- <static> |
+ |
- KJUR.asn1.x509.X500Name. setByString(dnStr)
+
set DN by string
@@ -544,7 +549,25 @@
X500Name ASN.1 structure class
-
+This class provides DistinguishedName ASN.1 class structure
+defined in RFC 2253 section 2.
+
+DistinguishedName ::= RDNSequence
+
+RDNSequence ::= SEQUENCE OF RelativeDistinguishedName
+
+RelativeDistinguishedName ::= SET SIZE (1..MAX) OF
+ AttributeTypeAndValue
+
+AttributeTypeAndValue ::= SEQUENCE {
+ type AttributeType,
+ value AttributeValue }
+
+
+For string representation of distinguished name in jsrsasign,
+OpenSSL oneline format is used. Please see wiki article for it.
+
+NOTE: Multi-valued RDN is supported since jsrsasign 6.2.1 asn1x509 1.0.17.
@@ -576,6 +599,17 @@
@@ -589,11 +623,11 @@
Method Detail
-
- <static>
+
+
- KJUR.asn1.x509.X500Name.setByObject(dnObj)
+ setByObject(dnObj)
@@ -637,11 +671,11 @@
-
- <static>
+
+
- KJUR.asn1.x509.X500Name.setByString(dnStr)
+ setByString(dnStr)
diff --git a/api/symbols/KJUR.asn1.x509.X509Util.html b/api/symbols/KJUR.asn1.x509.X509Util.html
index d9eaed13..00207bda 100644
--- a/api/symbols/KJUR.asn1.x509.X509Util.html
+++ b/api/symbols/KJUR.asn1.x509.X509Util.html
@@ -345,6 +345,8 @@ Classes
KJUR.asn1.x509.AttributeTypeAndValue
+ KJUR.asn1.x509.AuthorityInfoAccess
+
KJUR.asn1.x509.AuthorityKeyIdentifier
KJUR.asn1.x509.BasicConstraints
@@ -389,6 +391,8 @@ Classes
KJUR.crypto
+ KJUR.crypto.Cipher
+
KJUR.crypto.DSA
KJUR.crypto.ECDSA
@@ -607,8 +611,8 @@
issue a certificate in PEM format
This method can issue a certificate by a simple
JSON object.
-Signature value will be provided by signing with
-private key using 'cakey' parameter or
+Signature value will be provided by signing with
+private key using 'cakey' parameter or
hexa decimal signature value by 'sighex' parameter.
NOTE: When using DSA or ECDSA CA signing key,
diff --git a/api/symbols/KJUR.asn1.x509.html b/api/symbols/KJUR.asn1.x509.html
index d1dcac0a..7e4d62e1 100644
--- a/api/symbols/KJUR.asn1.x509.html
+++ b/api/symbols/KJUR.asn1.x509.html
@@ -345,6 +345,8 @@ Classes
KJUR.asn1.x509.AttributeTypeAndValue
+ KJUR.asn1.x509.AuthorityInfoAccess
+
KJUR.asn1.x509.AuthorityKeyIdentifier
KJUR.asn1.x509.BasicConstraints
@@ -389,6 +391,8 @@ Classes
KJUR.crypto
+ KJUR.crypto.Cipher
+
KJUR.crypto.DSA
KJUR.crypto.ECDSA
@@ -618,6 +622,7 @@ SUPPORTED EXTENSIONS
KJUR.asn1.x509.CRLDistributionPoints
KJUR.asn1.x509.ExtKeyUsage
KJUR.asn1.x509.AuthorityKeyIdentifier
+ KJUR.asn1.x509.AuthorityInfoAccess
NOTE: Please ignore method summary and document of this namespace. This caused by a bug of jsdoc2.
diff --git a/api/symbols/KJUR.crypto.Cipher.html b/api/symbols/KJUR.crypto.Cipher.html
new file mode 100644
index 00000000..6dcf9fb2
--- /dev/null
+++ b/api/symbols/KJUR.crypto.Cipher.html
@@ -0,0 +1,845 @@
+
+
+
+
+
+
+ jsrsasign 4.8.7 JavaScript API Reference - KJUR.crypto.Cipher
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ Class KJUR.crypto.Cipher
+
+
+
+
+
+
+
+ Cipher class to encrypt and decrypt data
+
+
+ Defined in: crypto-1.1.js.
+
+
+
+
+
+
+ Class Summary
+
+
+ Constructor Attributes |
+ Constructor Name and Description |
+
+
+
+
+ |
+
+
+ Cipher class to encrypt and decrypt data
+Here is supported canonicalized cipher algorithm names and its standard names:
+
+- RSA - RSA/ECB/PKCS1Padding (default for RSAKey)
+- RSAOAEP - RSA/ECB/OAEPWithSHA-1AndMGF1Padding
+- RSAOAEP224 - RSA/ECB/OAEPWithSHA-224AndMGF1Padding(*)
+- RSAOAEP256 - RSA/ECB/OAEPWithSHA-256AndMGF1Padding
+- RSAOAEP384 - RSA/ECB/OAEPWithSHA-384AndMGF1Padding(*)
+- RSAOAEP512 - RSA/ECB/OAEPWithSHA-512AndMGF1Padding(*)
+
+NOTE: (*) is not supported in Java JCE.
+ |
+
+
+
+
+
+
+
+
+
+
+
+
+
+ Method Summary
+
+
+ Method Attributes |
+ Method Name and Description |
+
+
+
+
+
+ <static> |
+
+ KJUR.crypto.Cipher. decrypt(hex, keyObj, algName)
+
+ decrypt encrypted hexadecimal string with specified key and algorithm
+This static method decrypts encrypted hexadecimal string with specified key and algorithm.
+ |
+
+
+
+ <static> |
+
+ KJUR.crypto.Cipher. encrypt(s, keyObj, algName)
+
+ encrypt raw string by specified key and algorithm
+This static method encrypts raw string with specified key and algorithm.
+ |
+
+
+
+ <static> |
+
+
+ get canonicalized encrypt/decrypt algorithm name by key and short/long algorithm name
+Here is supported canonicalized cipher algorithm names and its standard names:
+
+- RSA - RSA/ECB/PKCS1Padding (default for RSAKey)
+- RSAOAEP - RSA/ECB/OAEPWithSHA-1AndMGF1Padding
+- RSAOAEP224 - RSA/ECB/OAEPWithSHA-224AndMGF1Padding(*)
+- RSAOAEP256 - RSA/ECB/OAEPWithSHA-256AndMGF1Padding
+- RSAOAEP384 - RSA/ECB/OAEPWithSHA-384AndMGF1Padding(*)
+- RSAOAEP512 - RSA/ECB/OAEPWithSHA-512AndMGF1Padding(*)
+
+NOTE: (*) is not supported in Java JCE.
+ |
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ Class Detail
+
+
+
+ KJUR.crypto.Cipher(params)
+
+
+
+ Cipher class to encrypt and decrypt data
+Here is supported canonicalized cipher algorithm names and its standard names:
+
+- RSA - RSA/ECB/PKCS1Padding (default for RSAKey)
+- RSAOAEP - RSA/ECB/OAEPWithSHA-1AndMGF1Padding
+- RSAOAEP224 - RSA/ECB/OAEPWithSHA-224AndMGF1Padding(*)
+- RSAOAEP256 - RSA/ECB/OAEPWithSHA-256AndMGF1Padding
+- RSAOAEP384 - RSA/ECB/OAEPWithSHA-384AndMGF1Padding(*)
+- RSAOAEP512 - RSA/ECB/OAEPWithSHA-512AndMGF1Padding(*)
+
+NOTE: (*) is not supported in Java JCE.
+Currently this class supports only RSA encryption and decryption.
+However it is planning to implement also symmetric ciphers near in the future.
+
+
+
+
+
+
+
+
+
+
+
+
+ - Parameters:
+
+ -
+ {Array} params
+
+
+ - parameters for constructor
+
+
+
+
+
+
+ - Since:
+ - jsrsasign 6.2.0 crypto 1.1.10
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ Method Detail
+
+
+
+ <static>
+
+ {String}
+ KJUR.crypto.Cipher.decrypt(hex, keyObj, algName)
+
+
+
+ decrypt encrypted hexadecimal string with specified key and algorithm
+This static method decrypts encrypted hexadecimal string with specified key and algorithm.
+
+
+
+
+
+
+
+KJUR.crypto.Cipher.decrypt("aaa", prvRSAKeyObj) → "1abc2d..."
+KJUR.crypto.Cipher.decrypt("aaa", prvRSAKeyObj, "RSAOAEP) → "23ab02..."
+
+
+
+
+
+ - Parameters:
+
+ -
+ {String} hex
+
+
+ - hexadecial string of encrypted message
+
+ -
+ {Object} keyObj
+
+
+ - RSAKey object or hexadecimal string of symmetric cipher key
+
+ -
+ {String} algName
+
+
+ - short/long algorithm name for encryption/decryption
+
+
+
+
+
+
+ - Since:
+ - jsrsasign 6.2.0 crypto 1.1.10
+
+
+
+
+
+
+ - Returns:
+
+ - {String} hexadecimal encrypted string
+
+
+
+
+
+
+
+
+
+ <static>
+
+ {String}
+ KJUR.crypto.Cipher.encrypt(s, keyObj, algName)
+
+
+
+ encrypt raw string by specified key and algorithm
+This static method encrypts raw string with specified key and algorithm.
+
+
+
+
+
+
+
+KJUR.crypto.Cipher.encrypt("aaa", pubRSAKeyObj) → "1abc2d..."
+KJUR.crypto.Cipher.encrypt("aaa", pubRSAKeyObj, "RSAOAEP) → "23ab02..."
+
+
+
+
+
+ - Parameters:
+
+ -
+ {String} s
+
+
+ - input string to encrypt
+
+ -
+ {Object} keyObj
+
+
+ - RSAKey object or hexadecimal string of symmetric cipher key
+
+ -
+ {String} algName
+
+
+ - short/long algorithm name for encryption/decryption
+
+
+
+
+
+
+ - Since:
+ - jsrsasign 6.2.0 crypto 1.1.10
+
+
+
+
+
+
+ - Returns:
+
+ - {String} hexadecimal encrypted string
+
+
+
+
+
+
+
+
+
+ <static>
+
+ {String}
+ KJUR.crypto.Cipher.getAlgByKeyAndName(keyObj, algName)
+
+
+
+ get canonicalized encrypt/decrypt algorithm name by key and short/long algorithm name
+Here is supported canonicalized cipher algorithm names and its standard names:
+
+- RSA - RSA/ECB/PKCS1Padding (default for RSAKey)
+- RSAOAEP - RSA/ECB/OAEPWithSHA-1AndMGF1Padding
+- RSAOAEP224 - RSA/ECB/OAEPWithSHA-224AndMGF1Padding(*)
+- RSAOAEP256 - RSA/ECB/OAEPWithSHA-256AndMGF1Padding
+- RSAOAEP384 - RSA/ECB/OAEPWithSHA-384AndMGF1Padding(*)
+- RSAOAEP512 - RSA/ECB/OAEPWithSHA-512AndMGF1Padding(*)
+
+NOTE: (*) is not supported in Java JCE.
+
+
+
+
+
+
+
+KJUR.crypto.Cipher.getAlgByKeyAndName(objRSAKey) → "RSA"
+KJUR.crypto.Cipher.getAlgByKeyAndName(objRSAKey, "RSAOAEP") → "RSAOAEP"
+
+
+
+
+
+ - Parameters:
+
+ -
+ {Object} keyObj
+
+
+ - RSAKey object or hexadecimal string of symmetric cipher key
+
+ -
+ {String} algName
+
+
+ - short/long algorithm name for encryption/decryption
+
+
+
+
+
+
+ - Since:
+ - jsrsasign 6.2.0 crypto 1.1.10
+
+
+
+
+
+
+ - Returns:
+
+ - {String} canonicalized algorithm name for encryption/decryption
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ © 2012-2015 Kenji Urushima, All rights reserved
+
+ Documentation generated by JsDoc Toolkit 2.4.0
+
+
+
diff --git a/api/symbols/KJUR.crypto.DSA.html b/api/symbols/KJUR.crypto.DSA.html
index c2ee2539..c9495e6f 100644
--- a/api/symbols/KJUR.crypto.DSA.html
+++ b/api/symbols/KJUR.crypto.DSA.html
@@ -345,6 +345,8 @@ Classes
KJUR.asn1.x509.AttributeTypeAndValue
+ KJUR.asn1.x509.AuthorityInfoAccess
+
KJUR.asn1.x509.AuthorityKeyIdentifier
KJUR.asn1.x509.BasicConstraints
@@ -389,6 +391,8 @@ Classes
KJUR.crypto
+ KJUR.crypto.Cipher
+
KJUR.crypto.DSA
KJUR.crypto.ECDSA
diff --git a/api/symbols/KJUR.crypto.ECDSA.html b/api/symbols/KJUR.crypto.ECDSA.html
index ca32664e..e9a5de16 100644
--- a/api/symbols/KJUR.crypto.ECDSA.html
+++ b/api/symbols/KJUR.crypto.ECDSA.html
@@ -345,6 +345,8 @@ Classes
KJUR.asn1.x509.AttributeTypeAndValue
+ KJUR.asn1.x509.AuthorityInfoAccess
+
KJUR.asn1.x509.AuthorityKeyIdentifier
KJUR.asn1.x509.BasicConstraints
@@ -389,6 +391,8 @@ Classes
KJUR.crypto
+ KJUR.crypto.Cipher
+
KJUR.crypto.DSA
KJUR.crypto.ECDSA
diff --git a/api/symbols/KJUR.crypto.ECParameterDB.html b/api/symbols/KJUR.crypto.ECParameterDB.html
index 97967cb3..d3a83a96 100644
--- a/api/symbols/KJUR.crypto.ECParameterDB.html
+++ b/api/symbols/KJUR.crypto.ECParameterDB.html
@@ -345,6 +345,8 @@ Classes
KJUR.asn1.x509.AttributeTypeAndValue
+ KJUR.asn1.x509.AuthorityInfoAccess
+
KJUR.asn1.x509.AuthorityKeyIdentifier
KJUR.asn1.x509.BasicConstraints
@@ -389,6 +391,8 @@ Classes
KJUR.crypto
+ KJUR.crypto.Cipher
+
KJUR.crypto.DSA
KJUR.crypto.ECDSA
diff --git a/api/symbols/KJUR.crypto.Mac.html b/api/symbols/KJUR.crypto.Mac.html
index 46463047..8d370374 100644
--- a/api/symbols/KJUR.crypto.Mac.html
+++ b/api/symbols/KJUR.crypto.Mac.html
@@ -345,6 +345,8 @@ Classes
KJUR.asn1.x509.AttributeTypeAndValue
+ KJUR.asn1.x509.AuthorityInfoAccess
+
KJUR.asn1.x509.AuthorityKeyIdentifier
KJUR.asn1.x509.BasicConstraints
@@ -389,6 +391,8 @@ Classes
KJUR.crypto
+ KJUR.crypto.Cipher
+
KJUR.crypto.DSA
KJUR.crypto.ECDSA
@@ -498,9 +502,9 @@
- <static> |
+ |
- KJUR.crypto.Mac. doFinal()
+
completes hash calculation and returns hash result
@@ -508,9 +512,9 @@
|
- <static> |
+ |
- KJUR.crypto.Mac. doFinalHex(hex)
+
performs final update on the digest using hexadecimal string,
then completes the digest computation
@@ -519,9 +523,9 @@
|
- <static> |
+ |
- KJUR.crypto.Mac. doFinalString(str)
+
performs final update on the digest using string, then completes the digest computation
@@ -529,9 +533,9 @@
|
- <static> |
+ |
- KJUR.crypto.Mac. setPassword(pass)
+
set password for Mac
This method will set password for (H)Mac internally.
@@ -539,9 +543,9 @@
|
- <static> |
+ |
- KJUR.crypto.Mac. updateHex(hex)
+
update digest by specified hexadecimal string
@@ -549,9 +553,9 @@
|
- <static> |
+ |
- KJUR.crypto.Mac. updateString(str)
+
update digest by specified string
@@ -597,7 +601,7 @@
NOTE2: Hmac signature bug was fixed in jsrsasign 4.9.0 by providing CryptoJS
bug workaround.
-Please see KJUR.crypto.Mac.setPassword, how to provide password
+Please see KJUR.crypto.Mac.setPassword, how to provide password
in various ways in detail.
@@ -649,11 +653,11 @@
Method Detail
-
- <static>
+
+
- KJUR.crypto.Mac.doFinal()
+ doFinal()
@@ -679,11 +683,11 @@
-
- <static>
+
+
- KJUR.crypto.Mac.doFinalHex(hex)
+ doFinalHex(hex)
@@ -721,11 +725,11 @@
-
- <static>
+
+
- KJUR.crypto.Mac.doFinalString(str)
+ doFinalString(str)
@@ -762,11 +766,11 @@
-
- <static>
+
+
- KJUR.crypto.Mac.setPassword(pass)
+ setPassword(pass)
@@ -838,11 +842,11 @@
-
- <static>
+
+
- KJUR.crypto.Mac.updateHex(hex)
+ updateHex(hex)
@@ -879,11 +883,11 @@
-
- <static>
+
+
- KJUR.crypto.Mac.updateString(str)
+ updateString(str)
diff --git a/api/symbols/KJUR.crypto.MessageDigest.html b/api/symbols/KJUR.crypto.MessageDigest.html
index 85f84386..36fa06ae 100644
--- a/api/symbols/KJUR.crypto.MessageDigest.html
+++ b/api/symbols/KJUR.crypto.MessageDigest.html
@@ -345,6 +345,8 @@ Classes
KJUR.asn1.x509.AttributeTypeAndValue
+ KJUR.asn1.x509.AuthorityInfoAccess
+
KJUR.asn1.x509.AuthorityKeyIdentifier
KJUR.asn1.x509.BasicConstraints
@@ -389,6 +391,8 @@ Classes
KJUR.crypto
+ KJUR.crypto.Cipher
+
KJUR.crypto.DSA
KJUR.crypto.ECDSA
@@ -462,7 +466,7 @@
- MessageDigest class which is very similar to java.security.MessageDigest class
+ MessageDigest class which is very similar to java.security.MessageDigest class
Currently this supports following algorithm and providers combination:
@@ -483,6 +487,34 @@
+
+
+
+ Field Summary
+
+
+ Field Attributes |
+ Field Name and Description |
+
+
+
+
+
+ |
+
+
+ static Array of resulted byte length of hash (ex.
+ |
+
+
+
+
+
+
+
+
@@ -499,9 +531,9 @@
- <static> |
+ |
- KJUR.crypto.MessageDigest. digest()
+
completes hash calculation and returns hash result
@@ -509,9 +541,9 @@
|
- <static> |
+ |
- KJUR.crypto.MessageDigest. digestHex(hex)
+
performs final update on the digest using hexadecimal string, then completes the digest computation
@@ -519,9 +551,9 @@
|
- <static> |
+ |
- KJUR.crypto.MessageDigest. digestString(str)
+
performs final update on the digest using string, then completes the digest computation
@@ -531,17 +563,39 @@
<static> |
- KJUR.crypto.MessageDigest. setAlgAndProvider(alg, prov)
+
- set hash algorithm and provider
-
+ get canonical hash algorithm name
+This static method normalizes from any hash algorithm name such as
+"SHA-1", "SHA1", "MD5", "sha512" to lower case name without hyphens
+such as "sha1".
|
<static> |
- KJUR.crypto.MessageDigest. updateHex(hex)
+
+ get resulted hash byte length for specified algorithm name
+This static method returns resulted byte length for specified algorithm name such as "SHA-1".
+ |
+
+
+
+ |
+
+
+ set hash algorithm and provider
+This methods set an algorithm and a cryptographic provider.
+ |
+
+
+
+ |
+
+
update digest by specified hexadecimal string
@@ -549,9 +603,9 @@
|
- <static> |
+ |
- KJUR.crypto.MessageDigest. updateString(str)
+
update digest by specified string
@@ -579,7 +633,7 @@
- MessageDigest class which is very similar to java.security.MessageDigest class
+ MessageDigest class which is very similar to java.security.MessageDigest class
Currently this supports following algorithm and providers combination:
@@ -605,7 +659,11 @@
// SJCL(Stanford JavaScript Crypto Library) provider sample
var md = new KJUR.crypto.MessageDigest({alg: "sha256", prov: "sjcl"}); // sjcl supports sha256 only
md.updateString('aaa')
-var mdHex = md.digest()
+var mdHex = md.digest()
+
+// HASHLENGTH property
+KJUR.crypto.MessageDigest.HASHLENGTH['sha1'] &rarr 20
+KJUR.crypto.MessageDigest.HASHLENGTH['sha512'] &rarr 64
@@ -634,6 +692,33 @@
+
+ Field Detail
+
+
+
+
+
+ {Array}
+ HASHLENGTH
+
+
+
+ static Array of resulted byte length of hash (ex. HASHLENGTH["sha1"] == 20)
+
+
+
+
+
+
+
+
+
+
+
+
+
+
@@ -641,11 +726,11 @@
Method Detail
-
- <static>
+
+
- KJUR.crypto.MessageDigest.digest()
+ digest()
@@ -671,11 +756,11 @@
-
- <static>
+
+
- KJUR.crypto.MessageDigest.digestHex(hex)
+ digestHex(hex)
@@ -712,11 +797,11 @@
-
- <static>
+
+
- KJUR.crypto.MessageDigest.digestString(str)
+ digestString(str)
@@ -753,16 +838,141 @@
-
+
<static>
+ {String}
+ KJUR.crypto.MessageDigest.getCanonicalAlgName(alg)
- KJUR.crypto.MessageDigest.setAlgAndProvider(alg, prov)
+
+
+ get canonical hash algorithm name
+This static method normalizes from any hash algorithm name such as
+"SHA-1", "SHA1", "MD5", "sha512" to lower case name without hyphens
+such as "sha1".
+
+
+
+
+
+
+ KJUR.crypto.MessageDigest.getCanonicalAlgName("SHA-1") &rarr "sha1"
+KJUR.crypto.MessageDigest.getCanonicalAlgName("MD5") &rarr "md5"
+
+
+
+
+
+ - Parameters:
+
+ -
+ {String} alg
+
+
+ - hash algorithm name (ex. MD5, SHA-1, SHA1, SHA512 et.al.)
+
+
+
+
+
+
+ - Since:
+ - jsrsasign 6.2.0 crypto 1.1.10
+
+
+
+
+
+
+ - Returns:
+
+ - {String} canonical hash algorithm name
+
+
+
+
+
+
+
+
+
+ <static>
+
+ {Integer}
+ KJUR.crypto.MessageDigest.getHashLength(alg)
- set hash algorithm and provider
+ get resulted hash byte length for specified algorithm name
+This static method returns resulted byte length for specified algorithm name such as "SHA-1".
+
+
+
+
+
+
+ KJUR.crypto.MessageDigest.getHashLength("SHA-1") &rarr 20
+KJUR.crypto.MessageDigest.getHashLength("sha1") &rarr 20
+
+
+
+
+
+ - Parameters:
+
+ -
+ {String} alg
+
+
+ - non-canonicalized hash algorithm name (ex. MD5, SHA-1, SHA1, SHA512 et.al.)
+
+
+
+
+
+
+ - Since:
+ - jsrsasign 6.2.0 crypto 1.1.10
+
+
+
+
+
+
+ - Returns:
+
+ - {Integer} resulted hash byte length
+
+
+
+
+
+
+
+
+
+
+
+ setAlgAndProvider(alg, prov)
+
+
+
+ set hash algorithm and provider
+This methods set an algorithm and a cryptographic provider.
+Here is acceptable algorithm names ignoring cases and hyphens:
+
+- MD5
+- SHA1
+- SHA224
+- SHA256
+- SHA384
+- SHA512
+- RIPEMD160
+
+NOTE: Since jsrsasign 6.2.0 crypto 1.1.10, this method ignores
+upper or lower cases. Also any hyphens (i.e. "-") will be ignored
+so that "SHA1" or "SHA-1" will be acceptable.
@@ -771,6 +981,7 @@
// for SHA1
md.setAlgAndProvider('sha1', 'cryptojs');
+md.setAlgAndProvider('SHA1');
// for RIPEMD160
md.setAlgAndProvider('ripemd160', 'cryptojs');
@@ -803,11 +1014,11 @@
-
- <static>
+
+
- KJUR.crypto.MessageDigest.updateHex(hex)
+ updateHex(hex)
@@ -844,11 +1055,11 @@
-
- <static>
+
+
- KJUR.crypto.MessageDigest.updateString(str)
+ updateString(str)
diff --git a/api/symbols/KJUR.crypto.OID.html b/api/symbols/KJUR.crypto.OID.html
index ab8903d4..12305c03 100644
--- a/api/symbols/KJUR.crypto.OID.html
+++ b/api/symbols/KJUR.crypto.OID.html
@@ -345,6 +345,8 @@ Classes
- KJUR.asn1.x509.AttributeTypeAndValue
+ - KJUR.asn1.x509.AuthorityInfoAccess
+
- KJUR.asn1.x509.AuthorityKeyIdentifier
- KJUR.asn1.x509.BasicConstraints
@@ -389,6 +391,8 @@ Classes
- KJUR.crypto
+ - KJUR.crypto.Cipher
+
- KJUR.crypto.DSA
- KJUR.crypto.ECDSA
diff --git a/api/symbols/KJUR.crypto.Signature.html b/api/symbols/KJUR.crypto.Signature.html
index e4c0f5c3..aee93cac 100644
--- a/api/symbols/KJUR.crypto.Signature.html
+++ b/api/symbols/KJUR.crypto.Signature.html
@@ -345,6 +345,8 @@ Classes
- KJUR.asn1.x509.AttributeTypeAndValue
+ - KJUR.asn1.x509.AuthorityInfoAccess
+
- KJUR.asn1.x509.AuthorityKeyIdentifier
- KJUR.asn1.x509.BasicConstraints
@@ -389,6 +391,8 @@ Classes
- KJUR.crypto
+ - KJUR.crypto.Cipher
+
- KJUR.crypto.DSA
- KJUR.crypto.ECDSA
@@ -519,9 +523,9 @@
- <static> |
+ |
- KJUR.crypto.Signature. init(key, pass)
+
Initialize this object for signing or verifying depends on key
This method is very useful initialize method for Signature class since
@@ -531,9 +535,9 @@
|
- <static> |
+ |
- KJUR.crypto.Signature. initSign(param)
+
Initialize this object for signing
Private key information will be provided as 'param' parameter and the value will be
@@ -546,9 +550,9 @@
|
- <static> |
+ |
- KJUR.crypto.Signature. initVerifyByCertificatePEM(certPEM)
+
Initialize this object for verifying with a certficate
@@ -556,9 +560,9 @@
|
- <static> |
+ |
- KJUR.crypto.Signature. initVerifyByPublicKey(param)
+
Initialize this object for verifying with a public key
Public key information will be provided as 'param' parameter and the value will be
@@ -571,9 +575,9 @@
|
- <static> |
+ |
- KJUR.crypto.Signature. setAlgAndProvider(alg, prov)
+
set signature algorithm and provider
@@ -581,9 +585,9 @@
|
- <static> |
+ |
- KJUR.crypto.Signature. sign()
+
Returns the signature bytes of all data updates as a hexadecimal string
@@ -591,9 +595,9 @@
|
- <static> |
+ |
- KJUR.crypto.Signature. signHex(hex)
+
performs final update on the sign using hexadecimal string, then returns the signature bytes of all data updates as a hexadecimal string
@@ -601,9 +605,9 @@
|
- <static> |
+ |
- KJUR.crypto.Signature. signString(str)
+
performs final update on the sign using string, then returns the signature bytes of all data updates as a hexadecimal string
@@ -611,9 +615,9 @@
|
- <static> |
+ |
- KJUR.crypto.Signature. updateHex(hex)
+
Updates the data to be signed or verified by a hexadecimal string
@@ -621,9 +625,9 @@
|
- <static> |
+ |
- KJUR.crypto.Signature. updateString(str)
+
Updates the data to be signed or verified by a string
@@ -631,9 +635,9 @@
|
- <static> |
+ |
- KJUR.crypto.Signature. verify(str)
+
verifies the passed-in signature.
|
@@ -793,11 +797,11 @@ EXAMPLES
Method Detail
-
- <static>
+
+
- KJUR.crypto.Signature.init(key, pass)
+ init(key, pass)
@@ -868,11 +872,11 @@ verification
-
- <static>
+
+
- KJUR.crypto.Signature.initSign(param)
+ initSign(param)
@@ -922,11 +926,11 @@ verification
-
- <static>
+
+
- KJUR.crypto.Signature.initVerifyByCertificatePEM(certPEM)
+ initVerifyByCertificatePEM(certPEM)
@@ -976,11 +980,11 @@ verification
-
- <static>
+
+
- KJUR.crypto.Signature.initVerifyByPublicKey(param)
+ initVerifyByPublicKey(param)
@@ -1037,11 +1041,11 @@ verification
-
- <static>
+
+
- KJUR.crypto.Signature.setAlgAndProvider(alg, prov)
+ setAlgAndProvider(alg, prov)
@@ -1084,11 +1088,11 @@ verification
-
- <static>
+
+
- KJUR.crypto.Signature.sign()
+ sign()
@@ -1121,11 +1125,11 @@ verification
-
- <static>
+
+
- KJUR.crypto.Signature.signHex(hex)
+ signHex(hex)
@@ -1169,11 +1173,11 @@ verification
-
- <static>
+
+
- KJUR.crypto.Signature.signString(str)
+ signString(str)
@@ -1217,11 +1221,11 @@ verification
-
- <static>
+
+
- KJUR.crypto.Signature.updateHex(hex)
+ updateHex(hex)
@@ -1258,11 +1262,11 @@ verification
-
- <static>
+
+
- KJUR.crypto.Signature.updateString(str)
+ updateString(str)
@@ -1299,11 +1303,11 @@ verification
-
- <static>
+
+
{Boolean}
- KJUR.crypto.Signature.verify(str)
+ verify(str)
diff --git a/api/symbols/KJUR.crypto.Util.html b/api/symbols/KJUR.crypto.Util.html
index dd9a0db3..1c7458c7 100644
--- a/api/symbols/KJUR.crypto.Util.html
+++ b/api/symbols/KJUR.crypto.Util.html
@@ -345,6 +345,8 @@ Classes
- KJUR.asn1.x509.AttributeTypeAndValue
+ - KJUR.asn1.x509.AuthorityInfoAccess
+
- KJUR.asn1.x509.AuthorityKeyIdentifier
- KJUR.asn1.x509.BasicConstraints
@@ -389,6 +391,8 @@ Classes
- KJUR.crypto
+ - KJUR.crypto.Cipher
+
- KJUR.crypto.DSA
- KJUR.crypto.ECDSA
diff --git a/api/symbols/KJUR.crypto.html b/api/symbols/KJUR.crypto.html
index 20c0a579..214a4552 100644
--- a/api/symbols/KJUR.crypto.html
+++ b/api/symbols/KJUR.crypto.html
@@ -345,6 +345,8 @@ Classes
- KJUR.asn1.x509.AttributeTypeAndValue
+ - KJUR.asn1.x509.AuthorityInfoAccess
+
- KJUR.asn1.x509.AuthorityKeyIdentifier
- KJUR.asn1.x509.BasicConstraints
@@ -389,6 +391,8 @@ Classes
- KJUR.crypto
+ - KJUR.crypto.Cipher
+
- KJUR.crypto.DSA
- KJUR.crypto.ECDSA
@@ -686,6 +690,7 @@
NOTE: Please ignore method summary and document of this namespace. This caused by a bug of jsdoc2.
diff --git a/api/symbols/KJUR.html b/api/symbols/KJUR.html
index 1b79497b..e89d8ac5 100644
--- a/api/symbols/KJUR.html
+++ b/api/symbols/KJUR.html
@@ -345,6 +345,8 @@ Classes
- KJUR.asn1.x509.AttributeTypeAndValue
+ - KJUR.asn1.x509.AuthorityInfoAccess
+
- KJUR.asn1.x509.AuthorityKeyIdentifier
- KJUR.asn1.x509.BasicConstraints
@@ -389,6 +391,8 @@ Classes
- KJUR.crypto
+ - KJUR.crypto.Cipher
+
- KJUR.crypto.DSA
- KJUR.crypto.ECDSA
diff --git a/api/symbols/KJUR.jws.IntDate.html b/api/symbols/KJUR.jws.IntDate.html
index 56f89cb9..73c58c60 100644
--- a/api/symbols/KJUR.jws.IntDate.html
+++ b/api/symbols/KJUR.jws.IntDate.html
@@ -345,6 +345,8 @@ Classes
- KJUR.asn1.x509.AttributeTypeAndValue
+ - KJUR.asn1.x509.AuthorityInfoAccess
+
- KJUR.asn1.x509.AuthorityKeyIdentifier
- KJUR.asn1.x509.BasicConstraints
@@ -389,6 +391,8 @@ Classes
- KJUR.crypto
+ - KJUR.crypto.Cipher
+
- KJUR.crypto.DSA
- KJUR.crypto.ECDSA
diff --git a/api/symbols/KJUR.jws.JWS.html b/api/symbols/KJUR.jws.JWS.html
index d5e0989d..dd93da60 100644
--- a/api/symbols/KJUR.jws.JWS.html
+++ b/api/symbols/KJUR.jws.JWS.html
@@ -345,6 +345,8 @@ Classes
- KJUR.asn1.x509.AttributeTypeAndValue
+ - KJUR.asn1.x509.AuthorityInfoAccess
+
- KJUR.asn1.x509.AuthorityKeyIdentifier
- KJUR.asn1.x509.BasicConstraints
@@ -389,6 +391,8 @@ Classes
- KJUR.crypto
+ - KJUR.crypto.Cipher
+
- KJUR.crypto.DSA
- KJUR.crypto.ECDSA
@@ -1302,8 +1306,8 @@ SUPPORTED SIGNATURE ALGORITHMS
- NOTE3:
From jsrsasign 4.10.0 jws 3.3.0, Way to provide password
for HS* algorithm is changed. The 'key' attribute value is
-passed to KJUR.crypto.Mac.setPassword so please see
-KJUR.crypto.Mac.setPassword for detail.
+passed to KJUR.crypto.Mac.setPassword so please see
+KJUR.crypto.Mac.setPassword for detail.
As for backword compatibility, if key is a string, has even length and
0..9, A-F or a-f characters, key string is treated as a hexadecimal
otherwise it is treated as a raw string.
@@ -1441,8 +1445,8 @@
SUPPORTED SIGNATURE ALGORITHMS
NOTE2: From jsrsasign 4.9.0 jws 3.2.5, Way to provide password
for HS* algorithm is changed. The 'key' attribute value is
-passed to KJUR.crypto.Mac.setPassword so please see
-KJUR.crypto.Mac.setPassword for detail.
+passed to KJUR.crypto.Mac.setPassword so please see
+KJUR.crypto.Mac.setPassword for detail.
As for backword compatibility, if key is a string, has even length and
0..9, A-F or a-f characters, key string is treated as a hexadecimal
otherwise it is treated as a raw string.
diff --git a/api/symbols/KJUR.jws.JWSJS.html b/api/symbols/KJUR.jws.JWSJS.html
index 0e0abbe1..056fc6d2 100644
--- a/api/symbols/KJUR.jws.JWSJS.html
+++ b/api/symbols/KJUR.jws.JWSJS.html
@@ -345,6 +345,8 @@ Classes
- KJUR.asn1.x509.AttributeTypeAndValue
+ - KJUR.asn1.x509.AuthorityInfoAccess
+
- KJUR.asn1.x509.AuthorityKeyIdentifier
- KJUR.asn1.x509.BasicConstraints
@@ -389,6 +391,8 @@ Classes
- KJUR.crypto
+ - KJUR.crypto.Cipher
+
- KJUR.crypto.DSA
- KJUR.crypto.ECDSA
diff --git a/api/symbols/KJUR.jws.html b/api/symbols/KJUR.jws.html
index 76a7a6f1..fd0f4ab3 100644
--- a/api/symbols/KJUR.jws.html
+++ b/api/symbols/KJUR.jws.html
@@ -345,6 +345,8 @@ Classes
- KJUR.asn1.x509.AttributeTypeAndValue
+ - KJUR.asn1.x509.AuthorityInfoAccess
+
- KJUR.asn1.x509.AuthorityKeyIdentifier
- KJUR.asn1.x509.BasicConstraints
@@ -389,6 +391,8 @@ Classes
- KJUR.crypto
+ - KJUR.crypto.Cipher
+
- KJUR.crypto.DSA
- KJUR.crypto.ECDSA
diff --git a/api/symbols/KJUR.lang.String.html b/api/symbols/KJUR.lang.String.html
index 80c76ef9..4a676a74 100644
--- a/api/symbols/KJUR.lang.String.html
+++ b/api/symbols/KJUR.lang.String.html
@@ -345,6 +345,8 @@ Classes
- KJUR.asn1.x509.AttributeTypeAndValue
+ - KJUR.asn1.x509.AuthorityInfoAccess
+
- KJUR.asn1.x509.AuthorityKeyIdentifier
- KJUR.asn1.x509.BasicConstraints
@@ -389,6 +391,8 @@ Classes
- KJUR.crypto
+ - KJUR.crypto.Cipher
+
- KJUR.crypto.DSA
- KJUR.crypto.ECDSA
diff --git a/api/symbols/PKCS5PKEY.html b/api/symbols/PKCS5PKEY.html
index a9c28ed5..baf6b561 100644
--- a/api/symbols/PKCS5PKEY.html
+++ b/api/symbols/PKCS5PKEY.html
@@ -345,6 +345,8 @@ Classes
- KJUR.asn1.x509.AttributeTypeAndValue
+ - KJUR.asn1.x509.AuthorityInfoAccess
+
- KJUR.asn1.x509.AuthorityKeyIdentifier
- KJUR.asn1.x509.BasicConstraints
@@ -389,6 +391,8 @@ Classes
- KJUR.crypto
+ - KJUR.crypto.Cipher
+
- KJUR.crypto.DSA
- KJUR.crypto.ECDSA
diff --git a/api/symbols/RSAKey.html b/api/symbols/RSAKey.html
index 6f2005f0..a7d2cca5 100644
--- a/api/symbols/RSAKey.html
+++ b/api/symbols/RSAKey.html
@@ -345,6 +345,8 @@ Classes
- KJUR.asn1.x509.AttributeTypeAndValue
+ - KJUR.asn1.x509.AuthorityInfoAccess
+
- KJUR.asn1.x509.AuthorityKeyIdentifier
- KJUR.asn1.x509.BasicConstraints
@@ -389,6 +391,8 @@ Classes
- KJUR.crypto
+ - KJUR.crypto.Cipher
+
- KJUR.crypto.DSA
- KJUR.crypto.ECDSA
diff --git a/api/symbols/X509.html b/api/symbols/X509.html
index 8d7bc416..2264e706 100644
--- a/api/symbols/X509.html
+++ b/api/symbols/X509.html
@@ -345,6 +345,8 @@ Classes
- KJUR.asn1.x509.AttributeTypeAndValue
+ - KJUR.asn1.x509.AuthorityInfoAccess
+
- KJUR.asn1.x509.AuthorityKeyIdentifier
- KJUR.asn1.x509.BasicConstraints
@@ -389,6 +391,8 @@ Classes
- KJUR.crypto
+ - KJUR.crypto.Cipher
+
- KJUR.crypto.DSA
- KJUR.crypto.ECDSA
@@ -854,8 +858,8 @@
get X.509 V3 extension value information at the specified position
-This method will get some information of a X.509 V extension
-which is referred by an index of hexadecimal string of X.509
+This method will get some information of a X.509 V extension
+which is referred by an index of hexadecimal string of X.509
certificate.
@@ -1419,7 +1423,7 @@
bKeyUsage = X509.getExtKeyUsageBin(hCert);
// bKeyUsage will be such like '101'.
-// 1 - digitalSignature
+// 1 - digitalSignature
// 0 - nonRepudiation
// 1 - keyEncipherment
@@ -1646,7 +1650,7 @@
get X.509 V3 extension value ASN.1 TLV for specified oid or name
This method will get X.509v3 extension value of ASN.1 TLV
-which is specifyed by extension name or oid.
+which is specifyed by extension name or oid.
If there is no such extension in the certificate, it returns null.
@@ -1709,7 +1713,7 @@
get X.509 V3 extension value ASN.1 V for specified oid or name
This method will get X.509v3 extension value of ASN.1 value
-which is specifyed by extension name or oid.
+which is specifyed by extension name or oid.
If there is no such extension in the certificate, it returns null.
Available extension names and oids are defined
in the KJUR.asn1.x509.OID class.
@@ -1790,7 +1794,7 @@
notBefore: 061110000000Z
notAfter: 311110000000Z
subject: /C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert High Assurance EV Root CA
- subject public key info:
+ subject public key info:
key algorithm: RSA
n=c6cce573e6fbd4bb...
e=10001
@@ -1993,7 +1997,7 @@
get index in the certificate hexa string for specified oid or name specified extension
This method will get X.509v3 extension value of ASN.1 V(value)
-which is specifyed by extension name or oid.
+which is specifyed by extension name or oid.
If there is no such extension in the certificate,
it returns -1.
Available extension names and oids are defined
@@ -2645,9 +2649,9 @@
get X.509 V3 extension value information at the specified position
-This method will get some information of a X.509 V extension
-which is referred by an index of hexadecimal string of X.509
-certificate.
+This method will get some information of a X.509 V extension
+which is referred by an index of hexadecimal string of X.509
+certificate.
Resulting object has following properties:
1 /*! asn1x509-1.0.15.js (c) 2013-2016 Kenji Urushima | kjur.github.com/jsrsasign/license
+ 1 /*! asn1x509-1.0.17.js (c) 2013-2016 Kenji Urushima | kjur.github.com/jsrsasign/license
2 */
3 /*
4 * asn1x509.js - ASN.1 DER encoder classes for X.509 certificate
@@ -15,7 +15,7 @@
8 * This software is licensed under the terms of the MIT License.
9 * http://kjur.github.com/jsrsasign/license
10 *
- 11 * The above copyright and license notice shall be
+ 11 * The above copyright and license notice shall be
12 * included in all copies or substantial portions of the Software.
13 */
14
@@ -23,12 +23,12 @@
16 * @fileOverview
17 * @name asn1x509-1.0.js
18 * @author Kenji Urushima kenji.urushima@gmail.com
- 19 * @version 1.0.15 (2016-Oct-08)
+ 19 * @version 1.0.17 (2016-Nov-18)
20 * @since jsrsasign 2.1
21 * @license <a href="http://kjur.github.io/jsrsasign/license/">MIT License</a>
22 */
23
- 24 /**
+ 24 /**
25 * kjur's class library name space
26 * // already documented in asn1-1.0.js
27 * @name KJUR
@@ -79,2093 +79,2303 @@
72 * <li>{@link KJUR.asn1.x509.CRLDistributionPoints}</li>
73 * <li>{@link KJUR.asn1.x509.ExtKeyUsage}</li>
74 * <li>{@link KJUR.asn1.x509.AuthorityKeyIdentifier}</li>
- 75 * </ul>
- 76 * NOTE: Please ignore method summary and document of this namespace. This caused by a bug of jsdoc2.
- 77 * @name KJUR.asn1.x509
- 78 * @namespace
- 79 */
- 80 if (typeof KJUR.asn1.x509 == "undefined" || !KJUR.asn1.x509) KJUR.asn1.x509 = {};
- 81
- 82 // === BEGIN Certificate ===================================================
- 83
- 84 /**
- 85 * X.509 Certificate class to sign and generate hex encoded certificate
- 86 * @name KJUR.asn1.x509.Certificate
- 87 * @class X.509 Certificate class to sign and generate hex encoded certificate
- 88 * @param {Array} params associative array of parameters (ex. {'tbscertobj': obj, 'prvkeyobj': key})
- 89 * @extends KJUR.asn1.ASN1Object
- 90 * @description
- 91 * <br/>
- 92 * As for argument 'params' for constructor, you can specify one of
- 93 * following properties:
- 94 * <ul>
- 95 * <li>tbscertobj - specify {@link KJUR.asn1.x509.TBSCertificate} object</li>
- 96 * <li>prvkeyobj - specify {@link RSAKey}, {@link KJUR.crypto.ECDSA} or {@link KJUR.crypto.DSA} object for CA private key to sign the certificate</li>
- 97 * <li>(DEPRECATED)rsaprvkey - specify {@link RSAKey} object CA private key</li>
- 98 * <li>(DEPRECATED)rsaprvpem - specify PEM string of RSA CA private key</li>
- 99 * </ul>
-100 * NOTE1: 'params' can be omitted.<br/>
-101 * NOTE2: DSA/ECDSA is also supported for CA signging key from asn1x509 1.0.6.
-102 * @example
-103 * var caKey = KEYUTIL.getKey(caKeyPEM); // CA's private key
-104 * var cert = new KJUR.asn1x509.Certificate({'tbscertobj': tbs, 'prvkeyobj': caKey});
-105 * cert.sign(); // issue certificate by CA's private key
-106 * var certPEM = cert.getPEMString();
-107 *
-108 * // Certificate ::= SEQUENCE {
-109 * // tbsCertificate TBSCertificate,
-110 * // signatureAlgorithm AlgorithmIdentifier,
-111 * // signature BIT STRING }
-112 */
-113 KJUR.asn1.x509.Certificate = function(params) {
-114 KJUR.asn1.x509.Certificate.superclass.constructor.call(this);
-115 var asn1TBSCert = null;
-116 var asn1SignatureAlg = null;
-117 var asn1Sig = null;
-118 var hexSig = null;
-119 var prvKey = null;
-120 var rsaPrvKey = null; // DEPRECATED
-121
-122
-123 /**
-124 * set PKCS#5 encrypted RSA PEM private key as CA key
-125 * @name setRsaPrvKeyByPEMandPass
-126 * @memberOf KJUR.asn1.x509.Certificate
-127 * @function
-128 * @param {String} rsaPEM string of PKCS#5 encrypted RSA PEM private key
-129 * @param {String} passPEM passcode string to decrypt private key
-130 * @since 1.0.1
-131 * @description
-132 * <br/>
-133 * <h4>EXAMPLES</h4>
-134 * @example
-135 * var cert = new KJUR.asn1.x509.Certificate({'tbscertobj': tbs});
-136 * cert.setRsaPrvKeyByPEMandPass("-----BEGIN RSA PRIVATE..(snip)", "password");
-137 */
-138 this.setRsaPrvKeyByPEMandPass = function(rsaPEM, passPEM) {
-139 var caKeyHex = PKCS5PKEY.getDecryptedKeyHex(rsaPEM, passPEM);
-140 var caKey = new RSAKey();
-141 caKey.readPrivateKeyFromASN1HexString(caKeyHex);
-142 this.prvKey = caKey;
-143 };
-144
-145 /**
-146 * sign TBSCertificate and set signature value internally
-147 * @name sign
-148 * @memberOf KJUR.asn1.x509.Certificate
-149 * @function
-150 * @description
-151 * @example
-152 * var cert = new KJUR.asn1.x509.Certificate({'tbscertobj': tbs, 'rsaprvkey': prvKey});
-153 * cert.sign();
-154 */
-155 this.sign = function() {
-156 this.asn1SignatureAlg = this.asn1TBSCert.asn1SignatureAlg;
-157
-158 sig = new KJUR.crypto.Signature({'alg': 'SHA1withRSA'});
-159 sig.init(this.prvKey);
-160 sig.updateHex(this.asn1TBSCert.getEncodedHex());
-161 this.hexSig = sig.sign();
-162
-163 this.asn1Sig = new KJUR.asn1.DERBitString({'hex': '00' + this.hexSig});
-164
-165 var seq = new KJUR.asn1.DERSequence({'array': [this.asn1TBSCert,
-166 this.asn1SignatureAlg,
-167 this.asn1Sig]});
-168 this.hTLV = seq.getEncodedHex();
-169 this.isModified = false;
-170 };
-171
-172 /**
-173 * set signature value internally by hex string
-174 * @name setSignatureHex
-175 * @memberOf KJUR.asn1.x509.Certificate
-176 * @function
-177 * @since asn1x509 1.0.8
-178 * @description
-179 * @example
-180 * var cert = new KJUR.asn1.x509.Certificate({'tbscertobj': tbs});
-181 * cert.setSignatureHex('01020304');
-182 */
-183 this.setSignatureHex = function(sigHex) {
-184 this.asn1SignatureAlg = this.asn1TBSCert.asn1SignatureAlg;
-185 this.hexSig = sigHex;
-186 this.asn1Sig = new KJUR.asn1.DERBitString({'hex': '00' + this.hexSig});
-187
-188 var seq = new KJUR.asn1.DERSequence({'array': [this.asn1TBSCert,
-189 this.asn1SignatureAlg,
-190 this.asn1Sig]});
-191 this.hTLV = seq.getEncodedHex();
-192 this.isModified = false;
-193 };
-194
-195 this.getEncodedHex = function() {
-196 if (this.isModified == false && this.hTLV != null) return this.hTLV;
-197 throw "not signed yet";
-198 };
-199
-200 /**
-201 * get PEM formatted certificate string after signed
-202 * @name getPEMString
-203 * @memberOf KJUR.asn1.x509.Certificate
-204 * @function
-205 * @return PEM formatted string of certificate
-206 * @description
-207 * @example
-208 * var cert = new KJUR.asn1.x509.Certificate({'tbscertobj': tbs, 'rsaprvkey': prvKey});
-209 * cert.sign();
-210 * var sPEM = cert.getPEMString();
-211 */
-212 this.getPEMString = function() {
-213 var hCert = this.getEncodedHex();
-214 var wCert = CryptoJS.enc.Hex.parse(hCert);
-215 var b64Cert = CryptoJS.enc.Base64.stringify(wCert);
-216 var pemBody = b64Cert.replace(/(.{64})/g, "$1\r\n");
-217 return "-----BEGIN CERTIFICATE-----\r\n" + pemBody + "\r\n-----END CERTIFICATE-----\r\n";
-218 };
-219
-220 if (typeof params != "undefined") {
-221 if (typeof params['tbscertobj'] != "undefined") {
-222 this.asn1TBSCert = params['tbscertobj'];
-223 }
-224 if (typeof params['prvkeyobj'] != "undefined") {
-225 this.prvKey = params['prvkeyobj'];
-226 } else if (typeof params['rsaprvkey'] != "undefined") {
-227 this.prvKey = params['rsaprvkey'];
-228 } else if ((typeof params['rsaprvpem'] != "undefined") &&
-229 (typeof params['rsaprvpas'] != "undefined")) {
-230 this.setRsaPrvKeyByPEMandPass(params['rsaprvpem'], params['rsaprvpas']);
-231 }
-232 }
-233 };
-234 YAHOO.lang.extend(KJUR.asn1.x509.Certificate, KJUR.asn1.ASN1Object);
-235
-236 /**
-237 * ASN.1 TBSCertificate structure class
-238 * @name KJUR.asn1.x509.TBSCertificate
-239 * @class ASN.1 TBSCertificate structure class
-240 * @param {Array} params associative array of parameters (ex. {})
-241 * @extends KJUR.asn1.ASN1Object
-242 * @description
-243 * <br/>
-244 * <h4>EXAMPLE</h4>
-245 * @example
-246 * var o = new KJUR.asn1.x509.TBSCertificate();
-247 * o.setSerialNumberByParam({'int': 4});
-248 * o.setSignatureAlgByParam({'name': 'SHA1withRSA'});
-249 * o.setIssuerByParam({'str': '/C=US/O=a'});
-250 * o.setNotBeforeByParam({'str': '130504235959Z'});
-251 * o.setNotAfterByParam({'str': '140504235959Z'});
-252 * o.setSubjectByParam({'str': '/C=US/CN=b'});
-253 * o.setSubjectPublicKeyByParam({'rsakey': rsaKey});
-254 * o.appendExtension(new KJUR.asn1.x509.BasicConstraints({'cA':true}));
-255 * o.appendExtension(new KJUR.asn1.x509.KeyUsage({'bin':'11'}));
-256 */
-257 KJUR.asn1.x509.TBSCertificate = function(params) {
-258 KJUR.asn1.x509.TBSCertificate.superclass.constructor.call(this);
-259
-260 this._initialize = function() {
-261 this.asn1Array = new Array();
-262
-263 this.asn1Version =
-264 new KJUR.asn1.DERTaggedObject({'obj': new KJUR.asn1.DERInteger({'int': 2})});
-265 this.asn1SerialNumber = null;
-266 this.asn1SignatureAlg = null;
-267 this.asn1Issuer = null;
-268 this.asn1NotBefore = null;
-269 this.asn1NotAfter = null;
-270 this.asn1Subject = null;
-271 this.asn1SubjPKey = null;
-272 this.extensionsArray = new Array();
-273 };
-274
-275 /**
-276 * set serial number field by parameter
-277 * @name setSerialNumberByParam
-278 * @memberOf KJUR.asn1.x509.TBSCertificate
-279 * @function
-280 * @param {Array} intParam DERInteger param
-281 * @description
-282 * @example
-283 * tbsc.setSerialNumberByParam({'int': 3});
-284 */
-285 this.setSerialNumberByParam = function(intParam) {
-286 this.asn1SerialNumber = new KJUR.asn1.DERInteger(intParam);
-287 };
-288
-289 /**
-290 * set signature algorithm field by parameter
-291 * @name setSignatureAlgByParam
-292 * @memberOf KJUR.asn1.x509.TBSCertificate
-293 * @function
-294 * @param {Array} algIdParam AlgorithmIdentifier parameter
-295 * @description
-296 * @example
-297 * tbsc.setSignatureAlgByParam({'name': 'SHA1withRSA'});
-298 */
-299 this.setSignatureAlgByParam = function(algIdParam) {
-300 this.asn1SignatureAlg = new KJUR.asn1.x509.AlgorithmIdentifier(algIdParam);
-301 };
-302
-303 /**
-304 * set issuer name field by parameter
-305 * @name setIssuerByParam
-306 * @memberOf KJUR.asn1.x509.TBSCertificate
-307 * @function
-308 * @param {Array} x500NameParam X500Name parameter
-309 * @description
-310 * @example
-311 * tbsc.setIssuerParam({'str': '/C=US/CN=b'});
-312 * @see KJUR.asn1.x509.X500Name
-313 */
-314 this.setIssuerByParam = function(x500NameParam) {
-315 this.asn1Issuer = new KJUR.asn1.x509.X500Name(x500NameParam);
-316 };
-317
-318 /**
-319 * set notBefore field by parameter
-320 * @name setNotBeforeByParam
-321 * @memberOf KJUR.asn1.x509.TBSCertificate
-322 * @function
-323 * @param {Array} timeParam Time parameter
-324 * @description
-325 * @example
-326 * tbsc.setNotBeforeByParam({'str': '130508235959Z'});
-327 * @see KJUR.asn1.x509.Time
-328 */
-329 this.setNotBeforeByParam = function(timeParam) {
-330 this.asn1NotBefore = new KJUR.asn1.x509.Time(timeParam);
-331 };
-332
-333 /**
-334 * set notAfter field by parameter
-335 * @name setNotAfterByParam
-336 * @memberOf KJUR.asn1.x509.TBSCertificate
-337 * @function
-338 * @param {Array} timeParam Time parameter
-339 * @description
-340 * @example
-341 * tbsc.setNotAfterByParam({'str': '130508235959Z'});
-342 * @see KJUR.asn1.x509.Time
-343 */
-344 this.setNotAfterByParam = function(timeParam) {
-345 this.asn1NotAfter = new KJUR.asn1.x509.Time(timeParam);
-346 };
-347
-348 /**
-349 * set subject name field by parameter
-350 * @name setSubjectByParam
-351 * @memberOf KJUR.asn1.x509.TBSCertificate
-352 * @function
-353 * @param {Array} x500NameParam X500Name parameter
-354 * @description
-355 * @example
-356 * tbsc.setSubjectParam({'str': '/C=US/CN=b'});
-357 * @see KJUR.asn1.x509.X500Name
-358 */
-359 this.setSubjectByParam = function(x500NameParam) {
-360 this.asn1Subject = new KJUR.asn1.x509.X500Name(x500NameParam);
-361 };
-362
-363 /**
-364 * (DEPRECATED) set subject public key info field by RSA key parameter
-365 * @name setSubjectPublicKeyByParam
-366 * @memberOf KJUR.asn1.x509.TBSCertificate
-367 * @function
-368 * @param {Array} subjPKeyParam SubjectPublicKeyInfo parameter of RSA
-369 * @deprecated
-370 * @description
-371 * @example
-372 * tbsc.setSubjectPublicKeyByParam({'rsakey': pubKey});
-373 * @see KJUR.asn1.x509.SubjectPublicKeyInfo
-374 */
-375 this.setSubjectPublicKeyByParam = function(subjPKeyParam) {
-376 this.asn1SubjPKey = new KJUR.asn1.x509.SubjectPublicKeyInfo(subjPKeyParam);
-377 };
-378
-379 /**
-380 * set subject public key info by RSA/ECDSA/DSA key parameter
-381 * @name setSubjectPublicKeyByGetKey
-382 * @memberOf KJUR.asn1.x509.TBSCertificate
-383 * @function
-384 * @param {Object} keyParam public key parameter which passed to {@link KEYUTIL.getKey} argument
-385 * @description
-386 * @example
-387 * tbsc.setSubjectPublicKeyByGetKeyParam(certPEMString); // or
-388 * tbsc.setSubjectPublicKeyByGetKeyParam(pkcs8PublicKeyPEMString); // or
-389 * tbsc.setSubjectPublicKeyByGetKeyParam(kjurCryptoECDSAKeyObject); // et.al.
-390 * @see KJUR.asn1.x509.SubjectPublicKeyInfo
-391 * @see KEYUTIL.getKey
-392 * @since asn1x509 1.0.6
-393 */
-394 this.setSubjectPublicKeyByGetKey = function(keyParam) {
-395 var keyObj = KEYUTIL.getKey(keyParam);
-396 this.asn1SubjPKey = new KJUR.asn1.x509.SubjectPublicKeyInfo(keyObj);
-397 };
-398
-399 /**
-400 * append X.509v3 extension to this object
-401 * @name appendExtension
-402 * @memberOf KJUR.asn1.x509.TBSCertificate
-403 * @function
-404 * @param {Extension} extObj X.509v3 Extension object
-405 * @description
-406 * @example
-407 * tbsc.appendExtension(new KJUR.asn1.x509.BasicConstraints({'cA':true, 'critical': true}));
-408 * tbsc.appendExtension(new KJUR.asn1.x509.KeyUsage({'bin':'11'}));
-409 * @see KJUR.asn1.x509.Extension
-410 */
-411 this.appendExtension = function(extObj) {
-412 this.extensionsArray.push(extObj);
-413 };
-414
-415 /**
-416 * append X.509v3 extension to this object by name and parameters
-417 * @name appendExtensionByName
-418 * @memberOf KJUR.asn1.x509.TBSCertificate
-419 * @function
-420 * @param {name} name name of X.509v3 Extension object
-421 * @param {Array} extParams parameters as argument of Extension constructor.
-422 * @description
-423 * @example
-424 * tbsc.appendExtensionByName('BasicConstraints', {'cA':true, 'critical': true});
-425 * tbsc.appendExtensionByName('KeyUsage', {'bin':'11'});
-426 * tbsc.appendExtensionByName('CRLDistributionPoints', {uri: 'http://aaa.com/a.crl'});
-427 * tbsc.appendExtensionByName('ExtKeyUsage', {array: [{name: 'clientAuth'}]});
-428 * tbsc.appendExtensionByName('AuthorityKeyIdentifier', {kid: '1234ab..'});
-429 * @see KJUR.asn1.x509.Extension
-430 */
-431 this.appendExtensionByName = function(name, extParams) {
-432 if (name.toLowerCase() == "basicconstraints") {
-433 var extObj = new KJUR.asn1.x509.BasicConstraints(extParams);
-434 this.appendExtension(extObj);
-435 } else if (name.toLowerCase() == "keyusage") {
-436 var extObj = new KJUR.asn1.x509.KeyUsage(extParams);
-437 this.appendExtension(extObj);
-438 } else if (name.toLowerCase() == "crldistributionpoints") {
-439 var extObj = new KJUR.asn1.x509.CRLDistributionPoints(extParams);
-440 this.appendExtension(extObj);
-441 } else if (name.toLowerCase() == "extkeyusage") {
-442 var extObj = new KJUR.asn1.x509.ExtKeyUsage(extParams);
-443 this.appendExtension(extObj);
-444 } else if (name.toLowerCase() == "authoritykeyidentifier") {
-445 var extObj = new KJUR.asn1.x509.AuthorityKeyIdentifier(extParams);
-446 this.appendExtension(extObj);
-447 } else {
-448 throw "unsupported extension name: " + name;
-449 }
-450 };
-451
-452 this.getEncodedHex = function() {
-453 if (this.asn1NotBefore == null || this.asn1NotAfter == null)
-454 throw "notBefore and/or notAfter not set";
-455 var asn1Validity =
-456 new KJUR.asn1.DERSequence({'array':[this.asn1NotBefore, this.asn1NotAfter]});
-457
-458 this.asn1Array = new Array();
-459
-460 this.asn1Array.push(this.asn1Version);
-461 this.asn1Array.push(this.asn1SerialNumber);
-462 this.asn1Array.push(this.asn1SignatureAlg);
-463 this.asn1Array.push(this.asn1Issuer);
-464 this.asn1Array.push(asn1Validity);
-465 this.asn1Array.push(this.asn1Subject);
-466 this.asn1Array.push(this.asn1SubjPKey);
-467
-468 if (this.extensionsArray.length > 0) {
-469 var extSeq = new KJUR.asn1.DERSequence({"array": this.extensionsArray});
-470 var extTagObj = new KJUR.asn1.DERTaggedObject({'explicit': true,
-471 'tag': 'a3',
-472 'obj': extSeq});
-473 this.asn1Array.push(extTagObj);
-474 }
-475
-476 var o = new KJUR.asn1.DERSequence({"array": this.asn1Array});
-477 this.hTLV = o.getEncodedHex();
-478 this.isModified = false;
-479 return this.hTLV;
-480 };
-481
-482 this._initialize();
-483 };
-484 YAHOO.lang.extend(KJUR.asn1.x509.TBSCertificate, KJUR.asn1.ASN1Object);
-485
-486 // === END TBSCertificate ===================================================
-487
-488 // === BEGIN X.509v3 Extensions Related =======================================
-489
-490 /**
-491 * base Extension ASN.1 structure class
-492 * @name KJUR.asn1.x509.Extension
-493 * @class base Extension ASN.1 structure class
-494 * @param {Array} params associative array of parameters (ex. {'critical': true})
-495 * @extends KJUR.asn1.ASN1Object
-496 * @description
-497 * @example
-498 * // Extension ::= SEQUENCE {
-499 * // extnID OBJECT IDENTIFIER,
-500 * // critical BOOLEAN DEFAULT FALSE,
-501 * // extnValue OCTET STRING }
-502 */
-503 KJUR.asn1.x509.Extension = function(params) {
-504 KJUR.asn1.x509.Extension.superclass.constructor.call(this);
-505 var asn1ExtnValue = null;
-506
-507 this.getEncodedHex = function() {
-508 var asn1Oid = new KJUR.asn1.DERObjectIdentifier({'oid': this.oid});
-509 var asn1EncapExtnValue =
-510 new KJUR.asn1.DEROctetString({'hex': this.getExtnValueHex()});
+ 75 * <li>{@link KJUR.asn1.x509.AuthorityInfoAccess}</li>
+ 76 * </ul>
+ 77 * NOTE: Please ignore method summary and document of this namespace. This caused by a bug of jsdoc2.
+ 78 * @name KJUR.asn1.x509
+ 79 * @namespace
+ 80 */
+ 81 if (typeof KJUR.asn1.x509 == "undefined" || !KJUR.asn1.x509) KJUR.asn1.x509 = {};
+ 82
+ 83 // === BEGIN Certificate ===================================================
+ 84
+ 85 /**
+ 86 * X.509 Certificate class to sign and generate hex encoded certificate
+ 87 * @name KJUR.asn1.x509.Certificate
+ 88 * @class X.509 Certificate class to sign and generate hex encoded certificate
+ 89 * @param {Array} params associative array of parameters (ex. {'tbscertobj': obj, 'prvkeyobj': key})
+ 90 * @extends KJUR.asn1.ASN1Object
+ 91 * @description
+ 92 * <br/>
+ 93 * As for argument 'params' for constructor, you can specify one of
+ 94 * following properties:
+ 95 * <ul>
+ 96 * <li>tbscertobj - specify {@link KJUR.asn1.x509.TBSCertificate} object</li>
+ 97 * <li>prvkeyobj - specify {@link RSAKey}, {@link KJUR.crypto.ECDSA} or {@link KJUR.crypto.DSA} object for CA private key to sign the certificate</li>
+ 98 * <li>(DEPRECATED)rsaprvkey - specify {@link RSAKey} object CA private key</li>
+ 99 * <li>(DEPRECATED)rsaprvpem - specify PEM string of RSA CA private key</li>
+100 * </ul>
+101 * NOTE1: 'params' can be omitted.<br/>
+102 * NOTE2: DSA/ECDSA is also supported for CA signging key from asn1x509 1.0.6.
+103 * @example
+104 * var caKey = KEYUTIL.getKey(caKeyPEM); // CA's private key
+105 * var cert = new KJUR.asn1x509.Certificate({'tbscertobj': tbs, 'prvkeyobj': caKey});
+106 * cert.sign(); // issue certificate by CA's private key
+107 * var certPEM = cert.getPEMString();
+108 *
+109 * // Certificate ::= SEQUENCE {
+110 * // tbsCertificate TBSCertificate,
+111 * // signatureAlgorithm AlgorithmIdentifier,
+112 * // signature BIT STRING }
+113 */
+114 KJUR.asn1.x509.Certificate = function(params) {
+115 KJUR.asn1.x509.Certificate.superclass.constructor.call(this);
+116 var asn1TBSCert = null;
+117 var asn1SignatureAlg = null;
+118 var asn1Sig = null;
+119 var hexSig = null;
+120 var prvKey = null;
+121 var rsaPrvKey = null; // DEPRECATED
+122
+123
+124 /**
+125 * set PKCS#5 encrypted RSA PEM private key as CA key
+126 * @name setRsaPrvKeyByPEMandPass
+127 * @memberOf KJUR.asn1.x509.Certificate
+128 * @function
+129 * @param {String} rsaPEM string of PKCS#5 encrypted RSA PEM private key
+130 * @param {String} passPEM passcode string to decrypt private key
+131 * @since 1.0.1
+132 * @description
+133 * <br/>
+134 * <h4>EXAMPLES</h4>
+135 * @example
+136 * var cert = new KJUR.asn1.x509.Certificate({'tbscertobj': tbs});
+137 * cert.setRsaPrvKeyByPEMandPass("-----BEGIN RSA PRIVATE..(snip)", "password");
+138 */
+139 this.setRsaPrvKeyByPEMandPass = function(rsaPEM, passPEM) {
+140 var caKeyHex = PKCS5PKEY.getDecryptedKeyHex(rsaPEM, passPEM);
+141 var caKey = new RSAKey();
+142 caKey.readPrivateKeyFromASN1HexString(caKeyHex);
+143 this.prvKey = caKey;
+144 };
+145
+146 /**
+147 * sign TBSCertificate and set signature value internally
+148 * @name sign
+149 * @memberOf KJUR.asn1.x509.Certificate
+150 * @function
+151 * @description
+152 * @example
+153 * var cert = new KJUR.asn1.x509.Certificate({'tbscertobj': tbs, 'rsaprvkey': prvKey});
+154 * cert.sign();
+155 */
+156 this.sign = function() {
+157 this.asn1SignatureAlg = this.asn1TBSCert.asn1SignatureAlg;
+158
+159 sig = new KJUR.crypto.Signature({'alg': 'SHA1withRSA'});
+160 sig.init(this.prvKey);
+161 sig.updateHex(this.asn1TBSCert.getEncodedHex());
+162 this.hexSig = sig.sign();
+163
+164 this.asn1Sig = new KJUR.asn1.DERBitString({'hex': '00' + this.hexSig});
+165
+166 var seq = new KJUR.asn1.DERSequence({'array': [this.asn1TBSCert,
+167 this.asn1SignatureAlg,
+168 this.asn1Sig]});
+169 this.hTLV = seq.getEncodedHex();
+170 this.isModified = false;
+171 };
+172
+173 /**
+174 * set signature value internally by hex string
+175 * @name setSignatureHex
+176 * @memberOf KJUR.asn1.x509.Certificate
+177 * @function
+178 * @since asn1x509 1.0.8
+179 * @description
+180 * @example
+181 * var cert = new KJUR.asn1.x509.Certificate({'tbscertobj': tbs});
+182 * cert.setSignatureHex('01020304');
+183 */
+184 this.setSignatureHex = function(sigHex) {
+185 this.asn1SignatureAlg = this.asn1TBSCert.asn1SignatureAlg;
+186 this.hexSig = sigHex;
+187 this.asn1Sig = new KJUR.asn1.DERBitString({'hex': '00' + this.hexSig});
+188
+189 var seq = new KJUR.asn1.DERSequence({'array': [this.asn1TBSCert,
+190 this.asn1SignatureAlg,
+191 this.asn1Sig]});
+192 this.hTLV = seq.getEncodedHex();
+193 this.isModified = false;
+194 };
+195
+196 this.getEncodedHex = function() {
+197 if (this.isModified == false && this.hTLV != null) return this.hTLV;
+198 throw "not signed yet";
+199 };
+200
+201 /**
+202 * get PEM formatted certificate string after signed
+203 * @name getPEMString
+204 * @memberOf KJUR.asn1.x509.Certificate
+205 * @function
+206 * @return PEM formatted string of certificate
+207 * @description
+208 * @example
+209 * var cert = new KJUR.asn1.x509.Certificate({'tbscertobj': tbs, 'rsaprvkey': prvKey});
+210 * cert.sign();
+211 * var sPEM = cert.getPEMString();
+212 */
+213 this.getPEMString = function() {
+214 var hCert = this.getEncodedHex();
+215 var wCert = CryptoJS.enc.Hex.parse(hCert);
+216 var b64Cert = CryptoJS.enc.Base64.stringify(wCert);
+217 var pemBody = b64Cert.replace(/(.{64})/g, "$1\r\n");
+218 return "-----BEGIN CERTIFICATE-----\r\n" + pemBody + "\r\n-----END CERTIFICATE-----\r\n";
+219 };
+220
+221 if (typeof params != "undefined") {
+222 if (typeof params['tbscertobj'] != "undefined") {
+223 this.asn1TBSCert = params['tbscertobj'];
+224 }
+225 if (typeof params['prvkeyobj'] != "undefined") {
+226 this.prvKey = params['prvkeyobj'];
+227 } else if (typeof params['rsaprvkey'] != "undefined") {
+228 this.prvKey = params['rsaprvkey'];
+229 } else if ((typeof params['rsaprvpem'] != "undefined") &&
+230 (typeof params['rsaprvpas'] != "undefined")) {
+231 this.setRsaPrvKeyByPEMandPass(params['rsaprvpem'], params['rsaprvpas']);
+232 }
+233 }
+234 };
+235 YAHOO.lang.extend(KJUR.asn1.x509.Certificate, KJUR.asn1.ASN1Object);
+236
+237 /**
+238 * ASN.1 TBSCertificate structure class
+239 * @name KJUR.asn1.x509.TBSCertificate
+240 * @class ASN.1 TBSCertificate structure class
+241 * @param {Array} params associative array of parameters (ex. {})
+242 * @extends KJUR.asn1.ASN1Object
+243 * @description
+244 * <br/>
+245 * <h4>EXAMPLE</h4>
+246 * @example
+247 * var o = new KJUR.asn1.x509.TBSCertificate();
+248 * o.setSerialNumberByParam({'int': 4});
+249 * o.setSignatureAlgByParam({'name': 'SHA1withRSA'});
+250 * o.setIssuerByParam({'str': '/C=US/O=a'});
+251 * o.setNotBeforeByParam({'str': '130504235959Z'});
+252 * o.setNotAfterByParam({'str': '140504235959Z'});
+253 * o.setSubjectByParam({'str': '/C=US/CN=b'});
+254 * o.setSubjectPublicKeyByParam({'rsakey': rsaKey});
+255 * o.appendExtension(new KJUR.asn1.x509.BasicConstraints({'cA':true}));
+256 * o.appendExtension(new KJUR.asn1.x509.KeyUsage({'bin':'11'}));
+257 */
+258 KJUR.asn1.x509.TBSCertificate = function(params) {
+259 KJUR.asn1.x509.TBSCertificate.superclass.constructor.call(this);
+260
+261 this._initialize = function() {
+262 this.asn1Array = new Array();
+263
+264 this.asn1Version =
+265 new KJUR.asn1.DERTaggedObject({'obj': new KJUR.asn1.DERInteger({'int': 2})});
+266 this.asn1SerialNumber = null;
+267 this.asn1SignatureAlg = null;
+268 this.asn1Issuer = null;
+269 this.asn1NotBefore = null;
+270 this.asn1NotAfter = null;
+271 this.asn1Subject = null;
+272 this.asn1SubjPKey = null;
+273 this.extensionsArray = new Array();
+274 };
+275
+276 /**
+277 * set serial number field by parameter
+278 * @name setSerialNumberByParam
+279 * @memberOf KJUR.asn1.x509.TBSCertificate
+280 * @function
+281 * @param {Array} intParam DERInteger param
+282 * @description
+283 * @example
+284 * tbsc.setSerialNumberByParam({'int': 3});
+285 */
+286 this.setSerialNumberByParam = function(intParam) {
+287 this.asn1SerialNumber = new KJUR.asn1.DERInteger(intParam);
+288 };
+289
+290 /**
+291 * set signature algorithm field by parameter
+292 * @name setSignatureAlgByParam
+293 * @memberOf KJUR.asn1.x509.TBSCertificate
+294 * @function
+295 * @param {Array} algIdParam AlgorithmIdentifier parameter
+296 * @description
+297 * @example
+298 * tbsc.setSignatureAlgByParam({'name': 'SHA1withRSA'});
+299 */
+300 this.setSignatureAlgByParam = function(algIdParam) {
+301 this.asn1SignatureAlg = new KJUR.asn1.x509.AlgorithmIdentifier(algIdParam);
+302 };
+303
+304 /**
+305 * set issuer name field by parameter
+306 * @name setIssuerByParam
+307 * @memberOf KJUR.asn1.x509.TBSCertificate
+308 * @function
+309 * @param {Array} x500NameParam X500Name parameter
+310 * @description
+311 * @example
+312 * tbsc.setIssuerParam({'str': '/C=US/CN=b'});
+313 * @see KJUR.asn1.x509.X500Name
+314 */
+315 this.setIssuerByParam = function(x500NameParam) {
+316 this.asn1Issuer = new KJUR.asn1.x509.X500Name(x500NameParam);
+317 };
+318
+319 /**
+320 * set notBefore field by parameter
+321 * @name setNotBeforeByParam
+322 * @memberOf KJUR.asn1.x509.TBSCertificate
+323 * @function
+324 * @param {Array} timeParam Time parameter
+325 * @description
+326 * @example
+327 * tbsc.setNotBeforeByParam({'str': '130508235959Z'});
+328 * @see KJUR.asn1.x509.Time
+329 */
+330 this.setNotBeforeByParam = function(timeParam) {
+331 this.asn1NotBefore = new KJUR.asn1.x509.Time(timeParam);
+332 };
+333
+334 /**
+335 * set notAfter field by parameter
+336 * @name setNotAfterByParam
+337 * @memberOf KJUR.asn1.x509.TBSCertificate
+338 * @function
+339 * @param {Array} timeParam Time parameter
+340 * @description
+341 * @example
+342 * tbsc.setNotAfterByParam({'str': '130508235959Z'});
+343 * @see KJUR.asn1.x509.Time
+344 */
+345 this.setNotAfterByParam = function(timeParam) {
+346 this.asn1NotAfter = new KJUR.asn1.x509.Time(timeParam);
+347 };
+348
+349 /**
+350 * set subject name field by parameter
+351 * @name setSubjectByParam
+352 * @memberOf KJUR.asn1.x509.TBSCertificate
+353 * @function
+354 * @param {Array} x500NameParam X500Name parameter
+355 * @description
+356 * @example
+357 * tbsc.setSubjectParam({'str': '/C=US/CN=b'});
+358 * @see KJUR.asn1.x509.X500Name
+359 */
+360 this.setSubjectByParam = function(x500NameParam) {
+361 this.asn1Subject = new KJUR.asn1.x509.X500Name(x500NameParam);
+362 };
+363
+364 /**
+365 * (DEPRECATED) set subject public key info field by RSA key parameter
+366 * @name setSubjectPublicKeyByParam
+367 * @memberOf KJUR.asn1.x509.TBSCertificate
+368 * @function
+369 * @param {Array} subjPKeyParam SubjectPublicKeyInfo parameter of RSA
+370 * @deprecated
+371 * @description
+372 * @example
+373 * tbsc.setSubjectPublicKeyByParam({'rsakey': pubKey});
+374 * @see KJUR.asn1.x509.SubjectPublicKeyInfo
+375 */
+376 this.setSubjectPublicKeyByParam = function(subjPKeyParam) {
+377 this.asn1SubjPKey = new KJUR.asn1.x509.SubjectPublicKeyInfo(subjPKeyParam);
+378 };
+379
+380 /**
+381 * set subject public key info by RSA/ECDSA/DSA key parameter
+382 * @name setSubjectPublicKeyByGetKey
+383 * @memberOf KJUR.asn1.x509.TBSCertificate
+384 * @function
+385 * @param {Object} keyParam public key parameter which passed to {@link KEYUTIL.getKey} argument
+386 * @description
+387 * @example
+388 * tbsc.setSubjectPublicKeyByGetKeyParam(certPEMString); // or
+389 * tbsc.setSubjectPublicKeyByGetKeyParam(pkcs8PublicKeyPEMString); // or
+390 * tbsc.setSubjectPublicKeyByGetKeyParam(kjurCryptoECDSAKeyObject); // et.al.
+391 * @see KJUR.asn1.x509.SubjectPublicKeyInfo
+392 * @see KEYUTIL.getKey
+393 * @since asn1x509 1.0.6
+394 */
+395 this.setSubjectPublicKeyByGetKey = function(keyParam) {
+396 var keyObj = KEYUTIL.getKey(keyParam);
+397 this.asn1SubjPKey = new KJUR.asn1.x509.SubjectPublicKeyInfo(keyObj);
+398 };
+399
+400 /**
+401 * append X.509v3 extension to this object
+402 * @name appendExtension
+403 * @memberOf KJUR.asn1.x509.TBSCertificate
+404 * @function
+405 * @param {Extension} extObj X.509v3 Extension object
+406 * @description
+407 * @example
+408 * tbsc.appendExtension(new KJUR.asn1.x509.BasicConstraints({'cA':true, 'critical': true}));
+409 * tbsc.appendExtension(new KJUR.asn1.x509.KeyUsage({'bin':'11'}));
+410 * @see KJUR.asn1.x509.Extension
+411 */
+412 this.appendExtension = function(extObj) {
+413 this.extensionsArray.push(extObj);
+414 };
+415
+416 /**
+417 * append X.509v3 extension to this object by name and parameters
+418 * @name appendExtensionByName
+419 * @memberOf KJUR.asn1.x509.TBSCertificate
+420 * @function
+421 * @param {name} name name of X.509v3 Extension object
+422 * @param {Array} extParams parameters as argument of Extension constructor.
+423 * @description
+424 * @example
+425 * tbsc.appendExtensionByName('BasicConstraints', {'cA':true, 'critical': true});
+426 * tbsc.appendExtensionByName('KeyUsage', {'bin':'11'});
+427 * tbsc.appendExtensionByName('CRLDistributionPoints', {uri: 'http://aaa.com/a.crl'});
+428 * tbsc.appendExtensionByName('ExtKeyUsage', {array: [{name: 'clientAuth'}]});
+429 * tbsc.appendExtensionByName('AuthorityKeyIdentifier', {kid: '1234ab..'});
+430 * tbsc.appendExtensionByName('AuthorityInfoAccess', {array: [{accessMethod:{oid:...},accessLocation:{uri:...}}]});
+431 * @see KJUR.asn1.x509.Extension
+432 */
+433 this.appendExtensionByName = function(name, extParams) {
+434 if (name.toLowerCase() == "basicconstraints") {
+435 var extObj = new KJUR.asn1.x509.BasicConstraints(extParams);
+436 this.appendExtension(extObj);
+437 } else if (name.toLowerCase() == "keyusage") {
+438 var extObj = new KJUR.asn1.x509.KeyUsage(extParams);
+439 this.appendExtension(extObj);
+440 } else if (name.toLowerCase() == "crldistributionpoints") {
+441 var extObj = new KJUR.asn1.x509.CRLDistributionPoints(extParams);
+442 this.appendExtension(extObj);
+443 } else if (name.toLowerCase() == "extkeyusage") {
+444 var extObj = new KJUR.asn1.x509.ExtKeyUsage(extParams);
+445 this.appendExtension(extObj);
+446 } else if (name.toLowerCase() == "authoritykeyidentifier") {
+447 var extObj = new KJUR.asn1.x509.AuthorityKeyIdentifier(extParams);
+448 this.appendExtension(extObj);
+449 } else if (name.toLowerCase() == "authorityinfoaccess") {
+450 var extObj = new KJUR.asn1.x509.AuthorityInfoAccess(extParams);
+451 this.appendExtension(extObj);
+452 } else {
+453 throw "unsupported extension name: " + name;
+454 }
+455 };
+456
+457 this.getEncodedHex = function() {
+458 if (this.asn1NotBefore == null || this.asn1NotAfter == null)
+459 throw "notBefore and/or notAfter not set";
+460 var asn1Validity =
+461 new KJUR.asn1.DERSequence({'array':[this.asn1NotBefore, this.asn1NotAfter]});
+462
+463 this.asn1Array = new Array();
+464
+465 this.asn1Array.push(this.asn1Version);
+466 this.asn1Array.push(this.asn1SerialNumber);
+467 this.asn1Array.push(this.asn1SignatureAlg);
+468 this.asn1Array.push(this.asn1Issuer);
+469 this.asn1Array.push(asn1Validity);
+470 this.asn1Array.push(this.asn1Subject);
+471 this.asn1Array.push(this.asn1SubjPKey);
+472
+473 if (this.extensionsArray.length > 0) {
+474 var extSeq = new KJUR.asn1.DERSequence({"array": this.extensionsArray});
+475 var extTagObj = new KJUR.asn1.DERTaggedObject({'explicit': true,
+476 'tag': 'a3',
+477 'obj': extSeq});
+478 this.asn1Array.push(extTagObj);
+479 }
+480
+481 var o = new KJUR.asn1.DERSequence({"array": this.asn1Array});
+482 this.hTLV = o.getEncodedHex();
+483 this.isModified = false;
+484 return this.hTLV;
+485 };
+486
+487 this._initialize();
+488 };
+489 YAHOO.lang.extend(KJUR.asn1.x509.TBSCertificate, KJUR.asn1.ASN1Object);
+490
+491 // === END TBSCertificate ===================================================
+492
+493 // === BEGIN X.509v3 Extensions Related =======================================
+494
+495 /**
+496 * base Extension ASN.1 structure class
+497 * @name KJUR.asn1.x509.Extension
+498 * @class base Extension ASN.1 structure class
+499 * @param {Array} params associative array of parameters (ex. {'critical': true})
+500 * @extends KJUR.asn1.ASN1Object
+501 * @description
+502 * @example
+503 * // Extension ::= SEQUENCE {
+504 * // extnID OBJECT IDENTIFIER,
+505 * // critical BOOLEAN DEFAULT FALSE,
+506 * // extnValue OCTET STRING }
+507 */
+508 KJUR.asn1.x509.Extension = function(params) {
+509 KJUR.asn1.x509.Extension.superclass.constructor.call(this);
+510 var asn1ExtnValue = null;
511
-512 var asn1Array = new Array();
-513 asn1Array.push(asn1Oid);
-514 if (this.critical) asn1Array.push(new KJUR.asn1.DERBoolean());
-515 asn1Array.push(asn1EncapExtnValue);
+512 this.getEncodedHex = function() {
+513 var asn1Oid = new KJUR.asn1.DERObjectIdentifier({'oid': this.oid});
+514 var asn1EncapExtnValue =
+515 new KJUR.asn1.DEROctetString({'hex': this.getExtnValueHex()});
516
-517 var asn1Seq = new KJUR.asn1.DERSequence({'array': asn1Array});
-518 return asn1Seq.getEncodedHex();
-519 };
-520
-521 this.critical = false;
-522 if (typeof params != "undefined") {
-523 if (typeof params['critical'] != "undefined") {
-524 this.critical = params['critical'];
-525 }
-526 }
-527 };
-528 YAHOO.lang.extend(KJUR.asn1.x509.Extension, KJUR.asn1.ASN1Object);
-529
-530 /**
-531 * KeyUsage ASN.1 structure class
-532 * @name KJUR.asn1.x509.KeyUsage
-533 * @class KeyUsage ASN.1 structure class
-534 * @param {Array} params associative array of parameters (ex. {'bin': '11', 'critical': true})
-535 * @extends KJUR.asn1.x509.Extension
-536 * @description
-537 * @example
-538 */
-539 KJUR.asn1.x509.KeyUsage = function(params) {
-540 KJUR.asn1.x509.KeyUsage.superclass.constructor.call(this, params);
-541
-542 this.getExtnValueHex = function() {
-543 return this.asn1ExtnValue.getEncodedHex();
-544 };
-545
-546 this.oid = "2.5.29.15";
-547 if (typeof params != "undefined") {
-548 if (typeof params['bin'] != "undefined") {
-549 this.asn1ExtnValue = new KJUR.asn1.DERBitString(params);
-550 }
-551 }
-552 };
-553 YAHOO.lang.extend(KJUR.asn1.x509.KeyUsage, KJUR.asn1.x509.Extension);
-554
-555 /**
-556 * BasicConstraints ASN.1 structure class
-557 * @name KJUR.asn1.x509.BasicConstraints
-558 * @class BasicConstraints ASN.1 structure class
-559 * @param {Array} params associative array of parameters (ex. {'cA': true, 'critical': true})
-560 * @extends KJUR.asn1.x509.Extension
-561 * @description
-562 * @example
-563 */
-564 KJUR.asn1.x509.BasicConstraints = function(params) {
-565 KJUR.asn1.x509.BasicConstraints.superclass.constructor.call(this, params);
-566 var cA = false;
-567 var pathLen = -1;
-568
-569 this.getExtnValueHex = function() {
-570 var asn1Array = new Array();
-571 if (this.cA) asn1Array.push(new KJUR.asn1.DERBoolean());
-572 if (this.pathLen > -1)
-573 asn1Array.push(new KJUR.asn1.DERInteger({'int': this.pathLen}));
-574 var asn1Seq = new KJUR.asn1.DERSequence({'array': asn1Array});
-575 this.asn1ExtnValue = asn1Seq;
-576 return this.asn1ExtnValue.getEncodedHex();
-577 };
-578
-579 this.oid = "2.5.29.19";
-580 this.cA = false;
-581 this.pathLen = -1;
-582 if (typeof params != "undefined") {
-583 if (typeof params['cA'] != "undefined") {
-584 this.cA = params['cA'];
-585 }
-586 if (typeof params['pathLen'] != "undefined") {
-587 this.pathLen = params['pathLen'];
-588 }
-589 }
-590 };
-591 YAHOO.lang.extend(KJUR.asn1.x509.BasicConstraints, KJUR.asn1.x509.Extension);
-592
-593 /**
-594 * CRLDistributionPoints ASN.1 structure class
-595 * @name KJUR.asn1.x509.CRLDistributionPoints
-596 * @class CRLDistributionPoints ASN.1 structure class
-597 * @param {Array} params associative array of parameters (ex. {'uri': 'http://a.com/', 'critical': true})
-598 * @extends KJUR.asn1.x509.Extension
-599 * @description
-600 * @example
-601 */
-602 KJUR.asn1.x509.CRLDistributionPoints = function(params) {
-603 KJUR.asn1.x509.CRLDistributionPoints.superclass.constructor.call(this, params);
-604
-605 this.getExtnValueHex = function() {
-606 return this.asn1ExtnValue.getEncodedHex();
-607 };
-608
-609 this.setByDPArray = function(dpArray) {
-610 this.asn1ExtnValue = new KJUR.asn1.DERSequence({'array': dpArray});
-611 };
-612
-613 this.setByOneURI = function(uri) {
-614 var gn1 = new KJUR.asn1.x509.GeneralNames([{'uri': uri}]);
-615 var dpn1 = new KJUR.asn1.x509.DistributionPointName(gn1);
-616 var dp1 = new KJUR.asn1.x509.DistributionPoint({'dpobj': dpn1});
-617 this.setByDPArray([dp1]);
-618 };
-619
-620 this.oid = "2.5.29.31";
-621 if (typeof params != "undefined") {
-622 if (typeof params['array'] != "undefined") {
-623 this.setByDPArray(params['array']);
-624 } else if (typeof params['uri'] != "undefined") {
-625 this.setByOneURI(params['uri']);
-626 }
-627 }
-628 };
-629 YAHOO.lang.extend(KJUR.asn1.x509.CRLDistributionPoints, KJUR.asn1.x509.Extension);
-630
-631 /**
-632 * KeyUsage ASN.1 structure class
-633 * @name KJUR.asn1.x509.ExtKeyUsage
-634 * @class ExtKeyUsage ASN.1 structure class
-635 * @param {Array} params associative array of parameters
-636 * @extends KJUR.asn1.x509.Extension
-637 * @description
-638 * @example
-639 * var e1 =
-640 * new KJUR.asn1.x509.ExtKeyUsage({'critical': true,
-641 * 'array':
-642 * [{'oid': '2.5.29.37.0', // anyExtendedKeyUsage
-643 * 'name': 'clientAuth'}]});
-644 *
-645 * // id-ce-extKeyUsage OBJECT IDENTIFIER ::= { id-ce 37 }
-646 * // ExtKeyUsageSyntax ::= SEQUENCE SIZE (1..MAX) OF KeyPurposeId
-647 * // KeyPurposeId ::= OBJECT IDENTIFIER
-648 */
-649 KJUR.asn1.x509.ExtKeyUsage = function(params) {
-650 KJUR.asn1.x509.ExtKeyUsage.superclass.constructor.call(this, params);
-651
-652 this.setPurposeArray = function(purposeArray) {
-653 this.asn1ExtnValue = new KJUR.asn1.DERSequence();
-654 for (var i = 0; i < purposeArray.length; i++) {
-655 var o = new KJUR.asn1.DERObjectIdentifier(purposeArray[i]);
-656 this.asn1ExtnValue.appendASN1Object(o);
-657 }
-658 };
-659
-660 this.getExtnValueHex = function() {
-661 return this.asn1ExtnValue.getEncodedHex();
-662 };
-663
-664 this.oid = "2.5.29.37";
-665 if (typeof params != "undefined") {
-666 if (typeof params['array'] != "undefined") {
-667 this.setPurposeArray(params['array']);
-668 }
-669 }
-670 };
-671 YAHOO.lang.extend(KJUR.asn1.x509.ExtKeyUsage, KJUR.asn1.x509.Extension);
-672
-673 /**
-674 * AuthorityKeyIdentifier ASN.1 structure class
-675 * @name KJUR.asn1.x509.AuthorityKeyIdentifier
-676 * @class AuthorityKeyIdentifier ASN.1 structure class
-677 * @param {Array} params associative array of parameters (ex. {'uri': 'http://a.com/', 'critical': true})
-678 * @extends KJUR.asn1.x509.Extension
-679 * @since asn1x509 1.0.8
-680 * @description
-681 * <pre>
-682 * d-ce-authorityKeyIdentifier OBJECT IDENTIFIER ::= { id-ce 35 }
-683 * AuthorityKeyIdentifier ::= SEQUENCE {
-684 * keyIdentifier [0] KeyIdentifier OPTIONAL,
-685 * authorityCertIssuer [1] GeneralNames OPTIONAL,
-686 * authorityCertSerialNumber [2] CertificateSerialNumber OPTIONAL }
-687 * KeyIdentifier ::= OCTET STRING
-688 * </pre>
-689 * @example
-690 * var param = {'kid': {'hex': '89ab'},
-691 * 'issuer': {'str': '/C=US/CN=a'},
-692 * 'sn': {'hex': '1234'},
-693 * 'critical': true});
-694 * var e1 = new KJUR.asn1.x509.AuthorityKeyIdentifier(param);
-695 */
-696 KJUR.asn1.x509.AuthorityKeyIdentifier = function(params) {
-697 KJUR.asn1.x509.AuthorityKeyIdentifier.superclass.constructor.call(this, params);
-698 this.asn1KID = null;
-699 this.asn1CertIssuer = null;
-700 this.asn1CertSN = null;
-701
-702 this.getExtnValueHex = function() {
-703 var a = new Array();
-704 if (this.asn1KID)
-705 a.push(new KJUR.asn1.DERTaggedObject({'explicit': false,
-706 'tag': '80',
-707 'obj': this.asn1KID}));
-708 if (this.asn1CertIssuer)
-709 a.push(new KJUR.asn1.DERTaggedObject({'explicit': false,
-710 'tag': 'a1',
-711 'obj': this.asn1CertIssuer}));
-712 if (this.asn1CertSN)
-713 a.push(new KJUR.asn1.DERTaggedObject({'explicit': false,
-714 'tag': '82',
-715 'obj': this.asn1CertSN}));
-716
-717 var asn1Seq = new KJUR.asn1.DERSequence({'array': a});
-718 this.asn1ExtnValue = asn1Seq;
-719 return this.asn1ExtnValue.getEncodedHex();
-720 };
+517 var asn1Array = new Array();
+518 asn1Array.push(asn1Oid);
+519 if (this.critical) asn1Array.push(new KJUR.asn1.DERBoolean());
+520 asn1Array.push(asn1EncapExtnValue);
+521
+522 var asn1Seq = new KJUR.asn1.DERSequence({'array': asn1Array});
+523 return asn1Seq.getEncodedHex();
+524 };
+525
+526 this.critical = false;
+527 if (typeof params != "undefined") {
+528 if (typeof params['critical'] != "undefined") {
+529 this.critical = params['critical'];
+530 }
+531 }
+532 };
+533 YAHOO.lang.extend(KJUR.asn1.x509.Extension, KJUR.asn1.ASN1Object);
+534
+535 /**
+536 * KeyUsage ASN.1 structure class
+537 * @name KJUR.asn1.x509.KeyUsage
+538 * @class KeyUsage ASN.1 structure class
+539 * @param {Array} params associative array of parameters (ex. {'bin': '11', 'critical': true})
+540 * @extends KJUR.asn1.x509.Extension
+541 * @description
+542 * @example
+543 */
+544 KJUR.asn1.x509.KeyUsage = function(params) {
+545 KJUR.asn1.x509.KeyUsage.superclass.constructor.call(this, params);
+546
+547 this.getExtnValueHex = function() {
+548 return this.asn1ExtnValue.getEncodedHex();
+549 };
+550
+551 this.oid = "2.5.29.15";
+552 if (typeof params != "undefined") {
+553 if (typeof params['bin'] != "undefined") {
+554 this.asn1ExtnValue = new KJUR.asn1.DERBitString(params);
+555 }
+556 }
+557 };
+558 YAHOO.lang.extend(KJUR.asn1.x509.KeyUsage, KJUR.asn1.x509.Extension);
+559
+560 /**
+561 * BasicConstraints ASN.1 structure class
+562 * @name KJUR.asn1.x509.BasicConstraints
+563 * @class BasicConstraints ASN.1 structure class
+564 * @param {Array} params associative array of parameters (ex. {'cA': true, 'critical': true})
+565 * @extends KJUR.asn1.x509.Extension
+566 * @description
+567 * @example
+568 */
+569 KJUR.asn1.x509.BasicConstraints = function(params) {
+570 KJUR.asn1.x509.BasicConstraints.superclass.constructor.call(this, params);
+571 var cA = false;
+572 var pathLen = -1;
+573
+574 this.getExtnValueHex = function() {
+575 var asn1Array = new Array();
+576 if (this.cA) asn1Array.push(new KJUR.asn1.DERBoolean());
+577 if (this.pathLen > -1)
+578 asn1Array.push(new KJUR.asn1.DERInteger({'int': this.pathLen}));
+579 var asn1Seq = new KJUR.asn1.DERSequence({'array': asn1Array});
+580 this.asn1ExtnValue = asn1Seq;
+581 return this.asn1ExtnValue.getEncodedHex();
+582 };
+583
+584 this.oid = "2.5.29.19";
+585 this.cA = false;
+586 this.pathLen = -1;
+587 if (typeof params != "undefined") {
+588 if (typeof params['cA'] != "undefined") {
+589 this.cA = params['cA'];
+590 }
+591 if (typeof params['pathLen'] != "undefined") {
+592 this.pathLen = params['pathLen'];
+593 }
+594 }
+595 };
+596 YAHOO.lang.extend(KJUR.asn1.x509.BasicConstraints, KJUR.asn1.x509.Extension);
+597
+598 /**
+599 * CRLDistributionPoints ASN.1 structure class
+600 * @name KJUR.asn1.x509.CRLDistributionPoints
+601 * @class CRLDistributionPoints ASN.1 structure class
+602 * @param {Array} params associative array of parameters (ex. {'uri': 'http://a.com/', 'critical': true})
+603 * @extends KJUR.asn1.x509.Extension
+604 * @description
+605 * @example
+606 */
+607 KJUR.asn1.x509.CRLDistributionPoints = function(params) {
+608 KJUR.asn1.x509.CRLDistributionPoints.superclass.constructor.call(this, params);
+609
+610 this.getExtnValueHex = function() {
+611 return this.asn1ExtnValue.getEncodedHex();
+612 };
+613
+614 this.setByDPArray = function(dpArray) {
+615 this.asn1ExtnValue = new KJUR.asn1.DERSequence({'array': dpArray});
+616 };
+617
+618 this.setByOneURI = function(uri) {
+619 var gn1 = new KJUR.asn1.x509.GeneralNames([{'uri': uri}]);
+620 var dpn1 = new KJUR.asn1.x509.DistributionPointName(gn1);
+621 var dp1 = new KJUR.asn1.x509.DistributionPoint({'dpobj': dpn1});
+622 this.setByDPArray([dp1]);
+623 };
+624
+625 this.oid = "2.5.29.31";
+626 if (typeof params != "undefined") {
+627 if (typeof params['array'] != "undefined") {
+628 this.setByDPArray(params['array']);
+629 } else if (typeof params['uri'] != "undefined") {
+630 this.setByOneURI(params['uri']);
+631 }
+632 }
+633 };
+634 YAHOO.lang.extend(KJUR.asn1.x509.CRLDistributionPoints, KJUR.asn1.x509.Extension);
+635
+636 /**
+637 * KeyUsage ASN.1 structure class
+638 * @name KJUR.asn1.x509.ExtKeyUsage
+639 * @class ExtKeyUsage ASN.1 structure class
+640 * @param {Array} params associative array of parameters
+641 * @extends KJUR.asn1.x509.Extension
+642 * @description
+643 * @example
+644 * var e1 =
+645 * new KJUR.asn1.x509.ExtKeyUsage({'critical': true,
+646 * 'array':
+647 * [{'oid': '2.5.29.37.0', // anyExtendedKeyUsage
+648 * 'name': 'clientAuth'}]});
+649 *
+650 * // id-ce-extKeyUsage OBJECT IDENTIFIER ::= { id-ce 37 }
+651 * // ExtKeyUsageSyntax ::= SEQUENCE SIZE (1..MAX) OF KeyPurposeId
+652 * // KeyPurposeId ::= OBJECT IDENTIFIER
+653 */
+654 KJUR.asn1.x509.ExtKeyUsage = function(params) {
+655 KJUR.asn1.x509.ExtKeyUsage.superclass.constructor.call(this, params);
+656
+657 this.setPurposeArray = function(purposeArray) {
+658 this.asn1ExtnValue = new KJUR.asn1.DERSequence();
+659 for (var i = 0; i < purposeArray.length; i++) {
+660 var o = new KJUR.asn1.DERObjectIdentifier(purposeArray[i]);
+661 this.asn1ExtnValue.appendASN1Object(o);
+662 }
+663 };
+664
+665 this.getExtnValueHex = function() {
+666 return this.asn1ExtnValue.getEncodedHex();
+667 };
+668
+669 this.oid = "2.5.29.37";
+670 if (typeof params != "undefined") {
+671 if (typeof params['array'] != "undefined") {
+672 this.setPurposeArray(params['array']);
+673 }
+674 }
+675 };
+676 YAHOO.lang.extend(KJUR.asn1.x509.ExtKeyUsage, KJUR.asn1.x509.Extension);
+677
+678 /**
+679 * AuthorityKeyIdentifier ASN.1 structure class
+680 * @name KJUR.asn1.x509.AuthorityKeyIdentifier
+681 * @class AuthorityKeyIdentifier ASN.1 structure class
+682 * @param {Array} params associative array of parameters (ex. {'uri': 'http://a.com/', 'critical': true})
+683 * @extends KJUR.asn1.x509.Extension
+684 * @since asn1x509 1.0.8
+685 * @description
+686 * <pre>
+687 * d-ce-authorityKeyIdentifier OBJECT IDENTIFIER ::= { id-ce 35 }
+688 * AuthorityKeyIdentifier ::= SEQUENCE {
+689 * keyIdentifier [0] KeyIdentifier OPTIONAL,
+690 * authorityCertIssuer [1] GeneralNames OPTIONAL,
+691 * authorityCertSerialNumber [2] CertificateSerialNumber OPTIONAL }
+692 * KeyIdentifier ::= OCTET STRING
+693 * </pre>
+694 * @example
+695 * var param = {'kid': {'hex': '89ab'},
+696 * 'issuer': {'str': '/C=US/CN=a'},
+697 * 'sn': {'hex': '1234'},
+698 * 'critical': true});
+699 * var e1 = new KJUR.asn1.x509.AuthorityKeyIdentifier(param);
+700 */
+701 KJUR.asn1.x509.AuthorityKeyIdentifier = function(params) {
+702 KJUR.asn1.x509.AuthorityKeyIdentifier.superclass.constructor.call(this, params);
+703 this.asn1KID = null;
+704 this.asn1CertIssuer = null;
+705 this.asn1CertSN = null;
+706
+707 this.getExtnValueHex = function() {
+708 var a = new Array();
+709 if (this.asn1KID)
+710 a.push(new KJUR.asn1.DERTaggedObject({'explicit': false,
+711 'tag': '80',
+712 'obj': this.asn1KID}));
+713 if (this.asn1CertIssuer)
+714 a.push(new KJUR.asn1.DERTaggedObject({'explicit': false,
+715 'tag': 'a1',
+716 'obj': this.asn1CertIssuer}));
+717 if (this.asn1CertSN)
+718 a.push(new KJUR.asn1.DERTaggedObject({'explicit': false,
+719 'tag': '82',
+720 'obj': this.asn1CertSN}));
721
-722 /**
-723 * set keyIdentifier value by DERInteger parameter
-724 * @name setKIDByParam
-725 * @memberOf KJUR.asn1.x509.AuthorityKeyIdentifier
-726 * @function
-727 * @param {Array} param array of {@link KJUR.asn1.DERInteger} parameter
-728 * @since asn1x509 1.0.8
-729 * @description
-730 * NOTE: Automatic keyIdentifier value calculation by an issuer
-731 * public key will be supported in future version.
-732 */
-733 this.setKIDByParam = function(param) {
-734 this.asn1KID = new KJUR.asn1.DEROctetString(param);
-735 };
-736
-737 /**
-738 * set authorityCertIssuer value by X500Name parameter
-739 * @name setCertIssuerByParam
-740 * @memberOf KJUR.asn1.x509.AuthorityKeyIdentifier
-741 * @function
-742 * @param {Array} param array of {@link KJUR.asn1.x509.X500Name} parameter
-743 * @since asn1x509 1.0.8
-744 * @description
-745 * NOTE: Automatic authorityCertIssuer name setting by an issuer
-746 * certificate will be supported in future version.
-747 */
-748 this.setCertIssuerByParam = function(param) {
-749 this.asn1CertIssuer = new KJUR.asn1.x509.X500Name(param);
-750 };
-751
-752 /**
-753 * set authorityCertSerialNumber value by DERInteger parameter
-754 * @name setCertSerialNumberByParam
-755 * @memberOf KJUR.asn1.x509.AuthorityKeyIdentifier
-756 * @function
-757 * @param {Array} param array of {@link KJUR.asn1.DERInteger} parameter
-758 * @since asn1x509 1.0.8
-759 * @description
-760 * NOTE: Automatic authorityCertSerialNumber setting by an issuer
-761 * certificate will be supported in future version.
-762 */
-763 this.setCertSNByParam = function(param) {
-764 this.asn1CertSN = new KJUR.asn1.DERInteger(param);
-765 };
-766
-767 this.oid = "2.5.29.35";
-768 if (typeof params != "undefined") {
-769 if (typeof params['kid'] != "undefined") {
-770 this.setKIDByParam(params['kid']);
-771 }
-772 if (typeof params['issuer'] != "undefined") {
-773 this.setCertIssuerByParam(params['issuer']);
-774 }
-775 if (typeof params['sn'] != "undefined") {
-776 this.setCertSNByParam(params['sn']);
-777 }
-778 }
-779 };
-780 YAHOO.lang.extend(KJUR.asn1.x509.AuthorityKeyIdentifier, KJUR.asn1.x509.Extension);
-781
-782 // === END X.509v3 Extensions Related =======================================
-783
-784 // === BEGIN CRL Related ===================================================
-785 /**
-786 * X.509 CRL class to sign and generate hex encoded CRL
-787 * @name KJUR.asn1.x509.CRL
-788 * @class X.509 CRL class to sign and generate hex encoded certificate
-789 * @param {Array} params associative array of parameters (ex. {'tbsobj': obj, 'rsaprvkey': key})
-790 * @extends KJUR.asn1.ASN1Object
-791 * @since 1.0.3
-792 * @description
-793 * <br/>
-794 * As for argument 'params' for constructor, you can specify one of
-795 * following properties:
-796 * <ul>
-797 * <li>tbsobj - specify {@link KJUR.asn1.x509.TBSCertList} object to be signed</li>
-798 * <li>rsaprvkey - specify {@link RSAKey} object CA private key</li>
-799 * </ul>
-800 * NOTE: 'params' can be omitted.
-801 * <h4>EXAMPLE</h4>
-802 * @example
-803 * var prvKey = new RSAKey(); // CA's private key
-804 * prvKey.readPrivateKeyFromASN1HexString("3080...");
-805 * var crl = new KJUR.asn1x509.CRL({'tbsobj': tbs, 'rsaprvkey': prvKey});
-806 * crl.sign(); // issue CRL by CA's private key
-807 * var hCRL = crl.getEncodedHex();
-808 *
-809 * // CertificateList ::= SEQUENCE {
-810 * // tbsCertList TBSCertList,
-811 * // signatureAlgorithm AlgorithmIdentifier,
-812 * // signatureValue BIT STRING }
+722 var asn1Seq = new KJUR.asn1.DERSequence({'array': a});
+723 this.asn1ExtnValue = asn1Seq;
+724 return this.asn1ExtnValue.getEncodedHex();
+725 };
+726
+727 /**
+728 * set keyIdentifier value by DERInteger parameter
+729 * @name setKIDByParam
+730 * @memberOf KJUR.asn1.x509.AuthorityKeyIdentifier
+731 * @function
+732 * @param {Array} param array of {@link KJUR.asn1.DERInteger} parameter
+733 * @since asn1x509 1.0.8
+734 * @description
+735 * NOTE: Automatic keyIdentifier value calculation by an issuer
+736 * public key will be supported in future version.
+737 */
+738 this.setKIDByParam = function(param) {
+739 this.asn1KID = new KJUR.asn1.DEROctetString(param);
+740 };
+741
+742 /**
+743 * set authorityCertIssuer value by X500Name parameter
+744 * @name setCertIssuerByParam
+745 * @memberOf KJUR.asn1.x509.AuthorityKeyIdentifier
+746 * @function
+747 * @param {Array} param array of {@link KJUR.asn1.x509.X500Name} parameter
+748 * @since asn1x509 1.0.8
+749 * @description
+750 * NOTE: Automatic authorityCertIssuer name setting by an issuer
+751 * certificate will be supported in future version.
+752 */
+753 this.setCertIssuerByParam = function(param) {
+754 this.asn1CertIssuer = new KJUR.asn1.x509.X500Name(param);
+755 };
+756
+757 /**
+758 * set authorityCertSerialNumber value by DERInteger parameter
+759 * @name setCertSerialNumberByParam
+760 * @memberOf KJUR.asn1.x509.AuthorityKeyIdentifier
+761 * @function
+762 * @param {Array} param array of {@link KJUR.asn1.DERInteger} parameter
+763 * @since asn1x509 1.0.8
+764 * @description
+765 * NOTE: Automatic authorityCertSerialNumber setting by an issuer
+766 * certificate will be supported in future version.
+767 */
+768 this.setCertSNByParam = function(param) {
+769 this.asn1CertSN = new KJUR.asn1.DERInteger(param);
+770 };
+771
+772 this.oid = "2.5.29.35";
+773 if (typeof params != "undefined") {
+774 if (typeof params['kid'] != "undefined") {
+775 this.setKIDByParam(params['kid']);
+776 }
+777 if (typeof params['issuer'] != "undefined") {
+778 this.setCertIssuerByParam(params['issuer']);
+779 }
+780 if (typeof params['sn'] != "undefined") {
+781 this.setCertSNByParam(params['sn']);
+782 }
+783 }
+784 };
+785 YAHOO.lang.extend(KJUR.asn1.x509.AuthorityKeyIdentifier, KJUR.asn1.x509.Extension);
+786
+787 /**
+788 * AuthorityInfoAccess ASN.1 structure class
+789 * @name KJUR.asn1.x509.AuthorityInfoAccess
+790 * @class AuthorityInfoAccess ASN.1 structure class
+791 * @param {Array} params associative array of parameters
+792 * @extends KJUR.asn1.x509.Extension
+793 * @since asn1x509 1.0.8
+794 * @description
+795 * <pre>
+796 * id-pe OBJECT IDENTIFIER ::= { id-pkix 1 }
+797 * id-pe-authorityInfoAccess OBJECT IDENTIFIER ::= { id-pe 1 }
+798 * AuthorityInfoAccessSyntax ::=
+799 * SEQUENCE SIZE (1..MAX) OF AccessDescription
+800 * AccessDescription ::= SEQUENCE {
+801 * accessMethod OBJECT IDENTIFIER,
+802 * accessLocation GeneralName }
+803 * id-ad OBJECT IDENTIFIER ::= { id-pkix 48 }
+804 * id-ad-caIssuers OBJECT IDENTIFIER ::= { id-ad 2 }
+805 * id-ad-ocsp OBJECT IDENTIFIER ::= { id-ad 1 }
+806 * </pre>
+807 * @example
+808 * var param = {'array':[
+809 * { 'accessMethod':{'oid': '1.3.6.1.5.5.7.48.1'},
+810 * 'accessLocation':{'uri': 'http://ocsp.cacert.org'}
+811 * } ]};
+812 * var e1 = new KJUR.asn1.x509.AuthorityInfoAccess(param);
813 */
-814 KJUR.asn1.x509.CRL = function(params) {
-815 KJUR.asn1.x509.CRL.superclass.constructor.call(this);
+814 KJUR.asn1.x509.AuthorityInfoAccess = function(params) {
+815 KJUR.asn1.x509.AuthorityInfoAccess.superclass.constructor.call(this, params);
816
-817 var asn1TBSCertList = null;
-818 var asn1SignatureAlg = null;
-819 var asn1Sig = null;
-820 var hexSig = null;
-821 var rsaPrvKey = null;
-822
-823 /**
-824 * set PKCS#5 encrypted RSA PEM private key as CA key
-825 * @name setRsaPrvKeyByPEMandPass
-826 * @memberOf KJUR.asn1.x509.CRL
-827 * @function
-828 * @param {String} rsaPEM string of PKCS#5 encrypted RSA PEM private key
-829 * @param {String} passPEM passcode string to decrypt private key
-830 * @description
-831 * <br/>
-832 * <h4>EXAMPLES</h4>
-833 * @example
-834 */
-835 this.setRsaPrvKeyByPEMandPass = function(rsaPEM, passPEM) {
-836 var caKeyHex = PKCS5PKEY.getDecryptedKeyHex(rsaPEM, passPEM);
-837 var caKey = new RSAKey();
-838 caKey.readPrivateKeyFromASN1HexString(caKeyHex);
-839 this.rsaPrvKey = caKey;
-840 };
-841
-842 /**
-843 * sign TBSCertList and set signature value internally
-844 * @name sign
-845 * @memberOf KJUR.asn1.x509.CRL
-846 * @function
-847 * @description
-848 * @example
-849 * var cert = new KJUR.asn1.x509.CRL({'tbsobj': tbs, 'rsaprvkey': prvKey});
-850 * cert.sign();
-851 */
-852 this.sign = function() {
-853 this.asn1SignatureAlg = this.asn1TBSCertList.asn1SignatureAlg;
-854
-855 sig = new KJUR.crypto.Signature({'alg': 'SHA1withRSA', 'prov': 'cryptojs/jsrsa'});
-856 sig.initSign(this.rsaPrvKey);
-857 sig.updateHex(this.asn1TBSCertList.getEncodedHex());
-858 this.hexSig = sig.sign();
-859
-860 this.asn1Sig = new KJUR.asn1.DERBitString({'hex': '00' + this.hexSig});
-861
-862 var seq = new KJUR.asn1.DERSequence({'array': [this.asn1TBSCertList,
-863 this.asn1SignatureAlg,
-864 this.asn1Sig]});
-865 this.hTLV = seq.getEncodedHex();
-866 this.isModified = false;
-867 };
-868
-869 this.getEncodedHex = function() {
-870 if (this.isModified == false && this.hTLV != null) return this.hTLV;
-871 throw "not signed yet";
-872 };
-873
-874 /**
-875 * get PEM formatted CRL string after signed
-876 * @name getPEMString
-877 * @memberOf KJUR.asn1.x509.CRL
-878 * @function
-879 * @return PEM formatted string of certificate
-880 * @description
-881 * @example
-882 * var cert = new KJUR.asn1.x509.CRL({'tbsobj': tbs, 'rsaprvkey': prvKey});
-883 * cert.sign();
-884 * var sPEM = cert.getPEMString();
-885 */
-886 this.getPEMString = function() {
-887 var hCert = this.getEncodedHex();
-888 var wCert = CryptoJS.enc.Hex.parse(hCert);
-889 var b64Cert = CryptoJS.enc.Base64.stringify(wCert);
-890 var pemBody = b64Cert.replace(/(.{64})/g, "$1\r\n");
-891 return "-----BEGIN X509 CRL-----\r\n" + pemBody + "\r\n-----END X509 CRL-----\r\n";
-892 };
-893
-894 if (typeof params != "undefined") {
-895 if (typeof params['tbsobj'] != "undefined") {
-896 this.asn1TBSCertList = params['tbsobj'];
-897 }
-898 if (typeof params['rsaprvkey'] != "undefined") {
-899 this.rsaPrvKey = params['rsaprvkey'];
-900 }
-901 if ((typeof params['rsaprvpem'] != "undefined") &&
-902 (typeof params['rsaprvpas'] != "undefined")) {
-903 this.setRsaPrvKeyByPEMandPass(params['rsaprvpem'], params['rsaprvpas']);
-904 }
-905 }
-906 };
-907 YAHOO.lang.extend(KJUR.asn1.x509.CRL, KJUR.asn1.ASN1Object);
-908
-909 /**
-910 * ASN.1 TBSCertList structure class for CRL
-911 * @name KJUR.asn1.x509.TBSCertList
-912 * @class ASN.1 TBSCertList structure class for CRL
-913 * @param {Array} params associative array of parameters (ex. {})
-914 * @extends KJUR.asn1.ASN1Object
-915 * @since 1.0.3
-916 * @description
-917 * <br/>
-918 * <h4>EXAMPLE</h4>
-919 * @example
-920 * var o = new KJUR.asn1.x509.TBSCertList();
-921 * o.setSignatureAlgByParam({'name': 'SHA1withRSA'});
-922 * o.setIssuerByParam({'str': '/C=US/O=a'});
-923 * o.setNotThisUpdateByParam({'str': '130504235959Z'});
-924 * o.setNotNextUpdateByParam({'str': '140504235959Z'});
-925 * o.addRevokedCert({'int': 4}, {'str':'130514235959Z'}));
-926 * o.addRevokedCert({'hex': '0f34dd'}, {'str':'130514235959Z'}));
-927 *
-928 * // TBSCertList ::= SEQUENCE {
-929 * // version Version OPTIONAL,
-930 * // -- if present, MUST be v2
-931 * // signature AlgorithmIdentifier,
-932 * // issuer Name,
-933 * // thisUpdate Time,
-934 * // nextUpdate Time OPTIONAL,
-935 * // revokedCertificates SEQUENCE OF SEQUENCE {
-936 * // userCertificate CertificateSerialNumber,
-937 * // revocationDate Time,
-938 * // crlEntryExtensions Extensions OPTIONAL
-939 * // -- if present, version MUST be v2
-940 * // } OPTIONAL,
-941 * // crlExtensions [0] EXPLICIT Extensions OPTIONAL
-942 */
-943 KJUR.asn1.x509.TBSCertList = function(params) {
-944 KJUR.asn1.x509.TBSCertList.superclass.constructor.call(this);
-945 var aRevokedCert = null;
-946
-947 /**
-948 * set signature algorithm field by parameter
-949 * @name setSignatureAlgByParam
-950 * @memberOf KJUR.asn1.x509.TBSCertList
-951 * @function
-952 * @param {Array} algIdParam AlgorithmIdentifier parameter
-953 * @description
-954 * @example
-955 * tbsc.setSignatureAlgByParam({'name': 'SHA1withRSA'});
-956 */
-957 this.setSignatureAlgByParam = function(algIdParam) {
-958 this.asn1SignatureAlg = new KJUR.asn1.x509.AlgorithmIdentifier(algIdParam);
-959 };
-960
-961 /**
-962 * set issuer name field by parameter
-963 * @name setIssuerByParam
-964 * @memberOf KJUR.asn1.x509.TBSCertList
-965 * @function
-966 * @param {Array} x500NameParam X500Name parameter
-967 * @description
-968 * @example
-969 * tbsc.setIssuerParam({'str': '/C=US/CN=b'});
-970 * @see KJUR.asn1.x509.X500Name
-971 */
-972 this.setIssuerByParam = function(x500NameParam) {
-973 this.asn1Issuer = new KJUR.asn1.x509.X500Name(x500NameParam);
-974 };
-975
-976 /**
-977 * set thisUpdate field by parameter
-978 * @name setThisUpdateByParam
-979 * @memberOf KJUR.asn1.x509.TBSCertList
-980 * @function
-981 * @param {Array} timeParam Time parameter
-982 * @description
-983 * @example
-984 * tbsc.setThisUpdateByParam({'str': '130508235959Z'});
-985 * @see KJUR.asn1.x509.Time
-986 */
-987 this.setThisUpdateByParam = function(timeParam) {
-988 this.asn1ThisUpdate = new KJUR.asn1.x509.Time(timeParam);
-989 };
-990
-991 /**
-992 * set nextUpdate field by parameter
-993 * @name setNextUpdateByParam
-994 * @memberOf KJUR.asn1.x509.TBSCertList
-995 * @function
-996 * @param {Array} timeParam Time parameter
-997 * @description
-998 * @example
-999 * tbsc.setNextUpdateByParam({'str': '130508235959Z'});
-1000 * @see KJUR.asn1.x509.Time
-1001 */
-1002 this.setNextUpdateByParam = function(timeParam) {
-1003 this.asn1NextUpdate = new KJUR.asn1.x509.Time(timeParam);
-1004 };
+817 this.setAccessDescriptionArray = function(accessDescriptionArray) {
+818 var array = new Array();
+819 for (var i = 0; i < accessDescriptionArray.length; i++) {
+820 var o = new KJUR.asn1.DERObjectIdentifier(accessDescriptionArray[i].accessMethod);
+821 var gn = new KJUR.asn1.x509.GeneralName(accessDescriptionArray[i].accessLocation);
+822 var accessDescription = new KJUR.asn1.DERSequence({'array':[o, gn]});
+823 array.push(accessDescription);
+824 }
+825 this.asn1ExtnValue = new KJUR.asn1.DERSequence({'array':array});
+826 };
+827
+828 this.getExtnValueHex = function() {
+829 return this.asn1ExtnValue.getEncodedHex();
+830 };
+831
+832 this.oid = "1.3.6.1.5.5.7.1.1";
+833 if (typeof params != "undefined") {
+834 if (typeof params['array'] != "undefined") {
+835 this.setAccessDescriptionArray(params['array']);
+836 }
+837 }
+838 };
+839 YAHOO.lang.extend(KJUR.asn1.x509.AuthorityInfoAccess, KJUR.asn1.x509.Extension);
+840
+841 // === END X.509v3 Extensions Related =======================================
+842
+843 // === BEGIN CRL Related ===================================================
+844 /**
+845 * X.509 CRL class to sign and generate hex encoded CRL
+846 * @name KJUR.asn1.x509.CRL
+847 * @class X.509 CRL class to sign and generate hex encoded certificate
+848 * @param {Array} params associative array of parameters (ex. {'tbsobj': obj, 'rsaprvkey': key})
+849 * @extends KJUR.asn1.ASN1Object
+850 * @since 1.0.3
+851 * @description
+852 * <br/>
+853 * As for argument 'params' for constructor, you can specify one of
+854 * following properties:
+855 * <ul>
+856 * <li>tbsobj - specify {@link KJUR.asn1.x509.TBSCertList} object to be signed</li>
+857 * <li>rsaprvkey - specify {@link RSAKey} object CA private key</li>
+858 * </ul>
+859 * NOTE: 'params' can be omitted.
+860 * <h4>EXAMPLE</h4>
+861 * @example
+862 * var prvKey = new RSAKey(); // CA's private key
+863 * prvKey.readPrivateKeyFromASN1HexString("3080...");
+864 * var crl = new KJUR.asn1x509.CRL({'tbsobj': tbs, 'rsaprvkey': prvKey});
+865 * crl.sign(); // issue CRL by CA's private key
+866 * var hCRL = crl.getEncodedHex();
+867 *
+868 * // CertificateList ::= SEQUENCE {
+869 * // tbsCertList TBSCertList,
+870 * // signatureAlgorithm AlgorithmIdentifier,
+871 * // signatureValue BIT STRING }
+872 */
+873 KJUR.asn1.x509.CRL = function(params) {
+874 KJUR.asn1.x509.CRL.superclass.constructor.call(this);
+875
+876 var asn1TBSCertList = null;
+877 var asn1SignatureAlg = null;
+878 var asn1Sig = null;
+879 var hexSig = null;
+880 var rsaPrvKey = null;
+881
+882 /**
+883 * set PKCS#5 encrypted RSA PEM private key as CA key
+884 * @name setRsaPrvKeyByPEMandPass
+885 * @memberOf KJUR.asn1.x509.CRL
+886 * @function
+887 * @param {String} rsaPEM string of PKCS#5 encrypted RSA PEM private key
+888 * @param {String} passPEM passcode string to decrypt private key
+889 * @description
+890 * <br/>
+891 * <h4>EXAMPLES</h4>
+892 * @example
+893 */
+894 this.setRsaPrvKeyByPEMandPass = function(rsaPEM, passPEM) {
+895 var caKeyHex = PKCS5PKEY.getDecryptedKeyHex(rsaPEM, passPEM);
+896 var caKey = new RSAKey();
+897 caKey.readPrivateKeyFromASN1HexString(caKeyHex);
+898 this.rsaPrvKey = caKey;
+899 };
+900
+901 /**
+902 * sign TBSCertList and set signature value internally
+903 * @name sign
+904 * @memberOf KJUR.asn1.x509.CRL
+905 * @function
+906 * @description
+907 * @example
+908 * var cert = new KJUR.asn1.x509.CRL({'tbsobj': tbs, 'rsaprvkey': prvKey});
+909 * cert.sign();
+910 */
+911 this.sign = function() {
+912 this.asn1SignatureAlg = this.asn1TBSCertList.asn1SignatureAlg;
+913
+914 sig = new KJUR.crypto.Signature({'alg': 'SHA1withRSA', 'prov': 'cryptojs/jsrsa'});
+915 sig.initSign(this.rsaPrvKey);
+916 sig.updateHex(this.asn1TBSCertList.getEncodedHex());
+917 this.hexSig = sig.sign();
+918
+919 this.asn1Sig = new KJUR.asn1.DERBitString({'hex': '00' + this.hexSig});
+920
+921 var seq = new KJUR.asn1.DERSequence({'array': [this.asn1TBSCertList,
+922 this.asn1SignatureAlg,
+923 this.asn1Sig]});
+924 this.hTLV = seq.getEncodedHex();
+925 this.isModified = false;
+926 };
+927
+928 this.getEncodedHex = function() {
+929 if (this.isModified == false && this.hTLV != null) return this.hTLV;
+930 throw "not signed yet";
+931 };
+932
+933 /**
+934 * get PEM formatted CRL string after signed
+935 * @name getPEMString
+936 * @memberOf KJUR.asn1.x509.CRL
+937 * @function
+938 * @return PEM formatted string of certificate
+939 * @description
+940 * @example
+941 * var cert = new KJUR.asn1.x509.CRL({'tbsobj': tbs, 'rsaprvkey': prvKey});
+942 * cert.sign();
+943 * var sPEM = cert.getPEMString();
+944 */
+945 this.getPEMString = function() {
+946 var hCert = this.getEncodedHex();
+947 var wCert = CryptoJS.enc.Hex.parse(hCert);
+948 var b64Cert = CryptoJS.enc.Base64.stringify(wCert);
+949 var pemBody = b64Cert.replace(/(.{64})/g, "$1\r\n");
+950 return "-----BEGIN X509 CRL-----\r\n" + pemBody + "\r\n-----END X509 CRL-----\r\n";
+951 };
+952
+953 if (typeof params != "undefined") {
+954 if (typeof params['tbsobj'] != "undefined") {
+955 this.asn1TBSCertList = params['tbsobj'];
+956 }
+957 if (typeof params['rsaprvkey'] != "undefined") {
+958 this.rsaPrvKey = params['rsaprvkey'];
+959 }
+960 if ((typeof params['rsaprvpem'] != "undefined") &&
+961 (typeof params['rsaprvpas'] != "undefined")) {
+962 this.setRsaPrvKeyByPEMandPass(params['rsaprvpem'], params['rsaprvpas']);
+963 }
+964 }
+965 };
+966 YAHOO.lang.extend(KJUR.asn1.x509.CRL, KJUR.asn1.ASN1Object);
+967
+968 /**
+969 * ASN.1 TBSCertList structure class for CRL
+970 * @name KJUR.asn1.x509.TBSCertList
+971 * @class ASN.1 TBSCertList structure class for CRL
+972 * @param {Array} params associative array of parameters (ex. {})
+973 * @extends KJUR.asn1.ASN1Object
+974 * @since 1.0.3
+975 * @description
+976 * <br/>
+977 * <h4>EXAMPLE</h4>
+978 * @example
+979 * var o = new KJUR.asn1.x509.TBSCertList();
+980 * o.setSignatureAlgByParam({'name': 'SHA1withRSA'});
+981 * o.setIssuerByParam({'str': '/C=US/O=a'});
+982 * o.setNotThisUpdateByParam({'str': '130504235959Z'});
+983 * o.setNotNextUpdateByParam({'str': '140504235959Z'});
+984 * o.addRevokedCert({'int': 4}, {'str':'130514235959Z'}));
+985 * o.addRevokedCert({'hex': '0f34dd'}, {'str':'130514235959Z'}));
+986 *
+987 * // TBSCertList ::= SEQUENCE {
+988 * // version Version OPTIONAL,
+989 * // -- if present, MUST be v2
+990 * // signature AlgorithmIdentifier,
+991 * // issuer Name,
+992 * // thisUpdate Time,
+993 * // nextUpdate Time OPTIONAL,
+994 * // revokedCertificates SEQUENCE OF SEQUENCE {
+995 * // userCertificate CertificateSerialNumber,
+996 * // revocationDate Time,
+997 * // crlEntryExtensions Extensions OPTIONAL
+998 * // -- if present, version MUST be v2
+999 * // } OPTIONAL,
+1000 * // crlExtensions [0] EXPLICIT Extensions OPTIONAL
+1001 */
+1002 KJUR.asn1.x509.TBSCertList = function(params) {
+1003 KJUR.asn1.x509.TBSCertList.superclass.constructor.call(this);
+1004 var aRevokedCert = null;
1005
1006 /**
-1007 * add revoked certficate by parameter
-1008 * @name addRevokedCert
+1007 * set signature algorithm field by parameter
+1008 * @name setSignatureAlgByParam
1009 * @memberOf KJUR.asn1.x509.TBSCertList
1010 * @function
-1011 * @param {Array} snParam DERInteger parameter for certificate serial number
-1012 * @param {Array} timeParam Time parameter for revocation date
-1013 * @description
-1014 * @example
-1015 * tbsc.addRevokedCert({'int': 3}, {'str': '130508235959Z'});
-1016 * @see KJUR.asn1.x509.Time
-1017 */
-1018 this.addRevokedCert = function(snParam, timeParam) {
-1019 var param = {};
-1020 if (snParam != undefined && snParam != null) param['sn'] = snParam;
-1021 if (timeParam != undefined && timeParam != null) param['time'] = timeParam;
-1022 var o = new KJUR.asn1.x509.CRLEntry(param);
-1023 this.aRevokedCert.push(o);
-1024 };
-1025
-1026 this.getEncodedHex = function() {
-1027 this.asn1Array = new Array();
-1028
-1029 if (this.asn1Version != null) this.asn1Array.push(this.asn1Version);
-1030 this.asn1Array.push(this.asn1SignatureAlg);
-1031 this.asn1Array.push(this.asn1Issuer);
-1032 this.asn1Array.push(this.asn1ThisUpdate);
-1033 if (this.asn1NextUpdate != null) this.asn1Array.push(this.asn1NextUpdate);
+1011 * @param {Array} algIdParam AlgorithmIdentifier parameter
+1012 * @description
+1013 * @example
+1014 * tbsc.setSignatureAlgByParam({'name': 'SHA1withRSA'});
+1015 */
+1016 this.setSignatureAlgByParam = function(algIdParam) {
+1017 this.asn1SignatureAlg = new KJUR.asn1.x509.AlgorithmIdentifier(algIdParam);
+1018 };
+1019
+1020 /**
+1021 * set issuer name field by parameter
+1022 * @name setIssuerByParam
+1023 * @memberOf KJUR.asn1.x509.TBSCertList
+1024 * @function
+1025 * @param {Array} x500NameParam X500Name parameter
+1026 * @description
+1027 * @example
+1028 * tbsc.setIssuerParam({'str': '/C=US/CN=b'});
+1029 * @see KJUR.asn1.x509.X500Name
+1030 */
+1031 this.setIssuerByParam = function(x500NameParam) {
+1032 this.asn1Issuer = new KJUR.asn1.x509.X500Name(x500NameParam);
+1033 };
1034
-1035 if (this.aRevokedCert.length > 0) {
-1036 var seq = new KJUR.asn1.DERSequence({'array': this.aRevokedCert});
-1037 this.asn1Array.push(seq);
-1038 }
-1039
-1040 var o = new KJUR.asn1.DERSequence({"array": this.asn1Array});
-1041 this.hTLV = o.getEncodedHex();
-1042 this.isModified = false;
-1043 return this.hTLV;
-1044 };
-1045
-1046 this._initialize = function() {
-1047 this.asn1Version = null;
-1048 this.asn1SignatureAlg = null;
-1049 this.asn1Issuer = null;
-1050 this.asn1ThisUpdate = null;
-1051 this.asn1NextUpdate = null;
-1052 this.aRevokedCert = new Array();
-1053 };
-1054
-1055 this._initialize();
-1056 };
-1057 YAHOO.lang.extend(KJUR.asn1.x509.TBSCertList, KJUR.asn1.ASN1Object);
-1058
-1059 /**
-1060 * ASN.1 CRLEntry structure class for CRL
-1061 * @name KJUR.asn1.x509.CRLEntry
-1062 * @class ASN.1 CRLEntry structure class for CRL
-1063 * @param {Array} params associative array of parameters (ex. {})
-1064 * @extends KJUR.asn1.ASN1Object
-1065 * @since 1.0.3
-1066 * @description
-1067 * @example
-1068 * var e = new KJUR.asn1.x509.CRLEntry({'time': {'str': '130514235959Z'}, 'sn': {'int': 234}});
-1069 *
-1070 * // revokedCertificates SEQUENCE OF SEQUENCE {
-1071 * // userCertificate CertificateSerialNumber,
-1072 * // revocationDate Time,
-1073 * // crlEntryExtensions Extensions OPTIONAL
-1074 * // -- if present, version MUST be v2 }
-1075 */
-1076 KJUR.asn1.x509.CRLEntry = function(params) {
-1077 KJUR.asn1.x509.CRLEntry.superclass.constructor.call(this);
-1078 var sn = null;
-1079 var time = null;
-1080
-1081 /**
-1082 * set DERInteger parameter for serial number of revoked certificate
-1083 * @name setCertSerial
-1084 * @memberOf KJUR.asn1.x509.CRLEntry
-1085 * @function
-1086 * @param {Array} intParam DERInteger parameter for certificate serial number
-1087 * @description
-1088 * @example
-1089 * entry.setCertSerial({'int': 3});
-1090 */
-1091 this.setCertSerial = function(intParam) {
-1092 this.sn = new KJUR.asn1.DERInteger(intParam);
-1093 };
-1094
-1095 /**
-1096 * set Time parameter for revocation date
-1097 * @name setRevocationDate
-1098 * @memberOf KJUR.asn1.x509.CRLEntry
-1099 * @function
-1100 * @param {Array} timeParam Time parameter for revocation date
-1101 * @description
-1102 * @example
-1103 * entry.setRevocationDate({'str': '130508235959Z'});
-1104 */
-1105 this.setRevocationDate = function(timeParam) {
-1106 this.time = new KJUR.asn1.x509.Time(timeParam);
-1107 };
-1108
-1109 this.getEncodedHex = function() {
-1110 var o = new KJUR.asn1.DERSequence({"array": [this.sn, this.time]});
-1111 this.TLV = o.getEncodedHex();
-1112 return this.TLV;
-1113 };
-1114
-1115 if (typeof params != "undefined") {
-1116 if (typeof params['time'] != "undefined") {
-1117 this.setRevocationDate(params['time']);
-1118 }
-1119 if (typeof params['sn'] != "undefined") {
-1120 this.setCertSerial(params['sn']);
-1121 }
-1122 }
-1123 };
-1124 YAHOO.lang.extend(KJUR.asn1.x509.CRLEntry, KJUR.asn1.ASN1Object);
-1125
-1126 // === END CRL Related ===================================================
-1127
-1128 // === BEGIN X500Name Related =================================================
-1129 /**
-1130 * X500Name ASN.1 structure class
-1131 * @name KJUR.asn1.x509.X500Name
-1132 * @class X500Name ASN.1 structure class
-1133 * @param {Array} params associative array of parameters (ex. {'str': '/C=US/O=a'})
-1134 * @extends KJUR.asn1.ASN1Object
-1135 * @description
-1136 * @example
-1137 * // 1. construct with string
-1138 * o = new KJUR.asn1.x509.X500Name({str: "/C=US/O=aaa/OU=bbb/CN=foo@example.com"});
-1139 * // 2. construct by object
-1140 * o = new KJUR.asn1.x509.X500Name({C: "US", O: "aaa", CN: "http://example.com/"});
-1141 */
-1142 KJUR.asn1.x509.X500Name = function(params) {
-1143 KJUR.asn1.x509.X500Name.superclass.constructor.call(this);
-1144 this.asn1Array = new Array();
-1145
-1146 /**
-1147 * set DN by string
-1148 * @name setByString
-1149 * @memberOf KJUR.asn1.x509.X500Name
-1150 * @function
-1151 * @param {Array} dnStr distinguished name by string (ex. /C=US/O=aaa)
-1152 * @description
-1153 * @example
-1154 * name = new KJUR.asn1.x509.X500Name();
-1155 * name.setByString("/C=US/O=aaa/OU=bbb/CN=foo@example.com");
-1156 */
-1157 this.setByString = function(dnStr) {
-1158 var a = dnStr.split('/');
-1159 a.shift();
-1160 for (var i = 0; i < a.length; i++) {
-1161 this.asn1Array.push(new KJUR.asn1.x509.RDN({'str':a[i]}));
-1162 }
-1163 };
-1164
-1165 /**
-1166 * set DN by associative array
-1167 * @name setByObject
-1168 * @memberOf KJUR.asn1.x509.X500Name
-1169 * @function
-1170 * @param {Array} dnObj associative array of DN (ex. {C: "US", O: "aaa"})
-1171 * @since jsrsasign 4.9. asn1x509 1.0.13
-1172 * @description
-1173 * @example
-1174 * name = new KJUR.asn1.x509.X500Name();
-1175 * name.setByObject({C: "US", O: "aaa", CN="http://example.com/"1});
-1176 */
-1177 this.setByObject = function(dnObj) {
-1178 // Get all the dnObject attributes and stuff them in the ASN.1 array.
-1179 for (var x in dnObj) {
-1180 if (dnObj.hasOwnProperty(x)) {
-1181 var newRDN = new KJUR.asn1.x509.RDN(
-1182 {'str': x + '=' + dnObj[x]});
-1183 // Initialize or push into the ANS1 array.
-1184 this.asn1Array ? this.asn1Array.push(newRDN)
-1185 : this.asn1Array = [newRDN];
-1186 }
-1187 }
-1188 };
-1189
-1190 this.getEncodedHex = function() {
-1191 if (typeof this.hTLV == "string") return this.hTLV;
-1192 var o = new KJUR.asn1.DERSequence({"array": this.asn1Array});
-1193 this.hTLV = o.getEncodedHex();
-1194 return this.hTLV;
-1195 };
-1196
-1197 if (typeof params != "undefined") {
-1198 if (typeof params['str'] != "undefined") {
-1199 this.setByString(params['str']);
-1200 // If params is an object, then set the ASN1 array just using the object
-1201 // attributes. This is nice for fields that have lots of special
-1202 // characters (i.e. CN: 'http://www.github.com/kjur//').
-1203 } else if (typeof params === "object") {
-1204 this.setByObject(params);
-1205 }
-1206
-1207 if (typeof params.certissuer != "undefined") {
-1208 var x = new X509();
-1209 x.hex = X509.pemToHex(params.certissuer);
-1210 this.hTLV = x.getIssuerHex();
-1211 }
-1212 if (typeof params.certsubject != "undefined") {
-1213 var x = new X509();
-1214 x.hex = X509.pemToHex(params.certsubject);
-1215 this.hTLV = x.getSubjectHex();
-1216 }
-1217 }
-1218 };
-1219 YAHOO.lang.extend(KJUR.asn1.x509.X500Name, KJUR.asn1.ASN1Object);
-1220
-1221 /**
-1222 * RDN (Relative Distinguish Name) ASN.1 structure class
-1223 * @name KJUR.asn1.x509.RDN
-1224 * @class RDN (Relative Distinguish Name) ASN.1 structure class
-1225 * @param {Array} params associative array of parameters (ex. {'str': 'C=US'})
-1226 * @extends KJUR.asn1.ASN1Object
-1227 * @description
-1228 * @example
-1229 */
-1230 KJUR.asn1.x509.RDN = function(params) {
-1231 KJUR.asn1.x509.RDN.superclass.constructor.call(this);
-1232 this.asn1Array = new Array();
-1233
-1234 this.addByString = function(rdnStr) {
-1235 this.asn1Array.push(new KJUR.asn1.x509.AttributeTypeAndValue({'str':rdnStr}));
-1236 };
-1237
-1238 this.getEncodedHex = function() {
-1239 var o = new KJUR.asn1.DERSet({"array": this.asn1Array});
-1240 this.TLV = o.getEncodedHex();
-1241 return this.TLV;
-1242 };
-1243
-1244 if (typeof params != "undefined") {
-1245 if (typeof params['str'] != "undefined") {
-1246 this.addByString(params['str']);
-1247 }
-1248 }
-1249 };
-1250 YAHOO.lang.extend(KJUR.asn1.x509.RDN, KJUR.asn1.ASN1Object);
-1251
-1252 /**
-1253 * AttributeTypeAndValue ASN.1 structure class
-1254 * @name KJUR.asn1.x509.AttributeTypeAndValue
-1255 * @class AttributeTypeAndValue ASN.1 structure class
-1256 * @param {Array} params associative array of parameters (ex. {'str': 'C=US'})
-1257 * @extends KJUR.asn1.ASN1Object
-1258 * @description
-1259 * @example
-1260 */
-1261 KJUR.asn1.x509.AttributeTypeAndValue = function(params) {
-1262 KJUR.asn1.x509.AttributeTypeAndValue.superclass.constructor.call(this);
-1263 var typeObj = null;
-1264 var valueObj = null;
-1265 var defaultDSType = "utf8";
-1266
-1267 this.setByString = function(attrTypeAndValueStr) {
-1268 var matchResult = attrTypeAndValueStr.match(/^([^=]+)=(.+)$/);
-1269 if (matchResult) {
-1270 this.setByAttrTypeAndValueStr(matchResult[1], matchResult[2]);
-1271 } else {
-1272 throw "malformed attrTypeAndValueStr: " + attrTypeAndValueStr;
-1273 }
-1274 };
-1275
-1276 this.setByAttrTypeAndValueStr = function(shortAttrType, valueStr) {
-1277 this.typeObj = KJUR.asn1.x509.OID.atype2obj(shortAttrType);
-1278 var dsType = defaultDSType;
-1279 if (shortAttrType == "C") dsType = "prn";
-1280 this.valueObj = this.getValueObj(dsType, valueStr);
-1281 };
-1282
-1283 this.getValueObj = function(dsType, valueStr) {
-1284 if (dsType == "utf8") return new KJUR.asn1.DERUTF8String({"str": valueStr});
-1285 if (dsType == "prn") return new KJUR.asn1.DERPrintableString({"str": valueStr});
-1286 if (dsType == "tel") return new KJUR.asn1.DERTeletexString({"str": valueStr});
-1287 if (dsType == "ia5") return new KJUR.asn1.DERIA5String({"str": valueStr});
-1288 throw "unsupported directory string type: type=" + dsType + " value=" + valueStr;
-1289 };
-1290
-1291 this.getEncodedHex = function() {
-1292 var o = new KJUR.asn1.DERSequence({"array": [this.typeObj, this.valueObj]});
-1293 this.TLV = o.getEncodedHex();
-1294 return this.TLV;
-1295 };
-1296
-1297 if (typeof params != "undefined") {
-1298 if (typeof params['str'] != "undefined") {
-1299 this.setByString(params['str']);
-1300 }
-1301 }
-1302 };
-1303 YAHOO.lang.extend(KJUR.asn1.x509.AttributeTypeAndValue, KJUR.asn1.ASN1Object);
-1304
-1305 // === END X500Name Related =================================================
-1306
-1307 // === BEGIN Other ASN1 structure class ======================================
-1308
-1309 /**
-1310 * SubjectPublicKeyInfo ASN.1 structure class
-1311 * @name KJUR.asn1.x509.SubjectPublicKeyInfo
-1312 * @class SubjectPublicKeyInfo ASN.1 structure class
-1313 * @param {Object} params parameter for subject public key
-1314 * @extends KJUR.asn1.ASN1Object
-1315 * @description
-1316 * <br/>
-1317 * As for argument 'params' for constructor, you can specify one of
-1318 * following properties:
-1319 * <ul>
-1320 * <li>{@link RSAKey} object</li>
-1321 * <li>{@link KJUR.crypto.ECDSA} object</li>
-1322 * <li>{@link KJUR.crypto.DSA} object</li>
-1323 * <li>(DEPRECATED)rsakey - specify {@link RSAKey} object of subject public key</li>
-1324 * <li>(DEPRECATED)rsapem - specify a string of PEM public key of RSA key</li>
-1325 * </ul>
-1326 * NOTE1: 'params' can be omitted.<br/>
-1327 * NOTE2: DSA/ECDSA key object is also supported since asn1x509 1.0.6.<br/>
-1328 * <h4>EXAMPLE</h4>
-1329 * @example
-1330 * var spki = new KJUR.asn1.x509.SubjectPublicKeyInfo(RSAKey_object);
-1331 * var spki = new KJUR.asn1.x509.SubjectPublicKeyInfo(KJURcryptoECDSA_object);
-1332 * var spki = new KJUR.asn1.x509.SubjectPublicKeyInfo(KJURcryptoDSA_object);
-1333 */
-1334 KJUR.asn1.x509.SubjectPublicKeyInfo = function(params) {
-1335 KJUR.asn1.x509.SubjectPublicKeyInfo.superclass.constructor.call(this);
-1336 var asn1AlgId = null;
-1337 var asn1SubjPKey = null;
-1338 var rsaKey = null;
-1339
-1340 /**
-1341 * (DEPRECATED) set RSAKey object as subject public key
-1342 * @name setRSAKey
-1343 * @memberOf KJUR.asn1.x509.SubjectPublicKeyInfo
-1344 * @function
-1345 * @param {RSAKey} rsaKey {@link RSAKey} object for RSA public key
-1346 * @description
-1347 * @deprecated
-1348 * @example
-1349 * spki.setRSAKey(rsaKey);
-1350 */
-1351 this.setRSAKey = function(rsaKey) {
-1352 if (! RSAKey.prototype.isPrototypeOf(rsaKey))
-1353 throw "argument is not RSAKey instance";
-1354 this.rsaKey = rsaKey;
-1355 var asn1RsaN = new KJUR.asn1.DERInteger({'bigint': rsaKey.n});
-1356 var asn1RsaE = new KJUR.asn1.DERInteger({'int': rsaKey.e});
-1357 var asn1RsaPub = new KJUR.asn1.DERSequence({'array': [asn1RsaN, asn1RsaE]});
-1358 var rsaKeyHex = asn1RsaPub.getEncodedHex();
-1359 this.asn1AlgId = new KJUR.asn1.x509.AlgorithmIdentifier({'name':'rsaEncryption'});
-1360 this.asn1SubjPKey = new KJUR.asn1.DERBitString({'hex':'00'+rsaKeyHex});
-1361 };
-1362
-1363 /**
-1364 * (DEPRECATED) set a PEM formatted RSA public key string as RSA public key
-1365 * @name setRSAPEM
-1366 * @memberOf KJUR.asn1.x509.SubjectPublicKeyInfo
-1367 * @function
-1368 * @param {String} rsaPubPEM PEM formatted RSA public key string
-1369 * @deprecated
-1370 * @description
-1371 * @example
-1372 * spki.setRSAPEM(rsaPubPEM);
-1373 */
-1374 this.setRSAPEM = function(rsaPubPEM) {
-1375 if (rsaPubPEM.match(/-----BEGIN PUBLIC KEY-----/)) {
-1376 var s = rsaPubPEM;
-1377 s = s.replace(/^-----[^-]+-----/, '');
-1378 s = s.replace(/-----[^-]+-----\s*$/, '');
-1379 var rsaB64 = s.replace(/\s+/g, '');
-1380 var rsaWA = CryptoJS.enc.Base64.parse(rsaB64);
-1381 var rsaP8Hex = CryptoJS.enc.Hex.stringify(rsaWA);
-1382 var a = _rsapem_getHexValueArrayOfChildrenFromHex(rsaP8Hex);
-1383 var hBitStrVal = a[1];
-1384 var rsaHex = hBitStrVal.substr(2);
-1385 var a3 = _rsapem_getHexValueArrayOfChildrenFromHex(rsaHex);
-1386 var rsaKey = new RSAKey();
-1387 rsaKey.setPublic(a3[0], a3[1]);
-1388 this.setRSAKey(rsaKey);
-1389 } else {
-1390 throw "key not supported";
-1391 }
-1392 };
-1393
-1394 /*
-1395 * @since asn1x509 1.0.7
-1396 */
-1397 this.getASN1Object = function() {
-1398 if (this.asn1AlgId == null || this.asn1SubjPKey == null)
-1399 throw "algId and/or subjPubKey not set";
-1400 var o = new KJUR.asn1.DERSequence({'array':
-1401 [this.asn1AlgId, this.asn1SubjPKey]});
-1402 return o;
-1403 };
-1404
-1405 this.getEncodedHex = function() {
-1406 var o = this.getASN1Object();
-1407 this.hTLV = o.getEncodedHex();
-1408 return this.hTLV;
-1409 };
-1410
-1411 this._setRSAKey = function(key) {
-1412 var asn1RsaPub = KJUR.asn1.ASN1Util.newObject({
-1413 'seq': [{'int': {'bigint': key.n}}, {'int': {'int': key.e}}]
-1414 });
-1415 var rsaKeyHex = asn1RsaPub.getEncodedHex();
-1416 this.asn1AlgId = new KJUR.asn1.x509.AlgorithmIdentifier({'name':'rsaEncryption'});
-1417 this.asn1SubjPKey = new KJUR.asn1.DERBitString({'hex':'00'+rsaKeyHex});
-1418 };
-1419
-1420 this._setEC = function(key) {
-1421 var asn1Params = new KJUR.asn1.DERObjectIdentifier({'name': key.curveName});
-1422 this.asn1AlgId =
-1423 new KJUR.asn1.x509.AlgorithmIdentifier({'name': 'ecPublicKey',
-1424 'asn1params': asn1Params});
-1425 this.asn1SubjPKey = new KJUR.asn1.DERBitString({'hex': '00' + key.pubKeyHex});
-1426 };
-1427
-1428 this._setDSA = function(key) {
-1429 var asn1Params = new KJUR.asn1.ASN1Util.newObject({
-1430 'seq': [{'int': {'bigint': key.p}},
-1431 {'int': {'bigint': key.q}},
-1432 {'int': {'bigint': key.g}}]
-1433 });
-1434 this.asn1AlgId =
-1435 new KJUR.asn1.x509.AlgorithmIdentifier({'name': 'dsa',
-1436 'asn1params': asn1Params});
-1437 var pubInt = new KJUR.asn1.DERInteger({'bigint': key.y});
-1438 this.asn1SubjPKey = new KJUR.asn1.DERBitString({'hex': '00' + pubInt.getEncodedHex()});
-1439 };
-1440
-1441 if (typeof params != "undefined") {
-1442 if (typeof RSAKey != 'undefined' && params instanceof RSAKey) {
-1443 this._setRSAKey(params);
-1444 } else if (typeof KJUR.crypto.ECDSA != 'undefined' &&
-1445 params instanceof KJUR.crypto.ECDSA) {
-1446 this._setEC(params);
-1447 } else if (typeof KJUR.crypto.DSA != 'undefined' &&
-1448 params instanceof KJUR.crypto.DSA) {
-1449 this._setDSA(params);
-1450 } else if (typeof params['rsakey'] != "undefined") {
-1451 this.setRSAKey(params['rsakey']);
-1452 } else if (typeof params['rsapem'] != "undefined") {
-1453 this.setRSAPEM(params['rsapem']);
-1454 }
-1455 }
-1456 };
-1457 YAHOO.lang.extend(KJUR.asn1.x509.SubjectPublicKeyInfo, KJUR.asn1.ASN1Object);
-1458
-1459 /**
-1460 * Time ASN.1 structure class
-1461 * @name KJUR.asn1.x509.Time
-1462 * @class Time ASN.1 structure class
-1463 * @param {Array} params associative array of parameters (ex. {'str': '130508235959Z'})
-1464 * @extends KJUR.asn1.ASN1Object
-1465 * @description
-1466 * <br/>
-1467 * <h4>EXAMPLES</h4>
-1468 * @example
-1469 * var t1 = new KJUR.asn1.x509.Time{'str': '130508235959Z'} // UTCTime by default
-1470 * var t2 = new KJUR.asn1.x509.Time{'type': 'gen', 'str': '20130508235959Z'} // GeneralizedTime
-1471 */
-1472 KJUR.asn1.x509.Time = function(params) {
-1473 KJUR.asn1.x509.Time.superclass.constructor.call(this);
-1474 var type = null;
-1475 var timeParams = null;
-1476
-1477 this.setTimeParams = function(timeParams) {
-1478 this.timeParams = timeParams;
-1479 }
-1480
-1481 this.getEncodedHex = function() {
-1482 var o = null;
+1035 /**
+1036 * set thisUpdate field by parameter
+1037 * @name setThisUpdateByParam
+1038 * @memberOf KJUR.asn1.x509.TBSCertList
+1039 * @function
+1040 * @param {Array} timeParam Time parameter
+1041 * @description
+1042 * @example
+1043 * tbsc.setThisUpdateByParam({'str': '130508235959Z'});
+1044 * @see KJUR.asn1.x509.Time
+1045 */
+1046 this.setThisUpdateByParam = function(timeParam) {
+1047 this.asn1ThisUpdate = new KJUR.asn1.x509.Time(timeParam);
+1048 };
+1049
+1050 /**
+1051 * set nextUpdate field by parameter
+1052 * @name setNextUpdateByParam
+1053 * @memberOf KJUR.asn1.x509.TBSCertList
+1054 * @function
+1055 * @param {Array} timeParam Time parameter
+1056 * @description
+1057 * @example
+1058 * tbsc.setNextUpdateByParam({'str': '130508235959Z'});
+1059 * @see KJUR.asn1.x509.Time
+1060 */
+1061 this.setNextUpdateByParam = function(timeParam) {
+1062 this.asn1NextUpdate = new KJUR.asn1.x509.Time(timeParam);
+1063 };
+1064
+1065 /**
+1066 * add revoked certficate by parameter
+1067 * @name addRevokedCert
+1068 * @memberOf KJUR.asn1.x509.TBSCertList
+1069 * @function
+1070 * @param {Array} snParam DERInteger parameter for certificate serial number
+1071 * @param {Array} timeParam Time parameter for revocation date
+1072 * @description
+1073 * @example
+1074 * tbsc.addRevokedCert({'int': 3}, {'str': '130508235959Z'});
+1075 * @see KJUR.asn1.x509.Time
+1076 */
+1077 this.addRevokedCert = function(snParam, timeParam) {
+1078 var param = {};
+1079 if (snParam != undefined && snParam != null) param['sn'] = snParam;
+1080 if (timeParam != undefined && timeParam != null) param['time'] = timeParam;
+1081 var o = new KJUR.asn1.x509.CRLEntry(param);
+1082 this.aRevokedCert.push(o);
+1083 };
+1084
+1085 this.getEncodedHex = function() {
+1086 this.asn1Array = new Array();
+1087
+1088 if (this.asn1Version != null) this.asn1Array.push(this.asn1Version);
+1089 this.asn1Array.push(this.asn1SignatureAlg);
+1090 this.asn1Array.push(this.asn1Issuer);
+1091 this.asn1Array.push(this.asn1ThisUpdate);
+1092 if (this.asn1NextUpdate != null) this.asn1Array.push(this.asn1NextUpdate);
+1093
+1094 if (this.aRevokedCert.length > 0) {
+1095 var seq = new KJUR.asn1.DERSequence({'array': this.aRevokedCert});
+1096 this.asn1Array.push(seq);
+1097 }
+1098
+1099 var o = new KJUR.asn1.DERSequence({"array": this.asn1Array});
+1100 this.hTLV = o.getEncodedHex();
+1101 this.isModified = false;
+1102 return this.hTLV;
+1103 };
+1104
+1105 this._initialize = function() {
+1106 this.asn1Version = null;
+1107 this.asn1SignatureAlg = null;
+1108 this.asn1Issuer = null;
+1109 this.asn1ThisUpdate = null;
+1110 this.asn1NextUpdate = null;
+1111 this.aRevokedCert = new Array();
+1112 };
+1113
+1114 this._initialize();
+1115 };
+1116 YAHOO.lang.extend(KJUR.asn1.x509.TBSCertList, KJUR.asn1.ASN1Object);
+1117
+1118 /**
+1119 * ASN.1 CRLEntry structure class for CRL
+1120 * @name KJUR.asn1.x509.CRLEntry
+1121 * @class ASN.1 CRLEntry structure class for CRL
+1122 * @param {Array} params associative array of parameters (ex. {})
+1123 * @extends KJUR.asn1.ASN1Object
+1124 * @since 1.0.3
+1125 * @description
+1126 * @example
+1127 * var e = new KJUR.asn1.x509.CRLEntry({'time': {'str': '130514235959Z'}, 'sn': {'int': 234}});
+1128 *
+1129 * // revokedCertificates SEQUENCE OF SEQUENCE {
+1130 * // userCertificate CertificateSerialNumber,
+1131 * // revocationDate Time,
+1132 * // crlEntryExtensions Extensions OPTIONAL
+1133 * // -- if present, version MUST be v2 }
+1134 */
+1135 KJUR.asn1.x509.CRLEntry = function(params) {
+1136 KJUR.asn1.x509.CRLEntry.superclass.constructor.call(this);
+1137 var sn = null;
+1138 var time = null;
+1139
+1140 /**
+1141 * set DERInteger parameter for serial number of revoked certificate
+1142 * @name setCertSerial
+1143 * @memberOf KJUR.asn1.x509.CRLEntry
+1144 * @function
+1145 * @param {Array} intParam DERInteger parameter for certificate serial number
+1146 * @description
+1147 * @example
+1148 * entry.setCertSerial({'int': 3});
+1149 */
+1150 this.setCertSerial = function(intParam) {
+1151 this.sn = new KJUR.asn1.DERInteger(intParam);
+1152 };
+1153
+1154 /**
+1155 * set Time parameter for revocation date
+1156 * @name setRevocationDate
+1157 * @memberOf KJUR.asn1.x509.CRLEntry
+1158 * @function
+1159 * @param {Array} timeParam Time parameter for revocation date
+1160 * @description
+1161 * @example
+1162 * entry.setRevocationDate({'str': '130508235959Z'});
+1163 */
+1164 this.setRevocationDate = function(timeParam) {
+1165 this.time = new KJUR.asn1.x509.Time(timeParam);
+1166 };
+1167
+1168 this.getEncodedHex = function() {
+1169 var o = new KJUR.asn1.DERSequence({"array": [this.sn, this.time]});
+1170 this.TLV = o.getEncodedHex();
+1171 return this.TLV;
+1172 };
+1173
+1174 if (typeof params != "undefined") {
+1175 if (typeof params['time'] != "undefined") {
+1176 this.setRevocationDate(params['time']);
+1177 }
+1178 if (typeof params['sn'] != "undefined") {
+1179 this.setCertSerial(params['sn']);
+1180 }
+1181 }
+1182 };
+1183 YAHOO.lang.extend(KJUR.asn1.x509.CRLEntry, KJUR.asn1.ASN1Object);
+1184
+1185 // === END CRL Related ===================================================
+1186
+1187 // === BEGIN X500Name Related =================================================
+1188 /**
+1189 * X500Name ASN.1 structure class
+1190 * @name KJUR.asn1.x509.X500Name
+1191 * @class X500Name ASN.1 structure class
+1192 * @param {Array} params associative array of parameters (ex. {'str': '/C=US/O=a'})
+1193 * @extends KJUR.asn1.ASN1Object
+1194 * @see KJUR.asn1.x509.X500Name
+1195 * @see KJUR.asn1.x509.RDN
+1196 * @see KJUR.asn1.x509.AttributeTypeAndValue
+1197 * @description
+1198 * This class provides DistinguishedName ASN.1 class structure
+1199 * defined in <a href="https://tools.ietf.org/html/rfc2253#section-2">RFC 2253 section 2</a>.
+1200 * <blockquote><pre>
+1201 * DistinguishedName ::= RDNSequence
+1202 *
+1203 * RDNSequence ::= SEQUENCE OF RelativeDistinguishedName
+1204 *
+1205 * RelativeDistinguishedName ::= SET SIZE (1..MAX) OF
+1206 * AttributeTypeAndValue
+1207 *
+1208 * AttributeTypeAndValue ::= SEQUENCE {
+1209 * type AttributeType,
+1210 * value AttributeValue }
+1211 * </pre></blockquote>
+1212 * <br/>
+1213 * For string representation of distinguished name in jsrsasign,
+1214 * OpenSSL oneline format is used. Please see <a href="https://github.com/kjur/jsrsasign/wiki/NOTE-distinguished-name-representation-in-jsrsasign">wiki article</a> for it.
+1215 * <br/>
+1216 * NOTE: Multi-valued RDN is supported since jsrsasign 6.2.1 asn1x509 1.0.17.
+1217 * @example
+1218 * // 1. construct with string
+1219 * o = new KJUR.asn1.x509.X500Name({str: "/C=US/O=aaa/OU=bbb/CN=foo@example.com"});
+1220 * // 2. construct by object
+1221 * o = new KJUR.asn1.x509.X500Name({C: "US", O: "aaa", CN: "http://example.com/"});
+1222 */
+1223 KJUR.asn1.x509.X500Name = function(params) {
+1224 KJUR.asn1.x509.X500Name.superclass.constructor.call(this);
+1225 this.asn1Array = new Array();
+1226
+1227 /**
+1228 * set DN by string
+1229 * @name setByString
+1230 * @memberOf KJUR.asn1.x509.X500Name#
+1231 * @function
+1232 * @param {Array} dnStr distinguished name by string (ex. /C=US/O=aaa)
+1233 * @description
+1234 * @example
+1235 * name = new KJUR.asn1.x509.X500Name();
+1236 * name.setByString("/C=US/O=aaa/OU=bbb/CN=foo@example.com");
+1237 */
+1238 this.setByString = function(dnStr) {
+1239 var a = dnStr.split('/');
+1240 a.shift();
+1241 for (var i = 0; i < a.length; i++) {
+1242 this.asn1Array.push(new KJUR.asn1.x509.RDN({'str':a[i]}));
+1243 }
+1244 };
+1245
+1246 /**
+1247 * set DN by associative array
+1248 * @name setByObject
+1249 * @memberOf KJUR.asn1.x509.X500Name#
+1250 * @function
+1251 * @param {Array} dnObj associative array of DN (ex. {C: "US", O: "aaa"})
+1252 * @since jsrsasign 4.9. asn1x509 1.0.13
+1253 * @description
+1254 * @example
+1255 * name = new KJUR.asn1.x509.X500Name();
+1256 * name.setByObject({C: "US", O: "aaa", CN="http://example.com/"1});
+1257 */
+1258 this.setByObject = function(dnObj) {
+1259 // Get all the dnObject attributes and stuff them in the ASN.1 array.
+1260 for (var x in dnObj) {
+1261 if (dnObj.hasOwnProperty(x)) {
+1262 var newRDN = new KJUR.asn1.x509.RDN(
+1263 {'str': x + '=' + dnObj[x]});
+1264 // Initialize or push into the ANS1 array.
+1265 this.asn1Array ? this.asn1Array.push(newRDN)
+1266 : this.asn1Array = [newRDN];
+1267 }
+1268 }
+1269 };
+1270
+1271 this.getEncodedHex = function() {
+1272 if (typeof this.hTLV == "string") return this.hTLV;
+1273 var o = new KJUR.asn1.DERSequence({"array": this.asn1Array});
+1274 this.hTLV = o.getEncodedHex();
+1275 return this.hTLV;
+1276 };
+1277
+1278 if (typeof params != "undefined") {
+1279 if (typeof params['str'] != "undefined") {
+1280 this.setByString(params['str']);
+1281 // If params is an object, then set the ASN1 array just using the object
+1282 // attributes. This is nice for fields that have lots of special
+1283 // characters (i.e. CN: 'http://www.github.com/kjur//').
+1284 } else if (typeof params === "object") {
+1285 this.setByObject(params);
+1286 }
+1287
+1288 if (typeof params.certissuer != "undefined") {
+1289 var x = new X509();
+1290 x.hex = X509.pemToHex(params.certissuer);
+1291 this.hTLV = x.getIssuerHex();
+1292 }
+1293 if (typeof params.certsubject != "undefined") {
+1294 var x = new X509();
+1295 x.hex = X509.pemToHex(params.certsubject);
+1296 this.hTLV = x.getSubjectHex();
+1297 }
+1298 }
+1299 };
+1300 YAHOO.lang.extend(KJUR.asn1.x509.X500Name, KJUR.asn1.ASN1Object);
+1301
+1302 /**
+1303 * RDN (Relative Distinguished Name) ASN.1 structure class
+1304 * @name KJUR.asn1.x509.RDN
+1305 * @class RDN (Relative Distinguished Name) ASN.1 structure class
+1306 * @param {Array} params associative array of parameters (ex. {'str': 'C=US'})
+1307 * @extends KJUR.asn1.ASN1Object
+1308 * @see KJUR.asn1.x509.X500Name
+1309 * @see KJUR.asn1.x509.RDN
+1310 * @see KJUR.asn1.x509.AttributeTypeAndValue
+1311 * @description
+1312 * This class provides RelativeDistinguishedName ASN.1 class structure
+1313 * defined in <a href="https://tools.ietf.org/html/rfc2253#section-2">RFC 2253 section 2</a>.
+1314 * <blockquote><pre>
+1315 * RelativeDistinguishedName ::= SET SIZE (1..MAX) OF
+1316 * AttributeTypeAndValue
+1317 *
+1318 * AttributeTypeAndValue ::= SEQUENCE {
+1319 * type AttributeType,
+1320 * value AttributeValue }
+1321 * </pre></blockquote>
+1322 * <br/>
+1323 * NOTE: Multi-valued RDN is supported since jsrsasign 6.2.1 asn1x509 1.0.17.
+1324 * @example
+1325 * rdn = new KJUR.asn1.x509.RDN({str: "CN=test"});
+1326 * rdn = new KJUR.asn1.x509.RDN({str: "O=a+O=bb+O=c"}); // multi-valued
+1327 * rdn = new KJUR.asn1.x509.RDN({str: "O=a+O=b\\+b+O=c"}); // plus escaped
+1328 * rdn = new KJUR.asn1.x509.RDN({str: "O=a+O=\"b+b\"+O=c"}); // double quoted
+1329 */
+1330 KJUR.asn1.x509.RDN = function(params) {
+1331 KJUR.asn1.x509.RDN.superclass.constructor.call(this);
+1332 this.asn1Array = new Array();
+1333
+1334 /**
+1335 * add one AttributeTypeAndValue by string<br/>
+1336 * @name addByString
+1337 * @memberOf KJUR.asn1.x509.RDN#
+1338 * @function
+1339 * @param {String} s string of AttributeTypeAndValue
+1340 * @return {Object} unspecified
+1341 * @description
+1342 * This method add one AttributeTypeAndValue to RDN object.
+1343 * @example
+1344 * rdn = new KJUR.asn1.x509.RDN();
+1345 * rdn.addByString("CN=john");
+1346 * rdn.addByString("serialNumber=1234"); // for multi-valued RDN
+1347 */
+1348 this.addByString = function(s) {
+1349 this.asn1Array.push(new KJUR.asn1.x509.AttributeTypeAndValue({'str': s}));
+1350 };
+1351
+1352 /**
+1353 * add one AttributeTypeAndValue by multi-valued string<br/>
+1354 * @name addByMultiValuedString
+1355 * @memberOf KJUR.asn1.x509.RDN#
+1356 * @function
+1357 * @param {String} s string of multi-valued RDN
+1358 * @return {Object} unspecified
+1359 * @since jsrsasign 6.2.1 asn1x509 1.0.17
+1360 * @description
+1361 * This method add multi-valued RDN to RDN object.
+1362 * @example
+1363 * rdn = new KJUR.asn1.x509.RDN();
+1364 * rdn.addByMultiValuedString("CN=john+O=test");
+1365 * rdn.addByMultiValuedString("O=a+O=b\+b\+b+O=c"); // multi-valued RDN with quoted plus
+1366 * rdn.addByMultiValuedString("O=a+O=\"b+b+b\"+O=c"); // multi-valued RDN with quoted quotation
+1367 */
+1368 this.addByMultiValuedString = function(s) {
+1369 var a = KJUR.asn1.x509.RDN.parseString(s);
+1370 for (var i = 0; i < a.length; i++) {
+1371 this.addByString(a[i]);
+1372 }
+1373 };
+1374
+1375 this.getEncodedHex = function() {
+1376 var o = new KJUR.asn1.DERSet({"array": this.asn1Array});
+1377 this.TLV = o.getEncodedHex();
+1378 return this.TLV;
+1379 };
+1380
+1381 if (typeof params != "undefined") {
+1382 if (typeof params['str'] != "undefined") {
+1383 this.addByMultiValuedString(params['str']);
+1384 }
+1385 }
+1386 };
+1387 YAHOO.lang.extend(KJUR.asn1.x509.RDN, KJUR.asn1.ASN1Object);
+1388
+1389 /**
+1390 * parse multi-valued RDN string and split into array of 'AttributeTypeAndValue'<br/>
+1391 * @name parseString
+1392 * @memberOf KJUR.asn1.x509.RDN
+1393 * @function
+1394 * @param {String} s multi-valued string of RDN
+1395 * @return {Array} array of string of AttributeTypeAndValue
+1396 * @since jsrsasign 6.2.1 asn1x509 1.0.17
+1397 * @description
+1398 * This static method parses multi-valued RDN string and split into
+1399 * array of AttributeTypeAndValue.
+1400 * @example
+1401 * KJUR.asn1.x509.RDN.parseString("CN=john") → ["CN=john"]
+1402 * KJUR.asn1.x509.RDN.parseString("CN=john+OU=test") → ["CN=john", "OU=test"]
+1403 * KJUR.asn1.x509.RDN.parseString('CN="jo+hn"+OU=test') → ["CN=jo+hn", "OU=test"]
+1404 * KJUR.asn1.x509.RDN.parseString('CN=jo\+hn+OU=test') → ["CN=jo+hn", "OU=test"]
+1405 * KJUR.asn1.x509.RDN.parseString("CN=john+OU=test+OU=t1") → ["CN=john", "OU=test", "OU=t1"]
+1406 */
+1407 KJUR.asn1.x509.RDN.parseString = function(s) {
+1408 var a = s.split(/\+/);
+1409
+1410 // join \+
+1411 var isBSbefore = false;
+1412 var a2 = [];
+1413 for (var i = 0; a.length > 0; i++) {
+1414 var item = a.shift();
+1415 //console.log("item=" + item);
+1416
+1417 if (isBSbefore === true) {
+1418 var a2last = a2.pop();
+1419 var newitem = (a2last + "+" + item).replace(/\\\+/g, "+");
+1420 a2.push(newitem);
+1421 isBSbefore = false;
+1422 } else {
+1423 a2.push(item);
+1424 }
+1425
+1426 if (item.substr(-1, 1) === "\\") isBSbefore = true;
+1427 }
+1428
+1429 // join quote
+1430 var beginQuote = false;
+1431 var a3 = [];
+1432 for (var i = 0; a2.length > 0; i++) {
+1433 var item = a2.shift();
+1434
+1435 if (beginQuote === true) {
+1436 var a3last = a3.pop();
+1437 if (item.match(/"$/)) {
+1438 var newitem = (a3last + "+" + item).replace(/^([^=]+)="(.*)"$/, "$1=$2");
+1439 a3.push(newitem);
+1440 beginQuote = false;
+1441 } else {
+1442 a3.push(a3last + "+" + item);
+1443 }
+1444 } else {
+1445 a3.push(item);
+1446 }
+1447
+1448 if (item.match(/^[^=]+="/)) {
+1449 //console.log(i + "=" + item);
+1450 beginQuote = true;
+1451 }
+1452 }
+1453
+1454 return a3;
+1455 };
+1456
+1457 /**
+1458 * AttributeTypeAndValue ASN.1 structure class
+1459 * @name KJUR.asn1.x509.AttributeTypeAndValue
+1460 * @class AttributeTypeAndValue ASN.1 structure class
+1461 * @param {Array} params associative array of parameters (ex. {'str': 'C=US'})
+1462 * @extends KJUR.asn1.ASN1Object
+1463 * @description
+1464 * @see KJUR.asn1.x509.X500Name
+1465 * @see KJUR.asn1.x509.RDN
+1466 * @see KJUR.asn1.x509.AttributeTypeAndValue
+1467 * @example
+1468 */
+1469 KJUR.asn1.x509.AttributeTypeAndValue = function(params) {
+1470 KJUR.asn1.x509.AttributeTypeAndValue.superclass.constructor.call(this);
+1471 var typeObj = null;
+1472 var valueObj = null;
+1473 var defaultDSType = "utf8";
+1474
+1475 this.setByString = function(attrTypeAndValueStr) {
+1476 var matchResult = attrTypeAndValueStr.match(/^([^=]+)=(.+)$/);
+1477 if (matchResult) {
+1478 this.setByAttrTypeAndValueStr(matchResult[1], matchResult[2]);
+1479 } else {
+1480 throw "malformed attrTypeAndValueStr: " + attrTypeAndValueStr;
+1481 }
+1482 };
1483
-1484 if (this.timeParams != null) {
-1485 if (this.type == "utc") {
-1486 o = new KJUR.asn1.DERUTCTime(this.timeParams);
-1487 } else {
-1488 o = new KJUR.asn1.DERGeneralizedTime(this.timeParams);
-1489 }
-1490 } else {
-1491 if (this.type == "utc") {
-1492 o = new KJUR.asn1.DERUTCTime();
-1493 } else {
-1494 o = new KJUR.asn1.DERGeneralizedTime();
-1495 }
-1496 }
-1497 this.TLV = o.getEncodedHex();
-1498 return this.TLV;
-1499 };
-1500
-1501 this.type = "utc";
-1502 if (typeof params != "undefined") {
-1503 if (typeof params.type != "undefined") {
-1504 this.type = params.type;
-1505 } else {
-1506 if (typeof params.str != "undefined") {
-1507 if (params.str.match(/^[0-9]{12}Z$/)) this.type = "utc";
-1508 if (params.str.match(/^[0-9]{14}Z$/)) this.type = "gen";
-1509 }
-1510 }
-1511 this.timeParams = params;
-1512 }
-1513 };
-1514 YAHOO.lang.extend(KJUR.asn1.x509.Time, KJUR.asn1.ASN1Object);
-1515
-1516 /**
-1517 * AlgorithmIdentifier ASN.1 structure class
-1518 * @name KJUR.asn1.x509.AlgorithmIdentifier
-1519 * @class AlgorithmIdentifier ASN.1 structure class
-1520 * @param {Array} params associative array of parameters (ex. {'name': 'SHA1withRSA'})
-1521 * @extends KJUR.asn1.ASN1Object
-1522 * @description
-1523 * @example
-1524 * algId1 = new KJUR.asn1.x509.AlgorithmIdentifier({name: "sha1"});
-1525 */
-1526 KJUR.asn1.x509.AlgorithmIdentifier = function(params) {
-1527 KJUR.asn1.x509.AlgorithmIdentifier.superclass.constructor.call(this);
-1528 var nameAlg = null;
-1529 var asn1Alg = null;
-1530 var asn1Params = null;
-1531 var paramEmpty = false;
-1532
-1533 this.getEncodedHex = function() {
-1534 if (this.nameAlg == null && this.asn1Alg == null) {
-1535 throw "algorithm not specified";
-1536 }
-1537 if (this.nameAlg != null && this.asn1Alg == null) {
-1538 this.asn1Alg = KJUR.asn1.x509.OID.name2obj(this.nameAlg);
-1539 }
-1540 var a = [this.asn1Alg];
-1541 if (! this.paramEmpty) a.push(this.asn1Params);
-1542 var o = new KJUR.asn1.DERSequence({'array': a});
-1543 this.hTLV = o.getEncodedHex();
-1544 return this.hTLV;
-1545 };
-1546
-1547 if (typeof params != "undefined") {
-1548 if (typeof params['name'] != "undefined") {
-1549 this.nameAlg = params['name'];
-1550 }
-1551 if (typeof params['asn1params'] != "undefined") {
-1552 this.asn1Params = params['asn1params'];
-1553 }
-1554 if (typeof params['paramempty'] != "undefined") {
-1555 this.paramEmpty = params['paramempty'];
-1556 }
-1557 }
-1558 if (this.asn1Params == null) {
-1559 this.asn1Params = new KJUR.asn1.DERNull();
-1560 }
-1561 };
-1562 YAHOO.lang.extend(KJUR.asn1.x509.AlgorithmIdentifier, KJUR.asn1.ASN1Object);
-1563
-1564 /**
-1565 * GeneralName ASN.1 structure class
-1566 * @name KJUR.asn1.x509.GeneralName
-1567 * @class GeneralName ASN.1 structure class
-1568 * @description
-1569 * <br/>
-1570 * As for argument 'params' for constructor, you can specify one of
-1571 * following properties:
-1572 * <ul>
-1573 * <li>rfc822 - rfc822Name[1] (ex. user1@foo.com)</li>
-1574 * <li>dns - dNSName[2] (ex. foo.com)</li>
-1575 * <li>uri - uniformResourceIdentifier[6] (ex. http://foo.com/)</li>
-1576 * <li>certissuer - directoryName[4] (PEM or hex string of cert)</li>
-1577 * <li>certsubj - directoryName[4] (PEM or hex string of cert)</li>
-1578 * </ul>
-1579 * NOTE1: certissuer and certsubj is supported since asn1x509 1.0.10.
-1580 *
-1581 * Here is definition of the ASN.1 syntax:
-1582 * <pre>
-1583 * -- NOTE: under the CHOICE, it will always be explicit.
-1584 * GeneralName ::= CHOICE {
-1585 * otherName [0] OtherName,
-1586 * rfc822Name [1] IA5String,
-1587 * dNSName [2] IA5String,
-1588 * x400Address [3] ORAddress,
-1589 * directoryName [4] Name,
-1590 * ediPartyName [5] EDIPartyName,
-1591 * uniformResourceIdentifier [6] IA5String,
-1592 * iPAddress [7] OCTET STRING,
-1593 * registeredID [8] OBJECT IDENTIFIER }
-1594 * </pre>
-1595 *
-1596 *
-1597 *
-1598 * @example
-1599 * gn = new KJUR.asn1.x509.GeneralName({rfc822: 'test@aaa.com'});
-1600 * gn = new KJUR.asn1.x509.GeneralName({dns: 'aaa.com'});
-1601 * gn = new KJUR.asn1.x509.GeneralName({uri: 'http://aaa.com/'});
-1602 * gn = new KJUR.asn1.x509.GeneralName({certissuer: certPEM});
-1603 * gn = new KJUR.asn1.x509.GeneralName({certsubj: certPEM});
-1604 */
-1605 KJUR.asn1.x509.GeneralName = function(params) {
-1606 KJUR.asn1.x509.GeneralName.superclass.constructor.call(this);
-1607 var asn1Obj = null;
-1608 var type = null;
-1609 var pTag = {rfc822: '81', dns: '82', dn: 'a4', uri: '86'};
-1610 this.explicit = false;
-1611
-1612 this.setByParam = function(params) {
-1613 var str = null;
-1614 var v = null;
-1615
-1616 if (typeof params == "undefined") return;
-1617
-1618 if (typeof params.rfc822 != "undefined") {
-1619 this.type = 'rfc822';
-1620 v = new KJUR.asn1.DERIA5String({'str': params[this.type]});
-1621 }
-1622 if (typeof params.dns != "undefined") {
-1623 this.type = 'dns';
-1624 v = new KJUR.asn1.DERIA5String({'str': params[this.type]});
-1625 }
-1626 if (typeof params.uri != "undefined") {
-1627 this.type = 'uri';
-1628 v = new KJUR.asn1.DERIA5String({'str': params[this.type]});
-1629 }
-1630 if (typeof params.certissuer != "undefined") {
-1631 this.type = 'dn';
-1632 this.explicit = true;
-1633 var certStr = params.certissuer;
-1634 var certHex = null;
-1635 if (certStr.match(/^[0-9A-Fa-f]+$/)) {
-1636 certHex == certStr;
-1637 }
-1638 if (certStr.indexOf("-----BEGIN ") != -1) {
-1639 certHex = X509.pemToHex(certStr);
-1640 }
-1641 if (certHex == null) throw "certissuer param not cert";
-1642 var x = new X509();
-1643 x.hex = certHex;
-1644 var dnHex = x.getIssuerHex();
-1645 v = new KJUR.asn1.ASN1Object();
-1646 v.hTLV = dnHex;
-1647 }
-1648 if (typeof params.certsubj != "undefined") {
-1649 this.type = 'dn';
-1650 this.explicit = true;
-1651 var certStr = params.certsubj;
-1652 var certHex = null;
-1653 if (certStr.match(/^[0-9A-Fa-f]+$/)) {
-1654 certHex == certStr;
-1655 }
-1656 if (certStr.indexOf("-----BEGIN ") != -1) {
-1657 certHex = X509.pemToHex(certStr);
-1658 }
-1659 if (certHex == null) throw "certsubj param not cert";
-1660 var x = new X509();
-1661 x.hex = certHex;
-1662 var dnHex = x.getSubjectHex();
-1663 v = new KJUR.asn1.ASN1Object();
-1664 v.hTLV = dnHex;
-1665 }
+1484 this.setByAttrTypeAndValueStr = function(shortAttrType, valueStr) {
+1485 this.typeObj = KJUR.asn1.x509.OID.atype2obj(shortAttrType);
+1486 var dsType = defaultDSType;
+1487 if (shortAttrType == "C") dsType = "prn";
+1488 this.valueObj = this.getValueObj(dsType, valueStr);
+1489 };
+1490
+1491 this.getValueObj = function(dsType, valueStr) {
+1492 if (dsType == "utf8") return new KJUR.asn1.DERUTF8String({"str": valueStr});
+1493 if (dsType == "prn") return new KJUR.asn1.DERPrintableString({"str": valueStr});
+1494 if (dsType == "tel") return new KJUR.asn1.DERTeletexString({"str": valueStr});
+1495 if (dsType == "ia5") return new KJUR.asn1.DERIA5String({"str": valueStr});
+1496 throw "unsupported directory string type: type=" + dsType + " value=" + valueStr;
+1497 };
+1498
+1499 this.getEncodedHex = function() {
+1500 var o = new KJUR.asn1.DERSequence({"array": [this.typeObj, this.valueObj]});
+1501 this.TLV = o.getEncodedHex();
+1502 return this.TLV;
+1503 };
+1504
+1505 if (typeof params != "undefined") {
+1506 if (typeof params['str'] != "undefined") {
+1507 this.setByString(params['str']);
+1508 }
+1509 }
+1510 };
+1511 YAHOO.lang.extend(KJUR.asn1.x509.AttributeTypeAndValue, KJUR.asn1.ASN1Object);
+1512
+1513 // === END X500Name Related =================================================
+1514
+1515 // === BEGIN Other ASN1 structure class ======================================
+1516
+1517 /**
+1518 * SubjectPublicKeyInfo ASN.1 structure class
+1519 * @name KJUR.asn1.x509.SubjectPublicKeyInfo
+1520 * @class SubjectPublicKeyInfo ASN.1 structure class
+1521 * @param {Object} params parameter for subject public key
+1522 * @extends KJUR.asn1.ASN1Object
+1523 * @description
+1524 * <br/>
+1525 * As for argument 'params' for constructor, you can specify one of
+1526 * following properties:
+1527 * <ul>
+1528 * <li>{@link RSAKey} object</li>
+1529 * <li>{@link KJUR.crypto.ECDSA} object</li>
+1530 * <li>{@link KJUR.crypto.DSA} object</li>
+1531 * <li>(DEPRECATED)rsakey - specify {@link RSAKey} object of subject public key</li>
+1532 * <li>(DEPRECATED)rsapem - specify a string of PEM public key of RSA key</li>
+1533 * </ul>
+1534 * NOTE1: 'params' can be omitted.<br/>
+1535 * NOTE2: DSA/ECDSA key object is also supported since asn1x509 1.0.6.<br/>
+1536 * <h4>EXAMPLE</h4>
+1537 * @example
+1538 * var spki = new KJUR.asn1.x509.SubjectPublicKeyInfo(RSAKey_object);
+1539 * var spki = new KJUR.asn1.x509.SubjectPublicKeyInfo(KJURcryptoECDSA_object);
+1540 * var spki = new KJUR.asn1.x509.SubjectPublicKeyInfo(KJURcryptoDSA_object);
+1541 */
+1542 KJUR.asn1.x509.SubjectPublicKeyInfo = function(params) {
+1543 KJUR.asn1.x509.SubjectPublicKeyInfo.superclass.constructor.call(this);
+1544 var asn1AlgId = null;
+1545 var asn1SubjPKey = null;
+1546 var rsaKey = null;
+1547
+1548 /**
+1549 * (DEPRECATED) set RSAKey object as subject public key
+1550 * @name setRSAKey
+1551 * @memberOf KJUR.asn1.x509.SubjectPublicKeyInfo
+1552 * @function
+1553 * @param {RSAKey} rsaKey {@link RSAKey} object for RSA public key
+1554 * @description
+1555 * @deprecated
+1556 * @example
+1557 * spki.setRSAKey(rsaKey);
+1558 */
+1559 this.setRSAKey = function(rsaKey) {
+1560 if (! RSAKey.prototype.isPrototypeOf(rsaKey))
+1561 throw "argument is not RSAKey instance";
+1562 this.rsaKey = rsaKey;
+1563 var asn1RsaN = new KJUR.asn1.DERInteger({'bigint': rsaKey.n});
+1564 var asn1RsaE = new KJUR.asn1.DERInteger({'int': rsaKey.e});
+1565 var asn1RsaPub = new KJUR.asn1.DERSequence({'array': [asn1RsaN, asn1RsaE]});
+1566 var rsaKeyHex = asn1RsaPub.getEncodedHex();
+1567 this.asn1AlgId = new KJUR.asn1.x509.AlgorithmIdentifier({'name':'rsaEncryption'});
+1568 this.asn1SubjPKey = new KJUR.asn1.DERBitString({'hex':'00'+rsaKeyHex});
+1569 };
+1570
+1571 /**
+1572 * (DEPRECATED) set a PEM formatted RSA public key string as RSA public key
+1573 * @name setRSAPEM
+1574 * @memberOf KJUR.asn1.x509.SubjectPublicKeyInfo
+1575 * @function
+1576 * @param {String} rsaPubPEM PEM formatted RSA public key string
+1577 * @deprecated
+1578 * @description
+1579 * @example
+1580 * spki.setRSAPEM(rsaPubPEM);
+1581 */
+1582 this.setRSAPEM = function(rsaPubPEM) {
+1583 if (rsaPubPEM.match(/-----BEGIN PUBLIC KEY-----/)) {
+1584 var s = rsaPubPEM;
+1585 s = s.replace(/^-----[^-]+-----/, '');
+1586 s = s.replace(/-----[^-]+-----\s*$/, '');
+1587 var rsaB64 = s.replace(/\s+/g, '');
+1588 var rsaWA = CryptoJS.enc.Base64.parse(rsaB64);
+1589 var rsaP8Hex = CryptoJS.enc.Hex.stringify(rsaWA);
+1590 var a = _rsapem_getHexValueArrayOfChildrenFromHex(rsaP8Hex);
+1591 var hBitStrVal = a[1];
+1592 var rsaHex = hBitStrVal.substr(2);
+1593 var a3 = _rsapem_getHexValueArrayOfChildrenFromHex(rsaHex);
+1594 var rsaKey = new RSAKey();
+1595 rsaKey.setPublic(a3[0], a3[1]);
+1596 this.setRSAKey(rsaKey);
+1597 } else {
+1598 throw "key not supported";
+1599 }
+1600 };
+1601
+1602 /*
+1603 * @since asn1x509 1.0.7
+1604 */
+1605 this.getASN1Object = function() {
+1606 if (this.asn1AlgId == null || this.asn1SubjPKey == null)
+1607 throw "algId and/or subjPubKey not set";
+1608 var o = new KJUR.asn1.DERSequence({'array':
+1609 [this.asn1AlgId, this.asn1SubjPKey]});
+1610 return o;
+1611 };
+1612
+1613 this.getEncodedHex = function() {
+1614 var o = this.getASN1Object();
+1615 this.hTLV = o.getEncodedHex();
+1616 return this.hTLV;
+1617 };
+1618
+1619 this._setRSAKey = function(key) {
+1620 var asn1RsaPub = KJUR.asn1.ASN1Util.newObject({
+1621 'seq': [{'int': {'bigint': key.n}}, {'int': {'int': key.e}}]
+1622 });
+1623 var rsaKeyHex = asn1RsaPub.getEncodedHex();
+1624 this.asn1AlgId = new KJUR.asn1.x509.AlgorithmIdentifier({'name':'rsaEncryption'});
+1625 this.asn1SubjPKey = new KJUR.asn1.DERBitString({'hex':'00'+rsaKeyHex});
+1626 };
+1627
+1628 this._setEC = function(key) {
+1629 var asn1Params = new KJUR.asn1.DERObjectIdentifier({'name': key.curveName});
+1630 this.asn1AlgId =
+1631 new KJUR.asn1.x509.AlgorithmIdentifier({'name': 'ecPublicKey',
+1632 'asn1params': asn1Params});
+1633 this.asn1SubjPKey = new KJUR.asn1.DERBitString({'hex': '00' + key.pubKeyHex});
+1634 };
+1635
+1636 this._setDSA = function(key) {
+1637 var asn1Params = new KJUR.asn1.ASN1Util.newObject({
+1638 'seq': [{'int': {'bigint': key.p}},
+1639 {'int': {'bigint': key.q}},
+1640 {'int': {'bigint': key.g}}]
+1641 });
+1642 this.asn1AlgId =
+1643 new KJUR.asn1.x509.AlgorithmIdentifier({'name': 'dsa',
+1644 'asn1params': asn1Params});
+1645 var pubInt = new KJUR.asn1.DERInteger({'bigint': key.y});
+1646 this.asn1SubjPKey = new KJUR.asn1.DERBitString({'hex': '00' + pubInt.getEncodedHex()});
+1647 };
+1648
+1649 if (typeof params != "undefined") {
+1650 if (typeof RSAKey != 'undefined' && params instanceof RSAKey) {
+1651 this._setRSAKey(params);
+1652 } else if (typeof KJUR.crypto.ECDSA != 'undefined' &&
+1653 params instanceof KJUR.crypto.ECDSA) {
+1654 this._setEC(params);
+1655 } else if (typeof KJUR.crypto.DSA != 'undefined' &&
+1656 params instanceof KJUR.crypto.DSA) {
+1657 this._setDSA(params);
+1658 } else if (typeof params['rsakey'] != "undefined") {
+1659 this.setRSAKey(params['rsakey']);
+1660 } else if (typeof params['rsapem'] != "undefined") {
+1661 this.setRSAPEM(params['rsapem']);
+1662 }
+1663 }
+1664 };
+1665 YAHOO.lang.extend(KJUR.asn1.x509.SubjectPublicKeyInfo, KJUR.asn1.ASN1Object);
1666
-1667 if (this.type == null)
-1668 throw "unsupported type in params=" + params;
-1669 this.asn1Obj = new KJUR.asn1.DERTaggedObject({'explicit': this.explicit,
-1670 'tag': pTag[this.type],
-1671 'obj': v});
-1672 };
-1673
-1674 this.getEncodedHex = function() {
-1675 return this.asn1Obj.getEncodedHex();
-1676 }
-1677
-1678 if (typeof params != "undefined") {
-1679 this.setByParam(params);
-1680 }
-1681
-1682 };
-1683 YAHOO.lang.extend(KJUR.asn1.x509.GeneralName, KJUR.asn1.ASN1Object);
+1667 /**
+1668 * Time ASN.1 structure class
+1669 * @name KJUR.asn1.x509.Time
+1670 * @class Time ASN.1 structure class
+1671 * @param {Array} params associative array of parameters (ex. {'str': '130508235959Z'})
+1672 * @extends KJUR.asn1.ASN1Object
+1673 * @description
+1674 * <br/>
+1675 * <h4>EXAMPLES</h4>
+1676 * @example
+1677 * var t1 = new KJUR.asn1.x509.Time{'str': '130508235959Z'} // UTCTime by default
+1678 * var t2 = new KJUR.asn1.x509.Time{'type': 'gen', 'str': '20130508235959Z'} // GeneralizedTime
+1679 */
+1680 KJUR.asn1.x509.Time = function(params) {
+1681 KJUR.asn1.x509.Time.superclass.constructor.call(this);
+1682 var type = null;
+1683 var timeParams = null;
1684
-1685 /**
-1686 * GeneralNames ASN.1 structure class
-1687 * @name KJUR.asn1.x509.GeneralNames
-1688 * @class GeneralNames ASN.1 structure class
-1689 * @description
-1690 * <br/>
-1691 * <h4>EXAMPLE AND ASN.1 SYNTAX</h4>
-1692 * @example
-1693 * var gns = new KJUR.asn1.x509.GeneralNames([{'uri': 'http://aaa.com/'}, {'uri': 'http://bbb.com/'}]);
-1694 *
-1695 * GeneralNames ::= SEQUENCE SIZE (1..MAX) OF GeneralName
-1696 */
-1697 KJUR.asn1.x509.GeneralNames = function(paramsArray) {
-1698 KJUR.asn1.x509.GeneralNames.superclass.constructor.call(this);
-1699 var asn1Array = null;
-1700
-1701 /**
-1702 * set a array of {@link KJUR.asn1.x509.GeneralName} parameters
-1703 * @name setByParamArray
-1704 * @memberOf KJUR.asn1.x509.GeneralNames
-1705 * @function
-1706 * @param {Array} paramsArray Array of {@link KJUR.asn1.x509.GeneralNames}
-1707 * @description
-1708 * <br/>
-1709 * <h4>EXAMPLES</h4>
-1710 * @example
-1711 * var gns = new KJUR.asn1.x509.GeneralNames();
-1712 * gns.setByParamArray([{'uri': 'http://aaa.com/'}, {'uri': 'http://bbb.com/'}]);
-1713 */
-1714 this.setByParamArray = function(paramsArray) {
-1715 for (var i = 0; i < paramsArray.length; i++) {
-1716 var o = new KJUR.asn1.x509.GeneralName(paramsArray[i]);
-1717 this.asn1Array.push(o);
+1685 this.setTimeParams = function(timeParams) {
+1686 this.timeParams = timeParams;
+1687 }
+1688
+1689 this.getEncodedHex = function() {
+1690 var o = null;
+1691
+1692 if (this.timeParams != null) {
+1693 if (this.type == "utc") {
+1694 o = new KJUR.asn1.DERUTCTime(this.timeParams);
+1695 } else {
+1696 o = new KJUR.asn1.DERGeneralizedTime(this.timeParams);
+1697 }
+1698 } else {
+1699 if (this.type == "utc") {
+1700 o = new KJUR.asn1.DERUTCTime();
+1701 } else {
+1702 o = new KJUR.asn1.DERGeneralizedTime();
+1703 }
+1704 }
+1705 this.TLV = o.getEncodedHex();
+1706 return this.TLV;
+1707 };
+1708
+1709 this.type = "utc";
+1710 if (typeof params != "undefined") {
+1711 if (typeof params.type != "undefined") {
+1712 this.type = params.type;
+1713 } else {
+1714 if (typeof params.str != "undefined") {
+1715 if (params.str.match(/^[0-9]{12}Z$/)) this.type = "utc";
+1716 if (params.str.match(/^[0-9]{14}Z$/)) this.type = "gen";
+1717 }
1718 }
-1719 };
-1720
-1721 this.getEncodedHex = function() {
-1722 var o = new KJUR.asn1.DERSequence({'array': this.asn1Array});
-1723 return o.getEncodedHex();
-1724 };
-1725
-1726 this.asn1Array = new Array();
-1727 if (typeof paramsArray != "undefined") {
-1728 this.setByParamArray(paramsArray);
-1729 }
-1730 };
-1731 YAHOO.lang.extend(KJUR.asn1.x509.GeneralNames, KJUR.asn1.ASN1Object);
-1732
-1733 /**
-1734 * DistributionPointName ASN.1 structure class
-1735 * @name KJUR.asn1.x509.DistributionPointName
-1736 * @class DistributionPointName ASN.1 structure class
-1737 * @description
-1738 * @example
-1739 */
-1740 KJUR.asn1.x509.DistributionPointName = function(gnOrRdn) {
-1741 KJUR.asn1.x509.DistributionPointName.superclass.constructor.call(this);
-1742 var asn1Obj = null;
-1743 var type = null;
-1744 var tag = null;
-1745 var asn1V = null;
-1746
-1747 this.getEncodedHex = function() {
-1748 if (this.type != "full")
-1749 throw "currently type shall be 'full': " + this.type;
-1750 this.asn1Obj = new KJUR.asn1.DERTaggedObject({'explicit': false,
-1751 'tag': this.tag,
-1752 'obj': this.asn1V});
-1753 this.hTLV = this.asn1Obj.getEncodedHex();
-1754 return this.hTLV;
-1755 };
-1756
-1757 if (typeof gnOrRdn != "undefined") {
-1758 if (KJUR.asn1.x509.GeneralNames.prototype.isPrototypeOf(gnOrRdn)) {
-1759 this.type = "full";
-1760 this.tag = "a0";
-1761 this.asn1V = gnOrRdn;
-1762 } else {
-1763 throw "This class supports GeneralNames only as argument";
+1719 this.timeParams = params;
+1720 }
+1721 };
+1722 YAHOO.lang.extend(KJUR.asn1.x509.Time, KJUR.asn1.ASN1Object);
+1723
+1724 /**
+1725 * AlgorithmIdentifier ASN.1 structure class
+1726 * @name KJUR.asn1.x509.AlgorithmIdentifier
+1727 * @class AlgorithmIdentifier ASN.1 structure class
+1728 * @param {Array} params associative array of parameters (ex. {'name': 'SHA1withRSA'})
+1729 * @extends KJUR.asn1.ASN1Object
+1730 * @description
+1731 * @example
+1732 * algId1 = new KJUR.asn1.x509.AlgorithmIdentifier({name: "sha1"});
+1733 */
+1734 KJUR.asn1.x509.AlgorithmIdentifier = function(params) {
+1735 KJUR.asn1.x509.AlgorithmIdentifier.superclass.constructor.call(this);
+1736 var nameAlg = null;
+1737 var asn1Alg = null;
+1738 var asn1Params = null;
+1739 var paramEmpty = false;
+1740
+1741 this.getEncodedHex = function() {
+1742 if (this.nameAlg == null && this.asn1Alg == null) {
+1743 throw "algorithm not specified";
+1744 }
+1745 if (this.nameAlg != null && this.asn1Alg == null) {
+1746 this.asn1Alg = KJUR.asn1.x509.OID.name2obj(this.nameAlg);
+1747 }
+1748 var a = [this.asn1Alg];
+1749 if (! this.paramEmpty) a.push(this.asn1Params);
+1750 var o = new KJUR.asn1.DERSequence({'array': a});
+1751 this.hTLV = o.getEncodedHex();
+1752 return this.hTLV;
+1753 };
+1754
+1755 if (typeof params != "undefined") {
+1756 if (typeof params['name'] != "undefined") {
+1757 this.nameAlg = params['name'];
+1758 }
+1759 if (typeof params['asn1params'] != "undefined") {
+1760 this.asn1Params = params['asn1params'];
+1761 }
+1762 if (typeof params['paramempty'] != "undefined") {
+1763 this.paramEmpty = params['paramempty'];
1764 }
1765 }
-1766 };
-1767 YAHOO.lang.extend(KJUR.asn1.x509.DistributionPointName, KJUR.asn1.ASN1Object);
-1768
-1769 /**
-1770 * DistributionPoint ASN.1 structure class
-1771 * @name KJUR.asn1.x509.DistributionPoint
-1772 * @class DistributionPoint ASN.1 structure class
-1773 * @description
-1774 * @example
-1775 */
-1776 KJUR.asn1.x509.DistributionPoint = function(params) {
-1777 KJUR.asn1.x509.DistributionPoint.superclass.constructor.call(this);
-1778 var asn1DP = null;
-1779
-1780 this.getEncodedHex = function() {
-1781 var seq = new KJUR.asn1.DERSequence();
-1782 if (this.asn1DP != null) {
-1783 var o1 = new KJUR.asn1.DERTaggedObject({'explicit': true,
-1784 'tag': 'a0',
-1785 'obj': this.asn1DP});
-1786 seq.appendASN1Object(o1);
-1787 }
-1788 this.hTLV = seq.getEncodedHex();
-1789 return this.hTLV;
-1790 };
-1791
-1792 if (typeof params != "undefined") {
-1793 if (typeof params['dpobj'] != "undefined") {
-1794 this.asn1DP = params['dpobj'];
-1795 }
-1796 }
-1797 };
-1798 YAHOO.lang.extend(KJUR.asn1.x509.DistributionPoint, KJUR.asn1.ASN1Object);
-1799
-1800 /**
-1801 * static object for OID
-1802 * @name KJUR.asn1.x509.OID
-1803 * @class static object for OID
-1804 * @property {Assoc Array} atype2oidList for short attribyte type name and oid (i.e. 'C' and '2.5.4.6')
-1805 * @property {Assoc Array} name2oidList for oid name and oid (i.e. 'keyUsage' and '2.5.29.15')
-1806 * @property {Assoc Array} objCache for caching name and DERObjectIdentifier object
-1807 * @description
-1808 * <dl>
-1809 * <dt><b>atype2oidList</b>
-1810 * <dd>currently supports 'C', 'O', 'OU', 'ST', 'L' and 'CN' only.
-1811 * <dt><b>name2oidList</b>
-1812 * <dd>currently supports 'SHA1withRSA', 'rsaEncryption' and some extension OIDs
-1813 * </dl>
-1814 * @example
-1815 */
-1816 KJUR.asn1.x509.OID = new function(params) {
-1817 this.atype2oidList = {
-1818 'C': '2.5.4.6',
-1819 'O': '2.5.4.10',
-1820 'OU': '2.5.4.11',
-1821 'ST': '2.5.4.8',
-1822 'L': '2.5.4.7',
-1823 'CN': '2.5.4.3',
-1824 'SN': '2.5.4.4',
-1825 'DN': '2.5.4.49',
-1826 'DC': '0.9.2342.19200300.100.1.25',
-1827 };
-1828 this.name2oidList = {
-1829 'sha1': '1.3.14.3.2.26',
-1830 'sha256': '2.16.840.1.101.3.4.2.1',
-1831 'sha384': '2.16.840.1.101.3.4.2.2',
-1832 'sha512': '2.16.840.1.101.3.4.2.3',
-1833 'sha224': '2.16.840.1.101.3.4.2.4',
-1834 'md5': '1.2.840.113549.2.5',
-1835 'md2': '1.3.14.7.2.2.1',
-1836 'ripemd160': '1.3.36.3.2.1',
-1837
-1838 'MD2withRSA': '1.2.840.113549.1.1.2',
-1839 'MD4withRSA': '1.2.840.113549.1.1.3',
-1840 'MD5withRSA': '1.2.840.113549.1.1.4',
-1841 'SHA1withRSA': '1.2.840.113549.1.1.5',
-1842 'SHA224withRSA': '1.2.840.113549.1.1.14',
-1843 'SHA256withRSA': '1.2.840.113549.1.1.11',
-1844 'SHA384withRSA': '1.2.840.113549.1.1.12',
-1845 'SHA512withRSA': '1.2.840.113549.1.1.13',
-1846
-1847 'SHA1withECDSA': '1.2.840.10045.4.1',
-1848 'SHA224withECDSA': '1.2.840.10045.4.3.1',
-1849 'SHA256withECDSA': '1.2.840.10045.4.3.2',
-1850 'SHA384withECDSA': '1.2.840.10045.4.3.3',
-1851 'SHA512withECDSA': '1.2.840.10045.4.3.4',
-1852
-1853 'dsa': '1.2.840.10040.4.1',
-1854 'SHA1withDSA': '1.2.840.10040.4.3',
-1855 'SHA224withDSA': '2.16.840.1.101.3.4.3.1',
-1856 'SHA256withDSA': '2.16.840.1.101.3.4.3.2',
-1857
-1858 'rsaEncryption': '1.2.840.113549.1.1.1',
-1859
-1860 'countryName': '2.5.4.6',
-1861 'organization': '2.5.4.10',
-1862 'organizationalUnit': '2.5.4.11',
-1863 'stateOrProvinceName': '2.5.4.8',
-1864 'locality': '2.5.4.7',
-1865 'commonName': '2.5.4.3',
-1866
-1867 'subjectKeyIdentifier': '2.5.29.14',
-1868 'keyUsage': '2.5.29.15',
-1869 'subjectAltName': '2.5.29.17',
-1870 'basicConstraints': '2.5.29.19',
-1871 'nameConstraints': '2.5.29.30',
-1872 'cRLDistributionPoints':'2.5.29.31',
-1873 'certificatePolicies': '2.5.29.32',
-1874 'authorityKeyIdentifier':'2.5.29.35',
-1875 'policyConstraints': '2.5.29.36',
-1876 'extKeyUsage': '2.5.29.37',
-1877 'authorityInfoAccess': '1.3.6.1.5.5.7.1.1',
-1878
-1879 'anyExtendedKeyUsage': '2.5.29.37.0',
-1880 'serverAuth': '1.3.6.1.5.5.7.3.1',
-1881 'clientAuth': '1.3.6.1.5.5.7.3.2',
-1882 'codeSigning': '1.3.6.1.5.5.7.3.3',
-1883 'emailProtection': '1.3.6.1.5.5.7.3.4',
-1884 'timeStamping': '1.3.6.1.5.5.7.3.8',
-1885 'ocspSigning': '1.3.6.1.5.5.7.3.9',
-1886
-1887 'ecPublicKey': '1.2.840.10045.2.1',
-1888 'secp256r1': '1.2.840.10045.3.1.7',
-1889 'secp256k1': '1.3.132.0.10',
-1890 'secp384r1': '1.3.132.0.34',
-1891
-1892 'pkcs5PBES2': '1.2.840.113549.1.5.13',
-1893 'pkcs5PBKDF2': '1.2.840.113549.1.5.12',
-1894
-1895 'des-EDE3-CBC': '1.2.840.113549.3.7',
-1896
-1897 'data': '1.2.840.113549.1.7.1', // CMS data
-1898 'signed-data': '1.2.840.113549.1.7.2', // CMS signed-data
-1899 'enveloped-data': '1.2.840.113549.1.7.3', // CMS enveloped-data
-1900 'digested-data': '1.2.840.113549.1.7.5', // CMS digested-data
-1901 'encrypted-data': '1.2.840.113549.1.7.6', // CMS encrypted-data
-1902 'authenticated-data': '1.2.840.113549.1.9.16.1.2', // CMS authenticated-data
-1903 'tstinfo': '1.2.840.113549.1.9.16.1.4', // RFC3161 TSTInfo
-1904 };
-1905
-1906 this.objCache = {};
-1907
-1908 /**
-1909 * get DERObjectIdentifier by registered OID name
-1910 * @name name2obj
-1911 * @memberOf KJUR.asn1.x509.OID
-1912 * @function
-1913 * @param {String} name OID
-1914 * @description
-1915 * @example
-1916 * var asn1ObjOID = OID.name2obj('SHA1withRSA');
-1917 */
-1918 this.name2obj = function(name) {
-1919 if (typeof this.objCache[name] != "undefined")
-1920 return this.objCache[name];
-1921 if (typeof this.name2oidList[name] == "undefined")
-1922 throw "Name of ObjectIdentifier not defined: " + name;
-1923 var oid = this.name2oidList[name];
-1924 var obj = new KJUR.asn1.DERObjectIdentifier({'oid': oid});
-1925 this.objCache[name] = obj;
-1926 return obj;
+1766 if (this.asn1Params == null) {
+1767 this.asn1Params = new KJUR.asn1.DERNull();
+1768 }
+1769 };
+1770 YAHOO.lang.extend(KJUR.asn1.x509.AlgorithmIdentifier, KJUR.asn1.ASN1Object);
+1771
+1772 /**
+1773 * GeneralName ASN.1 structure class
+1774 * @name KJUR.asn1.x509.GeneralName
+1775 * @class GeneralName ASN.1 structure class
+1776 * @description
+1777 * <br/>
+1778 * As for argument 'params' for constructor, you can specify one of
+1779 * following properties:
+1780 * <ul>
+1781 * <li>rfc822 - rfc822Name[1] (ex. user1@foo.com)</li>
+1782 * <li>dns - dNSName[2] (ex. foo.com)</li>
+1783 * <li>uri - uniformResourceIdentifier[6] (ex. http://foo.com/)</li>
+1784 * <li>certissuer - directoryName[4] (PEM or hex string of cert)</li>
+1785 * <li>certsubj - directoryName[4] (PEM or hex string of cert)</li>
+1786 * </ul>
+1787 * NOTE1: certissuer and certsubj is supported since asn1x509 1.0.10.
+1788 *
+1789 * Here is definition of the ASN.1 syntax:
+1790 * <pre>
+1791 * -- NOTE: under the CHOICE, it will always be explicit.
+1792 * GeneralName ::= CHOICE {
+1793 * otherName [0] OtherName,
+1794 * rfc822Name [1] IA5String,
+1795 * dNSName [2] IA5String,
+1796 * x400Address [3] ORAddress,
+1797 * directoryName [4] Name,
+1798 * ediPartyName [5] EDIPartyName,
+1799 * uniformResourceIdentifier [6] IA5String,
+1800 * iPAddress [7] OCTET STRING,
+1801 * registeredID [8] OBJECT IDENTIFIER }
+1802 * </pre>
+1803 *
+1804 *
+1805 *
+1806 * @example
+1807 * gn = new KJUR.asn1.x509.GeneralName({rfc822: 'test@aaa.com'});
+1808 * gn = new KJUR.asn1.x509.GeneralName({dns: 'aaa.com'});
+1809 * gn = new KJUR.asn1.x509.GeneralName({uri: 'http://aaa.com/'});
+1810 * gn = new KJUR.asn1.x509.GeneralName({certissuer: certPEM});
+1811 * gn = new KJUR.asn1.x509.GeneralName({certsubj: certPEM});
+1812 */
+1813 KJUR.asn1.x509.GeneralName = function(params) {
+1814 KJUR.asn1.x509.GeneralName.superclass.constructor.call(this);
+1815 var asn1Obj = null;
+1816 var type = null;
+1817 var pTag = {rfc822: '81', dns: '82', dn: 'a4', uri: '86'};
+1818 this.explicit = false;
+1819
+1820 this.setByParam = function(params) {
+1821 var str = null;
+1822 var v = null;
+1823
+1824 if (typeof params == "undefined") return;
+1825
+1826 if (typeof params.rfc822 != "undefined") {
+1827 this.type = 'rfc822';
+1828 v = new KJUR.asn1.DERIA5String({'str': params[this.type]});
+1829 }
+1830 if (typeof params.dns != "undefined") {
+1831 this.type = 'dns';
+1832 v = new KJUR.asn1.DERIA5String({'str': params[this.type]});
+1833 }
+1834 if (typeof params.uri != "undefined") {
+1835 this.type = 'uri';
+1836 v = new KJUR.asn1.DERIA5String({'str': params[this.type]});
+1837 }
+1838 if (typeof params.certissuer != "undefined") {
+1839 this.type = 'dn';
+1840 this.explicit = true;
+1841 var certStr = params.certissuer;
+1842 var certHex = null;
+1843 if (certStr.match(/^[0-9A-Fa-f]+$/)) {
+1844 certHex == certStr;
+1845 }
+1846 if (certStr.indexOf("-----BEGIN ") != -1) {
+1847 certHex = X509.pemToHex(certStr);
+1848 }
+1849 if (certHex == null) throw "certissuer param not cert";
+1850 var x = new X509();
+1851 x.hex = certHex;
+1852 var dnHex = x.getIssuerHex();
+1853 v = new KJUR.asn1.ASN1Object();
+1854 v.hTLV = dnHex;
+1855 }
+1856 if (typeof params.certsubj != "undefined") {
+1857 this.type = 'dn';
+1858 this.explicit = true;
+1859 var certStr = params.certsubj;
+1860 var certHex = null;
+1861 if (certStr.match(/^[0-9A-Fa-f]+$/)) {
+1862 certHex == certStr;
+1863 }
+1864 if (certStr.indexOf("-----BEGIN ") != -1) {
+1865 certHex = X509.pemToHex(certStr);
+1866 }
+1867 if (certHex == null) throw "certsubj param not cert";
+1868 var x = new X509();
+1869 x.hex = certHex;
+1870 var dnHex = x.getSubjectHex();
+1871 v = new KJUR.asn1.ASN1Object();
+1872 v.hTLV = dnHex;
+1873 }
+1874
+1875 if (this.type == null)
+1876 throw "unsupported type in params=" + params;
+1877 this.asn1Obj = new KJUR.asn1.DERTaggedObject({'explicit': this.explicit,
+1878 'tag': pTag[this.type],
+1879 'obj': v});
+1880 };
+1881
+1882 this.getEncodedHex = function() {
+1883 return this.asn1Obj.getEncodedHex();
+1884 }
+1885
+1886 if (typeof params != "undefined") {
+1887 this.setByParam(params);
+1888 }
+1889
+1890 };
+1891 YAHOO.lang.extend(KJUR.asn1.x509.GeneralName, KJUR.asn1.ASN1Object);
+1892
+1893 /**
+1894 * GeneralNames ASN.1 structure class
+1895 * @name KJUR.asn1.x509.GeneralNames
+1896 * @class GeneralNames ASN.1 structure class
+1897 * @description
+1898 * <br/>
+1899 * <h4>EXAMPLE AND ASN.1 SYNTAX</h4>
+1900 * @example
+1901 * var gns = new KJUR.asn1.x509.GeneralNames([{'uri': 'http://aaa.com/'}, {'uri': 'http://bbb.com/'}]);
+1902 *
+1903 * GeneralNames ::= SEQUENCE SIZE (1..MAX) OF GeneralName
+1904 */
+1905 KJUR.asn1.x509.GeneralNames = function(paramsArray) {
+1906 KJUR.asn1.x509.GeneralNames.superclass.constructor.call(this);
+1907 var asn1Array = null;
+1908
+1909 /**
+1910 * set a array of {@link KJUR.asn1.x509.GeneralName} parameters
+1911 * @name setByParamArray
+1912 * @memberOf KJUR.asn1.x509.GeneralNames
+1913 * @function
+1914 * @param {Array} paramsArray Array of {@link KJUR.asn1.x509.GeneralNames}
+1915 * @description
+1916 * <br/>
+1917 * <h4>EXAMPLES</h4>
+1918 * @example
+1919 * var gns = new KJUR.asn1.x509.GeneralNames();
+1920 * gns.setByParamArray([{'uri': 'http://aaa.com/'}, {'uri': 'http://bbb.com/'}]);
+1921 */
+1922 this.setByParamArray = function(paramsArray) {
+1923 for (var i = 0; i < paramsArray.length; i++) {
+1924 var o = new KJUR.asn1.x509.GeneralName(paramsArray[i]);
+1925 this.asn1Array.push(o);
+1926 }
1927 };
1928
-1929 /**
-1930 * get DERObjectIdentifier by registered attribyte type name such like 'C' or 'CN'
-1931 * @name atype2obj
-1932 * @memberOf KJUR.asn1.x509.OID
-1933 * @function
-1934 * @param {String} atype short attribute type name such like 'C' or 'CN'
-1935 * @description
-1936 * @example
-1937 * var asn1ObjOID = OID.atype2obj('CN');
-1938 */
-1939 this.atype2obj = function(atype) {
-1940 if (typeof this.objCache[atype] != "undefined")
-1941 return this.objCache[atype];
-1942 if (typeof this.atype2oidList[atype] == "undefined")
-1943 throw "AttributeType name undefined: " + atype;
-1944 var oid = this.atype2oidList[atype];
-1945 var obj = new KJUR.asn1.DERObjectIdentifier({'oid': oid});
-1946 this.objCache[atype] = obj;
-1947 return obj;
-1948 };
-1949 };
-1950
-1951 /*
-1952 * convert OID to name
-1953 * @name oid2name
-1954 * @memberOf KJUR.asn1.x509.OID
-1955 * @function
-1956 * @param {String} dot noted Object Identifer string (ex. 1.2.3.4)
-1957 * @return {String} OID name
-1958 * @description
-1959 * This static method converts OID string to its name.
-1960 * If OID is undefined then it returns empty string (i.e. '').
-1961 * @example
-1962 * name = KJUR.asn1.x509.OID.oid2name("1.3.6.1.5.5.7.1.1");
-1963 * // name will be 'authorityInfoAccess'.
-1964 * @since asn1x509 1.0.9
-1965 */
-1966 KJUR.asn1.x509.OID.oid2name = function(oid) {
-1967 var list = KJUR.asn1.x509.OID.name2oidList;
-1968 for (var name in list) {
-1969 if (list[name] == oid) return name;
-1970 }
-1971 return '';
-1972 };
-1973
-1974 /*
-1975 * convert name to OID
-1976 * @name name2oid
-1977 * @memberOf KJUR.asn1.x509.OID
-1978 * @function
-1979 * @param {String} OID name
-1980 * @return {String} dot noted Object Identifer string (ex. 1.2.3.4)
+1929 this.getEncodedHex = function() {
+1930 var o = new KJUR.asn1.DERSequence({'array': this.asn1Array});
+1931 return o.getEncodedHex();
+1932 };
+1933
+1934 this.asn1Array = new Array();
+1935 if (typeof paramsArray != "undefined") {
+1936 this.setByParamArray(paramsArray);
+1937 }
+1938 };
+1939 YAHOO.lang.extend(KJUR.asn1.x509.GeneralNames, KJUR.asn1.ASN1Object);
+1940
+1941 /**
+1942 * DistributionPointName ASN.1 structure class
+1943 * @name KJUR.asn1.x509.DistributionPointName
+1944 * @class DistributionPointName ASN.1 structure class
+1945 * @description
+1946 * @example
+1947 */
+1948 KJUR.asn1.x509.DistributionPointName = function(gnOrRdn) {
+1949 KJUR.asn1.x509.DistributionPointName.superclass.constructor.call(this);
+1950 var asn1Obj = null;
+1951 var type = null;
+1952 var tag = null;
+1953 var asn1V = null;
+1954
+1955 this.getEncodedHex = function() {
+1956 if (this.type != "full")
+1957 throw "currently type shall be 'full': " + this.type;
+1958 this.asn1Obj = new KJUR.asn1.DERTaggedObject({'explicit': false,
+1959 'tag': this.tag,
+1960 'obj': this.asn1V});
+1961 this.hTLV = this.asn1Obj.getEncodedHex();
+1962 return this.hTLV;
+1963 };
+1964
+1965 if (typeof gnOrRdn != "undefined") {
+1966 if (KJUR.asn1.x509.GeneralNames.prototype.isPrototypeOf(gnOrRdn)) {
+1967 this.type = "full";
+1968 this.tag = "a0";
+1969 this.asn1V = gnOrRdn;
+1970 } else {
+1971 throw "This class supports GeneralNames only as argument";
+1972 }
+1973 }
+1974 };
+1975 YAHOO.lang.extend(KJUR.asn1.x509.DistributionPointName, KJUR.asn1.ASN1Object);
+1976
+1977 /**
+1978 * DistributionPoint ASN.1 structure class
+1979 * @name KJUR.asn1.x509.DistributionPoint
+1980 * @class DistributionPoint ASN.1 structure class
1981 * @description
-1982 * This static method converts from OID name to OID string.
-1983 * If OID is undefined then it returns empty string (i.e. '').
-1984 * @example
-1985 * name = KJUR.asn1.x509.OID.name2oid("authorityInfoAccess");
-1986 * // name will be '1.3.6.1.5.5.7.1.1'.
-1987 * @since asn1x509 1.0.11
-1988 */
-1989 KJUR.asn1.x509.OID.name2oid = function(name) {
-1990 var list = KJUR.asn1.x509.OID.name2oidList;
-1991 if (list[name] === undefined) return '';
-1992 return list[name];
-1993 };
-1994
-1995 /**
-1996 * X.509 certificate and CRL utilities class
-1997 * @name KJUR.asn1.x509.X509Util
-1998 * @class X.509 certificate and CRL utilities class
-1999 */
-2000 KJUR.asn1.x509.X509Util = new function() {
-2001 /**
-2002 * get PKCS#8 PEM public key string from RSAKey object
-2003 * @name getPKCS8PubKeyPEMfromRSAKey
-2004 * @memberOf KJUR.asn1.x509.X509Util
-2005 * @function
-2006 * @param {RSAKey} rsaKey RSA public key of {@link RSAKey} object
-2007 * @description
-2008 * @example
-2009 * var pem = KJUR.asn1.x509.X509Util.getPKCS8PubKeyPEMfromRSAKey(pubKey);
-2010 */
-2011 this.getPKCS8PubKeyPEMfromRSAKey = function(rsaKey) {
-2012 var pem = null;
-2013 var hN = KJUR.asn1.ASN1Util.bigIntToMinTwosComplementsHex(rsaKey.n);
-2014 var hE = KJUR.asn1.ASN1Util.integerToByteHex(rsaKey.e);
-2015 var iN = new KJUR.asn1.DERInteger({hex: hN});
-2016 var iE = new KJUR.asn1.DERInteger({hex: hE});
-2017 var asn1PubKey = new KJUR.asn1.DERSequence({array: [iN, iE]});
-2018 var hPubKey = asn1PubKey.getEncodedHex();
-2019 var o1 = new KJUR.asn1.x509.AlgorithmIdentifier({name: 'rsaEncryption'});
-2020 var o2 = new KJUR.asn1.DERBitString({hex: '00' + hPubKey});
-2021 var seq = new KJUR.asn1.DERSequence({array: [o1, o2]});
-2022 var hP8 = seq.getEncodedHex();
-2023 var pem = KJUR.asn1.ASN1Util.getPEMStringFromHex(hP8, "PUBLIC KEY");
-2024 return pem;
-2025 };
-2026 };
-2027 /**
-2028 * issue a certificate in PEM format
-2029 * @name newCertPEM
-2030 * @memberOf KJUR.asn1.x509.X509Util
-2031 * @function
-2032 * @param {Array} param parameter to issue a certificate
-2033 * @since asn1x509 1.0.6
-2034 * @description
-2035 * This method can issue a certificate by a simple
-2036 * JSON object.
-2037 * Signature value will be provided by signing with
-2038 * private key using 'cakey' parameter or
-2039 * hexa decimal signature value by 'sighex' parameter.
-2040 *
-2041 * NOTE: When using DSA or ECDSA CA signing key,
-2042 * use 'paramempty' in 'sigalg' to ommit parameter field
-2043 * of AlgorithmIdentifer. In case of RSA, parameter
-2044 * NULL will be specified by default.
-2045 *
-2046 * @example
-2047 * var certPEM = KJUR.asn1.x509.X509Util.newCertPEM(
-2048 * { serial: {int: 4},
-2049 * sigalg: {name: 'SHA1withECDSA', paramempty: true},
-2050 * issuer: {str: '/C=US/O=a'},
-2051 * notbefore: {'str': '130504235959Z'},
-2052 * notafter: {'str': '140504235959Z'},
-2053 * subject: {str: '/C=US/O=b'},
-2054 * sbjpubkey: pubKeyPEM,
-2055 * ext: [
-2056 * {basicConstraints: {cA: true, critical: true}},
-2057 * {keyUsage: {bin: '11'}},
-2058 * ],
-2059 * cakey: [prvkey, pass]}
-2060 * );
-2061 * // -- or --
-2062 * var certPEM = KJUR.asn1.x509.X509Util.newCertPEM(
-2063 * { serial: {int: 1},
-2064 * sigalg: {name: 'SHA1withRSA', paramempty: true},
-2065 * issuer: {str: '/C=US/O=T1'},
-2066 * notbefore: {'str': '130504235959Z'},
-2067 * notafter: {'str': '140504235959Z'},
-2068 * subject: {str: '/C=US/O=T1'},
-2069 * sbjpubkey: pubKeyObj,
-2070 * sighex: '0102030405..'}
-2071 * );
-2072 * // for the issuer and subject field, another
-2073 * // representation is also available
-2074 * var certPEM = KJUR.asn1.x509.X509Util.newCertPEM(
-2075 * { serial: {int: 1},
-2076 * sigalg: {name: 'SHA1withRSA', paramempty: true},
-2077 * issuer: {C: "US", O: "T1"},
-2078 * notbefore: {'str': '130504235959Z'},
-2079 * notafter: {'str': '140504235959Z'},
-2080 * subject: {C: "US", O: "T1", CN: "http://example.com/"},
-2081 * sbjpubkey: pubKeyObj,
-2082 * sighex: '0102030405..'}
-2083 * );
-2084 */
-2085 KJUR.asn1.x509.X509Util.newCertPEM = function(param) {
-2086 var ns1 = KJUR.asn1.x509;
-2087 var o = new ns1.TBSCertificate();
+1982 * @example
+1983 */
+1984 KJUR.asn1.x509.DistributionPoint = function(params) {
+1985 KJUR.asn1.x509.DistributionPoint.superclass.constructor.call(this);
+1986 var asn1DP = null;
+1987
+1988 this.getEncodedHex = function() {
+1989 var seq = new KJUR.asn1.DERSequence();
+1990 if (this.asn1DP != null) {
+1991 var o1 = new KJUR.asn1.DERTaggedObject({'explicit': true,
+1992 'tag': 'a0',
+1993 'obj': this.asn1DP});
+1994 seq.appendASN1Object(o1);
+1995 }
+1996 this.hTLV = seq.getEncodedHex();
+1997 return this.hTLV;
+1998 };
+1999
+2000 if (typeof params != "undefined") {
+2001 if (typeof params['dpobj'] != "undefined") {
+2002 this.asn1DP = params['dpobj'];
+2003 }
+2004 }
+2005 };
+2006 YAHOO.lang.extend(KJUR.asn1.x509.DistributionPoint, KJUR.asn1.ASN1Object);
+2007
+2008 /**
+2009 * static object for OID
+2010 * @name KJUR.asn1.x509.OID
+2011 * @class static object for OID
+2012 * @property {Assoc Array} atype2oidList for short attribyte type name and oid (i.e. 'C' and '2.5.4.6')
+2013 * @property {Assoc Array} name2oidList for oid name and oid (i.e. 'keyUsage' and '2.5.29.15')
+2014 * @property {Assoc Array} objCache for caching name and DERObjectIdentifier object
+2015 * @description
+2016 * <dl>
+2017 * <dt><b>atype2oidList</b>
+2018 * <dd>currently supports 'C', 'O', 'OU', 'ST', 'L' and 'CN' only.
+2019 * <dt><b>name2oidList</b>
+2020 * <dd>currently supports 'SHA1withRSA', 'rsaEncryption' and some extension OIDs
+2021 * </dl>
+2022 * @example
+2023 */
+2024 KJUR.asn1.x509.OID = new function(params) {
+2025 this.atype2oidList = {
+2026 'C': '2.5.4.6',
+2027 'O': '2.5.4.10',
+2028 'OU': '2.5.4.11',
+2029 'ST': '2.5.4.8',
+2030 'L': '2.5.4.7',
+2031 'CN': '2.5.4.3',
+2032 'SN': '2.5.4.4',
+2033 'DN': '2.5.4.49',
+2034 'DC': '0.9.2342.19200300.100.1.25',
+2035 };
+2036 this.name2oidList = {
+2037 'sha1': '1.3.14.3.2.26',
+2038 'sha256': '2.16.840.1.101.3.4.2.1',
+2039 'sha384': '2.16.840.1.101.3.4.2.2',
+2040 'sha512': '2.16.840.1.101.3.4.2.3',
+2041 'sha224': '2.16.840.1.101.3.4.2.4',
+2042 'md5': '1.2.840.113549.2.5',
+2043 'md2': '1.3.14.7.2.2.1',
+2044 'ripemd160': '1.3.36.3.2.1',
+2045
+2046 'MD2withRSA': '1.2.840.113549.1.1.2',
+2047 'MD4withRSA': '1.2.840.113549.1.1.3',
+2048 'MD5withRSA': '1.2.840.113549.1.1.4',
+2049 'SHA1withRSA': '1.2.840.113549.1.1.5',
+2050 'SHA224withRSA': '1.2.840.113549.1.1.14',
+2051 'SHA256withRSA': '1.2.840.113549.1.1.11',
+2052 'SHA384withRSA': '1.2.840.113549.1.1.12',
+2053 'SHA512withRSA': '1.2.840.113549.1.1.13',
+2054
+2055 'SHA1withECDSA': '1.2.840.10045.4.1',
+2056 'SHA224withECDSA': '1.2.840.10045.4.3.1',
+2057 'SHA256withECDSA': '1.2.840.10045.4.3.2',
+2058 'SHA384withECDSA': '1.2.840.10045.4.3.3',
+2059 'SHA512withECDSA': '1.2.840.10045.4.3.4',
+2060
+2061 'dsa': '1.2.840.10040.4.1',
+2062 'SHA1withDSA': '1.2.840.10040.4.3',
+2063 'SHA224withDSA': '2.16.840.1.101.3.4.3.1',
+2064 'SHA256withDSA': '2.16.840.1.101.3.4.3.2',
+2065
+2066 'rsaEncryption': '1.2.840.113549.1.1.1',
+2067
+2068 'countryName': '2.5.4.6',
+2069 'organization': '2.5.4.10',
+2070 'organizationalUnit': '2.5.4.11',
+2071 'stateOrProvinceName': '2.5.4.8',
+2072 'locality': '2.5.4.7',
+2073 'commonName': '2.5.4.3',
+2074
+2075 'subjectKeyIdentifier': '2.5.29.14',
+2076 'keyUsage': '2.5.29.15',
+2077 'subjectAltName': '2.5.29.17',
+2078 'basicConstraints': '2.5.29.19',
+2079 'nameConstraints': '2.5.29.30',
+2080 'cRLDistributionPoints':'2.5.29.31',
+2081 'certificatePolicies': '2.5.29.32',
+2082 'authorityKeyIdentifier':'2.5.29.35',
+2083 'policyConstraints': '2.5.29.36',
+2084 'extKeyUsage': '2.5.29.37',
+2085 'authorityInfoAccess': '1.3.6.1.5.5.7.1.1',
+2086 'ocsp': '1.3.6.1.5.5.7.48.1',
+2087 'caIssuers': '1.3.6.1.5.5.7.48.2',
2088
-2089 if (param.serial !== undefined)
-2090 o.setSerialNumberByParam(param.serial);
-2091 else
-2092 throw "serial number undefined.";
-2093
-2094 if (typeof param.sigalg.name == 'string')
-2095 o.setSignatureAlgByParam(param.sigalg);
-2096 else
-2097 throw "unproper signature algorithm name";
-2098
-2099 if (param.issuer !== undefined)
-2100 o.setIssuerByParam(param.issuer);
-2101 else
-2102 throw "issuer name undefined.";
-2103
-2104 if (param.notbefore !== undefined)
-2105 o.setNotBeforeByParam(param.notbefore);
-2106 else
-2107 throw "notbefore undefined.";
-2108
-2109 if (param.notafter !== undefined)
-2110 o.setNotAfterByParam(param.notafter);
-2111 else
-2112 throw "notafter undefined.";
-2113
-2114 if (param.subject !== undefined)
-2115 o.setSubjectByParam(param.subject);
-2116 else
-2117 throw "subject name undefined.";
-2118
-2119 if (param.sbjpubkey !== undefined)
-2120 o.setSubjectPublicKeyByGetKey(param.sbjpubkey);
-2121 else
-2122 throw "subject public key undefined.";
-2123
-2124 if (param.ext !== undefined && param.ext.length !== undefined) {
-2125 for (var i = 0; i < param.ext.length; i++) {
-2126 for (key in param.ext[i]) {
-2127 o.appendExtensionByName(key, param.ext[i][key]);
-2128 }
-2129 }
-2130 }
-2131
-2132 // set signature
-2133 if (param.cakey === undefined && param.sighex === undefined)
-2134 throw "param cakey and sighex undefined.";
-2135
-2136 var caKey = null;
-2137 var cert = null;
+2089 'anyExtendedKeyUsage': '2.5.29.37.0',
+2090 'serverAuth': '1.3.6.1.5.5.7.3.1',
+2091 'clientAuth': '1.3.6.1.5.5.7.3.2',
+2092 'codeSigning': '1.3.6.1.5.5.7.3.3',
+2093 'emailProtection': '1.3.6.1.5.5.7.3.4',
+2094 'timeStamping': '1.3.6.1.5.5.7.3.8',
+2095 'ocspSigning': '1.3.6.1.5.5.7.3.9',
+2096
+2097 'ecPublicKey': '1.2.840.10045.2.1',
+2098 'secp256r1': '1.2.840.10045.3.1.7',
+2099 'secp256k1': '1.3.132.0.10',
+2100 'secp384r1': '1.3.132.0.34',
+2101
+2102 'pkcs5PBES2': '1.2.840.113549.1.5.13',
+2103 'pkcs5PBKDF2': '1.2.840.113549.1.5.12',
+2104
+2105 'des-EDE3-CBC': '1.2.840.113549.3.7',
+2106
+2107 'data': '1.2.840.113549.1.7.1', // CMS data
+2108 'signed-data': '1.2.840.113549.1.7.2', // CMS signed-data
+2109 'enveloped-data': '1.2.840.113549.1.7.3', // CMS enveloped-data
+2110 'digested-data': '1.2.840.113549.1.7.5', // CMS digested-data
+2111 'encrypted-data': '1.2.840.113549.1.7.6', // CMS encrypted-data
+2112 'authenticated-data': '1.2.840.113549.1.9.16.1.2', // CMS authenticated-data
+2113 'tstinfo': '1.2.840.113549.1.9.16.1.4', // RFC3161 TSTInfo
+2114 };
+2115
+2116 this.objCache = {};
+2117
+2118 /**
+2119 * get DERObjectIdentifier by registered OID name
+2120 * @name name2obj
+2121 * @memberOf KJUR.asn1.x509.OID
+2122 * @function
+2123 * @param {String} name OID
+2124 * @description
+2125 * @example
+2126 * var asn1ObjOID = OID.name2obj('SHA1withRSA');
+2127 */
+2128 this.name2obj = function(name) {
+2129 if (typeof this.objCache[name] != "undefined")
+2130 return this.objCache[name];
+2131 if (typeof this.name2oidList[name] == "undefined")
+2132 throw "Name of ObjectIdentifier not defined: " + name;
+2133 var oid = this.name2oidList[name];
+2134 var obj = new KJUR.asn1.DERObjectIdentifier({'oid': oid});
+2135 this.objCache[name] = obj;
+2136 return obj;
+2137 };
2138
-2139 if (param.cakey) {
-2140 caKey = KEYUTIL.getKey.apply(null, param.cakey);
-2141 cert = new ns1.Certificate({'tbscertobj': o, 'prvkeyobj': caKey});
-2142 cert.sign();
-2143 }
-2144
-2145 if (param.sighex) {
-2146 cert = new ns1.Certificate({'tbscertobj': o});
-2147 cert.setSignatureHex(param.sighex);
-2148 }
-2149
-2150 return cert.getPEMString();
-2151 };
-2152
-2153 /*
-2154 org.bouncycastle.asn1.x500
-2155 AttributeTypeAndValue
-2156 DirectoryString
-2157 RDN
-2158 X500Name
-2159 X500NameBuilder
+2139 /**
+2140 * get DERObjectIdentifier by registered attribyte type name such like 'C' or 'CN'
+2141 * @name atype2obj
+2142 * @memberOf KJUR.asn1.x509.OID
+2143 * @function
+2144 * @param {String} atype short attribute type name such like 'C' or 'CN'
+2145 * @description
+2146 * @example
+2147 * var asn1ObjOID = OID.atype2obj('CN');
+2148 */
+2149 this.atype2obj = function(atype) {
+2150 if (typeof this.objCache[atype] != "undefined")
+2151 return this.objCache[atype];
+2152 if (typeof this.atype2oidList[atype] == "undefined")
+2153 throw "AttributeType name undefined: " + atype;
+2154 var oid = this.atype2oidList[atype];
+2155 var obj = new KJUR.asn1.DERObjectIdentifier({'oid': oid});
+2156 this.objCache[atype] = obj;
+2157 return obj;
+2158 };
+2159 };
2160
-2161 org.bouncycastleasn1.x509
-2162 TBSCertificate
-2163 */
-2164 | | | |