api-console-assets
Version:
This repo only exists to publish api console components to npm
451 lines (410 loc) • 15.4 kB
JavaScript
/* asn1csr-1.0.6.js (c) 2015-2018 Kenji Urushima | kjur.github.com/jsrsasign/license
*/
/*
* asn1csr.js - ASN.1 DER encoder classes for PKCS#10 CSR
*
* Copyright (c) 2015-2018 Kenji Urushima (kenji.urushima@gmail.com)
*
* This software is licensed under the terms of the MIT License.
* https://kjur.github.io/jsrsasign/license
*
* The above copyright and license notice shall be
* included in all copies or substantial portions of the Software.
*/
/**
* @fileOverview
* @name asn1csr-1.0.js
* @author Kenji Urushima kenji.urushima@gmail.com
* @version jsrsasign 8.0.5 asn1csr 1.0.6 (2018-Jan-13)
* @since jsrsasign 4.9.0
* @license <a href="https://kjur.github.io/jsrsasign/license/">MIT License</a>
*/
/**
* kjur's ASN.1 class for CSR/PKCS#10 name space
* <p>
* This name space is a sub name space for {@link KJUR.asn1}.
* This name space contains classes for
* <a href="https://tools.ietf.org/html/rfc2986">RFC 2986</a>
* certificate signing request(CSR/PKCS#10) and its utilities
* to be issued your certificate from certification authorities.
* <h4>PROVIDING ASN.1 STRUCTURES</h4>
* <ul>
* <li>{@link KJUR.asn1.csr.CertificationRequest}</li>
* <li>{@link KJUR.asn1.csr.CertificationRequestInfo}</li>
* </ul>
* <h4>PROVIDING UTILITY CLASSES</h4>
* <ul>
* <li>{@link KJUR.asn1.csr.CSRUtil}</li>
* </ul>
* {@link KJUR.asn1.csr.CSRUtil.newCSRPEM} method is very useful to
* get your certificate signing request (CSR/PKCS#10) file.
* </p>
* @name KJUR.asn1.csr
* @namespace
*/
if (typeof KJUR.asn1.csr == "undefined" || !KJUR.asn1.csr) KJUR.asn1.csr = {};
/**
* ASN.1 CertificationRequest structure class
* @name KJUR.asn1.csr.CertificationRequest
* @class ASN.1 CertificationRequest structure class
* @param {Array} params associative array of parameters (ex. {})
* @extends KJUR.asn1.ASN1Object
* @since jsrsasign 4.9.0 asn1csr 1.0.0
* @description
* <br/>
* @example
* csri = new KJUR.asn1.csr.CertificationRequestInfo();
* csri.setSubjectByParam({'str': '/C=US/O=Test/CN=example.com'});
* csri.setSubjectPublicKeyByGetKey(pubKeyObj);
* csr = new KJUR.asn1.csr.CertificationRequest({'csrinfo': csri});
* csr.sign("SHA256withRSA", prvKeyObj);
* pem = csr.getPEMString();
*
* // -- DEFINITION OF ASN.1 SYNTAX --
* // CertificationRequest ::= SEQUENCE {
* // certificationRequestInfo CertificationRequestInfo,
* // signatureAlgorithm AlgorithmIdentifier{{ SignatureAlgorithms }},
* // signature BIT STRING }
* //
* // CertificationRequestInfo ::= SEQUENCE {
* // version INTEGER { v1(0) } (v1,...),
* // subject Name,
* // subjectPKInfo SubjectPublicKeyInfo{{ PKInfoAlgorithms }},
* // attributes [0] Attributes{{ CRIAttributes }} }
*/
KJUR.asn1.csr.CertificationRequest = function(params) {
var _KJUR = KJUR,
_KJUR_asn1 = _KJUR.asn1,
_DERBitString = _KJUR_asn1.DERBitString,
_DERSequence = _KJUR_asn1.DERSequence,
_KJUR_asn1_csr = _KJUR_asn1.csr,
_KJUR_asn1_x509 = _KJUR_asn1.x509;
_KJUR_asn1_csr.CertificationRequest.superclass.constructor.call(this);
var asn1CSRInfo = null;
var asn1SignatureAlg = null;
var asn1Sig = null;
var hexSig = null;
var prvKey = null;
/**
* sign CertificationRequest and set signature value internally<br/>
* @name sign
* @memberOf KJUR.asn1.csr.CertificationRequest#
* @function
* @description
* This method self-signs CertificateRequestInfo with a subject's
* private key and set signature value internally.
* <br/>
* @example
* csr = new KJUR.asn1.csr.CertificationRequest({'csrinfo': csri});
* csr.sign("SHA256withRSA", prvKeyObj);
*/
this.sign = function(sigAlgName, prvKeyObj) {
if (this.prvKey == null) this.prvKey = prvKeyObj;
this.asn1SignatureAlg =
new _KJUR_asn1_x509.AlgorithmIdentifier({'name': sigAlgName});
sig = new _KJUR.crypto.Signature({'alg': sigAlgName});
sig.init(this.prvKey);
sig.updateHex(this.asn1CSRInfo.getEncodedHex());
this.hexSig = sig.sign();
this.asn1Sig = new _DERBitString({'hex': '00' + this.hexSig});
var seq = new _DERSequence({'array': [this.asn1CSRInfo,
this.asn1SignatureAlg,
this.asn1Sig]});
this.hTLV = seq.getEncodedHex();
this.isModified = false;
};
/**
* get PEM formatted certificate signing request (CSR/PKCS#10)<br/>
* @name getPEMString
* @memberOf KJUR.asn1.csr.CertificationRequest#
* @function
* @return PEM formatted string of CSR/PKCS#10
* @description
* This method is to a get CSR PEM string after signed.
* <br/>
* @example
* csr = new KJUR.asn1.csr.CertificationRequest({'csrinfo': csri});
* csr.sign();
* pem = csr.getPEMString();
* // pem will be following:
* // -----BEGIN CERTIFICATE REQUEST-----
* // MII ...snip...
* // -----END CERTIFICATE REQUEST-----
*/
this.getPEMString = function() {
return hextopem(this.getEncodedHex(), "CERTIFICATE REQUEST");
};
this.getEncodedHex = function() {
if (this.isModified == false && this.hTLV != null) return this.hTLV;
throw "not signed yet";
};
if (params !== undefined && params.csrinfo !== undefined) {
this.asn1CSRInfo = params.csrinfo;
}
};
YAHOO.lang.extend(KJUR.asn1.csr.CertificationRequest, KJUR.asn1.ASN1Object);
/**
* ASN.1 CertificationRequestInfo structure class
* @name KJUR.asn1.csr.CertificationRequestInfo
* @class ASN.1 CertificationRequestInfo structure class
* @param {Array} params associative array of parameters (ex. {})
* @extends KJUR.asn1.ASN1Object
* @since jsrsasign 4.9.0 asn1csr 1.0.0
* @description
* <pre>
* // -- DEFINITION OF ASN.1 SYNTAX --
* // CertificationRequestInfo ::= SEQUENCE {
* // version INTEGER { v1(0) } (v1,...),
* // subject Name,
* // subjectPKInfo SubjectPublicKeyInfo{{ PKInfoAlgorithms }},
* // attributes [0] Attributes{{ CRIAttributes }} }
* </pre>
* <br/>
* @example
* csri = new KJUR.asn1.csr.CertificationRequestInfo();
* csri.setSubjectByParam({'str': '/C=US/O=Test/CN=example.com'});
* csri.setSubjectPublicKeyByGetKey(pubKeyObj);
*/
KJUR.asn1.csr.CertificationRequestInfo = function(params) {
var _KJUR = KJUR,
_KJUR_asn1 = _KJUR.asn1,
_DERInteger = _KJUR_asn1.DERInteger,
_DERSequence = _KJUR_asn1.DERSequence,
_DERSet = _KJUR_asn1.DERSet,
_DERNull = _KJUR_asn1.DERNull,
_DERTaggedObject = _KJUR_asn1.DERTaggedObject,
_DERObjectIdentifier = _KJUR_asn1.DERObjectIdentifier,
_KJUR_asn1_csr = _KJUR_asn1.csr,
_KJUR_asn1_x509 = _KJUR_asn1.x509,
_X500Name = _KJUR_asn1_x509.X500Name,
_Extension = _KJUR_asn1_x509.Extension,
_KEYUTIL = KEYUTIL;
_KJUR_asn1_csr.CertificationRequestInfo.superclass.constructor.call(this);
this._initialize = function() {
this.asn1Array = new Array();
this.asn1Version = new _DERInteger({'int': 0});
this.asn1Subject = null;
this.asn1SubjPKey = null;
this.extensionsArray = new Array();
};
/**
* set subject name field by parameter
* @name setSubjectByParam
* @memberOf KJUR.asn1.csr.CertificationRequestInfo#
* @function
* @param {Array} x500NameParam X500Name parameter
* @description
* @example
* csri.setSubjectByParam({'str': '/C=US/CN=b'});
* @see KJUR.asn1.x509.X500Name
*/
this.setSubjectByParam = function(x500NameParam) {
this.asn1Subject = new _X500Name(x500NameParam);
};
/**
* set subject public key info by RSA/ECDSA/DSA key parameter
* @name setSubjectPublicKeyByGetKey
* @memberOf KJUR.asn1.csr.CertificationRequestInfo#
* @function
* @param {Object} keyParam public key parameter which passed to {@link KEYUTIL.getKey} argument
* @description
* @example
* csri.setSubjectPublicKeyByGetKeyParam(certPEMString); // or
* csri.setSubjectPublicKeyByGetKeyParam(pkcs8PublicKeyPEMString); // or
* csir.setSubjectPublicKeyByGetKeyParam(kjurCryptoECDSAKeyObject); // et.al.
* @see KJUR.asn1.x509.SubjectPublicKeyInfo
* @see KEYUTIL.getKey
*/
this.setSubjectPublicKeyByGetKey = function(keyParam) {
var keyObj = _KEYUTIL.getKey(keyParam);
this.asn1SubjPKey =
new _KJUR_asn1_x509.SubjectPublicKeyInfo(keyObj);
};
/**
* append X.509v3 extension to this object by name and parameters
* @name appendExtensionByName
* @memberOf KJUR.asn1.csr.CertificationRequestInfo#
* @function
* @param {name} name name of X.509v3 Extension object
* @param {Array} extParams parameters as argument of Extension constructor.
* @see KJUR.asn1.x509.Extension
* @description
* @example
* var o = new KJUR.asn1.csr.CertificationRequestInfo();
* o.appendExtensionByName('BasicConstraints', {'cA':true, 'critical': true});
* o.appendExtensionByName('KeyUsage', {'bin':'11'});
* o.appendExtensionByName('CRLDistributionPoints', {uri: 'http://aaa.com/a.crl'});
* o.appendExtensionByName('ExtKeyUsage', {array: [{name: 'clientAuth'}]});
* o.appendExtensionByName('AuthorityKeyIdentifier', {kid: '1234ab..'});
* o.appendExtensionByName('AuthorityInfoAccess', {array: [{accessMethod:{oid:...},accessLocation:{uri:...}}]});
*/
this.appendExtensionByName = function(name, extParams) {
_Extension.appendByNameToArray(name,
extParams,
this.extensionsArray);
};
this.getEncodedHex = function() {
this.asn1Array = new Array();
this.asn1Array.push(this.asn1Version);
this.asn1Array.push(this.asn1Subject);
this.asn1Array.push(this.asn1SubjPKey);
// extensionRequest
if (this.extensionsArray.length > 0) {
var extSeq = new _DERSequence({array: this.extensionsArray});
var extSet = new _DERSet({array: [extSeq]});
var extSeq2 = new _DERSequence({array: [
new _DERObjectIdentifier({oid: "1.2.840.113549.1.9.14"}),
extSet
]});
var extTagObj = new _DERTaggedObject({
explicit: true,
tag: 'a0',
obj: extSeq2
});
this.asn1Array.push(extTagObj);
} else {
var extTagObj = new _DERTaggedObject({
explicit: false,
tag: 'a0',
obj: new _DERNull()
});
this.asn1Array.push(extTagObj);
}
var o = new _DERSequence({"array": this.asn1Array});
this.hTLV = o.getEncodedHex();
this.isModified = false;
return this.hTLV;
};
this._initialize();
};
YAHOO.lang.extend(KJUR.asn1.csr.CertificationRequestInfo, KJUR.asn1.ASN1Object);
/**
* Certification Request (CSR/PKCS#10) utilities class<br/>
* @name KJUR.asn1.csr.CSRUtil
* @class Certification Request (CSR/PKCS#10) utilities class
* @description
* This class provides utility static methods for CSR/PKCS#10.
* Here is a list of methods:
* <ul>
* <li>{@link KJUR.asn1.csr.CSRUtil.newCSRPEM}</li>
* <li>{@link KJUR.asn1.csr.CSRUtil.getInfo}</li>
* </ul>
* <br/>
*/
KJUR.asn1.csr.CSRUtil = new function() {
};
/**
* generate a PEM format of CSR/PKCS#10 certificate signing request
* @name newCSRPEM
* @memberOf KJUR.asn1.csr.CSRUtil
* @function
* @param {Array} param parameter to generate CSR
* @since jsrsasign 4.9.0 asn1csr 1.0.0
* @description
* This method can generate a CSR certificate signing
* request by a simple JSON object which has following parameters:
* <ul>
* <li>subject - parameter to be passed to {@link KJUR.asn1.x509.X500Name}</li>
* <li>sbjpubkey - parameter to be passed to {@link KEYUTIL.getKey}</li>
* <li>sigalg - signature algorithm name (ex. SHA256withRSA)</li>
* <li>sbjprvkey - parameter to be passed to {@link KEYUTIL.getKey}</li>
* </ul>
*
* @example
* // 1) by key object
* pem = KJUR.asn1.csr.CSRUtil.newCSRPEM({
* subject: {str: '/C=US/O=Test/CN=example.com'},
* sbjpubkey: pubKeyObj,
* sigalg: "SHA256withRSA",
* sbjprvkey: prvKeyObj
* });
*
* // 2) by private/public key PEM
* pem = KJUR.asn1.csr.CSRUtil.newCSRPEM({
* subject: {str: '/C=US/O=Test/CN=example.com'},
* sbjpubkey: pubKeyPEM,
* sigalg: "SHA256withRSA",
* sbjprvkey: prvKeyPEM
* });
*
* // 3) with generateKeypair
* kp = KEYUTIL.generateKeypair("RSA", 2048);
* pem = KJUR.asn1.csr.CSRUtil.newCSRPEM({
* subject: {str: '/C=US/O=Test/CN=example.com'},
* sbjpubkey: kp.pubKeyObj,
* sigalg: "SHA256withRSA",
* sbjprvkey: kp.prvKeyObj
* });
*
* // 4) by private/public key PEM with extension
* pem = KJUR.asn1.csr.CSRUtil.newCSRPEM({
* subject: {str: '/C=US/O=Test/CN=example.com'},
* ext: [
* {subjectAltName: {array: [{dns: 'example.net'}]}
* ],
* sbjpubkey: pubKeyPEM,
* sigalg: "SHA256withRSA",
* sbjprvkey: prvKeyPEM
* });
*/
KJUR.asn1.csr.CSRUtil.newCSRPEM = function(param) {
var _KEYUTIL = KEYUTIL,
_KJUR_asn1_csr = KJUR.asn1.csr;
if (param.subject === undefined) throw "parameter subject undefined";
if (param.sbjpubkey === undefined) throw "parameter sbjpubkey undefined";
if (param.sigalg === undefined) throw "parameter sigalg undefined";
if (param.sbjprvkey === undefined) throw "parameter sbjpubkey undefined";
var csri = new _KJUR_asn1_csr.CertificationRequestInfo();
csri.setSubjectByParam(param.subject);
csri.setSubjectPublicKeyByGetKey(param.sbjpubkey);
if (param.ext !== undefined && param.ext.length !== undefined) {
for (var i = 0; i < param.ext.length; i++) {
for (key in param.ext[i]) {
csri.appendExtensionByName(key, param.ext[i][key]);
}
}
}
var csr = new _KJUR_asn1_csr.CertificationRequest({'csrinfo': csri});
var prvKey = _KEYUTIL.getKey(param.sbjprvkey);
csr.sign(param.sigalg, prvKey);
var pem = csr.getPEMString();
return pem;
};
/**
* get field values from CSR/PKCS#10 PEM string<br/>
* @name getInfo
* @memberOf KJUR.asn1.csr.CSRUtil
* @function
* @param {String} sPEM PEM string of CSR/PKCS#10
* @returns {Object} JSON object with parsed parameters such as name or public key
* @since jsrsasign 6.1.3 asn1csr 1.0.1
* @description
* This method parses PEM CSR/PKCS#1 string and retrieves
* subject name and public key. Following parameters are available in the
* resulted JSON object.
* <ul>
* <li>subject.name - subject name string (ex. /C=US/O=Test)</li>
* <li>subject.hex - hexadecimal string of X.500 Name of subject</li>
* <li>pubkey.obj - subject public key object such as RSAKey, KJUR.crypto.{ECDSA,DSA}</li>
* <li>pubkey.hex - hexadecimal string of subject public key</li>
* </ul>
*
* @example
* o = KJUR.asn1.csr.CSRUtil.getInfo("-----BEGIN CERTIFICATE REQUEST...");
* console.log(o.subject.name) → "/C=US/O=Test"
*/
KJUR.asn1.csr.CSRUtil.getInfo = function(sPEM) {
var _ASN1HEX = ASN1HEX;
var _getTLVbyList = _ASN1HEX.getTLVbyList;
var result = {};
result.subject = {};
result.pubkey = {};
if (sPEM.indexOf("-----BEGIN CERTIFICATE REQUEST") == -1)
throw "argument is not PEM file";
var hex = pemtohex(sPEM, "CERTIFICATE REQUEST");
result.subject.hex = _getTLVbyList(hex, 0, [0, 1]);
result.subject.name = X509.hex2dn(result.subject.hex);
result.pubkey.hex = _getTLVbyList(hex, 0, [0, 2]);
result.pubkey.obj = KEYUTIL.getKey(result.pubkey.hex, null, "pkcs8pub");
return result;
};