1 /* asn1x509-2.1.18.js (c) 2013-2022 Kenji Urushima | kjur.github.io/jsrsasign/license 2 */ 3 /* 4 * asn1x509.js - ASN.1 DER encoder classes for X.509 certificate 5 * 6 * Copyright (c) 2013-2022 Kenji Urushima (kenji.urushima@gmail.com) 7 * 8 * This software is licensed under the terms of the MIT License. 9 * https://kjur.github.io/jsrsasign/license 10 * 11 * The above copyright and license notice shall be 12 * included in all copies or substantial portions of the Software. 13 */ 14 15 /** 16 * @fileOverview 17 * @name asn1x509-1.0.js 18 * @author Kenji Urushima kenji.urushima@gmail.com 19 * @version jsrsasign 10.6.1 asn1x509 2.1.18 (2022-Nov-20) 20 * @since jsrsasign 2.1 21 * @license <a href="https://kjur.github.io/jsrsasign/license/">MIT License</a> 22 */ 23 24 /** 25 * kjur's class library name space 26 * // already documented in asn1-1.0.js 27 * @name KJUR 28 * @namespace kjur's class library name space 29 */ 30 if (typeof KJUR == "undefined" || !KJUR) KJUR = {}; 31 32 /** 33 * kjur's ASN.1 class library name space 34 * // already documented in asn1-1.0.js 35 * @name KJUR.asn1 36 * @namespace 37 */ 38 if (typeof KJUR.asn1 == "undefined" || !KJUR.asn1) KJUR.asn1 = {}; 39 40 /** 41 * kjur's ASN.1 class for X.509 certificate library name space 42 * <p> 43 * <h4>FEATURES</h4> 44 * <ul> 45 * <li>easily issue any kind of certificate</li> 46 * <li>APIs are very similar to BouncyCastle library ASN.1 classes. So easy to learn.</li> 47 * </ul> 48 * </p> 49 * <h4>PROVIDED CLASSES</h4> 50 * <ul> 51 * <li>{@link KJUR.asn1.x509.Certificate}</li> 52 * <li>{@link KJUR.asn1.x509.TBSCertificate}</li> 53 * <li>{@link KJUR.asn1.x509.Extension} abstract class</li> 54 * <li>{@link KJUR.asn1.x509.Extensions}</li> 55 * <li>{@link KJUR.asn1.x509.SubjectPublicKeyInfo}</li> 56 * <li>{@link KJUR.asn1.x509.AlgorithmIdentifier}</li> 57 * <li>{@link KJUR.asn1.x509.GeneralNames}</li> 58 * <li>{@link KJUR.asn1.x509.GeneralName}</li> 59 * <li>{@link KJUR.asn1.x509.X500Name}</li> 60 * <li>{@link KJUR.asn1.x509.RDN}</li> 61 * <li>{@link KJUR.asn1.x509.AttributeTypeAndValue}</li> 62 * <li>{@link KJUR.asn1.x509.DistributionPointName}</li> 63 * <li>{@link KJUR.asn1.x509.DistributionPoint}</li> 64 * <li>{@link KJUR.asn1.x509.PolicyInformation}</li> 65 * <li>{@link KJUR.asn1.x509.PolicyQualifierInfo}</li> 66 * <li>{@link KJUR.asn1.x509.UserNotice}</li> 67 * <li>{@link KJUR.asn1.x509.NoticeReference}</li> 68 * <li>{@link KJUR.asn1.x509.DisplayText}</li> 69 * <li>{@link KJUR.asn1.x509.GeneralSubtree}</li> 70 * <li>{@link KJUR.asn1.x509.CRL}</li> 71 * <li>{@link KJUR.asn1.x509.TBSCertList}</li> 72 * <li>{@link KJUR.asn1.x509.CRLEntry} (DEPRECATED)</li> 73 * <li>{@link KJUR.asn1.x509.OID}</li> 74 * </ul> 75 * <h4>SUPPORTED EXTENSIONS</h4> 76 * <ul> 77 * <li>{@link KJUR.asn1.x509.AuthorityKeyIdentifier}</li> 78 * <li>{@link KJUR.asn1.x509.SubjectKeyIdentifier}</li> 79 * <li>{@link KJUR.asn1.x509.KeyUsage}</li> 80 * <li>{@link KJUR.asn1.x509.CertificatePolicies}</li> 81 * <li>{@link KJUR.asn1.x509.PolicyMappings} 2.5.29.33</li> 82 * <li>{@link KJUR.asn1.x509.PolicyConstraints} 2.5.29.36</li> 83 * <li>{@link KJUR.asn1.x509.InhibitAnyPolicy} 2.5.29.54</li> 84 * <li>{@link KJUR.asn1.x509.SubjectAltName}</li> 85 * <li>{@link KJUR.asn1.x509.IssuerAltName}</li> 86 * <li>{@link KJUR.asn1.x509.BasicConstraints}</li> 87 * <li>{@link KJUR.asn1.x509.NameConstraints}</li> 88 * <li>{@link KJUR.asn1.x509.ExtKeyUsage}</li> 89 * <li>{@link KJUR.asn1.x509.CRLDistributionPoints}</li> 90 * <li>{@link KJUR.asn1.x509.AuthorityInfoAccess}</li> 91 * <li>{@link KJUR.asn1.x509.CRLNumber}</li> 92 * <li>{@link KJUR.asn1.x509.CRLReason}</li> 93 * <li>{@link KJUR.asn1.x509.OCSPNonce}</li> 94 * <li>{@link KJUR.asn1.x509.OCSPNoCheck}</li> 95 * <li>{@link KJUR.asn1.x509.AdobeTimeStamp}</li> 96 * <li>{@link KJUR.asn1.x509.SubjectDirectoryAttributes}</li> 97 * <li>{@link KJUR.asn1.x509.PrivateExtension}</li> 98 * </ul> 99 * NOTE1: Please ignore method summary and document of this namespace. This caused by a bug of jsdoc2.<br/> 100 * NOTE2: SubjectAltName and IssuerAltName supported since 101 * jsrsasign 6.2.3 asn1x509 1.0.19.<br/> 102 * NOTE3: CeritifcatePolicies supported supported since 103 * jsrsasign 8.0.23 asn1x509 1.1.12<br/> 104 * @name KJUR.asn1.x509 105 * @namespace 106 */ 107 if (typeof KJUR.asn1.x509 == "undefined" || !KJUR.asn1.x509) KJUR.asn1.x509 = {}; 108 109 // === BEGIN Certificate =================================================== 110 111 /** 112 * X.509 Certificate class to sign and generate hex encoded certificate 113 * @name KJUR.asn1.x509.Certificate 114 * @class X.509 Certificate class to sign and generate hex encoded certificate 115 * @property {Array} params JSON object of parameters 116 * @param {Array} params JSON object for Certificate parameters 117 * @extends KJUR.asn1.ASN1Object 118 * @description 119 * <br/> 120 * This class provides Certificate ASN.1 class structure 121 * defined in 122 * <a href="https://tools.ietf.org/html/rfc5280#section-4.1"> 123 * RFC 5280 4.1</a>. 124 * <pre> 125 * Certificate ::= SEQUENCE { 126 * tbsCertificate TBSCertificate, 127 * signatureAlgorithm AlgorithmIdentifier, 128 * signatureValue BIT STRING } 129 * </pre> 130 * Parameter "params" JSON object can be 131 * the same as {@link KJUR.asn1.x509.TBSCertificate}. 132 * Then they are used to generate TBSCertificate. 133 * Additionally just for Certificate, following parameters can be used: 134 * <ul> 135 * <li>{TBSCertfificate}tbsobj - 136 * specifies {@link KJUR.asn1.x509.TBSCertificate} 137 * object to be signed if needed. 138 * When this isn't specified, 139 * this will be set from other parametes of TBSCertificate.</li> 140 * <li>{Object}cakey (OPTION) - specifies certificate signing private key. 141 * Parameter "cakey" or "sighex" shall be specified. Following 142 * values can be specified: 143 * <ul> 144 * <li>PKCS#1/5 or PKCS#8 PEM string of private key</li> 145 * <li>RSAKey/DSA/ECDSA key object. {@link KEYUTIL.getKey} is useful 146 * to generate a key object.</li> 147 * </ul> 148 * </li> 149 * <li>{String}sighex (OPTION) - hexadecimal string of signature value 150 * (i.e. ASN.1 value(V) of signatureValue BIT STRING without 151 * unused bits)</li> 152 * </ul> 153 * CAUTION: APIs of this class have been totally updated without 154 * backward compatibility since jsrsasign 9.0.0.<br/> 155 * NOTE1: 'params' can be omitted.<br/> 156 * NOTE2: DSA/ECDSA is also supported for CA signging key from asn1x509 1.0.6. 157 * @example 158 * var cert = new KJUR.asn1.x509.Certificate({ 159 * version: 3, 160 * serial: {hex: "1234..."}, 161 * sigalg: "SHA256withRSAandMGF1", 162 * ... 163 * sighex: "1d3f..." // sign() method won't be called 164 * }); 165 * 166 * // sighex will by calculated by signing with cakey 167 * var cert = new KJUR.asn1.x509.Certificate({ 168 * version: 3, 169 * serial: {hex: "2345..."}, 170 * sigalg: "SHA256withRSA", 171 * ... 172 * cakey: "-----BEGIN PRIVATE KEY..." 173 * }); 174 * 175 * // use TBSCertificate object to sign 176 * var cert = new KJUR.asn1.x509.Certificate({ 177 * tbsobj: <<OBJ>>, 178 * sigalg: "SHA256withRSA", 179 * cakey: "-----BEGIN PRIVATE KEY..." 180 * }); 181 */ 182 KJUR.asn1.x509.Certificate = function(params) { 183 KJUR.asn1.x509.Certificate.superclass.constructor.call(this); 184 var _KJUR = KJUR, 185 _KJUR_asn1 = _KJUR.asn1, 186 _DERBitString = _KJUR_asn1.DERBitString, 187 _DERSequence = _KJUR_asn1.DERSequence, 188 _KJUR_asn1_x509 = _KJUR_asn1.x509, 189 _TBSCertificate = _KJUR_asn1_x509.TBSCertificate, 190 _AlgorithmIdentifier = _KJUR_asn1_x509.AlgorithmIdentifier; 191 192 this.params = undefined; 193 194 /** 195 * set parameter<br/> 196 * @name setByParam 197 * @memberOf KJUR.asn1.x509.Certificate# 198 * @function 199 * @param params {Array} JSON object of certificate parameters 200 * @since jsrsasign 9.0.0 asn1hex 2.0.0 201 * @description 202 * This method will set parameter 203 * {@link KJUR.asn1.x509.Certificate#params} 204 * to this object. 205 * @example 206 * cert = new KJUR.asn1.x509.Certificate(); 207 * cert.setByParam({ 208 * version: 3, 209 * serial: {hex: "1234..."}, 210 * ... 211 * }); 212 */ 213 this.setByParam = function(params) { 214 this.params = params; 215 }; 216 217 /** 218 * sign certificate<br/> 219 * @name sign 220 * @memberOf KJUR.asn1.x509.Certificate# 221 * @function 222 * @description 223 * This method signs TBSCertificate with a specified 224 * private key and algorithm by 225 * this.params.cakey and this.params.sigalg parameter. 226 * @example 227 * cert = new KJUR.asn1.x509.Certificate({...}); 228 * cert.sign() 229 */ 230 this.sign = function() { 231 var params = this.params; 232 233 var sigalg = params.sigalg; 234 if (params.sigalg.name != undefined) 235 sigalg = params.sigalg.name; 236 237 var hTBS = params.tbsobj.tohex(); 238 var sig = new KJUR.crypto.Signature({alg: sigalg}); 239 sig.init(params.cakey); 240 sig.updateHex(hTBS); 241 params.sighex = sig.sign(); 242 }; 243 244 /** 245 * get PEM formatted certificate string after signed 246 * @name getPEM 247 * @memberOf KJUR.asn1.x509.Certificate# 248 * @function 249 * @return PEM formatted string of certificate 250 * @since jsrsasign 9.0.0 asn1hex 2.0.0 251 * @description 252 * This method returns a string of PEM formatted 253 * certificate. 254 * @example 255 * cert = new KJUR.asn1.x509.Certificate({...}); 256 * cert.getPEM() → 257 * "-----BEGIN CERTIFICATE-----\r\n..." 258 */ 259 this.getPEM = function() { 260 return hextopem(this.tohex(), "CERTIFICATE"); 261 }; 262 263 this.tohex = function() { 264 var params = this.params; 265 266 if (params.tbsobj == undefined || params.tbsobj == null) { 267 params.tbsobj = new _TBSCertificate(params); 268 } 269 270 if (params.sighex == undefined && params.cakey != undefined) { 271 this.sign(); 272 } 273 274 if (params.sighex == undefined) { 275 throw new Error("sighex or cakey parameter not defined"); 276 } 277 278 var a = []; 279 a.push(params.tbsobj); 280 a.push(new _AlgorithmIdentifier({name: params.sigalg})); 281 a.push(new _DERBitString({hex: "00" + params.sighex})); 282 var seq = new _DERSequence({array: a}); 283 return seq.tohex(); 284 }; 285 this.getEncodedHex = function() { return this.tohex(); }; 286 287 if (params != undefined) this.params = params; 288 }; 289 extendClass(KJUR.asn1.x509.Certificate, KJUR.asn1.ASN1Object); 290 291 /** 292 * ASN.1 TBSCertificate structure class<br/> 293 * @name KJUR.asn1.x509.TBSCertificate 294 * @class ASN.1 TBSCertificate structure class 295 * @property {Array} params JSON object of parameters 296 * @param {Array} params JSON object of TBSCertificate parameters 297 * @extends KJUR.asn1.ASN1Object 298 * @see KJUR.asn1.x509.Certificate 299 * 300 * @description 301 * <br/> 302 * NOTE: TBSCertificate class is updated without backward 303 * compatibility from jsrsasign 9.0.0 asn1x509 2.0.0. 304 * Most of methods are removed and parameters can be set 305 * by JSON object. 306 * 307 * @example 308 * new TBSCertificate({ 309 * version: 3, // this can be omitted, the default is 3. 310 * serial: {hex: "1234..."}, // DERInteger parameter 311 * sigalg: "SHA256withRSA", 312 * issuer: {array:[[{type:'O',value:'Test',ds:'prn'}]]}, // X500Name parameter 313 * notbefore: "151231235959Z", // string, passed to Time 314 * notafter: "251231235959Z", // string, passed to Time 315 * subject: {array:[[{type:'O',value:'Test',ds:'prn'}]]}, // X500Name parameter 316 * sbjpubkey: "-----BEGIN...", // KEYUTIL.getKey pubkey parameter 317 * // As for extension parameters, please see extension class 318 * // All extension parameters need to have "extname" parameter additionaly. 319 * ext:[{ 320 * extname:"keyUsage",critical:true, 321 * names:["digitalSignature","keyEncipherment"] 322 * },{ 323 * extname:"cRLDistributionPoints", 324 * array:[{dpname:{full:[{uri:"http://example.com/a1.crl"}]}}] 325 * }, ...] 326 * }) 327 * 328 * var tbsc = new TBSCertificate(); 329 * tbsc.setByParam({version:3,serial:{hex:'1234...'},...}); 330 */ 331 KJUR.asn1.x509.TBSCertificate = function(params) { 332 KJUR.asn1.x509.TBSCertificate.superclass.constructor.call(this); 333 var _KJUR = KJUR, 334 _KJUR_asn1 = _KJUR.asn1, 335 _KJUR_asn1_x509 = _KJUR_asn1.x509, 336 _DERTaggedObject = _KJUR_asn1.DERTaggedObject, 337 _DERInteger = _KJUR_asn1.DERInteger, 338 _DERSequence = _KJUR_asn1.DERSequence, 339 _AlgorithmIdentifier = _KJUR_asn1_x509.AlgorithmIdentifier, 340 _Time = _KJUR_asn1_x509.Time, 341 _X500Name = _KJUR_asn1_x509.X500Name, 342 _Extensions = _KJUR_asn1_x509.Extensions, 343 _SubjectPublicKeyInfo = _KJUR_asn1_x509.SubjectPublicKeyInfo; 344 345 this.params = null; 346 347 /** 348 * get array of ASN.1 object for extensions<br/> 349 * @name setByParam 350 * @memberOf KJUR.asn1.x509.TBSCertificate# 351 * @function 352 * @param {Array} JSON object of TBSCertificate parameters 353 * @example 354 * tbsc = new KJUR.asn1.x509.TBSCertificate(); 355 * tbsc.setByParam({version:3, serial:{hex:'1234...'},...}); 356 */ 357 this.setByParam = function(params) { 358 this.params = params; 359 }; 360 361 this.tohex = function() { 362 var a = []; 363 var params = this.params; 364 365 // X.509v3 default if params.version not defined 366 if (params.version != undefined || params.version != 1) { 367 var version = 2; 368 if (params.version != undefined) version = params.version - 1; 369 var obj = 370 new _DERTaggedObject({obj: new _DERInteger({'int': version})}) 371 a.push(obj); 372 } 373 374 a.push(new _DERInteger(params.serial)); 375 a.push(new _AlgorithmIdentifier({name: params.sigalg})); 376 a.push(new _X500Name(params.issuer)); 377 a.push(new _DERSequence({array:[new _Time(params.notbefore), 378 new _Time(params.notafter)]})); 379 a.push(new _X500Name(params.subject)); 380 a.push(new _SubjectPublicKeyInfo(KEYUTIL.getKey(params.sbjpubkey))); 381 if (params.ext !== undefined && params.ext.length > 0) { 382 a.push(new _DERTaggedObject({tag: "a3", 383 obj: new _Extensions(params.ext)})); 384 } 385 386 var seq = new KJUR.asn1.DERSequence({array: a}); 387 return seq.tohex(); 388 }; 389 this.getEncodedHex = function() { return this.tohex(); }; 390 391 if (params !== undefined) this.setByParam(params); 392 }; 393 extendClass(KJUR.asn1.x509.TBSCertificate, KJUR.asn1.ASN1Object); 394 395 /** 396 * Extensions ASN.1 structure class<br/> 397 * @name KJUR.asn1.x509.Extensions 398 * @class Extensions ASN.1 structure class 399 * @param {Array} aParam array of JSON extension parameter 400 * @extends KJUR.asn1.ASN1Object 401 * @since jsrsasign 9.1.0 asn1x509 2.1.0 402 * @see KJUR.asn1.x509.TBSCertificate 403 * @see KJUR.asn1.x509.TBSCertList 404 * @see KJUR.asn1.csr.CertificationRequestInfo 405 * @see KJUR.asn1.x509.PrivateExtension 406 * @see KJUR.asn1.ocsp.ResponseData 407 * @see KJUR.asn1.ocsp.BasicOCSPResponse 408 * 409 * @description 410 * This class represents 411 * <a href="https://tools.ietf.org/html/rfc5280#section-4.1"> 412 * Extensions defined in RFC 5280 4.1</a> and 413 * <a href="https://tools.ietf.org/html/rfc5280#section-4.1.2.9"> 414 * 4.1.2.9</a>. 415 * <pre> 416 * Extensions ::= SEQUENCE SIZE (1..MAX) OF Extension 417 * </pre> 418 * <p>NOTE: From jsrsasign 9.1.1, private extension or 419 * undefined extension have been supported by 420 * {@link KJUR.asn1.x509.PrivateExtension}.</p> 421 * 422 * Here is a list of available extensions: 423 * <ul> 424 * <li>{@link KJUR.asn1.x509.BasicConstraints}</li> 425 * <li>{@link KJUR.asn1.x509.KeyUsage}</li> 426 * <li>{@link KJUR.asn1.x509.SubjectKeyIdentifier}</li> 427 * <li>{@link KJUR.asn1.x509.AuthorityKeyIdentifier}</li> 428 * <li>{@link KJUR.asn1.x509.SubjectAltName}</li> 429 * <li>{@link KJUR.asn1.x509.IssuerAltName}</li> 430 * <li>{@link KJUR.asn1.x509.CRLDistributionPoints}</li> 431 * <li>{@link KJUR.asn1.x509.CertificatePolicies}</li> 432 * <li>{@link KJUR.asn1.x509.CRLNumber}</li> 433 * <li>{@link KJUR.asn1.x509.CRLReason}</li> 434 * <li>{@link KJUR.asn1.x509.OCSPNonce}</li> 435 * <li>{@link KJUR.asn1.x509.OCSPNoCheck}</li> 436 * <li>{@link KJUR.asn1.x509.AdobeTimeStamp}</li> 437 * <li>{@link KJUR.asn1.x509.SubjectDirectoryAttributes}</li> 438 * <li>{@link KJUR.asn1.x509.PrivateExtension}</li> 439 * </ul> 440 * You can also use {@link KJUR.asn1.x509.PrivateExtension} object 441 * to specify a unsupported extension. 442 * 443 * @example 444 * o = new KJUR.asn1.x509.Extensions([ 445 * {extname:"keyUsage",critical:true,names:["digitalSignature"]}, 446 * {extname:"subjectAltName",array:[{dns:"example.com"}]}, 447 * {extname:"1.2.3.4",extn:{prnstr:"aa"}} // private extension 448 * ]); 449 * o.tohex() → "30..." 450 */ 451 KJUR.asn1.x509.Extensions = function(aParam) { 452 KJUR.asn1.x509.Extensions.superclass.constructor.call(this); 453 var _KJUR = KJUR, 454 _KJUR_asn1 = _KJUR.asn1, 455 _DERSequence = _KJUR_asn1.DERSequence, 456 _KJUR_asn1_x509 = _KJUR_asn1.x509; 457 this.aParam = []; 458 459 this.setByParam = function(aParam) { this.aParam = aParam; } 460 461 this.tohex = function() { 462 var a = []; 463 for (var i = 0; i < this.aParam.length; i++) { 464 var param = this.aParam[i]; 465 var extname = param.extname; 466 var obj = null; 467 468 if (param.extn != undefined) { 469 obj = new _KJUR_asn1_x509.PrivateExtension(param); 470 } else if (extname == "subjectKeyIdentifier") { 471 obj = new _KJUR_asn1_x509.SubjectKeyIdentifier(param); 472 } else if (extname == "keyUsage") { 473 obj = new _KJUR_asn1_x509.KeyUsage(param); 474 } else if (extname == "subjectAltName") { 475 obj = new _KJUR_asn1_x509.SubjectAltName(param); 476 } else if (extname == "issuerAltName") { 477 obj = new _KJUR_asn1_x509.IssuerAltName(param); 478 } else if (extname == "basicConstraints") { 479 obj = new _KJUR_asn1_x509.BasicConstraints(param); 480 } else if (extname == "nameConstraints") { 481 obj = new _KJUR_asn1_x509.NameConstraints(param); 482 } else if (extname == "cRLDistributionPoints") { 483 obj = new _KJUR_asn1_x509.CRLDistributionPoints(param); 484 } else if (extname == "certificatePolicies") { 485 obj = new _KJUR_asn1_x509.CertificatePolicies(param); 486 } else if (extname == "policyMappings") { 487 obj = new _KJUR_asn1_x509.PolicyMappings(param); 488 } else if (extname == "policyConstraints") { 489 obj = new _KJUR_asn1_x509.PolicyConstraints(param); 490 } else if (extname == "inhibitAnyPolicy") { 491 obj = new _KJUR_asn1_x509.InhibitAnyPolicy(param); 492 } else if (extname == "authorityKeyIdentifier") { 493 obj = new _KJUR_asn1_x509.AuthorityKeyIdentifier(param); 494 } else if (extname == "extKeyUsage") { 495 obj = new _KJUR_asn1_x509.ExtKeyUsage(param); 496 } else if (extname == "authorityInfoAccess") { 497 obj = new _KJUR_asn1_x509.AuthorityInfoAccess(param); 498 } else if (extname == "cRLNumber") { 499 obj = new _KJUR_asn1_x509.CRLNumber(param); 500 } else if (extname == "cRLReason") { 501 obj = new _KJUR_asn1_x509.CRLReason(param); 502 } else if (extname == "ocspNonce") { 503 obj = new _KJUR_asn1_x509.OCSPNonce(param); 504 } else if (extname == "ocspNoCheck") { 505 obj = new _KJUR_asn1_x509.OCSPNoCheck(param); 506 } else if (extname == "adobeTimeStamp") { 507 obj = new _KJUR_asn1_x509.AdobeTimeStamp(param); 508 } else if (extname == "subjectDirectoryAttributes") { 509 obj = new _KJUR_asn1_x509.SubjectDirectoryAttributes(param); 510 } else { 511 throw new Error("extension not supported:" 512 + JSON.stringify(param)); 513 } 514 if (obj != null) a.push(obj); 515 } 516 517 var seq = new _DERSequence({array: a}); 518 return seq.tohex(); 519 }; 520 this.getEncodedHex = function() { return this.tohex(); }; 521 522 if (aParam != undefined) this.setByParam(aParam); 523 }; 524 extendClass(KJUR.asn1.x509.Extensions, KJUR.asn1.ASN1Object); 525 526 527 // === END TBSCertificate =================================================== 528 529 // === BEGIN X.509v3 Extensions Related ======================================= 530 531 /** 532 * base Extension ASN.1 structure class 533 * @name KJUR.asn1.x509.Extension 534 * @class base Extension ASN.1 structure class 535 * @param {Array} params associative array of parameters (ex. {'critical': true}) 536 * @extends KJUR.asn1.ASN1Object 537 * @description 538 * <pre> 539 * Extension ::= SEQUENCE { 540 * extnID OBJECT IDENTIFIER, 541 * critical BOOLEAN DEFAULT FALSE, 542 * extnValue OCTET STRING } 543 * </pre> 544 * @example 545 */ 546 KJUR.asn1.x509.Extension = function(params) { 547 KJUR.asn1.x509.Extension.superclass.constructor.call(this); 548 var asn1ExtnValue = null, 549 _KJUR = KJUR, 550 _KJUR_asn1 = _KJUR.asn1, 551 _DERObjectIdentifier = _KJUR_asn1.DERObjectIdentifier, 552 _DEROctetString = _KJUR_asn1.DEROctetString, 553 _DERBitString = _KJUR_asn1.DERBitString, 554 _DERBoolean = _KJUR_asn1.DERBoolean, 555 _DERSequence = _KJUR_asn1.DERSequence; 556 557 this.tohex = function() { 558 var asn1Oid = new _DERObjectIdentifier({'oid': this.oid}); 559 var asn1EncapExtnValue = 560 new _DEROctetString({'hex': this.getExtnValueHex()}); 561 562 var asn1Array = new Array(); 563 asn1Array.push(asn1Oid); 564 if (this.critical) asn1Array.push(new _DERBoolean()); 565 asn1Array.push(asn1EncapExtnValue); 566 567 var asn1Seq = new _DERSequence({'array': asn1Array}); 568 return asn1Seq.tohex(); 569 }; 570 this.getEncodedHex = function() { return this.tohex(); }; 571 572 this.critical = false; 573 if (params !== undefined) { 574 if (params.critical !== undefined) { 575 this.critical = params.critical; 576 } 577 } 578 }; 579 extendClass(KJUR.asn1.x509.Extension, KJUR.asn1.ASN1Object); 580 581 /** 582 * KeyUsage ASN.1 structure class 583 * @name KJUR.asn1.x509.KeyUsage 584 * @class KeyUsage ASN.1 structure class 585 * @param {Array} params associative array of parameters (ex. {'bin': '11', 'critical': true}) 586 * @extends KJUR.asn1.x509.Extension 587 * @description 588 * This class is for <a href="https://tools.ietf.org/html/rfc5280#section-4.2.1.3" target="_blank">KeyUsage</a> X.509v3 extension. 589 * <pre> 590 * id-ce-keyUsage OBJECT IDENTIFIER ::= { id-ce 15 } 591 * KeyUsage ::= BIT STRING { 592 * digitalSignature (0), 593 * nonRepudiation (1), 594 * keyEncipherment (2), 595 * dataEncipherment (3), 596 * keyAgreement (4), 597 * keyCertSign (5), 598 * cRLSign (6), 599 * encipherOnly (7), 600 * decipherOnly (8) } 601 * </pre><br/> 602 * NOTE: 'names' parameter is supprted since jsrsasign 8.0.14. 603 * @example 604 * o = new KJUR.asn1.x509.KeyUsage({bin: "11"}); 605 * o = new KJUR.asn1.x509.KeyUsage({critical: true, bin: "11"}); 606 * o = new KJUR.asn1.x509.KeyUsage({names: ['digitalSignature', 'keyAgreement']}); 607 */ 608 KJUR.asn1.x509.KeyUsage = function(params) { 609 KJUR.asn1.x509.KeyUsage.superclass.constructor.call(this, params); 610 611 var _Error = Error; 612 613 var _nameValue = { 614 digitalSignature: 0, 615 nonRepudiation: 1, 616 keyEncipherment: 2, 617 dataEncipherment: 3, 618 keyAgreement: 4, 619 keyCertSign: 5, 620 cRLSign: 6, 621 encipherOnly: 7, 622 decipherOnly: 8 623 }; 624 625 this.getExtnValueHex = function() { 626 var binString = this.getBinValue(); 627 this.asn1ExtnValue = new KJUR.asn1.DERBitString({bin: binString}); 628 return this.asn1ExtnValue.tohex(); 629 }; 630 631 this.getBinValue = function() { 632 var params = this.params; 633 634 if (typeof params != "object" || 635 (typeof params.names != "object" && typeof params.bin != "string")) 636 throw new _Error("parameter not yet set"); 637 638 if (params.names != undefined) { 639 return namearraytobinstr(params.names, _nameValue); 640 } else if (params.bin != undefined) { 641 return params.bin; 642 } else { 643 throw new _Error("parameter not set properly"); 644 } 645 }; 646 647 this.oid = "2.5.29.15"; 648 if (params !== undefined) this.params = params; 649 }; 650 extendClass(KJUR.asn1.x509.KeyUsage, KJUR.asn1.x509.Extension); 651 652 /** 653 * BasicConstraints ASN.1 structure class 654 * @name KJUR.asn1.x509.BasicConstraints 655 * @class BasicConstraints ASN.1 structure class 656 * @param {Array} params JSON object for parameters (ex. {cA:true,critical:true}) 657 * @extends KJUR.asn1.x509.Extension 658 * @see {@link X509#getExtBasicConstraints} 659 * @description 660 * This class represents 661 * <a href="https://tools.ietf.org/html/rfc5280#section-4.2.1.9"> 662 * BasicConstraints extension defined in RFC 5280 4.2.1.9</a>. 663 * <pre> 664 * id-ce-basicConstraints OBJECT IDENTIFIER ::= { id-ce 19 } 665 * BasicConstraints ::= SEQUENCE { 666 * cA BOOLEAN DEFAULT FALSE, 667 * pathLenConstraint INTEGER (0..MAX) OPTIONAL } 668 * </pre> 669 * Its constructor can have following parameters: 670 * <ul> 671 * <li>{Boolean}cA - cA flag</li> 672 * <li>{Integer}pathLen - pathLen field value</li> 673 * <li>{Boolean}critical - critical flag</li> 674 * </ul> 675 * @example 676 * new KJUR.asn1.x509.BasicConstraints({ 677 * cA: true, 678 * pathLen: 3, 679 * critical: true 680 * }) 681 */ 682 KJUR.asn1.x509.BasicConstraints = function(params) { 683 KJUR.asn1.x509.BasicConstraints.superclass.constructor.call(this, params); 684 var _KJUR_asn1 = KJUR.asn1, 685 _DERBoolean = _KJUR_asn1.DERBoolean, 686 _DERInteger = _KJUR_asn1.DERInteger, 687 _DERSequence = _KJUR_asn1.DERSequence; 688 689 var cA = false; 690 var pathLen = -1; 691 692 this.getExtnValueHex = function() { 693 var asn1Array = new Array(); 694 if (this.cA) asn1Array.push(new _DERBoolean()); 695 if (this.pathLen > -1) 696 asn1Array.push(new _DERInteger({'int': this.pathLen})); 697 var asn1Seq = new _DERSequence({'array': asn1Array}); 698 this.asn1ExtnValue = asn1Seq; 699 return this.asn1ExtnValue.tohex(); 700 }; 701 702 this.oid = "2.5.29.19"; 703 this.cA = false; 704 this.pathLen = -1; 705 if (params !== undefined) { 706 if (params.cA !== undefined) { 707 this.cA = params.cA; 708 } 709 if (params.pathLen !== undefined) { 710 this.pathLen = params.pathLen; 711 } 712 } 713 }; 714 extendClass(KJUR.asn1.x509.BasicConstraints, KJUR.asn1.x509.Extension); 715 716 /** 717 * CRLDistributionPoints ASN.1 structure class 718 * @name KJUR.asn1.x509.CRLDistributionPoints 719 * @class CRLDistributionPoints ASN.1 structure class 720 * @param {Array} params associative array of parameters (ex. {'uri': 'http://a.com/', 'critical': true}) 721 * @extends KJUR.asn1.x509.Extension 722 * @see {@link X509#getExtCRLDistributionPoints} 723 * @see {@link KJUR.asn1.x509.DistributionPoint} 724 * @see {@link KJUR.asn1.x509.GeneralNames} 725 * @description 726 * This class represents 727 * <a href="https://tools.ietf.org/html/rfc5280#section-4.2.1.13"> 728 * CRLDistributionPoints extension defined in RFC 5280 4.2.1.13</a>. 729 * <pre> 730 * id-ce-cRLDistributionPoints OBJECT IDENTIFIER ::= { id-ce 31 } 731 * CRLDistributionPoints ::= SEQUENCE SIZE (1..MAX) OF DistributionPoint 732 * DistributionPoint ::= SEQUENCE { 733 * distributionPoint [0] DistributionPointName OPTIONAL, 734 * reasons [1] ReasonFlags OPTIONAL, 735 * cRLIssuer [2] GeneralNames OPTIONAL } 736 * DistributionPointName ::= CHOICE { 737 * fullName [0] GeneralNames, 738 * nameRelativeToCRLIssuer [1] RelativeDistinguishedName } 739 * </pre> 740 * Constructor can have following parameter: 741 * <ul> 742 * <li>{Array}array - array of {@link KJUR.asn1.x509.DistributionPoint} parameter</li> 743 * <li>{Boolean}critical - critical flag</li> 744 * </ul> 745 * @example 746 * new KJUR.asn1.x509.CRLDistributionPoints({ 747 * array: [{fulluri: "http://aaa.com/"}, {fulluri: "ldap://aaa.com/"}], 748 * critical: true 749 * }) 750 */ 751 KJUR.asn1.x509.CRLDistributionPoints = function(params) { 752 KJUR.asn1.x509.CRLDistributionPoints.superclass.constructor.call(this, params); 753 var _KJUR = KJUR, 754 _KJUR_asn1 = _KJUR.asn1, 755 _KJUR_asn1_x509 = _KJUR_asn1.x509; 756 757 this.getExtnValueHex = function() { 758 return this.asn1ExtnValue.tohex(); 759 }; 760 761 this.setByDPArray = function(dpArray) { 762 var asn1Array = []; 763 for (var i = 0; i < dpArray.length; i++) { 764 if (dpArray[i] instanceof KJUR.asn1.ASN1Object) { 765 asn1Array.push(dpArray[i]); 766 } else { 767 var dp = new _KJUR_asn1_x509.DistributionPoint(dpArray[i]); 768 asn1Array.push(dp); 769 } 770 } 771 this.asn1ExtnValue = new _KJUR_asn1.DERSequence({'array': asn1Array}); 772 }; 773 774 this.setByOneURI = function(uri) { 775 var dp1 = new _KJUR_asn1_x509.DistributionPoint({fulluri: uri}); 776 this.setByDPArray([dp1]); 777 }; 778 779 this.oid = "2.5.29.31"; 780 if (params !== undefined) { 781 if (params.array !== undefined) { 782 this.setByDPArray(params.array); 783 } else if (params.uri !== undefined) { 784 this.setByOneURI(params.uri); 785 } 786 } 787 }; 788 extendClass(KJUR.asn1.x509.CRLDistributionPoints, KJUR.asn1.x509.Extension); 789 790 /** 791 * DistributionPoint ASN.1 structure class<br/> 792 * @name KJUR.asn1.x509.DistributionPoint 793 * @class DistributionPoint ASN.1 structure class 794 * @param {Array} params JSON object of parameters (OPTIONAL) 795 * @extends KJUR.asn1.ASN1Object 796 * @see {@link KJUR.asn1.x509.CRLDistributionPoints} 797 * @see {@link KJUR.asn1.x509.DistributionPointName} 798 * @see {@link KJUR.asn1.x509.GeneralNames} 799 * @see {@link X509#getDistributionPoint} 800 * @description 801 * This class represents 802 * <a href="https://tools.ietf.org/html/rfc5280#section-4.2.1.13"> 803 * DistributionPoint defined in RFC 5280 4.2.1.13</a>. 804 * <pre> 805 * DistributionPoint ::= SEQUENCE { 806 * distributionPoint [0] DistributionPointName OPTIONAL, 807 * reasons [1] ReasonFlags OPTIONAL, 808 * cRLIssuer [2] GeneralNames OPTIONAL } 809 * </pre> 810 * Constructor can have following parameter: 811 * <ul> 812 * <li>{String}fulluri - uri string for fullName uri. This has the same meaning for '{dpname: {full: [{uri: "..."]}}'.</li> 813 * <li>{Array}dpname - JSON object for {@link KJUR.asn1.x509.DistributionPointName} parameters</li> 814 * <li>{DistrubutionPoint}dpobj - {@link KJUR.asn1.x509.DistributionPointName} object (DEPRECATED)</li> 815 * </ul> 816 * <br/> 817 * NOTE1: Parameter "fulluri" and "dpname" supported 818 * since jsrsasign 9.0.0 asn1x509 2.0.0. 819 * <br/> 820 * NOTE2: The "reasons" and "cRLIssuer" fields are currently 821 * not supported. 822 * @example 823 * new KJUR.asn1.x509.DistributionPoint( 824 * {fulluri: "http://example.com/crl1.crl"}) 825 * new KJUR.asn1.x509.DistributionPoint( 826 * {dpname: {full: [{uri: "http://example.com/crl1.crl"}]}}) 827 * new KJUR.asn1.x509.DistributionPoint( 828 * {dpobj: new DistributionPoint(...)}) 829 */ 830 KJUR.asn1.x509.DistributionPoint = function(params) { 831 KJUR.asn1.x509.DistributionPoint.superclass.constructor.call(this); 832 var asn1DP = null, 833 _KJUR = KJUR, 834 _KJUR_asn1 = _KJUR.asn1, 835 _DistributionPointName = _KJUR_asn1.x509.DistributionPointName; 836 837 this.tohex = function() { 838 var seq = new _KJUR_asn1.DERSequence(); 839 if (this.asn1DP != null) { 840 var o1 = new _KJUR_asn1.DERTaggedObject({'explicit': true, 841 'tag': 'a0', 842 'obj': this.asn1DP}); 843 seq.appendASN1Object(o1); 844 } 845 this.hTLV = seq.tohex(); 846 return this.hTLV; 847 }; 848 this.getEncodedHex = function() { return this.tohex(); }; 849 850 if (params !== undefined) { 851 if (params.dpobj !== undefined) { 852 this.asn1DP = params.dpobj; 853 } else if (params.dpname !== undefined) { 854 this.asn1DP = new _DistributionPointName(params.dpname); 855 } else if (params.fulluri !== undefined) { 856 this.asn1DP = new _DistributionPointName({full: [{uri: params.fulluri}]}); 857 } 858 } 859 }; 860 extendClass(KJUR.asn1.x509.DistributionPoint, KJUR.asn1.ASN1Object); 861 862 /** 863 * DistributionPointName ASN.1 structure class<br/> 864 * @name KJUR.asn1.x509.DistributionPointName 865 * @class DistributionPointName ASN.1 structure class 866 * @param {Array} params JSON object of parameters or GeneralNames object 867 * @extends KJUR.asn1.ASN1Object 868 * @see {@link KJUR.asn1.x509.CRLDistributionPoints} 869 * @see {@link KJUR.asn1.x509.DistributionPoint} 870 * @see {@link KJUR.asn1.x509.GeneralNames} 871 * @see {@link X509#getDistributionPointName} 872 * @description 873 * This class represents 874 * <a href="https://tools.ietf.org/html/rfc5280#section-4.2.1.13"> 875 * DistributionPointName defined in RFC 5280 4.2.1.13</a>. 876 * <pre> 877 * DistributionPointName ::= CHOICE { 878 * fullName [0] GeneralNames, 879 * nameRelativeToCRLIssuer [1] RelativeDistinguishedName } 880 * </pre> 881 * Constructor can have following parameter: 882 * <ul> 883 * <li>{String}full - JSON object parameter of {@link KJUR.asn1.x509.GeneralNames} for 'fullName' field</li> 884 * <li>{GeneralNames} - {@link KJUR.asn1.x509.GeneralNames} object for 'fullName'</li> 885 * </ul> 886 * NOTE1: 'full' parameter have been suppored since jsrsasign 9.0.0 asn1x509 2.0.0. 887 * <br> 888 * NOTE2: The 'nameRelativeToCRLIssuer' field is currently not supported. 889 * @example 890 * new KJUR.asn1.x509.DistributionPointName({full: <<GeneralNamesParameter>>}) 891 * new KJUR.asn1.x509.DistributionPointName({full: [{uri: <<CDPURI>>}]}) 892 * new KJUR.asn1.x509.DistributionPointName({full: [{dn: <<DN Parameter>>}]} 893 * new KJUR.asn1.x509.DistributionPointName({full: [{uri: "http://example.com/root.crl"}]}) 894 * new KJUR.asn1.x509.DistributionPointName({full: [{dn {str: "/C=US/O=Test"}}]}) 895 * new KJUR.asn1.x509.DistributionPointName(new GeneralNames(...)) 896 */ 897 KJUR.asn1.x509.DistributionPointName = function(params) { 898 KJUR.asn1.x509.DistributionPointName.superclass.constructor.call(this); 899 var asn1Obj = null, 900 type = null, 901 tag = null, 902 asn1V = null, 903 _KJUR = KJUR, 904 _KJUR_asn1 = _KJUR.asn1, 905 _DERTaggedObject = _KJUR_asn1.DERTaggedObject; 906 907 this.tohex = function() { 908 if (this.type != "full") 909 throw new Error("currently type shall be 'full': " + this.type); 910 this.asn1Obj = new _DERTaggedObject({'explicit': false, 911 'tag': this.tag, 912 'obj': this.asn1V}); 913 this.hTLV = this.asn1Obj.tohex(); 914 return this.hTLV; 915 }; 916 this.getEncodedHex = function() { return this.tohex(); }; 917 918 if (params !== undefined) { 919 if (_KJUR_asn1.x509.GeneralNames.prototype.isPrototypeOf(params)) { 920 this.type = "full"; 921 this.tag = "a0"; 922 this.asn1V = params; 923 } else if (params.full !== undefined) { 924 this.type = "full"; 925 this.tag = "a0"; 926 this.asn1V = new _KJUR_asn1.x509.GeneralNames(params.full); 927 } else { 928 throw new Error("This class supports GeneralNames only as argument"); 929 } 930 } 931 }; 932 extendClass(KJUR.asn1.x509.DistributionPointName, KJUR.asn1.ASN1Object); 933 934 /** 935 * CertificatePolicies ASN.1 structure class 936 * @name KJUR.asn1.x509.CertificatePolicies 937 * @class CertificatePolicies ASN.1 structure class 938 * @param {Array} params associative array of parameters 939 * @extends KJUR.asn1.x509.Extension 940 * @since jsrsasign 8.0.23 asn1x509 1.1.12 941 * @see KJUR.asn1.x509.CertificatePolicies 942 * @see KJUR.asn1.x509.PolicyInformation 943 * @see KJUR.asn1.x509.PolicyQualifierInfo 944 * @see KJUR.asn1.x509.UserNotice 945 * @see KJUR.asn1.x509.NoticeReference 946 * @see KJUR.asn1.x509.DisplayText 947 * @description 948 * This class represents 949 * <a href="https://tools.ietf.org/html/rfc5280#section-4.2.1.4"> 950 * CertificatePolicies extension defined in RFC 5280 4.2.1.4</a>. 951 * <pre> 952 * id-ce-certificatePolicies OBJECT IDENTIFIER ::= { id-ce 32 } 953 * CertificatePolicies ::= SEQUENCE SIZE (1..MAX) OF PolicyInformation 954 * </pre> 955 * Its constructor can have following parameters: 956 * <ul> 957 * <li>array - array of {@link KJUR.asn1.x509.PolicyInformation} parameter</li> 958 * <li>critical - boolean: critical flag</li> 959 * </ul> 960 * NOTE: Returned JSON value format have been changed without 961 * backward compatibility since jsrsasign 9.0.0 asn1x509 2.0.0. 962 * @example 963 * e1 = new KJUR.asn1.x509.CertificatePolicies({ 964 * array: [ 965 * { policyoid: "1.2.3.4.5", 966 * array: [ 967 * { cps: "https://example.com/repository" }, 968 * { unotice: { 969 * noticeref: { // CA SHOULD NOT use this by RFC 970 * org: {type: "ia5", str: "Sample Org"}, 971 * noticenum: [{int: 5}, {hex: "01af"}] 972 * }, 973 * exptext: {type: "ia5", str: "Sample Policy"} 974 * }} 975 * ] 976 * } 977 * ], 978 * critical: true 979 * }); 980 */ 981 KJUR.asn1.x509.CertificatePolicies = function(params) { 982 KJUR.asn1.x509.CertificatePolicies.superclass.constructor.call(this, params); 983 var _KJUR = KJUR, 984 _KJUR_asn1 = _KJUR.asn1, 985 _KJUR_asn1_x509 = _KJUR_asn1.x509, 986 _DERSequence = _KJUR_asn1.DERSequence, 987 _PolicyInformation = _KJUR_asn1_x509.PolicyInformation; 988 989 this.params = null; 990 991 this.getExtnValueHex = function() { 992 var aPI = []; 993 for (var i = 0; i < this.params.array.length; i++) { 994 aPI.push(new _PolicyInformation(this.params.array[i])); 995 } 996 var seq = new _DERSequence({array: aPI}); 997 this.asn1ExtnValue = seq; 998 return this.asn1ExtnValue.tohex(); 999 }; 1000 1001 this.oid = "2.5.29.32"; 1002 if (params !== undefined) { 1003 this.params = params; 1004 } 1005 }; 1006 extendClass(KJUR.asn1.x509.CertificatePolicies, KJUR.asn1.x509.Extension); 1007 1008 // ===== BEGIN CertificatePolicies related classes ===== 1009 /** 1010 * PolicyInformation ASN.1 structure class 1011 * @name KJUR.asn1.x509.PolicyInformation 1012 * @class PolicyInformation ASN.1 structure class 1013 * @param {Array} params JSON object of parameters 1014 * @extends KJUR.asn1.ASN1Object 1015 * @since jsrsasign 8.0.23 asn1x509 1.1.12 1016 * @see KJUR.asn1.x509.CertificatePolicies 1017 * @see KJUR.asn1.x509.PolicyInformation 1018 * @see KJUR.asn1.x509.PolicyQualifierInfo 1019 * @see KJUR.asn1.x509.UserNotice 1020 * @see KJUR.asn1.x509.NoticeReference 1021 * @see KJUR.asn1.x509.DisplayText 1022 * @description 1023 * This class represents 1024 * <a href="https://tools.ietf.org/html/rfc5280#section-4.2.1.4"> 1025 * PolicyInformation defined in RFC 5280 4.2.1.4</a>. 1026 * <pre> 1027 * PolicyInformation ::= SEQUENCE { 1028 * policyIdentifier CertPolicyId, 1029 * policyQualifiers SEQUENCE SIZE (1..MAX) OF 1030 * PolicyQualifierInfo OPTIONAL } 1031 * CertPolicyId ::= OBJECT IDENTIFIER 1032 * Its constructor can have following parameters: 1033 * <ul> 1034 * <li>{String}policyoid - policy OID (ex. "1.2.3.4.5")</li> 1035 * <li>{Object}array - array of {@link KJUR.asn1.x509.PolicyQualifierInfo} 1036 * parameters (OPTIONAL)</li> 1037 * </ul> 1038 * @example 1039 * new KJUR.asn1.x509.PolicyInformation({ 1040 * policyoid: "1.2.3.4.5", 1041 * array: [ 1042 * { cps: "https://example.com/repository" }, 1043 * { unotice: { 1044 * noticeref: { // CA SHOULD NOT use this by RFC 1045 * org: {type: "ia5", str: "Sample Org"}, 1046 * noticenum: [{int: 5}, {hex: "01af"}] 1047 * }, 1048 * exptext: {type: "ia5", str: "Sample Policy"} 1049 * }} 1050 * ] 1051 * }) 1052 */ 1053 KJUR.asn1.x509.PolicyInformation = function(params) { 1054 KJUR.asn1.x509.PolicyInformation.superclass.constructor.call(this, 1055 params); 1056 var _KJUR_asn1 = KJUR.asn1, 1057 _DERSequence = _KJUR_asn1.DERSequence, 1058 _DERObjectIdentifier = _KJUR_asn1.DERObjectIdentifier, 1059 _PolicyQualifierInfo = _KJUR_asn1.x509.PolicyQualifierInfo; 1060 1061 this.params = null; 1062 1063 this.tohex = function() { 1064 if (this.params.policyoid === undefined && 1065 this.params.array === undefined) 1066 throw new Error("parameter oid and array missing"); 1067 1068 // policy oid 1069 var a = [new _DERObjectIdentifier(this.params.policyoid)]; 1070 1071 // array of ASN1Object of PolicyQualifierInfo 1072 if (this.params.array !== undefined) { 1073 var aPQI = []; 1074 for (var i = 0; i < this.params.array.length; i++) { 1075 aPQI.push(new _PolicyQualifierInfo(this.params.array[i])); 1076 } 1077 if (aPQI.length > 0) { 1078 a.push(new _DERSequence({array: aPQI})); 1079 } 1080 } 1081 1082 var seq = new _DERSequence({array: a}); 1083 return seq.tohex(); 1084 }; 1085 this.getEncodedHex = function() { return this.tohex(); }; 1086 1087 if (params !== undefined) { 1088 this.params = params; 1089 } 1090 }; 1091 extendClass(KJUR.asn1.x509.PolicyInformation, KJUR.asn1.ASN1Object); 1092 1093 /** 1094 * PolicyQualifierInfo ASN.1 structure class 1095 * @name KJUR.asn1.x509.PolicyQualifierInfo 1096 * @class PolicyQualifierInfo ASN.1 structure class 1097 * @param {Array} params associative array of parameters 1098 * @extends KJUR.asn1.ASN1Object 1099 * @since jsrsasign 8.0.23 asn1x509 1.1.12 1100 * @description 1101 * This class represents 1102 * <a href="https://tools.ietf.org/html/rfc5280#section-4.2.1.4"> 1103 * PolicyQualifierInfo defined in RFC 5280 4.2.1.4</a>. 1104 * <pre> 1105 * PolicyQualifierInfo ::= SEQUENCE { 1106 * policyQualifierId PolicyQualifierId, 1107 * qualifier ANY DEFINED BY policyQualifierId } 1108 * PolicyQualifierId ::= OBJECT IDENTIFIER ( id-qt-cps | id-qt-unotice ) 1109 * CPSuri ::= IA5String 1110 * </pre> 1111 * Its constructor can have one of following two parameters: 1112 * <ul> 1113 * <li>{String}cps - URI string for CPS</li> 1114 * <li>{Object}unotice - {@link KJUR.asn1.x509.UserNotice} parameter</li> 1115 * </ul> 1116 * @example 1117 * new PolicyQualifierInfo({ 1118 * cps: "https://example.com/repository/cps" 1119 * }) 1120 * 1121 * new PolicyQualifierInfo({ 1122 * unotice: { 1123 * noticeref: { // CA SHOULD NOT use this by RFC 1124 * org: {type: "bmp", str: "Sample Org"}, 1125 * noticenum: [{int: 3}, {hex: "01af"}] 1126 * }, 1127 * exptext: {type: "ia5", str: "Sample Policy"} 1128 * } 1129 * }) 1130 */ 1131 KJUR.asn1.x509.PolicyQualifierInfo = function(params) { 1132 KJUR.asn1.x509.PolicyQualifierInfo.superclass.constructor.call(this, 1133 params); 1134 var _KJUR_asn1 = KJUR.asn1, 1135 _DERSequence = _KJUR_asn1.DERSequence, 1136 _DERIA5String = _KJUR_asn1.DERIA5String, 1137 _DERObjectIdentifier = _KJUR_asn1.DERObjectIdentifier, 1138 _UserNotice = _KJUR_asn1.x509.UserNotice; 1139 1140 this.params = null; 1141 1142 this.tohex = function() { 1143 if (this.params.cps !== undefined) { 1144 var seq = new _DERSequence({array: [ 1145 new _DERObjectIdentifier({oid: '1.3.6.1.5.5.7.2.1'}), 1146 new _DERIA5String({str: this.params.cps}) 1147 ]}); 1148 return seq.tohex(); 1149 } 1150 if (this.params.unotice != undefined) { 1151 var seq = new _DERSequence({array: [ 1152 new _DERObjectIdentifier({oid: '1.3.6.1.5.5.7.2.2'}), 1153 new _UserNotice(this.params.unotice) 1154 ]}); 1155 return seq.tohex(); 1156 } 1157 }; 1158 this.getEncodedHex = function() { return this.tohex(); }; 1159 1160 if (params !== undefined) { 1161 this.params = params; 1162 } 1163 }; 1164 extendClass(KJUR.asn1.x509.PolicyQualifierInfo, KJUR.asn1.ASN1Object); 1165 1166 1167 /** 1168 * UserNotice ASN.1 structure class 1169 * @name KJUR.asn1.x509.UserNotice 1170 * @class UserNotice ASN.1 structure class 1171 * @param {Array} params associative array of parameters 1172 * @extends KJUR.asn1.ASN1Object 1173 * @since jsrsasign 8.0.23 asn1x509 1.1.12 1174 * @description 1175 * This class represents 1176 * <a href="https://tools.ietf.org/html/rfc5280#section-4.2.1.4"> 1177 * UserNotice defined in RFC 5280 4.2.1.4</a>. 1178 * <pre> 1179 * UserNotice ::= SEQUENCE { 1180 * noticeRef NoticeReference OPTIONAL, 1181 * explicitText DisplayText OPTIONAL } 1182 * </pre> 1183 * Its constructor can have following two parameters: 1184 * <ul> 1185 * <li>{Object}noticeref - {@link KJUR.asn1.x509.NoticeReference} parameter. 1186 * This SHALL NOT be set for conforming CA by RFC 5280. (OPTIONAL)</li> 1187 * <li>{Object}exptext - explicitText value 1188 * by {@link KJUR.asn1.x509.DisplayText} parameter (OPTIONAL)</li> 1189 * </ul> 1190 * @example 1191 * new UserNotice({ 1192 * noticeref: { 1193 * org: {type: "bmp", str: "Sample Org"}, 1194 * noticenum: [{int: 3}, {hex: "01af"}] 1195 * }, 1196 * exptext: {type: "ia5", str: "Sample Policy"} 1197 * }) 1198 */ 1199 KJUR.asn1.x509.UserNotice = function(params) { 1200 KJUR.asn1.x509.UserNotice.superclass.constructor.call(this, params); 1201 var _DERSequence = KJUR.asn1.DERSequence, 1202 _DERInteger = KJUR.asn1.DERInteger, 1203 _DisplayText = KJUR.asn1.x509.DisplayText, 1204 _NoticeReference = KJUR.asn1.x509.NoticeReference; 1205 1206 this.params = null; 1207 1208 this.tohex = function() { 1209 var a = []; 1210 if (this.params.noticeref !== undefined) { 1211 a.push(new _NoticeReference(this.params.noticeref)); 1212 } 1213 if (this.params.exptext !== undefined) { 1214 a.push(new _DisplayText(this.params.exptext)); 1215 } 1216 var seq = new _DERSequence({array: a}); 1217 return seq.tohex(); 1218 }; 1219 this.getEncodedHex = function() { return this.tohex(); }; 1220 1221 if (params !== undefined) { 1222 this.params = params; 1223 } 1224 }; 1225 extendClass(KJUR.asn1.x509.UserNotice, KJUR.asn1.ASN1Object); 1226 1227 /** 1228 * NoticeReference ASN.1 structure class 1229 * @name KJUR.asn1.x509.NoticeReference 1230 * @class NoticeReference ASN.1 structure class 1231 * @param {Array} params associative array of parameters 1232 * @extends KJUR.asn1.ASN1Object 1233 * @since jsrsasign 8.0.23 asn1x509 1.1.12 1234 * @description 1235 * This class represents 1236 * <a href="https://tools.ietf.org/html/rfc5280#section-4.2.1.4"> 1237 * NoticeReference defined in RFC 5280 4.2.1.4</a>. 1238 * <pre> 1239 * NoticeReference ::= SEQUENCE { 1240 * organization DisplayText, 1241 * noticeNumbers SEQUENCE OF INTEGER } 1242 * </pre> 1243 * Its constructor can have following two parameters: 1244 * <ul> 1245 * <li>{Object}org - organization by {@link KJUR.asn1.x509.DisplayText} 1246 * parameter.</li> 1247 * <li>{Object}noticenum - noticeNumbers value by an array of 1248 * {@link KJUR.asn1.DERInteger} parameter</li> 1249 * </ul> 1250 * @example 1251 * new NoticeReference({ 1252 * org: {type: "bmp", str: "Sample Org"}, 1253 * noticenum: [{int: 3}, {hex: "01af"}] 1254 * }) 1255 */ 1256 KJUR.asn1.x509.NoticeReference = function(params) { 1257 KJUR.asn1.x509.NoticeReference.superclass.constructor.call(this, params); 1258 var _DERSequence = KJUR.asn1.DERSequence, 1259 _DERInteger = KJUR.asn1.DERInteger, 1260 _DisplayText = KJUR.asn1.x509.DisplayText; 1261 1262 this.params = null; 1263 1264 this.tohex = function() { 1265 var a = []; 1266 if (this.params.org !== undefined) { 1267 a.push(new _DisplayText(this.params.org)); 1268 } 1269 if (this.params.noticenum !== undefined) { 1270 var aNoticeNum = []; 1271 var aNumParam = this.params.noticenum; 1272 for (var i = 0; i < aNumParam.length; i++) { 1273 aNoticeNum.push(new _DERInteger(aNumParam[i])); 1274 } 1275 a.push(new _DERSequence({array: aNoticeNum})); 1276 } 1277 if (a.length == 0) throw new Error("parameter is empty"); 1278 var seq = new _DERSequence({array: a}); 1279 return seq.tohex(); 1280 } 1281 this.getEncodedHex = function() { return this.tohex(); }; 1282 1283 if (params !== undefined) { 1284 this.params = params; 1285 } 1286 }; 1287 extendClass(KJUR.asn1.x509.NoticeReference, KJUR.asn1.ASN1Object); 1288 1289 /** 1290 * DisplayText ASN.1 structure class 1291 * @name KJUR.asn1.x509.DisplayText 1292 * @class DisplayText ASN.1 structure class 1293 * @param {Array} params associative array of parameters 1294 * @extends KJUR.asn1.DERAbstractString 1295 * @since jsrsasign 8.0.23 asn1x509 1.1.12 1296 * @description 1297 * This class represents 1298 * <a href="https://tools.ietf.org/html/rfc5280#section-4.2.1.4"> 1299 * DisplayText defined in RFC 5280 4.2.1.4</a>. 1300 * <pre> 1301 * -- from RFC 5280 Appendix A 1302 * DisplayText ::= CHOICE { 1303 * ia5String IA5String (SIZE (1..200)), 1304 * visibleString VisibleString (SIZE (1..200)), 1305 * bmpString BMPString (SIZE (1..200)), 1306 * utf8String UTF8String (SIZE (1..200)) } 1307 * </pre> 1308 * {@link KJUR.asn1.DERAbstractString} parameters and methods 1309 * can be used. 1310 * Its constructor can also have following parameter: 1311 * <ul> 1312 * <li>{String} type - DirectoryString type of DisplayText. 1313 * "ia5" for IA5String, "vis" for VisibleString, 1314 * "bmp" for BMPString and "utf8" for UTF8String. 1315 * Default is "utf8". (OPTIONAL)</li> 1316 * </ul> 1317 * @example 1318 * new DisplayText({type: "bmp", str: "Sample Org"}) 1319 * new DisplayText({type: "ia5", str: "Sample Org"}) 1320 * new DisplayText({str: "Sample Org"}) 1321 */ 1322 KJUR.asn1.x509.DisplayText = function(params) { 1323 KJUR.asn1.x509.DisplayText.superclass.constructor.call(this, params); 1324 1325 this.hT = "0c"; // DEFAULT "utf8" 1326 1327 if (params !== undefined) { 1328 if (params.type === "ia5") { 1329 this.hT = "16"; 1330 } else if (params.type === "vis") { 1331 this.hT = "1a"; 1332 } else if (params.type === "bmp") { 1333 this.hT = "1e"; 1334 } 1335 } 1336 }; 1337 extendClass(KJUR.asn1.x509.DisplayText, KJUR.asn1.DERAbstractString); 1338 // ===== END CertificatePolicies related classes ===== 1339 1340 // ===================================================================== 1341 1342 /** 1343 * PolicyMappings ASN.1 structure class<br/> 1344 * @name KJUR.asn1.x509.PolicyMappings 1345 * @class PolicyMappings ASN.1 structure class 1346 * @param {Array} params associative array of parameters 1347 * @extends KJUR.asn1.x509.Extension 1348 * @since jsrsasign 10.6.1 asn1x509 2.1.17 1349 * @description 1350 * This class represents 1351 * <a href="https://tools.ietf.org/html/rfc5280#section-4.2.1.5"> 1352 * PolicyMappings extension defined in RFC 5280 4.2.1.5</a>. 1353 * <pre> 1354 * id-ce-policyMappings OBJECT IDENTIFIER ::= { id-ce 33 } 1355 * PolicyMappings ::= SEQUENCE SIZE (1..MAX) OF SEQUENCE { 1356 * issuerDomainPolicy CertPolicyId, 1357 * subjectDomainPolicy CertPolicyId } 1358 * </pre> 1359 * Its constructor can have following parameters: 1360 * <ul> 1361 * <li>array - Array: one or more pairs of OIDS</li> 1362 * <li>critical - boolean: critical flag</li> 1363 * </ul> 1364 * OID in "array" can use an OID name registered in 1365 * {@link KJUR.asn1.x509.OID} such as "anyPolicy". 1366 * @example 1367 * e1 = new KJUR.asn1.x509.PolicyMappings({ 1368 * array: [["1.2.3", "0.1.2"], ["anyPolicy", "1.2.4"]], 1369 * critical: true 1370 * }); 1371 */ 1372 KJUR.asn1.x509.PolicyMappings = function(params) { 1373 KJUR.asn1.x509.PolicyMappings.superclass.constructor.call(this, params); 1374 var _KJUR = KJUR, 1375 _KJUR_asn1 = _KJUR.asn1, 1376 _KJUR_asn1_x509 = _KJUR_asn1.x509, 1377 _newObject = _KJUR_asn1.ASN1Util.newObject; 1378 1379 this.params = null; 1380 1381 this.getExtnValueHex = function() { 1382 var params = this.params; 1383 var aItem = []; 1384 for (var i = 0; i < params.array.length; i++) { 1385 var aOid = params.array[i]; 1386 aItem.push({seq: [{oid: aOid[0]}, {oid: aOid[1]}]}); 1387 } 1388 this.asn1ExtnValue = _newObject({seq: aItem}); 1389 return this.asn1ExtnValue.tohex(); 1390 }; 1391 1392 this.oid = "2.5.29.33"; 1393 if (params !== undefined) { 1394 this.params = params; 1395 } 1396 }; 1397 extendClass(KJUR.asn1.x509.PolicyMappings, KJUR.asn1.x509.Extension); 1398 1399 /** 1400 * PolicyConstraints ASN.1 structure class<br/> 1401 * @name KJUR.asn1.x509.PolicyConstraints 1402 * @class PolicyConstraints ASN.1 structure class 1403 * @param {Array} params associative array of parameters 1404 * @extends KJUR.asn1.x509.Extension 1405 * @since jsrsasign 10.6.1 asn1x509 2.1.17 1406 * @description 1407 * This class represents 1408 * <a href="https://tools.ietf.org/html/rfc5280#section-4.2.1.11"> 1409 * PolicyConstraints extension defined in RFC 5280 4.2.1.11</a>. 1410 * <pre> 1411 * id-ce-policyConstraints OBJECT IDENTIFIER ::= { id-ce 36 } 1412 * PolicyConstraints ::= SEQUENCE { 1413 * requireExplicitPolicy [0] SkipCerts OPTIONAL, 1414 * inhibitPolicyMapping [1] SkipCerts OPTIONAL } 1415 * SkipCerts ::= INTEGER (0..MAX) 1416 * </pre> 1417 * Its constructor can have following parameters: 1418 * <ul> 1419 * <li>reqexp - integer: the number of additional certificates that may appear 1420 * in the path before an explicit policy is required for the entire path.</li> 1421 * <li>inhibit - integer: the number of additional certificates that may appear 1422 * in the path before policy mapping is no longer permitted.</li> 1423 * <li>critical - boolean: critical flag</li> 1424 * </ul> 1425 * @example 1426 * e1 = new KJUR.asn1.x509.PolicyConstraints({ 1427 * reqexp: 3, 1428 * inhibit: 3, 1429 * critical: true 1430 * }); 1431 */ 1432 KJUR.asn1.x509.PolicyConstraints = function(params) { 1433 KJUR.asn1.x509.PolicyConstraints.superclass.constructor.call(this, params); 1434 var _KJUR = KJUR, 1435 _KJUR_asn1 = _KJUR.asn1, 1436 _KJUR_asn1_x509 = _KJUR_asn1.x509, 1437 _newObject = _KJUR_asn1.ASN1Util.newObject; 1438 1439 this.params = null; 1440 1441 this.getExtnValueHex = function() { 1442 var params = this.params; 1443 var aItem = []; 1444 if (params.reqexp != undefined) { 1445 aItem.push({tag: {tagi: "80", obj: {"int": params.reqexp}}}); 1446 } 1447 if (params.inhibit != undefined) { 1448 aItem.push({tag: {tagi: "81", obj: {"int": params.inhibit}}}); 1449 } 1450 1451 this.asn1ExtnValue = _newObject({"seq": aItem}); 1452 return this.asn1ExtnValue.tohex(); 1453 }; 1454 1455 this.oid = "2.5.29.36"; 1456 if (params !== undefined) { 1457 this.params = params; 1458 } 1459 }; 1460 extendClass(KJUR.asn1.x509.PolicyConstraints, KJUR.asn1.x509.Extension); 1461 1462 /** 1463 * InhibitAnyPolicy ASN.1 structure class<br/> 1464 * @name KJUR.asn1.x509.InhibitAnyPolicy 1465 * @class InhibitAnyPolicy ASN.1 structure class 1466 * @param {Array} params associative array of parameters 1467 * @extends KJUR.asn1.x509.Extension 1468 * @since jsrsasign 10.6.1 asn1x509 2.1.17 1469 * @description 1470 * This class represents 1471 * <a href="https://tools.ietf.org/html/rfc5280#section-4.2.1.14"> 1472 * InhibitAnyPolicy extension defined in RFC 5280 4.2.1.14</a>. 1473 * <pre> 1474 * id-ce-inhibitAnyPolicy OBJECT IDENTIFIER ::= { id-ce 54 } 1475 * InhibitAnyPolicy ::= SkipCerts 1476 * SkipCerts ::= INTEGER (0..MAX) 1477 * </pre> 1478 * Its constructor can have following parameters: 1479 * <ul> 1480 * <li>skip - the number of additional non-self-issued certificates that may appear 1481 * in the path before anyPolicy is no longer permitted<li> 1482 * <li>critical - boolean: critical flag</li> 1483 * </ul> 1484 * @example 1485 * e1 = new KJUR.asn1.x509.InhibitAnyPolicy({ 1486 * skip: 5, 1487 * critical: true 1488 * }); 1489 */ 1490 KJUR.asn1.x509.InhibitAnyPolicy = function(params) { 1491 KJUR.asn1.x509.InhibitAnyPolicy.superclass.constructor.call(this, params); 1492 var _KJUR = KJUR, 1493 _KJUR_asn1 = _KJUR.asn1, 1494 _KJUR_asn1_x509 = _KJUR_asn1.x509, 1495 _newObject = _KJUR_asn1.ASN1Util.newObject; 1496 1497 this.params = null; 1498 1499 this.getExtnValueHex = function() { 1500 this.asn1ExtnValue = _newObject({"int": this.params.skip}); 1501 return this.asn1ExtnValue.tohex(); 1502 }; 1503 1504 this.oid = "2.5.29.54"; 1505 if (params !== undefined) { 1506 this.params = params; 1507 } 1508 }; 1509 extendClass(KJUR.asn1.x509.InhibitAnyPolicy, KJUR.asn1.x509.Extension); 1510 1511 // ===================================================================== 1512 /** 1513 * NameConstraints ASN.1 structure class<br/> 1514 * @name KJUR.asn1.x509.NameConstraints 1515 * @class NameConstraints ASN.1 structure class 1516 * @param {Array} params associative array of parameters 1517 * @extends KJUR.asn1.x509.Extension 1518 * @since jsrsasign 10.5.16 asn1x509 2.1.13 1519 * @see X509#getExtNameConstraints 1520 * @see KJUR.asn1.x509.GeneralSubtree 1521 * @see KJUR.asn1.x509.GeneralName 1522 1523 * @description 1524 * This class provides X.509v3 NameConstraints extension. 1525 * defined in 1526 * <a href="https://tools.ietf.org/html/rfc5280#section-4.2.1.10"> 1527 * RFC 5280 4.2.1.10</a>. 1528 * <pre> 1529 * id-ce-nameConstraints OBJECT IDENTIFIER ::= { id-ce 30 } 1530 * NameConstraints ::= SEQUENCE { 1531 * permittedSubtrees [0] GeneralSubtrees OPTIONAL, 1532 * excludedSubtrees [1] GeneralSubtrees OPTIONAL } 1533 * GeneralSubtrees ::= SEQUENCE SIZE (1..MAX) OF GeneralSubtree 1534 * GeneralSubtree ::= SEQUENCE { 1535 * base GeneralName, 1536 * minimum [0] BaseDistance DEFAULT 0, 1537 * maximum [1] BaseDistance OPTIONAL } 1538 * BaseDistance ::= INTEGER (0..MAX) 1539 * </pre> 1540 * 1541 * @example 1542 * new NameConstraints({permit: [{dns: "example.com"}], critical: true}) 1543 * new NameConstraints({exclude: [{uri: "example.com"}], critical: true}) 1544 * new NameConstraints({exclude: [{dn: "/C=JP/O=T1"}], critical: true}) 1545 * new NameConstraints({ 1546 * critical: true, 1547 * permit: [{dn: "/C=JP/O=T1"}], 1548 * exclude: [{dn: "/C=US/O=T1", max: 2}]}) 1549 */ 1550 KJUR.asn1.x509.NameConstraints = function(params) { 1551 KJUR.asn1.x509.NameConstraints.superclass.constructor.call(this, params); 1552 var _KJUR = KJUR, 1553 _KJUR_asn1 = _KJUR.asn1, 1554 _KJUR_asn1_x509 = _KJUR_asn1.x509, 1555 _newObject = _KJUR_asn1.ASN1Util.newObject, 1556 _GeneralSubtree = _KJUR_asn1_x509.GeneralSubtree; 1557 1558 this.params = null; 1559 1560 this.getExtnValueHex = function() { 1561 var params = this.params; 1562 var aItem = []; 1563 if (params.permit != undefined && 1564 params.permit.length != undefined) { 1565 var aPermit = []; 1566 for (var i = 0; i < params.permit.length; i++) { 1567 aPermit.push(new _GeneralSubtree(params.permit[i])); 1568 } 1569 aItem.push({tag: {tagi: "a0", obj: {seq: aPermit}}}); 1570 } 1571 1572 if (params.exclude != undefined && 1573 params.exclude.length != undefined) { 1574 var aExclude = []; 1575 for (var i = 0; i < params.exclude.length; i++) { 1576 aExclude.push(new _GeneralSubtree(params.exclude[i])); 1577 } 1578 aItem.push({tag: {tagi: "a1", obj: {seq: aExclude}}}); 1579 } 1580 1581 this.asn1ExtnValue = _newObject({seq: aItem}); 1582 return this.asn1ExtnValue.tohex(); 1583 }; 1584 1585 this.oid = "2.5.29.30"; 1586 if (params !== undefined) this.params = params; 1587 }; 1588 extendClass(KJUR.asn1.x509.NameConstraints, KJUR.asn1.x509.Extension); 1589 1590 /** 1591 * GeneralSubtree ASN.1 structure class<br/> 1592 * @name KJUR.asn1.x509.GeneralSubtree 1593 * @class GeneralSubtree ASN.1 structure class 1594 * @since jsrsasign 10.5.16 asn1x509 2.1.13 1595 * @see KJUR.asn1.x509.NameConstraints 1596 * @see KJUR.asn1.x509.GeneralName 1597 * @see X509#getExtNameConstraints 1598 * @see X509#getGeneralSubtree 1599 * 1600 * @description 1601 * This class provides a encoder for GeneralSubtree 1602 * defined in 1603 * <a href="https://tools.ietf.org/html/rfc5280#section-4.2.1.10"> 1604 * RFC 5280 4.2.1.10</a>. 1605 * This will be used for nameConstraints extension. 1606 * <br> 1607 * Here is definition of the ASN.1 syntax: 1608 * <pre> 1609 * GeneralSubtree ::= SEQUENCE { 1610 * base GeneralName, 1611 * minimum [0] BaseDistance DEFAULT 0, 1612 * maximum [1] BaseDistance OPTIONAL } 1613 * BaseDistance ::= INTEGER (0..MAX) 1614 * </pre> 1615 * An argument for constructor is the same as 1616 * {@link KJUR.asn1.x509.GeneralName} except 1617 * this has following optional members: 1618 * <ul> 1619 * <li>min - {Number} value for the minimum field</li> 1620 * <li>max - {Number} value for the maximum field</li> 1621 * </ul> 1622 * Please note that min and max can't be specified since 1623 * they are prohibited in RFC 5280. 1624 * 1625 * @example 1626 * new GeneralSubtree({dns: "example.com"}) 1627 * new GeneralSubtree({uri: ".example.com"}) 1628 * new GeneralSubtree({dn: "/C=JP/O=Test1"}) 1629 */ 1630 KJUR.asn1.x509.GeneralSubtree = function(params) { 1631 KJUR.asn1.x509.GeneralSubtree.superclass.constructor.call(this); 1632 1633 var _KJUR_asn1 = KJUR.asn1, 1634 _KJUR_asn1_x509 = _KJUR_asn1.x509, 1635 _GeneralName = _KJUR_asn1_x509.GeneralName, 1636 _newObject = _KJUR_asn1.ASN1Util.newObject; 1637 1638 this.params = null; 1639 1640 this.setByParam = function(params) { 1641 this.params = params; 1642 }; 1643 1644 this.tohex = function() { 1645 var params = this.params; 1646 1647 var aItem = [new _GeneralName(params)]; 1648 if (params.min != undefined) 1649 aItem.push({tag: {tagi:"80", obj: {"int": params.min}}}); 1650 if (params.max != undefined) 1651 aItem.push({tag: {tagi:"81", obj: {"int": params.max}}}); 1652 1653 var dSeq = _newObject({seq: aItem}); 1654 return dSeq.tohex(); 1655 } 1656 this.getEncodedHex = function() { return this.tohex(); }; 1657 1658 if (params !== undefined) this.setByParam(params); 1659 }; 1660 extendClass(KJUR.asn1.x509.GeneralSubtree, KJUR.asn1.ASN1Object); 1661 1662 // ===================================================================== 1663 /** 1664 * KeyUsage ASN.1 structure class 1665 * @name KJUR.asn1.x509.ExtKeyUsage 1666 * @class ExtKeyUsage ASN.1 structure class 1667 * @param {Array} params associative array of parameters 1668 * @extends KJUR.asn1.x509.Extension 1669 * @description 1670 * @example 1671 * e1 = new KJUR.asn1.x509.ExtKeyUsage({ 1672 * critical: true, 1673 * array: [ 1674 * {oid: '2.5.29.37.0'}, // anyExtendedKeyUsage 1675 * {name: 'clientAuth'}, 1676 * "1.2.3.4", 1677 * "serverAuth" 1678 * ] 1679 * }); 1680 * // id-ce-extKeyUsage OBJECT IDENTIFIER ::= { id-ce 37 } 1681 * // ExtKeyUsageSyntax ::= SEQUENCE SIZE (1..MAX) OF KeyPurposeId 1682 * // KeyPurposeId ::= OBJECT IDENTIFIER 1683 */ 1684 KJUR.asn1.x509.ExtKeyUsage = function(params) { 1685 KJUR.asn1.x509.ExtKeyUsage.superclass.constructor.call(this, params); 1686 var _KJUR = KJUR, 1687 _KJUR_asn1 = _KJUR.asn1; 1688 1689 this.setPurposeArray = function(purposeArray) { 1690 this.asn1ExtnValue = new _KJUR_asn1.DERSequence(); 1691 for (var i = 0; i < purposeArray.length; i++) { 1692 var o = new _KJUR_asn1.DERObjectIdentifier(purposeArray[i]); 1693 this.asn1ExtnValue.appendASN1Object(o); 1694 } 1695 }; 1696 1697 this.getExtnValueHex = function() { 1698 return this.asn1ExtnValue.tohex(); 1699 }; 1700 1701 this.oid = "2.5.29.37"; 1702 if (params !== undefined) { 1703 if (params.array !== undefined) { 1704 this.setPurposeArray(params.array); 1705 } 1706 } 1707 }; 1708 extendClass(KJUR.asn1.x509.ExtKeyUsage, KJUR.asn1.x509.Extension); 1709 1710 /** 1711 * AuthorityKeyIdentifier ASN.1 structure class 1712 * @name KJUR.asn1.x509.AuthorityKeyIdentifier 1713 * @class AuthorityKeyIdentifier ASN.1 structure class 1714 * @param {Array} params associative array of parameters (ex. {kid: {hex: '89ab...'}, critical: true}) 1715 * @extends KJUR.asn1.x509.Extension 1716 * @since asn1x509 1.0.8 1717 * @description 1718 * This class represents ASN.1 structure for <a href="https://tools.ietf.org/html/rfc5280#section-4.2.1.1">AuthorityKeyIdentifier in RFC 5280</a>. 1719 * Constructor of this class may have following parameters.: 1720 * <ul> 1721 * <li>kid - When key object (RSA, KJUR.crypto.ECDSA/DSA) or PEM string of issuing authority public key or issuer certificate is specified, key identifier will be automatically calculated by the method specified in RFC 5280. When a hexadecimal string is specifed, kid will be set explicitly by it.</li> 1722 * <li>isscert - When PEM string of authority certificate is specified, both authorityCertIssuer and authorityCertSerialNumber will be set by the certificate.</li> 1723 * <li>issuer - {@link KJUR.asn1.x509.X500Name} parameter to specify issuer name explicitly.</li> 1724 * <li>sn - hexadecimal string to specify serial number explicitly.</li> 1725 * <li>critical - boolean to specify criticality of this extension 1726 * however conforming CA must mark this extension as non-critical in RFC 5280.</li> 1727 * </ul> 1728 * 1729 * <pre> 1730 * d-ce-authorityKeyIdentifier OBJECT IDENTIFIER ::= { id-ce 35 } 1731 * AuthorityKeyIdentifier ::= SEQUENCE { 1732 * keyIdentifier [0] KeyIdentifier OPTIONAL, 1733 * authorityCertIssuer [1] GeneralNames OPTIONAL, 1734 * authorityCertSerialNumber [2] CertificateSerialNumber OPTIONAL } 1735 * KeyIdentifier ::= OCTET STRING 1736 * </pre> 1737 * 1738 * @example 1739 * // 1. kid by key object 1740 * keyobj = KEYUTIL.getKey("-----BEGIN PUBLIC KEY..."); 1741 * e1 = new KJUR.asn1.x509.AuthorityKeyIdentifier({kid: keyobj}); 1742 * // 2. kid by PEM string of authority certificate or public key 1743 * e1 = new KJUR.asn1.x509.AuthorityKeyIdentifier({kid: "-----BEGIN..."}); 1744 * // 3. specify kid explicitly 1745 * e1 = new KJUR.asn1.x509.AuthorityKeyIdentifier({kid: "8ab1d3..."}); 1746 * }); 1747 * // 4. issuer and serial number by auhtority PEM certificate 1748 * e1 = new KJUR.asn1.x509.AuthorityKeyIdentifier({isscert: "-----BEGIN..."}); 1749 * // 5. issuer and serial number explicitly 1750 * e1 = new KJUR.asn1.x509.AuthorityKeyIdentifier({ 1751 * issuer: {ldapstr: "O=test,C=US"}, 1752 * sn: {hex: "1ac7..."}}); 1753 * // 6. combination 1754 * e1 = new KJUR.asn1.x509.AuthorityKeyIdentifier({ 1755 * kid: "-----BEGIN CERTIFICATE...", 1756 * isscert: "-----BEGIN CERTIFICATE..."}); 1757 */ 1758 KJUR.asn1.x509.AuthorityKeyIdentifier = function(params) { 1759 KJUR.asn1.x509.AuthorityKeyIdentifier.superclass.constructor.call(this, params); 1760 var _KJUR = KJUR, 1761 _KJUR_asn1 = _KJUR.asn1, 1762 _DERTaggedObject = _KJUR_asn1.DERTaggedObject, 1763 _GeneralNames = _KJUR_asn1.x509.GeneralNames, 1764 _isKey = _KJUR.crypto.Util.isKey; 1765 1766 this.asn1KID = null; 1767 this.asn1CertIssuer = null; // X500Name hTLV 1768 this.asn1CertSN = null; 1769 1770 this.getExtnValueHex = function() { 1771 var a = new Array(); 1772 if (this.asn1KID) 1773 a.push(new _DERTaggedObject({'explicit': false, 1774 'tag': '80', 1775 'obj': this.asn1KID})); 1776 1777 if (this.asn1CertIssuer) 1778 a.push(new _DERTaggedObject({'explicit': false, 1779 'tag': 'a1', 1780 'obj': new _GeneralNames([{dn: this.asn1CertIssuer}])})); 1781 1782 if (this.asn1CertSN) 1783 a.push(new _DERTaggedObject({'explicit': false, 1784 'tag': '82', 1785 'obj': this.asn1CertSN})); 1786 1787 var asn1Seq = new _KJUR_asn1.DERSequence({'array': a}); 1788 this.asn1ExtnValue = asn1Seq; 1789 return this.asn1ExtnValue.tohex(); 1790 }; 1791 1792 /** 1793 * set keyIdentifier value by DEROctetString parameter, key object or PEM file 1794 * @name setKIDByParam 1795 * @memberOf KJUR.asn1.x509.AuthorityKeyIdentifier# 1796 * @function 1797 * @param {Array} param parameter to set key identifier 1798 * @since asn1x509 1.0.8 1799 * @description 1800 * This method will set keyIdentifier by param. 1801 * Its key identifier value can be set by following type of param argument: 1802 * <ul> 1803 * <li>{str: "123"} - by raw string</li> 1804 * <li>{hex: "01af..."} - by hexadecimal value</li> 1805 * <li>RSAKey/DSA/ECDSA - by RSAKey, KJUR.crypto.{DSA/ECDSA} public key object. 1806 * key identifier value will be calculated by the method described in 1807 * <a href="https://tools.ietf.org/html/rfc5280#section-4.2.1.2">RFC 5280 4.2.1.2 (1)</a>. 1808 * </li> 1809 * <li>certificate PEM string - extract subjectPublicKeyInfo from specified PEM 1810 * certificate and 1811 * key identifier value will be calculated by the method described in 1812 * <a href="https://tools.ietf.org/html/rfc5280#section-4.2.1.2">RFC 5280 4.2.1.2 (1)</a>. 1813 * <li>PKCS#1/#8 public key PEM string - pem will be converted to a key object and 1814 * to PKCS#8 ASN.1 structure then calculate 1815 * a key identifier value will be calculated by the method described in 1816 * <a href="https://tools.ietf.org/html/rfc5280#section-4.2.1.2">RFC 5280 4.2.1.2 (1)</a>. 1817 * </ul> 1818 * 1819 * NOTE1: Automatic key identifier calculation is supported 1820 * since jsrsasign 8.0.16. 1821 * 1822 * @see KEYUTIL.getKeyID 1823 * 1824 * @example 1825 * o = new KJUR.asn1.x509.AuthorityKeyIdentifier(); 1826 * // set by hexadecimal string 1827 * o.setKIDByParam({hex: '1ad9...'}); 1828 * // set by SubjectPublicKeyInfo of PEM certificate string 1829 * o.setKIDByParam("-----BEGIN CERTIFICATE..."); 1830 * // set by PKCS#8 PEM public key string 1831 * o.setKIDByParam("-----BEGIN PUBLIC KEY..."); 1832 * // set by public key object 1833 * pubkey = KEYUTIL.getKey("-----BEGIN CERTIFICATE..."); 1834 * o.setKIDByParam(pubkey); 1835 */ 1836 this.setKIDByParam = function(param) { 1837 if (param.str !== undefined || 1838 param.hex !== undefined) { 1839 this.asn1KID = new KJUR.asn1.DEROctetString(param); 1840 } else if ((typeof param === "object" && 1841 KJUR.crypto.Util.isKey(param)) || 1842 (typeof param === "string" && 1843 param.indexOf("BEGIN ") != -1)) { 1844 1845 var keyobj = param; 1846 if (typeof param === "string") { 1847 keyobj = KEYUTIL.getKey(param); 1848 } 1849 1850 var kid = KEYUTIL.getKeyID(keyobj); 1851 this.asn1KID = new KJUR.asn1.DEROctetString({hex: kid}); 1852 } 1853 }; 1854 1855 /** 1856 * set authorityCertIssuer value by X500Name parameter 1857 * @name setCertIssuerByParam 1858 * @memberOf KJUR.asn1.x509.AuthorityKeyIdentifier# 1859 * @function 1860 * @param {Array} param parameter to set issuer name 1861 * @since asn1x509 1.0.8 1862 * @description 1863 * This method will set authorityCertIssuer name by param. 1864 * Issuer name can be set by following type of param argument: 1865 * <ul> 1866 * <li>str/ldapstr/hex/certsubject/certissuer - 1867 * set issuer by {@link KJUR.asn1.x509.X500Name} 1868 * object with specified parameters.</li> 1869 * <li>PEM CERTIFICATE STRING - extract its subject name from 1870 * specified issuer PEM certificate and set. 1871 * </ul> 1872 * NOTE1: Automatic authorityCertIssuer setting by certificate 1873 * is supported since jsrsasign 8.0.16. 1874 * 1875 * @see KJUR.asn1.x509.X500Name 1876 * @see KJUR.asn1.x509.GeneralNames 1877 * @see X509.getSubjectHex 1878 * 1879 * @example 1880 * var o = new KJUR.asn1.x509.AuthorityKeyIdentifier(); 1881 * // 1. set it by string 1882 * o.setCertIssuerByParam({str: '/C=US/O=Test'}); 1883 * // 2. set it by issuer PEM certificate 1884 * o.setCertIssuerByParam("-----BEGIN CERTIFICATE..."); 1885 * 1886 */ 1887 this.setCertIssuerByParam = function(param) { 1888 if (param.str !== undefined || 1889 param.ldapstr !== undefined || 1890 param.hex !== undefined || 1891 param.certsubject !== undefined || 1892 param.certissuer !== undefined) { 1893 this.asn1CertIssuer = new KJUR.asn1.x509.X500Name(param); 1894 } else if (typeof param === "string" && 1895 param.indexOf("BEGIN ") != -1 && 1896 param.indexOf("CERTIFICATE") != -1) { 1897 this.asn1CertIssuer = new KJUR.asn1.x509.X500Name({certissuer: param}); 1898 } 1899 }; 1900 1901 /** 1902 * set authorityCertSerialNumber value 1903 * @name setCertSerialNumberByParam 1904 * @memberOf KJUR.asn1.x509.AuthorityKeyIdentifier# 1905 * @function 1906 * @param {Object} param parameter to set serial number 1907 * @since asn1x509 1.0.8 1908 * @description 1909 * This method will set authorityCertSerialNumber by param. 1910 * Serial number can be set by following type of param argument: 1911 * 1912 * <ul> 1913 * <li>{int: 123} - by integer value</li> 1914 * <li>{hex: "01af"} - by hexadecimal integer value</li> 1915 * <li>{bigint: new BigInteger(...)} - by hexadecimal integer value</li> 1916 * <li>PEM CERTIFICATE STRING - extract serial number from issuer certificate and 1917 * set serial number. 1918 * 1919 * NOTE1: Automatic authorityCertSerialNumber setting by certificate 1920 * is supported since jsrsasign 8.0.16. 1921 * 1922 * @see X509.getSerialNumberHex 1923 */ 1924 this.setCertSNByParam = function(param) { 1925 if (param.str !== undefined || 1926 param.bigint !== undefined || 1927 param.hex !== undefined) { 1928 this.asn1CertSN = new KJUR.asn1.DERInteger(param); 1929 } else if (typeof param === "string" && 1930 param.indexOf("BEGIN ") != -1 && 1931 param.indexOf("CERTIFICATE")) { 1932 1933 var x = new X509(); 1934 x.readCertPEM(param); 1935 var sn = x.getSerialNumberHex(); 1936 this.asn1CertSN = new KJUR.asn1.DERInteger({hex: sn}); 1937 } 1938 }; 1939 1940 this.oid = "2.5.29.35"; 1941 if (params !== undefined) { 1942 if (params.kid !== undefined) { 1943 this.setKIDByParam(params.kid); 1944 } 1945 if (params.issuer !== undefined) { 1946 this.setCertIssuerByParam(params.issuer); 1947 } 1948 if (params.sn !== undefined) { 1949 this.setCertSNByParam(params.sn); 1950 } 1951 1952 if (params.issuersn !== undefined && 1953 typeof params.issuersn === "string" && 1954 params.issuersn.indexOf("BEGIN ") != -1 && 1955 params.issuersn.indexOf("CERTIFICATE")) { 1956 this.setCertSNByParam(params.issuersn); 1957 this.setCertIssuerByParam(params.issuersn); 1958 } 1959 } 1960 }; 1961 extendClass(KJUR.asn1.x509.AuthorityKeyIdentifier, KJUR.asn1.x509.Extension); 1962 1963 /** 1964 * SubjectKeyIdentifier extension ASN.1 structure class 1965 * @name KJUR.asn1.x509.SubjectKeyIdentifier 1966 * @class SubjectKeyIdentifier ASN.1 structure class 1967 * @param {Array} params associative array of parameters (ex. {kid: {hex: '89ab...'}, critical: true}) 1968 * @extends KJUR.asn1.x509.Extension 1969 * @since asn1x509 1.1.7 jsrsasign 8.0.14 1970 * @description 1971 * This class represents ASN.1 structure for 1972 * <a href="https://tools.ietf.org/html/rfc5280#section-4.2.1.2"> 1973 * SubjectKeyIdentifier in RFC 5280</a>. 1974 * Constructor of this class may have following parameters: 1975 * <ul> 1976 * <li>kid - When key object (RSA, KJUR.crypto.ECDSA/DSA) or PEM string of subject public key or certificate is specified, key identifier will be automatically calculated by the method specified in RFC 5280. When a hexadecimal string is specifed, kid will be set explicitly by it.</li> 1977 * <li>critical - boolean to specify criticality of this extension 1978 * however conforming CA must mark this extension as non-critical in RFC 5280.</li> 1979 * </ul> 1980 * <pre> 1981 * d-ce-subjectKeyIdentifier OBJECT IDENTIFIER ::= { id-ce 14 } 1982 * SubjectKeyIdentifier ::= KeyIdentifier 1983 * KeyIdentifier ::= OCTET STRING 1984 * </pre> 1985 * 1986 * @example 1987 * // set by hexadecimal string 1988 * e = new KJUR.asn1.x509.SubjectKeyIdentifier({kid: {hex: '89ab'}}); 1989 * // set by PEM public key or certificate string 1990 * e = new KJUR.asn1.x509.SubjectKeyIdentifier({kid: "-----BEGIN CERTIFICATE..."}); 1991 * // set by public key object 1992 * pubkey = KEYUTIL.getKey("-----BEGIN CERTIFICATE..."); 1993 * e = new KJUR.asn1.x509.SubjectKeyIdentifier({kid: pubkey}); 1994 */ 1995 KJUR.asn1.x509.SubjectKeyIdentifier = function(params) { 1996 KJUR.asn1.x509.SubjectKeyIdentifier.superclass.constructor.call(this, params); 1997 var _KJUR = KJUR, 1998 _KJUR_asn1 = _KJUR.asn1, 1999 _DEROctetString = _KJUR_asn1.DEROctetString; 2000 2001 this.asn1KID = null; 2002 2003 this.getExtnValueHex = function() { 2004 this.asn1ExtnValue = this.asn1KID; 2005 return this.asn1ExtnValue.tohex(); 2006 }; 2007 2008 /** 2009 * set keyIdentifier value by DEROctetString parameter, key object or PEM file 2010 * @name setKIDByParam 2011 * @memberOf KJUR.asn1.x509.SubjectKeyIdentifier# 2012 * @function 2013 * @param {Array} param array of {@link KJUR.asn1.DERInteger} parameter 2014 * @since asn1x509 1.1.7 jsrsasign 8.0.14 2015 * @description 2016 * <ul> 2017 * <li>{str: "123"} - by raw string</li> 2018 * <li>{hex: "01af..."} - by hexadecimal value</li> 2019 * <li>RSAKey/DSA/ECDSA - by RSAKey, KJUR.crypto.{DSA/ECDSA} public key object. 2020 * key identifier value will be calculated by the method described in 2021 * <a href="https://tools.ietf.org/html/rfc5280#section-4.2.1.2">RFC 5280 4.2.1.2 (1)</a>. 2022 * </li> 2023 * <li>certificate PEM string - extract subjectPublicKeyInfo from specified PEM 2024 * certificate and 2025 * key identifier value will be calculated by the method described in 2026 * <a href="https://tools.ietf.org/html/rfc5280#section-4.2.1.2">RFC 5280 4.2.1.2 (1)</a>. 2027 * <li>PKCS#1/#8 public key PEM string - pem will be converted to a key object and 2028 * to PKCS#8 ASN.1 structure then calculate 2029 * a key identifier value will be calculated by the method described in 2030 * <a href="https://tools.ietf.org/html/rfc5280#section-4.2.1.2">RFC 5280 4.2.1.2 (1)</a>. 2031 * </ul> 2032 * 2033 * NOTE1: Automatic key identifier calculation is supported 2034 * since jsrsasign 8.0.16. 2035 * 2036 * @see KEYUTIL.getKeyID 2037 * 2038 * @example 2039 * o = new KJUR.asn1.x509.SubjectKeyIdentifier(); 2040 * // set by hexadecimal string 2041 * o.setKIDByParam({hex: '1ad9...'}); 2042 * // set by SubjectPublicKeyInfo of PEM certificate string 2043 * o.setKIDByParam("-----BEGIN CERTIFICATE..."); 2044 * // set by PKCS#8 PEM public key string 2045 * o.setKIDByParam("-----BEGIN PUBLIC KEY..."); 2046 * // set by public key object 2047 * pubkey = KEYUTIL.getKey("-----BEGIN CERTIFICATE..."); 2048 * o.setKIDByParam(pubkey); 2049 */ 2050 this.setKIDByParam = function(param) { 2051 if (param.str !== undefined || 2052 param.hex !== undefined) { 2053 this.asn1KID = new _DEROctetString(param); 2054 } else if ((typeof param === "object" && 2055 KJUR.crypto.Util.isKey(param)) || 2056 (typeof param === "string" && 2057 param.indexOf("BEGIN") != -1)) { 2058 2059 var keyobj = param; 2060 if (typeof param === "string") { 2061 keyobj = KEYUTIL.getKey(param); 2062 } 2063 2064 var kid = KEYUTIL.getKeyID(keyobj); 2065 this.asn1KID = new KJUR.asn1.DEROctetString({hex: kid}); 2066 } 2067 }; 2068 2069 this.oid = "2.5.29.14"; 2070 if (params !== undefined) { 2071 if (params.kid !== undefined) { 2072 this.setKIDByParam(params.kid); 2073 } 2074 } 2075 }; 2076 extendClass(KJUR.asn1.x509.SubjectKeyIdentifier, KJUR.asn1.x509.Extension); 2077 2078 /** 2079 * AuthorityInfoAccess ASN.1 structure class 2080 * @name KJUR.asn1.x509.AuthorityInfoAccess 2081 * @class AuthorityInfoAccess ASN.1 structure class 2082 * @param {Array} params JSON object of AuthorityInfoAccess parameters 2083 * @extends KJUR.asn1.x509.Extension 2084 * @since asn1x509 1.0.8 2085 * @see {@link X509#getExtAuthorityInfoAccess} 2086 * @description 2087 * This class represents 2088 * <a href="https://tools.ietf.org/html/rfc5280#section-4.2.2.1"> 2089 * AuthorityInfoAccess extension defined in RFC 5280 4.2.2.1</a>. 2090 * <pre> 2091 * id-pe OBJECT IDENTIFIER ::= { id-pkix 1 } 2092 * id-pe-authorityInfoAccess OBJECT IDENTIFIER ::= { id-pe 1 } 2093 * AuthorityInfoAccessSyntax ::= 2094 * SEQUENCE SIZE (1..MAX) OF AccessDescription 2095 * AccessDescription ::= SEQUENCE { 2096 * accessMethod OBJECT IDENTIFIER, 2097 * accessLocation GeneralName } 2098 * id-ad OBJECT IDENTIFIER ::= { id-pkix 48 } 2099 * id-ad-caIssuers OBJECT IDENTIFIER ::= { id-ad 2 } 2100 * id-ad-ocsp OBJECT IDENTIFIER ::= { id-ad 1 } 2101 * </pre> 2102 * NOTE: Acceptable parameters have been changed since 2103 * from jsrsasign 9.0.0 asn1x509 2.0.0. 2104 * Parameter generated by {@link X509#getAuthorityInfoAccess} 2105 * can be accepted as a argument of this constructor. 2106 * @example 2107 * e1 = new KJUR.asn1.x509.AuthorityInfoAccess({ 2108 * array: [ 2109 * {ocsp: 'http://ocsp.example.org'}, 2110 * {caissuer: 'https://repository.example.org/aaa.crt'} 2111 * ] 2112 * }); 2113 */ 2114 KJUR.asn1.x509.AuthorityInfoAccess = function(params) { 2115 KJUR.asn1.x509.AuthorityInfoAccess.superclass.constructor.call(this, params); 2116 2117 this.setAccessDescriptionArray = function(aParam) { 2118 var aASN1 = new Array(), 2119 _KJUR = KJUR, 2120 _KJUR_asn1 = _KJUR.asn1, 2121 _DERSequence = _KJUR_asn1.DERSequence, 2122 _DERObjectIdentifier = _KJUR_asn1.DERObjectIdentifier, 2123 _GeneralName = _KJUR_asn1.x509.GeneralName; 2124 2125 for (var i = 0; i < aParam.length; i++) { 2126 var adseq; 2127 var adparam = aParam[i]; 2128 2129 if (adparam.ocsp !== undefined) { 2130 adseq = new _DERSequence({array: [ 2131 new _DERObjectIdentifier({oid: "1.3.6.1.5.5.7.48.1"}), 2132 new _GeneralName({uri: adparam.ocsp}) 2133 ]}); 2134 } else if (adparam.caissuer !== undefined) { 2135 adseq = new _DERSequence({array: [ 2136 new _DERObjectIdentifier({oid: "1.3.6.1.5.5.7.48.2"}), 2137 new _GeneralName({uri: adparam.caissuer}) 2138 ]}); 2139 } else { 2140 throw new Error("unknown AccessMethod parameter: " + 2141 JSON.stringify(adparam)); 2142 } 2143 aASN1.push(adseq); 2144 } 2145 this.asn1ExtnValue = new _DERSequence({'array':aASN1}); 2146 }; 2147 2148 this.getExtnValueHex = function() { 2149 return this.asn1ExtnValue.tohex(); 2150 }; 2151 2152 this.oid = "1.3.6.1.5.5.7.1.1"; 2153 if (params !== undefined) { 2154 if (params.array !== undefined) { 2155 this.setAccessDescriptionArray(params.array); 2156 } 2157 } 2158 }; 2159 extendClass(KJUR.asn1.x509.AuthorityInfoAccess, KJUR.asn1.x509.Extension); 2160 2161 /** 2162 * SubjectAltName ASN.1 structure class<br/> 2163 * @name KJUR.asn1.x509.SubjectAltName 2164 * @class SubjectAltName ASN.1 structure class 2165 * @param {Array} params associative array of parameters 2166 * @extends KJUR.asn1.x509.Extension 2167 * @since jsrsasign 6.2.3 asn1x509 1.0.19 2168 * @see KJUR.asn1.x509.GeneralNames 2169 * @see KJUR.asn1.x509.GeneralName 2170 * @description 2171 * This class provides X.509v3 SubjectAltName extension. 2172 * <pre> 2173 * id-ce-subjectAltName OBJECT IDENTIFIER ::= { id-ce 17 } 2174 * SubjectAltName ::= GeneralNames 2175 * GeneralNames ::= SEQUENCE SIZE (1..MAX) OF GeneralName 2176 * GeneralName ::= CHOICE { 2177 * otherName [0] OtherName, 2178 * rfc822Name [1] IA5String, 2179 * dNSName [2] IA5String, 2180 * x400Address [3] ORAddress, 2181 * directoryName [4] Name, 2182 * ediPartyName [5] EDIPartyName, 2183 * uniformResourceIdentifier [6] IA5String, 2184 * iPAddress [7] OCTET STRING, 2185 * registeredID [8] OBJECT IDENTIFIER } 2186 * </pre> 2187 * @example 2188 * e1 = new KJUR.asn1.x509.SubjectAltName({ 2189 * critical: true, 2190 * array: [{uri: 'http://aaa.com/'}, {uri: 'http://bbb.com/'}] 2191 * }); 2192 */ 2193 KJUR.asn1.x509.SubjectAltName = function(params) { 2194 KJUR.asn1.x509.SubjectAltName.superclass.constructor.call(this, params) 2195 2196 this.setNameArray = function(paramsArray) { 2197 this.asn1ExtnValue = new KJUR.asn1.x509.GeneralNames(paramsArray); 2198 }; 2199 2200 this.getExtnValueHex = function() { 2201 return this.asn1ExtnValue.tohex(); 2202 }; 2203 2204 this.oid = "2.5.29.17"; 2205 if (params !== undefined) { 2206 if (params.array !== undefined) { 2207 this.setNameArray(params.array); 2208 } 2209 } 2210 }; 2211 extendClass(KJUR.asn1.x509.SubjectAltName, KJUR.asn1.x509.Extension); 2212 2213 /** 2214 * IssuerAltName ASN.1 structure class<br/> 2215 * @name KJUR.asn1.x509.IssuerAltName 2216 * @class IssuerAltName ASN.1 structure class 2217 * @param {Array} params associative array of parameters 2218 * @extends KJUR.asn1.x509.Extension 2219 * @since jsrsasign 6.2.3 asn1x509 1.0.19 2220 * @see KJUR.asn1.x509.GeneralNames 2221 * @see KJUR.asn1.x509.GeneralName 2222 * @description 2223 * This class provides X.509v3 IssuerAltName extension. 2224 * <pre> 2225 * id-ce-subjectAltName OBJECT IDENTIFIER ::= { id-ce 18 } 2226 * IssuerAltName ::= GeneralNames 2227 * GeneralNames ::= SEQUENCE SIZE (1..MAX) OF GeneralName 2228 * GeneralName ::= CHOICE { 2229 * otherName [0] OtherName, 2230 * rfc822Name [1] IA5String, 2231 * dNSName [2] IA5String, 2232 * x400Address [3] ORAddress, 2233 * directoryName [4] Name, 2234 * ediPartyName [5] EDIPartyName, 2235 * uniformResourceIdentifier [6] IA5String, 2236 * iPAddress [7] OCTET STRING, 2237 * registeredID [8] OBJECT IDENTIFIER } 2238 * </pre> 2239 * @example 2240 * e1 = new KJUR.asn1.x509.IssuerAltName({ 2241 * critical: true, 2242 * array: [{uri: 'http://aaa.com/'}, {uri: 'http://bbb.com/'}] 2243 * }); 2244 */ 2245 KJUR.asn1.x509.IssuerAltName = function(params) { 2246 KJUR.asn1.x509.IssuerAltName.superclass.constructor.call(this, params) 2247 2248 this.setNameArray = function(paramsArray) { 2249 this.asn1ExtnValue = new KJUR.asn1.x509.GeneralNames(paramsArray); 2250 }; 2251 2252 this.getExtnValueHex = function() { 2253 return this.asn1ExtnValue.tohex(); 2254 }; 2255 2256 this.oid = "2.5.29.18"; 2257 if (params !== undefined) { 2258 if (params.array !== undefined) { 2259 this.setNameArray(params.array); 2260 } 2261 } 2262 }; 2263 extendClass(KJUR.asn1.x509.IssuerAltName, KJUR.asn1.x509.Extension); 2264 2265 /** 2266 * SubjectDirectoryAttributes ASN.1 structure class<br/> 2267 * @name KJUR.asn1.x509.SubjectDirectoryAttributes 2268 * @class SubjectDirectoryAttributes ASN.1 structure class 2269 * @param {Array} params associative array of parameters 2270 * @extends KJUR.asn1.x509.Extension 2271 * @since jsrsasign 10.1.9 asn1x509 2.1.7 2272 * @description 2273 * This class provides X.509v3 SubjectDirectoryAttributes extension 2274 * defined in <a href="https://tools.ietf.org/html/rfc3739#section-3.3.2"> 2275 * RFC 3739 Qualified Certificate Profile section 3.3.2</a>. 2276 * <pre> 2277 * SubjectDirectoryAttributes ::= Attributes 2278 * Attributes ::= SEQUENCE SIZE (1..MAX) OF Attribute 2279 * Attribute ::= SEQUENCE { 2280 * type AttributeType 2281 * values SET OF AttributeValue } 2282 * AttributeType ::= OBJECT IDENTIFIER 2283 * AttributeValue ::= ANY DEFINED BY AttributeType 2284 * </pre> 2285 * @example 2286 * e1 = new KJUR.asn1.x509.SubjectDirectoryAttributes({ 2287 * extname: "subjectDirectoryAttributes", 2288 * array: [ 2289 * { attr: "dateOfBirth", str: "19701231230000Z" }, 2290 * { attr: "placeOfBirth", str: "Tokyo" }, 2291 * { attr: "gender", str: "F" }, 2292 * { attr: "countryOfCitizenship", str: "JP" }, 2293 * { attr: "countryOfResidence", str: "JP" } 2294 * ] 2295 * }); 2296 */ 2297 KJUR.asn1.x509.SubjectDirectoryAttributes = function(params) { 2298 KJUR.asn1.x509.SubjectDirectoryAttributes.superclass.constructor.call(this, params); 2299 var _KJUR_asn1 = KJUR.asn1, 2300 _DERSequence = _KJUR_asn1.DERSequence, 2301 _newObject = _KJUR_asn1.ASN1Util.newObject, 2302 _name2oid = _KJUR_asn1.x509.OID.name2oid; 2303 2304 this.params = null; 2305 2306 this.getExtnValueHex = function() { 2307 var a = []; 2308 for (var i = 0; i < this.params.array.length; i++) { 2309 var pAttr = this.params.array[i]; 2310 2311 var newparam = { 2312 "seq": [ 2313 {"oid": "1.2.3.4"}, 2314 {"set": [{"utf8str": "DE"}]} 2315 ] 2316 }; 2317 2318 if (pAttr.attr == "dateOfBirth") { 2319 newparam.seq[0].oid = _name2oid(pAttr.attr); 2320 newparam.seq[1].set[0] = {"gentime": pAttr.str}; 2321 } else if (pAttr.attr == "placeOfBirth") { 2322 newparam.seq[0].oid = _name2oid(pAttr.attr); 2323 newparam.seq[1].set[0] = {"utf8str": pAttr.str}; 2324 } else if (pAttr.attr == "gender") { 2325 newparam.seq[0].oid = _name2oid(pAttr.attr); 2326 newparam.seq[1].set[0] = {"prnstr": pAttr.str}; 2327 } else if (pAttr.attr == "countryOfCitizenship") { 2328 newparam.seq[0].oid = _name2oid(pAttr.attr); 2329 newparam.seq[1].set[0] = {"prnstr": pAttr.str}; 2330 } else if (pAttr.attr == "countryOfResidence") { 2331 newparam.seq[0].oid = _name2oid(pAttr.attr); 2332 newparam.seq[1].set[0] = {"prnstr": pAttr.str}; 2333 } else { 2334 throw new Error("unsupported attribute: " + pAttr.attr); 2335 } 2336 a.push(new _newObject(newparam)); 2337 } 2338 var seq = new _DERSequence({array: a}); 2339 this.asn1ExtnValue = seq; 2340 return this.asn1ExtnValue.tohex(); 2341 }; 2342 2343 this.oid = "2.5.29.9"; 2344 if (params !== undefined) { 2345 this.params = params; 2346 } 2347 }; 2348 extendClass(KJUR.asn1.x509.SubjectDirectoryAttributes, KJUR.asn1.x509.Extension); 2349 2350 2351 /** 2352 * priavte extension ASN.1 structure class<br/> 2353 * @name KJUR.asn1.x509.PrivateExtension 2354 * @class private extension ASN.1 structure class 2355 * @param {Array} params JSON object of private extension 2356 * @extends KJUR.asn1.x509.Extension 2357 * @since jsrsasign 9.1.1 asn1x509 2358 * @see KJUR.asn1.ASN1Util.newObject 2359 * 2360 * @description 2361 * This class is to represent private extension or 2362 * unsupported extension. 2363 * <pre> 2364 * Extension ::= SEQUENCE { 2365 * extnID OBJECT IDENTIFIER, 2366 * critical BOOLEAN DEFAULT FALSE, 2367 * extnValue OCTET STRING } 2368 * </pre> 2369 * Following properties can be set for JSON parameter: 2370 * <ul> 2371 * <li>{String}extname - string of OID or predefined extension name</li> 2372 * <li>{Boolean}critical - critical flag</li> 2373 * <li>{Object}extn - hexadecimal string or 2374 * of {@link KJUR.asn1.ASN1Util.newObject} 2375 * JSON parameter for extnValue field</li> 2376 * </li> 2377 * </ul> 2378 * 2379 * @example 2380 * // extn by hexadecimal 2381 * new KJUR.asn1.x509.PrivateExtension({ 2382 * extname: "1.2.3.4", 2383 * critical: true, 2384 * extn: "13026161" // means PrintableString "aa" 2385 * }); 2386 * 2387 * // extn by JSON parameter 2388 * new KJUR.asn1.x509.PrivateExtension({ 2389 * extname: "1.2.3.5", 2390 * extn: {seq: [{prnstr:"abc"},{utf8str:"def"}]} 2391 * }); 2392 */ 2393 KJUR.asn1.x509.PrivateExtension = function(params) { 2394 KJUR.asn1.x509.PrivateExtension.superclass.constructor.call(this, params) 2395 2396 var _KJUR = KJUR, 2397 _isHex = _KJUR.lang.String.isHex, 2398 _KJUR_asn1 = _KJUR.asn1, 2399 _name2oid = _KJUR_asn1.x509.OID.name2oid, 2400 _newObject = _KJUR_asn1.ASN1Util.newObject; 2401 2402 this.params = null; 2403 2404 this.setByParam = function(params) { 2405 this.oid = _name2oid(params.extname); 2406 this.params = params; 2407 }; 2408 2409 this.getExtnValueHex = function() { 2410 if (this.params.extname == undefined || 2411 this.params.extn == undefined) { 2412 throw new Error("extname or extnhex not specified"); 2413 } 2414 2415 var extn = this.params.extn; 2416 if (typeof extn == "string" && _isHex(extn)) { 2417 return extn; 2418 } else if (typeof extn == "object") { 2419 try { 2420 return _newObject(extn).tohex(); 2421 } catch(ex) {} 2422 } 2423 throw new Error("unsupported extn value"); 2424 }; 2425 2426 if (params != undefined) { 2427 this.setByParam(params); 2428 } 2429 }; 2430 extendClass(KJUR.asn1.x509.PrivateExtension, KJUR.asn1.x509.Extension); 2431 2432 // === END X.509v3 Extensions Related ======================================= 2433 2434 // === BEGIN CRL Related =================================================== 2435 /** 2436 * X.509 CRL class to sign and generate hex encoded CRL<br/> 2437 * @name KJUR.asn1.x509.CRL 2438 * @class X.509 CRL class to sign and generate hex encoded certificate 2439 * @property {Array} params JSON object of parameters 2440 * @param {Array} params JSON object of CRL parameters 2441 * @extends KJUR.asn1.ASN1Object 2442 * @since 1.0.3 2443 * @see KJUR.asn1.x509.TBSCertList 2444 * 2445 * @description 2446 * This class represents CertificateList ASN.1 structur of X.509 CRL 2447 * defined in <a href="https://tools.ietf.org/html/rfc5280#section-5.1"> 2448 * RFC 5280 5.1</a> 2449 * <pre> 2450 * CertificateList ::= SEQUENCE { 2451 * tbsCertList TBSCertList, 2452 * signatureAlgorithm AlgorithmIdentifier, 2453 * signatureValue BIT STRING } 2454 * </pre> 2455 * NOTE: CRL class is updated without backward 2456 * compatibility from jsrsasign 9.1.0 asn1x509 2.1.0. 2457 * Most of methods are removed and parameters can be set 2458 * by JSON object. 2459 * <br/> 2460 * Constructor of this class can accept all 2461 * parameters of {@link KJUR.asn1.x509.TBSCertList}. 2462 * It also accept following parameters additionally: 2463 * <ul> 2464 * <li>{TBSCertList}tbsobj (OPTION) - 2465 * specifies {@link KJUR.asn1.x509.TBSCertList} 2466 * object to be signed if needed. 2467 * When this isn't specified, 2468 * this will be set from other parametes of TBSCertList.</li> 2469 * <li>{Object}cakey (OPTION) - specifies CRL signing private key. 2470 * Parameter "cakey" or "sighex" shall be specified. Following 2471 * values can be specified: 2472 * <ul> 2473 * <li>PKCS#1/5 or PKCS#8 PEM string of private key</li> 2474 * <li>RSAKey/DSA/ECDSA key object. {@link KEYUTIL.getKey} is useful 2475 * to generate a key object.</li> 2476 * </ul> 2477 * </li> 2478 * <li>{String}sighex (OPTION) - hexadecimal string of signature value 2479 * (i.e. ASN.1 value(V) of signatureValue BIT STRING without 2480 * unused bits)</li> 2481 * </ul> 2482 * 2483 * @example 2484 * var crl = new KJUR.asn1.x509.CRL({ 2485 * sigalg: "SHA256withRSA", 2486 * issuer: {str:'/C=JP/O=Test1'}, 2487 * thisupdate: "200821235959Z", 2488 * nextupdate: "200828235959Z", // OPTION 2489 * revcert: [{sn: {hex: "12ab"}, date: "200401235959Z"}], 2490 * ext: [ 2491 * {extname: "cRLNumber", num: {'int': 8}}, 2492 * {extname: "authorityKeyIdentifier", "kid": {hex: "12ab"}} 2493 * ], 2494 * cakey: prvkey 2495 * }); 2496 * crl.gettohex() → "30..." 2497 * crl.getPEM() → "-----BEGIN X509 CRL..." 2498 */ 2499 KJUR.asn1.x509.CRL = function(params) { 2500 KJUR.asn1.x509.CRL.superclass.constructor.call(this); 2501 var _KJUR = KJUR, 2502 _KJUR_asn1 = _KJUR.asn1, 2503 _DERSequence = _KJUR_asn1.DERSequence, 2504 _DERBitString = _KJUR_asn1.DERBitString, 2505 _KJUR_asn1_x509 = _KJUR_asn1.x509, 2506 _AlgorithmIdentifier = _KJUR_asn1_x509.AlgorithmIdentifier, 2507 _TBSCertList = _KJUR_asn1_x509.TBSCertList; 2508 2509 this.params = undefined; 2510 2511 this.setByParam = function(params) { 2512 this.params = params; 2513 }; 2514 2515 /** 2516 * sign CRL<br/> 2517 * @name sign 2518 * @memberOf KJUR.asn1.x509.CRL# 2519 * @function 2520 * @description 2521 * This method signs TBSCertList with a specified 2522 * private key and algorithm by 2523 * this.params.cakey and this.params.sigalg parameter. 2524 * @example 2525 * crl = new KJUR.asn1.x509.CRL({..., cakey:prvkey}); 2526 * crl.sign() 2527 */ 2528 this.sign = function() { 2529 var hTBSCL = (new _TBSCertList(this.params)).tohex(); 2530 var sig = new KJUR.crypto.Signature({alg: this.params.sigalg}); 2531 sig.init(this.params.cakey); 2532 sig.updateHex(hTBSCL); 2533 var sighex = sig.sign(); 2534 this.params.sighex = sighex; 2535 }; 2536 2537 /** 2538 * get PEM formatted CRL string after signed<br/> 2539 * @name getPEM 2540 * @memberOf KJUR.asn1.x509.CRL# 2541 * @function 2542 * @return PEM formatted string of CRL 2543 * @since jsrsasign 9.1.0 asn1hex 2.1.0 2544 * @description 2545 * This method returns a string of PEM formatted 2546 * CRL. 2547 * @example 2548 * crl = new KJUR.asn1.x509.CRL({...}); 2549 * crl.getPEM() → 2550 * "-----BEGIN X509 CRL-----\r\n..." 2551 */ 2552 this.getPEM = function() { 2553 return hextopem(this.tohex(), "X509 CRL"); 2554 }; 2555 2556 this.tohex = function() { 2557 var params = this.params; 2558 2559 if (params.tbsobj == undefined) { 2560 params.tbsobj = new _TBSCertList(params); 2561 } 2562 2563 if (params.sighex == undefined && params.cakey != undefined) { 2564 this.sign(); 2565 } 2566 2567 if (params.sighex == undefined) { 2568 throw new Error("sighex or cakey parameter not defined"); 2569 } 2570 2571 var a = []; 2572 a.push(params.tbsobj); 2573 a.push(new _AlgorithmIdentifier({name: params.sigalg})); 2574 a.push(new _DERBitString({hex: "00" + params.sighex})); 2575 var seq = new _DERSequence({array: a}); 2576 return seq.tohex(); 2577 }; 2578 this.getEncodedHex = function() { return this.tohex(); }; 2579 2580 if (params != undefined) this.params = params; 2581 }; 2582 extendClass(KJUR.asn1.x509.CRL, KJUR.asn1.ASN1Object); 2583 2584 /** 2585 * ASN.1 TBSCertList ASN.1 structure class for CRL<br/> 2586 * @name KJUR.asn1.x509.TBSCertList 2587 * @class TBSCertList ASN.1 structure class for CRL 2588 * @property {Array} params JSON object of parameters 2589 * @param {Array} params JSON object of TBSCertList parameters 2590 * @extends KJUR.asn1.ASN1Object 2591 * @since 1.0.3 2592 * 2593 * @description 2594 * This class represents TBSCertList of CRL defined in 2595 * <a href="https://tools.ietf.org/html/rfc5280#section-5.1"> 2596 * RFC 5280 5.1</a>. 2597 * <pre> 2598 * TBSCertList ::= SEQUENCE { 2599 * version Version OPTIONAL, 2600 * -- if present, MUST be v2 2601 * signature AlgorithmIdentifier, 2602 * issuer Name, 2603 * thisUpdate Time, 2604 * nextUpdate Time OPTIONAL, 2605 * revokedCertificates SEQUENCE OF SEQUENCE { 2606 * userCertificate CertificateSerialNumber, 2607 * revocationDate Time, 2608 * crlEntryExtensions Extensions OPTIONAL 2609 * -- if present, version MUST be v2 2610 * } OPTIONAL, 2611 * crlExtensions [0] EXPLICIT Extensions OPTIONAL 2612 * } 2613 * </pre> 2614 * NOTE: TBSCertList class is updated without backward 2615 * compatibility from jsrsasign 9.1.0 asn1x509 2.1.0. 2616 * Most of methods are removed and parameters can be set 2617 * by JSON object. 2618 * <br/> 2619 * Constructor of this class may have following parameters: 2620 * <ul> 2621 * <li>{Integer}version (OPTION) - version number. Omitted by default.</li> 2622 * <li>{String}sigalg - signature algorithm name</li> 2623 * <li>{Array}issuer - issuer parameter of {@link KJUR.asn1.x509.X500Name}</li> 2624 * <li>{String}thisupdate - thisUpdate field value</li> 2625 * <li>{String}nextupdate (OPTION) - thisUpdate field value</li> 2626 * <li>{Array}revcert (OPTION) - revokedCertificates field value as array 2627 * Its element may have following property: 2628 * <ul> 2629 * <li>{Array}sn - serialNumber of userCertificate field specified 2630 * by {@link KJUR.asn1.DERInteger}</li> 2631 * <li>{String}date - revocationDate field specified by 2632 * a string of {@link KJUR.asn1.x509.Time} parameter</li> 2633 * <li>{Array}ext (OPTION) - array of CRL entry extension parameter</li> 2634 * </ul> 2635 * </li> 2636 * </ul> 2637 * 2638 * @example 2639 * var o = new KJUR.asn1.x509.TBSCertList({ 2640 * sigalg: "SHA256withRSA", 2641 * issuer: {array: [[{type:'C',value:'JP',ds:'prn'}], 2642 * [{type:'O',value:'T1',ds:'prn'}]]}, 2643 * thisupdate: "200821235959Z", 2644 * nextupdate: "200828235959Z", // OPTION 2645 * revcert: [ 2646 * {sn: {hex: "12ab"}, date: "200401235959Z", ext: [{extname: "cRLReason", code:1}]}, 2647 * {sn: {hex: "12bc"}, date: "200405235959Z", ext: [{extname: "cRLReason", code:2}]} 2648 * ], 2649 * ext: [ 2650 * {extname: "cRLNumber", num: {'int': 8}}, 2651 * {extname: "authorityKeyIdentifier", "kid": {hex: "12ab"}} 2652 * ] 2653 * }); 2654 * o.tohex() → "30..." 2655 */ 2656 KJUR.asn1.x509.TBSCertList = function(params) { 2657 KJUR.asn1.x509.TBSCertList.superclass.constructor.call(this); 2658 var _KJUR = KJUR, 2659 _KJUR_asn1 = _KJUR.asn1, 2660 _DERInteger = _KJUR_asn1.DERInteger, 2661 _DERSequence = _KJUR_asn1.DERSequence, 2662 _DERTaggedObject = _KJUR_asn1.DERTaggedObject, 2663 _DERObjectIdentifier = _KJUR_asn1.DERObjectIdentifier, 2664 _KJUR_asn1_x509 = _KJUR_asn1.x509, 2665 _AlgorithmIdentifier = _KJUR_asn1_x509.AlgorithmIdentifier, 2666 _Time = _KJUR_asn1_x509.Time, 2667 _Extensions = _KJUR_asn1_x509.Extensions, 2668 _X500Name = _KJUR_asn1_x509.X500Name; 2669 this.params = null; 2670 2671 /** 2672 * get array of ASN.1 object for extensions<br/> 2673 * @name setByParam 2674 * @memberOf KJUR.asn1.x509.TBSCertList# 2675 * @function 2676 * @param {Array} JSON object of TBSCertList parameters 2677 * @example 2678 * tbsc = new KJUR.asn1.x509.TBSCertificate(); 2679 * tbsc.setByParam({version:3, serial:{hex:'1234...'},...}); 2680 */ 2681 this.setByParam = function(params) { 2682 this.params = params; 2683 }; 2684 2685 /** 2686 * get DERSequence for revokedCertificates<br/> 2687 * @name getRevCertSequence 2688 * @memberOf KJUR.asn1.x509.TBSCertList# 2689 * @function 2690 * @return {@link KJUR.asn1.DERSequence} of revokedCertificates 2691 */ 2692 this.getRevCertSequence = function() { 2693 var a = []; 2694 var aRevCert = this.params.revcert; 2695 for (var i = 0; i < aRevCert.length; i++) { 2696 var aEntry = [ 2697 new _DERInteger(aRevCert[i].sn), 2698 new _Time(aRevCert[i].date) 2699 ]; 2700 if (aRevCert[i].ext != undefined) { 2701 aEntry.push(new _Extensions(aRevCert[i].ext)); 2702 } 2703 a.push(new _DERSequence({array: aEntry})); 2704 } 2705 return new _DERSequence({array: a}); 2706 }; 2707 2708 this.tohex = function() { 2709 var a = []; 2710 var params = this.params; 2711 2712 if (params.version != undefined) { 2713 var version = params.version - 1; 2714 var obj = new _DERInteger({'int': version}); 2715 a.push(obj); 2716 } 2717 2718 a.push(new _AlgorithmIdentifier({name: params.sigalg})); 2719 a.push(new _X500Name(params.issuer)); 2720 a.push(new _Time(params.thisupdate)); 2721 if (params.nextupdate != undefined) 2722 a.push(new _Time(params.nextupdate)) 2723 if (params.revcert != undefined) { 2724 a.push(this.getRevCertSequence()); 2725 } 2726 if (params.ext != undefined) { 2727 var dExt = new _Extensions(params.ext); 2728 a.push(new _DERTaggedObject({tag:'a0', 2729 explicit:true, 2730 obj:dExt})); 2731 } 2732 2733 var seq = new _DERSequence({array: a}); 2734 return seq.tohex(); 2735 }; 2736 this.getEncodedHex = function() { return this.tohex(); }; 2737 2738 if (params !== undefined) this.setByParam(params); 2739 }; 2740 extendClass(KJUR.asn1.x509.TBSCertList, KJUR.asn1.ASN1Object); 2741 2742 /** 2743 * ASN.1 CRLEntry structure class for CRL (DEPRECATED)<br/> 2744 * @name KJUR.asn1.x509.CRLEntry 2745 * @class ASN.1 CRLEntry structure class for CRL 2746 * @param {Array} params JSON object for CRL entry parameter 2747 * @extends KJUR.asn1.ASN1Object 2748 * @since 1.0.3 2749 * @see KJUR.asn1.x509.TBSCertList 2750 * @deprecated since jsrsasign 9.1.0 asn1x509 2.1.0 2751 * @description 2752 * This class is to represent revokedCertificate in TBSCertList. 2753 * However this is no more used by TBSCertList since 2754 * jsrsasign 9.1.0. So this class have been deprecated in 2755 * jsrsasign 9.1.0. 2756 * <pre> 2757 * revokedCertificates SEQUENCE OF SEQUENCE { 2758 * userCertificate CertificateSerialNumber, 2759 * revocationDate Time, 2760 * crlEntryExtensions Extensions OPTIONAL 2761 * -- if present, version MUST be v2 } 2762 * </pre> 2763 * @example 2764 * var e = new KJUR.asn1.x509.CRLEntry({'time': {'str': '130514235959Z'}, 'sn': {'int': 234}}); 2765 */ 2766 KJUR.asn1.x509.CRLEntry = function(params) { 2767 KJUR.asn1.x509.CRLEntry.superclass.constructor.call(this); 2768 var sn = null, 2769 time = null, 2770 _KJUR = KJUR, 2771 _KJUR_asn1 = _KJUR.asn1; 2772 2773 /** 2774 * set DERInteger parameter for serial number of revoked certificate 2775 * @name setCertSerial 2776 * @memberOf KJUR.asn1.x509.CRLEntry 2777 * @function 2778 * @param {Array} intParam DERInteger parameter for certificate serial number 2779 * @description 2780 * @example 2781 * entry.setCertSerial({'int': 3}); 2782 */ 2783 this.setCertSerial = function(intParam) { 2784 this.sn = new _KJUR_asn1.DERInteger(intParam); 2785 }; 2786 2787 /** 2788 * set Time parameter for revocation date 2789 * @name setRevocationDate 2790 * @memberOf KJUR.asn1.x509.CRLEntry 2791 * @function 2792 * @param {Array} timeParam Time parameter for revocation date 2793 * @description 2794 * @example 2795 * entry.setRevocationDate({'str': '130508235959Z'}); 2796 */ 2797 this.setRevocationDate = function(timeParam) { 2798 this.time = new _KJUR_asn1.x509.Time(timeParam); 2799 }; 2800 2801 this.tohex = function() { 2802 var o = new _KJUR_asn1.DERSequence({"array": [this.sn, this.time]}); 2803 this.TLV = o.tohex(); 2804 return this.TLV; 2805 }; 2806 this.getEncodedHex = function() { return this.tohex(); }; 2807 2808 if (params !== undefined) { 2809 if (params.time !== undefined) { 2810 this.setRevocationDate(params.time); 2811 } 2812 if (params.sn !== undefined) { 2813 this.setCertSerial(params.sn); 2814 } 2815 } 2816 }; 2817 extendClass(KJUR.asn1.x509.CRLEntry, KJUR.asn1.ASN1Object); 2818 2819 /** 2820 * CRLNumber CRL extension ASN.1 structure class<br/> 2821 * @name KJUR.asn1.x509.CRLNumber 2822 * @class CRLNumber CRL extension ASN.1 structure class 2823 * @extends KJUR.asn1.x509.Extension 2824 * @since jsrsasign 9.1.0 asn1x509 2.1.0 2825 * @see KJUR.asn1.x509.TBSCertList 2826 * @see KJUR.asn1.x509.Extensions 2827 * @description 2828 * This class represents ASN.1 structure for 2829 * CRLNumber CRL extension defined in 2830 * <a href="https://tools.ietf.org/html/rfc5280#section-5.2.3"> 2831 * RFC 5280 5.2.3</a>. 2832 * <pre> 2833 * id-ce-cRLNumber OBJECT IDENTIFIER ::= { id-ce 20 } 2834 * CRLNumber ::= INTEGER (0..MAX) 2835 * </pre> 2836 * Constructor of this class may have following parameters: 2837 * <ul> 2838 * <li>{String}extname - name "cRLNumber". It is ignored in this class but 2839 * required to use with {@link KJUR.asn1.x509.Extensions} class. (OPTION)</li> 2840 * <li>{Object}num - CRLNumber value to specify 2841 * {@link KJUR.asn1.DERInteger} parameter.</li> 2842 * <li>{Boolean}critical - critical flag. Generally false and not specified 2843 * in this class.(OPTION)</li> 2844 * </ul> 2845 * 2846 * @example 2847 * new KJUR.asn1.x509.CRLNumber({extname:'cRLNumber', 2848 * num:{'int':147}}) 2849 */ 2850 KJUR.asn1.x509.CRLNumber = function(params) { 2851 KJUR.asn1.x509.CRLNumber.superclass.constructor.call(this, params); 2852 this.params = undefined; 2853 2854 this.getExtnValueHex = function() { 2855 this.asn1ExtnValue = new KJUR.asn1.DERInteger(this.params.num); 2856 return this.asn1ExtnValue.tohex(); 2857 }; 2858 2859 this.oid = "2.5.29.20"; 2860 if (params != undefined) this.params = params; 2861 }; 2862 extendClass(KJUR.asn1.x509.CRLNumber, KJUR.asn1.x509.Extension); 2863 2864 /** 2865 * CRLReason CRL entry extension ASN.1 structure class<br/> 2866 * @name KJUR.asn1.x509.CRLReason 2867 * @class CRLReason CRL entry extension ASN.1 structure class 2868 * @extends KJUR.asn1.x509.Extension 2869 * @since jsrsasign 9.1.0 asn1x509 2.1.0 2870 * @see KJUR.asn1.x509.TBSCertList 2871 * @see KJUR.asn1.x509.Extensions 2872 * @description 2873 * This class represents ASN.1 structure for 2874 * CRLReason CRL entry extension defined in 2875 * <a href="https://tools.ietf.org/html/rfc5280#section-5.3.1"> 2876 * RFC 5280 5.3.1</a> 2877 * <pre> 2878 * id-ce-cRLReasons OBJECT IDENTIFIER ::= { id-ce 21 } 2879 * -- reasonCode ::= { CRLReason } 2880 * CRLReason ::= ENUMERATED { 2881 * unspecified (0), 2882 * keyCompromise (1), 2883 * cACompromise (2), 2884 * affiliationChanged (3), 2885 * superseded (4), 2886 * cessationOfOperation (5), 2887 * certificateHold (6), 2888 * removeFromCRL (8), 2889 * privilegeWithdrawn (9), 2890 * aACompromise (10) } 2891 * </pre> 2892 * Constructor of this class may have following parameters: 2893 * <ul> 2894 * <li>{String}extname - name "cRLReason". It is ignored in this class but 2895 * required to use with {@link KJUR.asn1.x509.Extensions} class. (OPTION)</li> 2896 * <li>{Integer}code - reasonCode value</li> 2897 * <li>{Boolean}critical - critical flag. Generally false and not specified 2898 * in this class.(OPTION)</li> 2899 * </ul> 2900 * 2901 * @example 2902 * new KJUR.asn1.x509.CRLReason({extname:'cRLReason',code:4}) 2903 */ 2904 KJUR.asn1.x509.CRLReason = function(params) { 2905 KJUR.asn1.x509.CRLReason.superclass.constructor.call(this, params); 2906 this.params = undefined; 2907 2908 this.getExtnValueHex = function() { 2909 this.asn1ExtnValue = new KJUR.asn1.DEREnumerated(this.params.code); 2910 return this.asn1ExtnValue.tohex(); 2911 }; 2912 2913 this.oid = "2.5.29.21"; 2914 if (params != undefined) this.params = params; 2915 }; 2916 extendClass(KJUR.asn1.x509.CRLReason, KJUR.asn1.x509.Extension); 2917 2918 // === END CRL Related =================================================== 2919 2920 // === BEGIN OCSP Related =================================================== 2921 /** 2922 * Nonce OCSP extension ASN.1 structure class<br/> 2923 * @name KJUR.asn1.x509.OCSPNonce 2924 * @class Nonce OCSP extension ASN.1 structure class 2925 * @extends KJUR.asn1.x509.Extension 2926 * @since jsrsasign 9.1.6 asn1x509 2.1.2 2927 * @param {Array} params JSON object for Nonce extension 2928 * @see KJUR.asn1.ocsp.ResponseData 2929 * @see KJUR.asn1.x509.Extensions 2930 * @see X509#getExtOCSPNonce 2931 * @description 2932 * This class represents 2933 * Nonce OCSP extension value defined in 2934 * <a href="https://tools.ietf.org/html/rfc6960#section-4.4.1"> 2935 * RFC 6960 4.4.1</a> as JSON object. 2936 * <pre> 2937 * id-pkix-ocsp OBJECT IDENTIFIER ::= { id-ad-ocsp } 2938 * id-pkix-ocsp-nonce OBJECT IDENTIFIER ::= { id-pkix-ocsp 2 } 2939 * Nonce ::= OCTET STRING 2940 * </pre> 2941 * Constructor of this class may have following parameters: 2942 * <ul> 2943 * <li>{String}extname - name "ocspNonce". It is ignored in this class but 2944 * required to use with {@link KJUR.asn1.x509.Extensions} class. (OPTION)</li> 2945 * <li>{String}hex - hexadecimal string of nonce value</li> 2946 * <li>{Number}int - integer of nonce value. "hex" or "int" needs to be 2947 * specified.</li> 2948 * <li>{Boolean}critical - critical flag. Generally false and not specified 2949 * in this class.(OPTION)</li> 2950 * </ul> 2951 * 2952 * @example 2953 * new KJUR.asn1.x509.OCSPNonce({extname:'ocspNonce', 2954 * hex: '12ab...'}) 2955 */ 2956 KJUR.asn1.x509.OCSPNonce = function(params) { 2957 KJUR.asn1.x509.OCSPNonce.superclass.constructor.call(this, params); 2958 this.params = undefined; 2959 2960 this.getExtnValueHex = function() { 2961 this.asn1ExtnValue = new KJUR.asn1.DEROctetString(this.params); 2962 return this.asn1ExtnValue.tohex(); 2963 }; 2964 2965 this.oid = "1.3.6.1.5.5.7.48.1.2"; 2966 if (params != undefined) this.params = params; 2967 }; 2968 extendClass(KJUR.asn1.x509.OCSPNonce, KJUR.asn1.x509.Extension); 2969 2970 /** 2971 * OCSPNoCheck certificate ASN.1 structure class<br/> 2972 * @name KJUR.asn1.x509.OCSPNoCheck 2973 * @class OCSPNoCheck extension ASN.1 structure class 2974 * @extends KJUR.asn1.x509.Extension 2975 * @since jsrsasign 9.1.6 asn1x509 2.1.2 2976 * @param {Array} params JSON object for OCSPNoCheck extension 2977 * @see KJUR.asn1.x509.Extensions 2978 * @see X509#getExtOCSPNoCheck 2979 * @description 2980 * This class represents 2981 * OCSPNoCheck extension value defined in 2982 * <a href="https://tools.ietf.org/html/rfc6960#section-4.2.2.2.1"> 2983 * RFC 6960 4.2.2.2.1</a> as JSON object. 2984 * <pre> 2985 * id-pkix-ocsp-nocheck OBJECT IDENTIFIER ::= { id-pkix-ocsp 5 } 2986 * </pre> 2987 * Constructor of this class may have following parameters: 2988 * <ul> 2989 * <li>{String}extname - name "ocspNoCheck". It is ignored in this class but 2990 * required to use with {@link KJUR.asn1.x509.Extensions} class. (OPTION)</li> 2991 * <li>{Boolean}critical - critical flag. Generally false and not specified 2992 * in this class.(OPTION)</li> 2993 * </ul> 2994 * 2995 * @example 2996 * new KJUR.asn1.x509.OCSPNonce({extname:'ocspNoCheck'}) 2997 */ 2998 KJUR.asn1.x509.OCSPNoCheck = function(params) { 2999 KJUR.asn1.x509.OCSPNoCheck.superclass.constructor.call(this, params); 3000 this.params = undefined; 3001 3002 this.getExtnValueHex = function() { 3003 this.asn1ExtnValue = new KJUR.asn1.DERNull(); 3004 return this.asn1ExtnValue.tohex(); 3005 }; 3006 3007 this.oid = "1.3.6.1.5.5.7.48.1.5"; 3008 if (params != undefined) this.params = params; 3009 }; 3010 extendClass(KJUR.asn1.x509.OCSPNoCheck, KJUR.asn1.x509.Extension); 3011 3012 // === END OCSP Related =================================================== 3013 3014 // === BEGIN Other X.509v3 Extensions======================================== 3015 3016 /** 3017 * AdobeTimeStamp X.509v3 extension ASN.1 encoder class<br/> 3018 * @name KJUR.asn1.x509.AdobeTimeStamp 3019 * @class AdobeTimeStamp X.509v3 extension ASN.1 encoder class 3020 * @extends KJUR.asn1.x509.Extension 3021 * @since jsrsasign 10.0.1 asn1x509 2.1.4 3022 * @param {Array} params JSON object for AdobeTimeStamp extension parameter 3023 * @see KJUR.asn1.x509.Extensions 3024 * @see X509#getExtAdobeTimeStamp 3025 * @description 3026 * This class represents 3027 * AdobeTimeStamp X.509v3 extension value defined in 3028 * <a href="https://www.adobe.com/devnet-docs/acrobatetk/tools/DigSigDC/oids.html"> 3029 * Adobe site</a> as JSON object. 3030 * <pre> 3031 * adbe- OBJECT IDENTIFIER ::= { adbe(1.2.840.113583) acrobat(1) security(1) x509Ext(9) 1 } 3032 * ::= SEQUENCE { 3033 * version INTEGER { v1(1) }, -- extension version 3034 * location GeneralName (In v1 GeneralName can be only uniformResourceIdentifier) 3035 * requiresAuth boolean (default false), OPTIONAL } 3036 * </pre> 3037 * Constructor of this class may have following parameters: 3038 * <ul> 3039 * <li>{String}uri - RFC 3161 time stamp service URL</li> 3040 * <li>{Boolean}reqauth - authentication required or not</li> 3041 * </ul> 3042 * </pre> 3043 * <br/> 3044 * NOTE: This extesion doesn't seem to have official name. This may be called as "pdfTimeStamp". 3045 * @example 3046 * new KJUR.asn1.x509.AdobeTimesStamp({ 3047 * uri: "http://tsa.example.com/", 3048 * reqauth: true 3049 * } 3050 */ 3051 KJUR.asn1.x509.AdobeTimeStamp = function(params) { 3052 KJUR.asn1.x509.AdobeTimeStamp.superclass.constructor.call(this, params); 3053 3054 var _KJUR = KJUR, 3055 _KJUR_asn1 = _KJUR.asn1, 3056 _DERInteger = _KJUR_asn1.DERInteger, 3057 _DERBoolean = _KJUR_asn1.DERBoolean, 3058 _DERSequence = _KJUR_asn1.DERSequence, 3059 _GeneralName = _KJUR_asn1.x509.GeneralName; 3060 3061 this.params = null; 3062 3063 this.getExtnValueHex = function() { 3064 var params = this.params; 3065 var a = [new _DERInteger(1)]; 3066 a.push(new _GeneralName({uri: params.uri})); 3067 if (params.reqauth != undefined) { 3068 a.push(new _DERBoolean(params.reqauth)); 3069 } 3070 3071 this.asn1ExtnValue = new _DERSequence({array: a}); 3072 return this.asn1ExtnValue.tohex(); 3073 }; 3074 3075 this.oid = "1.2.840.113583.1.1.9.1"; 3076 if (params !== undefined) this.setByParam(params); 3077 }; 3078 extendClass(KJUR.asn1.x509.AdobeTimeStamp, KJUR.asn1.x509.Extension); 3079 3080 // === END Other X.509v3 Extensions======================================== 3081 3082 3083 // === BEGIN X500Name Related ================================================= 3084 /** 3085 * X500Name ASN.1 structure class 3086 * @name KJUR.asn1.x509.X500Name 3087 * @class X500Name ASN.1 structure class 3088 * @param {Array} params associative array of parameters (ex. {'str': '/C=US/O=a'}) 3089 * @extends KJUR.asn1.ASN1Object 3090 * @see KJUR.asn1.x509.X500Name 3091 * @see KJUR.asn1.x509.RDN 3092 * @see KJUR.asn1.x509.AttributeTypeAndValue 3093 * @see X509#getX500Name 3094 * @description 3095 * This class provides DistinguishedName ASN.1 class structure 3096 * defined in <a href="https://tools.ietf.org/html/rfc2253#section-2">RFC 2253 section 2</a>. 3097 * <blockquote><pre> 3098 * DistinguishedName ::= RDNSequence 3099 * RDNSequence ::= SEQUENCE OF RelativeDistinguishedName 3100 * RelativeDistinguishedName ::= SET SIZE (1..MAX) OF 3101 * AttributeTypeAndValue 3102 * AttributeTypeAndValue ::= SEQUENCE { 3103 * type AttributeType, 3104 * value AttributeValue } 3105 * </pre></blockquote> 3106 * <br/> 3107 * Argument for the constructor can be one of following parameters: 3108 * <ul> 3109 * <li>{Array}array - array of {@link KJUR.asn1.x509.RDN} parameter</li> 3110 * <li>`String}str - string for distingish name in OpenSSL One line foramt (ex: /C=US/O=test/CN=test) See <a href="https://github.com/kjur/jsrsasign/wiki/NOTE-distinguished-name-representation-in-jsrsasign">this</a> in detail.</li> 3111 * <li>{String}ldapstr - string for distinguish name in LDAP format (ex: CN=test,O=test,C=US)</li> 3112 * <li>{String}hex - hexadecimal string for ASN.1 distinguish name structure</li> 3113 * <li>{String}certissuer - issuer name in the specified PEM certificate</li> 3114 * <li>{String}certsubject - subject name in the specified PEM certificate</li> 3115 * <li>{String}rule - DirectoryString rule (ex. "prn" or "utf8")</li> 3116 * </ul> 3117 * <br/> 3118 * NOTE1: The "array" and "rule" parameters have been supported 3119 * since jsrsasign 9.0.0 asn1x509 2.0.0. 3120 * <br/> 3121 * NOTE2: Multi-valued RDN in "str" parameter have been 3122 * supported since jsrsasign 6.2.1 asn1x509 1.0.17. 3123 * @example 3124 * // 1. construct with array 3125 * new KJUR.asn1.x509.X500Name({array:[ 3126 * [{type:'C',value:'JP',ds:'prn'}], 3127 * [{type:'O',value:'aaa',ds:'utf8'}, // multi-valued RDN 3128 * {type:'CN',value:'bob@example.com',ds:'ia5'}] 3129 * ]}) 3130 * // 2. construct with string 3131 * new KJUR.asn1.x509.X500Name({str: "/C=US/ST=NY/L=Ballston Spa/STREET=915 Stillwater Ave"}); 3132 * new KJUR.asn1.x509.X500Name({str: "/CN=AAA/2.5.4.42=John/surname=Ray"}); 3133 * new KJUR.asn1.x509.X500Name({str: "/C=US/O=aaa+CN=contact@example.com"}); // multi valued 3134 * // 3. construct by LDAP string 3135 * new KJUR.asn1.x509.X500Name({ldapstr: "CN=foo@example.com,OU=bbb,C=US"}); 3136 * // 4. construct by ASN.1 hex string 3137 * new KJUR.asn1.x509.X500Name({hex: "304c3120..."}); 3138 * // 5. construct by issuer of PEM certificate 3139 * new KJUR.asn1.x509.X500Name({certsubject: "-----BEGIN CERT..."}); 3140 * // 6. construct by subject of PEM certificate 3141 * new KJUR.asn1.x509.X500Name({certissuer: "-----BEGIN CERT..."}); 3142 * // 7. construct by object (DEPRECATED) 3143 * new KJUR.asn1.x509.X500Name({C:"US",O:"aaa",CN:"http://example.com/"}); 3144 */ 3145 KJUR.asn1.x509.X500Name = function(params) { 3146 KJUR.asn1.x509.X500Name.superclass.constructor.call(this); 3147 this.asn1Array = []; 3148 this.paramArray = []; 3149 this.sRule = "utf8"; 3150 var _KJUR = KJUR, 3151 _KJUR_asn1 = _KJUR.asn1, 3152 _KJUR_asn1_x509 = _KJUR_asn1.x509, 3153 _RDN = _KJUR_asn1_x509.RDN, 3154 _pemtohex = pemtohex; 3155 3156 /** 3157 * set DN by OpenSSL oneline distinguished name string<br/> 3158 * @name setByString 3159 * @memberOf KJUR.asn1.x509.X500Name# 3160 * @function 3161 * @param {String} dnStr distinguished name by string (ex. /C=US/O=aaa) 3162 * @description 3163 * Sets distinguished name by string. 3164 * dnStr must be formatted as 3165 * "/type0=value0/type1=value1/type2=value2...". 3166 * No need to escape a slash in an attribute value. 3167 * @example 3168 * name = new KJUR.asn1.x509.X500Name(); 3169 * name.setByString("/C=US/O=aaa/OU=bbb/CN=foo@example.com"); 3170 * // no need to escape slash in an attribute value 3171 * name.setByString("/C=US/O=aaa/CN=1980/12/31"); 3172 */ 3173 this.setByString = function(dnStr, sRule) { 3174 if (sRule !== undefined) this.sRule = sRule; 3175 var a = dnStr.split('/'); 3176 a.shift(); 3177 3178 var a1 = []; 3179 for (var i = 0; i < a.length; i++) { 3180 if (a[i].match(/^[^=]+=.+$/)) { 3181 a1.push(a[i]); 3182 } else { 3183 var lastidx = a1.length - 1; 3184 a1[lastidx] = a1[lastidx] + "/" + a[i]; 3185 } 3186 } 3187 3188 for (var i = 0; i < a1.length; i++) { 3189 this.asn1Array.push(new _RDN({'str':a1[i], rule:this.sRule})); 3190 } 3191 }; 3192 3193 /** 3194 * set DN by LDAP(RFC 2253) distinguished name string<br/> 3195 * @name setByLdapString 3196 * @memberOf KJUR.asn1.x509.X500Name# 3197 * @function 3198 * @param {String} dnStr distinguished name by LDAP string (ex. O=aaa,C=US) 3199 * @since jsrsasign 6.2.2 asn1x509 1.0.18 3200 * @see {@link KJUR.asn1.x509.X500Name.ldapToCompat} 3201 * @description 3202 * @example 3203 * name = new KJUR.asn1.x509.X500Name(); 3204 * name.setByLdapString("CN=foo@example.com,OU=bbb,O=aaa,C=US"); 3205 */ 3206 this.setByLdapString = function(dnStr, sRule) { 3207 if (sRule !== undefined) this.sRule = sRule; 3208 var compat = _KJUR_asn1_x509.X500Name.ldapToCompat(dnStr); 3209 this.setByString(compat, sRule); 3210 }; 3211 3212 /** 3213 * set DN by associative array<br/> 3214 * @name setByObject 3215 * @memberOf KJUR.asn1.x509.X500Name# 3216 * @function 3217 * @param {Array} dnObj associative array of DN (ex. {C: "US", O: "aaa"}) 3218 * @since jsrsasign 4.9. asn1x509 1.0.13 3219 * @description 3220 * @example 3221 * name = new KJUR.asn1.x509.X500Name(); 3222 * name.setByObject({C: "US", O: "aaa", CN="http://example.com/"1}); 3223 */ 3224 this.setByObject = function(dnObj, sRule) { 3225 if (sRule !== undefined) this.sRule = sRule; 3226 3227 // Get all the dnObject attributes and stuff them in the ASN.1 array. 3228 for (var x in dnObj) { 3229 if (dnObj.hasOwnProperty(x)) { 3230 var newRDN = new _RDN({str: x + '=' + dnObj[x], rule: this.sRule}); 3231 // Initialize or push into the ANS1 array. 3232 this.asn1Array ? this.asn1Array.push(newRDN) 3233 : this.asn1Array = [newRDN]; 3234 } 3235 } 3236 }; 3237 3238 this.setByParam = function(params) { 3239 if (params.rule !== undefined) this.sRule = params.rule; 3240 3241 if (params.array !== undefined) { 3242 this.paramArray = params.array; 3243 } else { 3244 if (params.str !== undefined) { 3245 this.setByString(params.str); 3246 } else if (params.ldapstr !== undefined) { 3247 this.setByLdapString(params.ldapstr); 3248 } else if (params.hex !== undefined) { 3249 this.hTLV = params.hex; 3250 } else if (params.certissuer !== undefined) { 3251 var x = new X509(); 3252 x.readCertPEM(params.certissuer); 3253 this.hTLV = x.getIssuerHex(); 3254 } else if (params.certsubject !== undefined) { 3255 var x = new X509(); 3256 x.readCertPEM(params.certsubject); 3257 this.hTLV = x.getSubjectHex(); 3258 // If params is an object, then set the ASN1 array 3259 // just using the object attributes. 3260 // This is nice for fields that have lots of special 3261 // characters (i.e. CN: 'https://www.github.com/kjur//'). 3262 } else if (typeof params === "object" && 3263 params.certsubject === undefined && 3264 params.certissuer === undefined) { 3265 this.setByObject(params); 3266 } 3267 } 3268 } 3269 3270 this.tohex = function() { 3271 if (typeof this.hTLV == "string") return this.hTLV; 3272 3273 if (this.asn1Array.length == 0 && this.paramArray.length > 0) { 3274 for (var i = 0; i < this.paramArray.length; i++) { 3275 var param = {array: this.paramArray[i]}; 3276 if (this.sRule != "utf8") param.rule = this.sRule; 3277 var asn1RDN = new _RDN(param); 3278 this.asn1Array.push(asn1RDN); 3279 } 3280 } 3281 3282 var o = new _KJUR_asn1.DERSequence({"array": this.asn1Array}); 3283 this.hTLV = o.tohex(); 3284 return this.hTLV; 3285 }; 3286 this.getEncodedHex = function() { return this.tohex(); }; 3287 3288 if (params !== undefined) this.setByParam(params); 3289 }; 3290 extendClass(KJUR.asn1.x509.X500Name, KJUR.asn1.ASN1Object); 3291 3292 /** 3293 * convert OpenSSL compat distinguished name format string to LDAP(RFC 2253) format<br/> 3294 * @name compatToLDAP 3295 * @memberOf KJUR.asn1.x509.X500Name 3296 * @function 3297 * @param {String} s distinguished name string in OpenSSL oneline compat (ex. /C=US/O=test) 3298 * @return {String} distinguished name string in LDAP(RFC 2253) format (ex. O=test,C=US) 3299 * @since jsrsasign 8.0.19 asn1x509 1.1.20 3300 * @description 3301 * This static method converts a distinguished name string in OpenSSL compat 3302 * format to LDAP(RFC 2253) format. 3303 * @see <a href="https://github.com/kjur/jsrsasign/wiki/NOTE-distinguished-name-representation-in-jsrsasign">jsrsasign wiki: distinguished name string difference between OpenSSL compat and LDAP(RFC 2253)</a> 3304 * @see <a href="https://www.openssl.org/docs/man1.0.2/man1/openssl-x509.html#NAME-OPTIONS">OpenSSL x509 command manual - NAME OPTIONS</a> 3305 * @example 3306 * KJUR.asn1.x509.X500Name.compatToLDAP("/C=US/O=test") → 'O=test,C=US' 3307 * KJUR.asn1.x509.X500Name.compatToLDAP("/C=US/O=a,a") → 'O=a\,a,C=US' 3308 */ 3309 KJUR.asn1.x509.X500Name.compatToLDAP = function(s) { 3310 if (s.substr(0, 1) !== "/") throw "malformed input"; 3311 3312 var result = ""; 3313 s = s.substr(1); 3314 3315 var a = s.split("/"); 3316 a.reverse(); 3317 a = a.map(function(s) {return s.replace(/,/, "\\,")}); 3318 3319 return a.join(","); 3320 }; 3321 3322 /** 3323 * convert OpenSSL compat distinguished name format string to LDAP(RFC 2253) format (DEPRECATED)<br/> 3324 * @name onelineToLDAP 3325 * @memberOf KJUR.asn1.x509.X500Name 3326 * @function 3327 * @param {String} s distinguished name string in OpenSSL compat format (ex. /C=US/O=test) 3328 * @return {String} distinguished name string in LDAP(RFC 2253) format (ex. O=test,C=US) 3329 * @since jsrsasign 6.2.2 asn1x509 1.0.18 3330 * @see KJUR.asn1.x509.X500Name.compatToLDAP 3331 * @description 3332 * This method is deprecated. Please use 3333 * {@link KJUR.asn1.x509.X500Name.compatToLDAP} instead. 3334 */ 3335 KJUR.asn1.x509.X500Name.onelineToLDAP = function(s) { 3336 return KJUR.asn1.x509.X500Name.compatToLDAP(s); 3337 } 3338 3339 /** 3340 * convert LDAP(RFC 2253) distinguished name format string to OpenSSL compat format<br/> 3341 * @name ldapToCompat 3342 * @memberOf KJUR.asn1.x509.X500Name 3343 * @function 3344 * @param {String} s distinguished name string in LDAP(RFC 2253) format (ex. O=test,C=US) 3345 * @return {String} distinguished name string in OpenSSL compat format (ex. /C=US/O=test) 3346 * @since jsrsasign 8.0.19 asn1x509 1.1.10 3347 * @description 3348 * This static method converts a distinguished name string in 3349 * LDAP(RFC 2253) format to OpenSSL compat format. 3350 * @see <a href="https://github.com/kjur/jsrsasign/wiki/NOTE-distinguished-name-representation-in-jsrsasign">jsrsasign wiki: distinguished name string difference between OpenSSL compat and LDAP(RFC 2253)</a> 3351 * @example 3352 * KJUR.asn1.x509.X500Name.ldapToCompat('O=test,C=US') → '/C=US/O=test' 3353 * KJUR.asn1.x509.X500Name.ldapToCompat('O=a\,a,C=US') → '/C=US/O=a,a' 3354 * KJUR.asn1.x509.X500Name.ldapToCompat('O=a/a,C=US') → '/C=US/O=a\/a' 3355 */ 3356 KJUR.asn1.x509.X500Name.ldapToCompat = function(s) { 3357 var a = s.split(","); 3358 3359 // join \, 3360 var isBSbefore = false; 3361 var a2 = []; 3362 for (var i = 0; a.length > 0; i++) { 3363 var item = a.shift(); 3364 //console.log("item=" + item); 3365 3366 if (isBSbefore === true) { 3367 var a2last = a2.pop(); 3368 var newitem = (a2last + "," + item).replace(/\\,/g, ","); 3369 a2.push(newitem); 3370 isBSbefore = false; 3371 } else { 3372 a2.push(item); 3373 } 3374 3375 if (item.substr(-1, 1) === "\\") isBSbefore = true; 3376 } 3377 3378 a2 = a2.map(function(s) {return s.replace("/", "\\/")}); 3379 a2.reverse(); 3380 return "/" + a2.join("/"); 3381 }; 3382 3383 /** 3384 * convert LDAP(RFC 2253) distinguished name format string to OpenSSL compat format (DEPRECATED)<br/> 3385 * @name ldapToOneline 3386 * @memberOf KJUR.asn1.x509.X500Name 3387 * @function 3388 * @param {String} s distinguished name string in LDAP(RFC 2253) format (ex. O=test,C=US) 3389 * @return {String} distinguished name string in OpenSSL compat format (ex. /C=US/O=test) 3390 * @since jsrsasign 6.2.2 asn1x509 1.0.18 3391 * @description 3392 * This method is deprecated. Please use 3393 * {@link KJUR.asn1.x509.X500Name.ldapToCompat} instead. 3394 */ 3395 KJUR.asn1.x509.X500Name.ldapToOneline = function(s) { 3396 return KJUR.asn1.x509.X500Name.ldapToCompat(s); 3397 }; 3398 3399 /** 3400 * RDN (Relative Distinguished Name) ASN.1 structure class 3401 * @name KJUR.asn1.x509.RDN 3402 * @class RDN (Relative Distinguished Name) ASN.1 structure class 3403 * @param {Array} params associative array of parameters (ex. {'str': 'C=US'}) 3404 * @extends KJUR.asn1.ASN1Object 3405 * @see KJUR.asn1.x509.X500Name 3406 * @see KJUR.asn1.x509.RDN 3407 * @see KJUR.asn1.x509.AttributeTypeAndValue 3408 * @description 3409 * This class provides RelativeDistinguishedName ASN.1 class structure 3410 * defined in <a href="https://tools.ietf.org/html/rfc2253#section-2">RFC 2253 section 2</a>. 3411 * <blockquote><pre> 3412 * RelativeDistinguishedName ::= SET SIZE (1..MAX) OF 3413 * AttributeTypeAndValue 3414 * 3415 * AttributeTypeAndValue ::= SEQUENCE { 3416 * type AttributeType, 3417 * value AttributeValue } 3418 * </pre></blockquote> 3419 * <br/> 3420 * NOTE1: The "array" and "rule" parameters have been supported 3421 * since jsrsasign 9.0.0 asn1x509 2.0.0. 3422 * <br/> 3423 * NOTE2: Multi-valued RDN in "str" parameter have been 3424 * supported since jsrsasign 6.2.1 asn1x509 1.0.17. 3425 * @example 3426 * new KJUR.asn1.x509.RDN({array: [ // multi-valued 3427 * {type:"CN",value:"Bob",ds:"prn"}, 3428 * {type:"CN",value:"bob@example.com", ds:"ia5"} 3429 * ]}); 3430 * new KJUR.asn1.x509.RDN({str: "CN=test"}); 3431 * new KJUR.asn1.x509.RDN({str: "O=a+O=bb+O=c"}); // multi-valued 3432 * new KJUR.asn1.x509.RDN({str: "O=a+O=b\\+b+O=c"}); // plus escaped 3433 * new KJUR.asn1.x509.RDN({str: "O=a+O=\"b+b\"+O=c"}); // double quoted 3434 */ 3435 KJUR.asn1.x509.RDN = function(params) { 3436 KJUR.asn1.x509.RDN.superclass.constructor.call(this); 3437 this.asn1Array = []; 3438 this.paramArray = []; 3439 this.sRule = "utf8"; // DEFAULT "utf8" 3440 var _AttributeTypeAndValue = KJUR.asn1.x509.AttributeTypeAndValue; 3441 3442 this.setByParam = function(params) { 3443 if (params.rule !== undefined) this.sRule = params.rule; 3444 if (params.str !== undefined) { 3445 this.addByMultiValuedString(params.str); 3446 } 3447 if (params.array !== undefined) this.paramArray = params.array; 3448 }; 3449 3450 /** 3451 * add one AttributeTypeAndValue by string<br/> 3452 * @name addByString 3453 * @memberOf KJUR.asn1.x509.RDN# 3454 * @function 3455 * @param {String} s string of AttributeTypeAndValue 3456 * @return {Object} unspecified 3457 * @description 3458 * This method add one AttributeTypeAndValue to RDN object. 3459 * @example 3460 * rdn = new KJUR.asn1.x509.RDN(); 3461 * rdn.addByString("CN=john"); 3462 * rdn.addByString("serialNumber=1234"); // for multi-valued RDN 3463 */ 3464 this.addByString = function(s) { 3465 this.asn1Array.push(new KJUR.asn1.x509.AttributeTypeAndValue({'str': s, rule: this.sRule})); 3466 }; 3467 3468 /** 3469 * add one AttributeTypeAndValue by multi-valued string<br/> 3470 * @name addByMultiValuedString 3471 * @memberOf KJUR.asn1.x509.RDN# 3472 * @function 3473 * @param {String} s string of multi-valued RDN 3474 * @return {Object} unspecified 3475 * @since jsrsasign 6.2.1 asn1x509 1.0.17 3476 * @description 3477 * This method add multi-valued RDN to RDN object. 3478 * @example 3479 * rdn = new KJUR.asn1.x509.RDN(); 3480 * rdn.addByMultiValuedString("CN=john+O=test"); 3481 * rdn.addByMultiValuedString("O=a+O=b\+b\+b+O=c"); // multi-valued RDN with quoted plus 3482 * rdn.addByMultiValuedString("O=a+O=\"b+b+b\"+O=c"); // multi-valued RDN with quoted quotation 3483 */ 3484 this.addByMultiValuedString = function(s) { 3485 var a = KJUR.asn1.x509.RDN.parseString(s); 3486 for (var i = 0; i < a.length; i++) { 3487 this.addByString(a[i]); 3488 } 3489 }; 3490 3491 this.tohex = function() { 3492 if (this.asn1Array.length == 0 && this.paramArray.length > 0) { 3493 for (var i = 0; i < this.paramArray.length; i++) { 3494 var param = this.paramArray[i]; 3495 if (param.rule !== undefined && 3496 this.sRule != "utf8") { 3497 param.rule = this.sRule; 3498 } 3499 //alert(JSON.stringify(param)); 3500 var asn1ATV = new _AttributeTypeAndValue(param); 3501 this.asn1Array.push(asn1ATV); 3502 } 3503 } 3504 var o = new KJUR.asn1.DERSet({"array": this.asn1Array}); 3505 this.TLV = o.tohex(); 3506 return this.TLV; 3507 }; 3508 this.getEncodedHex = function() { return this.tohex(); }; 3509 3510 if (params !== undefined) { 3511 this.setByParam(params); 3512 } 3513 }; 3514 extendClass(KJUR.asn1.x509.RDN, KJUR.asn1.ASN1Object); 3515 3516 /** 3517 * parse multi-valued RDN string and split into array of 'AttributeTypeAndValue'<br/> 3518 * @name parseString 3519 * @memberOf KJUR.asn1.x509.RDN 3520 * @function 3521 * @param {String} s multi-valued string of RDN 3522 * @return {Array} array of string of AttributeTypeAndValue 3523 * @since jsrsasign 6.2.1 asn1x509 1.0.17 3524 * @description 3525 * This static method parses multi-valued RDN string and split into 3526 * array of AttributeTypeAndValue. 3527 * @example 3528 * KJUR.asn1.x509.RDN.parseString("CN=john") → ["CN=john"] 3529 * KJUR.asn1.x509.RDN.parseString("CN=john+OU=test") → ["CN=john", "OU=test"] 3530 * KJUR.asn1.x509.RDN.parseString('CN="jo+hn"+OU=test') → ["CN=jo+hn", "OU=test"] 3531 * KJUR.asn1.x509.RDN.parseString('CN=jo\+hn+OU=test') → ["CN=jo+hn", "OU=test"] 3532 * KJUR.asn1.x509.RDN.parseString("CN=john+OU=test+OU=t1") → ["CN=john", "OU=test", "OU=t1"] 3533 */ 3534 KJUR.asn1.x509.RDN.parseString = function(s) { 3535 var a = s.split(/\+/); 3536 3537 // join \+ 3538 var isBSbefore = false; 3539 var a2 = []; 3540 for (var i = 0; a.length > 0; i++) { 3541 var item = a.shift(); 3542 //console.log("item=" + item); 3543 3544 if (isBSbefore === true) { 3545 var a2last = a2.pop(); 3546 var newitem = (a2last + "+" + item).replace(/\\\+/g, "+"); 3547 a2.push(newitem); 3548 isBSbefore = false; 3549 } else { 3550 a2.push(item); 3551 } 3552 3553 if (item.substr(-1, 1) === "\\") isBSbefore = true; 3554 } 3555 3556 // join quote 3557 var beginQuote = false; 3558 var a3 = []; 3559 for (var i = 0; a2.length > 0; i++) { 3560 var item = a2.shift(); 3561 3562 if (beginQuote === true) { 3563 var a3last = a3.pop(); 3564 if (item.match(/"$/)) { 3565 var newitem = (a3last + "+" + item).replace(/^([^=]+)="(.*)"$/, "$1=$2"); 3566 a3.push(newitem); 3567 beginQuote = false; 3568 } else { 3569 a3.push(a3last + "+" + item); 3570 } 3571 } else { 3572 a3.push(item); 3573 } 3574 3575 if (item.match(/^[^=]+="/)) { 3576 //console.log(i + "=" + item); 3577 beginQuote = true; 3578 } 3579 } 3580 return a3; 3581 }; 3582 3583 /** 3584 * AttributeTypeAndValue ASN.1 structure class 3585 * @name KJUR.asn1.x509.AttributeTypeAndValue 3586 * @class AttributeTypeAndValue ASN.1 structure class 3587 * @param {Array} params JSON object for parameters (ex. {str: 'C=US'}) 3588 * @extends KJUR.asn1.ASN1Object 3589 * @see KJUR.asn1.x509.X500Name 3590 * @see KJUR.asn1.x509.RDN 3591 * @see KJUR.asn1.x509.AttributeTypeAndValue 3592 * @see X509#getAttrTypeAndValue 3593 * @description 3594 * This class generates AttributeTypeAndValue defined in 3595 * <a href="https://tools.ietf.org/html/rfc5280#section-4.1.2.4"> 3596 * RFC 5280 4.1.2.4</a>. 3597 * <pre> 3598 * AttributeTypeAndValue ::= SEQUENCE { 3599 * type AttributeType, 3600 * value AttributeValue } 3601 * AttributeType ::= OBJECT IDENTIFIER 3602 * AttributeValue ::= ANY -- DEFINED BY AttributeType 3603 * </pre> 3604 * The constructor argument can have following parameters: 3605 * <ul> 3606 * <li>{String}type - AttributeType name or OID(ex. C,O,CN)</li> 3607 * <li>{String}value - raw string of ASN.1 value of AttributeValue</li> 3608 * <li>{String}ds - DirectoryString type of AttributeValue</li> 3609 * <li>{String}rule - DirectoryString type rule (ex. "prn" or "utf8") 3610 * set DirectoryString type automatically when "ds" not specified.</li> 3611 * <li>{String}str - AttributeTypeAndVale string (ex. "C=US"). 3612 * When type and value don't exists, 3613 * this "str" will be converted to "type" and "value". 3614 * </li> 3615 * </ul> 3616 * <br 3617 * NOTE: Parameters "type", "value,", "ds" and "rule" have 3618 * been supported since jsrsasign 9.0.0 asn1x509 2.0.0. 3619 * @example 3620 * new KJUR.asn1.x509.AttributeTypeAndValue({type:'C',value:'US',ds:'prn'}) 3621 * new KJUR.asn1.x509.AttributeTypeAndValue({type:'givenName',value:'John',ds:'prn'}) 3622 * new KJUR.asn1.x509.AttributeTypeAndValue({type:'2.5.4.9',value:'71 Bowman St',ds:'prn'}) 3623 * new KJUR.asn1.x509.AttributeTypeAndValue({str:'O=T1'}) 3624 * new KJUR.asn1.x509.AttributeTypeAndValue({str:'streetAddress=71 Bowman St'}) 3625 * new KJUR.asn1.x509.AttributeTypeAndValue({str:'O=T1',rule='prn'}) 3626 * new KJUR.asn1.x509.AttributeTypeAndValue({str:'O=T1',rule='utf8'}) 3627 */ 3628 KJUR.asn1.x509.AttributeTypeAndValue = function(params) { 3629 KJUR.asn1.x509.AttributeTypeAndValue.superclass.constructor.call(this); 3630 this.sRule = "utf8"; 3631 this.sType = null; 3632 this.sValue = null; 3633 this.dsType = null; 3634 var _KJUR = KJUR, 3635 _KJUR_asn1 = _KJUR.asn1, 3636 _DERSequence = _KJUR_asn1.DERSequence, 3637 _DERUTF8String = _KJUR_asn1.DERUTF8String, 3638 _DERPrintableString = _KJUR_asn1.DERPrintableString, 3639 _DERTeletexString = _KJUR_asn1.DERTeletexString, 3640 _DERIA5String = _KJUR_asn1.DERIA5String, 3641 _DERVisibleString = _KJUR_asn1.DERVisibleString, 3642 _DERBMPString = _KJUR_asn1.DERBMPString, 3643 _isMail = _KJUR.lang.String.isMail, 3644 _isPrintable = _KJUR.lang.String.isPrintable; 3645 3646 this.setByParam = function(params) { 3647 if (params.rule !== undefined) this.sRule = params.rule; 3648 if (params.ds !== undefined) this.dsType = params.ds; 3649 3650 if (params.value === undefined && 3651 params.str !== undefined) { 3652 var str = params.str; 3653 var matchResult = str.match(/^([^=]+)=(.+)$/); 3654 if (matchResult) { 3655 this.sType = matchResult[1]; 3656 this.sValue = matchResult[2]; 3657 } else { 3658 throw new Error("malformed attrTypeAndValueStr: " + 3659 attrTypeAndValueStr); 3660 } 3661 3662 //this.setByString(params.str); 3663 } else { 3664 this.sType = params.type; 3665 this.sValue = params.value; 3666 } 3667 }; 3668 3669 /* 3670 * @deprecated 3671 */ 3672 this.setByString = function(sTypeValue, sRule) { 3673 if (sRule !== undefined) this.sRule = sRule; 3674 var matchResult = sTypeValue.match(/^([^=]+)=(.+)$/); 3675 if (matchResult) { 3676 this.setByAttrTypeAndValueStr(matchResult[1], matchResult[2]); 3677 } else { 3678 throw new Error("malformed attrTypeAndValueStr: " + 3679 attrTypeAndValueStr); 3680 } 3681 }; 3682 3683 this._getDsType = function() { 3684 var sType = this.sType; 3685 var sValue = this.sValue; 3686 var sRule = this.sRule; 3687 3688 if (sRule === "prn") { 3689 if (sType == "CN" && _isMail(sValue)) return "ia5"; 3690 if (_isPrintable(sValue)) return "prn"; 3691 return "utf8"; 3692 } else if (sRule === "utf8") { 3693 if (sType == "CN" && _isMail(sValue)) return "ia5"; 3694 if (sType == "C") return "prn"; 3695 return "utf8"; 3696 } 3697 return "utf8"; // default 3698 }; 3699 3700 this.setByAttrTypeAndValueStr = function(sType, sValue, sRule) { 3701 if (sRule !== undefined) this.sRule = sRule; 3702 this.sType = sType; 3703 this.sValue = sValue; 3704 }; 3705 3706 this.getValueObj = function(dsType, valueStr) { 3707 if (dsType == "utf8") return new _DERUTF8String({"str": valueStr}); 3708 if (dsType == "prn") return new _DERPrintableString({"str": valueStr}); 3709 if (dsType == "tel") return new _DERTeletexString({"str": valueStr}); 3710 if (dsType == "ia5") return new _DERIA5String({"str": valueStr}); 3711 if (dsType == "vis") return new _DERVisibleString({"str": valueStr}); 3712 if (dsType == "bmp") return new _DERBMPString({"str": valueStr}); 3713 throw new Error("unsupported directory string type: type=" + 3714 dsType + " value=" + valueStr); 3715 }; 3716 3717 this.tohex = function() { 3718 if (this.dsType == null) this.dsType = this._getDsType(); 3719 var asn1Type = KJUR.asn1.x509.OID.atype2obj(this.sType); 3720 var asn1Value = this.getValueObj(this.dsType, this.sValue); 3721 var o = new _DERSequence({"array": [asn1Type, asn1Value]}); 3722 this.TLV = o.tohex(); 3723 return this.TLV; 3724 } 3725 3726 this.getEncodedHex = function() { return this.tohex(); }; 3727 3728 if (params !== undefined) { 3729 this.setByParam(params); 3730 } 3731 }; 3732 extendClass(KJUR.asn1.x509.AttributeTypeAndValue, KJUR.asn1.ASN1Object); 3733 3734 // === END X500Name Related ================================================= 3735 3736 // === BEGIN Other ASN1 structure class ====================================== 3737 3738 /** 3739 * SubjectPublicKeyInfo ASN.1 structure class 3740 * @name KJUR.asn1.x509.SubjectPublicKeyInfo 3741 * @class SubjectPublicKeyInfo ASN.1 structure class 3742 * @param {Object} params parameter for subject public key 3743 * @extends KJUR.asn1.ASN1Object 3744 * @description 3745 * <br/> 3746 * As for argument 'params' for constructor, you can specify one of 3747 * following properties: 3748 * <ul> 3749 * <li>{@link RSAKey} object</li> 3750 * <li>{@link KJUR.crypto.ECDSA} object</li> 3751 * <li>{@link KJUR.crypto.DSA} object</li> 3752 * </ul> 3753 * NOTE1: 'params' can be omitted.<br/> 3754 * NOTE2: DSA/ECDSA key object is also supported since asn1x509 1.0.6.<br/> 3755 * <h4>EXAMPLE</h4> 3756 * @example 3757 * spki = new KJUR.asn1.x509.SubjectPublicKeyInfo(RSAKey_object); 3758 * spki = new KJUR.asn1.x509.SubjectPublicKeyInfo(KJURcryptoECDSA_object); 3759 * spki = new KJUR.asn1.x509.SubjectPublicKeyInfo(KJURcryptoDSA_object); 3760 */ 3761 KJUR.asn1.x509.SubjectPublicKeyInfo = function(params) { 3762 KJUR.asn1.x509.SubjectPublicKeyInfo.superclass.constructor.call(this); 3763 var asn1AlgId = null, 3764 asn1SubjPKey = null, 3765 _KJUR = KJUR, 3766 _KJUR_asn1 = _KJUR.asn1, 3767 _DERInteger = _KJUR_asn1.DERInteger, 3768 _DERBitString = _KJUR_asn1.DERBitString, 3769 _DERObjectIdentifier = _KJUR_asn1.DERObjectIdentifier, 3770 _DERSequence = _KJUR_asn1.DERSequence, 3771 _newObject = _KJUR_asn1.ASN1Util.newObject, 3772 _KJUR_asn1_x509 = _KJUR_asn1.x509, 3773 _AlgorithmIdentifier = _KJUR_asn1_x509.AlgorithmIdentifier, 3774 _KJUR_crypto = _KJUR.crypto, 3775 _KJUR_crypto_ECDSA = _KJUR_crypto.ECDSA, 3776 _KJUR_crypto_DSA = _KJUR_crypto.DSA; 3777 3778 /* 3779 * @since asn1x509 1.0.7 3780 */ 3781 this.getASN1Object = function() { 3782 if (this.asn1AlgId == null || this.asn1SubjPKey == null) 3783 throw "algId and/or subjPubKey not set"; 3784 var o = new _DERSequence({'array': 3785 [this.asn1AlgId, this.asn1SubjPKey]}); 3786 return o; 3787 }; 3788 3789 this.tohex = function() { 3790 var o = this.getASN1Object(); 3791 this.hTLV = o.tohex(); 3792 return this.hTLV; 3793 }; 3794 this.getEncodedHex = function() { return this.tohex(); }; 3795 3796 /** 3797 * @name setPubKey 3798 * @memberOf KJUR.asn1.x509.SubjectPublicKeyInfo# 3799 * @function 3800 * @param {Object} {@link RSAKey}, {@link KJUR.crypto.ECDSA} or {@link KJUR.crypto.DSA} object 3801 * @since jsrsasign 8.0.0 asn1x509 1.1.0 3802 * @description 3803 * @example 3804 * spki = new KJUR.asn1.x509.SubjectPublicKeyInfo(); 3805 * pubKey = KEYUTIL.getKey(PKCS8PUBKEYPEM); 3806 * spki.setPubKey(pubKey); 3807 */ 3808 this.setPubKey = function(key) { 3809 try { 3810 if (key instanceof RSAKey) { 3811 var asn1RsaPub = _newObject({ 3812 'seq': [{'int': {'bigint': key.n}}, {'int': {'int': key.e}}] 3813 }); 3814 var rsaKeyHex = asn1RsaPub.tohex(); 3815 this.asn1AlgId = new _AlgorithmIdentifier({'name':'rsaEncryption'}); 3816 this.asn1SubjPKey = new _DERBitString({'hex':'00'+rsaKeyHex}); 3817 } 3818 } catch(ex) {}; 3819 3820 try { 3821 if (key instanceof KJUR.crypto.ECDSA) { 3822 var asn1Params = new _DERObjectIdentifier({'name': key.curveName}); 3823 this.asn1AlgId = 3824 new _AlgorithmIdentifier({'name': 'ecPublicKey', 3825 'asn1params': asn1Params}); 3826 this.asn1SubjPKey = new _DERBitString({'hex': '00' + key.pubKeyHex}); 3827 } 3828 } catch(ex) {}; 3829 3830 try { 3831 if (key instanceof KJUR.crypto.DSA) { 3832 var asn1Params = new _newObject({ 3833 'seq': [{'int': {'bigint': key.p}}, 3834 {'int': {'bigint': key.q}}, 3835 {'int': {'bigint': key.g}}] 3836 }); 3837 this.asn1AlgId = 3838 new _AlgorithmIdentifier({'name': 'dsa', 3839 'asn1params': asn1Params}); 3840 var pubInt = new _DERInteger({'bigint': key.y}); 3841 this.asn1SubjPKey = 3842 new _DERBitString({'hex': '00' + pubInt.tohex()}); 3843 } 3844 } catch(ex) {}; 3845 }; 3846 3847 if (params !== undefined) { 3848 this.setPubKey(params); 3849 } 3850 }; 3851 extendClass(KJUR.asn1.x509.SubjectPublicKeyInfo, KJUR.asn1.ASN1Object); 3852 3853 /** 3854 * Time ASN.1 structure class<br/> 3855 * @name KJUR.asn1.x509.Time 3856 * @class Time ASN.1 structure class 3857 * @param {Array} params associative array of parameters (ex. {'str': '130508235959Z'}) 3858 * @extends KJUR.asn1.ASN1Object 3859 * @see KJUR.asn1.DERUTCTime 3860 * @see KJUR.asn1.DERGeneralizedTime 3861 * @description 3862 * This class represents Time ASN.1 structure defined in 3863 * <a href="https://tools.ietf.org/html/rfc5280">RFC 5280</a> 3864 * <pre> 3865 * Time ::= CHOICE { 3866 * utcTime UTCTime, 3867 * generalTime GeneralizedTime } 3868 * </pre> 3869 * 3870 * @example 3871 * var t1 = new KJUR.asn1.x509.Time{'str': '130508235959Z'} // UTCTime by default 3872 * var t2 = new KJUR.asn1.x509.Time{'type': 'gen', 'str': '20130508235959Z'} // GeneralizedTime 3873 */ 3874 KJUR.asn1.x509.Time = function(params) { 3875 KJUR.asn1.x509.Time.superclass.constructor.call(this); 3876 var type = null, 3877 timeParams = null, 3878 _KJUR = KJUR, 3879 _KJUR_asn1 = _KJUR.asn1, 3880 _DERUTCTime = _KJUR_asn1.DERUTCTime, 3881 _DERGeneralizedTime = _KJUR_asn1.DERGeneralizedTime; 3882 this.params = null; 3883 this.type = null; 3884 3885 // deprecated 3886 this.setTimeParams = function(timeParams) { 3887 this.timeParams = timeParams; 3888 } 3889 3890 this.setByParam = function(params) { 3891 this.params = params; 3892 }; 3893 3894 this.getType = function(s) { 3895 if (s.match(/^[0-9]{12}Z$/)) return "utc"; 3896 if (s.match(/^[0-9]{14}Z$/)) return "gen"; 3897 if (s.match(/^[0-9]{12}\.[0-9]+Z$/)) return "utc"; 3898 if (s.match(/^[0-9]{14}\.[0-9]+Z$/)) return "gen"; 3899 return null; 3900 }; 3901 3902 this.tohex = function() { 3903 var params = this.params; 3904 var o = null; 3905 3906 if (typeof params == "string") params = {str: params}; 3907 if (params != null && 3908 params.str && 3909 (params.type == null || params.type == undefined)) { 3910 params.type = this.getType(params.str); 3911 } 3912 3913 if (params != null && params.str) { 3914 if (params.type == "utc") o = new _DERUTCTime(params.str); 3915 if (params.type == "gen") o = new _DERGeneralizedTime(params.str); 3916 } else { 3917 if (this.type == "gen") { 3918 o = new _DERGeneralizedTime(); 3919 } else { 3920 o = new _DERUTCTime(); 3921 } 3922 } 3923 3924 if (o == null) throw new Error("wrong setting for Time"); 3925 this.TLV = o.tohex(); 3926 return this.TLV; 3927 }; 3928 this.getEncodedHex = function() { return this.tohex(); }; 3929 3930 if (params != undefined) this.setByParam(params); 3931 }; 3932 3933 KJUR.asn1.x509.Time_bak = function(params) { 3934 KJUR.asn1.x509.Time_bak.superclass.constructor.call(this); 3935 var type = null, 3936 timeParams = null, 3937 _KJUR = KJUR, 3938 _KJUR_asn1 = _KJUR.asn1, 3939 _DERUTCTime = _KJUR_asn1.DERUTCTime, 3940 _DERGeneralizedTime = _KJUR_asn1.DERGeneralizedTime; 3941 3942 this.setTimeParams = function(timeParams) { 3943 this.timeParams = timeParams; 3944 } 3945 3946 this.tohex = function() { 3947 var o = null; 3948 3949 if (this.timeParams != null) { 3950 if (this.type == "utc") { 3951 o = new _DERUTCTime(this.timeParams); 3952 } else { 3953 o = new _DERGeneralizedTime(this.timeParams); 3954 } 3955 } else { 3956 if (this.type == "utc") { 3957 o = new _DERUTCTime(); 3958 } else { 3959 o = new _DERGeneralizedTime(); 3960 } 3961 } 3962 this.TLV = o.tohex(); 3963 return this.TLV; 3964 }; 3965 this.getEncodedHex = function() { return this.tohex(); }; 3966 3967 this.type = "utc"; 3968 if (params !== undefined) { 3969 if (params.type !== undefined) { 3970 this.type = params.type; 3971 } else { 3972 if (params.str !== undefined) { 3973 if (params.str.match(/^[0-9]{12}Z$/)) this.type = "utc"; 3974 if (params.str.match(/^[0-9]{14}Z$/)) this.type = "gen"; 3975 } 3976 } 3977 this.timeParams = params; 3978 } 3979 }; 3980 extendClass(KJUR.asn1.x509.Time, KJUR.asn1.ASN1Object); 3981 3982 /** 3983 * AlgorithmIdentifier ASN.1 structure class 3984 * @name KJUR.asn1.x509.AlgorithmIdentifier 3985 * @class AlgorithmIdentifier ASN.1 structure class 3986 * @param {Array} params associative array of parameters (ex. {'name': 'SHA1withRSA'}) 3987 * @extends KJUR.asn1.ASN1Object 3988 * @description 3989 * The 'params' argument is an associative array and has following parameters: 3990 * <ul> 3991 * <li>name: algorithm name (MANDATORY, ex. sha1, SHA256withRSA)</li> 3992 * <li>asn1params: explicitly specify ASN.1 object for algorithm. 3993 * (OPTION)</li> 3994 * <li>paramempty: set algorithm parameter to NULL by force. 3995 * If paramempty is false, algorithm parameter will be set automatically. 3996 * If paramempty is false and algorithm name is "*withDSA" or "withECDSA" parameter field of 3997 * AlgorithmIdentifier will be ommitted otherwise 3998 * it will be NULL by default. 3999 * (OPTION, DEFAULT = false)</li> 4000 * </ul> 4001 * RSA-PSS algorithm names such as SHA{,256,384,512}withRSAandMGF1 are 4002 * special names. They will set a suite of algorithm OID and multiple algorithm 4003 * parameters. Its ASN.1 schema is defined in 4004 * <a href="https://tools.ietf.org/html/rfc3447#appendix-A.2.3">RFC 3447 PKCS#1 2.1 4005 * section A.2.3</a>. 4006 * <blockquote><pre> 4007 * id-RSASSA-PSS OBJECT IDENTIFIER ::= { pkcs-1 10 } 4008 * RSASSA-PSS-params ::= SEQUENCE { 4009 * hashAlgorithm [0] HashAlgorithm DEFAULT sha1, 4010 * maskGenAlgorithm [1] MaskGenAlgorithm DEFAULT mgf1SHA1, 4011 * saltLength [2] INTEGER DEFAULT 20, 4012 * trailerField [3] TrailerField DEFAULT trailerFieldBC } 4013 * mgf1SHA1 MaskGenAlgorithm ::= { 4014 * algorithm id-mgf1, 4015 * parameters HashAlgorithm : sha1 } 4016 * id-mgf1 OBJECT IDENTIFIER ::= { pkcs-1 8 } 4017 * TrailerField ::= INTEGER { trailerFieldBC(1) } 4018 * </pre></blockquote> 4019 * Here is a table for PSS parameters: 4020 * <table> 4021 * <tr><th>Name</th><th>alg oid</th><th>pss hash</th><th>maskgen</th></th><th>pss saltlen</th><th>trailer</th></tr> 4022 * <tr><td>SHAwithRSAandMGF1</td><td>1.2.840.113549.1.1.10(rsapss)</td><td>default(sha1)</td><td>default(mgf1sha1)</td><td>default(20)</td><td>default(1)</td></tr> 4023 * <tr><td>SHA256withRSAandMGF1</td><td>1.2.840.113549.1.1.10(rsapss)</td><td>sha256</td><td>mgf1sha256</td><td>32</td><td>default(1)</td></tr> 4024 * <tr><td>SHA384withRSAandMGF1</td><td>1.2.840.113549.1.1.10(rsapss)</td><td>sha384</td><td>mgf1sha384</td><td>48</td><td>default(1)</td></tr> 4025 * <tr><td>SHA512withRSAandMGF1</td><td>1.2.840.113549.1.1.10(rsapss)</td><td>sha512</td><td>mgf1sha512</td><td>64</td><td>default(1)</td></tr> 4026 * </table> 4027 * Default value is omitted as defined in ASN.1 schema. 4028 * These parameters are interoperable to OpenSSL or IAIK toolkit. 4029 * <br/> 4030 * NOTE: RSA-PSS algorihtm names are supported since jsrsasign 8.0.21. 4031 * @example 4032 * new KJUR.asn1.x509.AlgorithmIdentifier({name: "sha1"}) 4033 * new KJUR.asn1.x509.AlgorithmIdentifier({name: "SHA256withRSA"}) 4034 * new KJUR.asn1.x509.AlgorithmIdentifier({name: "SHA512withRSAandMGF1"}) // set parameters automatically 4035 * new KJUR.asn1.x509.AlgorithmIdentifier({name: "SHA256withRSA", paramempty: true}) 4036 * new KJUR.asn1.x509.AlgorithmIdentifier({name: "rsaEncryption"}) 4037 */ 4038 KJUR.asn1.x509.AlgorithmIdentifier = function(params) { 4039 KJUR.asn1.x509.AlgorithmIdentifier.superclass.constructor.call(this); 4040 this.nameAlg = null; 4041 this.asn1Alg = null; 4042 this.asn1Params = null; 4043 this.paramEmpty = false; 4044 4045 var _KJUR = KJUR, 4046 _KJUR_asn1 = _KJUR.asn1, 4047 _PSSNAME2ASN1TLV = _KJUR_asn1.x509.AlgorithmIdentifier.PSSNAME2ASN1TLV; 4048 4049 this.tohex = function() { 4050 if (this.nameAlg === null && this.asn1Alg === null) { 4051 throw new Error("algorithm not specified"); 4052 } 4053 4054 // for RSAPSS algorithm name 4055 // && this.hTLV === null 4056 if (this.nameAlg !== null) { 4057 var hTLV = null; 4058 for (var key in _PSSNAME2ASN1TLV) { 4059 if (key === this.nameAlg) { 4060 hTLV = _PSSNAME2ASN1TLV[key]; 4061 } 4062 } 4063 if (hTLV !== null) { 4064 this.hTLV = hTLV; 4065 return this.hTLV; 4066 } 4067 } 4068 4069 if (this.nameAlg !== null && this.asn1Alg === null) { 4070 this.asn1Alg = _KJUR_asn1.x509.OID.name2obj(this.nameAlg); 4071 } 4072 var a = [this.asn1Alg]; 4073 if (this.asn1Params !== null) a.push(this.asn1Params); 4074 4075 var o = new _KJUR_asn1.DERSequence({'array': a}); 4076 this.hTLV = o.tohex(); 4077 return this.hTLV; 4078 }; 4079 this.getEncodedHex = function() { return this.tohex(); }; 4080 4081 if (params !== undefined) { 4082 if (params.name !== undefined) { 4083 this.nameAlg = params.name; 4084 } 4085 if (params.asn1params !== undefined) { 4086 this.asn1Params = params.asn1params; 4087 } 4088 if (params.paramempty !== undefined) { 4089 this.paramEmpty = params.paramempty; 4090 } 4091 } 4092 4093 // set algorithm parameters will be ommitted for 4094 // "*withDSA" or "*withECDSA" otherwise will be NULL. 4095 if (this.asn1Params === null && 4096 this.paramEmpty === false && 4097 this.nameAlg !== null) { 4098 4099 if (this.nameAlg.name !== undefined) { 4100 this.nameAlg = this.nameAlg.name; 4101 } 4102 var lcNameAlg = this.nameAlg.toLowerCase(); 4103 4104 if (lcNameAlg.substr(-7, 7) !== "withdsa" && 4105 lcNameAlg.substr(-9, 9) !== "withecdsa") { 4106 this.asn1Params = new _KJUR_asn1.DERNull(); 4107 } 4108 } 4109 }; 4110 extendClass(KJUR.asn1.x509.AlgorithmIdentifier, KJUR.asn1.ASN1Object); 4111 4112 /** 4113 * AlgorithmIdentifier ASN.1 TLV string associative array for RSA-PSS algorithm names 4114 * @const 4115 */ 4116 KJUR.asn1.x509.AlgorithmIdentifier.PSSNAME2ASN1TLV = { 4117 "SHAwithRSAandMGF1": 4118 "300d06092a864886f70d01010a3000", 4119 "SHA256withRSAandMGF1": 4120 "303d06092a864886f70d01010a3030a00d300b0609608648016503040201a11a301806092a864886f70d010108300b0609608648016503040201a203020120", 4121 "SHA384withRSAandMGF1": 4122 "303d06092a864886f70d01010a3030a00d300b0609608648016503040202a11a301806092a864886f70d010108300b0609608648016503040202a203020130", 4123 "SHA512withRSAandMGF1": 4124 "303d06092a864886f70d01010a3030a00d300b0609608648016503040203a11a301806092a864886f70d010108300b0609608648016503040203a203020140" 4125 }; 4126 4127 /** 4128 * GeneralName ASN.1 structure class<br/> 4129 * @name KJUR.asn1.x509.GeneralName 4130 * @class GeneralName ASN.1 structure class 4131 * @see KJUR.asn1.x509.OtherName 4132 * @see KJUR.asn1.x509.X500Name 4133 * 4134 * @description 4135 * <br/> 4136 * As for argument 'params' for constructor, you can specify one of 4137 * following properties: 4138 * <ul> 4139 * <li>rfc822 - rfc822Name[1] (ex. user1@foo.com)</li> 4140 * <li>dns - dNSName[2] (ex. foo.com)</li> 4141 * <li>uri - uniformResourceIdentifier[6] (ex. http://foo.com/)</li> 4142 * <li>dn - directoryName[4] 4143 * distinguished name string or X500Name class parameters can be 4144 * specified (ex. "/C=US/O=Test", {hex: '301c...')</li> 4145 * <li>ldapdn - directoryName[4] (ex. O=Test,C=US)</li> 4146 * <li>certissuer - directoryName[4] (PEM or hex string of cert)</li> 4147 * <li>certsubj - directoryName[4] (PEM or hex string of cert)</li> 4148 * <li>ip - iPAddress[7] (ex. 192.168.1.1, 2001:db3::43, 3faa0101...)</li> 4149 * </ul> 4150 * NOTE1: certissuer and certsubj were supported since asn1x509 1.0.10.<br/> 4151 * NOTE2: dn and ldapdn were supported since jsrsasign 6.2.3 asn1x509 1.0.19.<br/> 4152 * NOTE3: ip were supported since jsrsasign 8.0.10 asn1x509 1.1.4.<br/> 4153 * NOTE4: X500Name parameters in dn were supported since jsrsasign 8.0.16.<br/> 4154 * NOTE5: otherName is supported since jsrsasign 10.5.3.<br/> 4155 * 4156 * Here is definition of the ASN.1 syntax: 4157 * <pre> 4158 * -- NOTE: under the CHOICE, it will always be explicit. 4159 * GeneralName ::= CHOICE { 4160 * otherName [0] OtherName, 4161 * rfc822Name [1] IA5String, 4162 * dNSName [2] IA5String, 4163 * x400Address [3] ORAddress, 4164 * directoryName [4] Name, 4165 * ediPartyName [5] EDIPartyName, 4166 * uniformResourceIdentifier [6] IA5String, 4167 * iPAddress [7] OCTET STRING, 4168 * registeredID [8] OBJECT IDENTIFIER } 4169 * 4170 * OtherName ::= SEQUENCE { 4171 * type-id OBJECT IDENTIFIER, 4172 * value [0] EXPLICIT ANY DEFINED BY type-id } 4173 * </pre> 4174 * 4175 * @example 4176 * gn = new KJUR.asn1.x509.GeneralName({dn: '/C=US/O=Test'}); 4177 * gn = new KJUR.asn1.x509.GeneralName({dn: X500NameObject); 4178 * gn = new KJUR.asn1.x509.GeneralName({dn: {str: /C=US/O=Test'}); 4179 * gn = new KJUR.asn1.x509.GeneralName({dn: {ldapstr: 'O=Test,C=US'}); 4180 * gn = new KJUR.asn1.x509.GeneralName({dn: {hex: '301c...'}); 4181 * gn = new KJUR.asn1.x509.GeneralName({dn: {certissuer: PEMCERTSTRING}); 4182 * gn = new KJUR.asn1.x509.GeneralName({dn: {certsubject: PEMCERTSTRING}); 4183 * gn = new KJUR.asn1.x509.GeneralName({ip: '192.168.1.1'}); 4184 * gn = new KJUR.asn1.x509.GeneralName({ip: '2001:db4::4:1'}); 4185 * gn = new KJUR.asn1.x509.GeneralName({ip: 'c0a80101'}); 4186 * gn = new KJUR.asn1.x509.GeneralName({rfc822: 'test@aaa.com'}); 4187 * gn = new KJUR.asn1.x509.GeneralName({dns: 'aaa.com'}); 4188 * gn = new KJUR.asn1.x509.GeneralName({uri: 'http://aaa.com/'}); 4189 * gn = new KJUR.asn1.x509.GeneralName({other: { 4190 * oid: "1.2.3.4", 4191 * value: {utf8str: "example"} // any ASN.1 which passed to ASN1Util.newObject 4192 * }}); 4193 * 4194 * gn = new KJUR.asn1.x509.GeneralName({ldapdn: 'O=Test,C=US'}); // DEPRECATED 4195 * gn = new KJUR.asn1.x509.GeneralName({certissuer: certPEM}); // DEPRECATED 4196 * gn = new KJUR.asn1.x509.GeneralName({certsubj: certPEM}); // DEPRECATED 4197 */ 4198 KJUR.asn1.x509.GeneralName = function(params) { 4199 KJUR.asn1.x509.GeneralName.superclass.constructor.call(this); 4200 4201 var pTag = { rfc822: '81', dns: '82', dn: 'a4', 4202 uri: '86', ip: '87', otherName: 'a0'}, 4203 _KJUR = KJUR, 4204 _KJUR_asn1 = _KJUR.asn1, 4205 _KJUR_asn1_x509 = _KJUR_asn1.x509, 4206 _X500Name = _KJUR_asn1_x509.X500Name, 4207 _OtherName = _KJUR_asn1_x509.OtherName, 4208 _DERIA5String = _KJUR_asn1.DERIA5String, 4209 _DERPrintableString = _KJUR_asn1.DERPrintableString, 4210 _DEROctetString = _KJUR_asn1.DEROctetString, 4211 _DERTaggedObject = _KJUR_asn1.DERTaggedObject, 4212 _ASN1Object = _KJUR_asn1.ASN1Object, 4213 _Error = Error; 4214 4215 this.params = null; 4216 4217 this.setByParam = function(params) { 4218 this.params = params; 4219 }; 4220 4221 this.tohex = function() { 4222 var params = this.params; 4223 var hTag, explicitFlag, dObj; 4224 var explicitFlag = false; 4225 if (params.other !== undefined) { 4226 hTag = "a0", 4227 dObj = new _OtherName(params.other); 4228 } else if (params.rfc822 !== undefined) { 4229 hTag = "81"; 4230 dObj = new _DERIA5String({str: params.rfc822}); 4231 } else if (params.dns !== undefined) { 4232 hTag = "82"; 4233 dObj = new _DERIA5String({str: params.dns}); 4234 } else if (params.dn !== undefined) { 4235 hTag = "a4"; 4236 explicitFlag = true; 4237 if (typeof params.dn === "string") { 4238 dObj = new _X500Name({str: params.dn}); 4239 } else if (params.dn instanceof KJUR.asn1.x509.X500Name) { 4240 dObj = params.dn; 4241 } else { 4242 dObj = new _X500Name(params.dn); 4243 } 4244 } else if (params.ldapdn !== undefined) { 4245 hTag = "a4"; 4246 explicitFlag = true; 4247 dObj = new _X500Name({ldapstr: params.ldapdn}); 4248 } else if (params.certissuer !== undefined || 4249 params.certsubj !== undefined) { 4250 hTag = "a4"; 4251 explicitFlag = true; 4252 var isIssuer, certStr; 4253 var certHex = null; 4254 if (params.certsubj !== undefined) { 4255 isIssuer = false; 4256 certStr = params.certsubj; 4257 } else { 4258 isIssuer = true; 4259 certStr = params.certissuer; 4260 } 4261 4262 if (certStr.match(/^[0-9A-Fa-f]+$/)) { 4263 certHex == certStr; 4264 } 4265 if (certStr.indexOf("-----BEGIN ") != -1) { 4266 certHex = pemtohex(certStr); 4267 } 4268 if (certHex == null) 4269 throw new Error("certsubj/certissuer not cert"); 4270 4271 var x = new X509(); 4272 x.hex = certHex; 4273 4274 var hDN; 4275 if (isIssuer) { 4276 hDN = x.getIssuerHex(); 4277 } else { 4278 hDN = x.getSubjectHex(); 4279 } 4280 dObj = new _ASN1Object(); 4281 dObj.hTLV = hDN; 4282 } else if (params.uri !== undefined) { 4283 hTag = "86"; 4284 dObj = new _DERIA5String({str: params.uri}); 4285 } else if (params.ip !== undefined) { 4286 hTag = "87"; 4287 var hIP; 4288 var ip = params.ip; 4289 try { 4290 if (ip.match(/^[0-9a-f]+$/)) { 4291 var len = ip.length; 4292 if (len == 8 || len == 16 || len == 32 || len == 64) { 4293 hIP = ip; 4294 } else { 4295 throw "err"; 4296 } 4297 } else { 4298 hIP = iptohex(ip); 4299 } 4300 } catch(ex) { 4301 throw new _Error("malformed IP address: " + params.ip + ":" + ex.message); 4302 } 4303 dObj = new _DEROctetString({hex: hIP}); 4304 } else { 4305 throw new _Error("improper params"); 4306 } 4307 4308 var dTag = new _DERTaggedObject({tag: hTag, 4309 explicit: explicitFlag, 4310 obj: dObj}); 4311 return dTag.tohex(); 4312 }; 4313 this.getEncodedHex = function() { return this.tohex(); }; 4314 4315 if (params !== undefined) this.setByParam(params); 4316 }; 4317 extendClass(KJUR.asn1.x509.GeneralName, KJUR.asn1.ASN1Object); 4318 4319 /** 4320 * GeneralNames ASN.1 structure class<br/> 4321 * @name KJUR.asn1.x509.GeneralNames 4322 * @class GeneralNames ASN.1 structure class 4323 * @description 4324 * <br/> 4325 * <h4>EXAMPLE AND ASN.1 SYNTAX</h4> 4326 * @example 4327 * gns = new KJUR.asn1.x509.GeneralNames([{'uri': 'http://aaa.com/'}, {'uri': 'http://bbb.com/'}]); 4328 * 4329 * GeneralNames ::= SEQUENCE SIZE (1..MAX) OF GeneralName 4330 */ 4331 KJUR.asn1.x509.GeneralNames = function(paramsArray) { 4332 KJUR.asn1.x509.GeneralNames.superclass.constructor.call(this); 4333 var asn1Array = null, 4334 _KJUR = KJUR, 4335 _KJUR_asn1 = _KJUR.asn1; 4336 4337 /** 4338 * set a array of {@link KJUR.asn1.x509.GeneralName} parameters<br/> 4339 * @name setByParamArray 4340 * @memberOf KJUR.asn1.x509.GeneralNames# 4341 * @function 4342 * @param {Array} paramsArray Array of {@link KJUR.asn1.x509.GeneralNames} 4343 * @description 4344 * <br/> 4345 * <h4>EXAMPLES</h4> 4346 * @example 4347 * gns = new KJUR.asn1.x509.GeneralNames(); 4348 * gns.setByParamArray([{uri: 'http://aaa.com/'}, {uri: 'http://bbb.com/'}]); 4349 */ 4350 this.setByParamArray = function(paramsArray) { 4351 for (var i = 0; i < paramsArray.length; i++) { 4352 var o = new _KJUR_asn1.x509.GeneralName(paramsArray[i]); 4353 this.asn1Array.push(o); 4354 } 4355 }; 4356 4357 this.tohex = function() { 4358 var o = new _KJUR_asn1.DERSequence({'array': this.asn1Array}); 4359 return o.tohex(); 4360 }; 4361 this.getEncodedHex = function() { return this.tohex(); }; 4362 4363 this.asn1Array = new Array(); 4364 if (typeof paramsArray != "undefined") { 4365 this.setByParamArray(paramsArray); 4366 } 4367 }; 4368 extendClass(KJUR.asn1.x509.GeneralNames, KJUR.asn1.ASN1Object); 4369 4370 /** 4371 * OtherName of GeneralName ASN.1 structure class<br/> 4372 * @name KJUR.asn1.x509.OtherName 4373 * @class OtherName ASN.1 structure class 4374 * @since jsrsasign 10.5.3 asn1x509 2.1.12 4375 * @see KJUR.asn1.x509.GeneralName 4376 * @see KJUR.asn1.ASN1Util.newObject 4377 * 4378 * @description 4379 * This class is for OtherName of GeneralName ASN.1 structure. 4380 * Constructor has two members: 4381 * <ul> 4382 * <li>oid - oid string (ex. "1.2.3.4")</li> 4383 * <li>value - JSON object passed to ASN1Util.newObject or ASN1Object object</li> 4384 * </ul> 4385 * 4386 * <pre> 4387 * OtherName ::= SEQUENCE { 4388 * type-id OBJECT IDENTIFIER, 4389 * value [0] EXPLICIT ANY DEFINED BY type-id } 4390 * </pre> 4391 * 4392 * @example 4393 * new KJUR.asn1.x509.OtherName({ 4394 * oid: "1.2.3.4", 4395 * value: {prnstr: {str: "abc"}} 4396 * }) 4397 */ 4398 KJUR.asn1.x509.OtherName = function(params) { 4399 KJUR.asn1.x509.OtherName.superclass.constructor.call(this); 4400 4401 var asn1Obj = null, 4402 type = null, 4403 _KJUR = KJUR, 4404 _KJUR_asn1 = _KJUR.asn1, 4405 _DERObjectIdentifier = _KJUR_asn1.DERObjectIdentifier, 4406 _DERSequence = _KJUR_asn1.DERSequence, 4407 _newObject = _KJUR_asn1.ASN1Util.newObject; 4408 4409 this.params = null; 4410 4411 this.setByParam = function(params) { 4412 this.params = params; 4413 }; 4414 4415 this.tohex = function() { 4416 var params = this.params; 4417 4418 if (params.oid == undefined || params.value == undefined) 4419 throw new Error("oid or value not specified"); 4420 4421 var dOid = new _DERObjectIdentifier({oid: params.oid}); 4422 var dValue = _newObject({tag: {tag: "a0", 4423 explicit: true, 4424 obj: params.value}}); 4425 var dSeq = new _DERSequence({array: [dOid, dValue]}); 4426 4427 return dSeq.tohex(); 4428 }; 4429 this.getEncodedHex = function() { return this.tohex(); }; 4430 4431 if (params !== undefined) this.setByParam(params); 4432 }; 4433 extendClass(KJUR.asn1.x509.OtherName, KJUR.asn1.ASN1Object); 4434 4435 /** 4436 * static object for OID 4437 * @name KJUR.asn1.x509.OID 4438 * @class static object for OID 4439 * @property {Assoc Array} atype2oidList for short attribute type name and oid (ex. 'C' and '2.5.4.6') 4440 * @property {Assoc Array} name2oidList for oid name and oid (ex. 'keyUsage' and '2.5.29.15') 4441 * @property {Assoc Array} objCache for caching name and DERObjectIdentifier object 4442 * 4443 * @description 4444 * This class defines OID name and values. 4445 * AttributeType names registered in OID.atype2oidList are following: 4446 * <table style="border-width: thin; border-style: solid; witdh: 100%"> 4447 * <tr><th>short</th><th>long</th><th>OID</th></tr> 4448 * <tr><td>CN</td>commonName<td></td><td>2.5.4.3</td></tr> 4449 * <tr><td>L</td><td>localityName</td><td>2.5.4.7</td></tr> 4450 * <tr><td>ST</td><td>stateOrProvinceName</td><td>2.5.4.8</td></tr> 4451 * <tr><td>O</td><td>organizationName</td><td>2.5.4.10</td></tr> 4452 * <tr><td>OU</td><td>organizationalUnitName</td><td>2.5.4.11</td></tr> 4453 * <tr><td>C</td><td></td>countryName<td>2.5.4.6</td></tr> 4454 * <tr><td>STREET</td>streetAddress<td></td><td>2.5.4.6</td></tr> 4455 * <tr><td>DC</td><td>domainComponent</td><td>0.9.2342.19200300.100.1.25</td></tr> 4456 * <tr><td>UID</td><td>userId</td><td>0.9.2342.19200300.100.1.1</td></tr> 4457 * <tr><td>SN</td><td>surname</td><td>2.5.4.4</td></tr> 4458 * <tr><td>DN</td><td>distinguishedName</td><td>2.5.4.49</td></tr> 4459 * <tr><td>E</td><td>emailAddress</td><td>1.2.840.113549.1.9.1</td></tr> 4460 * <tr><td></td><td>businessCategory</td><td>2.5.4.15</td></tr> 4461 * <tr><td></td><td>postalCode</td><td>2.5.4.17</td></tr> 4462 * <tr><td></td><td>jurisdictionOfIncorporationL</td><td>1.3.6.1.4.1.311.60.2.1.1</td></tr> 4463 * <tr><td></td><td>jurisdictionOfIncorporationSP</td><td>1.3.6.1.4.1.311.60.2.1.2</td></tr> 4464 * <tr><td></td><td>jurisdictionOfIncorporationC</td><td>1.3.6.1.4.1.311.60.2.1.3</td></tr> 4465 * </table> 4466 * 4467 * @example 4468 */ 4469 KJUR.asn1.x509.OID = new function() { 4470 var _DERObjectIdentifier = KJUR.asn1.DERObjectIdentifier; 4471 4472 this.name2oidList = { 4473 'sha1': '1.3.14.3.2.26', 4474 'sha256': '2.16.840.1.101.3.4.2.1', 4475 'sha384': '2.16.840.1.101.3.4.2.2', 4476 'sha512': '2.16.840.1.101.3.4.2.3', 4477 'sha224': '2.16.840.1.101.3.4.2.4', 4478 'md5': '1.2.840.113549.2.5', 4479 'md2': '1.3.14.7.2.2.1', 4480 'ripemd160': '1.3.36.3.2.1', 4481 4482 'MD2withRSA': '1.2.840.113549.1.1.2', 4483 'MD4withRSA': '1.2.840.113549.1.1.3', 4484 'MD5withRSA': '1.2.840.113549.1.1.4', 4485 'SHA1withRSA': '1.2.840.113549.1.1.5', 4486 'pkcs1-MGF': '1.2.840.113549.1.1.8', 4487 'rsaPSS': '1.2.840.113549.1.1.10', 4488 'SHA224withRSA': '1.2.840.113549.1.1.14', 4489 'SHA256withRSA': '1.2.840.113549.1.1.11', 4490 'SHA384withRSA': '1.2.840.113549.1.1.12', 4491 'SHA512withRSA': '1.2.840.113549.1.1.13', 4492 4493 'SHA1withECDSA': '1.2.840.10045.4.1', 4494 'SHA224withECDSA': '1.2.840.10045.4.3.1', 4495 'SHA256withECDSA': '1.2.840.10045.4.3.2', 4496 'SHA384withECDSA': '1.2.840.10045.4.3.3', 4497 'SHA512withECDSA': '1.2.840.10045.4.3.4', 4498 4499 'dsa': '1.2.840.10040.4.1', 4500 'SHA1withDSA': '1.2.840.10040.4.3', 4501 'SHA224withDSA': '2.16.840.1.101.3.4.3.1', 4502 'SHA256withDSA': '2.16.840.1.101.3.4.3.2', 4503 4504 'rsaEncryption': '1.2.840.113549.1.1.1', 4505 4506 // X.500 AttributeType defined in RFC 4514 4507 'commonName': '2.5.4.3', 4508 'countryName': '2.5.4.6', 4509 'localityName': '2.5.4.7', 4510 'stateOrProvinceName': '2.5.4.8', 4511 'streetAddress': '2.5.4.9', 4512 'organizationName': '2.5.4.10', 4513 'organizationalUnitName': '2.5.4.11', 4514 'domainComponent': '0.9.2342.19200300.100.1.25', 4515 'userId': '0.9.2342.19200300.100.1.1', 4516 // other AttributeType name string 4517 'surname': '2.5.4.4', 4518 'givenName': '2.5.4.42', 4519 'title': '2.5.4.12', 4520 'distinguishedName': '2.5.4.49', 4521 'emailAddress': '1.2.840.113549.1.9.1', 4522 // other AttributeType name string (no short name) 4523 'description': '2.5.4.13', 4524 'businessCategory': '2.5.4.15', 4525 'postalCode': '2.5.4.17', 4526 'uniqueIdentifier': '2.5.4.45', 4527 'organizationIdentifier': '2.5.4.97', 4528 'jurisdictionOfIncorporationL': '1.3.6.1.4.1.311.60.2.1.1', 4529 'jurisdictionOfIncorporationSP':'1.3.6.1.4.1.311.60.2.1.2', 4530 'jurisdictionOfIncorporationC': '1.3.6.1.4.1.311.60.2.1.3', 4531 4532 'subjectDirectoryAttributes': '2.5.29.9', 4533 'subjectKeyIdentifier': '2.5.29.14', 4534 'keyUsage': '2.5.29.15', 4535 'subjectAltName': '2.5.29.17', 4536 'issuerAltName': '2.5.29.18', 4537 'basicConstraints': '2.5.29.19', 4538 'cRLNumber': '2.5.29.20', 4539 'cRLReason': '2.5.29.21', 4540 'nameConstraints': '2.5.29.30', 4541 'cRLDistributionPoints':'2.5.29.31', 4542 'certificatePolicies': '2.5.29.32', 4543 'anyPolicy': '2.5.29.32.0', 4544 'policyMappings': '2.5.29.33', 4545 'authorityKeyIdentifier':'2.5.29.35', 4546 'policyConstraints': '2.5.29.36', 4547 'extKeyUsage': '2.5.29.37', 4548 'inhibitAnyPolicy': '2.5.29.54', 4549 'authorityInfoAccess': '1.3.6.1.5.5.7.1.1', 4550 'ocsp': '1.3.6.1.5.5.7.48.1', 4551 'ocspBasic': '1.3.6.1.5.5.7.48.1.1', 4552 'ocspNonce': '1.3.6.1.5.5.7.48.1.2', 4553 'ocspNoCheck': '1.3.6.1.5.5.7.48.1.5', 4554 'caIssuers': '1.3.6.1.5.5.7.48.2', 4555 4556 'anyExtendedKeyUsage': '2.5.29.37.0', 4557 'serverAuth': '1.3.6.1.5.5.7.3.1', 4558 'clientAuth': '1.3.6.1.5.5.7.3.2', 4559 'codeSigning': '1.3.6.1.5.5.7.3.3', 4560 'emailProtection': '1.3.6.1.5.5.7.3.4', 4561 'timeStamping': '1.3.6.1.5.5.7.3.8', 4562 'ocspSigning': '1.3.6.1.5.5.7.3.9', 4563 4564 // 'otherNameForms': '1.3.6.1.5.5.7.8', 4565 'smtpUTF8Mailbox': '1.3.6.1.5.5.7.8.9', 4566 4567 'dateOfBirth': '1.3.6.1.5.5.7.9.1', 4568 'placeOfBirth': '1.3.6.1.5.5.7.9.2', 4569 'gender': '1.3.6.1.5.5.7.9.3', 4570 'countryOfCitizenship': '1.3.6.1.5.5.7.9.4', 4571 'countryOfResidence': '1.3.6.1.5.5.7.9.5', 4572 4573 'ecPublicKey': '1.2.840.10045.2.1', 4574 'P-256': '1.2.840.10045.3.1.7', 4575 'secp256r1': '1.2.840.10045.3.1.7', 4576 'secp256k1': '1.3.132.0.10', 4577 'secp384r1': '1.3.132.0.34', 4578 'secp521r1': '1.3.132.0.35', 4579 4580 'pkcs5PBES2': '1.2.840.113549.1.5.13', 4581 'pkcs5PBKDF2': '1.2.840.113549.1.5.12', 4582 4583 'des-EDE3-CBC': '1.2.840.113549.3.7', 4584 4585 'data': '1.2.840.113549.1.7.1', // CMS data 4586 'signed-data': '1.2.840.113549.1.7.2', // CMS signed-data 4587 'enveloped-data': '1.2.840.113549.1.7.3', // CMS enveloped-data 4588 'digested-data': '1.2.840.113549.1.7.5', // CMS digested-data 4589 'encrypted-data': '1.2.840.113549.1.7.6', // CMS encrypted-data 4590 'authenticated-data': '1.2.840.113549.1.9.16.1.2', // CMS authenticated-data 4591 'tstinfo': '1.2.840.113549.1.9.16.1.4', // RFC3161 TSTInfo 4592 'signingCertificate': '1.2.840.113549.1.9.16.2.12',// SMIME 4593 'timeStampToken': '1.2.840.113549.1.9.16.2.14',// sigTS 4594 'signaturePolicyIdentifier': '1.2.840.113549.1.9.16.2.15',// cades 4595 'etsArchiveTimeStamp': '1.2.840.113549.1.9.16.2.27',// SMIME 4596 'signingCertificateV2': '1.2.840.113549.1.9.16.2.47',// SMIME 4597 'etsArchiveTimeStampV2':'1.2.840.113549.1.9.16.2.48',// SMIME 4598 'extensionRequest': '1.2.840.113549.1.9.14',// CSR extensionRequest 4599 'contentType': '1.2.840.113549.1.9.3',//PKCS#9 4600 'messageDigest': '1.2.840.113549.1.9.4',//PKCS#9 4601 'signingTime': '1.2.840.113549.1.9.5',//PKCS#9 4602 'counterSignature': '1.2.840.113549.1.9.6',//PKCS#9 4603 'archiveTimeStampV3': '0.4.0.1733.2.4',//ETSI EN29319122/TS101733 4604 'pdfRevocationInfoArchival':'1.2.840.113583.1.1.8', //Adobe 4605 'adobeTimeStamp': '1.2.840.113583.1.1.9.1', // Adobe 4606 }; 4607 4608 this.atype2oidList = { 4609 // RFC 4514 AttributeType name string (MUST recognized) 4610 'CN': '2.5.4.3', 4611 'L': '2.5.4.7', 4612 'ST': '2.5.4.8', 4613 'O': '2.5.4.10', 4614 'OU': '2.5.4.11', 4615 'C': '2.5.4.6', 4616 'STREET': '2.5.4.9', 4617 'DC': '0.9.2342.19200300.100.1.25', 4618 'UID': '0.9.2342.19200300.100.1.1', 4619 // other AttributeType name string 4620 // http://blog.livedoor.jp/k_urushima/archives/656114.html 4621 'SN': '2.5.4.4', // surname 4622 'T': '2.5.4.12', // title 4623 'DN': '2.5.4.49', // distinguishedName 4624 'E': '1.2.840.113549.1.9.1', // emailAddress in MS.NET or Bouncy 4625 // other AttributeType name string (no short name) 4626 'description': '2.5.4.13', 4627 'businessCategory': '2.5.4.15', 4628 'postalCode': '2.5.4.17', 4629 'serialNumber': '2.5.4.5', 4630 'uniqueIdentifier': '2.5.4.45', 4631 'organizationIdentifier': '2.5.4.97', 4632 'jurisdictionOfIncorporationL': '1.3.6.1.4.1.311.60.2.1.1', 4633 'jurisdictionOfIncorporationSP':'1.3.6.1.4.1.311.60.2.1.2', 4634 'jurisdictionOfIncorporationC': '1.3.6.1.4.1.311.60.2.1.3' 4635 }; 4636 4637 this.objCache = {}; 4638 4639 /** 4640 * get DERObjectIdentifier by registered OID name 4641 * @name name2obj 4642 * @memberOf KJUR.asn1.x509.OID 4643 * @function 4644 * @param {String} name OID 4645 * @return {Object} DERObjectIdentifier instance 4646 * @see KJUR.asn1.DERObjectIdentifier 4647 * 4648 * @description 4649 * This static method returns DERObjectIdentifier object 4650 * for the specified OID. 4651 * 4652 * @example 4653 * var asn1ObjOID = KJUR.asn1.x509.OID.name2obj('SHA1withRSA'); 4654 */ 4655 this.name2obj = function(name) { 4656 if (typeof this.objCache[name] != "undefined") 4657 return this.objCache[name]; 4658 if (typeof this.name2oidList[name] == "undefined") 4659 throw "Name of ObjectIdentifier not defined: " + name; 4660 var oid = this.name2oidList[name]; 4661 var obj = new _DERObjectIdentifier({'oid': oid}); 4662 this.objCache[name] = obj; 4663 return obj; 4664 }; 4665 4666 /** 4667 * get DERObjectIdentifier by registered attribute type name such like 'C' or 'CN'<br/> 4668 * @name atype2obj 4669 * @memberOf KJUR.asn1.x509.OID 4670 * @function 4671 * @param {String} atype short attribute type name such like 'C', 'CN' or OID 4672 * @return KJUR.asn1.DERObjectIdentifier instance 4673 * @description 4674 * @example 4675 * KJUR.asn1.x509.OID.atype2obj('CN') → DERObjectIdentifier of 2.5.4.3 4676 * KJUR.asn1.x509.OID.atype2obj('OU') → DERObjectIdentifier of 2.5.4.11 4677 * KJUR.asn1.x509.OID.atype2obj('streetAddress') → DERObjectIdentifier of 2.5.4.9 4678 * KJUR.asn1.x509.OID.atype2obj('2.5.4.9') → DERObjectIdentifier of 2.5.4.9 4679 */ 4680 this.atype2obj = function(atype) { 4681 if (this.objCache[atype] !== undefined) 4682 return this.objCache[atype]; 4683 4684 var oid; 4685 4686 if (atype.match(/^\d+\.\d+\.[0-9.]+$/)) { 4687 oid = atype; 4688 } else if (this.atype2oidList[atype] !== undefined) { 4689 oid = this.atype2oidList[atype]; 4690 } else if (this.name2oidList[atype] !== undefined) { 4691 oid = this.name2oidList[atype]; 4692 } else { 4693 throw new Error("AttributeType name undefined: " + atype); 4694 } 4695 var obj = new _DERObjectIdentifier({'oid': oid}); 4696 this.objCache[atype] = obj; 4697 return obj; 4698 }; 4699 4700 /** 4701 * register OID list<br/> 4702 * @name registerOIDs 4703 * @memberOf KJUR.asn1.x509.OID 4704 * @function 4705 * @param {object} oids associative array of names and oids 4706 * @since jsrsasign 10.5.2 asn1x509 2.1.11 4707 * @see KJUR.asn1.x509.OID.checkOIDs 4708 * 4709 * @description 4710 * This static method to register an oids to existing list 4711 * additionally. 4712 * 4713 * @example 4714 * KJUR.asn1.x509.OID.checkOIDs({ 4715 * "test1": "4.5.7.8" 4716 * }) // do nothing for invalid list 4717 * 4718 * KJUR.asn1.x509.OID.registerOIDs({ 4719 * "test1": "1.2.3", 4720 * "test2": "0.2.3.4.23", 4721 * }) // successfully registered 4722 * 4723 * KJUR.asn1.x509.OID.name2oid("test1") → "1.2.3" 4724 */ 4725 this.registerOIDs = function(oids) { 4726 if (! this.checkOIDs(oids)) return; 4727 for (var name in oids) { 4728 this.name2oidList[name] = oids[name]; 4729 } 4730 }; 4731 4732 /** 4733 * check validity for OID list<br/> 4734 * @name checkOIDs 4735 * @memberOf KJUR.asn1.x509.OID 4736 * @function 4737 * @param {object} oids associative array of names and oids 4738 * @return {boolean} return true when valid OID list otherwise false 4739 * @since jsrsasign 10.5.2 asn1x509 2.1.11 4740 * @see KJUR.asn1.x509.OID.registOIDs 4741 * 4742 * @description 4743 * This static method validates an associative array 4744 * as oid list. 4745 * 4746 * @example 4747 * KJUR.asn1.x509.OID.checkOIDs(*non-assoc-array*) → false 4748 * KJUR.asn1.x509.OID.checkOIDs({}) → false 4749 * KJUR.asn1.x509.OID.checkOIDs({"test1": "apple"}) → false 4750 * KJUR.asn1.x509.OID.checkOIDs({ 4751 * "test1": "1.2.3", 4752 * "test2": "0.2.3.4.23", 4753 * }) → true // valid oids 4754 * KJUR.asn1.x509.OID.checkOIDs({ 4755 * "test1": "4.5.7.8" 4756 * }) → false // invalid oid 4757 */ 4758 this.checkOIDs = function(oids) { 4759 try { 4760 var nameList = Object.keys(oids); 4761 if (nameList.length == 0) 4762 return false; 4763 nameList.map(function(value, index, array) { 4764 var oid = this[value]; 4765 if (! oid.match(/^[0-2]\.[0-9.]+$/)) 4766 throw new Error("value is not OID"); 4767 }, oids); 4768 return true; 4769 } catch(ex) { 4770 return false; 4771 } 4772 }; 4773 4774 4775 }; 4776 4777 /** 4778 * convert OID to name<br/> 4779 * @name oid2name 4780 * @memberOf KJUR.asn1.x509.OID 4781 * @function 4782 * @param {String} oid dot noted Object Identifer string (ex. 1.2.3.4) 4783 * @return {String} OID name if registered otherwise empty string 4784 * @since asn1x509 1.0.9 4785 * @description 4786 * This static method converts OID string to its name. 4787 * If OID is undefined then it returns empty string (i.e. ''). 4788 * @example 4789 * KJUR.asn1.x509.OID.oid2name("1.3.6.1.5.5.7.1.1") → 'authorityInfoAccess' 4790 */ 4791 KJUR.asn1.x509.OID.oid2name = function(oid) { 4792 var list = KJUR.asn1.x509.OID.name2oidList; 4793 for (var name in list) { 4794 if (list[name] == oid) return name; 4795 } 4796 return ''; 4797 }; 4798 4799 /** 4800 * convert OID to AttributeType name<br/> 4801 * @name oid2atype 4802 * @memberOf KJUR.asn1.x509.OID 4803 * @function 4804 * @param {String} oid dot noted Object Identifer string (ex. 1.2.3.4) 4805 * @return {String} OID AttributeType name if registered otherwise oid 4806 * @since jsrsasign 6.2.2 asn1x509 1.0.18 4807 * @description 4808 * This static method converts OID string to its AttributeType name. 4809 * If OID is not defined in OID.atype2oidList associative array then it returns OID 4810 * specified as argument. 4811 * @example 4812 * KJUR.asn1.x509.OID.oid2atype("2.5.4.3") → CN 4813 * KJUR.asn1.x509.OID.oid2atype("1.3.6.1.4.1.311.60.2.1.3") → jurisdictionOfIncorporationC 4814 * KJUR.asn1.x509.OID.oid2atype("0.1.2.3.4") → 0.1.2.3.4 // unregistered OID 4815 */ 4816 KJUR.asn1.x509.OID.oid2atype = function(oid) { 4817 var list = KJUR.asn1.x509.OID.atype2oidList; 4818 for (var atype in list) { 4819 if (list[atype] == oid) return atype; 4820 } 4821 return oid; 4822 }; 4823 4824 /** 4825 * convert OID name to OID value<br/> 4826 * @name name2oid 4827 * @memberOf KJUR.asn1.x509.OID 4828 * @function 4829 * @param {String} name OID name or OID (ex. "sha1" or "1.2.3.4") 4830 * @return {String} dot noted Object Identifer string (ex. 1.2.3.4) 4831 * @since asn1x509 1.0.11 4832 * @description 4833 * This static method converts from OID name to OID string. 4834 * If OID is undefined then it returns empty string (i.e. ''). 4835 * @example 4836 * KJUR.asn1.x509.OID.name2oid("authorityInfoAccess") → "1.3.6.1.5.5.7.1.1" 4837 * KJUR.asn1.x509.OID.name2oid("1.2.3.4") → "1.2.3.4" 4838 * KJUR.asn1.x509.OID.name2oid("UNKNOWN NAME") → "" 4839 */ 4840 KJUR.asn1.x509.OID.name2oid = function(name) { 4841 if (name.match(/^[0-9.]+$/)) return name; 4842 var list = KJUR.asn1.x509.OID.name2oidList; 4843 if (list[name] === undefined) return ''; 4844 return list[name]; 4845 }; 4846 4847 /** 4848 * X.509 certificate and CRL utilities class<br/> 4849 * @name KJUR.asn1.x509.X509Util 4850 * @class X.509 certificate and CRL utilities class 4851 */ 4852 KJUR.asn1.x509.X509Util = {}; 4853 4854 /** 4855 * issue a certificate in PEM format (DEPRECATED) 4856 * @name newCertPEM 4857 * @memberOf KJUR.asn1.x509.X509Util 4858 * @function 4859 * @param {Array} param JSON object of parameter to issue a certificate 4860 * @since asn1x509 1.0.6 4861 * @deprecated since jsrsasign 9.0.0 asn1x509 2.0.0. please move to {@link KJUR.asn1.x509.Certificate} constructor 4862 * @description 4863 * This method can issue a certificate by a simple 4864 * JSON object. 4865 * Signature value will be provided by signing with 4866 * private key using 'cakey' parameter or 4867 * hexadecimal signature value by 'sighex' parameter. 4868 * <br/> 4869 * NOTE: Algorithm parameter of AlgorithmIdentifier will 4870 * be set automatically by default. 4871 * (see {@link KJUR.asn1.x509.AlgorithmIdentifier}) 4872 * from jsrsasign 7.1.1 asn1x509 1.0.20. 4873 * <br/> 4874 * NOTE2: 4875 * RSA-PSS algorithm has been supported from jsrsasign 8.0.21. 4876 * As for RSA-PSS signature algorithm names and signing parameters 4877 * such as MGF function and salt length, please see 4878 * {@link KJUR.asn1.x509.AlgorithmIdentifier} class. 4879 * 4880 * @example 4881 * var certPEM = KJUR.asn1.x509.X509Util.newCertPEM({ 4882 * serial: {int: 4}, 4883 * sigalg: {name: 'SHA1withECDSA'}, 4884 * issuer: {str: '/C=US/O=a'}, 4885 * notbefore: {'str': '130504235959Z'}, 4886 * notafter: {'str': '140504235959Z'}, 4887 * subject: {str: '/C=US/O=b'}, 4888 * sbjpubkey: pubKeyObj, 4889 * ext: [ 4890 * {basicConstraints: {cA: true, critical: true}}, 4891 * {keyUsage: {bin: '11'}}, 4892 * ], 4893 * cakey: prvKeyObj 4894 * }); 4895 * // -- or -- 4896 * var certPEM = KJUR.asn1.x509.X509Util.newCertPEM({ 4897 * serial: {int: 4}, 4898 * sigalg: {name: 'SHA1withECDSA'}, 4899 * issuer: {str: '/C=US/O=a'}, 4900 * notbefore: {'str': '130504235959Z'}, 4901 * notafter: {'str': '140504235959Z'}, 4902 * subject: {str: '/C=US/O=b'}, 4903 * sbjpubkey: pubKeyPEM, 4904 * ext: [ 4905 * {basicConstraints: {cA: true, critical: true}}, 4906 * {keyUsage: {bin: '11'}}, 4907 * ], 4908 * cakey: [prvkey, pass]} 4909 * ); 4910 * // -- or -- 4911 * var certPEM = KJUR.asn1.x509.X509Util.newCertPEM({ 4912 * serial: {int: 1}, 4913 * sigalg: {name: 'SHA1withRSA'}, 4914 * issuer: {str: '/C=US/O=T1'}, 4915 * notbefore: {'str': '130504235959Z'}, 4916 * notafter: {'str': '140504235959Z'}, 4917 * subject: {str: '/C=US/O=T1'}, 4918 * sbjpubkey: pubKeyObj, 4919 * sighex: '0102030405..' 4920 * }); 4921 * // for the issuer and subject field, another 4922 * // representation is also available 4923 * var certPEM = KJUR.asn1.x509.X509Util.newCertPEM({ 4924 * serial: {int: 1}, 4925 * sigalg: {name: 'SHA256withRSA'}, 4926 * issuer: {C: "US", O: "T1"}, 4927 * notbefore: {'str': '130504235959Z'}, 4928 * notafter: {'str': '140504235959Z'}, 4929 * subject: {C: "US", O: "T1", CN: "http://example.com/"}, 4930 * sbjpubkey: pubKeyObj, 4931 * sighex: '0102030405..' 4932 * }); 4933 */ 4934 KJUR.asn1.x509.X509Util.newCertPEM = function(param) { 4935 var _KJUR_asn1_x509 = KJUR.asn1.x509, 4936 _TBSCertificate = _KJUR_asn1_x509.TBSCertificate, 4937 _Certificate = _KJUR_asn1_x509.Certificate; 4938 var cert = new _Certificate(param); 4939 return cert.getPEM(); 4940 }; 4941 4942