From 38ff72ed1946135c76a72bf11d57b62dfa5b16bc Mon Sep 17 00:00:00 2001 From: Kenji Urushima Date: Sat, 24 Oct 2020 01:34:58 +0900 Subject: [PATCH] 10.0.4 release --- ChangeLog.txt | 10 + Makefile | 5 +- README.md | 2 +- api/files.html | 4 +- api/symbols/X509.html | 250 ++++++++ api/symbols/global__.html | 279 +++++++++ api/symbols/src/nodeutil-1.0.js.html | 244 +++++--- api/symbols/src/x509-1.1.js.html | 842 +++++++++++++++------------ bower.json | 2 +- jsrsasign-all-min.js | 4 +- jsrsasign-jwths-min.js | 2 +- jsrsasign-rsa-min.js | 2 +- min/nodeutil-1.0.min.js | 4 +- min/x509-1.1.min.js | 2 +- npm/README.md | 2 +- npm/lib/jsrsasign-all-min.js | 4 +- npm/lib/jsrsasign-jwths-min.js | 2 +- npm/lib/jsrsasign-rsa-min.js | 2 +- npm/lib/jsrsasign.js | 4 +- npm/package.json | 2 +- npm_util/lib/footer.js | 4 + npm_util/lib/header.js | 2 +- npm_util/lib/jsrsasign-util.js | 10 +- npm_util/package.json | 52 +- src/nodeutil-1.0.js | 100 +++- src/x509-1.1.js | 122 +++- test/qunit-do-x509-param.html | 91 +++ 27 files changed, 1541 insertions(+), 508 deletions(-) diff --git a/ChangeLog.txt b/ChangeLog.txt index 7cfb8d77..f14cb5a1 100755 --- a/ChangeLog.txt +++ b/ChangeLog.txt @@ -1,6 +1,16 @@ ChangeLog for jsrsasign +add methods to modify some extenstion parameters +* Changes from 10.0.3 to 10.0.4 (2020-Oct-23) + - src/x509.js + - add X509.updateExt{CDPFullURI,AIAOCSP,AIACAIssuer} method + - src/nodeutil.js + - add read{JSON,JSONC},saveJSON,printJSON method added + - jrsasign-util npm package updated + - test/qunit-do-x509-param.html + - updated to follow above + add findExt method in X509 class * Changes from 10.0.2 to 10.0.3 (2020-Oct-21) - src/x509.js diff --git a/Makefile b/Makefile index 71142eaa..9ee2613c 100644 --- a/Makefile +++ b/Makefile @@ -20,7 +20,8 @@ FILES_MIN = \ min/x509-1.1.min.js \ min/jws-3.3.min.js \ min/jwsjs-2.0.min.js \ - min/x509crl.min.js + min/x509crl.min.js \ + min/nodeutil-1.0.min.js FILES_EXT_MIN = \ ext/ec-min.js \ @@ -43,7 +44,7 @@ gitadd-all-doc: git add api/*.html api/symbols/*.html api/symbols/src/*.html gitadd-release: - git add ChangeLog.txt Makefile bower.json jsrsasign-*-min.js min/*.js src/*.js npm/package.json npm/lib/jsrsasign*.js npm/lib/{header,footer,lib}.js src/*.js test/qunit-do-*.html README.md npm/README.md tool/*.html + git add ChangeLog.txt Makefile bower.json jsrsasign-*-min.js min/*.js src/*.js npm/package.json npm/lib/jsrsasign*.js npm/lib/{header,footer,lib}.js src/*.js test/qunit-do-*.html README.md npm/README.md tool/*.html npm_util/*.* npm_util/lib/*.* gitadd: gitadd-all-doc gitadd-release @echo done \ No newline at end of file diff --git a/README.md b/README.md index 90a7e4e6..5ba93ace 100755 --- a/README.md +++ b/README.md @@ -33,7 +33,7 @@ HIGHLIGHTS - no dependency to other library - no dependency to [W3C Web Cryptography API](https://www.w3.org/TR/WebCryptoAPI/) nor [OpenSSL](https://www.openssl.org/) - no dependency on newer ECMAScirpt function. So old browsers also supported. -- very popular crypto library with [0.6M+ npm downloads/month](https://npm-stat.com/charts.html?package=jsrsasign&from=2016-05-01&to=2020-10-11) +- very popular crypto library with [0.6M+ npm downloads/month](https://npm-stat.com/charts.html?package=jsrsasign&from=2016-05-01&to=2020-10-20) INSTALL ------- diff --git a/api/files.html b/api/files.html index 421d13b5..cdfac1fb 100644 --- a/api/files.html +++ b/api/files.html @@ -821,7 +821,7 @@

nodeutil-1.0.js

Version:
-
1.0.0 (2015-Nov-11)
+
jsrsasign-util 1.0.1 nodeutil 1.0.1 (2020-Oct-23)
@@ -878,7 +878,7 @@

x509-1.1.js

Version:
-
jsrsasign 10.0.3 x509 2.0.7 (2020-Oct-21)
+
jsrsasign 10.0.4 x509 2.0.8 (2020-Oct-23)
diff --git a/api/symbols/X509.html b/api/symbols/X509.html index e70706b3..6c3db99e 100644 --- a/api/symbols/X509.html +++ b/api/symbols/X509.html @@ -1321,6 +1321,41 @@

+ +   + +
updateAIACAIssuer(aExt, newURI) +
+
update authorityInfoAccess caIssuer in parameter
+This method updates "caIssuer" accessMethod URI of +AuthorityInfoAccess extension +in the extension parameter array if it exists.
+ + + + +   + +
updateAIAOCSP(aExt, newURI) +
+
update authorityInfoAccess ocsp in parameter
+This method updates "ocsp" accessMethod URI of +AuthorityInfoAccess extension +in the extension parameter array if it exists.
+ + + + +   + +
updateCDPFullURI(aExt, newURI) +
+
update CRLDistributionPoints Full URI in parameter
+This method updates Full URI of CRLDistributionPoints extension +in the extension parameter array if it exists.
+ + +   @@ -5774,6 +5809,221 @@

+
+ + +
+ + + updateAIACAIssuer(aExt, newURI) + +
+
+ update authorityInfoAccess caIssuer in parameter
+This method updates "caIssuer" accessMethod URI of +AuthorityInfoAccess extension +in the extension parameter array if it exists. + + +
+ + + + 
aExt = [
+  {extname:"authorityKeyIdentifier",kid:{hex:"12ab..."}},
+  {extname:"authoriyInfoAccess",
+   array:[
+     {ocsp: "http://ocsp1.example.com"},
+     {caissuer: "http://example.com/a.crt"}
+   ]}
+];
+x = new X509();
+x.updateAIACAIssuer(aExt, "http://example.net/b.crt");
+ + + + +
+
Parameters:
+ +
+ {Array} aExt + +
+
array of extension parameters
+ +
+ {String} newURI + +
+
string of new uri
+ +
+ + + +
+
Since:
+
jsrsasign 10.0.4 x509 2.0.8
+
+ + + + + + +
+
See:
+ +
X509#findExt
+ +
KJUR.asn1.x509.AuthorityInfoAccess
+ +
+ + +
+ + +
+ + + updateAIAOCSP(aExt, newURI) + +
+
+ update authorityInfoAccess ocsp in parameter
+This method updates "ocsp" accessMethod URI of +AuthorityInfoAccess extension +in the extension parameter array if it exists. + + +
+ + + + 
aExt = [
+  {extname:"authorityKeyIdentifier",kid:{hex:"12ab..."}},
+  {extname:"authoriyInfoAccess",
+   array:[
+     {ocsp: "http://ocsp1.example.com"},
+     {caissuer: "http://example.com/a.crt"}
+   ]}
+];
+x = new X509();
+x.updateAIAOCSP(aExt, "http://ocsp2.example.net");
+ + + + +
+
Parameters:
+ +
+ {Array} aExt + +
+
array of extension parameters
+ +
+ {String} newURI + +
+
string of new uri
+ +
+ + + +
+
Since:
+
jsrsasign 10.0.4 x509 2.0.8
+
+ + + + + + +
+
See:
+ +
X509#findExt
+ +
KJUR.asn1.x509.AuthorityInfoAccess
+ +
+ + +
+ + +
+ + + updateCDPFullURI(aExt, newURI) + +
+
+ update CRLDistributionPoints Full URI in parameter
+This method updates Full URI of CRLDistributionPoints extension +in the extension parameter array if it exists. + + +
+ + + + 
aExt = [
+  {extname:"authorityKeyIdentifier",kid:{hex:"12ab..."}},
+  {extname:"cRLDistributionPoints",
+          array:[{dpname:{full:[{uri:"http://example.com/a.crl"}]}}]},
+];
+x = new X509();
+x.updateCDPFullURI(aExt, "http://crl2.example.new/b.crl");
+ + + + +
+
Parameters:
+ +
+ {Array} aExt + +
+
array of extension parameters
+ +
+ {String} newURI + +
+
string of new uri
+ +
+ + + +
+
Since:
+
jsrsasign 10.0.4 x509 2.0.8
+
+ + + + + + +
+
See:
+ +
X509#findExt
+ +
KJUR.asn1.x509.CRLDistributionPoints
+ +
+ +
diff --git a/api/symbols/global__.html b/api/symbols/global__.html index 2ed02e9b..20de5551 100644 --- a/api/symbols/global__.html +++ b/api/symbols/global__.html @@ -832,6 +832,16 @@

+ +   + +
printJSON(json, prefix) +
+
output JSON object to console +This method writes JSON object to console.
+ + +   @@ -862,6 +872,26 @@

+ +   + +
readJSON(JSON) +
+
read JSON file and return its JSON object +This function only works in Node.js.
+ + + + +   + +
readJSONC(JSONC) +
+
read JSONC file and return its JSON object +This method read JSONC (i.e.
+ + +   @@ -891,6 +921,16 @@

+ +   + +
saveFileJSON(jsonFile, json) +
+
save JSON object as file +This method saves JSON object as a file.
+ + +   @@ -2675,6 +2715,69 @@

+
+ + +
+ + + printJSON(json, prefix) + +
+
+ output JSON object to console +This method writes JSON object to console. +This function only works in Node.js. + +
+ Defined in: nodeutil-1.0.js. + + +
+ + + + 
var rsu = require("jsrsasign-util");
+var obj = {aaa: "bbb", "ccc": 123};
+rsu.printJSON(obj, "obj = ") →
+obj = {
+  "aaa": "bbb",
+  "ccc": 123
+}
+ + + + +
+
Parameters:
+ +
+ {Object} json + +
+
JSON object to print out
+ +
+ {Object} prefix + +
+
prefix string (OPTION)
+ +
+ + + +
+
Since:
+
jsrsasign-util 1.0.1 nodeutil 1.0.1
+
+ + + + + + +
@@ -2816,6 +2919,124 @@

+
+ + +
+ + {Object} + readJSON(JSON) + +
+
+ read JSON file and return its JSON object +This function only works in Node.js. + +
+ Defined in: nodeutil-1.0.js. + + +
+ + + + 
var rsu = require("jsrsasign-util");
+rsu.readJSON("aaa.json") → JSON object
+ + + + +
+
Parameters:
+ +
+ {String} JSON + +
+
file name to be read
+ +
+ + + +
+
Since:
+
jsrsasign-util 1.0.1 nodeutil 1.0.1
+
+ + + + +
+
Returns:
+ +
{Object} JSON object or array of file contents
+ +
+ + + + +
+ + +
+ + {Object} + readJSONC(JSONC) + +
+
+ read JSONC file and return its JSON object +This method read JSONC (i.e. JSON with comments) file +and returns JSON object. +This function only works in Node.js. + +
+ Defined in: nodeutil-1.0.js. + + +
+ + + + 
var rsu = require("jsrsasign-util");
+rsu.readJSONC("aaa.jsonc") → JSON object
+ + + + +
+
Parameters:
+ +
+ {String} JSONC + +
+
file name to be read
+ +
+ + + +
+
Since:
+
jsrsasign-util 1.0.1 nodeutil 1.0.1
+
+ + + + +
+
Returns:
+ +
{Object} JSON object or array of file contents
+ +
+ + + +
@@ -2964,6 +3185,64 @@

+
+ + +
+ + + saveFileJSON(jsonFile, json) + +
+
+ save JSON object as file +This method saves JSON object as a file. +This function only works in Node.js. + +
+ Defined in: nodeutil-1.0.js. + + +
+ + + + 
var rsu = require("jsrsasign-util");
+rsu.saveJSONC("aaa.jsonc", json);
+ + + + +
+
Parameters:
+ +
+ {Object} jsonFile + +
+
output JSON file name
+ +
+ {Object} json + +
+
JSON object to save
+ +
+ + + +
+
Since:
+
jsrsasign-util 1.0.1 nodeutil 1.0.1
+
+ + + + + + +
diff --git a/api/symbols/src/nodeutil-1.0.js.html b/api/symbols/src/nodeutil-1.0.js.html index d9aa5d93..080e37f7 100644 --- a/api/symbols/src/nodeutil-1.0.js.html +++ b/api/symbols/src/nodeutil-1.0.js.html @@ -5,90 +5,170 @@ .STRN {color: #393;} .REGX {color: #339;} .line {border-right: 1px dotted #666; color: #666; font-style: normal;} - 
  1 /* nodeutil-1.0.0 (c) 2015 Kenji Urushima | kjur.github.com/jsrsasign/license
+	
  1 /* nodeutil-1.0.1 (c) 2015-2020 Kenji Urushima | kjur.github.com/jsrsasign/license
   2  */
   3 /*
   4  * nodeutil.js - Utilities for Node
   5  *
-  6  * version: 1.0.0 (2015 Nov 11)
+  6  * Copyright (c) 2015-2020 Kenji Urushima (kenji.urushima@gmail.com)
   7  *
-  8  * Copyright (c) 2015 Kenji Urushima (kenji.urushima@gmail.com)
-  9  *
- 10  * This software is licensed under the terms of the MIT License.
- 11  * https://kjur.github.io/jsrsasign/license/
- 12  *
- 13  * The above copyright and license notice shall be 
- 14  * included in all copies or substantial portions of the Software.
- 15  */
- 16 
- 17 /**
- 18  * @fileOverview
- 19  * @name nodeutil-1.0.js
- 20  * @author Kenji Urushima kenji.urushima@gmail.com
- 21  * @version 1.0.0 (2015-Nov-11)
- 22  * @since jsrsasign 5.0.2
- 23  * @license <a href="https://kjur.github.io/jsrsasign/license/">MIT License</a>
- 24  */
- 25 
- 26 /**
- 27  * read file and return file contents as utf-8 string
- 28  * @param {String} utf8File file name to be read
- 29  * @return {String} utf-8 string of file contents
- 30  * @description
- 31  * This function only works in Node.js.
- 32  */
- 33 function readFileUTF8(utf8File) {
- 34     return require('fs').readFileSync(utf8File, 'utf8');
- 35 }
- 36 
- 37 /**
- 38  * read binary file and return file contents as hexadecimal string
- 39  * @param {String} binFile file name to be read
- 40  * @return {String} hexadecimal string of file contents
- 41  * @description
- 42  * This function only works in Node.js.
- 43  */
- 44 function readFileHexByBin(binFile) {
- 45     var rs = require('jsrsasign');
- 46     var fs = require('fs');
- 47     return rs.rstrtohex(fs.readFileSync(binFile, 'binary'));
- 48 }
- 49 
- 50 /**
- 51  * read file and return file contents
- 52  * @param {String} binFile file name to be read
- 53  * @return {String} raw string of file contents
- 54  * @description
- 55  * This function only works in Node.js.
- 56  */
- 57 function readFile(binFile) {
- 58     var fs = require('fs');
- 59     return fs.readFileSync(binFile, 'binary');
- 60 }
- 61 
- 62 /**
- 63  * save raw string to file
- 64  * @param {String} binFile file name to save contents.
- 65  * @param {String} rawString string contents to be saved.
- 66  * @description
- 67  * This function only works in Node.js.
- 68  */
- 69 function saveFile(binFile, rawString) {
- 70     var fs = require('fs');
- 71     fs.writeFileSync(binFile, rawString, 'binary');
- 72 }
- 73 
- 74 /**
- 75  * save data represented by hexadecimal string to file
- 76  * @param {String} binFile file name to save contents.
- 77  * @param {String} hexString hexadecimal string to be saved.
- 78  * @description
- 79  * This function only works in Node.js.
- 80  */
- 81 function saveFileBinByHex(binFile, hexString) {
- 82     var fs = require('fs');
- 83     var rs = require('jsrsasign');
- 84     var rawString = rs.hextorstr(hexString);
- 85     fs.writeFileSync(binFile, rawString, 'binary');
- 86 }
- 87 

\ No newline at end of file
+  8  * This software is licensed under the terms of the MIT License.
+  9  * https://kjur.github.io/jsrsasign/license/
+ 10  *
+ 11  * The above copyright and license notice shall be 
+ 12  * included in all copies or substantial portions of the Software.
+ 13  */
+ 14 
+ 15 /**
+ 16  * @fileOverview
+ 17  * @name nodeutil-1.0.js
+ 18  * @author Kenji Urushima kenji.urushima@gmail.com
+ 19  * @version jsrsasign-util 1.0.1 nodeutil 1.0.1 (2020-Oct-23)
+ 20  * @since jsrsasign 5.0.2
+ 21  * @license <a href="https://kjur.github.io/jsrsasign/license/">MIT License</a>
+ 22  */
+ 23 var fs = require("fs");
+ 24 var JSONC = require("jsonc-parser");
+ 25 var rs = require("jsrsasign");
+ 26 
+ 27 /**
+ 28  * read file and return file contents as utf-8 string
+ 29  * @param {String} utf8File file name to be read
+ 30  * @return {String} utf-8 string of file contents
+ 31  * @description
+ 32  * This function only works in Node.js.
+ 33  */
+ 34 function readFileUTF8(utf8File) {
+ 35     return require('fs').readFileSync(utf8File, 'utf8');
+ 36 }
+ 37 
+ 38 /**
+ 39  * read binary file and return file contents as hexadecimal string
+ 40  * @param {String} binFile file name to be read
+ 41  * @return {String} hexadecimal string of file contents
+ 42  * @description
+ 43  * This function only works in Node.js.
+ 44  */
+ 45 function readFileHexByBin(binFile) {
+ 46     return rs.rstrtohex(fs.readFileSync(binFile, 'binary'));
+ 47 }
+ 48 
+ 49 /**
+ 50  * read file and return file contents
+ 51  * @param {String} binFile file name to be read
+ 52  * @return {String} raw string of file contents
+ 53  * @description
+ 54  * This function only works in Node.js.
+ 55  */
+ 56 function readFile(binFile) {
+ 57     return fs.readFileSync(binFile, 'binary');
+ 58 }
+ 59 
+ 60 /**
+ 61  * save raw string to file
+ 62  * @param {String} binFile file name to save contents.
+ 63  * @param {String} rawString string contents to be saved.
+ 64  * @description
+ 65  * This function only works in Node.js.
+ 66  */
+ 67 function saveFile(binFile, rawString) {
+ 68     var fs = require('fs');
+ 69     fs.writeFileSync(binFile, rawString, 'binary');
+ 70 }
+ 71 
+ 72 /**
+ 73  * save data represented by hexadecimal string to file
+ 74  * @param {String} binFile file name to save contents.
+ 75  * @param {String} hexString hexadecimal string to be saved.
+ 76  * @description
+ 77  * This function only works in Node.js.
+ 78  */
+ 79 function saveFileBinByHex(binFile, hexString) {
+ 80     var rawString = rs.hextorstr(hexString);
+ 81     fs.writeFileSync(binFile, rawString, 'binary');
+ 82 }
+ 83 
+ 84 /**
+ 85  * read JSON file and return its JSON object
+ 86  * @param {String} JSON file name to be read
+ 87  * @return {Object} JSON object or array of file contents
+ 88  * @since jsrsasign-util 1.0.1 nodeutil 1.0.1
+ 89  *
+ 90  * @description
+ 91  * This function only works in Node.js.
+ 92  * @example
+ 93  * var rsu = require("jsrsasign-util");
+ 94  * rsu.readJSON("aaa.json") → JSON object
+ 95  */
+ 96 function readJSON(jsonFile) {
+ 97     var jsonStr = fs.readFileSync(jsonFile, "utf8");
+ 98     var json = JSON.parse(jsonStr);
+ 99     return json;
+100 }
+101 
+102 /**
+103  * read JSONC file and return its JSON object
+104  * @param {String} JSONC file name to be read
+105  * @return {Object} JSON object or array of file contents
+106  * @since jsrsasign-util 1.0.1 nodeutil 1.0.1
+107  *
+108  * @description
+109  * This method read JSONC (i.e. JSON with comments) file
+110  * and returns JSON object.
+111  * This function only works in Node.js.
+112  * 
+113  * @example
+114  * var rsu = require("jsrsasign-util");
+115  * rsu.readJSONC("aaa.jsonc") → JSON object
+116  */
+117 function readJSONC(jsonFile) {
+118     var jsonStr = fs.readFileSync(jsonFile, "utf8");
+119     var json = JSONC.parse(jsonStr);
+120     return json;
+121 }
+122 
+123 /**
+124  * save JSON object as file
+125  * @param {Object} jsonFile output JSON file name
+126  * @param {Object} json JSON object to save
+127  * @since jsrsasign-util 1.0.1 nodeutil 1.0.1
+128  *
+129  * @description
+130  * This method saves JSON object as a file.
+131  * This function only works in Node.js.
+132  * 
+133  * @example
+134  * var rsu = require("jsrsasign-util");
+135  * rsu.saveJSONC("aaa.jsonc", json);
+136  */
+137 function saveFileJSON(jsonFile, json) {
+138     var s = JSON.stringify(json, null, "  ");
+139     saveFile(jsonFile, s);
+140 }
+141 
+142 /**
+143  * output JSON object to console
+144  * @param {Object} json JSON object to print out
+145  * @param {Object} prefix prefix string (OPTION)
+146  * @since jsrsasign-util 1.0.1 nodeutil 1.0.1
+147  *
+148  * @description
+149  * This method writes JSON object to console.
+150  * This function only works in Node.js.
+151  * 
+152  * @example
+153  * var rsu = require("jsrsasign-util");
+154  * var obj = {aaa: "bbb", "ccc": 123};
+155  * rsu.printJSON(obj, "obj = ") →
+156  * obj = {
+157  *   "aaa": "bbb",
+158  *   "ccc": 123
+159  * }
+160  */
+161 function printJSON(json, prefix) {
+162     var s = "";
+163     if (prefix != undefined) s = prefix;
+164     console.log(s + JSON.stringify(json, null, "  "));
+165 }
+166 
+167
\ No newline at end of file diff --git a/api/symbols/src/x509-1.1.js.html b/api/symbols/src/x509-1.1.js.html index c901ec1c..20de0d5c 100644 --- a/api/symbols/src/x509-1.1.js.html +++ b/api/symbols/src/x509-1.1.js.html @@ -5,7 +5,7 @@ .STRN {color: #393;} .REGX {color: #339;} .line {border-right: 1px dotted #666; color: #666; font-style: normal;} - 
  1 /* x509-2.0.7.js (c) 2012-2020 Kenji Urushima | kjur.github.io/jsrsasign/license
+	
  1 /* x509-2.0.8.js (c) 2012-2020 Kenji Urushima | kjur.github.io/jsrsasign/license
   2  */
   3 /*
   4  * x509.js - X509 class to read subject public key from certificate.
@@ -23,7 +23,7 @@
  16  * @fileOverview
  17  * @name x509-1.1.js
  18  * @author Kenji Urushima kenji.urushima@gmail.com
- 19  * @version jsrsasign 10.0.3 x509 2.0.7 (2020-Oct-21)
+ 19  * @version jsrsasign 10.0.4 x509 2.0.8 (2020-Oct-23)
  20  * @since jsrsasign 1.x.x
  21  * @license <a href="https://kjur.github.io/jsrsasign/license/">MIT License</a>
  22  */
@@ -2464,367 +2464,485 @@
 2457 	    if (aExt[i].extname == extname) return aExt[i];
 2458 	}
 2459 	return null;
-2460     };
-2461 
-2462     /**
-2463      * get certificate information as string.<br/>
-2464      * @name getInfo
-2465      * @memberOf X509#
-2466      * @function
-2467      * @return {String} certificate information string
-2468      * @since jsrsasign 5.0.10 x509 1.1.8
-2469      * @example
-2470      * x = new X509();
-2471      * x.readCertPEM(certPEM);
-2472      * console.log(x.getInfo());
-2473      * // this shows as following
-2474      * Basic Fields
-2475      *   serial number: 02ac5c266a0b409b8f0b79f2ae462577
-2476      *   signature algorithm: SHA1withRSA
-2477      *   issuer: /C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert High Assurance EV Root CA
-2478      *   notBefore: 061110000000Z
-2479      *   notAfter: 311110000000Z
-2480      *   subject: /C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert High Assurance EV Root CA
-2481      *   subject public key info:
-2482      *     key algorithm: RSA
-2483      *     n=c6cce573e6fbd4bb...
-2484      *     e=10001
-2485      * X509v3 Extensions:
-2486      *   keyUsage CRITICAL:
-2487      *     digitalSignature,keyCertSign,cRLSign
-2488      *   basicConstraints CRITICAL:
-2489      *     cA=true
-2490      *   subjectKeyIdentifier :
-2491      *     b13ec36903f8bf4701d498261a0802ef63642bc3
-2492      *   authorityKeyIdentifier :
-2493      *     kid=b13ec36903f8bf4701d498261a0802ef63642bc3
-2494      * signature algorithm: SHA1withRSA
-2495      * signature: 1c1a0697dcd79c9f...
-2496      */
-2497     this.getInfo = function() {
-2498 	var _getSubjectAltNameStr = function(params) {
-2499 	    var s = JSON.stringify(params.array).replace(/[\[\]\{\}\"]/g, '');
-2500 	    return s;
-2501 	};
-2502 	var _getCertificatePoliciesStr = function(params) {
-2503 	    var s = "";
-2504 	    var a = params.array;
-2505 	    for (var i = 0; i < a.length; i++) {
-2506 		var pi = a[i];
-2507 		s += "    policy oid: " + pi.policyoid + "\n";
-2508 		if (pi.array === undefined) continue;
-2509 		for (var j = 0; j < pi.array.length; j++) {
-2510 		    var pqi = pi.array[j];
-2511 		    if (pqi.cps !== undefined) {
-2512 			s += "    cps: " + pqi.cps + "\n";
-2513 		    }
-2514 		}
-2515 	    }
-2516 	    return s;
-2517 	};
-2518 	var _getCRLDistributionPointsStr = function(params) {
-2519 	    var s = "";
-2520 	    var a = params.array;
-2521 	    for (var i = 0; i < a.length; i++) {
-2522 		var dp = a[i];
-2523 		try {
-2524 		    if (dp.dpname.full[0].uri !== undefined)
-2525 			s += "    " + dp.dpname.full[0].uri + "\n";
-2526 		} catch(ex) {};
-2527 		try {
-2528 		    if (dp.dname.full[0].dn.hex !== undefined)
-2529 			s += "    " + X509.hex2dn(dp.dpname.full[0].dn.hex) + "\n";
-2530 		} catch(ex) {};
-2531 	    }
-2532 	    return s;
-2533 	}
-2534 	var _getAuthorityInfoAccessStr = function(params) {
-2535 	    var s = "";
-2536 	    var a = params.array;
-2537 	    for (var i = 0; i < a.length; i++) {
-2538 		var ad = a[i];
-2539 
-2540 		if (ad.caissuer !== undefined)
-2541 		    s += "    caissuer: " + ad.caissuer + "\n";
-2542 		if (ad.ocsp !== undefined)
-2543 		    s += "    ocsp: " + ad.ocsp + "\n";
-2544 	    }
-2545 	    return s;
-2546 	};
-2547 	var _X509 = X509;
-2548 	var s, pubkey, aExt;
-2549 	s  = "Basic Fields\n";
-2550         s += "  serial number: " + this.getSerialNumberHex() + "\n";
-2551 	s += "  signature algorithm: " + this.getSignatureAlgorithmField() + "\n";
-2552 	s += "  issuer: " + this.getIssuerString() + "\n";
-2553 	s += "  notBefore: " + this.getNotBefore() + "\n";
-2554 	s += "  notAfter: " + this.getNotAfter() + "\n";
-2555 	s += "  subject: " + this.getSubjectString() + "\n";
-2556 	s += "  subject public key info: " + "\n";
-2557 
-2558 	// subject public key info
-2559 	pubkey = this.getPublicKey();
-2560 	s += "    key algorithm: " + pubkey.type + "\n";
-2561 
-2562 	if (pubkey.type === "RSA") {
-2563 	    s += "    n=" + hextoposhex(pubkey.n.toString(16)).substr(0, 16) + "...\n";
-2564 	    s += "    e=" + hextoposhex(pubkey.e.toString(16)) + "\n";
-2565 	}
-2566 
-2567 	// X.509v3 Extensions
-2568         aExt = this.aExtInfo;
-2569 
-2570 	if (aExt !== undefined && aExt !== null) {
-2571             s += "X509v3 Extensions:\n";
-2572 	    
-2573             for (var i = 0; i < aExt.length; i++) {
-2574 		var info = aExt[i];
-2575 
-2576 		// show extension name and critical flag
-2577 		var extName = KJUR.asn1.x509.OID.oid2name(info["oid"]);
-2578 		if (extName === '') extName = info["oid"];
+2460 
+2461     };
+2462 
+2463     /**
+2464      * update CRLDistributionPoints Full URI in parameter<br/>
+2465      * @name updateCDPFullURI
+2466      * @memberOf X509#
+2467      * @function
+2468      * @param {Array} aExt array of extension parameters
+2469      * @param {String} newURI string of new uri
+2470      * @since jsrsasign 10.0.4 x509 2.0.8
+2471      * @see X509#findExt
+2472      * @see KJUR.asn1.x509.CRLDistributionPoints
+2473      *
+2474      * @description
+2475      * This method updates Full URI of CRLDistributionPoints extension
+2476      * in the extension parameter array if it exists.
+2477      *
+2478      * @example
+2479      * aExt = [
+2480      *   {extname:"authorityKeyIdentifier",kid:{hex:"12ab..."}},
+2481      *   {extname:"cRLDistributionPoints",
+2482           array:[{dpname:{full:[{uri:"http://example.com/a.crl"}]}}]},
+2483      * ];
+2484      * x = new X509();
+2485      * x.updateCDPFullURI(aExt, "http://crl2.example.new/b.crl");
+2486      */
+2487     this.updateExtCDPFullURI = function(aExt, newURI) {
+2488 	var pExt = this.findExt(aExt, "cRLDistributionPoints");
+2489 	if (pExt == null) return;
+2490 	if (pExt.array == undefined) return;
+2491 	var aDP = pExt.array;
+2492 	for (var i = 0; i < aDP.length; i++) {
+2493 	    if (aDP[i].dpname == undefined) continue;
+2494 	    if (aDP[i].dpname.full == undefined) continue;
+2495 	    var aURI = aDP[i].dpname.full;
+2496 	    for (var j = 0; j < aURI.length; j++) {
+2497 		var pURI = aURI[i];
+2498 		if (pURI.uri == undefined) continue;
+2499 		pURI.uri = newURI;
+2500 	    }
+2501 	}
+2502     };
+2503 
+2504     /**
+2505      * update authorityInfoAccess ocsp in parameter<br/>
+2506      * @name updateAIAOCSP
+2507      * @memberOf X509#
+2508      * @function
+2509      * @param {Array} aExt array of extension parameters
+2510      * @param {String} newURI string of new uri
+2511      * @since jsrsasign 10.0.4 x509 2.0.8
+2512      * @see X509#findExt
+2513      * @see KJUR.asn1.x509.AuthorityInfoAccess
+2514      *
+2515      * @description
+2516      * This method updates "ocsp" accessMethod URI of 
+2517      * AuthorityInfoAccess extension
+2518      * in the extension parameter array if it exists.
+2519      *
+2520      * @example
+2521      * aExt = [
+2522      *   {extname:"authorityKeyIdentifier",kid:{hex:"12ab..."}},
+2523      *   {extname:"authoriyInfoAccess",
+2524      *    array:[
+2525      *      {ocsp: "http://ocsp1.example.com"},
+2526      *      {caissuer: "http://example.com/a.crt"}
+2527      *    ]}
+2528      * ];
+2529      * x = new X509();
+2530      * x.updateAIAOCSP(aExt, "http://ocsp2.example.net");
+2531      */
+2532     this.updateExtAIAOCSP = function(aExt, newURI) {
+2533 	var pExt = this.findExt(aExt, "authorityInfoAccess");
+2534 	if (pExt == null) return;
+2535 	if (pExt.array == undefined) return;
+2536 	var a = pExt.array;
+2537 	for (var i = 0; i < a.length; i++) {
+2538 	    if (a[i].ocsp != undefined) a[i].ocsp = newURI;
+2539 	}
+2540     };
+2541 
+2542     /**
+2543      * update authorityInfoAccess caIssuer in parameter<br/>
+2544      * @name updateAIACAIssuer
+2545      * @memberOf X509#
+2546      * @function
+2547      * @param {Array} aExt array of extension parameters
+2548      * @param {String} newURI string of new uri
+2549      * @since jsrsasign 10.0.4 x509 2.0.8
+2550      * @see X509#findExt
+2551      * @see KJUR.asn1.x509.AuthorityInfoAccess
+2552      *
+2553      * @description
+2554      * This method updates "caIssuer" accessMethod URI of 
+2555      * AuthorityInfoAccess extension
+2556      * in the extension parameter array if it exists.
+2557      *
+2558      * @example
+2559      * aExt = [
+2560      *   {extname:"authorityKeyIdentifier",kid:{hex:"12ab..."}},
+2561      *   {extname:"authoriyInfoAccess",
+2562      *    array:[
+2563      *      {ocsp: "http://ocsp1.example.com"},
+2564      *      {caissuer: "http://example.com/a.crt"}
+2565      *    ]}
+2566      * ];
+2567      * x = new X509();
+2568      * x.updateAIACAIssuer(aExt, "http://example.net/b.crt");
+2569      */
+2570     this.updateExtAIACAIssuer = function(aExt, newURI) {
+2571 	var pExt = this.findExt(aExt, "authorityInfoAccess");
+2572 	if (pExt == null) return;
+2573 	if (pExt.array == undefined) return;
+2574 	var a = pExt.array;
+2575 	for (var i = 0; i < a.length; i++) {
+2576 	    if (a[i].caissuer != undefined) a[i].caissuer = newURI;
+2577 	}
+2578     };
 2579 
-2580 		var critical = '';
-2581 		if (info["critical"] === true) critical = "CRITICAL";
-2582 
-2583 		s += "  " + extName + " " + critical + ":\n";
-2584 
-2585 		// show extension value if supported
-2586 		if (extName === "basicConstraints") {
-2587 		    var bc = this.getExtBasicConstraints();
-2588 		    if (bc.cA === undefined) {
-2589 			s += "    {}\n";
-2590 		    } else {
-2591 			s += "    cA=true";
-2592 			if (bc.pathLen !== undefined)
-2593 			    s += ", pathLen=" + bc.pathLen;
-2594 			s += "\n";
-2595 		    }
-2596 		} else if (extName === "keyUsage") {
-2597 		    s += "    " + this.getExtKeyUsageString() + "\n";
-2598 		} else if (extName === "subjectKeyIdentifier") {
-2599 		    s += "    " + this.getExtSubjectKeyIdentifier().kid.hex + "\n";
-2600 		} else if (extName === "authorityKeyIdentifier") {
-2601 		    var akid = this.getExtAuthorityKeyIdentifier();
-2602 		    if (akid.kid !== undefined)
-2603 			s += "    kid=" + akid.kid.hex + "\n";
-2604 		} else if (extName === "extKeyUsage") {
-2605 		    var eku = this.getExtExtKeyUsage().array;
-2606 		    s += "    " + eku.join(", ") + "\n";
-2607 		} else if (extName === "subjectAltName") {
-2608 		    var san = _getSubjectAltNameStr(this.getExtSubjectAltName());
-2609 		    s += "    " + san + "\n";
-2610 		} else if (extName === "cRLDistributionPoints") {
-2611 		    var cdp = this.getExtCRLDistributionPoints();
-2612 		    s += _getCRLDistributionPointsStr(cdp);
-2613 		} else if (extName === "authorityInfoAccess") {
-2614 		    var aia = this.getExtAuthorityInfoAccess();
-2615 		    s += _getAuthorityInfoAccessStr(aia);
-2616 		} else if (extName === "certificatePolicies") {
-2617 		    s += _getCertificatePoliciesStr(this.getExtCertificatePolicies());
-2618 		}
-2619 	    }
-2620         }
-2621 
-2622 	s += "signature algorithm: " + this.getSignatureAlgorithmName() + "\n";
-2623 	s += "signature: " + this.getSignatureValueHex().substr(0, 16) + "...\n";
-2624 	return s;
-2625     };
-2626 
-2627     if (typeof params == "string") {
-2628 	if (params.indexOf("-----BEGIN") != -1) {
-2629 	    this.readCertPEM(params);
-2630 	} else if (KJUR.lang.String.isHex(params)) {
-2631 	    this.readCertHex(params);
-2632 	}
-2633     }
-2634 };
-2635 // ----- END of X509 class -----
-2636 
-2637 /**
-2638  * get distinguished name string in OpenSSL online format from hexadecimal string of ASN.1 DER X.500 name<br/>
-2639  * @name hex2dn
-2640  * @memberOf X509
-2641  * @function
-2642  * @param {String} hex hexadecimal string of ASN.1 DER distinguished name
-2643  * @param {Integer} idx index of hexadecimal string (DEFAULT=0)
-2644  * @return {String} OpenSSL online format distinguished name
-2645  * @description
-2646  * This static method converts from a hexadecimal string of 
-2647  * distinguished name (DN)
-2648  * specified by 'hex' and 'idx' to OpenSSL oneline string representation (ex. /C=US/O=a).
-2649  * @example
-2650  * X509.hex2dn("3031310b3...") → /C=US/O=a/CN=b2+OU=b1
-2651  */
-2652 X509.hex2dn = function(hex, idx) {
-2653     if (idx === undefined) idx = 0;
-2654     if (hex.substr(idx, 2) !== "30") throw new Error("malformed DN");
-2655 
-2656     var a = new Array();
+2580     /**
+2581      * get certificate information as string.<br/>
+2582      * @name getInfo
+2583      * @memberOf X509#
+2584      * @function
+2585      * @return {String} certificate information string
+2586      * @since jsrsasign 5.0.10 x509 1.1.8
+2587      * @example
+2588      * x = new X509();
+2589      * x.readCertPEM(certPEM);
+2590      * console.log(x.getInfo());
+2591      * // this shows as following
+2592      * Basic Fields
+2593      *   serial number: 02ac5c266a0b409b8f0b79f2ae462577
+2594      *   signature algorithm: SHA1withRSA
+2595      *   issuer: /C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert High Assurance EV Root CA
+2596      *   notBefore: 061110000000Z
+2597      *   notAfter: 311110000000Z
+2598      *   subject: /C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert High Assurance EV Root CA
+2599      *   subject public key info:
+2600      *     key algorithm: RSA
+2601      *     n=c6cce573e6fbd4bb...
+2602      *     e=10001
+2603      * X509v3 Extensions:
+2604      *   keyUsage CRITICAL:
+2605      *     digitalSignature,keyCertSign,cRLSign
+2606      *   basicConstraints CRITICAL:
+2607      *     cA=true
+2608      *   subjectKeyIdentifier :
+2609      *     b13ec36903f8bf4701d498261a0802ef63642bc3
+2610      *   authorityKeyIdentifier :
+2611      *     kid=b13ec36903f8bf4701d498261a0802ef63642bc3
+2612      * signature algorithm: SHA1withRSA
+2613      * signature: 1c1a0697dcd79c9f...
+2614      */
+2615     this.getInfo = function() {
+2616 	var _getSubjectAltNameStr = function(params) {
+2617 	    var s = JSON.stringify(params.array).replace(/[\[\]\{\}\"]/g, '');
+2618 	    return s;
+2619 	};
+2620 	var _getCertificatePoliciesStr = function(params) {
+2621 	    var s = "";
+2622 	    var a = params.array;
+2623 	    for (var i = 0; i < a.length; i++) {
+2624 		var pi = a[i];
+2625 		s += "    policy oid: " + pi.policyoid + "\n";
+2626 		if (pi.array === undefined) continue;
+2627 		for (var j = 0; j < pi.array.length; j++) {
+2628 		    var pqi = pi.array[j];
+2629 		    if (pqi.cps !== undefined) {
+2630 			s += "    cps: " + pqi.cps + "\n";
+2631 		    }
+2632 		}
+2633 	    }
+2634 	    return s;
+2635 	};
+2636 	var _getCRLDistributionPointsStr = function(params) {
+2637 	    var s = "";
+2638 	    var a = params.array;
+2639 	    for (var i = 0; i < a.length; i++) {
+2640 		var dp = a[i];
+2641 		try {
+2642 		    if (dp.dpname.full[0].uri !== undefined)
+2643 			s += "    " + dp.dpname.full[0].uri + "\n";
+2644 		} catch(ex) {};
+2645 		try {
+2646 		    if (dp.dname.full[0].dn.hex !== undefined)
+2647 			s += "    " + X509.hex2dn(dp.dpname.full[0].dn.hex) + "\n";
+2648 		} catch(ex) {};
+2649 	    }
+2650 	    return s;
+2651 	}
+2652 	var _getAuthorityInfoAccessStr = function(params) {
+2653 	    var s = "";
+2654 	    var a = params.array;
+2655 	    for (var i = 0; i < a.length; i++) {
+2656 		var ad = a[i];
 2657 
-2658     var aIdx = ASN1HEX.getChildIdx(hex, idx);
-2659     for (var i = 0; i < aIdx.length; i++) {
-2660 	a.push(X509.hex2rdn(hex, aIdx[i]));
-2661     }
-2662 
-2663     a = a.map(function(s) { return s.replace("/", "\\/"); });
-2664     return "/" + a.join("/");
-2665 };
-2666 
-2667 /**
-2668  * get relative distinguished name string in OpenSSL online format from hexadecimal string of ASN.1 DER RDN<br/>
-2669  * @name hex2rdn
-2670  * @memberOf X509
-2671  * @function
-2672  * @param {String} hex hexadecimal string of ASN.1 DER concludes relative distinguished name
-2673  * @param {Integer} idx index of hexadecimal string (DEFAULT=0)
-2674  * @return {String} OpenSSL online format relative distinguished name
-2675  * @description
-2676  * This static method converts from a hexadecimal string of 
-2677  * relative distinguished name (RDN)
-2678  * specified by 'hex' and 'idx' to LDAP string representation (ex. O=test+CN=test).<br/>
-2679  * NOTE: Multi-valued RDN is supported since jsnrsasign 6.2.2 x509 1.1.10.
-2680  * @example
-2681  * X509.hex2rdn("310a3008060355040a0c0161") → O=a
-2682  * X509.hex2rdn("31143008060355040a0c01613008060355040a0c0162") → O=a+O=b
-2683  */
-2684 X509.hex2rdn = function(hex, idx) {
-2685     if (idx === undefined) idx = 0;
-2686     if (hex.substr(idx, 2) !== "31") throw new Error("malformed RDN");
+2658 		if (ad.caissuer !== undefined)
+2659 		    s += "    caissuer: " + ad.caissuer + "\n";
+2660 		if (ad.ocsp !== undefined)
+2661 		    s += "    ocsp: " + ad.ocsp + "\n";
+2662 	    }
+2663 	    return s;
+2664 	};
+2665 	var _X509 = X509;
+2666 	var s, pubkey, aExt;
+2667 	s  = "Basic Fields\n";
+2668         s += "  serial number: " + this.getSerialNumberHex() + "\n";
+2669 	s += "  signature algorithm: " + this.getSignatureAlgorithmField() + "\n";
+2670 	s += "  issuer: " + this.getIssuerString() + "\n";
+2671 	s += "  notBefore: " + this.getNotBefore() + "\n";
+2672 	s += "  notAfter: " + this.getNotAfter() + "\n";
+2673 	s += "  subject: " + this.getSubjectString() + "\n";
+2674 	s += "  subject public key info: " + "\n";
+2675 
+2676 	// subject public key info
+2677 	pubkey = this.getPublicKey();
+2678 	s += "    key algorithm: " + pubkey.type + "\n";
+2679 
+2680 	if (pubkey.type === "RSA") {
+2681 	    s += "    n=" + hextoposhex(pubkey.n.toString(16)).substr(0, 16) + "...\n";
+2682 	    s += "    e=" + hextoposhex(pubkey.e.toString(16)) + "\n";
+2683 	}
+2684 
+2685 	// X.509v3 Extensions
+2686         aExt = this.aExtInfo;
 2687 
-2688     var a = new Array();
-2689 
-2690     var aIdx = ASN1HEX.getChildIdx(hex, idx);
-2691     for (var i = 0; i < aIdx.length; i++) {
-2692 	a.push(X509.hex2attrTypeValue(hex, aIdx[i]));
-2693     }
-2694 
-2695     a = a.map(function(s) { return s.replace("+", "\\+"); });
-2696     return a.join("+");
-2697 };
-2698 
-2699 /**
-2700  * get string from hexadecimal string of ASN.1 DER AttributeTypeAndValue<br/>
-2701  * @name hex2attrTypeValue
-2702  * @memberOf X509
-2703  * @function
-2704  * @param {String} hex hexadecimal string of ASN.1 DER concludes AttributeTypeAndValue
-2705  * @param {Integer} idx index of hexadecimal string (DEFAULT=0)
-2706  * @return {String} string representation of AttributeTypeAndValue (ex. C=US)
-2707  * @description
-2708  * This static method converts from a hexadecimal string of AttributeTypeAndValue
-2709  * specified by 'hex' and 'idx' to LDAP string representation (ex. C=US).
-2710  * @example
-2711  * X509.hex2attrTypeValue("3008060355040a0c0161") → O=a
-2712  * X509.hex2attrTypeValue("300806035504060c0161") → C=a
-2713  * X509.hex2attrTypeValue("...3008060355040a0c0161...", 128) → O=a
-2714  */
-2715 X509.hex2attrTypeValue = function(hex, idx) {
-2716     var _ASN1HEX = ASN1HEX;
-2717     var _getV = _ASN1HEX.getV;
-2718 
-2719     if (idx === undefined) idx = 0;
-2720     if (hex.substr(idx, 2) !== "30") 
-2721 	throw new Error("malformed attribute type and value");
-2722 
-2723     var aIdx = _ASN1HEX.getChildIdx(hex, idx);
-2724     if (aIdx.length !== 2 || hex.substr(aIdx[0], 2) !== "06")
-2725 	"malformed attribute type and value";
-2726 
-2727     var oidHex = _getV(hex, aIdx[0]);
-2728     var oidInt = KJUR.asn1.ASN1Util.oidHexToInt(oidHex);
-2729     var atype = KJUR.asn1.x509.OID.oid2atype(oidInt);
-2730 
-2731     var hV = _getV(hex, aIdx[1]);
-2732     var rawV = hextorstr(hV);
-2733 
-2734     return atype + "=" + rawV;
-2735 };
-2736 
-2737 /**
-2738  * get RSA/DSA/ECDSA public key object from X.509 certificate hexadecimal string<br/>
-2739  * @name getPublicKeyFromCertHex
-2740  * @memberOf X509
-2741  * @function
-2742  * @param {String} h hexadecimal string of X.509 certificate for RSA/ECDSA/DSA public key
-2743  * @return returns RSAKey/KJUR.crypto.{ECDSA,DSA} object of public key
-2744  * @since jsrasign 7.1.0 x509 1.1.11
-2745  */
-2746 X509.getPublicKeyFromCertHex = function(h) {
-2747     var x = new X509();
-2748     x.readCertHex(h);
-2749     return x.getPublicKey();
-2750 };
-2751 
-2752 /**
-2753  * get RSA/DSA/ECDSA public key object from PEM certificate string
-2754  * @name getPublicKeyFromCertPEM
-2755  * @memberOf X509
-2756  * @function
-2757  * @param {String} sCertPEM PEM formatted RSA/ECDSA/DSA X.509 certificate
-2758  * @return returns RSAKey/KJUR.crypto.{ECDSA,DSA} object of public key
-2759  * @since x509 1.1.1
-2760  * @description
-2761  * NOTE: DSA is also supported since x509 1.1.2.
-2762  */
-2763 X509.getPublicKeyFromCertPEM = function(sCertPEM) {
-2764     var x = new X509();
-2765     x.readCertPEM(sCertPEM);
-2766     return x.getPublicKey();
-2767 };
-2768 
-2769 /**
-2770  * get public key information from PEM certificate
-2771  * @name getPublicKeyInfoPropOfCertPEM
-2772  * @memberOf X509
-2773  * @function
-2774  * @param {String} sCertPEM string of PEM formatted certificate
-2775  * @return {Hash} hash of information for public key
-2776  * @since x509 1.1.1
-2777  * @description
-2778  * Resulted associative array has following properties:<br/>
-2779  * <ul>
-2780  * <li>algoid - hexadecimal string of OID of asymmetric key algorithm</li>
-2781  * <li>algparam - hexadecimal string of OID of ECC curve name or null</li>
-2782  * <li>keyhex - hexadecimal string of key in the certificate</li>
-2783  * </ul>
-2784  * NOTE: X509v1 certificate is also supported since x509.js 1.1.9.
-2785  */
-2786 X509.getPublicKeyInfoPropOfCertPEM = function(sCertPEM) {
-2787     var _ASN1HEX = ASN1HEX;
-2788     var _getVbyList = _ASN1HEX.getVbyList;
-2789 
-2790     var result = {};
-2791     var x, hSPKI, pubkey;
-2792     result.algparam = null;
-2793 
-2794     x = new X509();
-2795     x.readCertPEM(sCertPEM);
-2796 
-2797     hSPKI = x.getPublicKeyHex();
-2798     result.keyhex = _getVbyList(hSPKI, 0, [1], "03").substr(2);
-2799     result.algoid = _getVbyList(hSPKI, 0, [0, 0], "06");
-2800 
-2801     if (result.algoid === "2a8648ce3d0201") { // ecPublicKey
-2802 	result.algparam = _getVbyList(hSPKI, 0, [0, 1], "06");
-2803     };
-2804 
-2805     return result;
-2806 };
+2688 	if (aExt !== undefined && aExt !== null) {
+2689             s += "X509v3 Extensions:\n";
+2690 	    
+2691             for (var i = 0; i < aExt.length; i++) {
+2692 		var info = aExt[i];
+2693 
+2694 		// show extension name and critical flag
+2695 		var extName = KJUR.asn1.x509.OID.oid2name(info["oid"]);
+2696 		if (extName === '') extName = info["oid"];
+2697 
+2698 		var critical = '';
+2699 		if (info["critical"] === true) critical = "CRITICAL";
+2700 
+2701 		s += "  " + extName + " " + critical + ":\n";
+2702 
+2703 		// show extension value if supported
+2704 		if (extName === "basicConstraints") {
+2705 		    var bc = this.getExtBasicConstraints();
+2706 		    if (bc.cA === undefined) {
+2707 			s += "    {}\n";
+2708 		    } else {
+2709 			s += "    cA=true";
+2710 			if (bc.pathLen !== undefined)
+2711 			    s += ", pathLen=" + bc.pathLen;
+2712 			s += "\n";
+2713 		    }
+2714 		} else if (extName === "keyUsage") {
+2715 		    s += "    " + this.getExtKeyUsageString() + "\n";
+2716 		} else if (extName === "subjectKeyIdentifier") {
+2717 		    s += "    " + this.getExtSubjectKeyIdentifier().kid.hex + "\n";
+2718 		} else if (extName === "authorityKeyIdentifier") {
+2719 		    var akid = this.getExtAuthorityKeyIdentifier();
+2720 		    if (akid.kid !== undefined)
+2721 			s += "    kid=" + akid.kid.hex + "\n";
+2722 		} else if (extName === "extKeyUsage") {
+2723 		    var eku = this.getExtExtKeyUsage().array;
+2724 		    s += "    " + eku.join(", ") + "\n";
+2725 		} else if (extName === "subjectAltName") {
+2726 		    var san = _getSubjectAltNameStr(this.getExtSubjectAltName());
+2727 		    s += "    " + san + "\n";
+2728 		} else if (extName === "cRLDistributionPoints") {
+2729 		    var cdp = this.getExtCRLDistributionPoints();
+2730 		    s += _getCRLDistributionPointsStr(cdp);
+2731 		} else if (extName === "authorityInfoAccess") {
+2732 		    var aia = this.getExtAuthorityInfoAccess();
+2733 		    s += _getAuthorityInfoAccessStr(aia);
+2734 		} else if (extName === "certificatePolicies") {
+2735 		    s += _getCertificatePoliciesStr(this.getExtCertificatePolicies());
+2736 		}
+2737 	    }
+2738         }
+2739 
+2740 	s += "signature algorithm: " + this.getSignatureAlgorithmName() + "\n";
+2741 	s += "signature: " + this.getSignatureValueHex().substr(0, 16) + "...\n";
+2742 	return s;
+2743     };
+2744 
+2745     if (typeof params == "string") {
+2746 	if (params.indexOf("-----BEGIN") != -1) {
+2747 	    this.readCertPEM(params);
+2748 	} else if (KJUR.lang.String.isHex(params)) {
+2749 	    this.readCertHex(params);
+2750 	}
+2751     }
+2752 };
+2753 // ----- END of X509 class -----
+2754 
+2755 /**
+2756  * get distinguished name string in OpenSSL online format from hexadecimal string of ASN.1 DER X.500 name<br/>
+2757  * @name hex2dn
+2758  * @memberOf X509
+2759  * @function
+2760  * @param {String} hex hexadecimal string of ASN.1 DER distinguished name
+2761  * @param {Integer} idx index of hexadecimal string (DEFAULT=0)
+2762  * @return {String} OpenSSL online format distinguished name
+2763  * @description
+2764  * This static method converts from a hexadecimal string of 
+2765  * distinguished name (DN)
+2766  * specified by 'hex' and 'idx' to OpenSSL oneline string representation (ex. /C=US/O=a).
+2767  * @example
+2768  * X509.hex2dn("3031310b3...") → /C=US/O=a/CN=b2+OU=b1
+2769  */
+2770 X509.hex2dn = function(hex, idx) {
+2771     if (idx === undefined) idx = 0;
+2772     if (hex.substr(idx, 2) !== "30") throw new Error("malformed DN");
+2773 
+2774     var a = new Array();
+2775 
+2776     var aIdx = ASN1HEX.getChildIdx(hex, idx);
+2777     for (var i = 0; i < aIdx.length; i++) {
+2778 	a.push(X509.hex2rdn(hex, aIdx[i]));
+2779     }
+2780 
+2781     a = a.map(function(s) { return s.replace("/", "\\/"); });
+2782     return "/" + a.join("/");
+2783 };
+2784 
+2785 /**
+2786  * get relative distinguished name string in OpenSSL online format from hexadecimal string of ASN.1 DER RDN<br/>
+2787  * @name hex2rdn
+2788  * @memberOf X509
+2789  * @function
+2790  * @param {String} hex hexadecimal string of ASN.1 DER concludes relative distinguished name
+2791  * @param {Integer} idx index of hexadecimal string (DEFAULT=0)
+2792  * @return {String} OpenSSL online format relative distinguished name
+2793  * @description
+2794  * This static method converts from a hexadecimal string of 
+2795  * relative distinguished name (RDN)
+2796  * specified by 'hex' and 'idx' to LDAP string representation (ex. O=test+CN=test).<br/>
+2797  * NOTE: Multi-valued RDN is supported since jsnrsasign 6.2.2 x509 1.1.10.
+2798  * @example
+2799  * X509.hex2rdn("310a3008060355040a0c0161") → O=a
+2800  * X509.hex2rdn("31143008060355040a0c01613008060355040a0c0162") → O=a+O=b
+2801  */
+2802 X509.hex2rdn = function(hex, idx) {
+2803     if (idx === undefined) idx = 0;
+2804     if (hex.substr(idx, 2) !== "31") throw new Error("malformed RDN");
+2805 
+2806     var a = new Array();
 2807 
-2808 /* ======================================================================
-2809  *   Specific V3 Extensions
-2810  * ====================================================================== */
-2811 
-2812 X509.KEYUSAGE_NAME = [
-2813     "digitalSignature",
-2814     "nonRepudiation",
-2815     "keyEncipherment",
-2816     "dataEncipherment",
-2817     "keyAgreement",
-2818     "keyCertSign",
-2819     "cRLSign",
-2820     "encipherOnly",
-2821     "decipherOnly"
-2822 ];
-2823 

\ No newline at end of file
+2808     var aIdx = ASN1HEX.getChildIdx(hex, idx);
+2809     for (var i = 0; i < aIdx.length; i++) {
+2810 	a.push(X509.hex2attrTypeValue(hex, aIdx[i]));
+2811     }
+2812 
+2813     a = a.map(function(s) { return s.replace("+", "\\+"); });
+2814     return a.join("+");
+2815 };
+2816 
+2817 /**
+2818  * get string from hexadecimal string of ASN.1 DER AttributeTypeAndValue<br/>
+2819  * @name hex2attrTypeValue
+2820  * @memberOf X509
+2821  * @function
+2822  * @param {String} hex hexadecimal string of ASN.1 DER concludes AttributeTypeAndValue
+2823  * @param {Integer} idx index of hexadecimal string (DEFAULT=0)
+2824  * @return {String} string representation of AttributeTypeAndValue (ex. C=US)
+2825  * @description
+2826  * This static method converts from a hexadecimal string of AttributeTypeAndValue
+2827  * specified by 'hex' and 'idx' to LDAP string representation (ex. C=US).
+2828  * @example
+2829  * X509.hex2attrTypeValue("3008060355040a0c0161") → O=a
+2830  * X509.hex2attrTypeValue("300806035504060c0161") → C=a
+2831  * X509.hex2attrTypeValue("...3008060355040a0c0161...", 128) → O=a
+2832  */
+2833 X509.hex2attrTypeValue = function(hex, idx) {
+2834     var _ASN1HEX = ASN1HEX;
+2835     var _getV = _ASN1HEX.getV;
+2836 
+2837     if (idx === undefined) idx = 0;
+2838     if (hex.substr(idx, 2) !== "30") 
+2839 	throw new Error("malformed attribute type and value");
+2840 
+2841     var aIdx = _ASN1HEX.getChildIdx(hex, idx);
+2842     if (aIdx.length !== 2 || hex.substr(aIdx[0], 2) !== "06")
+2843 	"malformed attribute type and value";
+2844 
+2845     var oidHex = _getV(hex, aIdx[0]);
+2846     var oidInt = KJUR.asn1.ASN1Util.oidHexToInt(oidHex);
+2847     var atype = KJUR.asn1.x509.OID.oid2atype(oidInt);
+2848 
+2849     var hV = _getV(hex, aIdx[1]);
+2850     var rawV = hextorstr(hV);
+2851 
+2852     return atype + "=" + rawV;
+2853 };
+2854 
+2855 /**
+2856  * get RSA/DSA/ECDSA public key object from X.509 certificate hexadecimal string<br/>
+2857  * @name getPublicKeyFromCertHex
+2858  * @memberOf X509
+2859  * @function
+2860  * @param {String} h hexadecimal string of X.509 certificate for RSA/ECDSA/DSA public key
+2861  * @return returns RSAKey/KJUR.crypto.{ECDSA,DSA} object of public key
+2862  * @since jsrasign 7.1.0 x509 1.1.11
+2863  */
+2864 X509.getPublicKeyFromCertHex = function(h) {
+2865     var x = new X509();
+2866     x.readCertHex(h);
+2867     return x.getPublicKey();
+2868 };
+2869 
+2870 /**
+2871  * get RSA/DSA/ECDSA public key object from PEM certificate string
+2872  * @name getPublicKeyFromCertPEM
+2873  * @memberOf X509
+2874  * @function
+2875  * @param {String} sCertPEM PEM formatted RSA/ECDSA/DSA X.509 certificate
+2876  * @return returns RSAKey/KJUR.crypto.{ECDSA,DSA} object of public key
+2877  * @since x509 1.1.1
+2878  * @description
+2879  * NOTE: DSA is also supported since x509 1.1.2.
+2880  */
+2881 X509.getPublicKeyFromCertPEM = function(sCertPEM) {
+2882     var x = new X509();
+2883     x.readCertPEM(sCertPEM);
+2884     return x.getPublicKey();
+2885 };
+2886 
+2887 /**
+2888  * get public key information from PEM certificate
+2889  * @name getPublicKeyInfoPropOfCertPEM
+2890  * @memberOf X509
+2891  * @function
+2892  * @param {String} sCertPEM string of PEM formatted certificate
+2893  * @return {Hash} hash of information for public key
+2894  * @since x509 1.1.1
+2895  * @description
+2896  * Resulted associative array has following properties:<br/>
+2897  * <ul>
+2898  * <li>algoid - hexadecimal string of OID of asymmetric key algorithm</li>
+2899  * <li>algparam - hexadecimal string of OID of ECC curve name or null</li>
+2900  * <li>keyhex - hexadecimal string of key in the certificate</li>
+2901  * </ul>
+2902  * NOTE: X509v1 certificate is also supported since x509.js 1.1.9.
+2903  */
+2904 X509.getPublicKeyInfoPropOfCertPEM = function(sCertPEM) {
+2905     var _ASN1HEX = ASN1HEX;
+2906     var _getVbyList = _ASN1HEX.getVbyList;
+2907 
+2908     var result = {};
+2909     var x, hSPKI, pubkey;
+2910     result.algparam = null;
+2911 
+2912     x = new X509();
+2913     x.readCertPEM(sCertPEM);
+2914 
+2915     hSPKI = x.getPublicKeyHex();
+2916     result.keyhex = _getVbyList(hSPKI, 0, [1], "03").substr(2);
+2917     result.algoid = _getVbyList(hSPKI, 0, [0, 0], "06");
+2918 
+2919     if (result.algoid === "2a8648ce3d0201") { // ecPublicKey
+2920 	result.algparam = _getVbyList(hSPKI, 0, [0, 1], "06");
+2921     };
+2922 
+2923     return result;
+2924 };
+2925 
+2926 /* ======================================================================
+2927  *   Specific V3 Extensions
+2928  * ====================================================================== */
+2929 
+2930 X509.KEYUSAGE_NAME = [
+2931     "digitalSignature",
+2932     "nonRepudiation",
+2933     "keyEncipherment",
+2934     "dataEncipherment",
+2935     "keyAgreement",
+2936     "keyCertSign",
+2937     "cRLSign",
+2938     "encipherOnly",
+2939     "decipherOnly"
+2940 ];
+2941
\ No newline at end of file diff --git a/bower.json b/bower.json index ba4a67c1..aee79cac 100644 --- a/bower.json +++ b/bower.json @@ -1,6 +1,6 @@ { "name": "kjur-jsrsasign", - "version": "10.0.3", + "version": "10.0.4", "main": "jsrsasign-all-min.js", "description": "The 'jsrsasign' (RSA-Sign JavaScript Library) is an opensource free cryptography library supporting RSA/RSAPSS/ECDSA/DSA signing/validation, ASN.1, PKCS#1/5/8 private/public key, X.509 certificate, CRL, OCSP, CMS SignedData, TimeStamp, CAdES, JWS and JWT in pure JavaScript.", "license": "MIT", diff --git a/jsrsasign-all-min.js b/jsrsasign-all-min.js index e7fd0100..636a0d43 100644 --- a/jsrsasign-all-min.js +++ b/jsrsasign-all-min.js @@ -1,5 +1,5 @@ /* - * jsrsasign(all) 10.0.3 (2020-10-21) (c) 2010-2020 Kenji Urushima | kjur.github.com/jsrsasign/license + * jsrsasign(all) 10.0.4 (2020-10-23) (c) 2010-2020 Kenji Urushima | kjur.github.com/jsrsasign/license */ /*! @@ -241,7 +241,7 @@ if(typeof KJUR=="undefined"||!KJUR){KJUR={}}if(typeof KJUR.crypto=="undefined"|| var KEYUTIL=function(){var d=function(p,r,q){return k(CryptoJS.AES,p,r,q)};var e=function(p,r,q){return k(CryptoJS.TripleDES,p,r,q)};var a=function(p,r,q){return k(CryptoJS.DES,p,r,q)};var k=function(s,x,u,q){var r=CryptoJS.enc.Hex.parse(x);var w=CryptoJS.enc.Hex.parse(u);var p=CryptoJS.enc.Hex.parse(q);var t={};t.key=w;t.iv=p;t.ciphertext=r;var v=s.decrypt(t,w,{iv:p});return CryptoJS.enc.Hex.stringify(v)};var l=function(p,r,q){return g(CryptoJS.AES,p,r,q)};var o=function(p,r,q){return g(CryptoJS.TripleDES,p,r,q)};var f=function(p,r,q){return g(CryptoJS.DES,p,r,q)};var g=function(t,y,v,q){var s=CryptoJS.enc.Hex.parse(y);var x=CryptoJS.enc.Hex.parse(v);var p=CryptoJS.enc.Hex.parse(q);var w=t.encrypt(s,x,{iv:p});var r=CryptoJS.enc.Hex.parse(w.toString());var u=CryptoJS.enc.Base64.stringify(r);return u};var i={"AES-256-CBC":{proc:d,eproc:l,keylen:32,ivlen:16},"AES-192-CBC":{proc:d,eproc:l,keylen:24,ivlen:16},"AES-128-CBC":{proc:d,eproc:l,keylen:16,ivlen:16},"DES-EDE3-CBC":{proc:e,eproc:o,keylen:24,ivlen:8},"DES-CBC":{proc:a,eproc:f,keylen:8,ivlen:8}};var c=function(p){return i[p]["proc"]};var m=function(p){var r=CryptoJS.lib.WordArray.random(p);var q=CryptoJS.enc.Hex.stringify(r);return q};var n=function(v){var w={};var q=v.match(new RegExp("DEK-Info: ([^,]+),([0-9A-Fa-f]+)","m"));if(q){w.cipher=q[1];w.ivsalt=q[2]}var p=v.match(new RegExp("-----BEGIN ([A-Z]+) PRIVATE KEY-----"));if(p){w.type=p[1]}var u=-1;var x=0;if(v.indexOf("\r\n\r\n")!=-1){u=v.indexOf("\r\n\r\n");x=2}if(v.indexOf("\n\n")!=-1){u=v.indexOf("\n\n");x=1}var t=v.indexOf("-----END");if(u!=-1&&t!=-1){var r=v.substring(u+x*2,t-x);r=r.replace(/\s+/g,"");w.data=r}return w};var j=function(q,y,p){var v=p.substring(0,16);var t=CryptoJS.enc.Hex.parse(v);var r=CryptoJS.enc.Utf8.parse(y);var u=i[q]["keylen"]+i[q]["ivlen"];var x="";var w=null;for(;;){var s=CryptoJS.algo.MD5.create();if(w!=null){s.update(w)}s.update(r);s.update(t);w=s.finalize();x=x+CryptoJS.enc.Hex.stringify(w);if(x.length>=u*2){break}}var z={};z.keyhex=x.substr(0,i[q]["keylen"]*2);z.ivhex=x.substr(i[q]["keylen"]*2,i[q]["ivlen"]*2);return z};var b=function(p,v,r,w){var s=CryptoJS.enc.Base64.parse(p);var q=CryptoJS.enc.Hex.stringify(s);var u=i[v]["proc"];var t=u(q,r,w);return t};var h=function(p,s,q,u){var r=i[s]["eproc"];var t=r(p,q,u);return t};return{version:"1.0.0",parsePKCS5PEM:function(p){return n(p)},getKeyAndUnusedIvByPasscodeAndIvsalt:function(q,p,r){return j(q,p,r)},decryptKeyB64:function(p,r,q,s){return b(p,r,q,s)},getDecryptedKeyHex:function(y,x){var q=n(y);var t=q.type;var r=q.cipher;var p=q.ivsalt;var s=q.data;var w=j(r,x,p);var v=w.keyhex;var u=b(s,r,v,p);return u},getEncryptedPKCS5PEMFromPrvKeyHex:function(x,s,A,t,r){var p="";if(typeof t=="undefined"||t==null){t="AES-256-CBC"}if(typeof i[t]=="undefined"){throw"KEYUTIL unsupported algorithm: "+t}if(typeof r=="undefined"||r==null){var v=i[t]["ivlen"];var u=m(v);r=u.toUpperCase()}var z=j(t,A,r);var y=z.keyhex;var w=h(s,t,y,r);var q=w.replace(/(.{64})/g,"$1\r\n");var p="-----BEGIN "+x+" PRIVATE KEY-----\r\n";p+="Proc-Type: 4,ENCRYPTED\r\n";p+="DEK-Info: "+t+","+r+"\r\n";p+="\r\n";p+=q;p+="\r\n-----END "+x+" PRIVATE KEY-----\r\n";return p},parseHexOfEncryptedPKCS8:function(y){var B=ASN1HEX;var z=B.getChildIdx;var w=B.getV;var t={};var r=z(y,0);if(r.length!=2){throw"malformed format: SEQUENCE(0).items != 2: "+r.length}t.ciphertext=w(y,r[1]);var A=z(y,r[0]);if(A.length!=2){throw"malformed format: SEQUENCE(0.0).items != 2: "+A.length}if(w(y,A[0])!="2a864886f70d01050d"){throw"this only supports pkcs5PBES2"}var p=z(y,A[1]);if(A.length!=2){throw"malformed format: SEQUENCE(0.0.1).items != 2: "+p.length}var q=z(y,p[1]);if(q.length!=2){throw"malformed format: SEQUENCE(0.0.1.1).items != 2: "+q.length}if(w(y,q[0])!="2a864886f70d0307"){throw"this only supports TripleDES"}t.encryptionSchemeAlg="TripleDES";t.encryptionSchemeIV=w(y,q[1]);var s=z(y,p[0]);if(s.length!=2){throw"malformed format: SEQUENCE(0.0.1.0).items != 2: "+s.length}if(w(y,s[0])!="2a864886f70d01050c"){throw"this only supports pkcs5PBKDF2"}var x=z(y,s[1]);if(x.length<2){throw"malformed format: SEQUENCE(0.0.1.0.1).items < 2: "+x.length}t.pbkdf2Salt=w(y,x[0]);var u=w(y,x[1]);try{t.pbkdf2Iter=parseInt(u,16)}catch(v){throw"malformed format pbkdf2Iter: "+u}return t},getPBKDF2KeyHexFromParam:function(u,p){var t=CryptoJS.enc.Hex.parse(u.pbkdf2Salt);var q=u.pbkdf2Iter;var s=CryptoJS.PBKDF2(p,t,{keySize:192/32,iterations:q});var r=CryptoJS.enc.Hex.stringify(s);return r},_getPlainPKCS8HexFromEncryptedPKCS8PEM:function(x,y){var r=pemtohex(x,"ENCRYPTED PRIVATE KEY");var p=this.parseHexOfEncryptedPKCS8(r);var u=KEYUTIL.getPBKDF2KeyHexFromParam(p,y);var v={};v.ciphertext=CryptoJS.enc.Hex.parse(p.ciphertext);var t=CryptoJS.enc.Hex.parse(u);var s=CryptoJS.enc.Hex.parse(p.encryptionSchemeIV);var w=CryptoJS.TripleDES.decrypt(v,t,{iv:s});var q=CryptoJS.enc.Hex.stringify(w);return q},getKeyFromEncryptedPKCS8PEM:function(s,q){var p=this._getPlainPKCS8HexFromEncryptedPKCS8PEM(s,q);var r=this.getKeyFromPlainPrivatePKCS8Hex(p);return r},parsePlainPrivatePKCS8Hex:function(s){var v=ASN1HEX;var u=v.getChildIdx;var t=v.getV;var q={};q.algparam=null;if(s.substr(0,2)!="30"){throw"malformed plain PKCS8 private key(code:001)"}var r=u(s,0);if(r.length!=3){throw"malformed plain PKCS8 private key(code:002)"}if(s.substr(r[1],2)!="30"){throw"malformed PKCS8 private key(code:003)"}var p=u(s,r[1]);if(p.length!=2){throw"malformed PKCS8 private key(code:004)"}if(s.substr(p[0],2)!="06"){throw"malformed PKCS8 private key(code:005)"}q.algoid=t(s,p[0]);if(s.substr(p[1],2)=="06"){q.algparam=t(s,p[1])}if(s.substr(r[2],2)!="04"){throw"malformed PKCS8 private key(code:006)"}q.keyidx=v.getVidx(s,r[2]);return q},getKeyFromPlainPrivatePKCS8PEM:function(q){var p=pemtohex(q,"PRIVATE KEY");var r=this.getKeyFromPlainPrivatePKCS8Hex(p);return r},getKeyFromPlainPrivatePKCS8Hex:function(p){var q=this.parsePlainPrivatePKCS8Hex(p);var r;if(q.algoid=="2a864886f70d010101"){r=new RSAKey()}else{if(q.algoid=="2a8648ce380401"){r=new KJUR.crypto.DSA()}else{if(q.algoid=="2a8648ce3d0201"){r=new KJUR.crypto.ECDSA()}else{throw"unsupported private key algorithm"}}}r.readPKCS8PrvKeyHex(p);return r},_getKeyFromPublicPKCS8Hex:function(q){var p;var r=ASN1HEX.getVbyList(q,0,[0,0],"06");if(r==="2a864886f70d010101"){p=new RSAKey()}else{if(r==="2a8648ce380401"){p=new KJUR.crypto.DSA()}else{if(r==="2a8648ce3d0201"){p=new KJUR.crypto.ECDSA()}else{throw"unsupported PKCS#8 public key hex"}}}p.readPKCS8PubKeyHex(q);return p},parsePublicRawRSAKeyHex:function(r){var u=ASN1HEX;var t=u.getChildIdx;var s=u.getV;var p={};if(r.substr(0,2)!="30"){throw"malformed RSA key(code:001)"}var q=t(r,0);if(q.length!=2){throw"malformed RSA key(code:002)"}if(r.substr(q[0],2)!="02"){throw"malformed RSA key(code:003)"}p.n=s(r,q[0]);if(r.substr(q[1],2)!="02"){throw"malformed RSA key(code:004)"}p.e=s(r,q[1]);return p},parsePublicPKCS8Hex:function(t){var v=ASN1HEX;var u=v.getChildIdx;var s=v.getV;var q={};q.algparam=null;var r=u(t,0);if(r.length!=2){throw"outer DERSequence shall have 2 elements: "+r.length}var w=r[0];if(t.substr(w,2)!="30"){throw"malformed PKCS8 public key(code:001)"}var p=u(t,w);if(p.length!=2){throw"malformed PKCS8 public key(code:002)"}if(t.substr(p[0],2)!="06"){throw"malformed PKCS8 public key(code:003)"}q.algoid=s(t,p[0]);if(t.substr(p[1],2)=="06"){q.algparam=s(t,p[1])}else{if(t.substr(p[1],2)=="30"){q.algparam={};q.algparam.p=v.getVbyList(t,p[1],[0],"02");q.algparam.q=v.getVbyList(t,p[1],[1],"02");q.algparam.g=v.getVbyList(t,p[1],[2],"02")}}if(t.substr(r[1],2)!="03"){throw"malformed PKCS8 public key(code:004)"}q.key=s(t,r[1]).substr(2);return q},}}();KEYUTIL.getKey=function(l,k,n){var G=ASN1HEX,L=G.getChildIdx,v=G.getV,d=G.getVbyList,c=KJUR.crypto,i=c.ECDSA,C=c.DSA,w=RSAKey,M=pemtohex,F=KEYUTIL;if(typeof w!="undefined"&&l instanceof w){return l}if(typeof i!="undefined"&&l instanceof i){return l}if(typeof C!="undefined"&&l instanceof C){return l}if(l.curve!==undefined&&l.xy!==undefined&&l.d===undefined){return new i({pub:l.xy,curve:l.curve})}if(l.curve!==undefined&&l.d!==undefined){return new i({prv:l.d,curve:l.curve})}if(l.kty===undefined&&l.n!==undefined&&l.e!==undefined&&l.d===undefined){var P=new w();P.setPublic(l.n,l.e);return P}if(l.kty===undefined&&l.n!==undefined&&l.e!==undefined&&l.d!==undefined&&l.p!==undefined&&l.q!==undefined&&l.dp!==undefined&&l.dq!==undefined&&l.co!==undefined&&l.qi===undefined){var P=new w();P.setPrivateEx(l.n,l.e,l.d,l.p,l.q,l.dp,l.dq,l.co);return P}if(l.kty===undefined&&l.n!==undefined&&l.e!==undefined&&l.d!==undefined&&l.p===undefined){var P=new w();P.setPrivate(l.n,l.e,l.d);return P}if(l.p!==undefined&&l.q!==undefined&&l.g!==undefined&&l.y!==undefined&&l.x===undefined){var P=new C();P.setPublic(l.p,l.q,l.g,l.y);return P}if(l.p!==undefined&&l.q!==undefined&&l.g!==undefined&&l.y!==undefined&&l.x!==undefined){var P=new C();P.setPrivate(l.p,l.q,l.g,l.y,l.x);return P}if(l.kty==="RSA"&&l.n!==undefined&&l.e!==undefined&&l.d===undefined){var P=new w();P.setPublic(b64utohex(l.n),b64utohex(l.e));return P}if(l.kty==="RSA"&&l.n!==undefined&&l.e!==undefined&&l.d!==undefined&&l.p!==undefined&&l.q!==undefined&&l.dp!==undefined&&l.dq!==undefined&&l.qi!==undefined){var P=new w();P.setPrivateEx(b64utohex(l.n),b64utohex(l.e),b64utohex(l.d),b64utohex(l.p),b64utohex(l.q),b64utohex(l.dp),b64utohex(l.dq),b64utohex(l.qi));return P}if(l.kty==="RSA"&&l.n!==undefined&&l.e!==undefined&&l.d!==undefined){var P=new w();P.setPrivate(b64utohex(l.n),b64utohex(l.e),b64utohex(l.d));return P}if(l.kty==="EC"&&l.crv!==undefined&&l.x!==undefined&&l.y!==undefined&&l.d===undefined){var j=new i({curve:l.crv});var t=j.ecparams.keylen/4;var B=("0000000000"+b64utohex(l.x)).slice(-t);var z=("0000000000"+b64utohex(l.y)).slice(-t);var u="04"+B+z;j.setPublicKeyHex(u);return j}if(l.kty==="EC"&&l.crv!==undefined&&l.x!==undefined&&l.y!==undefined&&l.d!==undefined){var j=new i({curve:l.crv});var t=j.ecparams.keylen/4;var B=("0000000000"+b64utohex(l.x)).slice(-t);var z=("0000000000"+b64utohex(l.y)).slice(-t);var u="04"+B+z;var b=("0000000000"+b64utohex(l.d)).slice(-t);j.setPublicKeyHex(u);j.setPrivateKeyHex(b);return j}if(n==="pkcs5prv"){var J=l,G=ASN1HEX,N,P;N=L(J,0);if(N.length===9){P=new w();P.readPKCS5PrvKeyHex(J)}else{if(N.length===6){P=new C();P.readPKCS5PrvKeyHex(J)}else{if(N.length>2&&J.substr(N[1],2)==="04"){P=new i();P.readPKCS5PrvKeyHex(J)}else{throw"unsupported PKCS#1/5 hexadecimal key"}}}return P}if(n==="pkcs8prv"){var P=F.getKeyFromPlainPrivatePKCS8Hex(l);return P}if(n==="pkcs8pub"){return F._getKeyFromPublicPKCS8Hex(l)}if(n==="x509pub"){return X509.getPublicKeyFromCertHex(l)}if(l.indexOf("-END CERTIFICATE-",0)!=-1||l.indexOf("-END X509 CERTIFICATE-",0)!=-1||l.indexOf("-END TRUSTED CERTIFICATE-",0)!=-1){return X509.getPublicKeyFromCertPEM(l)}if(l.indexOf("-END PUBLIC KEY-")!=-1){var O=pemtohex(l,"PUBLIC KEY");return F._getKeyFromPublicPKCS8Hex(O)}if(l.indexOf("-END RSA PRIVATE KEY-")!=-1&&l.indexOf("4,ENCRYPTED")==-1){var m=M(l,"RSA PRIVATE KEY");return F.getKey(m,null,"pkcs5prv")}if(l.indexOf("-END DSA PRIVATE KEY-")!=-1&&l.indexOf("4,ENCRYPTED")==-1){var I=M(l,"DSA PRIVATE KEY");var E=d(I,0,[1],"02");var D=d(I,0,[2],"02");var K=d(I,0,[3],"02");var r=d(I,0,[4],"02");var s=d(I,0,[5],"02");var P=new C();P.setPrivate(new BigInteger(E,16),new BigInteger(D,16),new BigInteger(K,16),new BigInteger(r,16),new BigInteger(s,16));return P}if(l.indexOf("-END EC PRIVATE KEY-")!=-1&&l.indexOf("4,ENCRYPTED")==-1){var m=M(l,"EC PRIVATE KEY");return F.getKey(m,null,"pkcs5prv")}if(l.indexOf("-END PRIVATE KEY-")!=-1){return F.getKeyFromPlainPrivatePKCS8PEM(l)}if(l.indexOf("-END RSA PRIVATE KEY-")!=-1&&l.indexOf("4,ENCRYPTED")!=-1){var o=F.getDecryptedKeyHex(l,k);var H=new RSAKey();H.readPKCS5PrvKeyHex(o);return H}if(l.indexOf("-END EC PRIVATE KEY-")!=-1&&l.indexOf("4,ENCRYPTED")!=-1){var I=F.getDecryptedKeyHex(l,k);var P=d(I,0,[1],"04");var f=d(I,0,[2,0],"06");var A=d(I,0,[3,0],"03").substr(2);var e="";if(KJUR.crypto.OID.oidhex2name[f]!==undefined){e=KJUR.crypto.OID.oidhex2name[f]}else{throw"undefined OID(hex) in KJUR.crypto.OID: "+f}var j=new i({curve:e});j.setPublicKeyHex(A);j.setPrivateKeyHex(P);j.isPublic=false;return j}if(l.indexOf("-END DSA PRIVATE KEY-")!=-1&&l.indexOf("4,ENCRYPTED")!=-1){var I=F.getDecryptedKeyHex(l,k);var E=d(I,0,[1],"02");var D=d(I,0,[2],"02");var K=d(I,0,[3],"02");var r=d(I,0,[4],"02");var s=d(I,0,[5],"02");var P=new C();P.setPrivate(new BigInteger(E,16),new BigInteger(D,16),new BigInteger(K,16),new BigInteger(r,16),new BigInteger(s,16));return P}if(l.indexOf("-END ENCRYPTED PRIVATE KEY-")!=-1){return F.getKeyFromEncryptedPKCS8PEM(l,k)}throw new Error("not supported argument")};KEYUTIL.generateKeypair=function(a,c){if(a=="RSA"){var b=c;var h=new RSAKey();h.generate(b,"10001");h.isPrivate=true;h.isPublic=true;var f=new RSAKey();var e=h.n.toString(16);var i=h.e.toString(16);f.setPublic(e,i);f.isPrivate=false;f.isPublic=true;var k={};k.prvKeyObj=h;k.pubKeyObj=f;return k}else{if(a=="EC"){var d=c;var g=new KJUR.crypto.ECDSA({curve:d});var j=g.generateKeyPairHex();var h=new KJUR.crypto.ECDSA({curve:d});h.setPublicKeyHex(j.ecpubhex);h.setPrivateKeyHex(j.ecprvhex);h.isPrivate=true;h.isPublic=false;var f=new KJUR.crypto.ECDSA({curve:d});f.setPublicKeyHex(j.ecpubhex);f.isPrivate=false;f.isPublic=true;var k={};k.prvKeyObj=h;k.pubKeyObj=f;return k}else{throw"unknown algorithm: "+a}}};KEYUTIL.getPEM=function(b,D,y,m,q,j){var F=KJUR,k=F.asn1,z=k.DERObjectIdentifier,f=k.DERInteger,l=k.ASN1Util.newObject,a=k.x509,C=a.SubjectPublicKeyInfo,e=F.crypto,u=e.DSA,r=e.ECDSA,n=RSAKey;function A(s){var G=l({seq:[{"int":0},{"int":{bigint:s.n}},{"int":s.e},{"int":{bigint:s.d}},{"int":{bigint:s.p}},{"int":{bigint:s.q}},{"int":{bigint:s.dmp1}},{"int":{bigint:s.dmq1}},{"int":{bigint:s.coeff}}]});return G}function B(G){var s=l({seq:[{"int":1},{octstr:{hex:G.prvKeyHex}},{tag:["a0",true,{oid:{name:G.curveName}}]},{tag:["a1",true,{bitstr:{hex:"00"+G.pubKeyHex}}]}]});return s}function x(s){var G=l({seq:[{"int":0},{"int":{bigint:s.p}},{"int":{bigint:s.q}},{"int":{bigint:s.g}},{"int":{bigint:s.y}},{"int":{bigint:s.x}}]});return G}if(((n!==undefined&&b instanceof n)||(u!==undefined&&b instanceof u)||(r!==undefined&&b instanceof r))&&b.isPublic==true&&(D===undefined||D=="PKCS8PUB")){var E=new C(b);var w=E.getEncodedHex();return hextopem(w,"PUBLIC KEY")}if(D=="PKCS1PRV"&&n!==undefined&&b instanceof n&&(y===undefined||y==null)&&b.isPrivate==true){var E=A(b);var w=E.getEncodedHex();return hextopem(w,"RSA PRIVATE KEY")}if(D=="PKCS1PRV"&&r!==undefined&&b instanceof r&&(y===undefined||y==null)&&b.isPrivate==true){var i=new z({name:b.curveName});var v=i.getEncodedHex();var h=B(b);var t=h.getEncodedHex();var p="";p+=hextopem(v,"EC PARAMETERS");p+=hextopem(t,"EC PRIVATE KEY");return p}if(D=="PKCS1PRV"&&u!==undefined&&b instanceof u&&(y===undefined||y==null)&&b.isPrivate==true){var E=x(b);var w=E.getEncodedHex();return hextopem(w,"DSA PRIVATE KEY")}if(D=="PKCS5PRV"&&n!==undefined&&b instanceof n&&(y!==undefined&&y!=null)&&b.isPrivate==true){var E=A(b);var w=E.getEncodedHex();if(m===undefined){m="DES-EDE3-CBC"}return this.getEncryptedPKCS5PEMFromPrvKeyHex("RSA",w,y,m,j)}if(D=="PKCS5PRV"&&r!==undefined&&b instanceof r&&(y!==undefined&&y!=null)&&b.isPrivate==true){var E=B(b);var w=E.getEncodedHex();if(m===undefined){m="DES-EDE3-CBC"}return this.getEncryptedPKCS5PEMFromPrvKeyHex("EC",w,y,m,j)}if(D=="PKCS5PRV"&&u!==undefined&&b instanceof u&&(y!==undefined&&y!=null)&&b.isPrivate==true){var E=x(b);var w=E.getEncodedHex();if(m===undefined){m="DES-EDE3-CBC"}return this.getEncryptedPKCS5PEMFromPrvKeyHex("DSA",w,y,m,j)}var o=function(G,s){var I=c(G,s);var H=new l({seq:[{seq:[{oid:{name:"pkcs5PBES2"}},{seq:[{seq:[{oid:{name:"pkcs5PBKDF2"}},{seq:[{octstr:{hex:I.pbkdf2Salt}},{"int":I.pbkdf2Iter}]}]},{seq:[{oid:{name:"des-EDE3-CBC"}},{octstr:{hex:I.encryptionSchemeIV}}]}]}]},{octstr:{hex:I.ciphertext}}]});return H.getEncodedHex()};var c=function(N,O){var H=100;var M=CryptoJS.lib.WordArray.random(8);var L="DES-EDE3-CBC";var s=CryptoJS.lib.WordArray.random(8);var I=CryptoJS.PBKDF2(O,M,{keySize:192/32,iterations:H});var J=CryptoJS.enc.Hex.parse(N);var K=CryptoJS.TripleDES.encrypt(J,I,{iv:s})+"";var G={};G.ciphertext=K;G.pbkdf2Salt=CryptoJS.enc.Hex.stringify(M);G.pbkdf2Iter=H;G.encryptionSchemeAlg=L;G.encryptionSchemeIV=CryptoJS.enc.Hex.stringify(s);return G};if(D=="PKCS8PRV"&&n!=undefined&&b instanceof n&&b.isPrivate==true){var g=A(b);var d=g.getEncodedHex();var E=l({seq:[{"int":0},{seq:[{oid:{name:"rsaEncryption"}},{"null":true}]},{octstr:{hex:d}}]});var w=E.getEncodedHex();if(y===undefined||y==null){return hextopem(w,"PRIVATE KEY")}else{var t=o(w,y);return hextopem(t,"ENCRYPTED PRIVATE KEY")}}if(D=="PKCS8PRV"&&r!==undefined&&b instanceof r&&b.isPrivate==true){var g=new l({seq:[{"int":1},{octstr:{hex:b.prvKeyHex}},{tag:["a1",true,{bitstr:{hex:"00"+b.pubKeyHex}}]}]});var d=g.getEncodedHex();var E=l({seq:[{"int":0},{seq:[{oid:{name:"ecPublicKey"}},{oid:{name:b.curveName}}]},{octstr:{hex:d}}]});var w=E.getEncodedHex();if(y===undefined||y==null){return hextopem(w,"PRIVATE KEY")}else{var t=o(w,y);return hextopem(t,"ENCRYPTED PRIVATE KEY")}}if(D=="PKCS8PRV"&&u!==undefined&&b instanceof u&&b.isPrivate==true){var g=new f({bigint:b.x});var d=g.getEncodedHex();var E=l({seq:[{"int":0},{seq:[{oid:{name:"dsa"}},{seq:[{"int":{bigint:b.p}},{"int":{bigint:b.q}},{"int":{bigint:b.g}}]}]},{octstr:{hex:d}}]});var w=E.getEncodedHex();if(y===undefined||y==null){return hextopem(w,"PRIVATE KEY")}else{var t=o(w,y);return hextopem(t,"ENCRYPTED PRIVATE KEY")}}throw new Error("unsupported object nor format")};KEYUTIL.getKeyFromCSRPEM=function(b){var a=pemtohex(b,"CERTIFICATE REQUEST");var c=KEYUTIL.getKeyFromCSRHex(a);return c};KEYUTIL.getKeyFromCSRHex=function(a){var c=KEYUTIL.parseCSRHex(a);var b=KEYUTIL.getKey(c.p8pubkeyhex,null,"pkcs8pub");return b};KEYUTIL.parseCSRHex=function(d){var i=ASN1HEX;var f=i.getChildIdx;var c=i.getTLV;var b={};var g=d;if(g.substr(0,2)!="30"){throw"malformed CSR(code:001)"}var e=f(g,0);if(e.length<1){throw"malformed CSR(code:002)"}if(g.substr(e[0],2)!="30"){throw"malformed CSR(code:003)"}var a=f(g,e[0]);if(a.length<3){throw"malformed CSR(code:004)"}b.p8pubkeyhex=c(g,a[2]);return b};KEYUTIL.getKeyID=function(f){var c=KEYUTIL;var e=ASN1HEX;if(typeof f==="string"&&f.indexOf("BEGIN ")!=-1){f=c.getKey(f)}var d=pemtohex(c.getPEM(f));var b=e.getIdxbyList(d,0,[1]);var a=e.getV(d,b).substring(2);return KJUR.crypto.Util.hashHex(a,"sha1")};KEYUTIL.getJWKFromKey=function(d){var b={};if(d instanceof RSAKey&&d.isPrivate){b.kty="RSA";b.n=hextob64u(d.n.toString(16));b.e=hextob64u(d.e.toString(16));b.d=hextob64u(d.d.toString(16));b.p=hextob64u(d.p.toString(16));b.q=hextob64u(d.q.toString(16));b.dp=hextob64u(d.dmp1.toString(16));b.dq=hextob64u(d.dmq1.toString(16));b.qi=hextob64u(d.coeff.toString(16));return b}else{if(d instanceof RSAKey&&d.isPublic){b.kty="RSA";b.n=hextob64u(d.n.toString(16));b.e=hextob64u(d.e.toString(16));return b}else{if(d instanceof KJUR.crypto.ECDSA&&d.isPrivate){var a=d.getShortNISTPCurveName();if(a!=="P-256"&&a!=="P-384"){throw"unsupported curve name for JWT: "+a}var c=d.getPublicKeyXYHex();b.kty="EC";b.crv=a;b.x=hextob64u(c.x);b.y=hextob64u(c.y);b.d=hextob64u(d.prvKeyHex);return b}else{if(d instanceof KJUR.crypto.ECDSA&&d.isPublic){var a=d.getShortNISTPCurveName();if(a!=="P-256"&&a!=="P-384"){throw"unsupported curve name for JWT: "+a}var c=d.getPublicKeyXYHex();b.kty="EC";b.crv=a;b.x=hextob64u(c.x);b.y=hextob64u(c.y);return b}}}}throw"not supported key object"}; RSAKey.getPosArrayOfChildrenFromHex=function(a){return ASN1HEX.getChildIdx(a,0)};RSAKey.getHexValueArrayOfChildrenFromHex=function(f){var n=ASN1HEX;var i=n.getV;var k=RSAKey.getPosArrayOfChildrenFromHex(f);var e=i(f,k[0]);var j=i(f,k[1]);var b=i(f,k[2]);var c=i(f,k[3]);var h=i(f,k[4]);var g=i(f,k[5]);var m=i(f,k[6]);var l=i(f,k[7]);var d=i(f,k[8]);var k=new Array();k.push(e,j,b,c,h,g,m,l,d);return k};RSAKey.prototype.readPrivateKeyFromPEMString=function(d){var c=pemtohex(d);var b=RSAKey.getHexValueArrayOfChildrenFromHex(c);this.setPrivateEx(b[1],b[2],b[3],b[4],b[5],b[6],b[7],b[8])};RSAKey.prototype.readPKCS5PrvKeyHex=function(c){var b=RSAKey.getHexValueArrayOfChildrenFromHex(c);this.setPrivateEx(b[1],b[2],b[3],b[4],b[5],b[6],b[7],b[8])};RSAKey.prototype.readPKCS8PrvKeyHex=function(e){var c,i,k,b,a,f,d,j;var m=ASN1HEX;var l=m.getVbyListEx;if(m.isASN1HEX(e)===false){throw new Error("not ASN.1 hex string")}try{c=l(e,0,[2,0,1],"02");i=l(e,0,[2,0,2],"02");k=l(e,0,[2,0,3],"02");b=l(e,0,[2,0,4],"02");a=l(e,0,[2,0,5],"02");f=l(e,0,[2,0,6],"02");d=l(e,0,[2,0,7],"02");j=l(e,0,[2,0,8],"02")}catch(g){throw new Error("malformed PKCS#8 plain RSA private key")}this.setPrivateEx(c,i,k,b,a,f,d,j)};RSAKey.prototype.readPKCS5PubKeyHex=function(c){var e=ASN1HEX;var b=e.getV;if(e.isASN1HEX(c)===false){throw new Error("keyHex is not ASN.1 hex string")}var a=e.getChildIdx(c,0);if(a.length!==2||c.substr(a[0],2)!=="02"||c.substr(a[1],2)!=="02"){throw new Error("wrong hex for PKCS#5 public key")}var f=b(c,a[0]);var d=b(c,a[1]);this.setPublic(f,d)};RSAKey.prototype.readPKCS8PubKeyHex=function(b){var c=ASN1HEX;if(c.isASN1HEX(b)===false){throw new Error("not ASN.1 hex string")}if(c.getTLVbyListEx(b,0,[0,0])!=="06092a864886f70d010101"){throw new Error("not PKCS8 RSA public key")}var a=c.getTLVbyListEx(b,0,[1,0]);this.readPKCS5PubKeyHex(a)};RSAKey.prototype.readCertPubKeyHex=function(b,d){var a,c;a=new X509();a.readCertHex(b);c=a.getPublicKeyHex();this.readPKCS8PubKeyHex(c)}; var _RE_HEXDECONLY=new RegExp("[^0-9a-f]","gi");function _rsasign_getHexPaddedDigestInfoForString(d,e,a){var b=function(f){return KJUR.crypto.Util.hashString(f,a)};var c=b(d);return KJUR.crypto.Util.getPaddedDigestInfoHex(c,a,e)}function _zeroPaddingOfSignature(e,d){var c="";var a=d/4-e.length;for(var b=0;b>24,(d&16711680)>>16,(d&65280)>>8,d&255]))));d+=1}return b}RSAKey.prototype.signPSS=function(e,a,d){var c=function(f){return KJUR.crypto.Util.hashHex(f,a)};var b=c(rstrtohex(e));if(d===undefined){d=-1}return this.signWithMessageHashPSS(b,a,d)};RSAKey.prototype.signWithMessageHashPSS=function(l,a,k){var b=hextorstr(l);var g=b.length;var m=this.n.bitLength()-1;var c=Math.ceil(m/8);var d;var o=function(i){return KJUR.crypto.Util.hashHex(i,a)};if(k===-1||k===undefined){k=g}else{if(k===-2){k=c-g-2}else{if(k<-2){throw new Error("invalid salt length")}}}if(c<(g+k+2)){throw new Error("data too long")}var f="";if(k>0){f=new Array(k);new SecureRandom().nextBytes(f);f=String.fromCharCode.apply(String,f)}var n=hextorstr(o(rstrtohex("\x00\x00\x00\x00\x00\x00\x00\x00"+b+f)));var j=[];for(d=0;d>(8*c-m))&255;q[0]&=~p;for(d=0;dthis.n.bitLength()){return 0}var i=this.doPublic(b);var e=i.toString(16).replace(/^1f+00/,"");var g=_rsasign_getAlgNameAndHashFromHexDisgestInfo(e);if(g.length==0){return false}var d=g[0];var h=g[1];var a=function(k){return KJUR.crypto.Util.hashString(k,d)};var c=a(f);return(h==c)};RSAKey.prototype.verifyWithMessageHash=function(e,a){if(a.length!=Math.ceil(this.n.bitLength()/4)){return false}var b=parseBigInt(a,16);if(b.bitLength()>this.n.bitLength()){return 0}var h=this.doPublic(b);var g=h.toString(16).replace(/^1f+00/,"");var c=_rsasign_getAlgNameAndHashFromHexDisgestInfo(g);if(c.length==0){return false}var d=c[0];var f=c[1];return(f==e)};RSAKey.prototype.verifyPSS=function(c,b,a,f){var e=function(g){return KJUR.crypto.Util.hashHex(g,a)};var d=e(rstrtohex(c));if(f===undefined){f=-1}return this.verifyWithMessageHashPSS(d,b,a,f)};RSAKey.prototype.verifyWithMessageHashPSS=function(f,s,l,c){if(s.length!=Math.ceil(this.n.bitLength()/4)){return false}var k=new BigInteger(s,16);var r=function(i){return KJUR.crypto.Util.hashHex(i,l)};var j=hextorstr(f);var h=j.length;var g=this.n.bitLength()-1;var m=Math.ceil(g/8);var q;if(c===-1||c===undefined){c=h}else{if(c===-2){c=m-h-2}else{if(c<-2){throw new Error("invalid salt length")}}}if(m<(h+c+2)){throw new Error("data too long")}var a=this.doPublic(k).toByteArray();for(q=0;q>(8*m-g))&255;if((d.charCodeAt(0)&p)!==0){throw new Error("bits beyond keysize not zero")}var n=pss_mgf1_str(e,d.length,r);var o=[];for(q=0;q1){var z=b(v,u[1]);var t=this.getGeneralName(z);if(t.uri!=undefined){s.uri=t.uri}}if(u.length>2){var w=b(v,u[2]);if(w=="0101ff"){s.reqauth=true}if(w=="010100"){s.reqauth=false}}return s};this.getX500NameRule=function(s){var z=true;var D=true;var C=false;var t="";var w="";var F=null;var A=[];for(var v=0;v0){s.ext=this.getExtParamArray()}s.sighex=this.getSignatureValueHex();return s};this.getExtParamArray=function(t){if(t==undefined){var v=e(this.hex,0,[0,"[3]"]);if(v!=-1){t=l(this.hex,0,[0,"[3]",0],"30")}}var s=[];var u=n(t,0);for(var w=0;w1){var z=b(v,u[1]);var t=this.getGeneralName(z);if(t.uri!=undefined){s.uri=t.uri}}if(u.length>2){var w=b(v,u[2]);if(w=="0101ff"){s.reqauth=true}if(w=="010100"){s.reqauth=false}}return s};this.getX500NameRule=function(s){var z=true;var D=true;var C=false;var t="";var w="";var F=null;var A=[];for(var v=0;v0){s.ext=this.getExtParamArray()}s.sighex=this.getSignatureValueHex();return s};this.getExtParamArray=function(t){if(t==undefined){var v=e(this.hex,0,[0,"[3]"]);if(v!=-1){t=l(this.hex,0,[0,"[3]",0],"30")}}var s=[];var u=n(t,0);for(var w=0;w0){var b=":"+n.join(":")+":";if(b.indexOf(":"+k+":")==-1){throw"algorithm '"+k+"' not accepted in the list"}}if(k!="none"&&B===null){throw"key shall be specified to verify."}if(typeof B=="string"&&B.indexOf("-----BEGIN ")!=-1){B=KEYUTIL.getKey(B)}if(z=="RS"||z=="PS"){if(!(B instanceof m)){throw"key shall be a RSAKey obj for RS* and PS* algs"}}if(z=="ES"){if(!(B instanceof p)){throw"key shall be a ECDSA obj for ES* algs"}}if(k=="none"){}var u=null;if(t.jwsalg2sigalg[l.alg]===undefined){throw"unsupported alg name: "+k}else{u=t.jwsalg2sigalg[k]}if(u=="none"){throw"not supported"}else{if(u.substr(0,4)=="Hmac"){var o=null;if(B===undefined){throw"hexadecimal key shall be specified for HMAC"}var j=new s({alg:u,pass:B});j.updateString(c);o=j.doFinal();return A==o}else{if(u.indexOf("withECDSA")!=-1){var h=null;try{h=p.concatSigToASN1Sig(A)}catch(v){return false}var g=new d({alg:u});g.init(B);g.updateString(c);return g.verify(h)}else{var g=new d({alg:u});g.init(B);g.updateString(c);return g.verify(A)}}}};KJUR.jws.JWS.parse=function(g){var c=g.split(".");var b={};var f,e,d;if(c.length!=2&&c.length!=3){throw"malformed sJWS: wrong number of '.' splitted elements"}f=c[0];e=c[1];if(c.length==3){d=c[2]}b.headerObj=KJUR.jws.JWS.readSafeJSONString(b64utoutf8(f));b.payloadObj=KJUR.jws.JWS.readSafeJSONString(b64utoutf8(e));b.headerPP=JSON.stringify(b.headerObj,null," ");if(b.payloadObj==null){b.payloadPP=b64utoutf8(e)}else{b.payloadPP=JSON.stringify(b.payloadObj,null," ")}if(d!==undefined){b.sigHex=b64utohex(d)}return b};KJUR.jws.JWS.verifyJWT=function(e,l,r){var d=KJUR,j=d.jws,o=j.JWS,n=o.readSafeJSONString,p=o.inArray,f=o.includedArray;var k=e.split(".");var c=k[0];var i=k[1];var q=c+"."+i;var m=b64utohex(k[2]);var h=n(b64utoutf8(c));var g=n(b64utoutf8(i));if(h.alg===undefined){return false}if(r.alg===undefined){throw"acceptField.alg shall be specified"}if(!p(h.alg,r.alg)){return false}if(g.iss!==undefined&&typeof r.iss==="object"){if(!p(g.iss,r.iss)){return false}}if(g.sub!==undefined&&typeof r.sub==="object"){if(!p(g.sub,r.sub)){return false}}if(g.aud!==undefined&&typeof r.aud==="object"){if(typeof g.aud=="string"){if(!p(g.aud,r.aud)){return false}}else{if(typeof g.aud=="object"){if(!f(g.aud,r.aud)){return false}}}}var b=j.IntDate.getNow();if(r.verifyAt!==undefined&&typeof r.verifyAt==="number"){b=r.verifyAt}if(r.gracePeriod===undefined||typeof r.gracePeriod!=="number"){r.gracePeriod=0}if(g.exp!==undefined&&typeof g.exp=="number"){if(g.exp+r.gracePeriodl){this.aHeader.pop()}if(this.aSignature.length>l){this.aSignature.pop()}throw"addSignature failed: "+i}};this.verifyAll=function(h){if(this.aHeader.length!==h.length||this.aSignature.length!==h.length){return false}for(var g=0;g0){this.aHeader=g.headers}else{throw"malformed header"}if(typeof g.payload==="string"){this.sPayload=g.payload}else{throw"malformed signatures"}if(g.signatures.length>0){this.aSignature=g.signatures}else{throw"malformed signatures"}}catch(e){throw"malformed JWS-JS JSON object: "+e}}};this.getJSON=function(){return{headers:this.aHeader,payload:this.sPayload,signatures:this.aSignature}};this.isEmpty=function(){if(this.aHeader.length==0){return 1}return 0}}; diff --git a/jsrsasign-jwths-min.js b/jsrsasign-jwths-min.js index 01fbb8a3..26531574 100644 --- a/jsrsasign-jwths-min.js +++ b/jsrsasign-jwths-min.js @@ -1,5 +1,5 @@ /* - * jsrsasign(jwths) 10.0.3 (2020-10-21) (c) 2010-2020 Kenji Urushima | kjur.github.com/jsrsasign/license + * jsrsasign(jwths) 10.0.4 (2020-10-23) (c) 2010-2020 Kenji Urushima | kjur.github.com/jsrsasign/license */ /*! diff --git a/jsrsasign-rsa-min.js b/jsrsasign-rsa-min.js index 30d267b8..3e3842cf 100644 --- a/jsrsasign-rsa-min.js +++ b/jsrsasign-rsa-min.js @@ -1,5 +1,5 @@ /* - * jsrsasign(rsa) 10.0.3 (2020-10-21) (c) 2010-2020 Kenji Urushima | kjur.github.com/jsrsasign/license + * jsrsasign(rsa) 10.0.4 (2020-10-23) (c) 2010-2020 Kenji Urushima | kjur.github.com/jsrsasign/license */ /*! diff --git a/min/nodeutil-1.0.min.js b/min/nodeutil-1.0.min.js index 6ab87302..ee18bc0d 100644 --- a/min/nodeutil-1.0.min.js +++ b/min/nodeutil-1.0.min.js @@ -1,3 +1 @@ -/*! nodeutil-1.0.0 (c) 2015 Kenji Urushima | kjur.github.com/jsrsasign/license - */ -function readFileUTF8(a){return require("fs").readFileSync(a,"utf8")}function readFileHexByBin(c){var b=require("jsrsasign");var a=require("fs");return b.rstrtohex(a.readFileSync(c,"binary"))}function readFile(b){var a=require("fs");return a.readFileSync(b,"binary")}function saveFile(c,b){var a=require("fs");a.writeFileSync(c,b,"binary")}function saveFileBinByHex(e,b){var a=require("fs");var c=require("jsrsasign");var d=c.hextorstr(b);a.writeFileSync(e,d,"binary")}; \ No newline at end of file +var fs=require("fs");var JSONC=require("jsonc-parser");var rs=require("jsrsasign");function readFileUTF8(a){return require("fs").readFileSync(a,"utf8")}function readFileHexByBin(a){return rs.rstrtohex(fs.readFileSync(a,"binary"))}function readFile(a){return fs.readFileSync(a,"binary")}function saveFile(c,b){var a=require("fs");a.writeFileSync(c,b,"binary")}function saveFileBinByHex(c,a){var b=rs.hextorstr(a);fs.writeFileSync(c,b,"binary")}function readJSON(b){var a=fs.readFileSync(b,"utf8");var c=JSON.parse(a);return c}function readJSONC(b){var a=fs.readFileSync(b,"utf8");var c=JSONC.parse(a);return c}function saveFileJSON(a,b){var c=JSON.stringify(b,null," ");saveFile(a,c)}function printJSON(a,c){var b="";if(c!=undefined){b=c}console.log(b+JSON.stringify(a,null," "))}; \ No newline at end of file diff --git a/min/x509-1.1.min.js b/min/x509-1.1.min.js index 4bcc592d..7c4c5570 100644 --- a/min/x509-1.1.min.js +++ b/min/x509-1.1.min.js @@ -1 +1 @@ -function X509(q){var j=ASN1HEX,n=j.getChildIdx,g=j.getV,b=j.getTLV,c=j.getVbyList,k=j.getVbyListEx,a=j.getTLVbyList,l=j.getTLVbyListEx,h=j.getIdxbyList,e=j.getIdxbyListEx,i=j.getVidx,p=j.oidname,m=j.hextooidstr,d=X509,r=pemtohex,f;try{f=KJUR.asn1.x509.AlgorithmIdentifier.PSSNAME2ASN1TLV}catch(o){}this.HEX2STAG={"0c":"utf8","13":"prn","16":"ia5","1a":"vis","1e":"bmp"};this.hex=null;this.version=0;this.foffset=0;this.aExtInfo=null;this.getVersion=function(){if(this.hex===null||this.version!==0){return this.version}if(a(this.hex,0,[0,0])!=="a003020102"){this.version=1;this.foffset=-1;return 1}this.version=3;return 3};this.getSerialNumberHex=function(){return k(this.hex,0,[0,0],"02")};this.getSignatureAlgorithmField=function(){var s=l(this.hex,0,[0,1]);return this.getAlgorithmIdentifierName(s)};this.getAlgorithmIdentifierName=function(s){for(var t in f){if(s===f[t]){return t}}return p(k(s,0,[0],"06"))};this.getIssuer=function(){var s={};s.array=this.getX500Name(this.getIssuerHex());s.str=this.getIssuerString();return s};this.getIssuerHex=function(){return a(this.hex,0,[0,3+this.foffset],"30")};this.getIssuerString=function(){return d.hex2dn(this.getIssuerHex())};this.getSubject=function(){var s={};s.array=this.getX500Name(this.getSubjectHex());s.str=this.getSubjectString();return s};this.getSubjectHex=function(){return a(this.hex,0,[0,5+this.foffset],"30")};this.getSubjectString=function(){return d.hex2dn(this.getSubjectHex())};this.getNotBefore=function(){var t=c(this.hex,0,[0,4+this.foffset,0]);t=t.replace(/(..)/g,"%$1");t=decodeURIComponent(t);return t};this.getNotAfter=function(){var t=c(this.hex,0,[0,4+this.foffset,1]);t=t.replace(/(..)/g,"%$1");t=decodeURIComponent(t);return t};this.getPublicKeyHex=function(){return j.getTLVbyList(this.hex,0,[0,6+this.foffset],"30")};this.getPublicKeyIdx=function(){return h(this.hex,0,[0,6+this.foffset],"30")};this.getPublicKeyContentIdx=function(){var s=this.getPublicKeyIdx();return h(this.hex,s,[1,0],"30")};this.getPublicKey=function(){return KEYUTIL.getKey(this.getPublicKeyHex(),null,"pkcs8pub")};this.getSignatureAlgorithmName=function(){var s=a(this.hex,0,[1],"30");return this.getAlgorithmIdentifierName(s)};this.getSignatureValueHex=function(){return c(this.hex,0,[2],"03",true)};this.verifySignature=function(u){var v=this.getSignatureAlgorithmField();var s=this.getSignatureValueHex();var t=a(this.hex,0,[0],"30");var w=new KJUR.crypto.Signature({alg:v});w.init(u);w.updateHex(t);return w.verify(s)};this.parseExt=function(B){var u,s,w;if(B===undefined){w=this.hex;if(this.version!==3){return -1}u=h(w,0,[0,7,0],"30");s=n(w,u)}else{w=pemtohex(B);var x=h(w,0,[0,3,0,0],"06");if(g(w,x)!="2a864886f70d01090e"){this.aExtInfo=new Array();return}u=h(w,0,[0,3,0,1,0],"30");s=n(w,u);this.hex=w}this.aExtInfo=new Array();for(var v=0;v1){var z=b(v,u[1]);var t=this.getGeneralName(z);if(t.uri!=undefined){s.uri=t.uri}}if(u.length>2){var w=b(v,u[2]);if(w=="0101ff"){s.reqauth=true}if(w=="010100"){s.reqauth=false}}return s};this.getX500NameRule=function(s){var z=true;var D=true;var C=false;var t="";var w="";var F=null;var A=[];for(var v=0;v0){s.ext=this.getExtParamArray()}s.sighex=this.getSignatureValueHex();return s};this.getExtParamArray=function(t){if(t==undefined){var v=e(this.hex,0,[0,"[3]"]);if(v!=-1){t=l(this.hex,0,[0,"[3]",0],"30")}}var s=[];var u=n(t,0);for(var w=0;w1){var z=b(v,u[1]);var t=this.getGeneralName(z);if(t.uri!=undefined){s.uri=t.uri}}if(u.length>2){var w=b(v,u[2]);if(w=="0101ff"){s.reqauth=true}if(w=="010100"){s.reqauth=false}}return s};this.getX500NameRule=function(s){var z=true;var D=true;var C=false;var t="";var w="";var F=null;var A=[];for(var v=0;v0){s.ext=this.getExtParamArray()}s.sighex=this.getSignatureValueHex();return s};this.getExtParamArray=function(t){if(t==undefined){var v=e(this.hex,0,[0,"[3]"]);if(v!=-1){t=l(this.hex,0,[0,"[3]",0],"30")}}var s=[];var u=n(t,0);for(var w=0;w=u*2){break}}var z={};z.keyhex=x.substr(0,i[q]["keylen"]*2);z.ivhex=x.substr(i[q]["keylen"]*2,i[q]["ivlen"]*2);return z};var b=function(p,v,r,w){var s=CryptoJS.enc.Base64.parse(p);var q=CryptoJS.enc.Hex.stringify(s);var u=i[v]["proc"];var t=u(q,r,w);return t};var h=function(p,s,q,u){var r=i[s]["eproc"];var t=r(p,q,u);return t};return{version:"1.0.0",parsePKCS5PEM:function(p){return n(p)},getKeyAndUnusedIvByPasscodeAndIvsalt:function(q,p,r){return j(q,p,r)},decryptKeyB64:function(p,r,q,s){return b(p,r,q,s)},getDecryptedKeyHex:function(y,x){var q=n(y);var t=q.type;var r=q.cipher;var p=q.ivsalt;var s=q.data;var w=j(r,x,p);var v=w.keyhex;var u=b(s,r,v,p);return u},getEncryptedPKCS5PEMFromPrvKeyHex:function(x,s,A,t,r){var p="";if(typeof t=="undefined"||t==null){t="AES-256-CBC"}if(typeof i[t]=="undefined"){throw"KEYUTIL unsupported algorithm: "+t}if(typeof r=="undefined"||r==null){var v=i[t]["ivlen"];var u=m(v);r=u.toUpperCase()}var z=j(t,A,r);var y=z.keyhex;var w=h(s,t,y,r);var q=w.replace(/(.{64})/g,"$1\r\n");var p="-----BEGIN "+x+" PRIVATE KEY-----\r\n";p+="Proc-Type: 4,ENCRYPTED\r\n";p+="DEK-Info: "+t+","+r+"\r\n";p+="\r\n";p+=q;p+="\r\n-----END "+x+" PRIVATE KEY-----\r\n";return p},parseHexOfEncryptedPKCS8:function(y){var B=ASN1HEX;var z=B.getChildIdx;var w=B.getV;var t={};var r=z(y,0);if(r.length!=2){throw"malformed format: SEQUENCE(0).items != 2: "+r.length}t.ciphertext=w(y,r[1]);var A=z(y,r[0]);if(A.length!=2){throw"malformed format: SEQUENCE(0.0).items != 2: "+A.length}if(w(y,A[0])!="2a864886f70d01050d"){throw"this only supports pkcs5PBES2"}var p=z(y,A[1]);if(A.length!=2){throw"malformed format: SEQUENCE(0.0.1).items != 2: "+p.length}var q=z(y,p[1]);if(q.length!=2){throw"malformed format: SEQUENCE(0.0.1.1).items != 2: "+q.length}if(w(y,q[0])!="2a864886f70d0307"){throw"this only supports TripleDES"}t.encryptionSchemeAlg="TripleDES";t.encryptionSchemeIV=w(y,q[1]);var s=z(y,p[0]);if(s.length!=2){throw"malformed format: SEQUENCE(0.0.1.0).items != 2: "+s.length}if(w(y,s[0])!="2a864886f70d01050c"){throw"this only supports pkcs5PBKDF2"}var x=z(y,s[1]);if(x.length<2){throw"malformed format: SEQUENCE(0.0.1.0.1).items < 2: "+x.length}t.pbkdf2Salt=w(y,x[0]);var u=w(y,x[1]);try{t.pbkdf2Iter=parseInt(u,16)}catch(v){throw"malformed format pbkdf2Iter: "+u}return t},getPBKDF2KeyHexFromParam:function(u,p){var t=CryptoJS.enc.Hex.parse(u.pbkdf2Salt);var q=u.pbkdf2Iter;var s=CryptoJS.PBKDF2(p,t,{keySize:192/32,iterations:q});var r=CryptoJS.enc.Hex.stringify(s);return r},_getPlainPKCS8HexFromEncryptedPKCS8PEM:function(x,y){var r=pemtohex(x,"ENCRYPTED PRIVATE KEY");var p=this.parseHexOfEncryptedPKCS8(r);var u=KEYUTIL.getPBKDF2KeyHexFromParam(p,y);var v={};v.ciphertext=CryptoJS.enc.Hex.parse(p.ciphertext);var t=CryptoJS.enc.Hex.parse(u);var s=CryptoJS.enc.Hex.parse(p.encryptionSchemeIV);var w=CryptoJS.TripleDES.decrypt(v,t,{iv:s});var q=CryptoJS.enc.Hex.stringify(w);return q},getKeyFromEncryptedPKCS8PEM:function(s,q){var p=this._getPlainPKCS8HexFromEncryptedPKCS8PEM(s,q);var r=this.getKeyFromPlainPrivatePKCS8Hex(p);return r},parsePlainPrivatePKCS8Hex:function(s){var v=ASN1HEX;var u=v.getChildIdx;var t=v.getV;var q={};q.algparam=null;if(s.substr(0,2)!="30"){throw"malformed plain PKCS8 private key(code:001)"}var r=u(s,0);if(r.length!=3){throw"malformed plain PKCS8 private key(code:002)"}if(s.substr(r[1],2)!="30"){throw"malformed PKCS8 private key(code:003)"}var p=u(s,r[1]);if(p.length!=2){throw"malformed PKCS8 private key(code:004)"}if(s.substr(p[0],2)!="06"){throw"malformed PKCS8 private key(code:005)"}q.algoid=t(s,p[0]);if(s.substr(p[1],2)=="06"){q.algparam=t(s,p[1])}if(s.substr(r[2],2)!="04"){throw"malformed PKCS8 private key(code:006)"}q.keyidx=v.getVidx(s,r[2]);return q},getKeyFromPlainPrivatePKCS8PEM:function(q){var p=pemtohex(q,"PRIVATE KEY");var r=this.getKeyFromPlainPrivatePKCS8Hex(p);return r},getKeyFromPlainPrivatePKCS8Hex:function(p){var q=this.parsePlainPrivatePKCS8Hex(p);var r;if(q.algoid=="2a864886f70d010101"){r=new RSAKey()}else{if(q.algoid=="2a8648ce380401"){r=new KJUR.crypto.DSA()}else{if(q.algoid=="2a8648ce3d0201"){r=new KJUR.crypto.ECDSA()}else{throw"unsupported private key algorithm"}}}r.readPKCS8PrvKeyHex(p);return r},_getKeyFromPublicPKCS8Hex:function(q){var p;var r=ASN1HEX.getVbyList(q,0,[0,0],"06");if(r==="2a864886f70d010101"){p=new RSAKey()}else{if(r==="2a8648ce380401"){p=new KJUR.crypto.DSA()}else{if(r==="2a8648ce3d0201"){p=new KJUR.crypto.ECDSA()}else{throw"unsupported PKCS#8 public key hex"}}}p.readPKCS8PubKeyHex(q);return p},parsePublicRawRSAKeyHex:function(r){var u=ASN1HEX;var t=u.getChildIdx;var s=u.getV;var p={};if(r.substr(0,2)!="30"){throw"malformed RSA key(code:001)"}var q=t(r,0);if(q.length!=2){throw"malformed RSA key(code:002)"}if(r.substr(q[0],2)!="02"){throw"malformed RSA key(code:003)"}p.n=s(r,q[0]);if(r.substr(q[1],2)!="02"){throw"malformed RSA key(code:004)"}p.e=s(r,q[1]);return p},parsePublicPKCS8Hex:function(t){var v=ASN1HEX;var u=v.getChildIdx;var s=v.getV;var q={};q.algparam=null;var r=u(t,0);if(r.length!=2){throw"outer DERSequence shall have 2 elements: "+r.length}var w=r[0];if(t.substr(w,2)!="30"){throw"malformed PKCS8 public key(code:001)"}var p=u(t,w);if(p.length!=2){throw"malformed PKCS8 public key(code:002)"}if(t.substr(p[0],2)!="06"){throw"malformed PKCS8 public key(code:003)"}q.algoid=s(t,p[0]);if(t.substr(p[1],2)=="06"){q.algparam=s(t,p[1])}else{if(t.substr(p[1],2)=="30"){q.algparam={};q.algparam.p=v.getVbyList(t,p[1],[0],"02");q.algparam.q=v.getVbyList(t,p[1],[1],"02");q.algparam.g=v.getVbyList(t,p[1],[2],"02")}}if(t.substr(r[1],2)!="03"){throw"malformed PKCS8 public key(code:004)"}q.key=s(t,r[1]).substr(2);return q},}}();KEYUTIL.getKey=function(l,k,n){var G=ASN1HEX,L=G.getChildIdx,v=G.getV,d=G.getVbyList,c=KJUR.crypto,i=c.ECDSA,C=c.DSA,w=RSAKey,M=pemtohex,F=KEYUTIL;if(typeof w!="undefined"&&l instanceof w){return l}if(typeof i!="undefined"&&l instanceof i){return l}if(typeof C!="undefined"&&l instanceof C){return l}if(l.curve!==undefined&&l.xy!==undefined&&l.d===undefined){return new i({pub:l.xy,curve:l.curve})}if(l.curve!==undefined&&l.d!==undefined){return new i({prv:l.d,curve:l.curve})}if(l.kty===undefined&&l.n!==undefined&&l.e!==undefined&&l.d===undefined){var P=new w();P.setPublic(l.n,l.e);return P}if(l.kty===undefined&&l.n!==undefined&&l.e!==undefined&&l.d!==undefined&&l.p!==undefined&&l.q!==undefined&&l.dp!==undefined&&l.dq!==undefined&&l.co!==undefined&&l.qi===undefined){var P=new w();P.setPrivateEx(l.n,l.e,l.d,l.p,l.q,l.dp,l.dq,l.co);return P}if(l.kty===undefined&&l.n!==undefined&&l.e!==undefined&&l.d!==undefined&&l.p===undefined){var P=new w();P.setPrivate(l.n,l.e,l.d);return P}if(l.p!==undefined&&l.q!==undefined&&l.g!==undefined&&l.y!==undefined&&l.x===undefined){var P=new C();P.setPublic(l.p,l.q,l.g,l.y);return P}if(l.p!==undefined&&l.q!==undefined&&l.g!==undefined&&l.y!==undefined&&l.x!==undefined){var P=new C();P.setPrivate(l.p,l.q,l.g,l.y,l.x);return P}if(l.kty==="RSA"&&l.n!==undefined&&l.e!==undefined&&l.d===undefined){var P=new w();P.setPublic(b64utohex(l.n),b64utohex(l.e));return P}if(l.kty==="RSA"&&l.n!==undefined&&l.e!==undefined&&l.d!==undefined&&l.p!==undefined&&l.q!==undefined&&l.dp!==undefined&&l.dq!==undefined&&l.qi!==undefined){var P=new w();P.setPrivateEx(b64utohex(l.n),b64utohex(l.e),b64utohex(l.d),b64utohex(l.p),b64utohex(l.q),b64utohex(l.dp),b64utohex(l.dq),b64utohex(l.qi));return P}if(l.kty==="RSA"&&l.n!==undefined&&l.e!==undefined&&l.d!==undefined){var P=new w();P.setPrivate(b64utohex(l.n),b64utohex(l.e),b64utohex(l.d));return P}if(l.kty==="EC"&&l.crv!==undefined&&l.x!==undefined&&l.y!==undefined&&l.d===undefined){var j=new i({curve:l.crv});var t=j.ecparams.keylen/4;var B=("0000000000"+b64utohex(l.x)).slice(-t);var z=("0000000000"+b64utohex(l.y)).slice(-t);var u="04"+B+z;j.setPublicKeyHex(u);return j}if(l.kty==="EC"&&l.crv!==undefined&&l.x!==undefined&&l.y!==undefined&&l.d!==undefined){var j=new i({curve:l.crv});var t=j.ecparams.keylen/4;var B=("0000000000"+b64utohex(l.x)).slice(-t);var z=("0000000000"+b64utohex(l.y)).slice(-t);var u="04"+B+z;var b=("0000000000"+b64utohex(l.d)).slice(-t);j.setPublicKeyHex(u);j.setPrivateKeyHex(b);return j}if(n==="pkcs5prv"){var J=l,G=ASN1HEX,N,P;N=L(J,0);if(N.length===9){P=new w();P.readPKCS5PrvKeyHex(J)}else{if(N.length===6){P=new C();P.readPKCS5PrvKeyHex(J)}else{if(N.length>2&&J.substr(N[1],2)==="04"){P=new i();P.readPKCS5PrvKeyHex(J)}else{throw"unsupported PKCS#1/5 hexadecimal key"}}}return P}if(n==="pkcs8prv"){var P=F.getKeyFromPlainPrivatePKCS8Hex(l);return P}if(n==="pkcs8pub"){return F._getKeyFromPublicPKCS8Hex(l)}if(n==="x509pub"){return X509.getPublicKeyFromCertHex(l)}if(l.indexOf("-END CERTIFICATE-",0)!=-1||l.indexOf("-END X509 CERTIFICATE-",0)!=-1||l.indexOf("-END TRUSTED CERTIFICATE-",0)!=-1){return X509.getPublicKeyFromCertPEM(l)}if(l.indexOf("-END PUBLIC KEY-")!=-1){var O=pemtohex(l,"PUBLIC KEY");return F._getKeyFromPublicPKCS8Hex(O)}if(l.indexOf("-END RSA PRIVATE KEY-")!=-1&&l.indexOf("4,ENCRYPTED")==-1){var m=M(l,"RSA PRIVATE KEY");return F.getKey(m,null,"pkcs5prv")}if(l.indexOf("-END DSA PRIVATE KEY-")!=-1&&l.indexOf("4,ENCRYPTED")==-1){var I=M(l,"DSA PRIVATE KEY");var E=d(I,0,[1],"02");var D=d(I,0,[2],"02");var K=d(I,0,[3],"02");var r=d(I,0,[4],"02");var s=d(I,0,[5],"02");var P=new C();P.setPrivate(new BigInteger(E,16),new BigInteger(D,16),new BigInteger(K,16),new BigInteger(r,16),new BigInteger(s,16));return P}if(l.indexOf("-END EC PRIVATE KEY-")!=-1&&l.indexOf("4,ENCRYPTED")==-1){var m=M(l,"EC PRIVATE KEY");return F.getKey(m,null,"pkcs5prv")}if(l.indexOf("-END PRIVATE KEY-")!=-1){return F.getKeyFromPlainPrivatePKCS8PEM(l)}if(l.indexOf("-END RSA PRIVATE KEY-")!=-1&&l.indexOf("4,ENCRYPTED")!=-1){var o=F.getDecryptedKeyHex(l,k);var H=new RSAKey();H.readPKCS5PrvKeyHex(o);return H}if(l.indexOf("-END EC PRIVATE KEY-")!=-1&&l.indexOf("4,ENCRYPTED")!=-1){var I=F.getDecryptedKeyHex(l,k);var P=d(I,0,[1],"04");var f=d(I,0,[2,0],"06");var A=d(I,0,[3,0],"03").substr(2);var e="";if(KJUR.crypto.OID.oidhex2name[f]!==undefined){e=KJUR.crypto.OID.oidhex2name[f]}else{throw"undefined OID(hex) in KJUR.crypto.OID: "+f}var j=new i({curve:e});j.setPublicKeyHex(A);j.setPrivateKeyHex(P);j.isPublic=false;return j}if(l.indexOf("-END DSA PRIVATE KEY-")!=-1&&l.indexOf("4,ENCRYPTED")!=-1){var I=F.getDecryptedKeyHex(l,k);var E=d(I,0,[1],"02");var D=d(I,0,[2],"02");var K=d(I,0,[3],"02");var r=d(I,0,[4],"02");var s=d(I,0,[5],"02");var P=new C();P.setPrivate(new BigInteger(E,16),new BigInteger(D,16),new BigInteger(K,16),new BigInteger(r,16),new BigInteger(s,16));return P}if(l.indexOf("-END ENCRYPTED PRIVATE KEY-")!=-1){return F.getKeyFromEncryptedPKCS8PEM(l,k)}throw new Error("not supported argument")};KEYUTIL.generateKeypair=function(a,c){if(a=="RSA"){var b=c;var h=new RSAKey();h.generate(b,"10001");h.isPrivate=true;h.isPublic=true;var f=new RSAKey();var e=h.n.toString(16);var i=h.e.toString(16);f.setPublic(e,i);f.isPrivate=false;f.isPublic=true;var k={};k.prvKeyObj=h;k.pubKeyObj=f;return k}else{if(a=="EC"){var d=c;var g=new KJUR.crypto.ECDSA({curve:d});var j=g.generateKeyPairHex();var h=new KJUR.crypto.ECDSA({curve:d});h.setPublicKeyHex(j.ecpubhex);h.setPrivateKeyHex(j.ecprvhex);h.isPrivate=true;h.isPublic=false;var f=new KJUR.crypto.ECDSA({curve:d});f.setPublicKeyHex(j.ecpubhex);f.isPrivate=false;f.isPublic=true;var k={};k.prvKeyObj=h;k.pubKeyObj=f;return k}else{throw"unknown algorithm: "+a}}};KEYUTIL.getPEM=function(b,D,y,m,q,j){var F=KJUR,k=F.asn1,z=k.DERObjectIdentifier,f=k.DERInteger,l=k.ASN1Util.newObject,a=k.x509,C=a.SubjectPublicKeyInfo,e=F.crypto,u=e.DSA,r=e.ECDSA,n=RSAKey;function A(s){var G=l({seq:[{"int":0},{"int":{bigint:s.n}},{"int":s.e},{"int":{bigint:s.d}},{"int":{bigint:s.p}},{"int":{bigint:s.q}},{"int":{bigint:s.dmp1}},{"int":{bigint:s.dmq1}},{"int":{bigint:s.coeff}}]});return G}function B(G){var s=l({seq:[{"int":1},{octstr:{hex:G.prvKeyHex}},{tag:["a0",true,{oid:{name:G.curveName}}]},{tag:["a1",true,{bitstr:{hex:"00"+G.pubKeyHex}}]}]});return s}function x(s){var G=l({seq:[{"int":0},{"int":{bigint:s.p}},{"int":{bigint:s.q}},{"int":{bigint:s.g}},{"int":{bigint:s.y}},{"int":{bigint:s.x}}]});return G}if(((n!==undefined&&b instanceof n)||(u!==undefined&&b instanceof u)||(r!==undefined&&b instanceof r))&&b.isPublic==true&&(D===undefined||D=="PKCS8PUB")){var E=new C(b);var w=E.getEncodedHex();return hextopem(w,"PUBLIC KEY")}if(D=="PKCS1PRV"&&n!==undefined&&b instanceof n&&(y===undefined||y==null)&&b.isPrivate==true){var E=A(b);var w=E.getEncodedHex();return hextopem(w,"RSA PRIVATE KEY")}if(D=="PKCS1PRV"&&r!==undefined&&b instanceof r&&(y===undefined||y==null)&&b.isPrivate==true){var i=new z({name:b.curveName});var v=i.getEncodedHex();var h=B(b);var t=h.getEncodedHex();var p="";p+=hextopem(v,"EC PARAMETERS");p+=hextopem(t,"EC PRIVATE KEY");return p}if(D=="PKCS1PRV"&&u!==undefined&&b instanceof u&&(y===undefined||y==null)&&b.isPrivate==true){var E=x(b);var w=E.getEncodedHex();return hextopem(w,"DSA PRIVATE KEY")}if(D=="PKCS5PRV"&&n!==undefined&&b instanceof n&&(y!==undefined&&y!=null)&&b.isPrivate==true){var E=A(b);var w=E.getEncodedHex();if(m===undefined){m="DES-EDE3-CBC"}return this.getEncryptedPKCS5PEMFromPrvKeyHex("RSA",w,y,m,j)}if(D=="PKCS5PRV"&&r!==undefined&&b instanceof r&&(y!==undefined&&y!=null)&&b.isPrivate==true){var E=B(b);var w=E.getEncodedHex();if(m===undefined){m="DES-EDE3-CBC"}return this.getEncryptedPKCS5PEMFromPrvKeyHex("EC",w,y,m,j)}if(D=="PKCS5PRV"&&u!==undefined&&b instanceof u&&(y!==undefined&&y!=null)&&b.isPrivate==true){var E=x(b);var w=E.getEncodedHex();if(m===undefined){m="DES-EDE3-CBC"}return this.getEncryptedPKCS5PEMFromPrvKeyHex("DSA",w,y,m,j)}var o=function(G,s){var I=c(G,s);var H=new l({seq:[{seq:[{oid:{name:"pkcs5PBES2"}},{seq:[{seq:[{oid:{name:"pkcs5PBKDF2"}},{seq:[{octstr:{hex:I.pbkdf2Salt}},{"int":I.pbkdf2Iter}]}]},{seq:[{oid:{name:"des-EDE3-CBC"}},{octstr:{hex:I.encryptionSchemeIV}}]}]}]},{octstr:{hex:I.ciphertext}}]});return H.getEncodedHex()};var c=function(N,O){var H=100;var M=CryptoJS.lib.WordArray.random(8);var L="DES-EDE3-CBC";var s=CryptoJS.lib.WordArray.random(8);var I=CryptoJS.PBKDF2(O,M,{keySize:192/32,iterations:H});var J=CryptoJS.enc.Hex.parse(N);var K=CryptoJS.TripleDES.encrypt(J,I,{iv:s})+"";var G={};G.ciphertext=K;G.pbkdf2Salt=CryptoJS.enc.Hex.stringify(M);G.pbkdf2Iter=H;G.encryptionSchemeAlg=L;G.encryptionSchemeIV=CryptoJS.enc.Hex.stringify(s);return G};if(D=="PKCS8PRV"&&n!=undefined&&b instanceof n&&b.isPrivate==true){var g=A(b);var d=g.getEncodedHex();var E=l({seq:[{"int":0},{seq:[{oid:{name:"rsaEncryption"}},{"null":true}]},{octstr:{hex:d}}]});var w=E.getEncodedHex();if(y===undefined||y==null){return hextopem(w,"PRIVATE KEY")}else{var t=o(w,y);return hextopem(t,"ENCRYPTED PRIVATE KEY")}}if(D=="PKCS8PRV"&&r!==undefined&&b instanceof r&&b.isPrivate==true){var g=new l({seq:[{"int":1},{octstr:{hex:b.prvKeyHex}},{tag:["a1",true,{bitstr:{hex:"00"+b.pubKeyHex}}]}]});var d=g.getEncodedHex();var E=l({seq:[{"int":0},{seq:[{oid:{name:"ecPublicKey"}},{oid:{name:b.curveName}}]},{octstr:{hex:d}}]});var w=E.getEncodedHex();if(y===undefined||y==null){return hextopem(w,"PRIVATE KEY")}else{var t=o(w,y);return hextopem(t,"ENCRYPTED PRIVATE KEY")}}if(D=="PKCS8PRV"&&u!==undefined&&b instanceof u&&b.isPrivate==true){var g=new f({bigint:b.x});var d=g.getEncodedHex();var E=l({seq:[{"int":0},{seq:[{oid:{name:"dsa"}},{seq:[{"int":{bigint:b.p}},{"int":{bigint:b.q}},{"int":{bigint:b.g}}]}]},{octstr:{hex:d}}]});var w=E.getEncodedHex();if(y===undefined||y==null){return hextopem(w,"PRIVATE KEY")}else{var t=o(w,y);return hextopem(t,"ENCRYPTED PRIVATE KEY")}}throw new Error("unsupported object nor format")};KEYUTIL.getKeyFromCSRPEM=function(b){var a=pemtohex(b,"CERTIFICATE REQUEST");var c=KEYUTIL.getKeyFromCSRHex(a);return c};KEYUTIL.getKeyFromCSRHex=function(a){var c=KEYUTIL.parseCSRHex(a);var b=KEYUTIL.getKey(c.p8pubkeyhex,null,"pkcs8pub");return b};KEYUTIL.parseCSRHex=function(d){var i=ASN1HEX;var f=i.getChildIdx;var c=i.getTLV;var b={};var g=d;if(g.substr(0,2)!="30"){throw"malformed CSR(code:001)"}var e=f(g,0);if(e.length<1){throw"malformed CSR(code:002)"}if(g.substr(e[0],2)!="30"){throw"malformed CSR(code:003)"}var a=f(g,e[0]);if(a.length<3){throw"malformed CSR(code:004)"}b.p8pubkeyhex=c(g,a[2]);return b};KEYUTIL.getKeyID=function(f){var c=KEYUTIL;var e=ASN1HEX;if(typeof f==="string"&&f.indexOf("BEGIN ")!=-1){f=c.getKey(f)}var d=pemtohex(c.getPEM(f));var b=e.getIdxbyList(d,0,[1]);var a=e.getV(d,b).substring(2);return KJUR.crypto.Util.hashHex(a,"sha1")};KEYUTIL.getJWKFromKey=function(d){var b={};if(d instanceof RSAKey&&d.isPrivate){b.kty="RSA";b.n=hextob64u(d.n.toString(16));b.e=hextob64u(d.e.toString(16));b.d=hextob64u(d.d.toString(16));b.p=hextob64u(d.p.toString(16));b.q=hextob64u(d.q.toString(16));b.dp=hextob64u(d.dmp1.toString(16));b.dq=hextob64u(d.dmq1.toString(16));b.qi=hextob64u(d.coeff.toString(16));return b}else{if(d instanceof RSAKey&&d.isPublic){b.kty="RSA";b.n=hextob64u(d.n.toString(16));b.e=hextob64u(d.e.toString(16));return b}else{if(d instanceof KJUR.crypto.ECDSA&&d.isPrivate){var a=d.getShortNISTPCurveName();if(a!=="P-256"&&a!=="P-384"){throw"unsupported curve name for JWT: "+a}var c=d.getPublicKeyXYHex();b.kty="EC";b.crv=a;b.x=hextob64u(c.x);b.y=hextob64u(c.y);b.d=hextob64u(d.prvKeyHex);return b}else{if(d instanceof KJUR.crypto.ECDSA&&d.isPublic){var a=d.getShortNISTPCurveName();if(a!=="P-256"&&a!=="P-384"){throw"unsupported curve name for JWT: "+a}var c=d.getPublicKeyXYHex();b.kty="EC";b.crv=a;b.x=hextob64u(c.x);b.y=hextob64u(c.y);return b}}}}throw"not supported key object"}; RSAKey.getPosArrayOfChildrenFromHex=function(a){return ASN1HEX.getChildIdx(a,0)};RSAKey.getHexValueArrayOfChildrenFromHex=function(f){var n=ASN1HEX;var i=n.getV;var k=RSAKey.getPosArrayOfChildrenFromHex(f);var e=i(f,k[0]);var j=i(f,k[1]);var b=i(f,k[2]);var c=i(f,k[3]);var h=i(f,k[4]);var g=i(f,k[5]);var m=i(f,k[6]);var l=i(f,k[7]);var d=i(f,k[8]);var k=new Array();k.push(e,j,b,c,h,g,m,l,d);return k};RSAKey.prototype.readPrivateKeyFromPEMString=function(d){var c=pemtohex(d);var b=RSAKey.getHexValueArrayOfChildrenFromHex(c);this.setPrivateEx(b[1],b[2],b[3],b[4],b[5],b[6],b[7],b[8])};RSAKey.prototype.readPKCS5PrvKeyHex=function(c){var b=RSAKey.getHexValueArrayOfChildrenFromHex(c);this.setPrivateEx(b[1],b[2],b[3],b[4],b[5],b[6],b[7],b[8])};RSAKey.prototype.readPKCS8PrvKeyHex=function(e){var c,i,k,b,a,f,d,j;var m=ASN1HEX;var l=m.getVbyListEx;if(m.isASN1HEX(e)===false){throw new Error("not ASN.1 hex string")}try{c=l(e,0,[2,0,1],"02");i=l(e,0,[2,0,2],"02");k=l(e,0,[2,0,3],"02");b=l(e,0,[2,0,4],"02");a=l(e,0,[2,0,5],"02");f=l(e,0,[2,0,6],"02");d=l(e,0,[2,0,7],"02");j=l(e,0,[2,0,8],"02")}catch(g){throw new Error("malformed PKCS#8 plain RSA private key")}this.setPrivateEx(c,i,k,b,a,f,d,j)};RSAKey.prototype.readPKCS5PubKeyHex=function(c){var e=ASN1HEX;var b=e.getV;if(e.isASN1HEX(c)===false){throw new Error("keyHex is not ASN.1 hex string")}var a=e.getChildIdx(c,0);if(a.length!==2||c.substr(a[0],2)!=="02"||c.substr(a[1],2)!=="02"){throw new Error("wrong hex for PKCS#5 public key")}var f=b(c,a[0]);var d=b(c,a[1]);this.setPublic(f,d)};RSAKey.prototype.readPKCS8PubKeyHex=function(b){var c=ASN1HEX;if(c.isASN1HEX(b)===false){throw new Error("not ASN.1 hex string")}if(c.getTLVbyListEx(b,0,[0,0])!=="06092a864886f70d010101"){throw new Error("not PKCS8 RSA public key")}var a=c.getTLVbyListEx(b,0,[1,0]);this.readPKCS5PubKeyHex(a)};RSAKey.prototype.readCertPubKeyHex=function(b,d){var a,c;a=new X509();a.readCertHex(b);c=a.getPublicKeyHex();this.readPKCS8PubKeyHex(c)}; var _RE_HEXDECONLY=new RegExp("[^0-9a-f]","gi");function _rsasign_getHexPaddedDigestInfoForString(d,e,a){var b=function(f){return KJUR.crypto.Util.hashString(f,a)};var c=b(d);return KJUR.crypto.Util.getPaddedDigestInfoHex(c,a,e)}function _zeroPaddingOfSignature(e,d){var c="";var a=d/4-e.length;for(var b=0;b>24,(d&16711680)>>16,(d&65280)>>8,d&255]))));d+=1}return b}RSAKey.prototype.signPSS=function(e,a,d){var c=function(f){return KJUR.crypto.Util.hashHex(f,a)};var b=c(rstrtohex(e));if(d===undefined){d=-1}return this.signWithMessageHashPSS(b,a,d)};RSAKey.prototype.signWithMessageHashPSS=function(l,a,k){var b=hextorstr(l);var g=b.length;var m=this.n.bitLength()-1;var c=Math.ceil(m/8);var d;var o=function(i){return KJUR.crypto.Util.hashHex(i,a)};if(k===-1||k===undefined){k=g}else{if(k===-2){k=c-g-2}else{if(k<-2){throw new Error("invalid salt length")}}}if(c<(g+k+2)){throw new Error("data too long")}var f="";if(k>0){f=new Array(k);new SecureRandom().nextBytes(f);f=String.fromCharCode.apply(String,f)}var n=hextorstr(o(rstrtohex("\x00\x00\x00\x00\x00\x00\x00\x00"+b+f)));var j=[];for(d=0;d>(8*c-m))&255;q[0]&=~p;for(d=0;dthis.n.bitLength()){return 0}var i=this.doPublic(b);var e=i.toString(16).replace(/^1f+00/,"");var g=_rsasign_getAlgNameAndHashFromHexDisgestInfo(e);if(g.length==0){return false}var d=g[0];var h=g[1];var a=function(k){return KJUR.crypto.Util.hashString(k,d)};var c=a(f);return(h==c)};RSAKey.prototype.verifyWithMessageHash=function(e,a){if(a.length!=Math.ceil(this.n.bitLength()/4)){return false}var b=parseBigInt(a,16);if(b.bitLength()>this.n.bitLength()){return 0}var h=this.doPublic(b);var g=h.toString(16).replace(/^1f+00/,"");var c=_rsasign_getAlgNameAndHashFromHexDisgestInfo(g);if(c.length==0){return false}var d=c[0];var f=c[1];return(f==e)};RSAKey.prototype.verifyPSS=function(c,b,a,f){var e=function(g){return KJUR.crypto.Util.hashHex(g,a)};var d=e(rstrtohex(c));if(f===undefined){f=-1}return this.verifyWithMessageHashPSS(d,b,a,f)};RSAKey.prototype.verifyWithMessageHashPSS=function(f,s,l,c){if(s.length!=Math.ceil(this.n.bitLength()/4)){return false}var k=new BigInteger(s,16);var r=function(i){return KJUR.crypto.Util.hashHex(i,l)};var j=hextorstr(f);var h=j.length;var g=this.n.bitLength()-1;var m=Math.ceil(g/8);var q;if(c===-1||c===undefined){c=h}else{if(c===-2){c=m-h-2}else{if(c<-2){throw new Error("invalid salt length")}}}if(m<(h+c+2)){throw new Error("data too long")}var a=this.doPublic(k).toByteArray();for(q=0;q>(8*m-g))&255;if((d.charCodeAt(0)&p)!==0){throw new Error("bits beyond keysize not zero")}var n=pss_mgf1_str(e,d.length,r);var o=[];for(q=0;q1){var z=b(v,u[1]);var t=this.getGeneralName(z);if(t.uri!=undefined){s.uri=t.uri}}if(u.length>2){var w=b(v,u[2]);if(w=="0101ff"){s.reqauth=true}if(w=="010100"){s.reqauth=false}}return s};this.getX500NameRule=function(s){var z=true;var D=true;var C=false;var t="";var w="";var F=null;var A=[];for(var v=0;v0){s.ext=this.getExtParamArray()}s.sighex=this.getSignatureValueHex();return s};this.getExtParamArray=function(t){if(t==undefined){var v=e(this.hex,0,[0,"[3]"]);if(v!=-1){t=l(this.hex,0,[0,"[3]",0],"30")}}var s=[];var u=n(t,0);for(var w=0;w1){var z=b(v,u[1]);var t=this.getGeneralName(z);if(t.uri!=undefined){s.uri=t.uri}}if(u.length>2){var w=b(v,u[2]);if(w=="0101ff"){s.reqauth=true}if(w=="010100"){s.reqauth=false}}return s};this.getX500NameRule=function(s){var z=true;var D=true;var C=false;var t="";var w="";var F=null;var A=[];for(var v=0;v0){s.ext=this.getExtParamArray()}s.sighex=this.getSignatureValueHex();return s};this.getExtParamArray=function(t){if(t==undefined){var v=e(this.hex,0,[0,"[3]"]);if(v!=-1){t=l(this.hex,0,[0,"[3]",0],"30")}}var s=[];var u=n(t,0);for(var w=0;w0){var b=":"+n.join(":")+":";if(b.indexOf(":"+k+":")==-1){throw"algorithm '"+k+"' not accepted in the list"}}if(k!="none"&&B===null){throw"key shall be specified to verify."}if(typeof B=="string"&&B.indexOf("-----BEGIN ")!=-1){B=KEYUTIL.getKey(B)}if(z=="RS"||z=="PS"){if(!(B instanceof m)){throw"key shall be a RSAKey obj for RS* and PS* algs"}}if(z=="ES"){if(!(B instanceof p)){throw"key shall be a ECDSA obj for ES* algs"}}if(k=="none"){}var u=null;if(t.jwsalg2sigalg[l.alg]===undefined){throw"unsupported alg name: "+k}else{u=t.jwsalg2sigalg[k]}if(u=="none"){throw"not supported"}else{if(u.substr(0,4)=="Hmac"){var o=null;if(B===undefined){throw"hexadecimal key shall be specified for HMAC"}var j=new s({alg:u,pass:B});j.updateString(c);o=j.doFinal();return A==o}else{if(u.indexOf("withECDSA")!=-1){var h=null;try{h=p.concatSigToASN1Sig(A)}catch(v){return false}var g=new d({alg:u});g.init(B);g.updateString(c);return g.verify(h)}else{var g=new d({alg:u});g.init(B);g.updateString(c);return g.verify(A)}}}};KJUR.jws.JWS.parse=function(g){var c=g.split(".");var b={};var f,e,d;if(c.length!=2&&c.length!=3){throw"malformed sJWS: wrong number of '.' splitted elements"}f=c[0];e=c[1];if(c.length==3){d=c[2]}b.headerObj=KJUR.jws.JWS.readSafeJSONString(b64utoutf8(f));b.payloadObj=KJUR.jws.JWS.readSafeJSONString(b64utoutf8(e));b.headerPP=JSON.stringify(b.headerObj,null," ");if(b.payloadObj==null){b.payloadPP=b64utoutf8(e)}else{b.payloadPP=JSON.stringify(b.payloadObj,null," ")}if(d!==undefined){b.sigHex=b64utohex(d)}return b};KJUR.jws.JWS.verifyJWT=function(e,l,r){var d=KJUR,j=d.jws,o=j.JWS,n=o.readSafeJSONString,p=o.inArray,f=o.includedArray;var k=e.split(".");var c=k[0];var i=k[1];var q=c+"."+i;var m=b64utohex(k[2]);var h=n(b64utoutf8(c));var g=n(b64utoutf8(i));if(h.alg===undefined){return false}if(r.alg===undefined){throw"acceptField.alg shall be specified"}if(!p(h.alg,r.alg)){return false}if(g.iss!==undefined&&typeof r.iss==="object"){if(!p(g.iss,r.iss)){return false}}if(g.sub!==undefined&&typeof r.sub==="object"){if(!p(g.sub,r.sub)){return false}}if(g.aud!==undefined&&typeof r.aud==="object"){if(typeof g.aud=="string"){if(!p(g.aud,r.aud)){return false}}else{if(typeof g.aud=="object"){if(!f(g.aud,r.aud)){return false}}}}var b=j.IntDate.getNow();if(r.verifyAt!==undefined&&typeof r.verifyAt==="number"){b=r.verifyAt}if(r.gracePeriod===undefined||typeof r.gracePeriod!=="number"){r.gracePeriod=0}if(g.exp!==undefined&&typeof g.exp=="number"){if(g.exp+r.gracePeriodl){this.aHeader.pop()}if(this.aSignature.length>l){this.aSignature.pop()}throw"addSignature failed: "+i}};this.verifyAll=function(h){if(this.aHeader.length!==h.length||this.aSignature.length!==h.length){return false}for(var g=0;g0){this.aHeader=g.headers}else{throw"malformed header"}if(typeof g.payload==="string"){this.sPayload=g.payload}else{throw"malformed signatures"}if(g.signatures.length>0){this.aSignature=g.signatures}else{throw"malformed signatures"}}catch(e){throw"malformed JWS-JS JSON object: "+e}}};this.getJSON=function(){return{headers:this.aHeader,payload:this.sPayload,signatures:this.aSignature}};this.isEmpty=function(){if(this.aHeader.length==0){return 1}return 0}}; diff --git a/npm/lib/jsrsasign-jwths-min.js b/npm/lib/jsrsasign-jwths-min.js index 01fbb8a3..26531574 100644 --- a/npm/lib/jsrsasign-jwths-min.js +++ b/npm/lib/jsrsasign-jwths-min.js @@ -1,5 +1,5 @@ /* - * jsrsasign(jwths) 10.0.3 (2020-10-21) (c) 2010-2020 Kenji Urushima | kjur.github.com/jsrsasign/license + * jsrsasign(jwths) 10.0.4 (2020-10-23) (c) 2010-2020 Kenji Urushima | kjur.github.com/jsrsasign/license */ /*! diff --git a/npm/lib/jsrsasign-rsa-min.js b/npm/lib/jsrsasign-rsa-min.js index 30d267b8..3e3842cf 100644 --- a/npm/lib/jsrsasign-rsa-min.js +++ b/npm/lib/jsrsasign-rsa-min.js @@ -1,5 +1,5 @@ /* - * jsrsasign(rsa) 10.0.3 (2020-10-21) (c) 2010-2020 Kenji Urushima | kjur.github.com/jsrsasign/license + * jsrsasign(rsa) 10.0.4 (2020-10-23) (c) 2010-2020 Kenji Urushima | kjur.github.com/jsrsasign/license */ /*! diff --git a/npm/lib/jsrsasign.js b/npm/lib/jsrsasign.js index 8c3daee9..f679e6bc 100755 --- a/npm/lib/jsrsasign.js +++ b/npm/lib/jsrsasign.js @@ -4,7 +4,7 @@ navigator.userAgent = false; var window = {}; /* - * jsrsasign(all) 10.0.3 (2020-10-21) (c) 2010-2020 Kenji Urushima | kjur.github.com/jsrsasign/license + * jsrsasign(all) 10.0.4 (2020-10-23) (c) 2010-2020 Kenji Urushima | kjur.github.com/jsrsasign/license */ /*! @@ -246,7 +246,7 @@ if(typeof KJUR=="undefined"||!KJUR){KJUR={}}if(typeof KJUR.crypto=="undefined"|| var KEYUTIL=function(){var d=function(p,r,q){return k(CryptoJS.AES,p,r,q)};var e=function(p,r,q){return k(CryptoJS.TripleDES,p,r,q)};var a=function(p,r,q){return k(CryptoJS.DES,p,r,q)};var k=function(s,x,u,q){var r=CryptoJS.enc.Hex.parse(x);var w=CryptoJS.enc.Hex.parse(u);var p=CryptoJS.enc.Hex.parse(q);var t={};t.key=w;t.iv=p;t.ciphertext=r;var v=s.decrypt(t,w,{iv:p});return CryptoJS.enc.Hex.stringify(v)};var l=function(p,r,q){return g(CryptoJS.AES,p,r,q)};var o=function(p,r,q){return g(CryptoJS.TripleDES,p,r,q)};var f=function(p,r,q){return g(CryptoJS.DES,p,r,q)};var g=function(t,y,v,q){var s=CryptoJS.enc.Hex.parse(y);var x=CryptoJS.enc.Hex.parse(v);var p=CryptoJS.enc.Hex.parse(q);var w=t.encrypt(s,x,{iv:p});var r=CryptoJS.enc.Hex.parse(w.toString());var u=CryptoJS.enc.Base64.stringify(r);return u};var i={"AES-256-CBC":{proc:d,eproc:l,keylen:32,ivlen:16},"AES-192-CBC":{proc:d,eproc:l,keylen:24,ivlen:16},"AES-128-CBC":{proc:d,eproc:l,keylen:16,ivlen:16},"DES-EDE3-CBC":{proc:e,eproc:o,keylen:24,ivlen:8},"DES-CBC":{proc:a,eproc:f,keylen:8,ivlen:8}};var c=function(p){return i[p]["proc"]};var m=function(p){var r=CryptoJS.lib.WordArray.random(p);var q=CryptoJS.enc.Hex.stringify(r);return q};var n=function(v){var w={};var q=v.match(new RegExp("DEK-Info: ([^,]+),([0-9A-Fa-f]+)","m"));if(q){w.cipher=q[1];w.ivsalt=q[2]}var p=v.match(new RegExp("-----BEGIN ([A-Z]+) PRIVATE KEY-----"));if(p){w.type=p[1]}var u=-1;var x=0;if(v.indexOf("\r\n\r\n")!=-1){u=v.indexOf("\r\n\r\n");x=2}if(v.indexOf("\n\n")!=-1){u=v.indexOf("\n\n");x=1}var t=v.indexOf("-----END");if(u!=-1&&t!=-1){var r=v.substring(u+x*2,t-x);r=r.replace(/\s+/g,"");w.data=r}return w};var j=function(q,y,p){var v=p.substring(0,16);var t=CryptoJS.enc.Hex.parse(v);var r=CryptoJS.enc.Utf8.parse(y);var u=i[q]["keylen"]+i[q]["ivlen"];var x="";var w=null;for(;;){var s=CryptoJS.algo.MD5.create();if(w!=null){s.update(w)}s.update(r);s.update(t);w=s.finalize();x=x+CryptoJS.enc.Hex.stringify(w);if(x.length>=u*2){break}}var z={};z.keyhex=x.substr(0,i[q]["keylen"]*2);z.ivhex=x.substr(i[q]["keylen"]*2,i[q]["ivlen"]*2);return z};var b=function(p,v,r,w){var s=CryptoJS.enc.Base64.parse(p);var q=CryptoJS.enc.Hex.stringify(s);var u=i[v]["proc"];var t=u(q,r,w);return t};var h=function(p,s,q,u){var r=i[s]["eproc"];var t=r(p,q,u);return t};return{version:"1.0.0",parsePKCS5PEM:function(p){return n(p)},getKeyAndUnusedIvByPasscodeAndIvsalt:function(q,p,r){return j(q,p,r)},decryptKeyB64:function(p,r,q,s){return b(p,r,q,s)},getDecryptedKeyHex:function(y,x){var q=n(y);var t=q.type;var r=q.cipher;var p=q.ivsalt;var s=q.data;var w=j(r,x,p);var v=w.keyhex;var u=b(s,r,v,p);return u},getEncryptedPKCS5PEMFromPrvKeyHex:function(x,s,A,t,r){var p="";if(typeof t=="undefined"||t==null){t="AES-256-CBC"}if(typeof i[t]=="undefined"){throw"KEYUTIL unsupported algorithm: "+t}if(typeof r=="undefined"||r==null){var v=i[t]["ivlen"];var u=m(v);r=u.toUpperCase()}var z=j(t,A,r);var y=z.keyhex;var w=h(s,t,y,r);var q=w.replace(/(.{64})/g,"$1\r\n");var p="-----BEGIN "+x+" PRIVATE KEY-----\r\n";p+="Proc-Type: 4,ENCRYPTED\r\n";p+="DEK-Info: "+t+","+r+"\r\n";p+="\r\n";p+=q;p+="\r\n-----END "+x+" PRIVATE KEY-----\r\n";return p},parseHexOfEncryptedPKCS8:function(y){var B=ASN1HEX;var z=B.getChildIdx;var w=B.getV;var t={};var r=z(y,0);if(r.length!=2){throw"malformed format: SEQUENCE(0).items != 2: "+r.length}t.ciphertext=w(y,r[1]);var A=z(y,r[0]);if(A.length!=2){throw"malformed format: SEQUENCE(0.0).items != 2: "+A.length}if(w(y,A[0])!="2a864886f70d01050d"){throw"this only supports pkcs5PBES2"}var p=z(y,A[1]);if(A.length!=2){throw"malformed format: SEQUENCE(0.0.1).items != 2: "+p.length}var q=z(y,p[1]);if(q.length!=2){throw"malformed format: SEQUENCE(0.0.1.1).items != 2: "+q.length}if(w(y,q[0])!="2a864886f70d0307"){throw"this only supports TripleDES"}t.encryptionSchemeAlg="TripleDES";t.encryptionSchemeIV=w(y,q[1]);var s=z(y,p[0]);if(s.length!=2){throw"malformed format: SEQUENCE(0.0.1.0).items != 2: "+s.length}if(w(y,s[0])!="2a864886f70d01050c"){throw"this only supports pkcs5PBKDF2"}var x=z(y,s[1]);if(x.length<2){throw"malformed format: SEQUENCE(0.0.1.0.1).items < 2: "+x.length}t.pbkdf2Salt=w(y,x[0]);var u=w(y,x[1]);try{t.pbkdf2Iter=parseInt(u,16)}catch(v){throw"malformed format pbkdf2Iter: "+u}return t},getPBKDF2KeyHexFromParam:function(u,p){var t=CryptoJS.enc.Hex.parse(u.pbkdf2Salt);var q=u.pbkdf2Iter;var s=CryptoJS.PBKDF2(p,t,{keySize:192/32,iterations:q});var r=CryptoJS.enc.Hex.stringify(s);return r},_getPlainPKCS8HexFromEncryptedPKCS8PEM:function(x,y){var r=pemtohex(x,"ENCRYPTED PRIVATE KEY");var p=this.parseHexOfEncryptedPKCS8(r);var u=KEYUTIL.getPBKDF2KeyHexFromParam(p,y);var v={};v.ciphertext=CryptoJS.enc.Hex.parse(p.ciphertext);var t=CryptoJS.enc.Hex.parse(u);var s=CryptoJS.enc.Hex.parse(p.encryptionSchemeIV);var w=CryptoJS.TripleDES.decrypt(v,t,{iv:s});var q=CryptoJS.enc.Hex.stringify(w);return q},getKeyFromEncryptedPKCS8PEM:function(s,q){var p=this._getPlainPKCS8HexFromEncryptedPKCS8PEM(s,q);var r=this.getKeyFromPlainPrivatePKCS8Hex(p);return r},parsePlainPrivatePKCS8Hex:function(s){var v=ASN1HEX;var u=v.getChildIdx;var t=v.getV;var q={};q.algparam=null;if(s.substr(0,2)!="30"){throw"malformed plain PKCS8 private key(code:001)"}var r=u(s,0);if(r.length!=3){throw"malformed plain PKCS8 private key(code:002)"}if(s.substr(r[1],2)!="30"){throw"malformed PKCS8 private key(code:003)"}var p=u(s,r[1]);if(p.length!=2){throw"malformed PKCS8 private key(code:004)"}if(s.substr(p[0],2)!="06"){throw"malformed PKCS8 private key(code:005)"}q.algoid=t(s,p[0]);if(s.substr(p[1],2)=="06"){q.algparam=t(s,p[1])}if(s.substr(r[2],2)!="04"){throw"malformed PKCS8 private key(code:006)"}q.keyidx=v.getVidx(s,r[2]);return q},getKeyFromPlainPrivatePKCS8PEM:function(q){var p=pemtohex(q,"PRIVATE KEY");var r=this.getKeyFromPlainPrivatePKCS8Hex(p);return r},getKeyFromPlainPrivatePKCS8Hex:function(p){var q=this.parsePlainPrivatePKCS8Hex(p);var r;if(q.algoid=="2a864886f70d010101"){r=new RSAKey()}else{if(q.algoid=="2a8648ce380401"){r=new KJUR.crypto.DSA()}else{if(q.algoid=="2a8648ce3d0201"){r=new KJUR.crypto.ECDSA()}else{throw"unsupported private key algorithm"}}}r.readPKCS8PrvKeyHex(p);return r},_getKeyFromPublicPKCS8Hex:function(q){var p;var r=ASN1HEX.getVbyList(q,0,[0,0],"06");if(r==="2a864886f70d010101"){p=new RSAKey()}else{if(r==="2a8648ce380401"){p=new KJUR.crypto.DSA()}else{if(r==="2a8648ce3d0201"){p=new KJUR.crypto.ECDSA()}else{throw"unsupported PKCS#8 public key hex"}}}p.readPKCS8PubKeyHex(q);return p},parsePublicRawRSAKeyHex:function(r){var u=ASN1HEX;var t=u.getChildIdx;var s=u.getV;var p={};if(r.substr(0,2)!="30"){throw"malformed RSA key(code:001)"}var q=t(r,0);if(q.length!=2){throw"malformed RSA key(code:002)"}if(r.substr(q[0],2)!="02"){throw"malformed RSA key(code:003)"}p.n=s(r,q[0]);if(r.substr(q[1],2)!="02"){throw"malformed RSA key(code:004)"}p.e=s(r,q[1]);return p},parsePublicPKCS8Hex:function(t){var v=ASN1HEX;var u=v.getChildIdx;var s=v.getV;var q={};q.algparam=null;var r=u(t,0);if(r.length!=2){throw"outer DERSequence shall have 2 elements: "+r.length}var w=r[0];if(t.substr(w,2)!="30"){throw"malformed PKCS8 public key(code:001)"}var p=u(t,w);if(p.length!=2){throw"malformed PKCS8 public key(code:002)"}if(t.substr(p[0],2)!="06"){throw"malformed PKCS8 public key(code:003)"}q.algoid=s(t,p[0]);if(t.substr(p[1],2)=="06"){q.algparam=s(t,p[1])}else{if(t.substr(p[1],2)=="30"){q.algparam={};q.algparam.p=v.getVbyList(t,p[1],[0],"02");q.algparam.q=v.getVbyList(t,p[1],[1],"02");q.algparam.g=v.getVbyList(t,p[1],[2],"02")}}if(t.substr(r[1],2)!="03"){throw"malformed PKCS8 public key(code:004)"}q.key=s(t,r[1]).substr(2);return q},}}();KEYUTIL.getKey=function(l,k,n){var G=ASN1HEX,L=G.getChildIdx,v=G.getV,d=G.getVbyList,c=KJUR.crypto,i=c.ECDSA,C=c.DSA,w=RSAKey,M=pemtohex,F=KEYUTIL;if(typeof w!="undefined"&&l instanceof w){return l}if(typeof i!="undefined"&&l instanceof i){return l}if(typeof C!="undefined"&&l instanceof C){return l}if(l.curve!==undefined&&l.xy!==undefined&&l.d===undefined){return new i({pub:l.xy,curve:l.curve})}if(l.curve!==undefined&&l.d!==undefined){return new i({prv:l.d,curve:l.curve})}if(l.kty===undefined&&l.n!==undefined&&l.e!==undefined&&l.d===undefined){var P=new w();P.setPublic(l.n,l.e);return P}if(l.kty===undefined&&l.n!==undefined&&l.e!==undefined&&l.d!==undefined&&l.p!==undefined&&l.q!==undefined&&l.dp!==undefined&&l.dq!==undefined&&l.co!==undefined&&l.qi===undefined){var P=new w();P.setPrivateEx(l.n,l.e,l.d,l.p,l.q,l.dp,l.dq,l.co);return P}if(l.kty===undefined&&l.n!==undefined&&l.e!==undefined&&l.d!==undefined&&l.p===undefined){var P=new w();P.setPrivate(l.n,l.e,l.d);return P}if(l.p!==undefined&&l.q!==undefined&&l.g!==undefined&&l.y!==undefined&&l.x===undefined){var P=new C();P.setPublic(l.p,l.q,l.g,l.y);return P}if(l.p!==undefined&&l.q!==undefined&&l.g!==undefined&&l.y!==undefined&&l.x!==undefined){var P=new C();P.setPrivate(l.p,l.q,l.g,l.y,l.x);return P}if(l.kty==="RSA"&&l.n!==undefined&&l.e!==undefined&&l.d===undefined){var P=new w();P.setPublic(b64utohex(l.n),b64utohex(l.e));return P}if(l.kty==="RSA"&&l.n!==undefined&&l.e!==undefined&&l.d!==undefined&&l.p!==undefined&&l.q!==undefined&&l.dp!==undefined&&l.dq!==undefined&&l.qi!==undefined){var P=new w();P.setPrivateEx(b64utohex(l.n),b64utohex(l.e),b64utohex(l.d),b64utohex(l.p),b64utohex(l.q),b64utohex(l.dp),b64utohex(l.dq),b64utohex(l.qi));return P}if(l.kty==="RSA"&&l.n!==undefined&&l.e!==undefined&&l.d!==undefined){var P=new w();P.setPrivate(b64utohex(l.n),b64utohex(l.e),b64utohex(l.d));return P}if(l.kty==="EC"&&l.crv!==undefined&&l.x!==undefined&&l.y!==undefined&&l.d===undefined){var j=new i({curve:l.crv});var t=j.ecparams.keylen/4;var B=("0000000000"+b64utohex(l.x)).slice(-t);var z=("0000000000"+b64utohex(l.y)).slice(-t);var u="04"+B+z;j.setPublicKeyHex(u);return j}if(l.kty==="EC"&&l.crv!==undefined&&l.x!==undefined&&l.y!==undefined&&l.d!==undefined){var j=new i({curve:l.crv});var t=j.ecparams.keylen/4;var B=("0000000000"+b64utohex(l.x)).slice(-t);var z=("0000000000"+b64utohex(l.y)).slice(-t);var u="04"+B+z;var b=("0000000000"+b64utohex(l.d)).slice(-t);j.setPublicKeyHex(u);j.setPrivateKeyHex(b);return j}if(n==="pkcs5prv"){var J=l,G=ASN1HEX,N,P;N=L(J,0);if(N.length===9){P=new w();P.readPKCS5PrvKeyHex(J)}else{if(N.length===6){P=new C();P.readPKCS5PrvKeyHex(J)}else{if(N.length>2&&J.substr(N[1],2)==="04"){P=new i();P.readPKCS5PrvKeyHex(J)}else{throw"unsupported PKCS#1/5 hexadecimal key"}}}return P}if(n==="pkcs8prv"){var P=F.getKeyFromPlainPrivatePKCS8Hex(l);return P}if(n==="pkcs8pub"){return F._getKeyFromPublicPKCS8Hex(l)}if(n==="x509pub"){return X509.getPublicKeyFromCertHex(l)}if(l.indexOf("-END CERTIFICATE-",0)!=-1||l.indexOf("-END X509 CERTIFICATE-",0)!=-1||l.indexOf("-END TRUSTED CERTIFICATE-",0)!=-1){return X509.getPublicKeyFromCertPEM(l)}if(l.indexOf("-END PUBLIC KEY-")!=-1){var O=pemtohex(l,"PUBLIC KEY");return F._getKeyFromPublicPKCS8Hex(O)}if(l.indexOf("-END RSA PRIVATE KEY-")!=-1&&l.indexOf("4,ENCRYPTED")==-1){var m=M(l,"RSA PRIVATE KEY");return F.getKey(m,null,"pkcs5prv")}if(l.indexOf("-END DSA PRIVATE KEY-")!=-1&&l.indexOf("4,ENCRYPTED")==-1){var I=M(l,"DSA PRIVATE KEY");var E=d(I,0,[1],"02");var D=d(I,0,[2],"02");var K=d(I,0,[3],"02");var r=d(I,0,[4],"02");var s=d(I,0,[5],"02");var P=new C();P.setPrivate(new BigInteger(E,16),new BigInteger(D,16),new BigInteger(K,16),new BigInteger(r,16),new BigInteger(s,16));return P}if(l.indexOf("-END EC PRIVATE KEY-")!=-1&&l.indexOf("4,ENCRYPTED")==-1){var m=M(l,"EC PRIVATE KEY");return F.getKey(m,null,"pkcs5prv")}if(l.indexOf("-END PRIVATE KEY-")!=-1){return F.getKeyFromPlainPrivatePKCS8PEM(l)}if(l.indexOf("-END RSA PRIVATE KEY-")!=-1&&l.indexOf("4,ENCRYPTED")!=-1){var o=F.getDecryptedKeyHex(l,k);var H=new RSAKey();H.readPKCS5PrvKeyHex(o);return H}if(l.indexOf("-END EC PRIVATE KEY-")!=-1&&l.indexOf("4,ENCRYPTED")!=-1){var I=F.getDecryptedKeyHex(l,k);var P=d(I,0,[1],"04");var f=d(I,0,[2,0],"06");var A=d(I,0,[3,0],"03").substr(2);var e="";if(KJUR.crypto.OID.oidhex2name[f]!==undefined){e=KJUR.crypto.OID.oidhex2name[f]}else{throw"undefined OID(hex) in KJUR.crypto.OID: "+f}var j=new i({curve:e});j.setPublicKeyHex(A);j.setPrivateKeyHex(P);j.isPublic=false;return j}if(l.indexOf("-END DSA PRIVATE KEY-")!=-1&&l.indexOf("4,ENCRYPTED")!=-1){var I=F.getDecryptedKeyHex(l,k);var E=d(I,0,[1],"02");var D=d(I,0,[2],"02");var K=d(I,0,[3],"02");var r=d(I,0,[4],"02");var s=d(I,0,[5],"02");var P=new C();P.setPrivate(new BigInteger(E,16),new BigInteger(D,16),new BigInteger(K,16),new BigInteger(r,16),new BigInteger(s,16));return P}if(l.indexOf("-END ENCRYPTED PRIVATE KEY-")!=-1){return F.getKeyFromEncryptedPKCS8PEM(l,k)}throw new Error("not supported argument")};KEYUTIL.generateKeypair=function(a,c){if(a=="RSA"){var b=c;var h=new RSAKey();h.generate(b,"10001");h.isPrivate=true;h.isPublic=true;var f=new RSAKey();var e=h.n.toString(16);var i=h.e.toString(16);f.setPublic(e,i);f.isPrivate=false;f.isPublic=true;var k={};k.prvKeyObj=h;k.pubKeyObj=f;return k}else{if(a=="EC"){var d=c;var g=new KJUR.crypto.ECDSA({curve:d});var j=g.generateKeyPairHex();var h=new KJUR.crypto.ECDSA({curve:d});h.setPublicKeyHex(j.ecpubhex);h.setPrivateKeyHex(j.ecprvhex);h.isPrivate=true;h.isPublic=false;var f=new KJUR.crypto.ECDSA({curve:d});f.setPublicKeyHex(j.ecpubhex);f.isPrivate=false;f.isPublic=true;var k={};k.prvKeyObj=h;k.pubKeyObj=f;return k}else{throw"unknown algorithm: "+a}}};KEYUTIL.getPEM=function(b,D,y,m,q,j){var F=KJUR,k=F.asn1,z=k.DERObjectIdentifier,f=k.DERInteger,l=k.ASN1Util.newObject,a=k.x509,C=a.SubjectPublicKeyInfo,e=F.crypto,u=e.DSA,r=e.ECDSA,n=RSAKey;function A(s){var G=l({seq:[{"int":0},{"int":{bigint:s.n}},{"int":s.e},{"int":{bigint:s.d}},{"int":{bigint:s.p}},{"int":{bigint:s.q}},{"int":{bigint:s.dmp1}},{"int":{bigint:s.dmq1}},{"int":{bigint:s.coeff}}]});return G}function B(G){var s=l({seq:[{"int":1},{octstr:{hex:G.prvKeyHex}},{tag:["a0",true,{oid:{name:G.curveName}}]},{tag:["a1",true,{bitstr:{hex:"00"+G.pubKeyHex}}]}]});return s}function x(s){var G=l({seq:[{"int":0},{"int":{bigint:s.p}},{"int":{bigint:s.q}},{"int":{bigint:s.g}},{"int":{bigint:s.y}},{"int":{bigint:s.x}}]});return G}if(((n!==undefined&&b instanceof n)||(u!==undefined&&b instanceof u)||(r!==undefined&&b instanceof r))&&b.isPublic==true&&(D===undefined||D=="PKCS8PUB")){var E=new C(b);var w=E.getEncodedHex();return hextopem(w,"PUBLIC KEY")}if(D=="PKCS1PRV"&&n!==undefined&&b instanceof n&&(y===undefined||y==null)&&b.isPrivate==true){var E=A(b);var w=E.getEncodedHex();return hextopem(w,"RSA PRIVATE KEY")}if(D=="PKCS1PRV"&&r!==undefined&&b instanceof r&&(y===undefined||y==null)&&b.isPrivate==true){var i=new z({name:b.curveName});var v=i.getEncodedHex();var h=B(b);var t=h.getEncodedHex();var p="";p+=hextopem(v,"EC PARAMETERS");p+=hextopem(t,"EC PRIVATE KEY");return p}if(D=="PKCS1PRV"&&u!==undefined&&b instanceof u&&(y===undefined||y==null)&&b.isPrivate==true){var E=x(b);var w=E.getEncodedHex();return hextopem(w,"DSA PRIVATE KEY")}if(D=="PKCS5PRV"&&n!==undefined&&b instanceof n&&(y!==undefined&&y!=null)&&b.isPrivate==true){var E=A(b);var w=E.getEncodedHex();if(m===undefined){m="DES-EDE3-CBC"}return this.getEncryptedPKCS5PEMFromPrvKeyHex("RSA",w,y,m,j)}if(D=="PKCS5PRV"&&r!==undefined&&b instanceof r&&(y!==undefined&&y!=null)&&b.isPrivate==true){var E=B(b);var w=E.getEncodedHex();if(m===undefined){m="DES-EDE3-CBC"}return this.getEncryptedPKCS5PEMFromPrvKeyHex("EC",w,y,m,j)}if(D=="PKCS5PRV"&&u!==undefined&&b instanceof u&&(y!==undefined&&y!=null)&&b.isPrivate==true){var E=x(b);var w=E.getEncodedHex();if(m===undefined){m="DES-EDE3-CBC"}return this.getEncryptedPKCS5PEMFromPrvKeyHex("DSA",w,y,m,j)}var o=function(G,s){var I=c(G,s);var H=new l({seq:[{seq:[{oid:{name:"pkcs5PBES2"}},{seq:[{seq:[{oid:{name:"pkcs5PBKDF2"}},{seq:[{octstr:{hex:I.pbkdf2Salt}},{"int":I.pbkdf2Iter}]}]},{seq:[{oid:{name:"des-EDE3-CBC"}},{octstr:{hex:I.encryptionSchemeIV}}]}]}]},{octstr:{hex:I.ciphertext}}]});return H.getEncodedHex()};var c=function(N,O){var H=100;var M=CryptoJS.lib.WordArray.random(8);var L="DES-EDE3-CBC";var s=CryptoJS.lib.WordArray.random(8);var I=CryptoJS.PBKDF2(O,M,{keySize:192/32,iterations:H});var J=CryptoJS.enc.Hex.parse(N);var K=CryptoJS.TripleDES.encrypt(J,I,{iv:s})+"";var G={};G.ciphertext=K;G.pbkdf2Salt=CryptoJS.enc.Hex.stringify(M);G.pbkdf2Iter=H;G.encryptionSchemeAlg=L;G.encryptionSchemeIV=CryptoJS.enc.Hex.stringify(s);return G};if(D=="PKCS8PRV"&&n!=undefined&&b instanceof n&&b.isPrivate==true){var g=A(b);var d=g.getEncodedHex();var E=l({seq:[{"int":0},{seq:[{oid:{name:"rsaEncryption"}},{"null":true}]},{octstr:{hex:d}}]});var w=E.getEncodedHex();if(y===undefined||y==null){return hextopem(w,"PRIVATE KEY")}else{var t=o(w,y);return hextopem(t,"ENCRYPTED PRIVATE KEY")}}if(D=="PKCS8PRV"&&r!==undefined&&b instanceof r&&b.isPrivate==true){var g=new l({seq:[{"int":1},{octstr:{hex:b.prvKeyHex}},{tag:["a1",true,{bitstr:{hex:"00"+b.pubKeyHex}}]}]});var d=g.getEncodedHex();var E=l({seq:[{"int":0},{seq:[{oid:{name:"ecPublicKey"}},{oid:{name:b.curveName}}]},{octstr:{hex:d}}]});var w=E.getEncodedHex();if(y===undefined||y==null){return hextopem(w,"PRIVATE KEY")}else{var t=o(w,y);return hextopem(t,"ENCRYPTED PRIVATE KEY")}}if(D=="PKCS8PRV"&&u!==undefined&&b instanceof u&&b.isPrivate==true){var g=new f({bigint:b.x});var d=g.getEncodedHex();var E=l({seq:[{"int":0},{seq:[{oid:{name:"dsa"}},{seq:[{"int":{bigint:b.p}},{"int":{bigint:b.q}},{"int":{bigint:b.g}}]}]},{octstr:{hex:d}}]});var w=E.getEncodedHex();if(y===undefined||y==null){return hextopem(w,"PRIVATE KEY")}else{var t=o(w,y);return hextopem(t,"ENCRYPTED PRIVATE KEY")}}throw new Error("unsupported object nor format")};KEYUTIL.getKeyFromCSRPEM=function(b){var a=pemtohex(b,"CERTIFICATE REQUEST");var c=KEYUTIL.getKeyFromCSRHex(a);return c};KEYUTIL.getKeyFromCSRHex=function(a){var c=KEYUTIL.parseCSRHex(a);var b=KEYUTIL.getKey(c.p8pubkeyhex,null,"pkcs8pub");return b};KEYUTIL.parseCSRHex=function(d){var i=ASN1HEX;var f=i.getChildIdx;var c=i.getTLV;var b={};var g=d;if(g.substr(0,2)!="30"){throw"malformed CSR(code:001)"}var e=f(g,0);if(e.length<1){throw"malformed CSR(code:002)"}if(g.substr(e[0],2)!="30"){throw"malformed CSR(code:003)"}var a=f(g,e[0]);if(a.length<3){throw"malformed CSR(code:004)"}b.p8pubkeyhex=c(g,a[2]);return b};KEYUTIL.getKeyID=function(f){var c=KEYUTIL;var e=ASN1HEX;if(typeof f==="string"&&f.indexOf("BEGIN ")!=-1){f=c.getKey(f)}var d=pemtohex(c.getPEM(f));var b=e.getIdxbyList(d,0,[1]);var a=e.getV(d,b).substring(2);return KJUR.crypto.Util.hashHex(a,"sha1")};KEYUTIL.getJWKFromKey=function(d){var b={};if(d instanceof RSAKey&&d.isPrivate){b.kty="RSA";b.n=hextob64u(d.n.toString(16));b.e=hextob64u(d.e.toString(16));b.d=hextob64u(d.d.toString(16));b.p=hextob64u(d.p.toString(16));b.q=hextob64u(d.q.toString(16));b.dp=hextob64u(d.dmp1.toString(16));b.dq=hextob64u(d.dmq1.toString(16));b.qi=hextob64u(d.coeff.toString(16));return b}else{if(d instanceof RSAKey&&d.isPublic){b.kty="RSA";b.n=hextob64u(d.n.toString(16));b.e=hextob64u(d.e.toString(16));return b}else{if(d instanceof KJUR.crypto.ECDSA&&d.isPrivate){var a=d.getShortNISTPCurveName();if(a!=="P-256"&&a!=="P-384"){throw"unsupported curve name for JWT: "+a}var c=d.getPublicKeyXYHex();b.kty="EC";b.crv=a;b.x=hextob64u(c.x);b.y=hextob64u(c.y);b.d=hextob64u(d.prvKeyHex);return b}else{if(d instanceof KJUR.crypto.ECDSA&&d.isPublic){var a=d.getShortNISTPCurveName();if(a!=="P-256"&&a!=="P-384"){throw"unsupported curve name for JWT: "+a}var c=d.getPublicKeyXYHex();b.kty="EC";b.crv=a;b.x=hextob64u(c.x);b.y=hextob64u(c.y);return b}}}}throw"not supported key object"}; RSAKey.getPosArrayOfChildrenFromHex=function(a){return ASN1HEX.getChildIdx(a,0)};RSAKey.getHexValueArrayOfChildrenFromHex=function(f){var n=ASN1HEX;var i=n.getV;var k=RSAKey.getPosArrayOfChildrenFromHex(f);var e=i(f,k[0]);var j=i(f,k[1]);var b=i(f,k[2]);var c=i(f,k[3]);var h=i(f,k[4]);var g=i(f,k[5]);var m=i(f,k[6]);var l=i(f,k[7]);var d=i(f,k[8]);var k=new Array();k.push(e,j,b,c,h,g,m,l,d);return k};RSAKey.prototype.readPrivateKeyFromPEMString=function(d){var c=pemtohex(d);var b=RSAKey.getHexValueArrayOfChildrenFromHex(c);this.setPrivateEx(b[1],b[2],b[3],b[4],b[5],b[6],b[7],b[8])};RSAKey.prototype.readPKCS5PrvKeyHex=function(c){var b=RSAKey.getHexValueArrayOfChildrenFromHex(c);this.setPrivateEx(b[1],b[2],b[3],b[4],b[5],b[6],b[7],b[8])};RSAKey.prototype.readPKCS8PrvKeyHex=function(e){var c,i,k,b,a,f,d,j;var m=ASN1HEX;var l=m.getVbyListEx;if(m.isASN1HEX(e)===false){throw new Error("not ASN.1 hex string")}try{c=l(e,0,[2,0,1],"02");i=l(e,0,[2,0,2],"02");k=l(e,0,[2,0,3],"02");b=l(e,0,[2,0,4],"02");a=l(e,0,[2,0,5],"02");f=l(e,0,[2,0,6],"02");d=l(e,0,[2,0,7],"02");j=l(e,0,[2,0,8],"02")}catch(g){throw new Error("malformed PKCS#8 plain RSA private key")}this.setPrivateEx(c,i,k,b,a,f,d,j)};RSAKey.prototype.readPKCS5PubKeyHex=function(c){var e=ASN1HEX;var b=e.getV;if(e.isASN1HEX(c)===false){throw new Error("keyHex is not ASN.1 hex string")}var a=e.getChildIdx(c,0);if(a.length!==2||c.substr(a[0],2)!=="02"||c.substr(a[1],2)!=="02"){throw new Error("wrong hex for PKCS#5 public key")}var f=b(c,a[0]);var d=b(c,a[1]);this.setPublic(f,d)};RSAKey.prototype.readPKCS8PubKeyHex=function(b){var c=ASN1HEX;if(c.isASN1HEX(b)===false){throw new Error("not ASN.1 hex string")}if(c.getTLVbyListEx(b,0,[0,0])!=="06092a864886f70d010101"){throw new Error("not PKCS8 RSA public key")}var a=c.getTLVbyListEx(b,0,[1,0]);this.readPKCS5PubKeyHex(a)};RSAKey.prototype.readCertPubKeyHex=function(b,d){var a,c;a=new X509();a.readCertHex(b);c=a.getPublicKeyHex();this.readPKCS8PubKeyHex(c)}; var _RE_HEXDECONLY=new RegExp("[^0-9a-f]","gi");function _rsasign_getHexPaddedDigestInfoForString(d,e,a){var b=function(f){return KJUR.crypto.Util.hashString(f,a)};var c=b(d);return KJUR.crypto.Util.getPaddedDigestInfoHex(c,a,e)}function _zeroPaddingOfSignature(e,d){var c="";var a=d/4-e.length;for(var b=0;b>24,(d&16711680)>>16,(d&65280)>>8,d&255]))));d+=1}return b}RSAKey.prototype.signPSS=function(e,a,d){var c=function(f){return KJUR.crypto.Util.hashHex(f,a)};var b=c(rstrtohex(e));if(d===undefined){d=-1}return this.signWithMessageHashPSS(b,a,d)};RSAKey.prototype.signWithMessageHashPSS=function(l,a,k){var b=hextorstr(l);var g=b.length;var m=this.n.bitLength()-1;var c=Math.ceil(m/8);var d;var o=function(i){return KJUR.crypto.Util.hashHex(i,a)};if(k===-1||k===undefined){k=g}else{if(k===-2){k=c-g-2}else{if(k<-2){throw new Error("invalid salt length")}}}if(c<(g+k+2)){throw new Error("data too long")}var f="";if(k>0){f=new Array(k);new SecureRandom().nextBytes(f);f=String.fromCharCode.apply(String,f)}var n=hextorstr(o(rstrtohex("\x00\x00\x00\x00\x00\x00\x00\x00"+b+f)));var j=[];for(d=0;d>(8*c-m))&255;q[0]&=~p;for(d=0;dthis.n.bitLength()){return 0}var i=this.doPublic(b);var e=i.toString(16).replace(/^1f+00/,"");var g=_rsasign_getAlgNameAndHashFromHexDisgestInfo(e);if(g.length==0){return false}var d=g[0];var h=g[1];var a=function(k){return KJUR.crypto.Util.hashString(k,d)};var c=a(f);return(h==c)};RSAKey.prototype.verifyWithMessageHash=function(e,a){if(a.length!=Math.ceil(this.n.bitLength()/4)){return false}var b=parseBigInt(a,16);if(b.bitLength()>this.n.bitLength()){return 0}var h=this.doPublic(b);var g=h.toString(16).replace(/^1f+00/,"");var c=_rsasign_getAlgNameAndHashFromHexDisgestInfo(g);if(c.length==0){return false}var d=c[0];var f=c[1];return(f==e)};RSAKey.prototype.verifyPSS=function(c,b,a,f){var e=function(g){return KJUR.crypto.Util.hashHex(g,a)};var d=e(rstrtohex(c));if(f===undefined){f=-1}return this.verifyWithMessageHashPSS(d,b,a,f)};RSAKey.prototype.verifyWithMessageHashPSS=function(f,s,l,c){if(s.length!=Math.ceil(this.n.bitLength()/4)){return false}var k=new BigInteger(s,16);var r=function(i){return KJUR.crypto.Util.hashHex(i,l)};var j=hextorstr(f);var h=j.length;var g=this.n.bitLength()-1;var m=Math.ceil(g/8);var q;if(c===-1||c===undefined){c=h}else{if(c===-2){c=m-h-2}else{if(c<-2){throw new Error("invalid salt length")}}}if(m<(h+c+2)){throw new Error("data too long")}var a=this.doPublic(k).toByteArray();for(q=0;q>(8*m-g))&255;if((d.charCodeAt(0)&p)!==0){throw new Error("bits beyond keysize not zero")}var n=pss_mgf1_str(e,d.length,r);var o=[];for(q=0;q1){var z=b(v,u[1]);var t=this.getGeneralName(z);if(t.uri!=undefined){s.uri=t.uri}}if(u.length>2){var w=b(v,u[2]);if(w=="0101ff"){s.reqauth=true}if(w=="010100"){s.reqauth=false}}return s};this.getX500NameRule=function(s){var z=true;var D=true;var C=false;var t="";var w="";var F=null;var A=[];for(var v=0;v0){s.ext=this.getExtParamArray()}s.sighex=this.getSignatureValueHex();return s};this.getExtParamArray=function(t){if(t==undefined){var v=e(this.hex,0,[0,"[3]"]);if(v!=-1){t=l(this.hex,0,[0,"[3]",0],"30")}}var s=[];var u=n(t,0);for(var w=0;w1){var z=b(v,u[1]);var t=this.getGeneralName(z);if(t.uri!=undefined){s.uri=t.uri}}if(u.length>2){var w=b(v,u[2]);if(w=="0101ff"){s.reqauth=true}if(w=="010100"){s.reqauth=false}}return s};this.getX500NameRule=function(s){var z=true;var D=true;var C=false;var t="";var w="";var F=null;var A=[];for(var v=0;v0){s.ext=this.getExtParamArray()}s.sighex=this.getSignatureValueHex();return s};this.getExtParamArray=function(t){if(t==undefined){var v=e(this.hex,0,[0,"[3]"]);if(v!=-1){t=l(this.hex,0,[0,"[3]",0],"30")}}var s=[];var u=n(t,0);for(var w=0;w0){var b=":"+n.join(":")+":";if(b.indexOf(":"+k+":")==-1){throw"algorithm '"+k+"' not accepted in the list"}}if(k!="none"&&B===null){throw"key shall be specified to verify."}if(typeof B=="string"&&B.indexOf("-----BEGIN ")!=-1){B=KEYUTIL.getKey(B)}if(z=="RS"||z=="PS"){if(!(B instanceof m)){throw"key shall be a RSAKey obj for RS* and PS* algs"}}if(z=="ES"){if(!(B instanceof p)){throw"key shall be a ECDSA obj for ES* algs"}}if(k=="none"){}var u=null;if(t.jwsalg2sigalg[l.alg]===undefined){throw"unsupported alg name: "+k}else{u=t.jwsalg2sigalg[k]}if(u=="none"){throw"not supported"}else{if(u.substr(0,4)=="Hmac"){var o=null;if(B===undefined){throw"hexadecimal key shall be specified for HMAC"}var j=new s({alg:u,pass:B});j.updateString(c);o=j.doFinal();return A==o}else{if(u.indexOf("withECDSA")!=-1){var h=null;try{h=p.concatSigToASN1Sig(A)}catch(v){return false}var g=new d({alg:u});g.init(B);g.updateString(c);return g.verify(h)}else{var g=new d({alg:u});g.init(B);g.updateString(c);return g.verify(A)}}}};KJUR.jws.JWS.parse=function(g){var c=g.split(".");var b={};var f,e,d;if(c.length!=2&&c.length!=3){throw"malformed sJWS: wrong number of '.' splitted elements"}f=c[0];e=c[1];if(c.length==3){d=c[2]}b.headerObj=KJUR.jws.JWS.readSafeJSONString(b64utoutf8(f));b.payloadObj=KJUR.jws.JWS.readSafeJSONString(b64utoutf8(e));b.headerPP=JSON.stringify(b.headerObj,null," ");if(b.payloadObj==null){b.payloadPP=b64utoutf8(e)}else{b.payloadPP=JSON.stringify(b.payloadObj,null," ")}if(d!==undefined){b.sigHex=b64utohex(d)}return b};KJUR.jws.JWS.verifyJWT=function(e,l,r){var d=KJUR,j=d.jws,o=j.JWS,n=o.readSafeJSONString,p=o.inArray,f=o.includedArray;var k=e.split(".");var c=k[0];var i=k[1];var q=c+"."+i;var m=b64utohex(k[2]);var h=n(b64utoutf8(c));var g=n(b64utoutf8(i));if(h.alg===undefined){return false}if(r.alg===undefined){throw"acceptField.alg shall be specified"}if(!p(h.alg,r.alg)){return false}if(g.iss!==undefined&&typeof r.iss==="object"){if(!p(g.iss,r.iss)){return false}}if(g.sub!==undefined&&typeof r.sub==="object"){if(!p(g.sub,r.sub)){return false}}if(g.aud!==undefined&&typeof r.aud==="object"){if(typeof g.aud=="string"){if(!p(g.aud,r.aud)){return false}}else{if(typeof g.aud=="object"){if(!f(g.aud,r.aud)){return false}}}}var b=j.IntDate.getNow();if(r.verifyAt!==undefined&&typeof r.verifyAt==="number"){b=r.verifyAt}if(r.gracePeriod===undefined||typeof r.gracePeriod!=="number"){r.gracePeriod=0}if(g.exp!==undefined&&typeof g.exp=="number"){if(g.exp+r.gracePeriodl){this.aHeader.pop()}if(this.aSignature.length>l){this.aSignature.pop()}throw"addSignature failed: "+i}};this.verifyAll=function(h){if(this.aHeader.length!==h.length||this.aSignature.length!==h.length){return false}for(var g=0;g0){this.aHeader=g.headers}else{throw"malformed header"}if(typeof g.payload==="string"){this.sPayload=g.payload}else{throw"malformed signatures"}if(g.signatures.length>0){this.aSignature=g.signatures}else{throw"malformed signatures"}}catch(e){throw"malformed JWS-JS JSON object: "+e}}};this.getJSON=function(){return{headers:this.aHeader,payload:this.sPayload,signatures:this.aSignature}};this.isEmpty=function(){if(this.aHeader.length==0){return 1}return 0}}; diff --git a/npm/package.json b/npm/package.json index b083c8db..633ad82b 100755 --- a/npm/package.json +++ b/npm/package.json @@ -1,6 +1,6 @@ { "name": "jsrsasign", - "version": "10.0.3", + "version": "10.0.4", "description": "opensource free pure JavaScript cryptographic library supports RSA/RSAPSS/ECDSA/DSA signing/validation, ASN.1, PKCS#1/5/8 private/public key, X.509 certificate, CRL, OCSP, CMS SignedData, TimeStamp and CAdES and JSON Web Signature(JWS)/Token(JWT)/Key(JWK).", "main": "lib/jsrsasign.js", "scripts": { diff --git a/npm_util/lib/footer.js b/npm_util/lib/footer.js index 75d090e0..4c03ee0c 100755 --- a/npm_util/lib/footer.js +++ b/npm_util/lib/footer.js @@ -4,4 +4,8 @@ exports.readFileHexByBin = readFileHexByBin; exports.readFile = readFile; exports.saveFile = saveFile; exports.saveFileBinByHex = saveFileBinByHex; +exports.readJSON = readJSON; +exports.readJSONC = readJSONC; +exports.saveFileJSON = saveFileJSON; +exports.printJSON = printJSON; diff --git a/npm_util/lib/header.js b/npm_util/lib/header.js index bcb9cd61..e19677c6 100755 --- a/npm_util/lib/header.js +++ b/npm_util/lib/header.js @@ -1,2 +1,2 @@ -/*! jsrsasign-util-1.0.0 (c) 2016 Kenji Urushima | kjur.github.com/jsrsasign/license +/*! jsrsasign-util-1.0.1 (c) 2016-2020 Kenji Urushima | kjur.github.com/jsrsasign/license */ diff --git a/npm_util/lib/jsrsasign-util.js b/npm_util/lib/jsrsasign-util.js index 8f492c58..4c5c8e62 100644 --- a/npm_util/lib/jsrsasign-util.js +++ b/npm_util/lib/jsrsasign-util.js @@ -1,11 +1,13 @@ -/*! jsrsasign-util-1.0.0 (c) 2016 Kenji Urushima | kjur.github.com/jsrsasign/license +/*! jsrsasign-util-1.0.1 (c) 2016-2020 Kenji Urushima | kjur.github.com/jsrsasign/license */ -/*! nodeutil-1.0.0 (c) 2015 Kenji Urushima | kjur.github.com/jsrsasign/license - */ -function readFileUTF8(a){return require("fs").readFileSync(a,"utf8")}function readFileHexByBin(c){var b=require("jsrsasign");var a=require("fs");return b.rstrtohex(a.readFileSync(c,"binary"))}function readFile(b){var a=require("fs");return a.readFileSync(b,"binary")}function saveFile(c,b){var a=require("fs");a.writeFileSync(c,b,"binary")}function saveFileBinByHex(e,b){var a=require("fs");var c=require("jsrsasign");var d=c.hextorstr(b);a.writeFileSync(e,d,"binary")}; +var fs=require("fs");var JSONC=require("jsonc-parser");var rs=require("jsrsasign");function readFileUTF8(a){return require("fs").readFileSync(a,"utf8")}function readFileHexByBin(a){return rs.rstrtohex(fs.readFileSync(a,"binary"))}function readFile(a){return fs.readFileSync(a,"binary")}function saveFile(c,b){var a=require("fs");a.writeFileSync(c,b,"binary")}function saveFileBinByHex(c,a){var b=rs.hextorstr(a);fs.writeFileSync(c,b,"binary")}function readJSON(b){var a=fs.readFileSync(b,"utf8");var c=JSON.parse(a);return c}function readJSONC(b){var a=fs.readFileSync(b,"utf8");var c=JSONC.parse(a);return c}function saveFileJSON(a,b){var c=JSON.stringify(b,null," ");saveFile(a,c)}function printJSON(a,c){var b="";if(c!=undefined){b=c}console.log(b+JSON.stringify(a,null," "))}; exports.readFileUTF8 = readFileUTF8; exports.readFileHexByBin = readFileHexByBin; exports.readFile = readFile; exports.saveFile = saveFile; exports.saveFileBinByHex = saveFileBinByHex; +exports.readJSON = readJSON; +exports.readJSONC = readJSONC; +exports.saveFileJSON = saveFileJSON; +exports.printJSON = printJSON; diff --git a/npm_util/package.json b/npm_util/package.json index b284725d..09af991e 100755 --- a/npm_util/package.json +++ b/npm_util/package.json @@ -1,28 +1,30 @@ { - "name": "jsrsasign-util", - "version": "1.0.0", - "description": "utilities for jsrsasign (kjur.github.io/jsrsasign) such like file utilities", - "main": "lib/jsrsasign-util.js", - "scripts": { - "test": "echo \"Error: no test specified\" && exit 1" - }, - "repository": { - "type": "git", - "url": "https://github.com/kjur/jsrsasign.git" - }, - "keywords": [ - "jsrsasign", "utilities", "file" - ], - "author": "Kenji Urushima", - "licenses": [ - { - "type": "MIT", - "url": "https://raw.github.com/kjur/jsrsasign/master/LICENSE.txt" + "name": "jsrsasign-util", + "version": "1.0.1", + "description": "utilities for jsrsasign (kjur.github.io/jsrsasign) such like file utilities", + "main": "lib/jsrsasign-util.js", + "scripts": { + "test": "echo \"Error: no test specified\" && exit 1" + }, + "repository": { + "type": "git", + "url": "https://github.com/kjur/jsrsasign.git" + }, + "keywords": [ + "jsrsasign", "utilities", "file" + ], + "author": "Kenji Urushima", + "licenses": [ + { + "type": "MIT", + "url": "https://raw.github.com/kjur/jsrsasign/master/LICENSE.txt" + } + ], + "bugs": { + "url": "https://github.com/kjur/jsrsasign/issues" + }, + "dependencies": { + "jsrsasign": "^1.0.0", + "jsonc-parser": "^0.0.1" } - ], - "bugs": { - "url": "https://github.com/kjur/jsrsasign/issues" - }, - "dependencies": { - } } diff --git a/src/nodeutil-1.0.js b/src/nodeutil-1.0.js index 1dffd94e..4b7cbabd 100644 --- a/src/nodeutil-1.0.js +++ b/src/nodeutil-1.0.js @@ -1,11 +1,9 @@ -/* nodeutil-1.0.0 (c) 2015 Kenji Urushima | kjur.github.com/jsrsasign/license +/* nodeutil-1.0.1 (c) 2015-2020 Kenji Urushima | kjur.github.com/jsrsasign/license */ /* * nodeutil.js - Utilities for Node * - * version: 1.0.0 (2015 Nov 11) - * - * Copyright (c) 2015 Kenji Urushima (kenji.urushima@gmail.com) + * Copyright (c) 2015-2020 Kenji Urushima (kenji.urushima@gmail.com) * * This software is licensed under the terms of the MIT License. * https://kjur.github.io/jsrsasign/license/ @@ -18,10 +16,13 @@ * @fileOverview * @name nodeutil-1.0.js * @author Kenji Urushima kenji.urushima@gmail.com - * @version 1.0.0 (2015-Nov-11) + * @version jsrsasign-util 1.0.1 nodeutil 1.0.1 (2020-Oct-23) * @since jsrsasign 5.0.2 * @license MIT License */ +var fs = require("fs"); +var JSONC = require("jsonc-parser"); +var rs = require("jsrsasign"); /** * read file and return file contents as utf-8 string @@ -42,8 +43,6 @@ function readFileUTF8(utf8File) { * This function only works in Node.js. */ function readFileHexByBin(binFile) { - var rs = require('jsrsasign'); - var fs = require('fs'); return rs.rstrtohex(fs.readFileSync(binFile, 'binary')); } @@ -55,7 +54,6 @@ function readFileHexByBin(binFile) { * This function only works in Node.js. */ function readFile(binFile) { - var fs = require('fs'); return fs.readFileSync(binFile, 'binary'); } @@ -79,8 +77,90 @@ function saveFile(binFile, rawString) { * This function only works in Node.js. */ function saveFileBinByHex(binFile, hexString) { - var fs = require('fs'); - var rs = require('jsrsasign'); var rawString = rs.hextorstr(hexString); fs.writeFileSync(binFile, rawString, 'binary'); } + +/** + * read JSON file and return its JSON object + * @param {String} JSON file name to be read + * @return {Object} JSON object or array of file contents + * @since jsrsasign-util 1.0.1 nodeutil 1.0.1 + * + * @description + * This function only works in Node.js. + * @example + * var rsu = require("jsrsasign-util"); + * rsu.readJSON("aaa.json") → JSON object + */ +function readJSON(jsonFile) { + var jsonStr = fs.readFileSync(jsonFile, "utf8"); + var json = JSON.parse(jsonStr); + return json; +} + +/** + * read JSONC file and return its JSON object + * @param {String} JSONC file name to be read + * @return {Object} JSON object or array of file contents + * @since jsrsasign-util 1.0.1 nodeutil 1.0.1 + * + * @description + * This method read JSONC (i.e. JSON with comments) file + * and returns JSON object. + * This function only works in Node.js. + * + * @example + * var rsu = require("jsrsasign-util"); + * rsu.readJSONC("aaa.jsonc") → JSON object + */ +function readJSONC(jsonFile) { + var jsonStr = fs.readFileSync(jsonFile, "utf8"); + var json = JSONC.parse(jsonStr); + return json; +} + +/** + * save JSON object as file + * @param {Object} jsonFile output JSON file name + * @param {Object} json JSON object to save + * @since jsrsasign-util 1.0.1 nodeutil 1.0.1 + * + * @description + * This method saves JSON object as a file. + * This function only works in Node.js. + * + * @example + * var rsu = require("jsrsasign-util"); + * rsu.saveJSONC("aaa.jsonc", json); + */ +function saveFileJSON(jsonFile, json) { + var s = JSON.stringify(json, null, " "); + saveFile(jsonFile, s); +} + +/** + * output JSON object to console + * @param {Object} json JSON object to print out + * @param {Object} prefix prefix string (OPTION) + * @since jsrsasign-util 1.0.1 nodeutil 1.0.1 + * + * @description + * This method writes JSON object to console. + * This function only works in Node.js. + * + * @example + * var rsu = require("jsrsasign-util"); + * var obj = {aaa: "bbb", "ccc": 123}; + * rsu.printJSON(obj, "obj = ") → + * obj = { + * "aaa": "bbb", + * "ccc": 123 + * } + */ +function printJSON(json, prefix) { + var s = ""; + if (prefix != undefined) s = prefix; + console.log(s + JSON.stringify(json, null, " ")); +} + diff --git a/src/x509-1.1.js b/src/x509-1.1.js index ec2c0600..fb958184 100644 --- a/src/x509-1.1.js +++ b/src/x509-1.1.js @@ -1,4 +1,4 @@ -/* x509-2.0.7.js (c) 2012-2020 Kenji Urushima | kjur.github.io/jsrsasign/license +/* x509-2.0.8.js (c) 2012-2020 Kenji Urushima | kjur.github.io/jsrsasign/license */ /* * x509.js - X509 class to read subject public key from certificate. @@ -16,7 +16,7 @@ * @fileOverview * @name x509-1.1.js * @author Kenji Urushima kenji.urushima@gmail.com - * @version jsrsasign 10.0.3 x509 2.0.7 (2020-Oct-21) + * @version jsrsasign 10.0.4 x509 2.0.8 (2020-Oct-23) * @since jsrsasign 1.x.x * @license MIT License */ @@ -2457,6 +2457,124 @@ function X509(params) { if (aExt[i].extname == extname) return aExt[i]; } return null; + + }; + + /** + * update CRLDistributionPoints Full URI in parameter
+ * @name updateCDPFullURI + * @memberOf X509# + * @function + * @param {Array} aExt array of extension parameters + * @param {String} newURI string of new uri + * @since jsrsasign 10.0.4 x509 2.0.8 + * @see X509#findExt + * @see KJUR.asn1.x509.CRLDistributionPoints + * + * @description + * This method updates Full URI of CRLDistributionPoints extension + * in the extension parameter array if it exists. + * + * @example + * aExt = [ + * {extname:"authorityKeyIdentifier",kid:{hex:"12ab..."}}, + * {extname:"cRLDistributionPoints", + array:[{dpname:{full:[{uri:"http://example.com/a.crl"}]}}]}, + * ]; + * x = new X509(); + * x.updateCDPFullURI(aExt, "http://crl2.example.new/b.crl"); + */ + this.updateExtCDPFullURI = function(aExt, newURI) { + var pExt = this.findExt(aExt, "cRLDistributionPoints"); + if (pExt == null) return; + if (pExt.array == undefined) return; + var aDP = pExt.array; + for (var i = 0; i < aDP.length; i++) { + if (aDP[i].dpname == undefined) continue; + if (aDP[i].dpname.full == undefined) continue; + var aURI = aDP[i].dpname.full; + for (var j = 0; j < aURI.length; j++) { + var pURI = aURI[i]; + if (pURI.uri == undefined) continue; + pURI.uri = newURI; + } + } + }; + + /** + * update authorityInfoAccess ocsp in parameter
+ * @name updateAIAOCSP + * @memberOf X509# + * @function + * @param {Array} aExt array of extension parameters + * @param {String} newURI string of new uri + * @since jsrsasign 10.0.4 x509 2.0.8 + * @see X509#findExt + * @see KJUR.asn1.x509.AuthorityInfoAccess + * + * @description + * This method updates "ocsp" accessMethod URI of + * AuthorityInfoAccess extension + * in the extension parameter array if it exists. + * + * @example + * aExt = [ + * {extname:"authorityKeyIdentifier",kid:{hex:"12ab..."}}, + * {extname:"authoriyInfoAccess", + * array:[ + * {ocsp: "http://ocsp1.example.com"}, + * {caissuer: "http://example.com/a.crt"} + * ]} + * ]; + * x = new X509(); + * x.updateAIAOCSP(aExt, "http://ocsp2.example.net"); + */ + this.updateExtAIAOCSP = function(aExt, newURI) { + var pExt = this.findExt(aExt, "authorityInfoAccess"); + if (pExt == null) return; + if (pExt.array == undefined) return; + var a = pExt.array; + for (var i = 0; i < a.length; i++) { + if (a[i].ocsp != undefined) a[i].ocsp = newURI; + } + }; + + /** + * update authorityInfoAccess caIssuer in parameter
+ * @name updateAIACAIssuer + * @memberOf X509# + * @function + * @param {Array} aExt array of extension parameters + * @param {String} newURI string of new uri + * @since jsrsasign 10.0.4 x509 2.0.8 + * @see X509#findExt + * @see KJUR.asn1.x509.AuthorityInfoAccess + * + * @description + * This method updates "caIssuer" accessMethod URI of + * AuthorityInfoAccess extension + * in the extension parameter array if it exists. + * + * @example + * aExt = [ + * {extname:"authorityKeyIdentifier",kid:{hex:"12ab..."}}, + * {extname:"authoriyInfoAccess", + * array:[ + * {ocsp: "http://ocsp1.example.com"}, + * {caissuer: "http://example.com/a.crt"} + * ]} + * ]; + * x = new X509(); + * x.updateAIACAIssuer(aExt, "http://example.net/b.crt"); + */ + this.updateExtAIACAIssuer = function(aExt, newURI) { + var pExt = this.findExt(aExt, "authorityInfoAccess"); + if (pExt == null) return; + if (pExt.array == undefined) return; + var a = pExt.array; + for (var i = 0; i < a.length; i++) { + if (a[i].caissuer != undefined) a[i].caissuer = newURI; + } }; /** diff --git a/test/qunit-do-x509-param.html b/test/qunit-do-x509-param.html index 356c902c..c83eaf2e 100755 --- a/test/qunit-do-x509-param.html +++ b/test/qunit-do-x509-param.html @@ -590,6 +590,97 @@ deepEqual(aExt, aExtExpect, "findExt"); }); +// **** updateExtCDPFullURI +test("updateExtCDPFullURI test", function() { +var aParam = [{ + "extname": "subjectAltName", + "array": [{"rfc822": "jcan-secretariat@jipdec.or.jp"}] +},{ + "extname": "cRLDistributionPoints", + "array": [{ + "dpname": {"full": [{"uri": "http://example.com/a.crl"}]} + }] +},{ + "extname": "basicConstraints" +}]; +var aExpect = [{ + "extname": "subjectAltName", + "array": [{"rfc822": "jcan-secretariat@jipdec.or.jp"}] +},{ + "extname": "cRLDistributionPoints", + "array": [{ + "dpname": {"full": [{"uri": "http://foo.com/b.crl"}]} + }] +},{ + "extname": "basicConstraints" +}]; +var x = new X509(); +x.updateExtCDPFullURI(aParam,"http://foo.com/b.crl"); +deepEqual(aParam, aExpect); +}); + +// **** updateExtAIAOCSP; +test("updateExtAIAOCSP test", function() { +var aParam = [{ + "extname": "subjectAltName", + "array": [{"rfc822": "jcan-secretariat@jipdec.or.jp"}] +},{ + "extname": "authorityInfoAccess", + "array": [ + {"caissuer": "http://example.com/a.crt"}, + {"ocsp": "http://ocsp.example.com"} + ] +},{ + "extname": "basicConstraints" +}]; +var aExpect = [{ + "extname": "subjectAltName", + "array": [{"rfc822": "jcan-secretariat@jipdec.or.jp"}] +},{ + "extname": "authorityInfoAccess", + "array": [ + {"caissuer": "http://example.com/a.crt"}, + {"ocsp": "http://ocsp.foo.net"} + ] +},{ + "extname": "basicConstraints" +}]; +var x = new X509(); +x.updateExtAIAOCSP(aParam,"http://ocsp.foo.net"); +deepEqual(aParam, aExpect); +}); + +// **** updateExtAIACAIssuer; +test("updateExtAIACAIssuer test", function() { +var aParam = [{ + "extname": "subjectAltName", + "array": [{"rfc822": "jcan-secretariat@jipdec.or.jp"}] +},{ + "extname": "authorityInfoAccess", + "array": [ + {"caissuer": "http://example.com/a.crt"}, + {"ocsp": "http://ocsp.example.com"} + ] +},{ + "extname": "basicConstraints" +}]; +var aExpect = [{ + "extname": "subjectAltName", + "array": [{"rfc822": "jcan-secretariat@jipdec.or.jp"}] +},{ + "extname": "authorityInfoAccess", + "array": [ + {"caissuer": "http://example.foo.net/b.crt"}, + {"ocsp": "http://ocsp.example.com"} + ] +},{ + "extname": "basicConstraints" +}]; +var x = new X509(); +x.updateExtAIACAIssuer(aParam,"http://example.foo.net/b.crt"); +deepEqual(aParam, aExpect); +}); + });