      -1010  * // returns following JSON object
      -1011  * { kid: "1234abcd..." }
      -1012  */
      -1013 X509.getExtAuthorityKeyIdentifier = function(hCert) {
      -1014     var result = {};
      -1015     var hAKID = X509.getHexOfTLV_V3ExtValue(hCert, "authorityKeyIdentifier");
      -1016     if (hAKID === null) return null;
      -1017 
      -1018     var a = ASN1HEX.getPosArrayOfChildren_AtObj(hAKID, 0); 
      -1019     for (var i = 0; i < a.length; i++) {
      -1020 	if (hAKID.substr(a[i], 2) === "80")
      -1021 	    result.kid = ASN1HEX.getHexOfV_AtObj(hAKID, a[i]);
      -1022     }
      -1023     
      -1024     return result;
      -1025 };
      -1026 
      -1027 /**
      -1028  * get extKeyUsage value as array of name string in the certificate
      -1029  * @name getExtExtKeyUsageName
      -1030  * @memberOf X509
      -1031  * @function
      -1032  * @param {String} hCert hexadecimal string of X.509 certificate binary
      -1033  * @return {Object} array of extended key usage ID name or oid
      -1034  * @since jsrsasign 5.0.10 x509 1.1.8
      -1035  * @description
      -1036  * This method will get extended key usage extension value
      -1037  * as array of name or OID string.
      -1038  * If there is no its extension in the certificate,
      -1039  * it returns null.
      -1040  * <br>
      -1041  * NOTE: Supported extended key usage ID names are defined in
      -1042  * name2oidList parameter in asn1x509.js file.
      -1043  * @example
      -1044  * eku = X509.getExtExtKeyUsageName(hCert);
      -1045  * // returns following array:
      -1046  * ["serverAuth", "clientAuth", "0.1.2.3.4.5"]
      -1047  */
      -1048 X509.getExtExtKeyUsageName = function(hCert) {
      -1049     var result = new Array();
      -1050     var h = X509.getHexOfTLV_V3ExtValue(hCert, "extKeyUsage");
      -1051     if (h === null) return null;
      -1052 
      -1053     var a = ASN1HEX.getPosArrayOfChildren_AtObj(h, 0); 
      -1054     for (var i = 0; i < a.length; i++) {
      -1055 	var hex = ASN1HEX.getHexOfV_AtObj(h, a[i]);
      -1056 	var oid = KJUR.asn1.ASN1Util.oidHexToInt(hex);
      -1057 	var name = KJUR.asn1.x509.OID.oid2name(oid);
      -1058 	result.push(name);
      -1059     }
      -1060     
      -1061     return result;
      -1062 };
      -1063 
      -1064 /**
      -1065  * get subjectAltName value as array of string in the certificate
      -1066  * @name getExtSubjectAltName
      -1067  * @memberOf X509
      -1068  * @function
      -1069  * @param {String} hCert hexadecimal string of X.509 certificate binary
      -1070  * @return {Object} array of alt names
      -1071  * @since jsrsasign 5.0.10 x509 1.1.8
      -1072  * @description
      -1073  * This method will get subject alt name extension value
      -1074  * as array of name.
      -1075  * If there is no its extension in the certificate,
      -1076  * it returns null.
      -1077  * <br>
      -1078  * NOTE: Currently this method supports only dNSName so that
      -1079  * other name type such like iPAddress or generalName will not be returned.
      -1080  * @example
      -1081  * san = X509.getExtSubjectAltName(hCert);
      -1082  * // returns following array:
      -1083  * ["example.com", "example.org"]
      -1084  */
      -1085 X509.getExtSubjectAltName = function(hCert) {
      -1086     var result = new Array();
      -1087     var h = X509.getHexOfTLV_V3ExtValue(hCert, "subjectAltName");
      -1088     
      -1089     var a = ASN1HEX.getPosArrayOfChildren_AtObj(h, 0); 
      -1090     for (var i = 0; i < a.length; i++) {
      -1091 	if (h.substr(a[i], 2) === "82") {
      -1092 	    var fqdn = hextoutf8(ASN1HEX.getHexOfV_AtObj(h, a[i]));
      -1093 	    result.push(fqdn);
      -1094 	}
      -1095     }
      -1096 
      -1097     return result;
      -1098 };
      -1099 
      -1100 /**
      -1101  * get array of string for fullName URIs in cRLDistributionPoints(CDP) in the certificate
      -1102  * @name getExtCRLDistributionPointsURI
      -1103  * @memberOf X509
      -1104  * @function
      -1105  * @param {String} hCert hexadecimal string of X.509 certificate binary
      -1106  * @return {Object} array of fullName URIs of CDP of the certificate
      -1107  * @since jsrsasign 5.0.10 x509 1.1.8
      -1108  * @description
      -1109  * This method will get all fullName URIs of cRLDistributionPoints extension
      -1110  * in the certificate as array of URI string.
      -1111  * If there is no its extension in the certificate,
      -1112  * it returns null.
      -1113  * <br>
      -1114  * NOTE: Currently this method supports only fullName URI so that
      -1115  * other parameters will not be returned.
      -1116  * @example
      -1117  * cdpuri = X509.getExtCRLDistributionPointsURI(hCert);
      -1118  * // returns following array:
      -1119  * ["http://example.com/aaa.crl", "http://example.org/aaa.crl"]
      -1120  */
      -1121 X509.getExtCRLDistributionPointsURI = function(hCert) {
      -1122     var result = new Array();
      -1123     var h = X509.getHexOfTLV_V3ExtValue(hCert, "cRLDistributionPoints");
      -1124 
      -1125     var a = ASN1HEX.getPosArrayOfChildren_AtObj(h, 0); 
      -1126     for (var i = 0; i < a.length; i++) {
      -1127 	var hDP = ASN1HEX.getHexOfTLV_AtObj(h, a[i]);
      -1128 
      -1129 	var a1 = ASN1HEX.getPosArrayOfChildren_AtObj(hDP, 0); 
      -1130 	for (var j = 0; j < a1.length; j++) {
      -1131 	    if (hDP.substr(a1[j], 2) === "a0") {
      -1132 		var hDPN = ASN1HEX.getHexOfV_AtObj(hDP, a1[j]);
      -1133 		if (hDPN.substr(0, 2) === "a0") {
      -1134 		    var hFullName = ASN1HEX.getHexOfV_AtObj(hDPN, 0);
      -1135 		    if (hFullName.substr(0, 2) === "86") {
      -1136 			var hURI = ASN1HEX.getHexOfV_AtObj(hFullName, 0);
      -1137 			var uri = hextoutf8(hURI);
      -1138 			result.push(uri);
      -1139 		    }
      -1140 		}
      -1141 	    }
      -1142 	}
      -1143     }
      -1144 
      -1145     return result;
      -1146 };
      -1147 
      -1148 /**
      -1149  * get AuthorityInfoAccess extension value in the certificate as associative array
      -1150  * @name getExtAIAInfo
      -1151  * @memberOf X509
      -1152  * @function
      -1153  * @param {String} hCert hexadecimal string of X.509 certificate binary
      -1154  * @return {Object} associative array of AIA extension properties
      -1155  * @since x509 1.1.6
      -1156  * @description
      -1157  * This method will get authority info access value
      -1158  * as associate array which has following properties:
      -1159  * <ul>
      -1160  * <li>ocsp - array of string for OCSP responder URL</li>
      -1161  * <li>caissuer - array of string for caIssuer value (i.e. CA certificates URL)</li>
      -1162  * </ul>
      -1163  * If there is no key usage extension in the certificate,
      -1164  * it returns null;
      -1165  * @example
      -1166  * oAIA = X509.getExtAIAInfo(hCert);
      -1167  * // result will be such like:
      -1168  * // oAIA.ocsp = ["http://ocsp.foo.com"];
      -1169  * // oAIA.caissuer = ["http://rep.foo.com/aaa.p8m"];
      -1170  */
      -1171 X509.getExtAIAInfo = function(hCert) {
      -1172     var result = {};
      -1173     result.ocsp = [];
      -1174     result.caissuer = [];
      -1175     var pos1 = X509.getPosOfTLV_V3ExtValue(hCert, "authorityInfoAccess");
      -1176     if (pos1 == -1) return null;
      -1177     if (hCert.substr(pos1, 2) != "30") // extnValue SEQUENCE
      -1178 	throw "malformed AIA Extn Value";
      -1179     
      -1180     var posAccDescList = ASN1HEX.getPosArrayOfChildren_AtObj(hCert, pos1);
      -1181     for (var i = 0; i < posAccDescList.length; i++) {
      -1182 	var p = posAccDescList[i];
      -1183 	var posAccDescChild = ASN1HEX.getPosArrayOfChildren_AtObj(hCert, p);
      -1184 	if (posAccDescChild.length != 2)
      -1185 	    throw "malformed AccessDescription of AIA Extn";
      -1186 	var pOID = posAccDescChild[0];
      -1187 	var pName = posAccDescChild[1];
      -1188 	if (ASN1HEX.getHexOfV_AtObj(hCert, pOID) == "2b06010505073001") {
      -1189 	    if (hCert.substr(pName, 2) == "86") {
      -1190 		result.ocsp.push(hextoutf8(ASN1HEX.getHexOfV_AtObj(hCert, pName)));
      -1191 	    }
      -1192 	}
      -1193 	if (ASN1HEX.getHexOfV_AtObj(hCert, pOID) == "2b06010505073002") {
      -1194 	    if (hCert.substr(pName, 2) == "86") {
      -1195 		result.caissuer.push(hextoutf8(ASN1HEX.getHexOfV_AtObj(hCert, pName)));
      -1196 	    }
      -1197 	}
      -1198     }
      -1199     return result;
      -1200 };
      -1201 
      -1202 /**
      -1203  * get signature algorithm name from hexadecimal certificate data
      -1204  * @name getSignatureAlgorithmName
      -1205  * @memberOf X509
      -1206  * @function
      -1207  * @param {String} hCert hexadecimal string of X.509 certificate binary
      -1208  * @return {String} signature algorithm name (ex. SHA1withRSA, SHA256withECDSA)
      -1209  * @since x509 1.1.7
      -1210  * @description
      -1211  * This method will get signature algorithm name of certificate:
      -1212  * @example
      -1213  * algName = X509.getSignatureAlgorithmName(hCert);
      -1214  */
      -1215 X509.getSignatureAlgorithmName = function(hCert) {
      -1216     var sigAlgOidHex = ASN1HEX.getDecendantHexVByNthList(hCert, 0, [1, 0]);
      -1217     var sigAlgOidInt = KJUR.asn1.ASN1Util.oidHexToInt(sigAlgOidHex);
      -1218     var sigAlgName = KJUR.asn1.x509.OID.oid2name(sigAlgOidInt);
      -1219     return sigAlgName;
      -1220 };
      -1221 
      -1222 /**
      -1223  * get signature value in hexadecimal string
      -1224  * @name getSignatureValueHex
      -1225  * @memberOf X509
      -1226  * @function
      -1227  * @param {String} hCert hexadecimal string of X.509 certificate binary
      -1228  * @return {String} signature value hexadecimal string without BitString unused bits
      -1229  * @since x509 1.1.7
      -1230  * @description
      -1231  * This method will get signature value of certificate:
      -1232  * @example
      -1233  * sigHex = X509.getSignatureValueHex(hCert);
      -1234  */
      -1235 X509.getSignatureValueHex = function(hCert) {
      -1236     var h = ASN1HEX.getDecendantHexVByNthList(hCert, 0, [2]);
      -1237     if (h.substr(0, 2) !== "00")
      -1238 	throw "can't get signature value";
      -1239     return h.substr(2);
      -1240 };
      -1241 
      -1242 X509.getSerialNumberHex = function(hCert) {
      -1243     return ASN1HEX.getDecendantHexVByNthList(hCert, 0, [0, 1]);
      -1244 };
      -1245 
      -1246 /*
      -1247   X509.prototype.readCertPEM = _x509_readCertPEM;
      -1248   X509.prototype.readCertPEMWithoutRSAInit = _x509_readCertPEMWithoutRSAInit;
      -1249   X509.prototype.getSerialNumberHex = _x509_getSerialNumberHex;
      -1250   X509.prototype.getIssuerHex = _x509_getIssuerHex;
      -1251   X509.prototype.getSubjectHex = _x509_getSubjectHex;
      -1252   X509.prototype.getIssuerString = _x509_getIssuerString;
      -1253   X509.prototype.getSubjectString = _x509_getSubjectString;
      -1254   X509.prototype.getNotBefore = _x509_getNotBefore;
      -1255   X509.prototype.getNotAfter = _x509_getNotAfter;
      -1256 */
      -1257 
      \ No newline at end of file +717 var a4 = ASN1HEX.getPosArrayOfChildren_AtObj(hCert, a3[0]); +718 +719 // 5. v3Extension item position +720 var numExt = a4.length; +721 var aInfo = new Array(numExt); +722 for (var i = 0; i < numExt; i++) { +723 aInfo[i] = X509.getV3ExtItemInfo_AtObj(hCert, a4[i]); +724 } +725 return aInfo; +726 }; +727 +728 /** +729 * get X.509 V3 extension value information at the specified position +730 * @name getV3ExtItemInfo_AtObj +731 * @memberOf X509 +732 * @function +733 * @param {String} hCert hexadecimal string of X.509 certificate binary +734 * @param {Integer} pos index of hexadecimal string for the extension +735 * @return {Object} properties for the extension +736 * @since x509 1.1.5 +737 * @description +738 * This method will get some information of a X.509 V extension +739 * which is referred by an index of hexadecimal string of X.509 +740 * certificate. +741 * Resulting object has following properties: +742 * <ul> +743 * <li>posTLV - index of ASN.1 TLV for the extension. same as 'pos' argument.</li> +744 * <li>oid - dot noted string of extension oid (ex. 2.5.29.14)</li> +745 * <li>critical - critical flag value for this extension</li> +746 * <li>posV - index of ASN.1 TLV for the extension value. +747 * This is a position of a content of ENCAPSULATED OCTET STRING.</li> +748 * </ul> +749 * This method is used by {@link X509.getV3ExtInfoListOfCertHex} internally. +750 */ +751 X509.getV3ExtItemInfo_AtObj = function(hCert, pos) { +752 var info = {}; +753 +754 // posTLV - extension TLV +755 info.posTLV = pos; +756 +757 var a = ASN1HEX.getPosArrayOfChildren_AtObj(hCert, pos); +758 if (a.length != 2 && a.length != 3) +759 throw "malformed X.509v3 Ext (code:001)"; // oid,(critical,)val +760 +761 // oid - extension OID +762 if (hCert.substr(a[0], 2) != "06") +763 throw "malformed X.509v3 Ext (code:002)"; // not OID "06" +764 var valueHex = ASN1HEX.getHexOfV_AtObj(hCert, a[0]); +765 info.oid = ASN1HEX.hextooidstr(valueHex); +766 +767 // critical - extension critical flag +768 info.critical = false; // critical false by default +769 if (a.length == 3) info.critical = true; +770 +771 // posV - content TLV position of encapsulated +772 // octet string of V3 extension value. +773 var posExtV = a[a.length - 1]; +774 if (hCert.substr(posExtV, 2) != "04") +775 throw "malformed X.509v3 Ext (code:003)"; // not EncapOctet "04" +776 info.posV = ASN1HEX.getStartPosOfV_AtObj(hCert, posExtV); +777 +778 return info; +779 }; +780 +781 /** +782 * get X.509 V3 extension value ASN.1 TLV for specified oid or name +783 * @name getHexOfTLV_V3ExtValue +784 * @memberOf X509 +785 * @function +786 * @param {String} hCert hexadecimal string of X.509 certificate binary +787 * @param {String} oidOrName oid or name for extension (ex. 'keyUsage' or '2.5.29.15') +788 * @return {String} hexadecimal string of extension ASN.1 TLV +789 * @since x509 1.1.6 +790 * @description +791 * This method will get X.509v3 extension value of ASN.1 TLV +792 * which is specifyed by extension name or oid. +793 * If there is no such extension in the certificate, it returns null. +794 * @example +795 * hExtValue = X509.getHexOfTLV_V3ExtValue(hCert, "keyUsage"); +796 * // hExtValue will be such like '030205a0'. +797 */ +798 X509.getHexOfTLV_V3ExtValue = function(hCert, oidOrName) { +799 var pos = X509.getPosOfTLV_V3ExtValue(hCert, oidOrName); +800 if (pos == -1) return null; +801 return ASN1HEX.getHexOfTLV_AtObj(hCert, pos); +802 }; +803 +804 /** +805 * get X.509 V3 extension value ASN.1 V for specified oid or name +806 * @name getHexOfV_V3ExtValue +807 * @memberOf X509 +808 * @function +809 * @param {String} hCert hexadecimal string of X.509 certificate binary +810 * @param {String} oidOrName oid or name for extension (ex. 'keyUsage' or '2.5.29.15') +811 * @return {String} hexadecimal string of extension ASN.1 TLV +812 * @since x509 1.1.6 +813 * @description +814 * This method will get X.509v3 extension value of ASN.1 value +815 * which is specifyed by extension name or oid. +816 * If there is no such extension in the certificate, it returns null. +817 * Available extension names and oids are defined +818 * in the {@link KJUR.asn1.x509.OID} class. +819 * @example +820 * hExtValue = X509.getHexOfV_V3ExtValue(hCert, "keyUsage"); +821 * // hExtValue will be such like '05a0'. +822 */ +823 X509.getHexOfV_V3ExtValue = function(hCert, oidOrName) { +824 var pos = X509.getPosOfTLV_V3ExtValue(hCert, oidOrName); +825 if (pos == -1) return null; +826 return ASN1HEX.getHexOfV_AtObj(hCert, pos); +827 }; +828 +829 /** +830 * get index in the certificate hexa string for specified oid or name specified extension +831 * @name getPosOfTLV_V3ExtValue +832 * @memberOf X509 +833 * @function +834 * @param {String} hCert hexadecimal string of X.509 certificate binary +835 * @param {String} oidOrName oid or name for extension (ex. 'keyUsage' or '2.5.29.15') +836 * @return {Integer} index in the hexadecimal string of certficate for specified extension +837 * @since x509 1.1.6 +838 * @description +839 * This method will get X.509v3 extension value of ASN.1 V(value) +840 * which is specifyed by extension name or oid. +841 * If there is no such extension in the certificate, +842 * it returns -1. +843 * Available extension names and oids are defined +844 * in the {@link KJUR.asn1.x509.OID} class. +845 * @example +846 * idx = X509.getPosOfV_V3ExtValue(hCert, "keyUsage"); +847 * // The 'idx' will be index in the string for keyUsage value ASN.1 TLV. +848 */ +849 X509.getPosOfTLV_V3ExtValue = function(hCert, oidOrName) { +850 var oid = oidOrName; +851 if (! oidOrName.match(/^[0-9.]+$/)) oid = KJUR.asn1.x509.OID.name2oid(oidOrName); +852 if (oid == '') return -1; +853 +854 var infoList = X509.getV3ExtInfoListOfCertHex(hCert); +855 for (var i = 0; i < infoList.length; i++) { +856 var info = infoList[i]; +857 if (info.oid == oid) return info.posV; +858 } +859 return -1; +860 }; +861 +862 /* ====================================================================== +863 * Specific V3 Extensions +864 * ====================================================================== */ +865 +866 /** +867 * get BasicConstraints extension value as object in the certificate +868 * @name getExtBasicConstraints +869 * @memberOf X509 +870 * @function +871 * @param {String} hCert hexadecimal string of X.509 certificate binary +872 * @return {Object} associative array which may have "cA" and "pathLen" parameters +873 * @since x509 1.1.7 +874 * @description +875 * This method will get basic constraints extension value as object with following paramters. +876 * <ul> +877 * <li>cA - CA flag whether CA or not</li> +878 * <li>pathLen - maximum intermediate certificate length</li> +879 * </ul> +880 * There are use cases for return values: +881 * <ul> +882 * <li>{cA:true, pathLen:3} - cA flag is true and pathLen is 3</li> +883 * <li>{cA:true} - cA flag is true and no pathLen</li> +884 * <li>{} - basic constraints has no value in case of end entity certificate</li> +885 * <li>null - there is no basic constraints extension</li> +886 * </ul> +887 * @example +888 * obj = X509.getExtBasicConstraints(hCert); +889 */ +890 X509.getExtBasicConstraints = function(hCert) { +891 var hBC = X509.getHexOfV_V3ExtValue(hCert, "basicConstraints"); +892 if (hBC === null) return null; +893 if (hBC === '') return {}; +894 if (hBC === '0101ff') return { "cA": true }; +895 if (hBC.substr(0, 8) === '0101ff02') { +896 var pathLexHex = ASN1HEX.getHexOfV_AtObj(hBC, 6); +897 var pathLen = parseInt(pathLexHex, 16); +898 return { "cA": true, "pathLen": pathLen }; +899 } +900 throw "unknown error"; +901 }; +902 +903 X509.KEYUSAGE_NAME = [ +904 "digitalSignature", +905 "nonRepudiation", +906 "keyEncipherment", +907 "dataEncipherment", +908 "keyAgreement", +909 "keyCertSign", +910 "cRLSign", +911 "encipherOnly", +912 "decipherOnly" +913 ]; +914 +915 /** +916 * get KeyUsage extension value as binary string in the certificate +917 * @name getExtKeyUsageBin +918 * @memberOf X509 +919 * @function +920 * @param {String} hCert hexadecimal string of X.509 certificate binary +921 * @return {String} binary string of key usage bits (ex. '101') +922 * @since x509 1.1.6 +923 * @description +924 * This method will get key usage extension value +925 * as binary string such like '101'. +926 * Key usage bits definition is in the RFC 5280. +927 * If there is no key usage extension in the certificate, +928 * it returns empty string (i.e. ''). +929 * @example +930 * bKeyUsage = X509.getExtKeyUsageBin(hCert); +931 * // bKeyUsage will be such like '101'. +932 * // 1 - digitalSignature +933 * // 0 - nonRepudiation +934 * // 1 - keyEncipherment +935 */ +936 X509.getExtKeyUsageBin = function(hCert) { +937 var hKeyUsage = X509.getHexOfV_V3ExtValue(hCert, "keyUsage"); +938 if (hKeyUsage == '') return ''; +939 if (hKeyUsage.length % 2 != 0 || hKeyUsage.length <= 2) +940 throw "malformed key usage value"; +941 var unusedBits = parseInt(hKeyUsage.substr(0, 2)); +942 var bKeyUsage = parseInt(hKeyUsage.substr(2), 16).toString(2); +943 return bKeyUsage.substr(0, bKeyUsage.length - unusedBits); +944 }; +945 +946 /** +947 * get KeyUsage extension value as names in the certificate +948 * @name getExtKeyUsageString +949 * @memberOf X509 +950 * @function +951 * @param {String} hCert hexadecimal string of X.509 certificate binary +952 * @return {String} comma separated string of key usage +953 * @since x509 1.1.6 +954 * @description +955 * This method will get key usage extension value +956 * as comma separated string of usage names. +957 * If there is no key usage extension in the certificate, +958 * it returns empty string (i.e. ''). +959 * @example +960 * sKeyUsage = X509.getExtKeyUsageString(hCert); +961 * // sKeyUsage will be such like 'digitalSignature,keyEncipherment'. +962 */ +963 X509.getExtKeyUsageString = function(hCert) { +964 var bKeyUsage = X509.getExtKeyUsageBin(hCert); +965 var a = new Array(); +966 for (var i = 0; i < bKeyUsage.length; i++) { +967 if (bKeyUsage.substr(i, 1) == "1") a.push(X509.KEYUSAGE_NAME[i]); +968 } +969 return a.join(","); +970 }; +971 +972 /** +973 * get subjectKeyIdentifier value as hexadecimal string in the certificate +974 * @name getExtSubjectKeyIdentifier +975 * @memberOf X509 +976 * @function +977 * @param {String} hCert hexadecimal string of X.509 certificate binary +978 * @return {String} hexadecimal string of subject key identifier or null +979 * @since jsrsasign 5.0.10 x509 1.1.8 +980 * @description +981 * This method will get subject key identifier extension value +982 * as hexadecimal string. +983 * If there is no its extension in the certificate, +984 * it returns null. +985 * @example +986 * skid = X509.getExtSubjectKeyIdentifier(hCert); +987 */ +988 X509.getExtSubjectKeyIdentifier = function(hCert) { +989 var hSKID = X509.getHexOfV_V3ExtValue(hCert, "subjectKeyIdentifier"); +990 return hSKID; +991 }; +992 +993 /** +994 * get authorityKeyIdentifier value as JSON object in the certificate +995 * @name getExtAuthorityKeyIdentifier +996 * @memberOf X509 +997 * @function +998 * @param {String} hCert hexadecimal string of X.509 certificate binary +999 * @return {Object} JSON object of authority key identifier or null +1000 * @since jsrsasign 5.0.10 x509 1.1.8 +1001 * @description +1002 * This method will get authority key identifier extension value +1003 * as JSON object. +1004 * If there is no its extension in the certificate, +1005 * it returns null. +1006 * <br> +1007 * NOTE: Currently this method only supports keyIdentifier so that +1008 * authorityCertIssuer and authorityCertSerialNumber will not +1009 * be return in the JSON object. +1010 * @example +1011 * akid = X509.getExtAuthorityKeyIdentifier(hCert); +1012 * // returns following JSON object +1013 * { kid: "1234abcd..." } +1014 */ +1015 X509.getExtAuthorityKeyIdentifier = function(hCert) { +1016 var result = {}; +1017 var hAKID = X509.getHexOfTLV_V3ExtValue(hCert, "authorityKeyIdentifier"); +1018 if (hAKID === null) return null; +1019 +1020 var a = ASN1HEX.getPosArrayOfChildren_AtObj(hAKID, 0); +1021 for (var i = 0; i < a.length; i++) { +1022 if (hAKID.substr(a[i], 2) === "80") +1023 result.kid = ASN1HEX.getHexOfV_AtObj(hAKID, a[i]); +1024 } +1025 +1026 return result; +1027 }; +1028 +1029 /** +1030 * get extKeyUsage value as array of name string in the certificate +1031 * @name getExtExtKeyUsageName +1032 * @memberOf X509 +1033 * @function +1034 * @param {String} hCert hexadecimal string of X.509 certificate binary +1035 * @return {Object} array of extended key usage ID name or oid +1036 * @since jsrsasign 5.0.10 x509 1.1.8 +1037 * @description +1038 * This method will get extended key usage extension value +1039 * as array of name or OID string. +1040 * If there is no its extension in the certificate, +1041 * it returns null. +1042 * <br> +1043 * NOTE: Supported extended key usage ID names are defined in +1044 * name2oidList parameter in asn1x509.js file. +1045 * @example +1046 * eku = X509.getExtExtKeyUsageName(hCert); +1047 * // returns following array: +1048 * ["serverAuth", "clientAuth", "0.1.2.3.4.5"] +1049 */ +1050 X509.getExtExtKeyUsageName = function(hCert) { +1051 var result = new Array(); +1052 var h = X509.getHexOfTLV_V3ExtValue(hCert, "extKeyUsage"); +1053 if (h === null) return null; +1054 +1055 var a = ASN1HEX.getPosArrayOfChildren_AtObj(h, 0); +1056 for (var i = 0; i < a.length; i++) { +1057 var hex = ASN1HEX.getHexOfV_AtObj(h, a[i]); +1058 var oid = KJUR.asn1.ASN1Util.oidHexToInt(hex); +1059 var name = KJUR.asn1.x509.OID.oid2name(oid); +1060 result.push(name); +1061 } +1062 +1063 return result; +1064 }; +1065 +1066 /** +1067 * get subjectAltName value as array of string in the certificate +1068 * @name getExtSubjectAltName +1069 * @memberOf X509 +1070 * @function +1071 * @param {String} hCert hexadecimal string of X.509 certificate binary +1072 * @return {Object} array of alt names +1073 * @since jsrsasign 5.0.10 x509 1.1.8 +1074 * @description +1075 * This method will get subject alt name extension value +1076 * as array of name. +1077 * If there is no its extension in the certificate, +1078 * it returns null. +1079 * <br> +1080 * NOTE: Currently this method supports only dNSName so that +1081 * other name type such like iPAddress or generalName will not be returned. +1082 * @example +1083 * san = X509.getExtSubjectAltName(hCert); +1084 * // returns following array: +1085 * ["example.com", "example.org"] +1086 */ +1087 X509.getExtSubjectAltName = function(hCert) { +1088 var result = new Array(); +1089 var h = X509.getHexOfTLV_V3ExtValue(hCert, "subjectAltName"); +1090 +1091 var a = ASN1HEX.getPosArrayOfChildren_AtObj(h, 0); +1092 for (var i = 0; i < a.length; i++) { +1093 if (h.substr(a[i], 2) === "82") { +1094 var fqdn = hextoutf8(ASN1HEX.getHexOfV_AtObj(h, a[i])); +1095 result.push(fqdn); +1096 } +1097 } +1098 +1099 return result; +1100 }; +1101 +1102 /** +1103 * get array of string for fullName URIs in cRLDistributionPoints(CDP) in the certificate +1104 * @name getExtCRLDistributionPointsURI +1105 * @memberOf X509 +1106 * @function +1107 * @param {String} hCert hexadecimal string of X.509 certificate binary +1108 * @return {Object} array of fullName URIs of CDP of the certificate +1109 * @since jsrsasign 5.0.10 x509 1.1.8 +1110 * @description +1111 * This method will get all fullName URIs of cRLDistributionPoints extension +1112 * in the certificate as array of URI string. +1113 * If there is no its extension in the certificate, +1114 * it returns null. +1115 * <br> +1116 * NOTE: Currently this method supports only fullName URI so that +1117 * other parameters will not be returned. +1118 * @example +1119 * cdpuri = X509.getExtCRLDistributionPointsURI(hCert); +1120 * // returns following array: +1121 * ["http://example.com/aaa.crl", "http://example.org/aaa.crl"] +1122 */ +1123 X509.getExtCRLDistributionPointsURI = function(hCert) { +1124 var result = new Array(); +1125 var h = X509.getHexOfTLV_V3ExtValue(hCert, "cRLDistributionPoints"); +1126 +1127 var a = ASN1HEX.getPosArrayOfChildren_AtObj(h, 0); +1128 for (var i = 0; i < a.length; i++) { +1129 var hDP = ASN1HEX.getHexOfTLV_AtObj(h, a[i]); +1130 +1131 var a1 = ASN1HEX.getPosArrayOfChildren_AtObj(hDP, 0); +1132 for (var j = 0; j < a1.length; j++) { +1133 if (hDP.substr(a1[j], 2) === "a0") { +1134 var hDPN = ASN1HEX.getHexOfV_AtObj(hDP, a1[j]); +1135 if (hDPN.substr(0, 2) === "a0") { +1136 var hFullName = ASN1HEX.getHexOfV_AtObj(hDPN, 0); +1137 if (hFullName.substr(0, 2) === "86") { +1138 var hURI = ASN1HEX.getHexOfV_AtObj(hFullName, 0); +1139 var uri = hextoutf8(hURI); +1140 result.push(uri); +1141 } +1142 } +1143 } +1144 } +1145 } +1146 +1147 return result; +1148 }; +1149 +1150 /** +1151 * get AuthorityInfoAccess extension value in the certificate as associative array +1152 * @name getExtAIAInfo +1153 * @memberOf X509 +1154 * @function +1155 * @param {String} hCert hexadecimal string of X.509 certificate binary +1156 * @return {Object} associative array of AIA extension properties +1157 * @since x509 1.1.6 +1158 * @description +1159 * This method will get authority info access value +1160 * as associate array which has following properties: +1161 * <ul> +1162 * <li>ocsp - array of string for OCSP responder URL</li> +1163 * <li>caissuer - array of string for caIssuer value (i.e. CA certificates URL)</li> +1164 * </ul> +1165 * If there is no key usage extension in the certificate, +1166 * it returns null; +1167 * @example +1168 * oAIA = X509.getExtAIAInfo(hCert); +1169 * // result will be such like: +1170 * // oAIA.ocsp = ["http://ocsp.foo.com"]; +1171 * // oAIA.caissuer = ["http://rep.foo.com/aaa.p8m"]; +1172 */ +1173 X509.getExtAIAInfo = function(hCert) { +1174 var result = {}; +1175 result.ocsp = []; +1176 result.caissuer = []; +1177 var pos1 = X509.getPosOfTLV_V3ExtValue(hCert, "authorityInfoAccess"); +1178 if (pos1 == -1) return null; +1179 if (hCert.substr(pos1, 2) != "30") // extnValue SEQUENCE +1180 throw "malformed AIA Extn Value"; +1181 +1182 var posAccDescList = ASN1HEX.getPosArrayOfChildren_AtObj(hCert, pos1); +1183 for (var i = 0; i < posAccDescList.length; i++) { +1184 var p = posAccDescList[i]; +1185 var posAccDescChild = ASN1HEX.getPosArrayOfChildren_AtObj(hCert, p); +1186 if (posAccDescChild.length != 2) +1187 throw "malformed AccessDescription of AIA Extn"; +1188 var pOID = posAccDescChild[0]; +1189 var pName = posAccDescChild[1]; +1190 if (ASN1HEX.getHexOfV_AtObj(hCert, pOID) == "2b06010505073001") { +1191 if (hCert.substr(pName, 2) == "86") { +1192 result.ocsp.push(hextoutf8(ASN1HEX.getHexOfV_AtObj(hCert, pName))); +1193 } +1194 } +1195 if (ASN1HEX.getHexOfV_AtObj(hCert, pOID) == "2b06010505073002") { +1196 if (hCert.substr(pName, 2) == "86") { +1197 result.caissuer.push(hextoutf8(ASN1HEX.getHexOfV_AtObj(hCert, pName))); +1198 } +1199 } +1200 } +1201 return result; +1202 }; +1203 +1204 /** +1205 * get signature algorithm name from hexadecimal certificate data +1206 * @name getSignatureAlgorithmName +1207 * @memberOf X509 +1208 * @function +1209 * @param {String} hCert hexadecimal string of X.509 certificate binary +1210 * @return {String} signature algorithm name (ex. SHA1withRSA, SHA256withECDSA) +1211 * @since x509 1.1.7 +1212 * @description +1213 * This method will get signature algorithm name of certificate: +1214 * @example +1215 * algName = X509.getSignatureAlgorithmName(hCert); +1216 */ +1217 X509.getSignatureAlgorithmName = function(hCert) { +1218 var sigAlgOidHex = ASN1HEX.getDecendantHexVByNthList(hCert, 0, [1, 0]); +1219 var sigAlgOidInt = KJUR.asn1.ASN1Util.oidHexToInt(sigAlgOidHex); +1220 var sigAlgName = KJUR.asn1.x509.OID.oid2name(sigAlgOidInt); +1221 return sigAlgName; +1222 }; +1223 +1224 /** +1225 * get signature value in hexadecimal string +1226 * @name getSignatureValueHex +1227 * @memberOf X509 +1228 * @function +1229 * @param {String} hCert hexadecimal string of X.509 certificate binary +1230 * @return {String} signature value hexadecimal string without BitString unused bits +1231 * @since x509 1.1.7 +1232 * @description +1233 * This method will get signature value of certificate: +1234 * @example +1235 * sigHex = X509.getSignatureValueHex(hCert); +1236 */ +1237 X509.getSignatureValueHex = function(hCert) { +1238 var h = ASN1HEX.getDecendantHexVByNthList(hCert, 0, [2]); +1239 if (h.substr(0, 2) !== "00") +1240 throw "can't get signature value"; +1241 return h.substr(2); +1242 }; +1243 +1244 X509.getSerialNumberHex = function(hCert) { +1245 return ASN1HEX.getDecendantHexVByNthList(hCert, 0, [0, 1]); +1246 }; +1247 +1248 /* +1249 X509.prototype.readCertPEM = _x509_readCertPEM; +1250 X509.prototype.readCertPEMWithoutRSAInit = _x509_readCertPEMWithoutRSAInit; +1251 X509.prototype.getSerialNumberHex = _x509_getSerialNumberHex; +1252 X509.prototype.getIssuerHex = _x509_getIssuerHex; +1253 X509.prototype.getSubjectHex = _x509_getSubjectHex; +1254 X509.prototype.getIssuerString = _x509_getIssuerString; +1255 X509.prototype.getSubjectString = _x509_getSubjectString; +1256 X509.prototype.getNotBefore = _x509_getNotBefore; +1257 X509.prototype.getNotAfter = _x509_getNotAfter; +1258 */ +1259 \ No newline at end of file diff --git a/asn1x509-1.0.js b/asn1x509-1.0.js index f7f21058..89eed2b1 100644 --- a/asn1x509-1.0.js +++ b/asn1x509-1.0.js @@ -1,4 +1,4 @@ -/*! asn1x509-1.0.15.js (c) 2013-2016 Kenji Urushima | kjur.github.com/jsrsasign/license +/*! asn1x509-1.0.17.js (c) 2013-2016 Kenji Urushima | kjur.github.com/jsrsasign/license */ /* * asn1x509.js - ASN.1 DER encoder classes for X.509 certificate @@ -16,7 +16,7 @@ * @fileOverview * @name asn1x509-1.0.js * @author Kenji Urushima kenji.urushima@gmail.com - * @version 1.0.15 (2016-Oct-08) + * @version 1.0.17 (2016-Nov-18) * @since jsrsasign 2.1 * @license MIT License */ @@ -209,7 +209,7 @@ KJUR.asn1.x509.Certificate = function(params) { * @example * var cert = new KJUR.asn1.x509.Certificate({'tbscertobj': tbs, 'rsaprvkey': prvKey}); * cert.sign(); - * var sPEM = cert.getPEMString(); + * var sPEM = cert.getPEMString(); */ this.getPEMString = function() { var hCert = this.getEncodedHex(); @@ -1243,7 +1243,29 @@ YAHOO.lang.extend(KJUR.asn1.x509.CRLEntry, KJUR.asn1.ASN1Object); * @class X500Name ASN.1 structure class * @param {Array} params associative array of parameters (ex. {'str': '/C=US/O=a'}) * @extends KJUR.asn1.ASN1Object + * @see KJUR.asn1.x509.X500Name + * @see KJUR.asn1.x509.RDN + * @see KJUR.asn1.x509.AttributeTypeAndValue * @description + * This class provides DistinguishedName ASN.1 class structure + * defined in RFC 2253 section 2. + *
      + * DistinguishedName ::= RDNSequence
      + *
      + * RDNSequence ::= SEQUENCE OF RelativeDistinguishedName
      + *
      + * RelativeDistinguishedName ::= SET SIZE (1..MAX) OF
      + *   AttributeTypeAndValue
      + *
      + * AttributeTypeAndValue ::= SEQUENCE {
      + *   type  AttributeType,
      + *   value AttributeValue }
      + * 
      + *
      + * For string representation of distinguished name in jsrsasign, + * OpenSSL oneline format is used. Please see wiki article for it. + *
      + * NOTE: Multi-valued RDN is supported since jsrsasign 6.2.1 asn1x509 1.0.17. * @example * // 1. construct with string * o = new KJUR.asn1.x509.X500Name({str: "/C=US/O=aaa/OU=bbb/CN=foo@example.com"}); @@ -1257,7 +1279,7 @@ KJUR.asn1.x509.X500Name = function(params) { /** * set DN by string * @name setByString - * @memberOf KJUR.asn1.x509.X500Name + * @memberOf KJUR.asn1.x509.X500Name# * @function * @param {Array} dnStr distinguished name by string (ex. /C=US/O=aaa) * @description @@ -1291,7 +1313,7 @@ KJUR.asn1.x509.X500Name = function(params) { /** * set DN by associative array * @name setByObject - * @memberOf KJUR.asn1.x509.X500Name + * @memberOf KJUR.asn1.x509.X500Name# * @function * @param {Array} dnObj associative array of DN (ex. {C: "US", O: "aaa"}) * @since jsrsasign 4.9. asn1x509 1.0.13 @@ -1346,20 +1368,76 @@ KJUR.asn1.x509.X500Name = function(params) { YAHOO.lang.extend(KJUR.asn1.x509.X500Name, KJUR.asn1.ASN1Object); /** - * RDN (Relative Distinguish Name) ASN.1 structure class + * RDN (Relative Distinguished Name) ASN.1 structure class * @name KJUR.asn1.x509.RDN - * @class RDN (Relative Distinguish Name) ASN.1 structure class + * @class RDN (Relative Distinguished Name) ASN.1 structure class * @param {Array} params associative array of parameters (ex. {'str': 'C=US'}) * @extends KJUR.asn1.ASN1Object + * @see KJUR.asn1.x509.X500Name + * @see KJUR.asn1.x509.RDN + * @see KJUR.asn1.x509.AttributeTypeAndValue * @description + * This class provides RelativeDistinguishedName ASN.1 class structure + * defined in RFC 2253 section 2. + *
      + * RelativeDistinguishedName ::= SET SIZE (1..MAX) OF
      + *   AttributeTypeAndValue
      + *
      + * AttributeTypeAndValue ::= SEQUENCE {
      + *   type  AttributeType,
      + *   value AttributeValue }
      + * 
      + *
      + * NOTE: Multi-valued RDN is supported since jsrsasign 6.2.1 asn1x509 1.0.17. * @example + * rdn = new KJUR.asn1.x509.RDN({str: "CN=test"}); + * rdn = new KJUR.asn1.x509.RDN({str: "O=a+O=bb+O=c"}); // multi-valued + * rdn = new KJUR.asn1.x509.RDN({str: "O=a+O=b\\+b+O=c"}); // plus escaped + * rdn = new KJUR.asn1.x509.RDN({str: "O=a+O=\"b+b\"+O=c"}); // double quoted */ KJUR.asn1.x509.RDN = function(params) { KJUR.asn1.x509.RDN.superclass.constructor.call(this); this.asn1Array = new Array(); - this.addByString = function(rdnStr) { - this.asn1Array.push(new KJUR.asn1.x509.AttributeTypeAndValue({'str':rdnStr})); + /** + * add one AttributeTypeAndValue by string
      + * @name addByString + * @memberOf KJUR.asn1.x509.RDN# + * @function + * @param {String} s string of AttributeTypeAndValue + * @return {Object} unspecified + * @description + * This method add one AttributeTypeAndValue to RDN object. + * @example + * rdn = new KJUR.asn1.x509.RDN(); + * rdn.addByString("CN=john"); + * rdn.addByString("serialNumber=1234"); // for multi-valued RDN + */ + this.addByString = function(s) { + this.asn1Array.push(new KJUR.asn1.x509.AttributeTypeAndValue({'str': s})); + }; + + /** + * add one AttributeTypeAndValue by multi-valued string
      + * @name addByMultiValuedString + * @memberOf KJUR.asn1.x509.RDN# + * @function + * @param {String} s string of multi-valued RDN + * @return {Object} unspecified + * @since jsrsasign 6.2.1 asn1x509 1.0.17 + * @description + * This method add multi-valued RDN to RDN object. + * @example + * rdn = new KJUR.asn1.x509.RDN(); + * rdn.addByMultiValuedString("CN=john+O=test"); + * rdn.addByMultiValuedString("O=a+O=b\+b\+b+O=c"); // multi-valued RDN with quoted plus + * rdn.addByMultiValuedString("O=a+O=\"b+b+b\"+O=c"); // multi-valued RDN with quoted quotation + */ + this.addByMultiValuedString = function(s) { + var a = KJUR.asn1.x509.RDN.parseString(s); + for (var i = 0; i < a.length; i++) { + this.addByString(a[i]); + } }; this.getEncodedHex = function() { @@ -1370,12 +1448,80 @@ KJUR.asn1.x509.RDN = function(params) { if (typeof params != "undefined") { if (typeof params['str'] != "undefined") { - this.addByString(params['str']); + this.addByMultiValuedString(params['str']); } } }; YAHOO.lang.extend(KJUR.asn1.x509.RDN, KJUR.asn1.ASN1Object); +/** + * parse multi-valued RDN string and split into array of 'AttributeTypeAndValue'
      + * @name parseString + * @memberOf KJUR.asn1.x509.RDN + * @function + * @param {String} s multi-valued string of RDN + * @return {Array} array of string of AttributeTypeAndValue + * @since jsrsasign 6.2.1 asn1x509 1.0.17 + * @description + * This static method parses multi-valued RDN string and split into + * array of AttributeTypeAndValue. + * @example + * KJUR.asn1.x509.RDN.parseString("CN=john") → ["CN=john"] + * KJUR.asn1.x509.RDN.parseString("CN=john+OU=test") → ["CN=john", "OU=test"] + * KJUR.asn1.x509.RDN.parseString('CN="jo+hn"+OU=test') → ["CN=jo+hn", "OU=test"] + * KJUR.asn1.x509.RDN.parseString('CN=jo\+hn+OU=test') → ["CN=jo+hn", "OU=test"] + * KJUR.asn1.x509.RDN.parseString("CN=john+OU=test+OU=t1") → ["CN=john", "OU=test", "OU=t1"] + */ +KJUR.asn1.x509.RDN.parseString = function(s) { + var a = s.split(/\+/); + + // join \+ + var isBSbefore = false; + var a2 = []; + for (var i = 0; a.length > 0; i++) { + var item = a.shift(); + //console.log("item=" + item); + + if (isBSbefore === true) { + var a2last = a2.pop(); + var newitem = (a2last + "+" + item).replace(/\\\+/g, "+"); + a2.push(newitem); + isBSbefore = false; + } else { + a2.push(item); + } + + if (item.substr(-1, 1) === "\\") isBSbefore = true; + } + + // join quote + var beginQuote = false; + var a3 = []; + for (var i = 0; a2.length > 0; i++) { + var item = a2.shift(); + + if (beginQuote === true) { + var a3last = a3.pop(); + if (item.match(/"$/)) { + var newitem = (a3last + "+" + item).replace(/^([^=]+)="(.*)"$/, "$1=$2"); + a3.push(newitem); + beginQuote = false; + } else { + a3.push(a3last + "+" + item); + } + } else { + a3.push(item); + } + + if (item.match(/^[^=]+="/)) { + //console.log(i + "=" + item); + beginQuote = true; + } + } + + return a3; +}; + /** * AttributeTypeAndValue ASN.1 structure class * @name KJUR.asn1.x509.AttributeTypeAndValue @@ -1383,6 +1529,9 @@ YAHOO.lang.extend(KJUR.asn1.x509.RDN, KJUR.asn1.ASN1Object); * @param {Array} params associative array of parameters (ex. {'str': 'C=US'}) * @extends KJUR.asn1.ASN1Object * @description + * @see KJUR.asn1.x509.X500Name + * @see KJUR.asn1.x509.RDN + * @see KJUR.asn1.x509.AttributeTypeAndValue * @example */ KJUR.asn1.x509.AttributeTypeAndValue = function(params) { @@ -2002,6 +2151,8 @@ KJUR.asn1.x509.OID = new function(params) { 'policyConstraints': '2.5.29.36', 'extKeyUsage': '2.5.29.37', 'authorityInfoAccess': '1.3.6.1.5.5.7.1.1', + 'ocsp': '1.3.6.1.5.5.7.48.1', + 'caIssuers': '1.3.6.1.5.5.7.48.2', 'anyExtendedKeyUsage': '2.5.29.37.0', 'serverAuth': '1.3.6.1.5.5.7.3.1', diff --git a/bower.json b/bower.json index a304bb6a..9e9108fc 100644 --- a/bower.json +++ b/bower.json @@ -1,6 +1,6 @@ { "name": "kjur-jsrsasign", - "version": "6.1.4", + "version": "6.2.1", "main": "jsrsasign-latest-all-min.js", "description": "The 'jsrsasign' (RSA-Sign JavaScript Library) is an opensource free cryptography library supporting RSA/RSAPSS/ECDSA/DSA signing/validation, ASN.1, PKCS#1/5/8 private/public key, X.509 certificate, CRL, OCSP, CMS SignedData, TimeStamp, CAdES, JWS and JWT in pure JavaScript.", "license": "MIT", diff --git a/crypto-1.1.js b/crypto-1.1.js index c557caa1..bec3e767 100644 --- a/crypto-1.1.js +++ b/crypto-1.1.js @@ -1,4 +1,4 @@ -/*! crypto-1.1.9.js (c) 2013-2016 Kenji Urushima | kjur.github.com/jsrsasign/license +/*! crypto-1.1.10.js (c) 2013-2016 Kenji Urushima | kjur.github.com/jsrsasign/license */ /* * crypto.js - Cryptographic Algorithm Provider class @@ -16,7 +16,7 @@ * @fileOverview * @name crypto-1.1.js * @author Kenji Urushima kenji.urushima@gmail.com - * @version 1.1.9 (2016-Oct-08) + * @version 1.1.10 (2016-Oct-29) * @since jsrsasign 2.2 * @license MIT License */ @@ -34,6 +34,7 @@ if (typeof KJUR == "undefined" || !KJUR) KJUR = {}; *
        *
      • {@link KJUR.crypto.MessageDigest} - Java JCE(cryptograhic extension) style MessageDigest class
      • *
      • {@link KJUR.crypto.Signature} - Java JCE(cryptograhic extension) style Signature class
      • + *
      • {@link KJUR.crypto.Cipher} - class for encrypting and decrypting data
      • *
      • {@link KJUR.crypto.Util} - cryptographic utility functions and properties
      • *
      * NOTE: Please ignore method summary and document of this namespace. This caused by a bug of jsdoc2. @@ -285,11 +286,14 @@ KJUR.crypto.Util = new function() { }; }; +// === Mac =============================================================== + /** - * MessageDigest class which is very similar to java.security.MessageDigest class + * MessageDigest class which is very similar to java.security.MessageDigest class
      * @name KJUR.crypto.MessageDigest * @class MessageDigest class which is very similar to java.security.MessageDigest class * @param {Array} params parameters for constructor + * @property {Array} HASHLENGTH static Array of resulted byte length of hash (ex. HASHLENGTH["sha1"] == 20) * @description *
      * Currently this supports following algorithm and providers combination: @@ -313,6 +317,10 @@ KJUR.crypto.Util = new function() { * var md = new KJUR.crypto.MessageDigest({alg: "sha256", prov: "sjcl"}); // sjcl supports sha256 only * md.updateString('aaa') * var mdHex = md.digest() + * + * // HASHLENGTH property + * KJUR.crypto.MessageDigest.HASHLENGTH['sha1'] &rarr 20 + * KJUR.crypto.MessageDigest.HASHLENGTH['sha512'] &rarr 64 */ KJUR.crypto.MessageDigest = function(params) { var md = null; @@ -320,21 +328,38 @@ KJUR.crypto.MessageDigest = function(params) { var provName = null; /** - * set hash algorithm and provider + * set hash algorithm and provider
      * @name setAlgAndProvider - * @memberOf KJUR.crypto.MessageDigest + * @memberOf KJUR.crypto.MessageDigest# * @function * @param {String} alg hash algorithm name * @param {String} prov provider name * @description + * This methods set an algorithm and a cryptographic provider.
      + * Here is acceptable algorithm names ignoring cases and hyphens: + *
        + *
      • MD5
      • + *
      • SHA1
      • + *
      • SHA224
      • + *
      • SHA256
      • + *
      • SHA384
      • + *
      • SHA512
      • + *
      • RIPEMD160
      • + *
      + * NOTE: Since jsrsasign 6.2.0 crypto 1.1.10, this method ignores + * upper or lower cases. Also any hyphens (i.e. "-") will be ignored + * so that "SHA1" or "SHA-1" will be acceptable. * @example * // for SHA1 * md.setAlgAndProvider('sha1', 'cryptojs'); + * md.setAlgAndProvider('SHA1'); * // for RIPEMD160 * md.setAlgAndProvider('ripemd160', 'cryptojs'); */ this.setAlgAndProvider = function(alg, prov) { - if (alg != null && prov === undefined) prov = KJUR.crypto.Util.DEFAULTPROVIDER[alg]; + alg = KJUR.crypto.MessageDigest.getCanonicalAlgName(alg); + + if (alg !== null && prov === undefined) prov = KJUR.crypto.Util.DEFAULTPROVIDER[alg]; // for cryptojs if (':md5:sha1:sha224:sha256:sha384:sha512:ripemd160:'.indexOf(alg) != -1 && @@ -396,7 +421,7 @@ KJUR.crypto.MessageDigest = function(params) { /** * update digest by specified string * @name updateString - * @memberOf KJUR.crypto.MessageDigest + * @memberOf KJUR.crypto.MessageDigest# * @function * @param {String} str string to update * @description @@ -410,7 +435,7 @@ KJUR.crypto.MessageDigest = function(params) { /** * update digest by specified hexadecimal string * @name updateHex - * @memberOf KJUR.crypto.MessageDigest + * @memberOf KJUR.crypto.MessageDigest# * @function * @param {String} hex hexadecimal string to update * @description @@ -424,7 +449,7 @@ KJUR.crypto.MessageDigest = function(params) { /** * completes hash calculation and returns hash result * @name digest - * @memberOf KJUR.crypto.MessageDigest + * @memberOf KJUR.crypto.MessageDigest# * @function * @description * @example @@ -437,7 +462,7 @@ KJUR.crypto.MessageDigest = function(params) { /** * performs final update on the digest using string, then completes the digest computation * @name digestString - * @memberOf KJUR.crypto.MessageDigest + * @memberOf KJUR.crypto.MessageDigest# * @function * @param {String} str string to final update * @description @@ -451,7 +476,7 @@ KJUR.crypto.MessageDigest = function(params) { /** * performs final update on the digest using hexadecimal string, then completes the digest computation * @name digestHex - * @memberOf KJUR.crypto.MessageDigest + * @memberOf KJUR.crypto.MessageDigest# * @function * @param {String} hex hexadecimal string to final update * @description @@ -472,6 +497,65 @@ KJUR.crypto.MessageDigest = function(params) { } }; +/** + * get canonical hash algorithm name
      + * @name getCanonicalAlgName + * @memberOf KJUR.crypto.MessageDigest + * @function + * @param {String} alg hash algorithm name (ex. MD5, SHA-1, SHA1, SHA512 et.al.) + * @return {String} canonical hash algorithm name + * @since jsrsasign 6.2.0 crypto 1.1.10 + * @description + * This static method normalizes from any hash algorithm name such as + * "SHA-1", "SHA1", "MD5", "sha512" to lower case name without hyphens + * such as "sha1". + * @example + * KJUR.crypto.MessageDigest.getCanonicalAlgName("SHA-1") &rarr "sha1" + * KJUR.crypto.MessageDigest.getCanonicalAlgName("MD5") &rarr "md5" + */ +KJUR.crypto.MessageDigest.getCanonicalAlgName = function(alg) { + if (typeof alg === "string") { + alg = alg.toLowerCase(); + alg = alg.replace(/-/, ''); + } + return alg; +}; + +/** + * get resulted hash byte length for specified algorithm name
      + * @name getHashLength + * @memberOf KJUR.crypto.MessageDigest + * @function + * @param {String} alg non-canonicalized hash algorithm name (ex. MD5, SHA-1, SHA1, SHA512 et.al.) + * @return {Integer} resulted hash byte length + * @since jsrsasign 6.2.0 crypto 1.1.10 + * @description + * This static method returns resulted byte length for specified algorithm name such as "SHA-1". + * @example + * KJUR.crypto.MessageDigest.getHashLength("SHA-1") &rarr 20 + * KJUR.crypto.MessageDigest.getHashLength("sha1") &rarr 20 + */ +KJUR.crypto.MessageDigest.getHashLength = function(alg) { + var MD = KJUR.crypto.MessageDigest + var alg2 = MD.getCanonicalAlgName(alg); + if (MD.HASHLENGTH[alg2] === undefined) + throw "not supported algorithm: " + alg; + return MD.HASHLENGTH[alg2]; +}; + +// described in KJUR.crypto.MessageDigest class (since jsrsasign 6.2.0 crypto 1.1.10) +KJUR.crypto.MessageDigest.HASHLENGTH = { + 'md5': 16, + 'sha1': 20, + 'sha224': 28, + 'sha256': 32, + 'sha384': 48, + 'sha512': 64, + 'ripemd160': 20 +}; + +// === Mac =============================================================== + /** * Mac(Message Authentication Code) class which is very similar to java.security.Mac class * @name KJUR.crypto.Mac @@ -565,7 +649,7 @@ KJUR.crypto.Mac = function(params) { /** * update digest by specified string * @name updateString - * @memberOf KJUR.crypto.Mac + * @memberOf KJUR.crypto.Mac# * @function * @param {String} str string to update * @description @@ -579,7 +663,7 @@ KJUR.crypto.Mac = function(params) { /** * update digest by specified hexadecimal string * @name updateHex - * @memberOf KJUR.crypto.Mac + * @memberOf KJUR.crypto.Mac# * @function * @param {String} hex hexadecimal string to update * @description @@ -593,7 +677,7 @@ KJUR.crypto.Mac = function(params) { /** * completes hash calculation and returns hash result * @name doFinal - * @memberOf KJUR.crypto.Mac + * @memberOf KJUR.crypto.Mac# * @function * @description * @example @@ -606,7 +690,7 @@ KJUR.crypto.Mac = function(params) { /** * performs final update on the digest using string, then completes the digest computation * @name doFinalString - * @memberOf KJUR.crypto.Mac + * @memberOf KJUR.crypto.Mac# * @function * @param {String} str string to final update * @description @@ -621,7 +705,7 @@ KJUR.crypto.Mac = function(params) { * performs final update on the digest using hexadecimal string, * then completes the digest computation * @name doFinalHex - * @memberOf KJUR.crypto.Mac + * @memberOf KJUR.crypto.Mac# * @function * @param {String} hex hexadecimal string to final update * @description @@ -635,7 +719,7 @@ KJUR.crypto.Mac = function(params) { /** * set password for Mac * @name setPassword - * @memberOf KJUR.crypto.Mac + * @memberOf KJUR.crypto.Mac# * @function * @param {Object} pass password for Mac * @since crypto 1.1.7 jsrsasign 4.9.0 @@ -723,6 +807,7 @@ KJUR.crypto.Mac = function(params) { } }; +// ====== Signature class ========================================================= /** * Signature class which is very similar to java.security.Signature class * @name KJUR.crypto.Signature @@ -837,7 +922,7 @@ KJUR.crypto.Signature = function(params) { /** * set signature algorithm and provider * @name setAlgAndProvider - * @memberOf KJUR.crypto.Signature + * @memberOf KJUR.crypto.Signature# * @function * @param {String} alg signature algorithm name * @param {String} prov provider name @@ -980,7 +1065,7 @@ KJUR.crypto.Signature = function(params) { /** * Initialize this object for signing or verifying depends on key * @name init - * @memberOf KJUR.crypto.Signature + * @memberOf KJUR.crypto.Signature# * @function * @param {Object} key specifying public or private key as plain/encrypted PKCS#5/8 PEM file, certificate PEM or {@link RSAKey}, {@link KJUR.crypto.DSA} or {@link KJUR.crypto.ECDSA} object * @param {String} pass (OPTION) passcode for encrypted private key @@ -1020,7 +1105,7 @@ KJUR.crypto.Signature = function(params) { /** * Initialize this object for verifying with a public key * @name initVerifyByPublicKey - * @memberOf KJUR.crypto.Signature + * @memberOf KJUR.crypto.Signature# * @function * @param {Object} param RSAKey object of public key or associative array for ECDSA * @since 1.0.2 @@ -1045,7 +1130,7 @@ KJUR.crypto.Signature = function(params) { /** * Initialize this object for verifying with a certficate * @name initVerifyByCertificatePEM - * @memberOf KJUR.crypto.Signature + * @memberOf KJUR.crypto.Signature# * @function * @param {String} certPEM PEM formatted string of certificate * @since 1.0.2 @@ -1062,7 +1147,7 @@ KJUR.crypto.Signature = function(params) { /** * Initialize this object for signing * @name initSign - * @memberOf KJUR.crypto.Signature + * @memberOf KJUR.crypto.Signature# * @function * @param {Object} param RSAKey object of public key or associative array for ECDSA * @deprecated from crypto 1.1.5. please use init() method instead. @@ -1084,7 +1169,7 @@ KJUR.crypto.Signature = function(params) { /** * Updates the data to be signed or verified by a string * @name updateString - * @memberOf KJUR.crypto.Signature + * @memberOf KJUR.crypto.Signature# * @function * @param {String} str string to use for the update * @description @@ -1098,7 +1183,7 @@ KJUR.crypto.Signature = function(params) { /** * Updates the data to be signed or verified by a hexadecimal string * @name updateHex - * @memberOf KJUR.crypto.Signature + * @memberOf KJUR.crypto.Signature# * @function * @param {String} hex hexadecimal string to use for the update * @description @@ -1112,7 +1197,7 @@ KJUR.crypto.Signature = function(params) { /** * Returns the signature bytes of all data updates as a hexadecimal string * @name sign - * @memberOf KJUR.crypto.Signature + * @memberOf KJUR.crypto.Signature# * @function * @return the signature bytes as a hexadecimal string * @description @@ -1126,7 +1211,7 @@ KJUR.crypto.Signature = function(params) { /** * performs final update on the sign using string, then returns the signature bytes of all data updates as a hexadecimal string * @name signString - * @memberOf KJUR.crypto.Signature + * @memberOf KJUR.crypto.Signature# * @function * @param {String} str string to final update * @return the signature bytes of a hexadecimal string @@ -1141,7 +1226,7 @@ KJUR.crypto.Signature = function(params) { /** * performs final update on the sign using hexadecimal string, then returns the signature bytes of all data updates as a hexadecimal string * @name signHex - * @memberOf KJUR.crypto.Signature + * @memberOf KJUR.crypto.Signature# * @function * @param {String} hex hexadecimal string to final update * @return the signature bytes of a hexadecimal string @@ -1156,7 +1241,7 @@ KJUR.crypto.Signature = function(params) { /** * verifies the passed-in signature. * @name verify - * @memberOf KJUR.crypto.Signature + * @memberOf KJUR.crypto.Signature# * @function * @param {String} str string to final update * @return {Boolean} true if the signature was verified, otherwise false @@ -1201,6 +1286,129 @@ KJUR.crypto.Signature = function(params) { } }; +// ====== Cipher class ============================================================ +/** + * Cipher class to encrypt and decrypt data
      + * @name KJUR.crypto.Cipher + * @class Cipher class to encrypt and decrypt data
      + * @param {Array} params parameters for constructor + * @since jsrsasign 6.2.0 crypto 1.1.10 + * @description + * Here is supported canonicalized cipher algorithm names and its standard names: + *
        + *
      • RSA - RSA/ECB/PKCS1Padding (default for RSAKey)
      • + *
      • RSAOAEP - RSA/ECB/OAEPWithSHA-1AndMGF1Padding
      • + *
      • RSAOAEP224 - RSA/ECB/OAEPWithSHA-224AndMGF1Padding(*)
      • + *
      • RSAOAEP256 - RSA/ECB/OAEPWithSHA-256AndMGF1Padding
      • + *
      • RSAOAEP384 - RSA/ECB/OAEPWithSHA-384AndMGF1Padding(*)
      • + *
      • RSAOAEP512 - RSA/ECB/OAEPWithSHA-512AndMGF1Padding(*)
      • + *
      + * NOTE: (*) is not supported in Java JCE.
      + * Currently this class supports only RSA encryption and decryption. + * However it is planning to implement also symmetric ciphers near in the future. + * @example + */ +KJUR.crypto.Cipher = function(params) { +}; + +/** + * encrypt raw string by specified key and algorithm
      + * @name encrypt + * @memberOf KJUR.crypto.Cipher + * @function + * @param {String} s input string to encrypt + * @param {Object} keyObj RSAKey object or hexadecimal string of symmetric cipher key + * @param {String} algName short/long algorithm name for encryption/decryption + * @return {String} hexadecimal encrypted string + * @since jsrsasign 6.2.0 crypto 1.1.10 + * @description + * This static method encrypts raw string with specified key and algorithm. + * @example + * KJUR.crypto.Cipher.encrypt("aaa", pubRSAKeyObj) → "1abc2d..." + * KJUR.crypto.Cipher.encrypt("aaa", pubRSAKeyObj, "RSAOAEP) → "23ab02..." + */ +KJUR.crypto.Cipher.encrypt = function(s, keyObj, algName) { + if (keyObj instanceof RSAKey && keyObj.isPublic) { + var algName2 = KJUR.crypto.Cipher.getAlgByKeyAndName(keyObj, algName); + if (algName2 === "RSA") return keyObj.encrypt(s); + if (algName2 === "RSAOAEP") return keyObj.encryptOAEP(s, "sha1"); + + var a = algName2.match(/^RSAOAEP(\d+)$/); + if (a !== null) return keyObj.encryptOAEP(s, "sha" + a[1]); + + throw "Cipher.encrypt: unsupported algorithm for RSAKey: " + algName; + } else { + throw "Cipher.encrypt: unsupported key or algorithm"; + } +}; + +/** + * decrypt encrypted hexadecimal string with specified key and algorithm
      + * @name decrypt + * @memberOf KJUR.crypto.Cipher + * @function + * @param {String} hex hexadecial string of encrypted message + * @param {Object} keyObj RSAKey object or hexadecimal string of symmetric cipher key + * @param {String} algName short/long algorithm name for encryption/decryption + * @return {String} hexadecimal encrypted string + * @since jsrsasign 6.2.0 crypto 1.1.10 + * @description + * This static method decrypts encrypted hexadecimal string with specified key and algorithm. + * @example + * KJUR.crypto.Cipher.decrypt("aaa", prvRSAKeyObj) → "1abc2d..." + * KJUR.crypto.Cipher.decrypt("aaa", prvRSAKeyObj, "RSAOAEP) → "23ab02..." + */ +KJUR.crypto.Cipher.decrypt = function(hex, keyObj, algName) { + if (keyObj instanceof RSAKey && keyObj.isPrivate) { + var algName2 = KJUR.crypto.Cipher.getAlgByKeyAndName(keyObj, algName); + if (algName2 === "RSA") return keyObj.decrypt(hex); + if (algName2 === "RSAOAEP") return keyObj.decryptOAEP(hex, "sha1"); + + var a = algName2.match(/^RSAOAEP(\d+)$/); + if (a !== null) return keyObj.decryptOAEP(hex, "sha" + a[1]); + + throw "Cipher.decrypt: unsupported algorithm for RSAKey: " + algName; + } else { + throw "Cipher.decrypt: unsupported key or algorithm"; + } +}; + +/** + * get canonicalized encrypt/decrypt algorithm name by key and short/long algorithm name
      + * @name getAlgByKeyAndName + * @memberOf KJUR.crypto.Cipher + * @function + * @param {Object} keyObj RSAKey object or hexadecimal string of symmetric cipher key + * @param {String} algName short/long algorithm name for encryption/decryption + * @return {String} canonicalized algorithm name for encryption/decryption + * @since jsrsasign 6.2.0 crypto 1.1.10 + * @description + * Here is supported canonicalized cipher algorithm names and its standard names: + *
        + *
      • RSA - RSA/ECB/PKCS1Padding (default for RSAKey)
      • + *
      • RSAOAEP - RSA/ECB/OAEPWithSHA-1AndMGF1Padding
      • + *
      • RSAOAEP224 - RSA/ECB/OAEPWithSHA-224AndMGF1Padding(*)
      • + *
      • RSAOAEP256 - RSA/ECB/OAEPWithSHA-256AndMGF1Padding
      • + *
      • RSAOAEP384 - RSA/ECB/OAEPWithSHA-384AndMGF1Padding(*)
      • + *
      • RSAOAEP512 - RSA/ECB/OAEPWithSHA-512AndMGF1Padding(*)
      • + *
      + * NOTE: (*) is not supported in Java JCE. + * @example + * KJUR.crypto.Cipher.getAlgByKeyAndName(objRSAKey) → "RSA" + * KJUR.crypto.Cipher.getAlgByKeyAndName(objRSAKey, "RSAOAEP") → "RSAOAEP" + */ +KJUR.crypto.Cipher.getAlgByKeyAndName = function(keyObj, algName) { + if (keyObj instanceof RSAKey) { + if (":RSA:RSAOAEP:RSAOAEP224:RSAOAEP256:RSAOAEP384:RSAOAEP512:".indexOf(algName) != -1) + return algName; + if (algName === null || algName === undefined) return "RSA"; + throw "getAlgByKeyAndName: not supported algorithm name for RSAKey: " + algName; + } + throw "getAlgByKeyAndName: not supported algorithm name: " + algName; +} + +// ====== Other Utility class ===================================================== + /** * static object for cryptographic function utilities * @name KJUR.crypto.OID @@ -1210,8 +1418,6 @@ KJUR.crypto.Signature = function(params) { * @since crypto 1.1.3 * @description */ - - KJUR.crypto.OID = new function() { this.oidhex2name = { '2a864886f70d010101': 'rsaEncryption', diff --git a/ext/rsa-min.js b/ext/rsa-min.js index bc4d6f83..cc69fe50 100755 --- a/ext/rsa-min.js +++ b/ext/rsa-min.js @@ -1,3 +1,3 @@ /*! (c) Tom Wu | http://www-cs-students.stanford.edu/~tjw/jsbn/ */ -function parseBigInt(b,a){return new BigInteger(b,a)}function linebrk(c,d){var a="";var b=0;while(b+d=0&&h>0){var f=e.charCodeAt(d--);if(f<128){g[--h]=f}else{if((f>127)&&(f<2048)){g[--h]=(f&63)|128;g[--h]=(f>>6)|192}else{g[--h]=(f&63)|128;g[--h]=((f>>6)&63)|128;g[--h]=(f>>12)|224}}}g[--h]=0;var b=new SecureRandom();var a=new Array();while(h>2){a[0]=0;while(a[0]==0){b.nextBytes(a)}g[--h]=a[0]}g[--h]=2;g[--h]=0;return new BigInteger(g)}function oaep_mgf1_arr(c,a,e){var b="",d=0;while(b.length>24,(d&16711680)>>16,(d&65280)>>8,d&255])));d+=1}return b}var SHA1_SIZE=20;function oaep_pad(l,a,c){if(l.length+2*SHA1_SIZE+2>a){throw"Message too long for RSA"}var h="",d;for(d=0;d0&&a.length>0){this.n=parseBigInt(b,16);this.e=parseInt(a,16)}else{alert("Invalid RSA public key")}}}function RSADoPublic(a){return a.modPowInt(this.e,this.n)}function RSAEncrypt(d){var a=pkcs1pad2(d,(this.n.bitLength()+7)>>3);if(a==null){return null}var e=this.doPublic(a);if(e==null){return null}var b=e.toString(16);if((b.length&1)==0){return b}else{return"0"+b}}function RSAEncryptOAEP(e,d){var a=oaep_pad(e,(this.n.bitLength()+7)>>3,d);if(a==null){return null}var f=this.doPublic(a);if(f==null){return null}var b=f.toString(16);if((b.length&1)==0){return b}else{return"0"+b}}RSAKey.prototype.doPublic=RSADoPublic;RSAKey.prototype.setPublic=RSASetPublic;RSAKey.prototype.encrypt=RSAEncrypt;RSAKey.prototype.encryptOAEP=RSAEncryptOAEP;RSAKey.prototype.type="RSA"; \ No newline at end of file +function parseBigInt(b,a){return new BigInteger(b,a)}function linebrk(c,d){var a="";var b=0;while(b+d=0&&h>0){var f=e.charCodeAt(d--);if(f<128){g[--h]=f}else{if((f>127)&&(f<2048)){g[--h]=(f&63)|128;g[--h]=(f>>6)|192}else{g[--h]=(f&63)|128;g[--h]=((f>>6)&63)|128;g[--h]=(f>>12)|224}}}g[--h]=0;var b=new SecureRandom();var a=new Array();while(h>2){a[0]=0;while(a[0]==0){b.nextBytes(a)}g[--h]=a[0]}g[--h]=2;g[--h]=0;return new BigInteger(g)}function oaep_mgf1_arr(c,a,e){var b="",d=0;while(b.length>24,(d&16711680)>>16,(d&65280)>>8,d&255])));d+=1}return b}function oaep_pad(q,a,f,l){var c=KJUR.crypto.MessageDigest;var o=KJUR.crypto.Util;var b=null;if(!f){f="sha1"}if(typeof f==="string"){b=c.getCanonicalAlgName(f);l=c.getHashLength(b);f=function(i){return hextorstr(o.hashString(i,b))}}if(q.length+2*l+2>a){throw"Message too long for RSA"}var k="",e;for(e=0;e0&&a.length>0){this.n=parseBigInt(b,16);this.e=parseInt(a,16)}else{alert("Invalid RSA public key")}}}function RSADoPublic(a){return a.modPowInt(this.e,this.n)}function RSAEncrypt(d){var a=pkcs1pad2(d,(this.n.bitLength()+7)>>3);if(a==null){return null}var e=this.doPublic(a);if(e==null){return null}var b=e.toString(16);if((b.length&1)==0){return b}else{return"0"+b}}function RSAEncryptOAEP(f,e,b){var a=oaep_pad(f,(this.n.bitLength()+7)>>3,e,b);if(a==null){return null}var g=this.doPublic(a);if(g==null){return null}var d=g.toString(16);if((d.length&1)==0){return d}else{return"0"+d}}RSAKey.prototype.doPublic=RSADoPublic;RSAKey.prototype.setPublic=RSASetPublic;RSAKey.prototype.encrypt=RSAEncrypt;RSAKey.prototype.encryptOAEP=RSAEncryptOAEP;RSAKey.prototype.type="RSA"; \ No newline at end of file diff --git a/ext/rsa.js b/ext/rsa.js index bf5d4e47..831407c8 100644 --- a/ext/rsa.js +++ b/ext/rsa.js @@ -80,13 +80,33 @@ function oaep_mgf1_arr(seed, len, hash) return mask; } -// PKCS#1 (OAEP) pad input string s to n bytes, and return a bigint -function oaep_pad(s, n, hash, hashLen) -{ - if (!hash) - { - hash = rstr_sha1; - hashLen = 20; +/** + * PKCS#1 (OAEP) pad input string s to n bytes, and return a bigint + * @name oaep_pad + * @param s raw string of message + * @param n key length of RSA key + * @param hash JavaScript function to calculate raw hash value from raw string or algorithm name (ex. "SHA1") + * @param hashLen byte length of resulted hash value (ex. 20 for SHA1) + * @return {BigInteger} BigInteger object of resulted PKCS#1 OAEP padded message + * @description + * This function calculates OAEP padded message from original message.
      + * NOTE: Since jsrsasign 6.2.0, 'hash' argument can accept an algorithm name such as "sha1". + * @example + * oaep_pad("aaa", 128) → big integer object // SHA-1 by default + * oaep_pad("aaa", 128, function(s) {...}, 20); + * oaep_pad("aaa", 128, "sha1"); + */ +function oaep_pad(s, n, hash, hashLen) { + var MD = KJUR.crypto.MessageDigest; + var Util = KJUR.crypto.Util; + var algName = null; + + if (!hash) hash = "sha1"; + + if (typeof hash === "string") { + algName = MD.getCanonicalAlgName(hash); + hashLen = MD.getHashLength(algName); + hash = function(s) { return hextorstr(Util.hashString(s, algName)); }; } if (s.length + 2 * hashLen + 2 > n) @@ -96,8 +116,7 @@ function oaep_pad(s, n, hash, hashLen) var PS = '', i; - for (i = 0; i < n - s.length - 2 * hashLen - 2; i += 1) - { + for (i = 0; i < n - s.length - 2 * hashLen - 2; i += 1) { PS += '\x00'; } @@ -108,16 +127,14 @@ function oaep_pad(s, n, hash, hashLen) var dbMask = oaep_mgf1_arr(seed, DB.length, hash); var maskedDB = []; - for (i = 0; i < DB.length; i += 1) - { + for (i = 0; i < DB.length; i += 1) { maskedDB[i] = DB.charCodeAt(i) ^ dbMask.charCodeAt(i); } var seedMask = oaep_mgf1_arr(maskedDB, seed.length, hash); var maskedSeed = [0]; - for (i = 0; i < seed.length; i += 1) - { + for (i = 0; i < seed.length; i += 1) { maskedSeed[i + 1] = seed[i] ^ seedMask.charCodeAt(i); } @@ -169,7 +186,7 @@ function RSAEncrypt(text) { // Return the PKCS#1 OAEP RSA encryption of "text" as an even-length hex string function RSAEncryptOAEP(text, hash, hashLen) { - var m = oaep_pad(text, (this.n.bitLength()+7)>>3, hash, hashLen); + var m = oaep_pad(text, (this.n.bitLength() + 7) >> 3, hash, hashLen); if(m == null) return null; var c = this.doPublic(m); if(c == null) return null; diff --git a/ext/rsa2-min.js b/ext/rsa2-min.js index dd4bb11d..fa835aaf 100755 --- a/ext/rsa2-min.js +++ b/ext/rsa2-min.js @@ -1,3 +1,3 @@ /*! (c) Tom Wu | http://www-cs-students.stanford.edu/~tjw/jsbn/ */ -function pkcs1unpad2(g,j){var a=g.toByteArray();var f=0;while(f=a.length){return null}}var e="";while(++f191)&&(h<224)){e+=String.fromCharCode(((h&31)<<6)|(a[f+1]&63));++f}else{e+=String.fromCharCode(((h&15)<<12)|((a[f+1]&63)<<6)|(a[f+2]&63));f+=2}}}return e}function oaep_mgf1_str(c,a,e){var b="",d=0;while(b.length>24,(d&16711680)>>16,(d&65280)>>8,d&255]));d+=1}return b}var SHA1_SIZE=20;function oaep_unpad(l,b,e){l=l.toByteArray();var f;for(f=0;f0&&a.length>0){this.n=parseBigInt(c,16);this.e=parseInt(a,16);this.d=parseBigInt(b,16)}else{alert("Invalid RSA private key")}}}function RSASetPrivateEx(g,d,e,c,b,a,h,f){this.isPrivate=true;if(g==null){throw"RSASetPrivateEx N == null"}if(d==null){throw"RSASetPrivateEx E == null"}if(g.length==0){throw"RSASetPrivateEx N.length == 0"}if(d.length==0){throw"RSASetPrivateEx E.length == 0"}if(g!=null&&d!=null&&g.length>0&&d.length>0){this.n=parseBigInt(g,16);this.e=parseInt(d,16);this.d=parseBigInt(e,16);this.p=parseBigInt(c,16);this.q=parseBigInt(b,16);this.dmp1=parseBigInt(a,16);this.dmq1=parseBigInt(h,16);this.coeff=parseBigInt(f,16)}else{alert("Invalid RSA private key in RSASetPrivateEx")}}function RSAGenerate(b,i){var a=new SecureRandom();var f=b>>1;this.e=parseInt(i,16);var c=new BigInteger(i,16);for(;;){for(;;){this.p=new BigInteger(b-f,1,a);if(this.p.subtract(BigInteger.ONE).gcd(c).compareTo(BigInteger.ONE)==0&&this.p.isProbablePrime(10)){break}}for(;;){this.q=new BigInteger(f,1,a);if(this.q.subtract(BigInteger.ONE).gcd(c).compareTo(BigInteger.ONE)==0&&this.q.isProbablePrime(10)){break}}if(this.p.compareTo(this.q)<=0){var h=this.p;this.p=this.q;this.q=h}var g=this.p.subtract(BigInteger.ONE);var d=this.q.subtract(BigInteger.ONE);var e=g.multiply(d);if(e.gcd(c).compareTo(BigInteger.ONE)==0){this.n=this.p.multiply(this.q);this.d=c.modInverse(e);this.dmp1=this.d.mod(g);this.dmq1=this.d.mod(d);this.coeff=this.q.modInverse(this.p);break}}}function RSADoPrivate(a){if(this.p==null||this.q==null){return a.modPow(this.d,this.n)}var c=a.mod(this.p).modPow(this.dmp1,this.p);var b=a.mod(this.q).modPow(this.dmq1,this.q);while(c.compareTo(b)<0){c=c.add(this.p)}return c.subtract(b).multiply(this.coeff).mod(this.p).multiply(this.q).add(b)}function RSADecrypt(b){var d=parseBigInt(b,16);var a=this.doPrivate(d);if(a==null){return null}return pkcs1unpad2(a,(this.n.bitLength()+7)>>3)}function RSADecryptOAEP(d,b){var e=parseBigInt(d,16);var a=this.doPrivate(e);if(a==null){return null}return oaep_unpad(a,(this.n.bitLength()+7)>>3,b)}RSAKey.prototype.doPrivate=RSADoPrivate;RSAKey.prototype.setPrivate=RSASetPrivate;RSAKey.prototype.setPrivateEx=RSASetPrivateEx;RSAKey.prototype.generate=RSAGenerate;RSAKey.prototype.decrypt=RSADecrypt;RSAKey.prototype.decryptOAEP=RSADecryptOAEP; \ No newline at end of file +function pkcs1unpad2(g,j){var a=g.toByteArray();var f=0;while(f=a.length){return null}}var e="";while(++f191)&&(h<224)){e+=String.fromCharCode(((h&31)<<6)|(a[f+1]&63));++f}else{e+=String.fromCharCode(((h&15)<<12)|((a[f+1]&63)<<6)|(a[f+2]&63));f+=2}}}return e}function oaep_mgf1_str(c,a,e){var b="",d=0;while(b.length>24,(d&16711680)>>16,(d&65280)>>8,d&255]));d+=1}return b}function oaep_unpad(o,b,g,p){var e=KJUR.crypto.MessageDigest;var r=KJUR.crypto.Util;var c=null;if(!g){g="sha1"}if(typeof g==="string"){c=e.getCanonicalAlgName(g);p=e.getHashLength(c);g=function(d){return hextorstr(r.hashString(d,c))}}o=o.toByteArray();var h;for(h=0;h0&&a.length>0){this.n=parseBigInt(c,16);this.e=parseInt(a,16);this.d=parseBigInt(b,16)}else{alert("Invalid RSA private key")}}}function RSASetPrivateEx(g,d,e,c,b,a,h,f){this.isPrivate=true;if(g==null){throw"RSASetPrivateEx N == null"}if(d==null){throw"RSASetPrivateEx E == null"}if(g.length==0){throw"RSASetPrivateEx N.length == 0"}if(d.length==0){throw"RSASetPrivateEx E.length == 0"}if(g!=null&&d!=null&&g.length>0&&d.length>0){this.n=parseBigInt(g,16);this.e=parseInt(d,16);this.d=parseBigInt(e,16);this.p=parseBigInt(c,16);this.q=parseBigInt(b,16);this.dmp1=parseBigInt(a,16);this.dmq1=parseBigInt(h,16);this.coeff=parseBigInt(f,16)}else{alert("Invalid RSA private key in RSASetPrivateEx")}}function RSAGenerate(b,i){var a=new SecureRandom();var f=b>>1;this.e=parseInt(i,16);var c=new BigInteger(i,16);for(;;){for(;;){this.p=new BigInteger(b-f,1,a);if(this.p.subtract(BigInteger.ONE).gcd(c).compareTo(BigInteger.ONE)==0&&this.p.isProbablePrime(10)){break}}for(;;){this.q=new BigInteger(f,1,a);if(this.q.subtract(BigInteger.ONE).gcd(c).compareTo(BigInteger.ONE)==0&&this.q.isProbablePrime(10)){break}}if(this.p.compareTo(this.q)<=0){var h=this.p;this.p=this.q;this.q=h}var g=this.p.subtract(BigInteger.ONE);var d=this.q.subtract(BigInteger.ONE);var e=g.multiply(d);if(e.gcd(c).compareTo(BigInteger.ONE)==0){this.n=this.p.multiply(this.q);this.d=c.modInverse(e);this.dmp1=this.d.mod(g);this.dmq1=this.d.mod(d);this.coeff=this.q.modInverse(this.p);break}}this.isPrivate=true}function RSADoPrivate(a){if(this.p==null||this.q==null){return a.modPow(this.d,this.n)}var c=a.mod(this.p).modPow(this.dmp1,this.p);var b=a.mod(this.q).modPow(this.dmq1,this.q);while(c.compareTo(b)<0){c=c.add(this.p)}return c.subtract(b).multiply(this.coeff).mod(this.p).multiply(this.q).add(b)}function RSADecrypt(b){var d=parseBigInt(b,16);var a=this.doPrivate(d);if(a==null){return null}return pkcs1unpad2(a,(this.n.bitLength()+7)>>3)}function RSADecryptOAEP(e,d,b){var f=parseBigInt(e,16);var a=this.doPrivate(f);if(a==null){return null}return oaep_unpad(a,(this.n.bitLength()+7)>>3,d,b)}RSAKey.prototype.doPrivate=RSADoPrivate;RSAKey.prototype.setPrivate=RSASetPrivate;RSAKey.prototype.setPrivateEx=RSASetPrivateEx;RSAKey.prototype.generate=RSAGenerate;RSAKey.prototype.decrypt=RSADecrypt;RSAKey.prototype.decryptOAEP=RSADecryptOAEP; \ No newline at end of file diff --git a/ext/rsa2.js b/ext/rsa2.js index f83438a0..b2ca49d9 100644 --- a/ext/rsa2.js +++ b/ext/rsa2.js @@ -50,26 +50,44 @@ function oaep_mgf1_str(seed, len, hash) return mask; } -// Undo PKCS#1 (OAEP) padding and, if valid, return the plaintext -function oaep_unpad(d, n, hash, hashLen) -{ - if (!hash) - { - hash = rstr_sha1; - hashLen = 20; +/** + * Undo PKCS#1 (OAEP) padding and, if valid, return the plaintext + * @name oaep_unpad + * @param {BigInteger} d BigInteger object of OAEP padded message + * @param n byte length of RSA key (i.e. 128 when RSA 1024bit) + * @param hash JavaScript function to calculate raw hash value from raw string or algorithm name (ex. "SHA1") + * @param hashLen byte length of resulted hash value (i.e. 20 for SHA1) + * @return {String} raw string of OAEP unpadded message + * @description + * This function do unpadding OAEP padded message then returns an original message.
      + * NOTE: Since jsrsasign 6.2.0, 'hash' argument can accept an algorithm name such as "sha1". + * @example + * // DEFAULT(SHA1) + * bi1 = oaep_pad("aaa", 128); + * oaep_unpad(bi1, 128) → "aaa" // SHA-1 by default + */ +function oaep_unpad(d, n, hash, hashLen) { + var MD = KJUR.crypto.MessageDigest; + var Util = KJUR.crypto.Util; + var algName = null; + + if (!hash) hash = "sha1"; + + if (typeof hash === "string") { + algName = MD.getCanonicalAlgName(hash); + hashLen = MD.getHashLength(algName); + hash = function(s) { return hextorstr(Util.hashString(s, algName)); }; } d = d.toByteArray(); var i; - for (i = 0; i < d.length; i += 1) - { + for (i = 0; i < d.length; i += 1) { d[i] &= 0xff; } - while (d.length < n) - { + while (d.length < n) { d.unshift(0); } @@ -86,18 +104,16 @@ function oaep_unpad(d, n, hash, hashLen) var seedMask = oaep_mgf1_str(maskedDB, hashLen, hash); var seed = [], i; - for (i = 0; i < maskedSeed.length; i += 1) - { + for (i = 0; i < maskedSeed.length; i += 1) { seed[i] = maskedSeed.charCodeAt(i) ^ seedMask.charCodeAt(i); } var dbMask = oaep_mgf1_str(String.fromCharCode.apply(String, seed), - d.length - hashLen, hash); + d.length - hashLen, hash); var DB = []; - for (i = 0; i < maskedDB.length; i += 1) - { + for (i = 0; i < maskedDB.length; i += 1) { DB[i] = maskedDB.charCodeAt(i) ^ dbMask.charCodeAt(i); } diff --git a/index.html b/index.html index 94ccf57c..298407c1 100755 --- a/index.html +++ b/index.html @@ -69,6 +69,11 @@

      FEATURES

      NEWS

      +
      2016-Nov-03: +
      +Release 6.2.0 is now available. +Cipher class added. +
      2016-Sep-24:
      Release 6.1.0 is now available. diff --git a/jsrsasign-latest-all-min.js b/jsrsasign-latest-all-min.js index 64beae83..3b9693b8 100644 --- a/jsrsasign-latest-all-min.js +++ b/jsrsasign-latest-all-min.js @@ -199,10 +199,10 @@ function Arcfour(){this.i=0;this.j=0;this.S=new Array()}function ARC4init(d){var var rng_state;var rng_pool;var rng_pptr;function rng_seed_int(a){rng_pool[rng_pptr++]^=a&255;rng_pool[rng_pptr++]^=(a>>8)&255;rng_pool[rng_pptr++]^=(a>>16)&255;rng_pool[rng_pptr++]^=(a>>24)&255;if(rng_pptr>=rng_psize){rng_pptr-=rng_psize}}function rng_seed_time(){rng_seed_int(new Date().getTime())}if(rng_pool==null){rng_pool=new Array();rng_pptr=0;var t;if(window.crypto&&window.crypto.getRandomValues){var ua=new Uint8Array(32);window.crypto.getRandomValues(ua);for(t=0;t<32;++t){rng_pool[rng_pptr++]=ua[t]}}if(navigator.appName=="Netscape"&&navigator.appVersion<"5"&&window.crypto){var z=window.crypto.random(32);for(t=0;t>>8;rng_pool[rng_pptr++]=t&255}rng_pptr=0;rng_seed_time()}function rng_get_byte(){if(rng_state==null){rng_seed_time();rng_state=prng_newstate();rng_state.init(rng_pool);for(rng_pptr=0;rng_pptr=0&&h>0){var f=e.charCodeAt(d--);if(f<128){g[--h]=f}else{if((f>127)&&(f<2048)){g[--h]=(f&63)|128;g[--h]=(f>>6)|192}else{g[--h]=(f&63)|128;g[--h]=((f>>6)&63)|128;g[--h]=(f>>12)|224}}}g[--h]=0;var b=new SecureRandom();var a=new Array();while(h>2){a[0]=0;while(a[0]==0){b.nextBytes(a)}g[--h]=a[0]}g[--h]=2;g[--h]=0;return new BigInteger(g)}function oaep_mgf1_arr(c,a,e){var b="",d=0;while(b.length>24,(d&16711680)>>16,(d&65280)>>8,d&255])));d+=1}return b}var SHA1_SIZE=20;function oaep_pad(l,a,c){if(l.length+2*SHA1_SIZE+2>a){throw"Message too long for RSA"}var h="",d;for(d=0;d0&&a.length>0){this.n=parseBigInt(b,16);this.e=parseInt(a,16)}else{alert("Invalid RSA public key")}}}function RSADoPublic(a){return a.modPowInt(this.e,this.n)}function RSAEncrypt(d){var a=pkcs1pad2(d,(this.n.bitLength()+7)>>3);if(a==null){return null}var e=this.doPublic(a);if(e==null){return null}var b=e.toString(16);if((b.length&1)==0){return b}else{return"0"+b}}function RSAEncryptOAEP(e,d){var a=oaep_pad(e,(this.n.bitLength()+7)>>3,d);if(a==null){return null}var f=this.doPublic(a);if(f==null){return null}var b=f.toString(16);if((b.length&1)==0){return b}else{return"0"+b}}RSAKey.prototype.doPublic=RSADoPublic;RSAKey.prototype.setPublic=RSASetPublic;RSAKey.prototype.encrypt=RSAEncrypt;RSAKey.prototype.encryptOAEP=RSAEncryptOAEP;RSAKey.prototype.type="RSA"; +function parseBigInt(b,a){return new BigInteger(b,a)}function linebrk(c,d){var a="";var b=0;while(b+d=0&&h>0){var f=e.charCodeAt(d--);if(f<128){g[--h]=f}else{if((f>127)&&(f<2048)){g[--h]=(f&63)|128;g[--h]=(f>>6)|192}else{g[--h]=(f&63)|128;g[--h]=((f>>6)&63)|128;g[--h]=(f>>12)|224}}}g[--h]=0;var b=new SecureRandom();var a=new Array();while(h>2){a[0]=0;while(a[0]==0){b.nextBytes(a)}g[--h]=a[0]}g[--h]=2;g[--h]=0;return new BigInteger(g)}function oaep_mgf1_arr(c,a,e){var b="",d=0;while(b.length>24,(d&16711680)>>16,(d&65280)>>8,d&255])));d+=1}return b}function oaep_pad(q,a,f,l){var c=KJUR.crypto.MessageDigest;var o=KJUR.crypto.Util;var b=null;if(!f){f="sha1"}if(typeof f==="string"){b=c.getCanonicalAlgName(f);l=c.getHashLength(b);f=function(i){return hextorstr(o.hashString(i,b))}}if(q.length+2*l+2>a){throw"Message too long for RSA"}var k="",e;for(e=0;e0&&a.length>0){this.n=parseBigInt(b,16);this.e=parseInt(a,16)}else{alert("Invalid RSA public key")}}}function RSADoPublic(a){return a.modPowInt(this.e,this.n)}function RSAEncrypt(d){var a=pkcs1pad2(d,(this.n.bitLength()+7)>>3);if(a==null){return null}var e=this.doPublic(a);if(e==null){return null}var b=e.toString(16);if((b.length&1)==0){return b}else{return"0"+b}}function RSAEncryptOAEP(f,e,b){var a=oaep_pad(f,(this.n.bitLength()+7)>>3,e,b);if(a==null){return null}var g=this.doPublic(a);if(g==null){return null}var d=g.toString(16);if((d.length&1)==0){return d}else{return"0"+d}}RSAKey.prototype.doPublic=RSADoPublic;RSAKey.prototype.setPublic=RSASetPublic;RSAKey.prototype.encrypt=RSAEncrypt;RSAKey.prototype.encryptOAEP=RSAEncryptOAEP;RSAKey.prototype.type="RSA"; /*! (c) Tom Wu | http://www-cs-students.stanford.edu/~tjw/jsbn/ */ -function pkcs1unpad2(g,j){var a=g.toByteArray();var f=0;while(f=a.length){return null}}var e="";while(++f191)&&(h<224)){e+=String.fromCharCode(((h&31)<<6)|(a[f+1]&63));++f}else{e+=String.fromCharCode(((h&15)<<12)|((a[f+1]&63)<<6)|(a[f+2]&63));f+=2}}}return e}function oaep_mgf1_str(c,a,e){var b="",d=0;while(b.length>24,(d&16711680)>>16,(d&65280)>>8,d&255]));d+=1}return b}var SHA1_SIZE=20;function oaep_unpad(l,b,e){l=l.toByteArray();var f;for(f=0;f0&&a.length>0){this.n=parseBigInt(c,16);this.e=parseInt(a,16);this.d=parseBigInt(b,16)}else{alert("Invalid RSA private key")}}}function RSASetPrivateEx(g,d,e,c,b,a,h,f){this.isPrivate=true;if(g==null){throw"RSASetPrivateEx N == null"}if(d==null){throw"RSASetPrivateEx E == null"}if(g.length==0){throw"RSASetPrivateEx N.length == 0"}if(d.length==0){throw"RSASetPrivateEx E.length == 0"}if(g!=null&&d!=null&&g.length>0&&d.length>0){this.n=parseBigInt(g,16);this.e=parseInt(d,16);this.d=parseBigInt(e,16);this.p=parseBigInt(c,16);this.q=parseBigInt(b,16);this.dmp1=parseBigInt(a,16);this.dmq1=parseBigInt(h,16);this.coeff=parseBigInt(f,16)}else{alert("Invalid RSA private key in RSASetPrivateEx")}}function RSAGenerate(b,i){var a=new SecureRandom();var f=b>>1;this.e=parseInt(i,16);var c=new BigInteger(i,16);for(;;){for(;;){this.p=new BigInteger(b-f,1,a);if(this.p.subtract(BigInteger.ONE).gcd(c).compareTo(BigInteger.ONE)==0&&this.p.isProbablePrime(10)){break}}for(;;){this.q=new BigInteger(f,1,a);if(this.q.subtract(BigInteger.ONE).gcd(c).compareTo(BigInteger.ONE)==0&&this.q.isProbablePrime(10)){break}}if(this.p.compareTo(this.q)<=0){var h=this.p;this.p=this.q;this.q=h}var g=this.p.subtract(BigInteger.ONE);var d=this.q.subtract(BigInteger.ONE);var e=g.multiply(d);if(e.gcd(c).compareTo(BigInteger.ONE)==0){this.n=this.p.multiply(this.q);this.d=c.modInverse(e);this.dmp1=this.d.mod(g);this.dmq1=this.d.mod(d);this.coeff=this.q.modInverse(this.p);break}}}function RSADoPrivate(a){if(this.p==null||this.q==null){return a.modPow(this.d,this.n)}var c=a.mod(this.p).modPow(this.dmp1,this.p);var b=a.mod(this.q).modPow(this.dmq1,this.q);while(c.compareTo(b)<0){c=c.add(this.p)}return c.subtract(b).multiply(this.coeff).mod(this.p).multiply(this.q).add(b)}function RSADecrypt(b){var d=parseBigInt(b,16);var a=this.doPrivate(d);if(a==null){return null}return pkcs1unpad2(a,(this.n.bitLength()+7)>>3)}function RSADecryptOAEP(d,b){var e=parseBigInt(d,16);var a=this.doPrivate(e);if(a==null){return null}return oaep_unpad(a,(this.n.bitLength()+7)>>3,b)}RSAKey.prototype.doPrivate=RSADoPrivate;RSAKey.prototype.setPrivate=RSASetPrivate;RSAKey.prototype.setPrivateEx=RSASetPrivateEx;RSAKey.prototype.generate=RSAGenerate;RSAKey.prototype.decrypt=RSADecrypt;RSAKey.prototype.decryptOAEP=RSADecryptOAEP; +function pkcs1unpad2(g,j){var a=g.toByteArray();var f=0;while(f=a.length){return null}}var e="";while(++f191)&&(h<224)){e+=String.fromCharCode(((h&31)<<6)|(a[f+1]&63));++f}else{e+=String.fromCharCode(((h&15)<<12)|((a[f+1]&63)<<6)|(a[f+2]&63));f+=2}}}return e}function oaep_mgf1_str(c,a,e){var b="",d=0;while(b.length>24,(d&16711680)>>16,(d&65280)>>8,d&255]));d+=1}return b}function oaep_unpad(o,b,g,p){var e=KJUR.crypto.MessageDigest;var r=KJUR.crypto.Util;var c=null;if(!g){g="sha1"}if(typeof g==="string"){c=e.getCanonicalAlgName(g);p=e.getHashLength(c);g=function(d){return hextorstr(r.hashString(d,c))}}o=o.toByteArray();var h;for(h=0;h0&&a.length>0){this.n=parseBigInt(c,16);this.e=parseInt(a,16);this.d=parseBigInt(b,16)}else{alert("Invalid RSA private key")}}}function RSASetPrivateEx(g,d,e,c,b,a,h,f){this.isPrivate=true;if(g==null){throw"RSASetPrivateEx N == null"}if(d==null){throw"RSASetPrivateEx E == null"}if(g.length==0){throw"RSASetPrivateEx N.length == 0"}if(d.length==0){throw"RSASetPrivateEx E.length == 0"}if(g!=null&&d!=null&&g.length>0&&d.length>0){this.n=parseBigInt(g,16);this.e=parseInt(d,16);this.d=parseBigInt(e,16);this.p=parseBigInt(c,16);this.q=parseBigInt(b,16);this.dmp1=parseBigInt(a,16);this.dmq1=parseBigInt(h,16);this.coeff=parseBigInt(f,16)}else{alert("Invalid RSA private key in RSASetPrivateEx")}}function RSAGenerate(b,i){var a=new SecureRandom();var f=b>>1;this.e=parseInt(i,16);var c=new BigInteger(i,16);for(;;){for(;;){this.p=new BigInteger(b-f,1,a);if(this.p.subtract(BigInteger.ONE).gcd(c).compareTo(BigInteger.ONE)==0&&this.p.isProbablePrime(10)){break}}for(;;){this.q=new BigInteger(f,1,a);if(this.q.subtract(BigInteger.ONE).gcd(c).compareTo(BigInteger.ONE)==0&&this.q.isProbablePrime(10)){break}}if(this.p.compareTo(this.q)<=0){var h=this.p;this.p=this.q;this.q=h}var g=this.p.subtract(BigInteger.ONE);var d=this.q.subtract(BigInteger.ONE);var e=g.multiply(d);if(e.gcd(c).compareTo(BigInteger.ONE)==0){this.n=this.p.multiply(this.q);this.d=c.modInverse(e);this.dmp1=this.d.mod(g);this.dmq1=this.d.mod(d);this.coeff=this.q.modInverse(this.p);break}}this.isPrivate=true}function RSADoPrivate(a){if(this.p==null||this.q==null){return a.modPow(this.d,this.n)}var c=a.mod(this.p).modPow(this.dmp1,this.p);var b=a.mod(this.q).modPow(this.dmq1,this.q);while(c.compareTo(b)<0){c=c.add(this.p)}return c.subtract(b).multiply(this.coeff).mod(this.p).multiply(this.q).add(b)}function RSADecrypt(b){var d=parseBigInt(b,16);var a=this.doPrivate(d);if(a==null){return null}return pkcs1unpad2(a,(this.n.bitLength()+7)>>3)}function RSADecryptOAEP(e,d,b){var f=parseBigInt(e,16);var a=this.doPrivate(f);if(a==null){return null}return oaep_unpad(a,(this.n.bitLength()+7)>>3,d,b)}RSAKey.prototype.doPrivate=RSADoPrivate;RSAKey.prototype.setPrivate=RSASetPrivate;RSAKey.prototype.setPrivateEx=RSASetPrivateEx;RSAKey.prototype.generate=RSAGenerate;RSAKey.prototype.decrypt=RSADecrypt;RSAKey.prototype.decryptOAEP=RSADecryptOAEP; /*! (c) Tom Wu | http://www-cs-students.stanford.edu/~tjw/jsbn/ */ function ECFieldElementFp(b,a){this.x=a;this.q=b}function feFpEquals(a){if(a==this){return true}return(this.q.equals(a.q)&&this.x.equals(a.x))}function feFpToBigInteger(){return this.x}function feFpNegate(){return new ECFieldElementFp(this.q,this.x.negate().mod(this.q))}function feFpAdd(a){return new ECFieldElementFp(this.q,this.x.add(a.toBigInteger()).mod(this.q))}function feFpSubtract(a){return new ECFieldElementFp(this.q,this.x.subtract(a.toBigInteger()).mod(this.q))}function feFpMultiply(a){return new ECFieldElementFp(this.q,this.x.multiply(a.toBigInteger()).mod(this.q))}function feFpSquare(){return new ECFieldElementFp(this.q,this.x.square().mod(this.q))}function feFpDivide(a){return new ECFieldElementFp(this.q,this.x.multiply(a.toBigInteger().modInverse(this.q)).mod(this.q))}ECFieldElementFp.prototype.equals=feFpEquals;ECFieldElementFp.prototype.toBigInteger=feFpToBigInteger;ECFieldElementFp.prototype.negate=feFpNegate;ECFieldElementFp.prototype.add=feFpAdd;ECFieldElementFp.prototype.subtract=feFpSubtract;ECFieldElementFp.prototype.multiply=feFpMultiply;ECFieldElementFp.prototype.square=feFpSquare;ECFieldElementFp.prototype.divide=feFpDivide;function ECPointFp(c,a,d,b){this.curve=c;this.x=a;this.y=d;if(b==null){this.z=BigInteger.ONE}else{this.z=b}this.zinv=null}function pointFpGetX(){if(this.zinv==null){this.zinv=this.z.modInverse(this.curve.q)}return this.curve.fromBigInteger(this.x.toBigInteger().multiply(this.zinv).mod(this.curve.q))}function pointFpGetY(){if(this.zinv==null){this.zinv=this.z.modInverse(this.curve.q)}return this.curve.fromBigInteger(this.y.toBigInteger().multiply(this.zinv).mod(this.curve.q))}function pointFpEquals(a){if(a==this){return true}if(this.isInfinity()){return a.isInfinity()}if(a.isInfinity()){return this.isInfinity()}var c,b;c=a.y.toBigInteger().multiply(this.z).subtract(this.y.toBigInteger().multiply(a.z)).mod(this.curve.q);if(!c.equals(BigInteger.ZERO)){return false}b=a.x.toBigInteger().multiply(this.z).subtract(this.x.toBigInteger().multiply(a.z)).mod(this.curve.q);return b.equals(BigInteger.ZERO)}function pointFpIsInfinity(){if((this.x==null)&&(this.y==null)){return true}return this.z.equals(BigInteger.ZERO)&&!this.y.toBigInteger().equals(BigInteger.ZERO)}function pointFpNegate(){return new ECPointFp(this.curve,this.x,this.y.negate(),this.z)}function pointFpAdd(l){if(this.isInfinity()){return l}if(l.isInfinity()){return this}var p=l.y.toBigInteger().multiply(this.z).subtract(this.y.toBigInteger().multiply(l.z)).mod(this.curve.q);var o=l.x.toBigInteger().multiply(this.z).subtract(this.x.toBigInteger().multiply(l.z)).mod(this.curve.q);if(BigInteger.ZERO.equals(o)){if(BigInteger.ZERO.equals(p)){return this.twice()}return this.curve.getInfinity()}var j=new BigInteger("3");var e=this.x.toBigInteger();var n=this.y.toBigInteger();var c=l.x.toBigInteger();var k=l.y.toBigInteger();var m=o.square();var i=m.multiply(o);var d=e.multiply(m);var g=p.square().multiply(this.z);var a=g.subtract(d.shiftLeft(1)).multiply(l.z).subtract(i).multiply(o).mod(this.curve.q);var h=d.multiply(j).multiply(p).subtract(n.multiply(i)).subtract(g.multiply(p)).multiply(l.z).add(p.multiply(i)).mod(this.curve.q);var f=i.multiply(this.z).multiply(l.z).mod(this.curve.q);return new ECPointFp(this.curve,this.curve.fromBigInteger(a),this.curve.fromBigInteger(h),f)}function pointFpTwice(){if(this.isInfinity()){return this}if(this.y.toBigInteger().signum()==0){return this.curve.getInfinity()}var g=new BigInteger("3");var c=this.x.toBigInteger();var h=this.y.toBigInteger();var e=h.multiply(this.z);var j=e.multiply(h).mod(this.curve.q);var i=this.curve.a.toBigInteger();var k=c.square().multiply(g);if(!BigInteger.ZERO.equals(i)){k=k.add(this.z.square().multiply(i))}k=k.mod(this.curve.q);var b=k.square().subtract(c.shiftLeft(3).multiply(j)).shiftLeft(1).multiply(e).mod(this.curve.q);var f=k.multiply(g).multiply(c).subtract(j.shiftLeft(1)).shiftLeft(2).multiply(j).subtract(k.square().multiply(k)).mod(this.curve.q);var d=e.square().multiply(e).shiftLeft(3).mod(this.curve.q);return new ECPointFp(this.curve,this.curve.fromBigInteger(b),this.curve.fromBigInteger(f),d)}function pointFpMultiply(b){if(this.isInfinity()){return this}if(b.signum()==0){return this.curve.getInfinity()}var g=b;var f=g.multiply(new BigInteger("3"));var l=this.negate();var d=this;var c;for(c=f.bitLength()-2;c>0;--c){d=d.twice();var a=f.testBit(c);var j=g.testBit(c);if(a!=j){d=d.add(a?this:l)}}return d}function pointFpMultiplyTwo(c,a,b){var d;if(c.bitLength()>b.bitLength()){d=c.bitLength()-1}else{d=b.bitLength()-1}var f=this.curve.getInfinity();var e=this.add(a);while(d>=0){f=f.twice();if(c.testBit(d)){if(b.testBit(d)){f=f.add(e)}else{f=f.add(this)}}else{if(b.testBit(d)){f=f.add(a)}}--d}return f}ECPointFp.prototype.getX=pointFpGetX;ECPointFp.prototype.getY=pointFpGetY;ECPointFp.prototype.equals=pointFpEquals;ECPointFp.prototype.isInfinity=pointFpIsInfinity;ECPointFp.prototype.negate=pointFpNegate;ECPointFp.prototype.add=pointFpAdd;ECPointFp.prototype.twice=pointFpTwice;ECPointFp.prototype.multiply=pointFpMultiply;ECPointFp.prototype.multiplyTwo=pointFpMultiplyTwo;function ECCurveFp(e,d,c){this.q=e;this.a=this.fromBigInteger(d);this.b=this.fromBigInteger(c);this.infinity=new ECPointFp(this,null,null)}function curveFpGetQ(){return this.q}function curveFpGetA(){return this.a}function curveFpGetB(){return this.b}function curveFpEquals(a){if(a==this){return true}return(this.q.equals(a.q)&&this.a.equals(a.a)&&this.b.equals(a.b))}function curveFpGetInfinity(){return this.infinity}function curveFpFromBigInteger(a){return new ECFieldElementFp(this.q,a)}function curveFpDecodePointHex(d){switch(parseInt(d.substr(0,2),16)){case 0:return this.infinity;case 2:case 3:return null;case 4:case 6:case 7:var a=(d.length-2)/2;var c=d.substr(2,a);var b=d.substr(a+2,a);return new ECPointFp(this,this.fromBigInteger(new BigInteger(c,16)),this.fromBigInteger(new BigInteger(b,16)));default:return null}}ECCurveFp.prototype.getQ=curveFpGetQ;ECCurveFp.prototype.getA=curveFpGetA;ECCurveFp.prototype.getB=curveFpGetB;ECCurveFp.prototype.equals=curveFpEquals;ECCurveFp.prototype.getInfinity=curveFpGetInfinity;ECCurveFp.prototype.fromBigInteger=curveFpFromBigInteger;ECCurveFp.prototype.decodePointHex=curveFpDecodePointHex; @@ -218,9 +218,9 @@ var jsonParse=(function(){var e="(?:-?\\b(?:0|[1-9][0-9]*)(?:\\.[0-9]+)?(?:[eE][ /*! asn1hex-1.1.7.js (c) 2012-2016 Kenji Urushima | kjur.github.com/jsrsasign/license */ ;var ASN1HEX=new function(){};ASN1HEX.getByteLengthOfL_AtObj=function(b,c){if(b.substring(c+2,c+3)!="8"){return 1}var a=parseInt(b.substring(c+3,c+4));if(a==0){return -1}if(0=(b*2))){break}if(d>=200){break}c.push(e);g=e;d++}return c};ASN1HEX.getNthChildIndex_AtObj=function(d,b,e){var c=ASN1HEX.getPosArrayOfChildren_AtObj(d,b);return c[e]};ASN1HEX.getDecendantIndexByNthList=function(e,d,c){if(c.length==0){return d}var f=c.shift();var b=ASN1HEX.getPosArrayOfChildren_AtObj(e,d);return ASN1HEX.getDecendantIndexByNthList(e,b[f],c)};ASN1HEX.getDecendantHexTLVByNthList=function(d,c,b){var a=ASN1HEX.getDecendantIndexByNthList(d,c,b);return ASN1HEX.getHexOfTLV_AtObj(d,a)};ASN1HEX.getDecendantHexVByNthList=function(d,c,b){var a=ASN1HEX.getDecendantIndexByNthList(d,c,b);return ASN1HEX.getHexOfV_AtObj(d,a)};ASN1HEX.getVbyList=function(d,c,b,e){var a=ASN1HEX.getDecendantIndexByNthList(d,c,b);if(a===undefined){throw new Error("can't find nthList object")}if(e!==undefined){if(d.substr(a,2)!=e){throw new Error("checking tag doesn't match: "+d.substr(a,2)+"!="+e)}}return ASN1HEX.getHexOfV_AtObj(d,a)};ASN1HEX.hextooidstr=function(e){var h=function(b,a){if(b.length>=a){return b}return new Array(a-b.length+1).join("0")+b};var l=[];var o=e.substr(0,2);var f=parseInt(o,16);l[0]=new String(Math.floor(f/40));l[1]=new String(f%40);var m=e.substr(2);var k=[];for(var g=0;g0){n=n+"."+j.join(".")}return n};ASN1HEX.dump=function(e,c,k,g){var o=function(w,i){if(w.length<=i*2){return w}else{var v=w.substr(0,i)+"..(total "+w.length/2+"bytes).."+w.substr(w.length-i,i);return v}};if(c===undefined){c={ommit_long_octet:32}}if(k===undefined){k=0}if(g===undefined){g=""}var r=c.ommit_long_octet;if(e.substr(k,2)=="01"){var h=ASN1HEX.getHexOfV_AtObj(e,k);if(h=="00"){return g+"BOOLEAN FALSE\n"}else{return g+"BOOLEAN TRUE\n"}}if(e.substr(k,2)=="02"){var h=ASN1HEX.getHexOfV_AtObj(e,k);return g+"INTEGER "+o(h,r)+"\n"}if(e.substr(k,2)=="03"){var h=ASN1HEX.getHexOfV_AtObj(e,k);return g+"BITSTRING "+o(h,r)+"\n"}if(e.substr(k,2)=="04"){var h=ASN1HEX.getHexOfV_AtObj(e,k);if(ASN1HEX.isASN1HEX(h)){var j=g+"OCTETSTRING, encapsulates\n";j=j+ASN1HEX.dump(h,c,0,g+" ");return j}else{return g+"OCTETSTRING "+o(h,r)+"\n"}}if(e.substr(k,2)=="05"){return g+"NULL\n"}if(e.substr(k,2)=="06"){var l=ASN1HEX.getHexOfV_AtObj(e,k);var a=KJUR.asn1.ASN1Util.oidHexToInt(l);var n=KJUR.asn1.x509.OID.oid2name(a);var b=a.replace(/\./g," ");if(n!=""){return g+"ObjectIdentifier "+n+" ("+b+")\n"}else{return g+"ObjectIdentifier ("+b+")\n"}}if(e.substr(k,2)=="0c"){return g+"UTF8String '"+hextoutf8(ASN1HEX.getHexOfV_AtObj(e,k))+"'\n"}if(e.substr(k,2)=="13"){return g+"PrintableString '"+hextoutf8(ASN1HEX.getHexOfV_AtObj(e,k))+"'\n"}if(e.substr(k,2)=="14"){return g+"TeletexString '"+hextoutf8(ASN1HEX.getHexOfV_AtObj(e,k))+"'\n"}if(e.substr(k,2)=="16"){return g+"IA5String '"+hextoutf8(ASN1HEX.getHexOfV_AtObj(e,k))+"'\n"}if(e.substr(k,2)=="17"){return g+"UTCTime "+hextoutf8(ASN1HEX.getHexOfV_AtObj(e,k))+"\n"}if(e.substr(k,2)=="18"){return g+"GeneralizedTime "+hextoutf8(ASN1HEX.getHexOfV_AtObj(e,k))+"\n"}if(e.substr(k,2)=="30"){if(e.substr(k,4)=="3000"){return g+"SEQUENCE {}\n"}var j=g+"SEQUENCE\n";var d=ASN1HEX.getPosArrayOfChildren_AtObj(e,k);var f=c;if((d.length==2||d.length==3)&&e.substr(d[0],2)=="06"&&e.substr(d[d.length-1],2)=="04"){var t=ASN1HEX.getHexOfV_AtObj(e,d[0]);var a=KJUR.asn1.ASN1Util.oidHexToInt(t);var n=KJUR.asn1.x509.OID.oid2name(a);var p=JSON.parse(JSON.stringify(c));p.x509ExtName=n;f=p}for(var q=0;q0){var d=new KJUR.asn1.DERSequence({array:this.extensionsArray});var b=new KJUR.asn1.DERTaggedObject({explicit:true,tag:"a3",obj:d});this.asn1Array.push(b)}var e=new KJUR.asn1.DERSequence({array:this.asn1Array});this.hTLV=e.getEncodedHex();this.isModified=false;return this.hTLV};this._initialize()};YAHOO.lang.extend(KJUR.asn1.x509.TBSCertificate,KJUR.asn1.ASN1Object);KJUR.asn1.x509.Extension=function(b){KJUR.asn1.x509.Extension.superclass.constructor.call(this);var a=null;this.getEncodedHex=function(){var f=new KJUR.asn1.DERObjectIdentifier({oid:this.oid});var e=new KJUR.asn1.DEROctetString({hex:this.getExtnValueHex()});var d=new Array();d.push(f);if(this.critical){d.push(new KJUR.asn1.DERBoolean())}d.push(e);var c=new KJUR.asn1.DERSequence({array:d});return c.getEncodedHex()};this.critical=false;if(typeof b!="undefined"){if(typeof b.critical!="undefined"){this.critical=b.critical}}};YAHOO.lang.extend(KJUR.asn1.x509.Extension,KJUR.asn1.ASN1Object);KJUR.asn1.x509.KeyUsage=function(a){KJUR.asn1.x509.KeyUsage.superclass.constructor.call(this,a);this.getExtnValueHex=function(){return this.asn1ExtnValue.getEncodedHex()};this.oid="2.5.29.15";if(typeof a!="undefined"){if(typeof a.bin!="undefined"){this.asn1ExtnValue=new KJUR.asn1.DERBitString(a)}}};YAHOO.lang.extend(KJUR.asn1.x509.KeyUsage,KJUR.asn1.x509.Extension);KJUR.asn1.x509.BasicConstraints=function(c){KJUR.asn1.x509.BasicConstraints.superclass.constructor.call(this,c);var a=false;var b=-1;this.getExtnValueHex=function(){var e=new Array();if(this.cA){e.push(new KJUR.asn1.DERBoolean())}if(this.pathLen>-1){e.push(new KJUR.asn1.DERInteger({"int":this.pathLen}))}var d=new KJUR.asn1.DERSequence({array:e});this.asn1ExtnValue=d;return this.asn1ExtnValue.getEncodedHex()};this.oid="2.5.29.19";this.cA=false;this.pathLen=-1;if(typeof c!="undefined"){if(typeof c.cA!="undefined"){this.cA=c.cA}if(typeof c.pathLen!="undefined"){this.pathLen=c.pathLen}}};YAHOO.lang.extend(KJUR.asn1.x509.BasicConstraints,KJUR.asn1.x509.Extension);KJUR.asn1.x509.CRLDistributionPoints=function(a){KJUR.asn1.x509.CRLDistributionPoints.superclass.constructor.call(this,a);this.getExtnValueHex=function(){return this.asn1ExtnValue.getEncodedHex()};this.setByDPArray=function(b){this.asn1ExtnValue=new KJUR.asn1.DERSequence({array:b})};this.setByOneURI=function(e){var b=new KJUR.asn1.x509.GeneralNames([{uri:e}]);var d=new KJUR.asn1.x509.DistributionPointName(b);var c=new KJUR.asn1.x509.DistributionPoint({dpobj:d});this.setByDPArray([c])};this.oid="2.5.29.31";if(typeof a!="undefined"){if(typeof a.array!="undefined"){this.setByDPArray(a.array)}else{if(typeof a.uri!="undefined"){this.setByOneURI(a.uri)}}}};YAHOO.lang.extend(KJUR.asn1.x509.CRLDistributionPoints,KJUR.asn1.x509.Extension);KJUR.asn1.x509.ExtKeyUsage=function(a){KJUR.asn1.x509.ExtKeyUsage.superclass.constructor.call(this,a);this.setPurposeArray=function(b){this.asn1ExtnValue=new KJUR.asn1.DERSequence();for(var c=0;c0){var c=new KJUR.asn1.DERSequence({array:this.aRevokedCert});this.asn1Array.push(c)}var d=new KJUR.asn1.DERSequence({array:this.asn1Array});this.hTLV=d.getEncodedHex();this.isModified=false;return this.hTLV};this._initialize=function(){this.asn1Version=null;this.asn1SignatureAlg=null;this.asn1Issuer=null;this.asn1ThisUpdate=null;this.asn1NextUpdate=null;this.aRevokedCert=new Array()};this._initialize()};YAHOO.lang.extend(KJUR.asn1.x509.TBSCertList,KJUR.asn1.ASN1Object);KJUR.asn1.x509.CRLEntry=function(c){KJUR.asn1.x509.CRLEntry.superclass.constructor.call(this);var b=null;var a=null;this.setCertSerial=function(d){this.sn=new KJUR.asn1.DERInteger(d)};this.setRevocationDate=function(d){this.time=new KJUR.asn1.x509.Time(d)};this.getEncodedHex=function(){var d=new KJUR.asn1.DERSequence({array:[this.sn,this.time]});this.TLV=d.getEncodedHex();return this.TLV};if(typeof c!="undefined"){if(typeof c.time!="undefined"){this.setRevocationDate(c.time)}if(typeof c.sn!="undefined"){this.setCertSerial(c.sn)}}};YAHOO.lang.extend(KJUR.asn1.x509.CRLEntry,KJUR.asn1.ASN1Object);KJUR.asn1.x509.X500Name=function(b){KJUR.asn1.x509.X500Name.superclass.constructor.call(this);this.asn1Array=new Array();this.setByString=function(c){var d=c.split("/");d.shift();for(var e=0;e0){var d=new KJUR.asn1.DERSequence({array:this.extensionsArray});var b=new KJUR.asn1.DERTaggedObject({explicit:true,tag:"a3",obj:d});this.asn1Array.push(b)}var e=new KJUR.asn1.DERSequence({array:this.asn1Array});this.hTLV=e.getEncodedHex();this.isModified=false;return this.hTLV};this._initialize()};YAHOO.lang.extend(KJUR.asn1.x509.TBSCertificate,KJUR.asn1.ASN1Object);KJUR.asn1.x509.Extension=function(b){KJUR.asn1.x509.Extension.superclass.constructor.call(this);var a=null;this.getEncodedHex=function(){var f=new KJUR.asn1.DERObjectIdentifier({oid:this.oid});var e=new KJUR.asn1.DEROctetString({hex:this.getExtnValueHex()});var d=new Array();d.push(f);if(this.critical){d.push(new KJUR.asn1.DERBoolean())}d.push(e);var c=new KJUR.asn1.DERSequence({array:d});return c.getEncodedHex()};this.critical=false;if(typeof b!="undefined"){if(typeof b.critical!="undefined"){this.critical=b.critical}}};YAHOO.lang.extend(KJUR.asn1.x509.Extension,KJUR.asn1.ASN1Object);KJUR.asn1.x509.KeyUsage=function(a){KJUR.asn1.x509.KeyUsage.superclass.constructor.call(this,a);this.getExtnValueHex=function(){return this.asn1ExtnValue.getEncodedHex()};this.oid="2.5.29.15";if(typeof a!="undefined"){if(typeof a.bin!="undefined"){this.asn1ExtnValue=new KJUR.asn1.DERBitString(a)}}};YAHOO.lang.extend(KJUR.asn1.x509.KeyUsage,KJUR.asn1.x509.Extension);KJUR.asn1.x509.BasicConstraints=function(c){KJUR.asn1.x509.BasicConstraints.superclass.constructor.call(this,c);var a=false;var b=-1;this.getExtnValueHex=function(){var e=new Array();if(this.cA){e.push(new KJUR.asn1.DERBoolean())}if(this.pathLen>-1){e.push(new KJUR.asn1.DERInteger({"int":this.pathLen}))}var d=new KJUR.asn1.DERSequence({array:e});this.asn1ExtnValue=d;return this.asn1ExtnValue.getEncodedHex()};this.oid="2.5.29.19";this.cA=false;this.pathLen=-1;if(typeof c!="undefined"){if(typeof c.cA!="undefined"){this.cA=c.cA}if(typeof c.pathLen!="undefined"){this.pathLen=c.pathLen}}};YAHOO.lang.extend(KJUR.asn1.x509.BasicConstraints,KJUR.asn1.x509.Extension);KJUR.asn1.x509.CRLDistributionPoints=function(a){KJUR.asn1.x509.CRLDistributionPoints.superclass.constructor.call(this,a);this.getExtnValueHex=function(){return this.asn1ExtnValue.getEncodedHex()};this.setByDPArray=function(b){this.asn1ExtnValue=new KJUR.asn1.DERSequence({array:b})};this.setByOneURI=function(e){var b=new KJUR.asn1.x509.GeneralNames([{uri:e}]);var d=new KJUR.asn1.x509.DistributionPointName(b);var c=new KJUR.asn1.x509.DistributionPoint({dpobj:d});this.setByDPArray([c])};this.oid="2.5.29.31";if(typeof a!="undefined"){if(typeof a.array!="undefined"){this.setByDPArray(a.array)}else{if(typeof a.uri!="undefined"){this.setByOneURI(a.uri)}}}};YAHOO.lang.extend(KJUR.asn1.x509.CRLDistributionPoints,KJUR.asn1.x509.Extension);KJUR.asn1.x509.ExtKeyUsage=function(a){KJUR.asn1.x509.ExtKeyUsage.superclass.constructor.call(this,a);this.setPurposeArray=function(b){this.asn1ExtnValue=new KJUR.asn1.DERSequence();for(var c=0;c0){var c=new KJUR.asn1.DERSequence({array:this.aRevokedCert});this.asn1Array.push(c)}var d=new KJUR.asn1.DERSequence({array:this.asn1Array});this.hTLV=d.getEncodedHex();this.isModified=false;return this.hTLV};this._initialize=function(){this.asn1Version=null;this.asn1SignatureAlg=null;this.asn1Issuer=null;this.asn1ThisUpdate=null;this.asn1NextUpdate=null;this.aRevokedCert=new Array()};this._initialize()};YAHOO.lang.extend(KJUR.asn1.x509.TBSCertList,KJUR.asn1.ASN1Object);KJUR.asn1.x509.CRLEntry=function(c){KJUR.asn1.x509.CRLEntry.superclass.constructor.call(this);var b=null;var a=null;this.setCertSerial=function(d){this.sn=new KJUR.asn1.DERInteger(d)};this.setRevocationDate=function(d){this.time=new KJUR.asn1.x509.Time(d)};this.getEncodedHex=function(){var d=new KJUR.asn1.DERSequence({array:[this.sn,this.time]});this.TLV=d.getEncodedHex();return this.TLV};if(typeof c!="undefined"){if(typeof c.time!="undefined"){this.setRevocationDate(c.time)}if(typeof c.sn!="undefined"){this.setCertSerial(c.sn)}}};YAHOO.lang.extend(KJUR.asn1.x509.CRLEntry,KJUR.asn1.ASN1Object);KJUR.asn1.x509.X500Name=function(b){KJUR.asn1.x509.X500Name.superclass.constructor.call(this);this.asn1Array=new Array();this.setByString=function(c){var d=c.split("/");d.shift();for(var e=0;e0;g++){var k=j.shift();if(h===true){var f=c.pop();var d=(f+"+"+k).replace(/\\\+/g,"+");c.push(d);h=false}else{c.push(k)}if(k.substr(-1,1)==="\\"){h=true}}var l=false;var b=[];for(var g=0;c.length>0;g++){var k=c.shift();if(l===true){var e=b.pop();if(k.match(/"$/)){var d=(e+"+"+k).replace(/^([^=]+)="(.*)"$/,"$1=$2");b.push(d);l=false}else{b.push(e+"+"+k)}}else{b.push(k)}if(k.match(/^[^=]+="/)){l=true}}return b};KJUR.asn1.x509.AttributeTypeAndValue=function(b){KJUR.asn1.x509.AttributeTypeAndValue.superclass.constructor.call(this);var d=null;var c=null;var a="utf8";this.setByString=function(f){var e=f.match(/^([^=]+)=(.+)$/);if(e){this.setByAttrTypeAndValueStr(e[1],e[2])}else{throw new Error("malformed attrTypeAndValueStr: "+f)}};this.setByAttrTypeAndValueStr=function(g,f){this.typeObj=KJUR.asn1.x509.OID.atype2obj(g);var e=a;if(g=="C"){e="prn"}this.valueObj=this.getValueObj(e,f)};this.getValueObj=function(f,e){if(f=="utf8"){return new KJUR.asn1.DERUTF8String({str:e})}if(f=="prn"){return new KJUR.asn1.DERPrintableString({str:e})}if(f=="tel"){return new KJUR.asn1.DERTeletexString({str:e})}if(f=="ia5"){return new KJUR.asn1.DERIA5String({str:e})}throw new Error("unsupported directory string type: type="+f+" value="+e)};this.getEncodedHex=function(){var e=new KJUR.asn1.DERSequence({array:[this.typeObj,this.valueObj]});this.TLV=e.getEncodedHex();return this.TLV};if(typeof b!="undefined"){if(typeof b.str!="undefined"){this.setByString(b.str)}}};YAHOO.lang.extend(KJUR.asn1.x509.AttributeTypeAndValue,KJUR.asn1.ASN1Object);KJUR.asn1.x509.SubjectPublicKeyInfo=function(d){KJUR.asn1.x509.SubjectPublicKeyInfo.superclass.constructor.call(this);var b=null;var c=null;var a=null;this.setRSAKey=function(e){if(!RSAKey.prototype.isPrototypeOf(e)){throw new Error("argument is not RSAKey instance")}this.rsaKey=e;var g=new KJUR.asn1.DERInteger({bigint:e.n});var f=new KJUR.asn1.DERInteger({"int":e.e});var i=new KJUR.asn1.DERSequence({array:[g,f]});var h=i.getEncodedHex();this.asn1AlgId=new KJUR.asn1.x509.AlgorithmIdentifier({name:"rsaEncryption"});this.asn1SubjPKey=new KJUR.asn1.DERBitString({hex:"00"+h})};this.setRSAPEM=function(g){if(g.match(/-----BEGIN PUBLIC KEY-----/)){var n=g;n=n.replace(/^-----[^-]+-----/,"");n=n.replace(/-----[^-]+-----\s*$/,"");var m=n.replace(/\s+/g,"");var f=CryptoJS.enc.Base64.parse(m);var i=CryptoJS.enc.Hex.stringify(f);var k=_rsapem_getHexValueArrayOfChildrenFromHex(i);var h=k[1];var l=h.substr(2);var e=_rsapem_getHexValueArrayOfChildrenFromHex(l);var j=new RSAKey();j.setPublic(e[0],e[1]);this.setRSAKey(j)}else{throw new Error("key not supported")}};this.getASN1Object=function(){if(this.asn1AlgId==null||this.asn1SubjPKey==null){throw new Error("algId and/or subjPubKey not set")}var e=new KJUR.asn1.DERSequence({array:[this.asn1AlgId,this.asn1SubjPKey]});return e};this.getEncodedHex=function(){var e=this.getASN1Object();this.hTLV=e.getEncodedHex();return this.hTLV};this._setRSAKey=function(e){var g=KJUR.asn1.ASN1Util.newObject({seq:[{"int":{bigint:e.n}},{"int":{"int":e.e}}]});var f=g.getEncodedHex();this.asn1AlgId=new KJUR.asn1.x509.AlgorithmIdentifier({name:"rsaEncryption"});this.asn1SubjPKey=new KJUR.asn1.DERBitString({hex:"00"+f})};this._setEC=function(e){var f=new KJUR.asn1.DERObjectIdentifier({name:e.curveName});this.asn1AlgId=new KJUR.asn1.x509.AlgorithmIdentifier({name:"ecPublicKey",asn1params:f});this.asn1SubjPKey=new KJUR.asn1.DERBitString({hex:"00"+e.pubKeyHex})};this._setDSA=function(e){var f=new KJUR.asn1.ASN1Util.newObject({seq:[{"int":{bigint:e.p}},{"int":{bigint:e.q}},{"int":{bigint:e.g}}]});this.asn1AlgId=new KJUR.asn1.x509.AlgorithmIdentifier({name:"dsa",asn1params:f});var g=new KJUR.asn1.DERInteger({bigint:e.y});this.asn1SubjPKey=new KJUR.asn1.DERBitString({hex:"00"+g.getEncodedHex()})};if(typeof d!="undefined"){if(typeof RSAKey!="undefined"&&d instanceof RSAKey){this._setRSAKey(d)}else{if(typeof KJUR.crypto.ECDSA!="undefined"&&d instanceof KJUR.crypto.ECDSA){this._setEC(d)}else{if(typeof KJUR.crypto.DSA!="undefined"&&d instanceof KJUR.crypto.DSA){this._setDSA(d)}else{if(typeof d.rsakey!="undefined"){this.setRSAKey(d.rsakey)}else{if(typeof d.rsapem!="undefined"){this.setRSAPEM(d.rsapem)}}}}}}};YAHOO.lang.extend(KJUR.asn1.x509.SubjectPublicKeyInfo,KJUR.asn1.ASN1Object);KJUR.asn1.x509.Time=function(c){KJUR.asn1.x509.Time.superclass.constructor.call(this);var b=null;var a=null;this.setTimeParams=function(d){this.timeParams=d};this.getEncodedHex=function(){var d=null;if(this.timeParams!=null){if(this.type=="utc"){d=new KJUR.asn1.DERUTCTime(this.timeParams)}else{d=new KJUR.asn1.DERGeneralizedTime(this.timeParams)}}else{if(this.type=="utc"){d=new KJUR.asn1.DERUTCTime()}else{d=new KJUR.asn1.DERGeneralizedTime()}}this.TLV=d.getEncodedHex();return this.TLV};this.type="utc";if(typeof c!="undefined"){if(typeof c.type!="undefined"){this.type=c.type}else{if(typeof c.str!="undefined"){if(c.str.match(/^[0-9]{12}Z$/)){this.type="utc"}if(c.str.match(/^[0-9]{14}Z$/)){this.type="gen"}}}this.timeParams=c}};YAHOO.lang.extend(KJUR.asn1.x509.Time,KJUR.asn1.ASN1Object);KJUR.asn1.x509.AlgorithmIdentifier=function(e){KJUR.asn1.x509.AlgorithmIdentifier.superclass.constructor.call(this);var a=null;var d=null;var b=null;var c=false;this.getEncodedHex=function(){if(this.nameAlg==null&&this.asn1Alg==null){throw new Error("algorithm not specified")}if(this.nameAlg!=null&&this.asn1Alg==null){this.asn1Alg=KJUR.asn1.x509.OID.name2obj(this.nameAlg)}var f=[this.asn1Alg];if(!this.paramEmpty){f.push(this.asn1Params)}var g=new KJUR.asn1.DERSequence({array:f});this.hTLV=g.getEncodedHex();return this.hTLV};if(typeof e!="undefined"){if(typeof e.name!="undefined"){this.nameAlg=e.name}if(typeof e.asn1params!="undefined"){this.asn1Params=e.asn1params}if(typeof e.paramempty!="undefined"){this.paramEmpty=e.paramempty}}if(this.asn1Params==null){this.asn1Params=new KJUR.asn1.DERNull()}};YAHOO.lang.extend(KJUR.asn1.x509.AlgorithmIdentifier,KJUR.asn1.ASN1Object);KJUR.asn1.x509.GeneralName=function(d){KJUR.asn1.x509.GeneralName.superclass.constructor.call(this);var c=null;var b=null;var a={rfc822:"81",dns:"82",dn:"a4",uri:"86"};this.explicit=false;this.setByParam=function(k){var j=null;var g=null;if(typeof k=="undefined"){return}if(typeof k.rfc822!="undefined"){this.type="rfc822";g=new KJUR.asn1.DERIA5String({str:k[this.type]})}if(typeof k.dns!="undefined"){this.type="dns";g=new KJUR.asn1.DERIA5String({str:k[this.type]})}if(typeof k.uri!="undefined"){this.type="uri";g=new KJUR.asn1.DERIA5String({str:k[this.type]})}if(typeof k.certissuer!="undefined"){this.type="dn";this.explicit=true;var h=k.certissuer;var f=null;if(h.match(/^[0-9A-Fa-f]+$/)){f==h}if(h.indexOf("-----BEGIN ")!=-1){f=X509.pemToHex(h)}if(f==null){throw new Error("certissuer param not cert")}var e=new X509();e.hex=f;var i=e.getIssuerHex();g=new KJUR.asn1.ASN1Object();g.hTLV=i}if(typeof k.certsubj!="undefined"){this.type="dn";this.explicit=true;var h=k.certsubj;var f=null;if(h.match(/^[0-9A-Fa-f]+$/)){f==h}if(h.indexOf("-----BEGIN ")!=-1){f=X509.pemToHex(h)}if(f==null){throw new Error("certsubj param not cert")}var e=new X509();e.hex=f;var i=e.getSubjectHex();g=new KJUR.asn1.ASN1Object();g.hTLV=i}if(this.type==null){throw new Error("unsupported type in params="+k)}this.asn1Obj=new KJUR.asn1.DERTaggedObject({explicit:this.explicit,tag:a[this.type],obj:g})};this.getEncodedHex=function(){return this.asn1Obj.getEncodedHex()};if(typeof d!="undefined"){this.setByParam(d)}};YAHOO.lang.extend(KJUR.asn1.x509.GeneralName,KJUR.asn1.ASN1Object);KJUR.asn1.x509.GeneralNames=function(b){KJUR.asn1.x509.GeneralNames.superclass.constructor.call(this);var a=null;this.setByParamArray=function(e){for(var c=0;c0){h=new a.DERTaggedObject({obj:this.dUnsignedAttrs,tag:"a1",explicit:false})}var g=[this.dCMSVersion,this.dSignerIdentifier,this.dDigestAlgorithm,e,this.dSigAlg,this.dSig];if(h!=null){g.push(h)}var f=new a.DERSequence({array:g});this.hTLV=f.getEncodedHex();return this.hTLV}};YAHOO.lang.extend(KJUR.asn1.cms.SignerInfo,KJUR.asn1.ASN1Object);KJUR.asn1.cms.EncapsulatedContentInfo=function(c){KJUR.asn1.cms.EncapsulatedContentInfo.superclass.constructor.call(this);var a=KJUR.asn1;var b=KJUR.asn1.cms;var d=KJUR.asn1.x509;this.dEContentType=new a.DERObjectIdentifier({name:"data"});this.dEContent=null;this.isDetached=false;this.eContentValueHex=null;this.setContentType=function(e){if(e.match(/^[0-2][.][0-9.]+$/)){this.dEContentType=new a.DERObjectIdentifier({oid:e})}else{this.dEContentType=new a.DERObjectIdentifier({name:e})}};this.setContentValue=function(e){if(typeof e!="undefined"){if(typeof e.hex=="string"){this.eContentValueHex=e.hex}else{if(typeof e.str=="string"){this.eContentValueHex=utf8tohex(e.str)}}}};this.setContentValueHex=function(e){this.eContentValueHex=e};this.setContentValueStr=function(e){this.eContentValueHex=utf8tohex(e)};this.getEncodedHex=function(){if(typeof this.eContentValueHex!="string"){throw new Error("eContentValue not yet set")}var g=new a.DEROctetString({hex:this.eContentValueHex});this.dEContent=new a.DERTaggedObject({obj:g,tag:"a0",explicit:true});var e=[this.dEContentType];if(!this.isDetached){e.push(this.dEContent)}var f=new a.DERSequence({array:e});this.hTLV=f.getEncodedHex();return this.hTLV}};YAHOO.lang.extend(KJUR.asn1.cms.EncapsulatedContentInfo,KJUR.asn1.ASN1Object);KJUR.asn1.cms.ContentInfo=function(c){KJUR.asn1.cms.ContentInfo.superclass.constructor.call(this);var a=KJUR.asn1;var b=KJUR.asn1.cms;var d=KJUR.asn1.x509;this.dContentType=null;this.dContent=null;this.setContentType=function(e){if(typeof e=="string"){this.dContentType=d.OID.name2obj(e)}};this.getEncodedHex=function(){var f=new a.DERTaggedObject({obj:this.dContent,tag:"a0",explicit:true});var e=new a.DERSequence({array:[this.dContentType,f]});this.hTLV=e.getEncodedHex();return this.hTLV};if(typeof c!="undefined"){if(c.type){this.setContentType(c.type)}if(c.obj&&c.obj instanceof a.ASN1Object){this.dContent=c.obj}}};YAHOO.lang.extend(KJUR.asn1.cms.ContentInfo,KJUR.asn1.ASN1Object);KJUR.asn1.cms.SignedData=function(c){KJUR.asn1.cms.SignedData.superclass.constructor.call(this);var a=KJUR.asn1;var b=KJUR.asn1.cms;var d=KJUR.asn1.x509;this.dCMSVersion=new a.DERInteger({"int":1});this.dDigestAlgs=null;this.digestAlgNameList=[];this.dEncapContentInfo=new b.EncapsulatedContentInfo();this.dCerts=null;this.certificateList=[];this.crlList=[];this.signerInfoList=[new b.SignerInfo()];this.addCertificatesByPEM=function(e){var f=KEYUTIL.getHexFromPEM(e);var g=new a.ASN1Object();g.hTLV=f;this.certificateList.push(g)};this.getEncodedHex=function(){if(typeof this.hTLV=="string"){return this.hTLV}if(this.dDigestAlgs==null){var k=[];for(var j=0;j0){var l=new a.DERSet({array:this.certificateList});this.dCerts=new a.DERTaggedObject({obj:l,tag:"a0",explicit:false})}}if(this.dCerts!=null){e.push(this.dCerts)}var g=new a.DERSet({array:this.signerInfoList});e.push(g);var f=new a.DERSequence({array:e});this.hTLV=f.getEncodedHex();return this.hTLV};this.getContentInfo=function(){this.getEncodedHex();var e=new b.ContentInfo({type:"signed-data",obj:this});return e};this.getContentInfoEncodedHex=function(){var e=this.getContentInfo();var f=e.getEncodedHex();return f};this.getPEM=function(){var e=this.getContentInfoEncodedHex();var f=a.ASN1Util.getPEMStringFromHex(e,"CMS");return f}};YAHOO.lang.extend(KJUR.asn1.cms.SignedData,KJUR.asn1.ASN1Object);KJUR.asn1.cms.CMSUtil=new function(){};KJUR.asn1.cms.CMSUtil.newSignedData=function(a){var h=KJUR.asn1.cms;var g=KJUR.asn1.cades;var f=new h.SignedData();f.dEncapContentInfo.setContentValue(a.content);if(typeof a.certs=="object"){for(var b=0;ba.length){d=a.length}for(var b=0;bd){throw new Error("key is too short for SigAlg: keylen="+j+","+a)}var b="0001";var k="00"+c;var g="";var l=d-b.length-k.length;for(var f=0;fd){throw new Error("key is too short for SigAlg: keylen="+j+","+a)}var b="0001";var k="00"+c;var g="";var l=d-b.length-k.length;for(var f=0;f=0;--p){q=q.twice2D();q.z=BigInteger.ONE;if(o.testBit(p)){if(n.testBit(p)){q=q.add2D(t)}else{q=q.add2D(s)}}else{if(n.testBit(p)){q=q.add2D(r)}}}return q}this.getBigRandom=function(i){return new BigInteger(i.bitLength(),a).mod(i.subtract(BigInteger.ONE)).add(BigInteger.ONE)};this.setNamedCurve=function(i){this.ecparams=KJUR.crypto.ECParameterDB.getByName(i);this.prvKeyHex=null;this.pubKeyHex=null;this.curveName=i};this.setPrivateKeyHex=function(i){this.isPrivate=true;this.prvKeyHex=i};this.setPublicKeyHex=function(i){this.isPublic=true;this.pubKeyHex=i};this.getPublicKeyXYHex=function(){var k=this.pubKeyHex;if(k.substr(0,2)!=="04"){throw new Error("this method supports uncompressed format(04) only")}var j=this.ecparams.keylen/4;if(k.length!==2+j*2){throw new Error("malformed public key hex length")}var i={};i.x=k.substr(2,j);i.y=k.substr(2+j);return i};this.getShortNISTPCurveName=function(){var i=this.curveName;if(i==="secp256r1"||i==="NIST P-256"||i==="P-256"||i==="prime256v1"){return"P-256"}if(i==="secp384r1"||i==="NIST P-384"||i==="P-384"){return"P-384"}return null};this.generateKeyPairHex=function(){var k=this.ecparams.n;var n=this.getBigRandom(k);var l=this.ecparams.G.multiply(n);var q=l.getX().toBigInteger();var o=l.getY().toBigInteger();var i=this.ecparams.keylen/4;var m=("0000000000"+n.toString(16)).slice(-i);var r=("0000000000"+q.toString(16)).slice(-i);var p=("0000000000"+o.toString(16)).slice(-i);var j="04"+r+p;this.setPrivateKeyHex(m);this.setPublicKeyHex(j);return{ecprvhex:m,ecpubhex:j}};this.signWithMessageHash=function(i){return this.signHex(i,this.prvKeyHex)};this.signHex=function(o,j){var t=new BigInteger(j,16);var l=this.ecparams.n;var q=new BigInteger(o,16);do{var m=this.getBigRandom(l);var u=this.ecparams.G;var p=u.multiply(m);var i=p.getX().toBigInteger().mod(l)}while(i.compareTo(BigInteger.ZERO)<=0);var v=m.modInverse(l).multiply(q.add(t.multiply(i))).mod(l);return KJUR.crypto.ECDSA.biRSSigToASN1Sig(i,v)};this.sign=function(m,u){var q=u;var j=this.ecparams.n;var p=BigInteger.fromByteArrayUnsigned(m);do{var l=this.getBigRandom(j);var t=this.ecparams.G;var o=t.multiply(l);var i=o.getX().toBigInteger().mod(j)}while(i.compareTo(BigInteger.ZERO)<=0);var v=l.modInverse(j).multiply(p.add(q.multiply(i))).mod(j);return this.serializeSig(i,v)};this.verifyWithMessageHash=function(j,i){return this.verifyHex(j,i,this.pubKeyHex)};this.verifyHex=function(m,i,p){var l,j;var o=KJUR.crypto.ECDSA.parseSigHex(i);l=o.r;j=o.s;var k;k=ECPointFp.decodeFromHex(this.ecparams.curve,p);var n=new BigInteger(m,16);return this.verifyRaw(n,l,j,k)};this.verify=function(o,p,j){var l,i;if(Bitcoin.Util.isArray(p)){var n=this.parseSig(p);l=n.r;i=n.s}else{if("object"===typeof p&&p.r&&p.s){l=p.r;i=p.s}else{throw new Error("Invalid value for signature")}}var k;if(j instanceof ECPointFp){k=j}else{if(Bitcoin.Util.isArray(j)){k=ECPointFp.decodeFrom(this.ecparams.curve,j)}else{throw new Error("Invalid format for pubkey value, must be byte array or ECPointFp")}}var m=BigInteger.fromByteArrayUnsigned(o);return this.verifyRaw(m,l,i,k)};this.verifyRaw=function(o,i,w,m){var l=this.ecparams.n;var u=this.ecparams.G;if(i.compareTo(BigInteger.ONE)<0||i.compareTo(l)>=0){return false}if(w.compareTo(BigInteger.ONE)<0||w.compareTo(l)>=0){return false}var p=w.modInverse(l);var k=o.multiply(p).mod(l);var j=i.multiply(p).mod(l);var q=u.multiply(k).add(m.multiply(j));var t=q.getX().toBigInteger().mod(l);return t.equals(i)};this.serializeSig=function(k,j){var l=k.toByteArraySigned();var i=j.toByteArraySigned();var m=[];m.push(2);m.push(l.length);m=m.concat(l);m.push(2);m.push(i.length);m=m.concat(i);m.unshift(m.length);m.unshift(48);return m};this.parseSig=function(n){var m;if(n[0]!=48){throw new Error("Signature not a valid DERSequence")}m=2;if(n[m]!=2){throw new Error("First element in signature must be a DERInteger")}var l=n.slice(m+2,m+2+n[m+1]);m+=2+n[m+1];if(n[m]!=2){throw new Error("Second element in signature must be a DERInteger")}var i=n.slice(m+2,m+2+n[m+1]);m+=2+n[m+1];var k=BigInteger.fromByteArrayUnsigned(l);var j=BigInteger.fromByteArrayUnsigned(i);return{r:k,s:j}};this.parseSigCompact=function(m){if(m.length!==65){throw new Error("Signature has the wrong length")}var j=m[0]-27;if(j<0||j>7){throw new Error("Invalid signature type")}var o=this.ecparams.n;var l=BigInteger.fromByteArrayUnsigned(m.slice(1,33)).mod(o);var k=BigInteger.fromByteArrayUnsigned(m.slice(33,65)).mod(o);return{r:l,s:k,i:j}};if(h!==undefined){if(h.curve!==undefined){this.curveName=h.curve}}if(this.curveName===undefined){this.curveName=e}this.setNamedCurve(this.curveName);if(h!==undefined){if(h.prv!==undefined){this.setPrivateKeyHex(h.prv)}if(h.pub!==undefined){this.setPublicKeyHex(h.pub)}}};KJUR.crypto.ECDSA.parseSigHex=function(a){var b=KJUR.crypto.ECDSA.parseSigHexInHexRS(a);var d=new BigInteger(b.r,16);var c=new BigInteger(b.s,16);return{r:d,s:c}};KJUR.crypto.ECDSA.parseSigHexInHexRS=function(c){if(c.substr(0,2)!="30"){throw new Error("signature is not a ASN.1 sequence")}var b=ASN1HEX.getPosArrayOfChildren_AtObj(c,0);if(b.length!=2){throw new Error("number of signature ASN.1 sequence elements seem wrong")}var g=b[0];var f=b[1];if(c.substr(g,2)!="02"){throw new Error("1st item of sequene of signature is not ASN.1 integer")}if(c.substr(f,2)!="02"){throw new Error("2nd item of sequene of signature is not ASN.1 integer")}var e=ASN1HEX.getHexOfV_AtObj(c,g);var d=ASN1HEX.getHexOfV_AtObj(c,f);return{r:e,s:d}};KJUR.crypto.ECDSA.asn1SigToConcatSig=function(c){var d=KJUR.crypto.ECDSA.parseSigHexInHexRS(c);var b=d.r;var a=d.s;if(b.substr(0,2)=="00"&&(((b.length/2)*8)%(16*8))==8){b=b.substr(2)}if(a.substr(0,2)=="00"&&(((a.length/2)*8)%(16*8))==8){a=a.substr(2)}if((((b.length/2)*8)%(16*8))!=0){throw new Error("unknown ECDSA sig r length error")}if((((a.length/2)*8)%(16*8))!=0){throw new Error("unknown ECDSA sig s length error")}return b+a};KJUR.crypto.ECDSA.concatSigToASN1Sig=function(a){if((((a.length/2)*8)%(16*8))!=0){throw new Error("unknown ECDSA concatinated r-s sig length error")}var c=a.substr(0,a.length/2);var b=a.substr(a.length/2);return KJUR.crypto.ECDSA.hexRSSigToASN1Sig(c,b)};KJUR.crypto.ECDSA.hexRSSigToASN1Sig=function(b,a){var d=new BigInteger(b,16);var c=new BigInteger(a,16);return KJUR.crypto.ECDSA.biRSSigToASN1Sig(d,c)};KJUR.crypto.ECDSA.biRSSigToASN1Sig=function(e,c){var b=new KJUR.asn1.DERInteger({bigint:e});var a=new KJUR.asn1.DERInteger({bigint:c});var d=new KJUR.asn1.DERSequence({array:[b,a]});return d.getEncodedHex()}; @@ -265,7 +265,7 @@ var jsonParse=(function(){var e="(?:-?\\b(?:0|[1-9][0-9]*)(?:\\.[0-9]+)?(?:[eE][ ;var _RE_HEXDECONLY=new RegExp("");_RE_HEXDECONLY.compile("[^0-9a-f]","gi");function _rsasign_getHexPaddedDigestInfoForString(d,e,a){var b=function(f){return KJUR.crypto.Util.hashString(f,a)};var c=b(d);return KJUR.crypto.Util.getPaddedDigestInfoHex(c,a,e)}function _zeroPaddingOfSignature(e,d){var c="";var a=d/4-e.length;for(var b=0;b>24,(d&16711680)>>16,(d&65280)>>8,d&255]))));d+=1}return b}function _rsasign_signStringPSS(e,a,d){var c=function(f){return KJUR.crypto.Util.hashHex(f,a)};var b=c(rstrtohex(e));if(d===undefined){d=-1}return this.signWithMessageHashPSS(b,a,d)}function _rsasign_signWithMessageHashPSS(l,a,k){var b=hextorstr(l);var g=b.length;var m=this.n.bitLength()-1;var c=Math.ceil(m/8);var d;var o=function(i){return KJUR.crypto.Util.hashHex(i,a)};if(k===-1||k===undefined){k=g}else{if(k===-2){k=c-g-2}else{if(k<-2){throw new Error("invalid salt length")}}}if(c<(g+k+2)){throw new Error("data too long")}var f="";if(k>0){f=new Array(k);new SecureRandom().nextBytes(f);f=String.fromCharCode.apply(String,f)}var n=hextorstr(o(rstrtohex("\x00\x00\x00\x00\x00\x00\x00\x00"+b+f)));var j=[];for(d=0;d>(8*c-m))&255;q[0]&=~p;for(d=0;dthis.n.bitLength()){return 0}var i=this.doPublic(b);var e=i.toString(16).replace(/^1f+00/,"");var g=_rsasign_getAlgNameAndHashFromHexDisgestInfo(e);if(g.length==0){return false}var d=g[0];var h=g[1];var a=function(k){return KJUR.crypto.Util.hashString(k,d)};var c=a(f);return(h==c)}function _rsasign_verifyWithMessageHash(e,a){a=a.replace(_RE_HEXDECONLY,"");a=a.replace(/[ \n]+/g,"");var b=parseBigInt(a,16);if(b.bitLength()>this.n.bitLength()){return 0}var h=this.doPublic(b);var g=h.toString(16).replace(/^1f+00/,"");var c=_rsasign_getAlgNameAndHashFromHexDisgestInfo(g);if(c.length==0){return false}var d=c[0];var f=c[1];return(f==e)}function _rsasign_verifyStringPSS(c,b,a,f){var e=function(g){return KJUR.crypto.Util.hashHex(g,a)};var d=e(rstrtohex(c));if(f===undefined){f=-1}return this.verifyWithMessageHashPSS(d,b,a,f)}function _rsasign_verifyWithMessageHashPSS(f,s,l,c){var k=new BigInteger(s,16);if(k.bitLength()>this.n.bitLength()){return false}var r=function(i){return KJUR.crypto.Util.hashHex(i,l)};var j=hextorstr(f);var h=j.length;var g=this.n.bitLength()-1;var m=Math.ceil(g/8);var q;if(c===-1||c===undefined){c=h}else{if(c===-2){c=m-h-2}else{if(c<-2){throw new Error("invalid salt length")}}}if(m<(h+c+2)){throw new Error("data too long")}var a=this.doPublic(k).toByteArray();for(q=0;q>(8*m-g))&255;if((d.charCodeAt(0)&p)!==0){throw new Error("bits beyond keysize not zero")}var n=pss_mgf1_str(e,d.length,r);var o=[];for(q=0;q0){var c=":"+j.join(":")+":";if(c.indexOf(":"+h+":")==-1){throw new Error("algorithm '"+h+"' not accepted in the list")}}if(h!="none"&&t===null){throw new Error("key shall be specified to verify.")}if(typeof t=="string"&&t.indexOf("-----BEGIN ")!=-1){t=KEYUTIL.getKey(t)}if(s=="RS"||s=="PS"){if(!(t instanceof RSAKey)){throw new Error("key shall be a RSAKey obj for RS* and PS* algs")}}if(s=="ES"){if(!(t instanceof KJUR.crypto.ECDSA)){throw new Error("key shall be a ECDSA obj for ES* algs")}}if(h=="none"){}var n=null;if(m.jwsalg2sigalg[i.alg]===undefined){throw new Error("unsupported alg name: "+h)}else{n=m.jwsalg2sigalg[h]}if(n=="none"){throw new Error("not supported")}else{if(n.substr(0,4)=="Hmac"){var k=null;if(t===undefined){throw new Error("hexadecimal key shall be specified for HMAC")}var g=new KJUR.crypto.Mac({alg:n,pass:t});g.updateString(b);k=g.doFinal();return r==k}else{if(n.indexOf("withECDSA")!=-1){var f=null;try{f=KJUR.crypto.ECDSA.concatSigToASN1Sig(r)}catch(o){return false}var e=new KJUR.crypto.Signature({alg:n});e.init(t);e.updateString(b);return e.verify(f)}else{var e=new KJUR.crypto.Signature({alg:n});e.init(t);e.updateString(b);return e.verify(r)}}}};KJUR.jws.JWS.parse=function(g){var c=g.split(".");var b={};var f,e,d;if(c.length!=2&&c.length!=3){throw new Error("malformed sJWS: wrong number of '.' splitted elements")}f=c[0];e=c[1];if(c.length==3){d=c[2]}b.headerObj=KJUR.jws.JWS.readSafeJSONString(b64utoutf8(f));b.payloadObj=KJUR.jws.JWS.readSafeJSONString(b64utoutf8(e));b.headerPP=JSON.stringify(b.headerObj,null," ");if(b.payloadObj==null){b.payloadPP=b64utoutf8(e)}else{b.payloadPP=JSON.stringify(b.payloadObj,null," ")}if(d!==undefined){b.sigHex=b64utohex(d)}return b};KJUR.jws.JWS.verifyJWT=function(d,j,l){var h=KJUR.jws.JWS;var i=d.split(".");var c=i[0];var g=i[1];var m=c+"."+g;var k=b64utohex(i[2]);var f=h.readSafeJSONString(b64utoutf8(c));var e=h.readSafeJSONString(b64utoutf8(g));if(f.alg===undefined){return false}if(l.alg===undefined){throw new Error("acceptField.alg shall be specified")}if(!h.inArray(f.alg,l.alg)){return false}if(e.iss!==undefined&&typeof l.iss==="object"){if(!h.inArray(e.iss,l.iss)){return false}}if(e.sub!==undefined&&typeof l.sub==="object"){if(!h.inArray(e.sub,l.sub)){return false}}if(e.aud!==undefined&&typeof l.aud==="object"){if(typeof e.aud=="string"){if(!h.inArray(e.aud,l.aud)){return false}}else{if(typeof e.aud=="object"){if(!h.includedArray(e.aud,l.aud)){return false}}}}var b=KJUR.jws.IntDate.getNow();if(l.verifyAt!==undefined&&typeof l.verifyAt==="number"){b=l.verifyAt}if(l.gracePeriod===undefined||typeof l.gracePeriod!=="number"){l.gracePeriod=0}if(e.exp!==undefined&&typeof e.exp=="number"){if(e.exp+l.gracePeriod0){var d=new KJUR.asn1.DERSequence({array:this.extensionsArray});var b=new KJUR.asn1.DERTaggedObject({explicit:true,tag:"a3",obj:d});this.asn1Array.push(b)}var e=new KJUR.asn1.DERSequence({array:this.asn1Array});this.hTLV=e.getEncodedHex();this.isModified=false;return this.hTLV};this._initialize()};YAHOO.lang.extend(KJUR.asn1.x509.TBSCertificate,KJUR.asn1.ASN1Object);KJUR.asn1.x509.Extension=function(b){KJUR.asn1.x509.Extension.superclass.constructor.call(this);var a=null;this.getEncodedHex=function(){var f=new KJUR.asn1.DERObjectIdentifier({oid:this.oid});var e=new KJUR.asn1.DEROctetString({hex:this.getExtnValueHex()});var d=new Array();d.push(f);if(this.critical){d.push(new KJUR.asn1.DERBoolean())}d.push(e);var c=new KJUR.asn1.DERSequence({array:d});return c.getEncodedHex()};this.critical=false;if(typeof b!="undefined"){if(typeof b.critical!="undefined"){this.critical=b.critical}}};YAHOO.lang.extend(KJUR.asn1.x509.Extension,KJUR.asn1.ASN1Object);KJUR.asn1.x509.KeyUsage=function(a){KJUR.asn1.x509.KeyUsage.superclass.constructor.call(this,a);this.getExtnValueHex=function(){return this.asn1ExtnValue.getEncodedHex()};this.oid="2.5.29.15";if(typeof a!="undefined"){if(typeof a.bin!="undefined"){this.asn1ExtnValue=new KJUR.asn1.DERBitString(a)}}};YAHOO.lang.extend(KJUR.asn1.x509.KeyUsage,KJUR.asn1.x509.Extension);KJUR.asn1.x509.BasicConstraints=function(c){KJUR.asn1.x509.BasicConstraints.superclass.constructor.call(this,c);var a=false;var b=-1;this.getExtnValueHex=function(){var e=new Array();if(this.cA){e.push(new KJUR.asn1.DERBoolean())}if(this.pathLen>-1){e.push(new KJUR.asn1.DERInteger({"int":this.pathLen}))}var d=new KJUR.asn1.DERSequence({array:e});this.asn1ExtnValue=d;return this.asn1ExtnValue.getEncodedHex()};this.oid="2.5.29.19";this.cA=false;this.pathLen=-1;if(typeof c!="undefined"){if(typeof c.cA!="undefined"){this.cA=c.cA}if(typeof c.pathLen!="undefined"){this.pathLen=c.pathLen}}};YAHOO.lang.extend(KJUR.asn1.x509.BasicConstraints,KJUR.asn1.x509.Extension);KJUR.asn1.x509.CRLDistributionPoints=function(a){KJUR.asn1.x509.CRLDistributionPoints.superclass.constructor.call(this,a);this.getExtnValueHex=function(){return this.asn1ExtnValue.getEncodedHex()};this.setByDPArray=function(b){this.asn1ExtnValue=new KJUR.asn1.DERSequence({array:b})};this.setByOneURI=function(e){var b=new KJUR.asn1.x509.GeneralNames([{uri:e}]);var d=new KJUR.asn1.x509.DistributionPointName(b);var c=new KJUR.asn1.x509.DistributionPoint({dpobj:d});this.setByDPArray([c])};this.oid="2.5.29.31";if(typeof a!="undefined"){if(typeof a.array!="undefined"){this.setByDPArray(a.array)}else{if(typeof a.uri!="undefined"){this.setByOneURI(a.uri)}}}};YAHOO.lang.extend(KJUR.asn1.x509.CRLDistributionPoints,KJUR.asn1.x509.Extension);KJUR.asn1.x509.ExtKeyUsage=function(a){KJUR.asn1.x509.ExtKeyUsage.superclass.constructor.call(this,a);this.setPurposeArray=function(b){this.asn1ExtnValue=new KJUR.asn1.DERSequence();for(var c=0;c0){var c=new KJUR.asn1.DERSequence({array:this.aRevokedCert});this.asn1Array.push(c)}var d=new KJUR.asn1.DERSequence({array:this.asn1Array});this.hTLV=d.getEncodedHex();this.isModified=false;return this.hTLV};this._initialize=function(){this.asn1Version=null;this.asn1SignatureAlg=null;this.asn1Issuer=null;this.asn1ThisUpdate=null;this.asn1NextUpdate=null;this.aRevokedCert=new Array()};this._initialize()};YAHOO.lang.extend(KJUR.asn1.x509.TBSCertList,KJUR.asn1.ASN1Object);KJUR.asn1.x509.CRLEntry=function(c){KJUR.asn1.x509.CRLEntry.superclass.constructor.call(this);var b=null;var a=null;this.setCertSerial=function(d){this.sn=new KJUR.asn1.DERInteger(d)};this.setRevocationDate=function(d){this.time=new KJUR.asn1.x509.Time(d)};this.getEncodedHex=function(){var d=new KJUR.asn1.DERSequence({array:[this.sn,this.time]});this.TLV=d.getEncodedHex();return this.TLV};if(typeof c!="undefined"){if(typeof c.time!="undefined"){this.setRevocationDate(c.time)}if(typeof c.sn!="undefined"){this.setCertSerial(c.sn)}}};YAHOO.lang.extend(KJUR.asn1.x509.CRLEntry,KJUR.asn1.ASN1Object);KJUR.asn1.x509.X500Name=function(b){KJUR.asn1.x509.X500Name.superclass.constructor.call(this);this.asn1Array=new Array();this.setByString=function(c){var d=c.split("/");d.shift();for(var e=0;e0){var d=new KJUR.asn1.DERSequence({array:this.extensionsArray});var b=new KJUR.asn1.DERTaggedObject({explicit:true,tag:"a3",obj:d});this.asn1Array.push(b)}var e=new KJUR.asn1.DERSequence({array:this.asn1Array});this.hTLV=e.getEncodedHex();this.isModified=false;return this.hTLV};this._initialize()};YAHOO.lang.extend(KJUR.asn1.x509.TBSCertificate,KJUR.asn1.ASN1Object);KJUR.asn1.x509.Extension=function(b){KJUR.asn1.x509.Extension.superclass.constructor.call(this);var a=null;this.getEncodedHex=function(){var f=new KJUR.asn1.DERObjectIdentifier({oid:this.oid});var e=new KJUR.asn1.DEROctetString({hex:this.getExtnValueHex()});var d=new Array();d.push(f);if(this.critical){d.push(new KJUR.asn1.DERBoolean())}d.push(e);var c=new KJUR.asn1.DERSequence({array:d});return c.getEncodedHex()};this.critical=false;if(typeof b!="undefined"){if(typeof b.critical!="undefined"){this.critical=b.critical}}};YAHOO.lang.extend(KJUR.asn1.x509.Extension,KJUR.asn1.ASN1Object);KJUR.asn1.x509.KeyUsage=function(a){KJUR.asn1.x509.KeyUsage.superclass.constructor.call(this,a);this.getExtnValueHex=function(){return this.asn1ExtnValue.getEncodedHex()};this.oid="2.5.29.15";if(typeof a!="undefined"){if(typeof a.bin!="undefined"){this.asn1ExtnValue=new KJUR.asn1.DERBitString(a)}}};YAHOO.lang.extend(KJUR.asn1.x509.KeyUsage,KJUR.asn1.x509.Extension);KJUR.asn1.x509.BasicConstraints=function(c){KJUR.asn1.x509.BasicConstraints.superclass.constructor.call(this,c);var a=false;var b=-1;this.getExtnValueHex=function(){var e=new Array();if(this.cA){e.push(new KJUR.asn1.DERBoolean())}if(this.pathLen>-1){e.push(new KJUR.asn1.DERInteger({"int":this.pathLen}))}var d=new KJUR.asn1.DERSequence({array:e});this.asn1ExtnValue=d;return this.asn1ExtnValue.getEncodedHex()};this.oid="2.5.29.19";this.cA=false;this.pathLen=-1;if(typeof c!="undefined"){if(typeof c.cA!="undefined"){this.cA=c.cA}if(typeof c.pathLen!="undefined"){this.pathLen=c.pathLen}}};YAHOO.lang.extend(KJUR.asn1.x509.BasicConstraints,KJUR.asn1.x509.Extension);KJUR.asn1.x509.CRLDistributionPoints=function(a){KJUR.asn1.x509.CRLDistributionPoints.superclass.constructor.call(this,a);this.getExtnValueHex=function(){return this.asn1ExtnValue.getEncodedHex()};this.setByDPArray=function(b){this.asn1ExtnValue=new KJUR.asn1.DERSequence({array:b})};this.setByOneURI=function(e){var b=new KJUR.asn1.x509.GeneralNames([{uri:e}]);var d=new KJUR.asn1.x509.DistributionPointName(b);var c=new KJUR.asn1.x509.DistributionPoint({dpobj:d});this.setByDPArray([c])};this.oid="2.5.29.31";if(typeof a!="undefined"){if(typeof a.array!="undefined"){this.setByDPArray(a.array)}else{if(typeof a.uri!="undefined"){this.setByOneURI(a.uri)}}}};YAHOO.lang.extend(KJUR.asn1.x509.CRLDistributionPoints,KJUR.asn1.x509.Extension);KJUR.asn1.x509.ExtKeyUsage=function(a){KJUR.asn1.x509.ExtKeyUsage.superclass.constructor.call(this,a);this.setPurposeArray=function(b){this.asn1ExtnValue=new KJUR.asn1.DERSequence();for(var c=0;c0){var c=new KJUR.asn1.DERSequence({array:this.aRevokedCert});this.asn1Array.push(c)}var d=new KJUR.asn1.DERSequence({array:this.asn1Array});this.hTLV=d.getEncodedHex();this.isModified=false;return this.hTLV};this._initialize=function(){this.asn1Version=null;this.asn1SignatureAlg=null;this.asn1Issuer=null;this.asn1ThisUpdate=null;this.asn1NextUpdate=null;this.aRevokedCert=new Array()};this._initialize()};YAHOO.lang.extend(KJUR.asn1.x509.TBSCertList,KJUR.asn1.ASN1Object);KJUR.asn1.x509.CRLEntry=function(c){KJUR.asn1.x509.CRLEntry.superclass.constructor.call(this);var b=null;var a=null;this.setCertSerial=function(d){this.sn=new KJUR.asn1.DERInteger(d)};this.setRevocationDate=function(d){this.time=new KJUR.asn1.x509.Time(d)};this.getEncodedHex=function(){var d=new KJUR.asn1.DERSequence({array:[this.sn,this.time]});this.TLV=d.getEncodedHex();return this.TLV};if(typeof c!="undefined"){if(typeof c.time!="undefined"){this.setRevocationDate(c.time)}if(typeof c.sn!="undefined"){this.setCertSerial(c.sn)}}};YAHOO.lang.extend(KJUR.asn1.x509.CRLEntry,KJUR.asn1.ASN1Object);KJUR.asn1.x509.X500Name=function(b){KJUR.asn1.x509.X500Name.superclass.constructor.call(this);this.asn1Array=new Array();this.setByString=function(c){var d=c.split("/");d.shift();for(var e=0;e0;g++){var k=j.shift();if(h===true){var f=c.pop();var d=(f+"+"+k).replace(/\\\+/g,"+");c.push(d);h=false}else{c.push(k)}if(k.substr(-1,1)==="\\"){h=true}}var l=false;var b=[];for(var g=0;c.length>0;g++){var k=c.shift();if(l===true){var e=b.pop();if(k.match(/"$/)){var d=(e+"+"+k).replace(/^([^=]+)="(.*)"$/,"$1=$2");b.push(d);l=false}else{b.push(e+"+"+k)}}else{b.push(k)}if(k.match(/^[^=]+="/)){l=true}}return b};KJUR.asn1.x509.AttributeTypeAndValue=function(b){KJUR.asn1.x509.AttributeTypeAndValue.superclass.constructor.call(this);var d=null;var c=null;var a="utf8";this.setByString=function(f){var e=f.match(/^([^=]+)=(.+)$/);if(e){this.setByAttrTypeAndValueStr(e[1],e[2])}else{throw new Error("malformed attrTypeAndValueStr: "+f)}};this.setByAttrTypeAndValueStr=function(g,f){this.typeObj=KJUR.asn1.x509.OID.atype2obj(g);var e=a;if(g=="C"){e="prn"}this.valueObj=this.getValueObj(e,f)};this.getValueObj=function(f,e){if(f=="utf8"){return new KJUR.asn1.DERUTF8String({str:e})}if(f=="prn"){return new KJUR.asn1.DERPrintableString({str:e})}if(f=="tel"){return new KJUR.asn1.DERTeletexString({str:e})}if(f=="ia5"){return new KJUR.asn1.DERIA5String({str:e})}throw new Error("unsupported directory string type: type="+f+" value="+e)};this.getEncodedHex=function(){var e=new KJUR.asn1.DERSequence({array:[this.typeObj,this.valueObj]});this.TLV=e.getEncodedHex();return this.TLV};if(typeof b!="undefined"){if(typeof b.str!="undefined"){this.setByString(b.str)}}};YAHOO.lang.extend(KJUR.asn1.x509.AttributeTypeAndValue,KJUR.asn1.ASN1Object);KJUR.asn1.x509.SubjectPublicKeyInfo=function(d){KJUR.asn1.x509.SubjectPublicKeyInfo.superclass.constructor.call(this);var b=null;var c=null;var a=null;this.setRSAKey=function(e){if(!RSAKey.prototype.isPrototypeOf(e)){throw new Error("argument is not RSAKey instance")}this.rsaKey=e;var g=new KJUR.asn1.DERInteger({bigint:e.n});var f=new KJUR.asn1.DERInteger({"int":e.e});var i=new KJUR.asn1.DERSequence({array:[g,f]});var h=i.getEncodedHex();this.asn1AlgId=new KJUR.asn1.x509.AlgorithmIdentifier({name:"rsaEncryption"});this.asn1SubjPKey=new KJUR.asn1.DERBitString({hex:"00"+h})};this.setRSAPEM=function(g){if(g.match(/-----BEGIN PUBLIC KEY-----/)){var n=g;n=n.replace(/^-----[^-]+-----/,"");n=n.replace(/-----[^-]+-----\s*$/,"");var m=n.replace(/\s+/g,"");var f=CryptoJS.enc.Base64.parse(m);var i=CryptoJS.enc.Hex.stringify(f);var k=_rsapem_getHexValueArrayOfChildrenFromHex(i);var h=k[1];var l=h.substr(2);var e=_rsapem_getHexValueArrayOfChildrenFromHex(l);var j=new RSAKey();j.setPublic(e[0],e[1]);this.setRSAKey(j)}else{throw new Error("key not supported")}};this.getASN1Object=function(){if(this.asn1AlgId==null||this.asn1SubjPKey==null){throw new Error("algId and/or subjPubKey not set")}var e=new KJUR.asn1.DERSequence({array:[this.asn1AlgId,this.asn1SubjPKey]});return e};this.getEncodedHex=function(){var e=this.getASN1Object();this.hTLV=e.getEncodedHex();return this.hTLV};this._setRSAKey=function(e){var g=KJUR.asn1.ASN1Util.newObject({seq:[{"int":{bigint:e.n}},{"int":{"int":e.e}}]});var f=g.getEncodedHex();this.asn1AlgId=new KJUR.asn1.x509.AlgorithmIdentifier({name:"rsaEncryption"});this.asn1SubjPKey=new KJUR.asn1.DERBitString({hex:"00"+f})};this._setEC=function(e){var f=new KJUR.asn1.DERObjectIdentifier({name:e.curveName});this.asn1AlgId=new KJUR.asn1.x509.AlgorithmIdentifier({name:"ecPublicKey",asn1params:f});this.asn1SubjPKey=new KJUR.asn1.DERBitString({hex:"00"+e.pubKeyHex})};this._setDSA=function(e){var f=new KJUR.asn1.ASN1Util.newObject({seq:[{"int":{bigint:e.p}},{"int":{bigint:e.q}},{"int":{bigint:e.g}}]});this.asn1AlgId=new KJUR.asn1.x509.AlgorithmIdentifier({name:"dsa",asn1params:f});var g=new KJUR.asn1.DERInteger({bigint:e.y});this.asn1SubjPKey=new KJUR.asn1.DERBitString({hex:"00"+g.getEncodedHex()})};if(typeof d!="undefined"){if(typeof RSAKey!="undefined"&&d instanceof RSAKey){this._setRSAKey(d)}else{if(typeof KJUR.crypto.ECDSA!="undefined"&&d instanceof KJUR.crypto.ECDSA){this._setEC(d)}else{if(typeof KJUR.crypto.DSA!="undefined"&&d instanceof KJUR.crypto.DSA){this._setDSA(d)}else{if(typeof d.rsakey!="undefined"){this.setRSAKey(d.rsakey)}else{if(typeof d.rsapem!="undefined"){this.setRSAPEM(d.rsapem)}}}}}}};YAHOO.lang.extend(KJUR.asn1.x509.SubjectPublicKeyInfo,KJUR.asn1.ASN1Object);KJUR.asn1.x509.Time=function(c){KJUR.asn1.x509.Time.superclass.constructor.call(this);var b=null;var a=null;this.setTimeParams=function(d){this.timeParams=d};this.getEncodedHex=function(){var d=null;if(this.timeParams!=null){if(this.type=="utc"){d=new KJUR.asn1.DERUTCTime(this.timeParams)}else{d=new KJUR.asn1.DERGeneralizedTime(this.timeParams)}}else{if(this.type=="utc"){d=new KJUR.asn1.DERUTCTime()}else{d=new KJUR.asn1.DERGeneralizedTime()}}this.TLV=d.getEncodedHex();return this.TLV};this.type="utc";if(typeof c!="undefined"){if(typeof c.type!="undefined"){this.type=c.type}else{if(typeof c.str!="undefined"){if(c.str.match(/^[0-9]{12}Z$/)){this.type="utc"}if(c.str.match(/^[0-9]{14}Z$/)){this.type="gen"}}}this.timeParams=c}};YAHOO.lang.extend(KJUR.asn1.x509.Time,KJUR.asn1.ASN1Object);KJUR.asn1.x509.AlgorithmIdentifier=function(e){KJUR.asn1.x509.AlgorithmIdentifier.superclass.constructor.call(this);var a=null;var d=null;var b=null;var c=false;this.getEncodedHex=function(){if(this.nameAlg==null&&this.asn1Alg==null){throw new Error("algorithm not specified")}if(this.nameAlg!=null&&this.asn1Alg==null){this.asn1Alg=KJUR.asn1.x509.OID.name2obj(this.nameAlg)}var f=[this.asn1Alg];if(!this.paramEmpty){f.push(this.asn1Params)}var g=new KJUR.asn1.DERSequence({array:f});this.hTLV=g.getEncodedHex();return this.hTLV};if(typeof e!="undefined"){if(typeof e.name!="undefined"){this.nameAlg=e.name}if(typeof e.asn1params!="undefined"){this.asn1Params=e.asn1params}if(typeof e.paramempty!="undefined"){this.paramEmpty=e.paramempty}}if(this.asn1Params==null){this.asn1Params=new KJUR.asn1.DERNull()}};YAHOO.lang.extend(KJUR.asn1.x509.AlgorithmIdentifier,KJUR.asn1.ASN1Object);KJUR.asn1.x509.GeneralName=function(d){KJUR.asn1.x509.GeneralName.superclass.constructor.call(this);var c=null;var b=null;var a={rfc822:"81",dns:"82",dn:"a4",uri:"86"};this.explicit=false;this.setByParam=function(k){var j=null;var g=null;if(typeof k=="undefined"){return}if(typeof k.rfc822!="undefined"){this.type="rfc822";g=new KJUR.asn1.DERIA5String({str:k[this.type]})}if(typeof k.dns!="undefined"){this.type="dns";g=new KJUR.asn1.DERIA5String({str:k[this.type]})}if(typeof k.uri!="undefined"){this.type="uri";g=new KJUR.asn1.DERIA5String({str:k[this.type]})}if(typeof k.certissuer!="undefined"){this.type="dn";this.explicit=true;var h=k.certissuer;var f=null;if(h.match(/^[0-9A-Fa-f]+$/)){f==h}if(h.indexOf("-----BEGIN ")!=-1){f=X509.pemToHex(h)}if(f==null){throw new Error("certissuer param not cert")}var e=new X509();e.hex=f;var i=e.getIssuerHex();g=new KJUR.asn1.ASN1Object();g.hTLV=i}if(typeof k.certsubj!="undefined"){this.type="dn";this.explicit=true;var h=k.certsubj;var f=null;if(h.match(/^[0-9A-Fa-f]+$/)){f==h}if(h.indexOf("-----BEGIN ")!=-1){f=X509.pemToHex(h)}if(f==null){throw new Error("certsubj param not cert")}var e=new X509();e.hex=f;var i=e.getSubjectHex();g=new KJUR.asn1.ASN1Object();g.hTLV=i}if(this.type==null){throw new Error("unsupported type in params="+k)}this.asn1Obj=new KJUR.asn1.DERTaggedObject({explicit:this.explicit,tag:a[this.type],obj:g})};this.getEncodedHex=function(){return this.asn1Obj.getEncodedHex()};if(typeof d!="undefined"){this.setByParam(d)}};YAHOO.lang.extend(KJUR.asn1.x509.GeneralName,KJUR.asn1.ASN1Object);KJUR.asn1.x509.GeneralNames=function(b){KJUR.asn1.x509.GeneralNames.superclass.constructor.call(this);var a=null;this.setByParamArray=function(e){for(var c=0;cd){throw new Error("key is too short for SigAlg: keylen="+j+","+a)}var b="0001";var k="00"+c;var g="";var l=d-b.length-k.length;for(var f=0;fd){throw new Error("key is too short for SigAlg: keylen="+j+","+a)}var b="0001";var k="00"+c;var g="";var l=d-b.length-k.length;for(var f=0;f>8)&255;rng_pool[rng_pptr++]^=(a>>16)&255;rng_pool[rng_pptr++]^=(a>>24)&255;if(rng_pptr>=rng_psize){rng_pptr-=rng_psize}}function rng_seed_time(){rng_seed_int(new Date().getTime())}if(rng_pool==null){rng_pool=new Array();rng_pptr=0;var t;if(window.crypto&&window.crypto.getRandomValues){var ua=new Uint8Array(32);window.crypto.getRandomValues(ua);for(t=0;t<32;++t){rng_pool[rng_pptr++]=ua[t]}}if(navigator.appName=="Netscape"&&navigator.appVersion<"5"&&window.crypto){var z=window.crypto.random(32);for(t=0;t>>8;rng_pool[rng_pptr++]=t&255}rng_pptr=0;rng_seed_time()}function rng_get_byte(){if(rng_state==null){rng_seed_time();rng_state=prng_newstate();rng_state.init(rng_pool);for(rng_pptr=0;rng_pptr=0&&h>0){var f=e.charCodeAt(d--);if(f<128){g[--h]=f}else{if((f>127)&&(f<2048)){g[--h]=(f&63)|128;g[--h]=(f>>6)|192}else{g[--h]=(f&63)|128;g[--h]=((f>>6)&63)|128;g[--h]=(f>>12)|224}}}g[--h]=0;var b=new SecureRandom();var a=new Array();while(h>2){a[0]=0;while(a[0]==0){b.nextBytes(a)}g[--h]=a[0]}g[--h]=2;g[--h]=0;return new BigInteger(g)}function oaep_mgf1_arr(c,a,e){var b="",d=0;while(b.length>24,(d&16711680)>>16,(d&65280)>>8,d&255])));d+=1}return b}var SHA1_SIZE=20;function oaep_pad(l,a,c){if(l.length+2*SHA1_SIZE+2>a){throw"Message too long for RSA"}var h="",d;for(d=0;d0&&a.length>0){this.n=parseBigInt(b,16);this.e=parseInt(a,16)}else{alert("Invalid RSA public key")}}}function RSADoPublic(a){return a.modPowInt(this.e,this.n)}function RSAEncrypt(d){var a=pkcs1pad2(d,(this.n.bitLength()+7)>>3);if(a==null){return null}var e=this.doPublic(a);if(e==null){return null}var b=e.toString(16);if((b.length&1)==0){return b}else{return"0"+b}}function RSAEncryptOAEP(e,d){var a=oaep_pad(e,(this.n.bitLength()+7)>>3,d);if(a==null){return null}var f=this.doPublic(a);if(f==null){return null}var b=f.toString(16);if((b.length&1)==0){return b}else{return"0"+b}}RSAKey.prototype.doPublic=RSADoPublic;RSAKey.prototype.setPublic=RSASetPublic;RSAKey.prototype.encrypt=RSAEncrypt;RSAKey.prototype.encryptOAEP=RSAEncryptOAEP;RSAKey.prototype.type="RSA"; +function parseBigInt(b,a){return new BigInteger(b,a)}function linebrk(c,d){var a="";var b=0;while(b+d=0&&h>0){var f=e.charCodeAt(d--);if(f<128){g[--h]=f}else{if((f>127)&&(f<2048)){g[--h]=(f&63)|128;g[--h]=(f>>6)|192}else{g[--h]=(f&63)|128;g[--h]=((f>>6)&63)|128;g[--h]=(f>>12)|224}}}g[--h]=0;var b=new SecureRandom();var a=new Array();while(h>2){a[0]=0;while(a[0]==0){b.nextBytes(a)}g[--h]=a[0]}g[--h]=2;g[--h]=0;return new BigInteger(g)}function oaep_mgf1_arr(c,a,e){var b="",d=0;while(b.length>24,(d&16711680)>>16,(d&65280)>>8,d&255])));d+=1}return b}function oaep_pad(q,a,f,l){var c=KJUR.crypto.MessageDigest;var o=KJUR.crypto.Util;var b=null;if(!f){f="sha1"}if(typeof f==="string"){b=c.getCanonicalAlgName(f);l=c.getHashLength(b);f=function(i){return hextorstr(o.hashString(i,b))}}if(q.length+2*l+2>a){throw"Message too long for RSA"}var k="",e;for(e=0;e0&&a.length>0){this.n=parseBigInt(b,16);this.e=parseInt(a,16)}else{alert("Invalid RSA public key")}}}function RSADoPublic(a){return a.modPowInt(this.e,this.n)}function RSAEncrypt(d){var a=pkcs1pad2(d,(this.n.bitLength()+7)>>3);if(a==null){return null}var e=this.doPublic(a);if(e==null){return null}var b=e.toString(16);if((b.length&1)==0){return b}else{return"0"+b}}function RSAEncryptOAEP(f,e,b){var a=oaep_pad(f,(this.n.bitLength()+7)>>3,e,b);if(a==null){return null}var g=this.doPublic(a);if(g==null){return null}var d=g.toString(16);if((d.length&1)==0){return d}else{return"0"+d}}RSAKey.prototype.doPublic=RSADoPublic;RSAKey.prototype.setPublic=RSASetPublic;RSAKey.prototype.encrypt=RSAEncrypt;RSAKey.prototype.encryptOAEP=RSAEncryptOAEP;RSAKey.prototype.type="RSA"; /*! (c) Tom Wu | http://www-cs-students.stanford.edu/~tjw/jsbn/ */ -function pkcs1unpad2(g,j){var a=g.toByteArray();var f=0;while(f=a.length){return null}}var e="";while(++f191)&&(h<224)){e+=String.fromCharCode(((h&31)<<6)|(a[f+1]&63));++f}else{e+=String.fromCharCode(((h&15)<<12)|((a[f+1]&63)<<6)|(a[f+2]&63));f+=2}}}return e}function oaep_mgf1_str(c,a,e){var b="",d=0;while(b.length>24,(d&16711680)>>16,(d&65280)>>8,d&255]));d+=1}return b}var SHA1_SIZE=20;function oaep_unpad(l,b,e){l=l.toByteArray();var f;for(f=0;f0&&a.length>0){this.n=parseBigInt(c,16);this.e=parseInt(a,16);this.d=parseBigInt(b,16)}else{alert("Invalid RSA private key")}}}function RSASetPrivateEx(g,d,e,c,b,a,h,f){this.isPrivate=true;if(g==null){throw"RSASetPrivateEx N == null"}if(d==null){throw"RSASetPrivateEx E == null"}if(g.length==0){throw"RSASetPrivateEx N.length == 0"}if(d.length==0){throw"RSASetPrivateEx E.length == 0"}if(g!=null&&d!=null&&g.length>0&&d.length>0){this.n=parseBigInt(g,16);this.e=parseInt(d,16);this.d=parseBigInt(e,16);this.p=parseBigInt(c,16);this.q=parseBigInt(b,16);this.dmp1=parseBigInt(a,16);this.dmq1=parseBigInt(h,16);this.coeff=parseBigInt(f,16)}else{alert("Invalid RSA private key in RSASetPrivateEx")}}function RSAGenerate(b,i){var a=new SecureRandom();var f=b>>1;this.e=parseInt(i,16);var c=new BigInteger(i,16);for(;;){for(;;){this.p=new BigInteger(b-f,1,a);if(this.p.subtract(BigInteger.ONE).gcd(c).compareTo(BigInteger.ONE)==0&&this.p.isProbablePrime(10)){break}}for(;;){this.q=new BigInteger(f,1,a);if(this.q.subtract(BigInteger.ONE).gcd(c).compareTo(BigInteger.ONE)==0&&this.q.isProbablePrime(10)){break}}if(this.p.compareTo(this.q)<=0){var h=this.p;this.p=this.q;this.q=h}var g=this.p.subtract(BigInteger.ONE);var d=this.q.subtract(BigInteger.ONE);var e=g.multiply(d);if(e.gcd(c).compareTo(BigInteger.ONE)==0){this.n=this.p.multiply(this.q);this.d=c.modInverse(e);this.dmp1=this.d.mod(g);this.dmq1=this.d.mod(d);this.coeff=this.q.modInverse(this.p);break}}}function RSADoPrivate(a){if(this.p==null||this.q==null){return a.modPow(this.d,this.n)}var c=a.mod(this.p).modPow(this.dmp1,this.p);var b=a.mod(this.q).modPow(this.dmq1,this.q);while(c.compareTo(b)<0){c=c.add(this.p)}return c.subtract(b).multiply(this.coeff).mod(this.p).multiply(this.q).add(b)}function RSADecrypt(b){var d=parseBigInt(b,16);var a=this.doPrivate(d);if(a==null){return null}return pkcs1unpad2(a,(this.n.bitLength()+7)>>3)}function RSADecryptOAEP(d,b){var e=parseBigInt(d,16);var a=this.doPrivate(e);if(a==null){return null}return oaep_unpad(a,(this.n.bitLength()+7)>>3,b)}RSAKey.prototype.doPrivate=RSADoPrivate;RSAKey.prototype.setPrivate=RSASetPrivate;RSAKey.prototype.setPrivateEx=RSASetPrivateEx;RSAKey.prototype.generate=RSAGenerate;RSAKey.prototype.decrypt=RSADecrypt;RSAKey.prototype.decryptOAEP=RSADecryptOAEP; +function pkcs1unpad2(g,j){var a=g.toByteArray();var f=0;while(f=a.length){return null}}var e="";while(++f191)&&(h<224)){e+=String.fromCharCode(((h&31)<<6)|(a[f+1]&63));++f}else{e+=String.fromCharCode(((h&15)<<12)|((a[f+1]&63)<<6)|(a[f+2]&63));f+=2}}}return e}function oaep_mgf1_str(c,a,e){var b="",d=0;while(b.length>24,(d&16711680)>>16,(d&65280)>>8,d&255]));d+=1}return b}function oaep_unpad(o,b,g,p){var e=KJUR.crypto.MessageDigest;var r=KJUR.crypto.Util;var c=null;if(!g){g="sha1"}if(typeof g==="string"){c=e.getCanonicalAlgName(g);p=e.getHashLength(c);g=function(d){return hextorstr(r.hashString(d,c))}}o=o.toByteArray();var h;for(h=0;h0&&a.length>0){this.n=parseBigInt(c,16);this.e=parseInt(a,16);this.d=parseBigInt(b,16)}else{alert("Invalid RSA private key")}}}function RSASetPrivateEx(g,d,e,c,b,a,h,f){this.isPrivate=true;if(g==null){throw"RSASetPrivateEx N == null"}if(d==null){throw"RSASetPrivateEx E == null"}if(g.length==0){throw"RSASetPrivateEx N.length == 0"}if(d.length==0){throw"RSASetPrivateEx E.length == 0"}if(g!=null&&d!=null&&g.length>0&&d.length>0){this.n=parseBigInt(g,16);this.e=parseInt(d,16);this.d=parseBigInt(e,16);this.p=parseBigInt(c,16);this.q=parseBigInt(b,16);this.dmp1=parseBigInt(a,16);this.dmq1=parseBigInt(h,16);this.coeff=parseBigInt(f,16)}else{alert("Invalid RSA private key in RSASetPrivateEx")}}function RSAGenerate(b,i){var a=new SecureRandom();var f=b>>1;this.e=parseInt(i,16);var c=new BigInteger(i,16);for(;;){for(;;){this.p=new BigInteger(b-f,1,a);if(this.p.subtract(BigInteger.ONE).gcd(c).compareTo(BigInteger.ONE)==0&&this.p.isProbablePrime(10)){break}}for(;;){this.q=new BigInteger(f,1,a);if(this.q.subtract(BigInteger.ONE).gcd(c).compareTo(BigInteger.ONE)==0&&this.q.isProbablePrime(10)){break}}if(this.p.compareTo(this.q)<=0){var h=this.p;this.p=this.q;this.q=h}var g=this.p.subtract(BigInteger.ONE);var d=this.q.subtract(BigInteger.ONE);var e=g.multiply(d);if(e.gcd(c).compareTo(BigInteger.ONE)==0){this.n=this.p.multiply(this.q);this.d=c.modInverse(e);this.dmp1=this.d.mod(g);this.dmq1=this.d.mod(d);this.coeff=this.q.modInverse(this.p);break}}this.isPrivate=true}function RSADoPrivate(a){if(this.p==null||this.q==null){return a.modPow(this.d,this.n)}var c=a.mod(this.p).modPow(this.dmp1,this.p);var b=a.mod(this.q).modPow(this.dmq1,this.q);while(c.compareTo(b)<0){c=c.add(this.p)}return c.subtract(b).multiply(this.coeff).mod(this.p).multiply(this.q).add(b)}function RSADecrypt(b){var d=parseBigInt(b,16);var a=this.doPrivate(d);if(a==null){return null}return pkcs1unpad2(a,(this.n.bitLength()+7)>>3)}function RSADecryptOAEP(e,d,b){var f=parseBigInt(e,16);var a=this.doPrivate(f);if(a==null){return null}return oaep_unpad(a,(this.n.bitLength()+7)>>3,d,b)}RSAKey.prototype.doPrivate=RSADoPrivate;RSAKey.prototype.setPrivate=RSASetPrivate;RSAKey.prototype.setPrivateEx=RSASetPrivateEx;RSAKey.prototype.generate=RSAGenerate;RSAKey.prototype.decrypt=RSADecrypt;RSAKey.prototype.decryptOAEP=RSADecryptOAEP; /*! (c) Tom Wu | http://www-cs-students.stanford.edu/~tjw/jsbn/ */ function ECFieldElementFp(b,a){this.x=a;this.q=b}function feFpEquals(a){if(a==this){return true}return(this.q.equals(a.q)&&this.x.equals(a.x))}function feFpToBigInteger(){return this.x}function feFpNegate(){return new ECFieldElementFp(this.q,this.x.negate().mod(this.q))}function feFpAdd(a){return new ECFieldElementFp(this.q,this.x.add(a.toBigInteger()).mod(this.q))}function feFpSubtract(a){return new ECFieldElementFp(this.q,this.x.subtract(a.toBigInteger()).mod(this.q))}function feFpMultiply(a){return new ECFieldElementFp(this.q,this.x.multiply(a.toBigInteger()).mod(this.q))}function feFpSquare(){return new ECFieldElementFp(this.q,this.x.square().mod(this.q))}function feFpDivide(a){return new ECFieldElementFp(this.q,this.x.multiply(a.toBigInteger().modInverse(this.q)).mod(this.q))}ECFieldElementFp.prototype.equals=feFpEquals;ECFieldElementFp.prototype.toBigInteger=feFpToBigInteger;ECFieldElementFp.prototype.negate=feFpNegate;ECFieldElementFp.prototype.add=feFpAdd;ECFieldElementFp.prototype.subtract=feFpSubtract;ECFieldElementFp.prototype.multiply=feFpMultiply;ECFieldElementFp.prototype.square=feFpSquare;ECFieldElementFp.prototype.divide=feFpDivide;function ECPointFp(c,a,d,b){this.curve=c;this.x=a;this.y=d;if(b==null){this.z=BigInteger.ONE}else{this.z=b}this.zinv=null}function pointFpGetX(){if(this.zinv==null){this.zinv=this.z.modInverse(this.curve.q)}return this.curve.fromBigInteger(this.x.toBigInteger().multiply(this.zinv).mod(this.curve.q))}function pointFpGetY(){if(this.zinv==null){this.zinv=this.z.modInverse(this.curve.q)}return this.curve.fromBigInteger(this.y.toBigInteger().multiply(this.zinv).mod(this.curve.q))}function pointFpEquals(a){if(a==this){return true}if(this.isInfinity()){return a.isInfinity()}if(a.isInfinity()){return this.isInfinity()}var c,b;c=a.y.toBigInteger().multiply(this.z).subtract(this.y.toBigInteger().multiply(a.z)).mod(this.curve.q);if(!c.equals(BigInteger.ZERO)){return false}b=a.x.toBigInteger().multiply(this.z).subtract(this.x.toBigInteger().multiply(a.z)).mod(this.curve.q);return b.equals(BigInteger.ZERO)}function pointFpIsInfinity(){if((this.x==null)&&(this.y==null)){return true}return this.z.equals(BigInteger.ZERO)&&!this.y.toBigInteger().equals(BigInteger.ZERO)}function pointFpNegate(){return new ECPointFp(this.curve,this.x,this.y.negate(),this.z)}function pointFpAdd(l){if(this.isInfinity()){return l}if(l.isInfinity()){return this}var p=l.y.toBigInteger().multiply(this.z).subtract(this.y.toBigInteger().multiply(l.z)).mod(this.curve.q);var o=l.x.toBigInteger().multiply(this.z).subtract(this.x.toBigInteger().multiply(l.z)).mod(this.curve.q);if(BigInteger.ZERO.equals(o)){if(BigInteger.ZERO.equals(p)){return this.twice()}return this.curve.getInfinity()}var j=new BigInteger("3");var e=this.x.toBigInteger();var n=this.y.toBigInteger();var c=l.x.toBigInteger();var k=l.y.toBigInteger();var m=o.square();var i=m.multiply(o);var d=e.multiply(m);var g=p.square().multiply(this.z);var a=g.subtract(d.shiftLeft(1)).multiply(l.z).subtract(i).multiply(o).mod(this.curve.q);var h=d.multiply(j).multiply(p).subtract(n.multiply(i)).subtract(g.multiply(p)).multiply(l.z).add(p.multiply(i)).mod(this.curve.q);var f=i.multiply(this.z).multiply(l.z).mod(this.curve.q);return new ECPointFp(this.curve,this.curve.fromBigInteger(a),this.curve.fromBigInteger(h),f)}function pointFpTwice(){if(this.isInfinity()){return this}if(this.y.toBigInteger().signum()==0){return this.curve.getInfinity()}var g=new BigInteger("3");var c=this.x.toBigInteger();var h=this.y.toBigInteger();var e=h.multiply(this.z);var j=e.multiply(h).mod(this.curve.q);var i=this.curve.a.toBigInteger();var k=c.square().multiply(g);if(!BigInteger.ZERO.equals(i)){k=k.add(this.z.square().multiply(i))}k=k.mod(this.curve.q);var b=k.square().subtract(c.shiftLeft(3).multiply(j)).shiftLeft(1).multiply(e).mod(this.curve.q);var f=k.multiply(g).multiply(c).subtract(j.shiftLeft(1)).shiftLeft(2).multiply(j).subtract(k.square().multiply(k)).mod(this.curve.q);var d=e.square().multiply(e).shiftLeft(3).mod(this.curve.q);return new ECPointFp(this.curve,this.curve.fromBigInteger(b),this.curve.fromBigInteger(f),d)}function pointFpMultiply(b){if(this.isInfinity()){return this}if(b.signum()==0){return this.curve.getInfinity()}var g=b;var f=g.multiply(new BigInteger("3"));var l=this.negate();var d=this;var c;for(c=f.bitLength()-2;c>0;--c){d=d.twice();var a=f.testBit(c);var j=g.testBit(c);if(a!=j){d=d.add(a?this:l)}}return d}function pointFpMultiplyTwo(c,a,b){var d;if(c.bitLength()>b.bitLength()){d=c.bitLength()-1}else{d=b.bitLength()-1}var f=this.curve.getInfinity();var e=this.add(a);while(d>=0){f=f.twice();if(c.testBit(d)){if(b.testBit(d)){f=f.add(e)}else{f=f.add(this)}}else{if(b.testBit(d)){f=f.add(a)}}--d}return f}ECPointFp.prototype.getX=pointFpGetX;ECPointFp.prototype.getY=pointFpGetY;ECPointFp.prototype.equals=pointFpEquals;ECPointFp.prototype.isInfinity=pointFpIsInfinity;ECPointFp.prototype.negate=pointFpNegate;ECPointFp.prototype.add=pointFpAdd;ECPointFp.prototype.twice=pointFpTwice;ECPointFp.prototype.multiply=pointFpMultiply;ECPointFp.prototype.multiplyTwo=pointFpMultiplyTwo;function ECCurveFp(e,d,c){this.q=e;this.a=this.fromBigInteger(d);this.b=this.fromBigInteger(c);this.infinity=new ECPointFp(this,null,null)}function curveFpGetQ(){return this.q}function curveFpGetA(){return this.a}function curveFpGetB(){return this.b}function curveFpEquals(a){if(a==this){return true}return(this.q.equals(a.q)&&this.a.equals(a.a)&&this.b.equals(a.b))}function curveFpGetInfinity(){return this.infinity}function curveFpFromBigInteger(a){return new ECFieldElementFp(this.q,a)}function curveFpDecodePointHex(d){switch(parseInt(d.substr(0,2),16)){case 0:return this.infinity;case 2:case 3:return null;case 4:case 6:case 7:var a=(d.length-2)/2;var c=d.substr(2,a);var b=d.substr(a+2,a);return new ECPointFp(this,this.fromBigInteger(new BigInteger(c,16)),this.fromBigInteger(new BigInteger(b,16)));default:return null}}ECCurveFp.prototype.getQ=curveFpGetQ;ECCurveFp.prototype.getA=curveFpGetA;ECCurveFp.prototype.getB=curveFpGetB;ECCurveFp.prototype.equals=curveFpEquals;ECCurveFp.prototype.getInfinity=curveFpGetInfinity;ECCurveFp.prototype.fromBigInteger=curveFpFromBigInteger;ECCurveFp.prototype.decodePointHex=curveFpDecodePointHex; @@ -223,9 +223,9 @@ var jsonParse=(function(){var e="(?:-?\\b(?:0|[1-9][0-9]*)(?:\\.[0-9]+)?(?:[eE][ /*! asn1hex-1.1.7.js (c) 2012-2016 Kenji Urushima | kjur.github.com/jsrsasign/license */ ;var ASN1HEX=new function(){};ASN1HEX.getByteLengthOfL_AtObj=function(b,c){if(b.substring(c+2,c+3)!="8"){return 1}var a=parseInt(b.substring(c+3,c+4));if(a==0){return -1}if(0=(b*2))){break}if(d>=200){break}c.push(e);g=e;d++}return c};ASN1HEX.getNthChildIndex_AtObj=function(d,b,e){var c=ASN1HEX.getPosArrayOfChildren_AtObj(d,b);return c[e]};ASN1HEX.getDecendantIndexByNthList=function(e,d,c){if(c.length==0){return d}var f=c.shift();var b=ASN1HEX.getPosArrayOfChildren_AtObj(e,d);return ASN1HEX.getDecendantIndexByNthList(e,b[f],c)};ASN1HEX.getDecendantHexTLVByNthList=function(d,c,b){var a=ASN1HEX.getDecendantIndexByNthList(d,c,b);return ASN1HEX.getHexOfTLV_AtObj(d,a)};ASN1HEX.getDecendantHexVByNthList=function(d,c,b){var a=ASN1HEX.getDecendantIndexByNthList(d,c,b);return ASN1HEX.getHexOfV_AtObj(d,a)};ASN1HEX.getVbyList=function(d,c,b,e){var a=ASN1HEX.getDecendantIndexByNthList(d,c,b);if(a===undefined){throw new Error("can't find nthList object")}if(e!==undefined){if(d.substr(a,2)!=e){throw new Error("checking tag doesn't match: "+d.substr(a,2)+"!="+e)}}return ASN1HEX.getHexOfV_AtObj(d,a)};ASN1HEX.hextooidstr=function(e){var h=function(b,a){if(b.length>=a){return b}return new Array(a-b.length+1).join("0")+b};var l=[];var o=e.substr(0,2);var f=parseInt(o,16);l[0]=new String(Math.floor(f/40));l[1]=new String(f%40);var m=e.substr(2);var k=[];for(var g=0;g0){n=n+"."+j.join(".")}return n};ASN1HEX.dump=function(e,c,k,g){var o=function(w,i){if(w.length<=i*2){return w}else{var v=w.substr(0,i)+"..(total "+w.length/2+"bytes).."+w.substr(w.length-i,i);return v}};if(c===undefined){c={ommit_long_octet:32}}if(k===undefined){k=0}if(g===undefined){g=""}var r=c.ommit_long_octet;if(e.substr(k,2)=="01"){var h=ASN1HEX.getHexOfV_AtObj(e,k);if(h=="00"){return g+"BOOLEAN FALSE\n"}else{return g+"BOOLEAN TRUE\n"}}if(e.substr(k,2)=="02"){var h=ASN1HEX.getHexOfV_AtObj(e,k);return g+"INTEGER "+o(h,r)+"\n"}if(e.substr(k,2)=="03"){var h=ASN1HEX.getHexOfV_AtObj(e,k);return g+"BITSTRING "+o(h,r)+"\n"}if(e.substr(k,2)=="04"){var h=ASN1HEX.getHexOfV_AtObj(e,k);if(ASN1HEX.isASN1HEX(h)){var j=g+"OCTETSTRING, encapsulates\n";j=j+ASN1HEX.dump(h,c,0,g+" ");return j}else{return g+"OCTETSTRING "+o(h,r)+"\n"}}if(e.substr(k,2)=="05"){return g+"NULL\n"}if(e.substr(k,2)=="06"){var l=ASN1HEX.getHexOfV_AtObj(e,k);var a=KJUR.asn1.ASN1Util.oidHexToInt(l);var n=KJUR.asn1.x509.OID.oid2name(a);var b=a.replace(/\./g," ");if(n!=""){return g+"ObjectIdentifier "+n+" ("+b+")\n"}else{return g+"ObjectIdentifier ("+b+")\n"}}if(e.substr(k,2)=="0c"){return g+"UTF8String '"+hextoutf8(ASN1HEX.getHexOfV_AtObj(e,k))+"'\n"}if(e.substr(k,2)=="13"){return g+"PrintableString '"+hextoutf8(ASN1HEX.getHexOfV_AtObj(e,k))+"'\n"}if(e.substr(k,2)=="14"){return g+"TeletexString '"+hextoutf8(ASN1HEX.getHexOfV_AtObj(e,k))+"'\n"}if(e.substr(k,2)=="16"){return g+"IA5String '"+hextoutf8(ASN1HEX.getHexOfV_AtObj(e,k))+"'\n"}if(e.substr(k,2)=="17"){return g+"UTCTime "+hextoutf8(ASN1HEX.getHexOfV_AtObj(e,k))+"\n"}if(e.substr(k,2)=="18"){return g+"GeneralizedTime "+hextoutf8(ASN1HEX.getHexOfV_AtObj(e,k))+"\n"}if(e.substr(k,2)=="30"){if(e.substr(k,4)=="3000"){return g+"SEQUENCE {}\n"}var j=g+"SEQUENCE\n";var d=ASN1HEX.getPosArrayOfChildren_AtObj(e,k);var f=c;if((d.length==2||d.length==3)&&e.substr(d[0],2)=="06"&&e.substr(d[d.length-1],2)=="04"){var t=ASN1HEX.getHexOfV_AtObj(e,d[0]);var a=KJUR.asn1.ASN1Util.oidHexToInt(t);var n=KJUR.asn1.x509.OID.oid2name(a);var p=JSON.parse(JSON.stringify(c));p.x509ExtName=n;f=p}for(var q=0;q0){var d=new KJUR.asn1.DERSequence({array:this.extensionsArray});var b=new KJUR.asn1.DERTaggedObject({explicit:true,tag:"a3",obj:d});this.asn1Array.push(b)}var e=new KJUR.asn1.DERSequence({array:this.asn1Array});this.hTLV=e.getEncodedHex();this.isModified=false;return this.hTLV};this._initialize()};YAHOO.lang.extend(KJUR.asn1.x509.TBSCertificate,KJUR.asn1.ASN1Object);KJUR.asn1.x509.Extension=function(b){KJUR.asn1.x509.Extension.superclass.constructor.call(this);var a=null;this.getEncodedHex=function(){var f=new KJUR.asn1.DERObjectIdentifier({oid:this.oid});var e=new KJUR.asn1.DEROctetString({hex:this.getExtnValueHex()});var d=new Array();d.push(f);if(this.critical){d.push(new KJUR.asn1.DERBoolean())}d.push(e);var c=new KJUR.asn1.DERSequence({array:d});return c.getEncodedHex()};this.critical=false;if(typeof b!="undefined"){if(typeof b.critical!="undefined"){this.critical=b.critical}}};YAHOO.lang.extend(KJUR.asn1.x509.Extension,KJUR.asn1.ASN1Object);KJUR.asn1.x509.KeyUsage=function(a){KJUR.asn1.x509.KeyUsage.superclass.constructor.call(this,a);this.getExtnValueHex=function(){return this.asn1ExtnValue.getEncodedHex()};this.oid="2.5.29.15";if(typeof a!="undefined"){if(typeof a.bin!="undefined"){this.asn1ExtnValue=new KJUR.asn1.DERBitString(a)}}};YAHOO.lang.extend(KJUR.asn1.x509.KeyUsage,KJUR.asn1.x509.Extension);KJUR.asn1.x509.BasicConstraints=function(c){KJUR.asn1.x509.BasicConstraints.superclass.constructor.call(this,c);var a=false;var b=-1;this.getExtnValueHex=function(){var e=new Array();if(this.cA){e.push(new KJUR.asn1.DERBoolean())}if(this.pathLen>-1){e.push(new KJUR.asn1.DERInteger({"int":this.pathLen}))}var d=new KJUR.asn1.DERSequence({array:e});this.asn1ExtnValue=d;return this.asn1ExtnValue.getEncodedHex()};this.oid="2.5.29.19";this.cA=false;this.pathLen=-1;if(typeof c!="undefined"){if(typeof c.cA!="undefined"){this.cA=c.cA}if(typeof c.pathLen!="undefined"){this.pathLen=c.pathLen}}};YAHOO.lang.extend(KJUR.asn1.x509.BasicConstraints,KJUR.asn1.x509.Extension);KJUR.asn1.x509.CRLDistributionPoints=function(a){KJUR.asn1.x509.CRLDistributionPoints.superclass.constructor.call(this,a);this.getExtnValueHex=function(){return this.asn1ExtnValue.getEncodedHex()};this.setByDPArray=function(b){this.asn1ExtnValue=new KJUR.asn1.DERSequence({array:b})};this.setByOneURI=function(e){var b=new KJUR.asn1.x509.GeneralNames([{uri:e}]);var d=new KJUR.asn1.x509.DistributionPointName(b);var c=new KJUR.asn1.x509.DistributionPoint({dpobj:d});this.setByDPArray([c])};this.oid="2.5.29.31";if(typeof a!="undefined"){if(typeof a.array!="undefined"){this.setByDPArray(a.array)}else{if(typeof a.uri!="undefined"){this.setByOneURI(a.uri)}}}};YAHOO.lang.extend(KJUR.asn1.x509.CRLDistributionPoints,KJUR.asn1.x509.Extension);KJUR.asn1.x509.ExtKeyUsage=function(a){KJUR.asn1.x509.ExtKeyUsage.superclass.constructor.call(this,a);this.setPurposeArray=function(b){this.asn1ExtnValue=new KJUR.asn1.DERSequence();for(var c=0;c0){var c=new KJUR.asn1.DERSequence({array:this.aRevokedCert});this.asn1Array.push(c)}var d=new KJUR.asn1.DERSequence({array:this.asn1Array});this.hTLV=d.getEncodedHex();this.isModified=false;return this.hTLV};this._initialize=function(){this.asn1Version=null;this.asn1SignatureAlg=null;this.asn1Issuer=null;this.asn1ThisUpdate=null;this.asn1NextUpdate=null;this.aRevokedCert=new Array()};this._initialize()};YAHOO.lang.extend(KJUR.asn1.x509.TBSCertList,KJUR.asn1.ASN1Object);KJUR.asn1.x509.CRLEntry=function(c){KJUR.asn1.x509.CRLEntry.superclass.constructor.call(this);var b=null;var a=null;this.setCertSerial=function(d){this.sn=new KJUR.asn1.DERInteger(d)};this.setRevocationDate=function(d){this.time=new KJUR.asn1.x509.Time(d)};this.getEncodedHex=function(){var d=new KJUR.asn1.DERSequence({array:[this.sn,this.time]});this.TLV=d.getEncodedHex();return this.TLV};if(typeof c!="undefined"){if(typeof c.time!="undefined"){this.setRevocationDate(c.time)}if(typeof c.sn!="undefined"){this.setCertSerial(c.sn)}}};YAHOO.lang.extend(KJUR.asn1.x509.CRLEntry,KJUR.asn1.ASN1Object);KJUR.asn1.x509.X500Name=function(b){KJUR.asn1.x509.X500Name.superclass.constructor.call(this);this.asn1Array=new Array();this.setByString=function(c){var d=c.split("/");d.shift();for(var e=0;e0){var d=new KJUR.asn1.DERSequence({array:this.extensionsArray});var b=new KJUR.asn1.DERTaggedObject({explicit:true,tag:"a3",obj:d});this.asn1Array.push(b)}var e=new KJUR.asn1.DERSequence({array:this.asn1Array});this.hTLV=e.getEncodedHex();this.isModified=false;return this.hTLV};this._initialize()};YAHOO.lang.extend(KJUR.asn1.x509.TBSCertificate,KJUR.asn1.ASN1Object);KJUR.asn1.x509.Extension=function(b){KJUR.asn1.x509.Extension.superclass.constructor.call(this);var a=null;this.getEncodedHex=function(){var f=new KJUR.asn1.DERObjectIdentifier({oid:this.oid});var e=new KJUR.asn1.DEROctetString({hex:this.getExtnValueHex()});var d=new Array();d.push(f);if(this.critical){d.push(new KJUR.asn1.DERBoolean())}d.push(e);var c=new KJUR.asn1.DERSequence({array:d});return c.getEncodedHex()};this.critical=false;if(typeof b!="undefined"){if(typeof b.critical!="undefined"){this.critical=b.critical}}};YAHOO.lang.extend(KJUR.asn1.x509.Extension,KJUR.asn1.ASN1Object);KJUR.asn1.x509.KeyUsage=function(a){KJUR.asn1.x509.KeyUsage.superclass.constructor.call(this,a);this.getExtnValueHex=function(){return this.asn1ExtnValue.getEncodedHex()};this.oid="2.5.29.15";if(typeof a!="undefined"){if(typeof a.bin!="undefined"){this.asn1ExtnValue=new KJUR.asn1.DERBitString(a)}}};YAHOO.lang.extend(KJUR.asn1.x509.KeyUsage,KJUR.asn1.x509.Extension);KJUR.asn1.x509.BasicConstraints=function(c){KJUR.asn1.x509.BasicConstraints.superclass.constructor.call(this,c);var a=false;var b=-1;this.getExtnValueHex=function(){var e=new Array();if(this.cA){e.push(new KJUR.asn1.DERBoolean())}if(this.pathLen>-1){e.push(new KJUR.asn1.DERInteger({"int":this.pathLen}))}var d=new KJUR.asn1.DERSequence({array:e});this.asn1ExtnValue=d;return this.asn1ExtnValue.getEncodedHex()};this.oid="2.5.29.19";this.cA=false;this.pathLen=-1;if(typeof c!="undefined"){if(typeof c.cA!="undefined"){this.cA=c.cA}if(typeof c.pathLen!="undefined"){this.pathLen=c.pathLen}}};YAHOO.lang.extend(KJUR.asn1.x509.BasicConstraints,KJUR.asn1.x509.Extension);KJUR.asn1.x509.CRLDistributionPoints=function(a){KJUR.asn1.x509.CRLDistributionPoints.superclass.constructor.call(this,a);this.getExtnValueHex=function(){return this.asn1ExtnValue.getEncodedHex()};this.setByDPArray=function(b){this.asn1ExtnValue=new KJUR.asn1.DERSequence({array:b})};this.setByOneURI=function(e){var b=new KJUR.asn1.x509.GeneralNames([{uri:e}]);var d=new KJUR.asn1.x509.DistributionPointName(b);var c=new KJUR.asn1.x509.DistributionPoint({dpobj:d});this.setByDPArray([c])};this.oid="2.5.29.31";if(typeof a!="undefined"){if(typeof a.array!="undefined"){this.setByDPArray(a.array)}else{if(typeof a.uri!="undefined"){this.setByOneURI(a.uri)}}}};YAHOO.lang.extend(KJUR.asn1.x509.CRLDistributionPoints,KJUR.asn1.x509.Extension);KJUR.asn1.x509.ExtKeyUsage=function(a){KJUR.asn1.x509.ExtKeyUsage.superclass.constructor.call(this,a);this.setPurposeArray=function(b){this.asn1ExtnValue=new KJUR.asn1.DERSequence();for(var c=0;c0){var c=new KJUR.asn1.DERSequence({array:this.aRevokedCert});this.asn1Array.push(c)}var d=new KJUR.asn1.DERSequence({array:this.asn1Array});this.hTLV=d.getEncodedHex();this.isModified=false;return this.hTLV};this._initialize=function(){this.asn1Version=null;this.asn1SignatureAlg=null;this.asn1Issuer=null;this.asn1ThisUpdate=null;this.asn1NextUpdate=null;this.aRevokedCert=new Array()};this._initialize()};YAHOO.lang.extend(KJUR.asn1.x509.TBSCertList,KJUR.asn1.ASN1Object);KJUR.asn1.x509.CRLEntry=function(c){KJUR.asn1.x509.CRLEntry.superclass.constructor.call(this);var b=null;var a=null;this.setCertSerial=function(d){this.sn=new KJUR.asn1.DERInteger(d)};this.setRevocationDate=function(d){this.time=new KJUR.asn1.x509.Time(d)};this.getEncodedHex=function(){var d=new KJUR.asn1.DERSequence({array:[this.sn,this.time]});this.TLV=d.getEncodedHex();return this.TLV};if(typeof c!="undefined"){if(typeof c.time!="undefined"){this.setRevocationDate(c.time)}if(typeof c.sn!="undefined"){this.setCertSerial(c.sn)}}};YAHOO.lang.extend(KJUR.asn1.x509.CRLEntry,KJUR.asn1.ASN1Object);KJUR.asn1.x509.X500Name=function(b){KJUR.asn1.x509.X500Name.superclass.constructor.call(this);this.asn1Array=new Array();this.setByString=function(c){var d=c.split("/");d.shift();for(var e=0;e0;g++){var k=j.shift();if(h===true){var f=c.pop();var d=(f+"+"+k).replace(/\\\+/g,"+");c.push(d);h=false}else{c.push(k)}if(k.substr(-1,1)==="\\"){h=true}}var l=false;var b=[];for(var g=0;c.length>0;g++){var k=c.shift();if(l===true){var e=b.pop();if(k.match(/"$/)){var d=(e+"+"+k).replace(/^([^=]+)="(.*)"$/,"$1=$2");b.push(d);l=false}else{b.push(e+"+"+k)}}else{b.push(k)}if(k.match(/^[^=]+="/)){l=true}}return b};KJUR.asn1.x509.AttributeTypeAndValue=function(b){KJUR.asn1.x509.AttributeTypeAndValue.superclass.constructor.call(this);var d=null;var c=null;var a="utf8";this.setByString=function(f){var e=f.match(/^([^=]+)=(.+)$/);if(e){this.setByAttrTypeAndValueStr(e[1],e[2])}else{throw new Error("malformed attrTypeAndValueStr: "+f)}};this.setByAttrTypeAndValueStr=function(g,f){this.typeObj=KJUR.asn1.x509.OID.atype2obj(g);var e=a;if(g=="C"){e="prn"}this.valueObj=this.getValueObj(e,f)};this.getValueObj=function(f,e){if(f=="utf8"){return new KJUR.asn1.DERUTF8String({str:e})}if(f=="prn"){return new KJUR.asn1.DERPrintableString({str:e})}if(f=="tel"){return new KJUR.asn1.DERTeletexString({str:e})}if(f=="ia5"){return new KJUR.asn1.DERIA5String({str:e})}throw new Error("unsupported directory string type: type="+f+" value="+e)};this.getEncodedHex=function(){var e=new KJUR.asn1.DERSequence({array:[this.typeObj,this.valueObj]});this.TLV=e.getEncodedHex();return this.TLV};if(typeof b!="undefined"){if(typeof b.str!="undefined"){this.setByString(b.str)}}};YAHOO.lang.extend(KJUR.asn1.x509.AttributeTypeAndValue,KJUR.asn1.ASN1Object);KJUR.asn1.x509.SubjectPublicKeyInfo=function(d){KJUR.asn1.x509.SubjectPublicKeyInfo.superclass.constructor.call(this);var b=null;var c=null;var a=null;this.setRSAKey=function(e){if(!RSAKey.prototype.isPrototypeOf(e)){throw new Error("argument is not RSAKey instance")}this.rsaKey=e;var g=new KJUR.asn1.DERInteger({bigint:e.n});var f=new KJUR.asn1.DERInteger({"int":e.e});var i=new KJUR.asn1.DERSequence({array:[g,f]});var h=i.getEncodedHex();this.asn1AlgId=new KJUR.asn1.x509.AlgorithmIdentifier({name:"rsaEncryption"});this.asn1SubjPKey=new KJUR.asn1.DERBitString({hex:"00"+h})};this.setRSAPEM=function(g){if(g.match(/-----BEGIN PUBLIC KEY-----/)){var n=g;n=n.replace(/^-----[^-]+-----/,"");n=n.replace(/-----[^-]+-----\s*$/,"");var m=n.replace(/\s+/g,"");var f=CryptoJS.enc.Base64.parse(m);var i=CryptoJS.enc.Hex.stringify(f);var k=_rsapem_getHexValueArrayOfChildrenFromHex(i);var h=k[1];var l=h.substr(2);var e=_rsapem_getHexValueArrayOfChildrenFromHex(l);var j=new RSAKey();j.setPublic(e[0],e[1]);this.setRSAKey(j)}else{throw new Error("key not supported")}};this.getASN1Object=function(){if(this.asn1AlgId==null||this.asn1SubjPKey==null){throw new Error("algId and/or subjPubKey not set")}var e=new KJUR.asn1.DERSequence({array:[this.asn1AlgId,this.asn1SubjPKey]});return e};this.getEncodedHex=function(){var e=this.getASN1Object();this.hTLV=e.getEncodedHex();return this.hTLV};this._setRSAKey=function(e){var g=KJUR.asn1.ASN1Util.newObject({seq:[{"int":{bigint:e.n}},{"int":{"int":e.e}}]});var f=g.getEncodedHex();this.asn1AlgId=new KJUR.asn1.x509.AlgorithmIdentifier({name:"rsaEncryption"});this.asn1SubjPKey=new KJUR.asn1.DERBitString({hex:"00"+f})};this._setEC=function(e){var f=new KJUR.asn1.DERObjectIdentifier({name:e.curveName});this.asn1AlgId=new KJUR.asn1.x509.AlgorithmIdentifier({name:"ecPublicKey",asn1params:f});this.asn1SubjPKey=new KJUR.asn1.DERBitString({hex:"00"+e.pubKeyHex})};this._setDSA=function(e){var f=new KJUR.asn1.ASN1Util.newObject({seq:[{"int":{bigint:e.p}},{"int":{bigint:e.q}},{"int":{bigint:e.g}}]});this.asn1AlgId=new KJUR.asn1.x509.AlgorithmIdentifier({name:"dsa",asn1params:f});var g=new KJUR.asn1.DERInteger({bigint:e.y});this.asn1SubjPKey=new KJUR.asn1.DERBitString({hex:"00"+g.getEncodedHex()})};if(typeof d!="undefined"){if(typeof RSAKey!="undefined"&&d instanceof RSAKey){this._setRSAKey(d)}else{if(typeof KJUR.crypto.ECDSA!="undefined"&&d instanceof KJUR.crypto.ECDSA){this._setEC(d)}else{if(typeof KJUR.crypto.DSA!="undefined"&&d instanceof KJUR.crypto.DSA){this._setDSA(d)}else{if(typeof d.rsakey!="undefined"){this.setRSAKey(d.rsakey)}else{if(typeof d.rsapem!="undefined"){this.setRSAPEM(d.rsapem)}}}}}}};YAHOO.lang.extend(KJUR.asn1.x509.SubjectPublicKeyInfo,KJUR.asn1.ASN1Object);KJUR.asn1.x509.Time=function(c){KJUR.asn1.x509.Time.superclass.constructor.call(this);var b=null;var a=null;this.setTimeParams=function(d){this.timeParams=d};this.getEncodedHex=function(){var d=null;if(this.timeParams!=null){if(this.type=="utc"){d=new KJUR.asn1.DERUTCTime(this.timeParams)}else{d=new KJUR.asn1.DERGeneralizedTime(this.timeParams)}}else{if(this.type=="utc"){d=new KJUR.asn1.DERUTCTime()}else{d=new KJUR.asn1.DERGeneralizedTime()}}this.TLV=d.getEncodedHex();return this.TLV};this.type="utc";if(typeof c!="undefined"){if(typeof c.type!="undefined"){this.type=c.type}else{if(typeof c.str!="undefined"){if(c.str.match(/^[0-9]{12}Z$/)){this.type="utc"}if(c.str.match(/^[0-9]{14}Z$/)){this.type="gen"}}}this.timeParams=c}};YAHOO.lang.extend(KJUR.asn1.x509.Time,KJUR.asn1.ASN1Object);KJUR.asn1.x509.AlgorithmIdentifier=function(e){KJUR.asn1.x509.AlgorithmIdentifier.superclass.constructor.call(this);var a=null;var d=null;var b=null;var c=false;this.getEncodedHex=function(){if(this.nameAlg==null&&this.asn1Alg==null){throw new Error("algorithm not specified")}if(this.nameAlg!=null&&this.asn1Alg==null){this.asn1Alg=KJUR.asn1.x509.OID.name2obj(this.nameAlg)}var f=[this.asn1Alg];if(!this.paramEmpty){f.push(this.asn1Params)}var g=new KJUR.asn1.DERSequence({array:f});this.hTLV=g.getEncodedHex();return this.hTLV};if(typeof e!="undefined"){if(typeof e.name!="undefined"){this.nameAlg=e.name}if(typeof e.asn1params!="undefined"){this.asn1Params=e.asn1params}if(typeof e.paramempty!="undefined"){this.paramEmpty=e.paramempty}}if(this.asn1Params==null){this.asn1Params=new KJUR.asn1.DERNull()}};YAHOO.lang.extend(KJUR.asn1.x509.AlgorithmIdentifier,KJUR.asn1.ASN1Object);KJUR.asn1.x509.GeneralName=function(d){KJUR.asn1.x509.GeneralName.superclass.constructor.call(this);var c=null;var b=null;var a={rfc822:"81",dns:"82",dn:"a4",uri:"86"};this.explicit=false;this.setByParam=function(k){var j=null;var g=null;if(typeof k=="undefined"){return}if(typeof k.rfc822!="undefined"){this.type="rfc822";g=new KJUR.asn1.DERIA5String({str:k[this.type]})}if(typeof k.dns!="undefined"){this.type="dns";g=new KJUR.asn1.DERIA5String({str:k[this.type]})}if(typeof k.uri!="undefined"){this.type="uri";g=new KJUR.asn1.DERIA5String({str:k[this.type]})}if(typeof k.certissuer!="undefined"){this.type="dn";this.explicit=true;var h=k.certissuer;var f=null;if(h.match(/^[0-9A-Fa-f]+$/)){f==h}if(h.indexOf("-----BEGIN ")!=-1){f=X509.pemToHex(h)}if(f==null){throw new Error("certissuer param not cert")}var e=new X509();e.hex=f;var i=e.getIssuerHex();g=new KJUR.asn1.ASN1Object();g.hTLV=i}if(typeof k.certsubj!="undefined"){this.type="dn";this.explicit=true;var h=k.certsubj;var f=null;if(h.match(/^[0-9A-Fa-f]+$/)){f==h}if(h.indexOf("-----BEGIN ")!=-1){f=X509.pemToHex(h)}if(f==null){throw new Error("certsubj param not cert")}var e=new X509();e.hex=f;var i=e.getSubjectHex();g=new KJUR.asn1.ASN1Object();g.hTLV=i}if(this.type==null){throw new Error("unsupported type in params="+k)}this.asn1Obj=new KJUR.asn1.DERTaggedObject({explicit:this.explicit,tag:a[this.type],obj:g})};this.getEncodedHex=function(){return this.asn1Obj.getEncodedHex()};if(typeof d!="undefined"){this.setByParam(d)}};YAHOO.lang.extend(KJUR.asn1.x509.GeneralName,KJUR.asn1.ASN1Object);KJUR.asn1.x509.GeneralNames=function(b){KJUR.asn1.x509.GeneralNames.superclass.constructor.call(this);var a=null;this.setByParamArray=function(e){for(var c=0;c0){h=new a.DERTaggedObject({obj:this.dUnsignedAttrs,tag:"a1",explicit:false})}var g=[this.dCMSVersion,this.dSignerIdentifier,this.dDigestAlgorithm,e,this.dSigAlg,this.dSig];if(h!=null){g.push(h)}var f=new a.DERSequence({array:g});this.hTLV=f.getEncodedHex();return this.hTLV}};YAHOO.lang.extend(KJUR.asn1.cms.SignerInfo,KJUR.asn1.ASN1Object);KJUR.asn1.cms.EncapsulatedContentInfo=function(c){KJUR.asn1.cms.EncapsulatedContentInfo.superclass.constructor.call(this);var a=KJUR.asn1;var b=KJUR.asn1.cms;var d=KJUR.asn1.x509;this.dEContentType=new a.DERObjectIdentifier({name:"data"});this.dEContent=null;this.isDetached=false;this.eContentValueHex=null;this.setContentType=function(e){if(e.match(/^[0-2][.][0-9.]+$/)){this.dEContentType=new a.DERObjectIdentifier({oid:e})}else{this.dEContentType=new a.DERObjectIdentifier({name:e})}};this.setContentValue=function(e){if(typeof e!="undefined"){if(typeof e.hex=="string"){this.eContentValueHex=e.hex}else{if(typeof e.str=="string"){this.eContentValueHex=utf8tohex(e.str)}}}};this.setContentValueHex=function(e){this.eContentValueHex=e};this.setContentValueStr=function(e){this.eContentValueHex=utf8tohex(e)};this.getEncodedHex=function(){if(typeof this.eContentValueHex!="string"){throw new Error("eContentValue not yet set")}var g=new a.DEROctetString({hex:this.eContentValueHex});this.dEContent=new a.DERTaggedObject({obj:g,tag:"a0",explicit:true});var e=[this.dEContentType];if(!this.isDetached){e.push(this.dEContent)}var f=new a.DERSequence({array:e});this.hTLV=f.getEncodedHex();return this.hTLV}};YAHOO.lang.extend(KJUR.asn1.cms.EncapsulatedContentInfo,KJUR.asn1.ASN1Object);KJUR.asn1.cms.ContentInfo=function(c){KJUR.asn1.cms.ContentInfo.superclass.constructor.call(this);var a=KJUR.asn1;var b=KJUR.asn1.cms;var d=KJUR.asn1.x509;this.dContentType=null;this.dContent=null;this.setContentType=function(e){if(typeof e=="string"){this.dContentType=d.OID.name2obj(e)}};this.getEncodedHex=function(){var f=new a.DERTaggedObject({obj:this.dContent,tag:"a0",explicit:true});var e=new a.DERSequence({array:[this.dContentType,f]});this.hTLV=e.getEncodedHex();return this.hTLV};if(typeof c!="undefined"){if(c.type){this.setContentType(c.type)}if(c.obj&&c.obj instanceof a.ASN1Object){this.dContent=c.obj}}};YAHOO.lang.extend(KJUR.asn1.cms.ContentInfo,KJUR.asn1.ASN1Object);KJUR.asn1.cms.SignedData=function(c){KJUR.asn1.cms.SignedData.superclass.constructor.call(this);var a=KJUR.asn1;var b=KJUR.asn1.cms;var d=KJUR.asn1.x509;this.dCMSVersion=new a.DERInteger({"int":1});this.dDigestAlgs=null;this.digestAlgNameList=[];this.dEncapContentInfo=new b.EncapsulatedContentInfo();this.dCerts=null;this.certificateList=[];this.crlList=[];this.signerInfoList=[new b.SignerInfo()];this.addCertificatesByPEM=function(e){var f=KEYUTIL.getHexFromPEM(e);var g=new a.ASN1Object();g.hTLV=f;this.certificateList.push(g)};this.getEncodedHex=function(){if(typeof this.hTLV=="string"){return this.hTLV}if(this.dDigestAlgs==null){var k=[];for(var j=0;j0){var l=new a.DERSet({array:this.certificateList});this.dCerts=new a.DERTaggedObject({obj:l,tag:"a0",explicit:false})}}if(this.dCerts!=null){e.push(this.dCerts)}var g=new a.DERSet({array:this.signerInfoList});e.push(g);var f=new a.DERSequence({array:e});this.hTLV=f.getEncodedHex();return this.hTLV};this.getContentInfo=function(){this.getEncodedHex();var e=new b.ContentInfo({type:"signed-data",obj:this});return e};this.getContentInfoEncodedHex=function(){var e=this.getContentInfo();var f=e.getEncodedHex();return f};this.getPEM=function(){var e=this.getContentInfoEncodedHex();var f=a.ASN1Util.getPEMStringFromHex(e,"CMS");return f}};YAHOO.lang.extend(KJUR.asn1.cms.SignedData,KJUR.asn1.ASN1Object);KJUR.asn1.cms.CMSUtil=new function(){};KJUR.asn1.cms.CMSUtil.newSignedData=function(a){var h=KJUR.asn1.cms;var g=KJUR.asn1.cades;var f=new h.SignedData();f.dEncapContentInfo.setContentValue(a.content);if(typeof a.certs=="object"){for(var b=0;ba.length){d=a.length}for(var b=0;bd){throw new Error("key is too short for SigAlg: keylen="+j+","+a)}var b="0001";var k="00"+c;var g="";var l=d-b.length-k.length;for(var f=0;fd){throw new Error("key is too short for SigAlg: keylen="+j+","+a)}var b="0001";var k="00"+c;var g="";var l=d-b.length-k.length;for(var f=0;f=0;--p){q=q.twice2D();q.z=BigInteger.ONE;if(o.testBit(p)){if(n.testBit(p)){q=q.add2D(t)}else{q=q.add2D(s)}}else{if(n.testBit(p)){q=q.add2D(r)}}}return q}this.getBigRandom=function(i){return new BigInteger(i.bitLength(),a).mod(i.subtract(BigInteger.ONE)).add(BigInteger.ONE)};this.setNamedCurve=function(i){this.ecparams=KJUR.crypto.ECParameterDB.getByName(i);this.prvKeyHex=null;this.pubKeyHex=null;this.curveName=i};this.setPrivateKeyHex=function(i){this.isPrivate=true;this.prvKeyHex=i};this.setPublicKeyHex=function(i){this.isPublic=true;this.pubKeyHex=i};this.getPublicKeyXYHex=function(){var k=this.pubKeyHex;if(k.substr(0,2)!=="04"){throw new Error("this method supports uncompressed format(04) only")}var j=this.ecparams.keylen/4;if(k.length!==2+j*2){throw new Error("malformed public key hex length")}var i={};i.x=k.substr(2,j);i.y=k.substr(2+j);return i};this.getShortNISTPCurveName=function(){var i=this.curveName;if(i==="secp256r1"||i==="NIST P-256"||i==="P-256"||i==="prime256v1"){return"P-256"}if(i==="secp384r1"||i==="NIST P-384"||i==="P-384"){return"P-384"}return null};this.generateKeyPairHex=function(){var k=this.ecparams.n;var n=this.getBigRandom(k);var l=this.ecparams.G.multiply(n);var q=l.getX().toBigInteger();var o=l.getY().toBigInteger();var i=this.ecparams.keylen/4;var m=("0000000000"+n.toString(16)).slice(-i);var r=("0000000000"+q.toString(16)).slice(-i);var p=("0000000000"+o.toString(16)).slice(-i);var j="04"+r+p;this.setPrivateKeyHex(m);this.setPublicKeyHex(j);return{ecprvhex:m,ecpubhex:j}};this.signWithMessageHash=function(i){return this.signHex(i,this.prvKeyHex)};this.signHex=function(o,j){var t=new BigInteger(j,16);var l=this.ecparams.n;var q=new BigInteger(o,16);do{var m=this.getBigRandom(l);var u=this.ecparams.G;var p=u.multiply(m);var i=p.getX().toBigInteger().mod(l)}while(i.compareTo(BigInteger.ZERO)<=0);var v=m.modInverse(l).multiply(q.add(t.multiply(i))).mod(l);return KJUR.crypto.ECDSA.biRSSigToASN1Sig(i,v)};this.sign=function(m,u){var q=u;var j=this.ecparams.n;var p=BigInteger.fromByteArrayUnsigned(m);do{var l=this.getBigRandom(j);var t=this.ecparams.G;var o=t.multiply(l);var i=o.getX().toBigInteger().mod(j)}while(i.compareTo(BigInteger.ZERO)<=0);var v=l.modInverse(j).multiply(p.add(q.multiply(i))).mod(j);return this.serializeSig(i,v)};this.verifyWithMessageHash=function(j,i){return this.verifyHex(j,i,this.pubKeyHex)};this.verifyHex=function(m,i,p){var l,j;var o=KJUR.crypto.ECDSA.parseSigHex(i);l=o.r;j=o.s;var k;k=ECPointFp.decodeFromHex(this.ecparams.curve,p);var n=new BigInteger(m,16);return this.verifyRaw(n,l,j,k)};this.verify=function(o,p,j){var l,i;if(Bitcoin.Util.isArray(p)){var n=this.parseSig(p);l=n.r;i=n.s}else{if("object"===typeof p&&p.r&&p.s){l=p.r;i=p.s}else{throw new Error("Invalid value for signature")}}var k;if(j instanceof ECPointFp){k=j}else{if(Bitcoin.Util.isArray(j)){k=ECPointFp.decodeFrom(this.ecparams.curve,j)}else{throw new Error("Invalid format for pubkey value, must be byte array or ECPointFp")}}var m=BigInteger.fromByteArrayUnsigned(o);return this.verifyRaw(m,l,i,k)};this.verifyRaw=function(o,i,w,m){var l=this.ecparams.n;var u=this.ecparams.G;if(i.compareTo(BigInteger.ONE)<0||i.compareTo(l)>=0){return false}if(w.compareTo(BigInteger.ONE)<0||w.compareTo(l)>=0){return false}var p=w.modInverse(l);var k=o.multiply(p).mod(l);var j=i.multiply(p).mod(l);var q=u.multiply(k).add(m.multiply(j));var t=q.getX().toBigInteger().mod(l);return t.equals(i)};this.serializeSig=function(k,j){var l=k.toByteArraySigned();var i=j.toByteArraySigned();var m=[];m.push(2);m.push(l.length);m=m.concat(l);m.push(2);m.push(i.length);m=m.concat(i);m.unshift(m.length);m.unshift(48);return m};this.parseSig=function(n){var m;if(n[0]!=48){throw new Error("Signature not a valid DERSequence")}m=2;if(n[m]!=2){throw new Error("First element in signature must be a DERInteger")}var l=n.slice(m+2,m+2+n[m+1]);m+=2+n[m+1];if(n[m]!=2){throw new Error("Second element in signature must be a DERInteger")}var i=n.slice(m+2,m+2+n[m+1]);m+=2+n[m+1];var k=BigInteger.fromByteArrayUnsigned(l);var j=BigInteger.fromByteArrayUnsigned(i);return{r:k,s:j}};this.parseSigCompact=function(m){if(m.length!==65){throw new Error("Signature has the wrong length")}var j=m[0]-27;if(j<0||j>7){throw new Error("Invalid signature type")}var o=this.ecparams.n;var l=BigInteger.fromByteArrayUnsigned(m.slice(1,33)).mod(o);var k=BigInteger.fromByteArrayUnsigned(m.slice(33,65)).mod(o);return{r:l,s:k,i:j}};if(h!==undefined){if(h.curve!==undefined){this.curveName=h.curve}}if(this.curveName===undefined){this.curveName=e}this.setNamedCurve(this.curveName);if(h!==undefined){if(h.prv!==undefined){this.setPrivateKeyHex(h.prv)}if(h.pub!==undefined){this.setPublicKeyHex(h.pub)}}};KJUR.crypto.ECDSA.parseSigHex=function(a){var b=KJUR.crypto.ECDSA.parseSigHexInHexRS(a);var d=new BigInteger(b.r,16);var c=new BigInteger(b.s,16);return{r:d,s:c}};KJUR.crypto.ECDSA.parseSigHexInHexRS=function(c){if(c.substr(0,2)!="30"){throw new Error("signature is not a ASN.1 sequence")}var b=ASN1HEX.getPosArrayOfChildren_AtObj(c,0);if(b.length!=2){throw new Error("number of signature ASN.1 sequence elements seem wrong")}var g=b[0];var f=b[1];if(c.substr(g,2)!="02"){throw new Error("1st item of sequene of signature is not ASN.1 integer")}if(c.substr(f,2)!="02"){throw new Error("2nd item of sequene of signature is not ASN.1 integer")}var e=ASN1HEX.getHexOfV_AtObj(c,g);var d=ASN1HEX.getHexOfV_AtObj(c,f);return{r:e,s:d}};KJUR.crypto.ECDSA.asn1SigToConcatSig=function(c){var d=KJUR.crypto.ECDSA.parseSigHexInHexRS(c);var b=d.r;var a=d.s;if(b.substr(0,2)=="00"&&(((b.length/2)*8)%(16*8))==8){b=b.substr(2)}if(a.substr(0,2)=="00"&&(((a.length/2)*8)%(16*8))==8){a=a.substr(2)}if((((b.length/2)*8)%(16*8))!=0){throw new Error("unknown ECDSA sig r length error")}if((((a.length/2)*8)%(16*8))!=0){throw new Error("unknown ECDSA sig s length error")}return b+a};KJUR.crypto.ECDSA.concatSigToASN1Sig=function(a){if((((a.length/2)*8)%(16*8))!=0){throw new Error("unknown ECDSA concatinated r-s sig length error")}var c=a.substr(0,a.length/2);var b=a.substr(a.length/2);return KJUR.crypto.ECDSA.hexRSSigToASN1Sig(c,b)};KJUR.crypto.ECDSA.hexRSSigToASN1Sig=function(b,a){var d=new BigInteger(b,16);var c=new BigInteger(a,16);return KJUR.crypto.ECDSA.biRSSigToASN1Sig(d,c)};KJUR.crypto.ECDSA.biRSSigToASN1Sig=function(e,c){var b=new KJUR.asn1.DERInteger({bigint:e});var a=new KJUR.asn1.DERInteger({bigint:c});var d=new KJUR.asn1.DERSequence({array:[b,a]});return d.getEncodedHex()}; @@ -270,7 +270,7 @@ var jsonParse=(function(){var e="(?:-?\\b(?:0|[1-9][0-9]*)(?:\\.[0-9]+)?(?:[eE][ ;var _RE_HEXDECONLY=new RegExp("");_RE_HEXDECONLY.compile("[^0-9a-f]","gi");function _rsasign_getHexPaddedDigestInfoForString(d,e,a){var b=function(f){return KJUR.crypto.Util.hashString(f,a)};var c=b(d);return KJUR.crypto.Util.getPaddedDigestInfoHex(c,a,e)}function _zeroPaddingOfSignature(e,d){var c="";var a=d/4-e.length;for(var b=0;b>24,(d&16711680)>>16,(d&65280)>>8,d&255]))));d+=1}return b}function _rsasign_signStringPSS(e,a,d){var c=function(f){return KJUR.crypto.Util.hashHex(f,a)};var b=c(rstrtohex(e));if(d===undefined){d=-1}return this.signWithMessageHashPSS(b,a,d)}function _rsasign_signWithMessageHashPSS(l,a,k){var b=hextorstr(l);var g=b.length;var m=this.n.bitLength()-1;var c=Math.ceil(m/8);var d;var o=function(i){return KJUR.crypto.Util.hashHex(i,a)};if(k===-1||k===undefined){k=g}else{if(k===-2){k=c-g-2}else{if(k<-2){throw new Error("invalid salt length")}}}if(c<(g+k+2)){throw new Error("data too long")}var f="";if(k>0){f=new Array(k);new SecureRandom().nextBytes(f);f=String.fromCharCode.apply(String,f)}var n=hextorstr(o(rstrtohex("\x00\x00\x00\x00\x00\x00\x00\x00"+b+f)));var j=[];for(d=0;d>(8*c-m))&255;q[0]&=~p;for(d=0;dthis.n.bitLength()){return 0}var i=this.doPublic(b);var e=i.toString(16).replace(/^1f+00/,"");var g=_rsasign_getAlgNameAndHashFromHexDisgestInfo(e);if(g.length==0){return false}var d=g[0];var h=g[1];var a=function(k){return KJUR.crypto.Util.hashString(k,d)};var c=a(f);return(h==c)}function _rsasign_verifyWithMessageHash(e,a){a=a.replace(_RE_HEXDECONLY,"");a=a.replace(/[ \n]+/g,"");var b=parseBigInt(a,16);if(b.bitLength()>this.n.bitLength()){return 0}var h=this.doPublic(b);var g=h.toString(16).replace(/^1f+00/,"");var c=_rsasign_getAlgNameAndHashFromHexDisgestInfo(g);if(c.length==0){return false}var d=c[0];var f=c[1];return(f==e)}function _rsasign_verifyStringPSS(c,b,a,f){var e=function(g){return KJUR.crypto.Util.hashHex(g,a)};var d=e(rstrtohex(c));if(f===undefined){f=-1}return this.verifyWithMessageHashPSS(d,b,a,f)}function _rsasign_verifyWithMessageHashPSS(f,s,l,c){var k=new BigInteger(s,16);if(k.bitLength()>this.n.bitLength()){return false}var r=function(i){return KJUR.crypto.Util.hashHex(i,l)};var j=hextorstr(f);var h=j.length;var g=this.n.bitLength()-1;var m=Math.ceil(g/8);var q;if(c===-1||c===undefined){c=h}else{if(c===-2){c=m-h-2}else{if(c<-2){throw new Error("invalid salt length")}}}if(m<(h+c+2)){throw new Error("data too long")}var a=this.doPublic(k).toByteArray();for(q=0;q>(8*m-g))&255;if((d.charCodeAt(0)&p)!==0){throw new Error("bits beyond keysize not zero")}var n=pss_mgf1_str(e,d.length,r);var o=[];for(q=0;q0){var c=":"+j.join(":")+":";if(c.indexOf(":"+h+":")==-1){throw new Error("algorithm '"+h+"' not accepted in the list")}}if(h!="none"&&t===null){throw new Error("key shall be specified to verify.")}if(typeof t=="string"&&t.indexOf("-----BEGIN ")!=-1){t=KEYUTIL.getKey(t)}if(s=="RS"||s=="PS"){if(!(t instanceof RSAKey)){throw new Error("key shall be a RSAKey obj for RS* and PS* algs")}}if(s=="ES"){if(!(t instanceof KJUR.crypto.ECDSA)){throw new Error("key shall be a ECDSA obj for ES* algs")}}if(h=="none"){}var n=null;if(m.jwsalg2sigalg[i.alg]===undefined){throw new Error("unsupported alg name: "+h)}else{n=m.jwsalg2sigalg[h]}if(n=="none"){throw new Error("not supported")}else{if(n.substr(0,4)=="Hmac"){var k=null;if(t===undefined){throw new Error("hexadecimal key shall be specified for HMAC")}var g=new KJUR.crypto.Mac({alg:n,pass:t});g.updateString(b);k=g.doFinal();return r==k}else{if(n.indexOf("withECDSA")!=-1){var f=null;try{f=KJUR.crypto.ECDSA.concatSigToASN1Sig(r)}catch(o){return false}var e=new KJUR.crypto.Signature({alg:n});e.init(t);e.updateString(b);return e.verify(f)}else{var e=new KJUR.crypto.Signature({alg:n});e.init(t);e.updateString(b);return e.verify(r)}}}};KJUR.jws.JWS.parse=function(g){var c=g.split(".");var b={};var f,e,d;if(c.length!=2&&c.length!=3){throw new Error("malformed sJWS: wrong number of '.' splitted elements")}f=c[0];e=c[1];if(c.length==3){d=c[2]}b.headerObj=KJUR.jws.JWS.readSafeJSONString(b64utoutf8(f));b.payloadObj=KJUR.jws.JWS.readSafeJSONString(b64utoutf8(e));b.headerPP=JSON.stringify(b.headerObj,null," ");if(b.payloadObj==null){b.payloadPP=b64utoutf8(e)}else{b.payloadPP=JSON.stringify(b.payloadObj,null," ")}if(d!==undefined){b.sigHex=b64utohex(d)}return b};KJUR.jws.JWS.verifyJWT=function(d,j,l){var h=KJUR.jws.JWS;var i=d.split(".");var c=i[0];var g=i[1];var m=c+"."+g;var k=b64utohex(i[2]);var f=h.readSafeJSONString(b64utoutf8(c));var e=h.readSafeJSONString(b64utoutf8(g));if(f.alg===undefined){return false}if(l.alg===undefined){throw new Error("acceptField.alg shall be specified")}if(!h.inArray(f.alg,l.alg)){return false}if(e.iss!==undefined&&typeof l.iss==="object"){if(!h.inArray(e.iss,l.iss)){return false}}if(e.sub!==undefined&&typeof l.sub==="object"){if(!h.inArray(e.sub,l.sub)){return false}}if(e.aud!==undefined&&typeof l.aud==="object"){if(typeof e.aud=="string"){if(!h.inArray(e.aud,l.aud)){return false}}else{if(typeof e.aud=="object"){if(!h.includedArray(e.aud,l.aud)){return false}}}}var b=KJUR.jws.IntDate.getNow();if(l.verifyAt!==undefined&&typeof l.verifyAt==="number"){b=l.verifyAt}if(l.gracePeriod===undefined||typeof l.gracePeriod!=="number"){l.gracePeriod=0}if(e.exp!==undefined&&typeof e.exp=="number"){if(e.exp+l.gracePeriod [RSA|RSAOEAP*>]') + .description('encrypt data') + .parse(process.argv); + +if (program.args.length < 3) + throw "wrong number of arguments"; + +var keyObj, inHex, encHex; +var algName = "RSA"; +var keyStr = ""; +var inFileOrHex = program.args[0]; +var outFile = program.args[1]; +var keyFileOrStr = program.args[2]; +if (program.args.length > 3) algName = program.args[3]; + +try { + keyStr = rsu.readFile(keyFileOrStr); +} catch(ex) { + keyStr = keyFileOrStr; +} + +try { + inHex = rs.rstrtohex(rsu.readFile(inFileOrHex)); +} catch(ex) { + inHex = inFileOrHex; +} + +try { + keyObj = rs.KEYUTIL.getKey(keyStr); +} catch(ex) {}; + +if (keyObj instanceof rs.RSAKey && keyObj.isPrivate) { + var plainStr = rs.KJUR.crypto.Cipher.decrypt(inHex, keyObj, algName); + if (outFile === "-") { + process.stdout.write(plainStr); + } else { + rsu.saveFile(outFile, plainStr); + console.log("data decrypted and write to file successfully"); + } +} else { + console.log("data decryption failed"); +} + + + + + diff --git a/sample_node/dataencrypt b/sample_node/dataencrypt new file mode 100755 index 00000000..945779b5 --- /dev/null +++ b/sample_node/dataencrypt @@ -0,0 +1,76 @@ +#!/usr/bin/env node + +/* + * dataencrypt - data encryptor + * + * Copyright (c) 2016 Kenji Urushima (kenji.urushima@gmail.com) + * + * This software is licensed under the terms of the MIT License. + * http://kjur.github.com/jsrsasign/license + * + * The above copyright and license notice shall be + * included in all copies or substantial portions of the Software. + * + * Please use '-h' option for this script usage. + * --------------------------------------------------------- + * DESCRIPTION + * This script encrypts a plain text or data file with + * RSA or RSA-OAEP algorithm. + * + * USAGE + * % dataencrypt data.txt enc.bin rsapub.pem RSA # with RSA alg + * % dataencrypt data.txt enc.bin rsapub.pem RSAOAEP # with RSA-OEAP alg + * % dataencrypt data.txt enc.bin rsapub.pem RSAOAEP256 + * # with RSA/ECB/OAEPWithSHA-256AndMGF1Padding + */ + +var program = require('commander'); +var rs = require('jsrsasign'); +var rsu = require('jsrsasign-util'); +var path = require('path'); + +program + .version('1.0.0 (2016-Nov-05)') + .usage('[options] [RSA|RSAOAEP*]') + .description('encrypt data') + .parse(process.argv); + +if (program.args.length < 3) + throw "wrong number of arguments"; + +var keyObj, inStr, encHex; +var algName = "RSA"; +var keyStr = ""; +var inFileOrStr = program.args[0]; +var outFile = program.args[1]; +var keyFileOrStr = program.args[2]; +if (program.args.length > 3) algName = program.args[3]; + +try { + keyStr = rsu.readFile(keyFileOrStr); +} catch(ex) { + keyStr = keyFileOrStr; +} + +try { + inStr = rsu.readFile(inFileOrStr); +} catch(ex) { + inStr = inFileOrStr; +} + +try { + keyObj = rs.KEYUTIL.getKey(keyStr); +} catch(ex) {}; + +if (keyObj instanceof rs.RSAKey && keyObj.isPublic) { + encHex = rs.KJUR.crypto.Cipher.encrypt(inStr, keyObj, algName); + rsu.saveFileBinByHex(outFile, encHex); + console.log("data encrypted successfully"); +} else { + console.log("data encryption failed"); +} + + + + + diff --git a/sample_node/jwssign b/sample_node/jwssign index c6e62baa..0d90f193 100755 --- a/sample_node/jwssign +++ b/sample_node/jwssign @@ -12,6 +12,15 @@ * included in all copies or substantial portions of the Software. * * Please use '-h' option for this script usage. + * --------------------------------------------------------- + * DESCRIPTION + * This script generates a JWS(JSON Web Signatures) file. + * + * USAGE + * % jwssign '{}' '{"fruit":"apple"}' jws.out -t utf8 -p pass -f HS256 + * % jwssign '{}' '{"fruit":"apple"}' jws.out -t hex -p 616161 -f HS256 #pass is 'aaa' + * % jwssign '{}' '{"fruit":"apple"}' jws.out -k prv.pem -f RS256 + * % jwssign '{}' '{"fruit":"apple"}' jws.out -k prv.pem -f PS256 */ var program = require('commander'); diff --git a/sample_node/jwsview b/sample_node/jwsview new file mode 100755 index 00000000..5110fddf --- /dev/null +++ b/sample_node/jwsview @@ -0,0 +1,64 @@ +#!/usr/bin/env node + +/* + * jwsview - JWS(JSON Web Signatures) viewer + * + * Copyright (c) 2016 Kenji Urushima (kenji.urushima@gmail.com) + * + * This software is licensed under the terms of the MIT License. + * http://kjur.github.com/jsrsasign/license + * + * The above copyright and license notice shall be + * included in all copies or substantial portions of the Software. + * + * Please use '-h' option for this script usage. + * --------------------------------------------------------- + * DESCRIPTION + * This script shows parsed JWS(JSON Web Signature) file. + * + * USAGE + * % jwsview aaa.jws + * + * *** JWS Header *** + * { + * "alg": "RS256" + * } + * *** JWS Payload *** + * { + * "fruit": "apple" + * } + * *** JWS Signature *** + * 4d4a17e560c2b945f342e0fbd6a10... + */ + +var program = require('commander'); +var rs = require('jsrsasign'); +var rsu = require('jsrsasign-util'); + +program + .version('1.0.0 (2016-Nov-05)') + .usage('[options] ') + .description('convert any PEM file to binary') + .parse(process.argv); + +if (program.args.length !== 1) + throw "wrong number of arguments"; + +var inFile = program.args[0]; + +var jws = rsu.readFile(inFile); +var a = jws.split(/\./); + +var oHead = rs.KJUR.jws.JWS.readSafeJSONString(rs.b64utoutf8(a[0])); +console.log("*** JWS Header ***"); +console.log(JSON.stringify(oHead, null, 2)); + +var oPayload = rs.KJUR.jws.JWS.readSafeJSONString(rs.b64utoutf8(a[1])); +console.log("*** JWS Payload ***"); +console.log(JSON.stringify(oPayload, null, 2)); + +console.log("*** JWS Signature ***"); +console.log(rs.b64utohex(a[2])); + + + diff --git a/sample_node/jwtverify b/sample_node/jwtverify index 5615fc8e..d0d451be 100755 --- a/sample_node/jwtverify +++ b/sample_node/jwtverify @@ -12,6 +12,33 @@ * included in all copies or substantial portions of the Software. * * Please use '-h' option for this script usage. + * --------------------------------------------------------- + * DESCRIPTION + * This script verifies a JWT(JSON Web Token) file. + * + * USAGE + * % jwtverify a1.jwt -k pub.pem + * This JWT/JWS is valid. + * % jwtverify a1.jwt -k pub.pem -v # verbose mode + * *** HEADER *** + * { + * "alg": "ES256", + * "cty": "JWT" + * } + * *** PAYLOAD *** + * { + * "age": 21 + * } + * *** JWT/JWS VALIDATION RESULT *** + * - on: JWS signature validation + * - on: check acceptable signature algorithm + * - on: verify at current time + * This JWT/JWS is valid. + * + * % jwtverify a2.jwt -p secret -t utf8 # for HS256 at jwt.io + * % jwtverify a3.jwt -v --verifyat 20050101000000Z -p secret + * % jwtverify a4.jwt -v --accept_iss http://aaa.com/ -p secret + * % jwtverify a5.jwt -v --accept_sub mailto:kj@aaa.com -p secret */ var program = require('commander'); @@ -21,7 +48,7 @@ var path = require('path'); var JWS = rs.jws.JWS; program - .version('1.0.1 (2016-Sep-11)') + .version('1.0.2 (2016-Nov-05)') .usage('[options] ') .description('verify JWT/jWS file or string') .option('-t, --passtype ', 'Hmac(HS*) pass type', 'utf8') @@ -72,7 +99,7 @@ if (pubKeyObj !== undefined) 'ES256', 'ES384', 'ES512']; if (program.verify_at !== undefined) - acceptField.verifyAt = KJUR.jws.IntDate.getZulu(program.verify_at); + acceptField.verifyAt = rs.KJUR.jws.IntDate.getZulu(program.verify_at); if (program.accept_iss !== undefined) acceptField.iss = program.accept_iss.split(","); @@ -85,8 +112,8 @@ if (program.accept_sub !== undefined) */ if (program.verbose) { var a = jwt.split("."); - var pHeader = KJUR.jws.JWS.readSafeJSONString(rs.b64utoutf8(a[0])); - var pClaim = KJUR.jws.JWS.readSafeJSONString(rs.b64utoutf8(a[1])); + var pHeader = rs.KJUR.jws.JWS.readSafeJSONString(rs.b64utoutf8(a[0])); + var pClaim = rs.KJUR.jws.JWS.readSafeJSONString(rs.b64utoutf8(a[1])); var sHeader = JSON.stringify(pHeader, null, " "); var sClaim = JSON.stringify(pClaim, null, " "); console.log("*** HEADER ***"); diff --git a/sample_node/pemtobin b/sample_node/pemtobin index 1b86377a..cc54274c 100755 --- a/sample_node/pemtobin +++ b/sample_node/pemtobin @@ -12,6 +12,12 @@ * included in all copies or substantial portions of the Software. * * Please use '-h' option for this script usage. + * --------------------------------------------------------- + * DESCRIPTION + * This script converts any PEM to binary file + * + * USAGE + * % pemtobin aaa.pem aaa.bin */ var program = require('commander'); diff --git a/sample_node/showcert b/sample_node/showcert index f6d8cd3e..1cc8f7b9 100755 --- a/sample_node/showcert +++ b/sample_node/showcert @@ -12,6 +12,20 @@ * included in all copies or substantial portions of the Software. * * Please use '-h' option for this script usage. + * --------------------------------------------------------- + * DESCRIPTION + * This script shows DER binary or PEM X.509 certificate. + * + * USAGE + * % showcert comodo_ee1.cer + * Basic Fields + * serial number: 00d09282634303a97fadf55568a48ca87e + * ... snip ... + * X509v3 Extensions: + * authorityKeyIdentifier : + * ... snip ... + * signature algorithm: SHA256withRSA + * signature: 64228b84fd2f3bcf... */ var program = require('commander'); diff --git a/test/index.html b/test/index.html index 3e4bada7..b7cea25e 100755 --- a/test/index.html +++ b/test/index.html @@ -25,12 +25,15 @@
    • qunit-do-asn1hex.html
    • qunit-do-asn1ocsp.html
    • qunit-do-asn1tsp.html
    • +
    • qunit-do-asn1x509-multirdn.html
    • qunit-do-asn1x509-newcrt.html
    • qunit-do-asn1x509.html
    • qunit-do-base64x.html
    • +
    • qunit-do-crypto-cipher.html
    • qunit-do-crypto-ecdsa.html
    • qunit-do-crypto-mac.html
    • qunit-do-crypto-mac2.html
    • +
    • qunit-do-crypto-md.html
    • qunit-do-crypto-pss.html
    • qunit-do-crypto-sigini.html
    • qunit-do-crypto-siginidsa.html
    • diff --git a/test/qunit-do-asn1x509-multirdn.html b/test/qunit-do-asn1x509-multirdn.html new file mode 100644 index 00000000..d45ecca0 --- /dev/null +++ b/test/qunit-do-asn1x509-multirdn.html @@ -0,0 +1,58 @@ + + + +QUnit for 'asn1x509' multi-valued RDN + + + + + + + + + + +
      +
      test markup
      +TEST INDEX | +asn1x509 | + + + + diff --git a/test/qunit-do-crypto-cipher.html b/test/qunit-do-crypto-cipher.html new file mode 100644 index 00000000..6c8ee6d6 --- /dev/null +++ b/test/qunit-do-crypto-cipher.html @@ -0,0 +1,72 @@ + + + +QUnit for KJUR.crypto.Cipher + + + + + + + + + + + + + +
      +
      test markup
      +QUnit for +INDEX | + +

      © 2016 Kenji Urushima

      + + + diff --git a/test/qunit-do-crypto-md.html b/test/qunit-do-crypto-md.html new file mode 100644 index 00000000..6b858a0b --- /dev/null +++ b/test/qunit-do-crypto-md.html @@ -0,0 +1,62 @@ + + + +QUnit for KJUR.crypto.MessageDigest + + + + + + + + + + + + + +
      +
      test markup
      +QUnit for +INDEX | + +

      © 2016 Kenji Urushima

      + + + diff --git a/x509-1.1.js b/x509-1.1.js index df760758..c5f616d6 100644 --- a/x509-1.1.js +++ b/x509-1.1.js @@ -254,7 +254,9 @@ function X509() { this.readCertPEMWithoutRSAInit = function(sCertPEM) { var hCert = X509.pemToHex(sCertPEM); var a = X509.getPublicKeyHexArrayFromCertHex(hCert); - this.subjectPublicKeyRSA.setPublic(a[0], a[1]); + if (typeof this.subjectPublicKeyRSA.setPublic === "function") { + this.subjectPublicKeyRSA.setPublic(a[0], a[1]); + } this.subjectPublicKeyRSA_hN = a[0]; this.subjectPublicKeyRSA_hE = a[1]; this.hex = hCert;