sm2
Version:
sm2,sm3,cryptojs,crypto,base64,rsa,aes crypt
1,398 lines (1,290 loc) • 100 kB
JavaScript
/*! asn1x509-1.0.19.js (c) 2013-2016 Kenji Urushima | kjur.github.com/jsrsasign/license
*/
/*
* asn1x509.js - ASN.1 DER encoder classes for X.509 certificate
*
* Copyright (c) 2013-2016 Kenji Urushima (kenji.urushima@gmail.com)
*
* This software is licensed under the terms of the MIT License.
* http://kjur.github.com/jsrsasign/license
*
* The above copyright and license notice shall be
* included in all copies or substantial portions of the Software.
*/
/**
* @fileOverview
* @name asn1x509-1.0.js
* @author Kenji Urushima kenji.urushima@gmail.com
* @version 1.0.19 (2016-Nov-26)
* @since jsrsasign 2.1
* @license <a href="http://kjur.github.io/jsrsasign/license/">MIT License</a>
*/
/**
* kjur's class library name space
* // already documented in asn1-1.0.js
* @name KJUR
* @namespace kjur's class library name space
*/
if (typeof KJUR == "undefined" || !KJUR) KJUR = {};
/**
* kjur's ASN.1 class library name space
* // already documented in asn1-1.0.js
* @name KJUR.asn1
* @namespace
*/
if (typeof KJUR.asn1 == "undefined" || !KJUR.asn1) KJUR.asn1 = {};
/**
* kjur's ASN.1 class for X.509 certificate library name space
* <p>
* <h4>FEATURES</h4>
* <ul>
* <li>easily issue any kind of certificate</li>
* <li>APIs are very similar to BouncyCastle library ASN.1 classes. So easy to learn.</li>
* </ul>
* </p>
* <h4>PROVIDED CLASSES</h4>
* <ul>
* <li>{@link KJUR.asn1.x509.Certificate}</li>
* <li>{@link KJUR.asn1.x509.TBSCertificate}</li>
* <li>{@link KJUR.asn1.x509.Extension}</li>
* <li>{@link KJUR.asn1.x509.X500Name}</li>
* <li>{@link KJUR.asn1.x509.RDN}</li>
* <li>{@link KJUR.asn1.x509.AttributeTypeAndValue}</li>
* <li>{@link KJUR.asn1.x509.SubjectPublicKeyInfo}</li>
* <li>{@link KJUR.asn1.x509.AlgorithmIdentifier}</li>
* <li>{@link KJUR.asn1.x509.GeneralName}</li>
* <li>{@link KJUR.asn1.x509.GeneralNames}</li>
* <li>{@link KJUR.asn1.x509.DistributionPointName}</li>
* <li>{@link KJUR.asn1.x509.DistributionPoint}</li>
* <li>{@link KJUR.asn1.x509.CRL}</li>
* <li>{@link KJUR.asn1.x509.TBSCertList}</li>
* <li>{@link KJUR.asn1.x509.CRLEntry}</li>
* <li>{@link KJUR.asn1.x509.OID}</li>
* </ul>
* <h4>SUPPORTED EXTENSIONS</h4>
* <ul>
* <li>{@link KJUR.asn1.x509.BasicConstraints}</li>
* <li>{@link KJUR.asn1.x509.KeyUsage}</li>
* <li>{@link KJUR.asn1.x509.CRLDistributionPoints}</li>
* <li>{@link KJUR.asn1.x509.ExtKeyUsage}</li>
* <li>{@link KJUR.asn1.x509.AuthorityKeyIdentifier}</li>
* <li>{@link KJUR.asn1.x509.AuthorityInfoAccess}</li>
* <li>{@link KJUR.asn1.x509.SubjectAltName}</li>
* <li>{@link KJUR.asn1.x509.IssuerAltName}</li>
* </ul>
* NOTE1: Please ignore method summary and document of this namespace. This caused by a bug of jsdoc2.<br/>
* NOTE2: SubjectAltName and IssuerAltName extension were supported since
* jsrsasign 6.2.3 asn1x509 1.0.19.<br/>
* @name KJUR.asn1.x509
* @namespace
*/
if (typeof KJUR.asn1.x509 == "undefined" || !KJUR.asn1.x509) KJUR.asn1.x509 = {};
// === BEGIN Certificate ===================================================
/**
* X.509 Certificate class to sign and generate hex encoded certificate
* @name KJUR.asn1.x509.Certificate
* @class X.509 Certificate class to sign and generate hex encoded certificate
* @param {Array} params associative array of parameters (ex. {'tbscertobj': obj, 'prvkeyobj': key})
* @extends KJUR.asn1.ASN1Object
* @description
* <br/>
* As for argument 'params' for constructor, you can specify one of
* following properties:
* <ul>
* <li>tbscertobj - specify {@link KJUR.asn1.x509.TBSCertificate} object</li>
* <li>prvkeyobj - specify {@link RSAKey}, {@link KJUR.crypto.ECDSA} or {@link KJUR.crypto.DSA} object for CA private key to sign the certificate</li>
* <li>(DEPRECATED)rsaprvkey - specify {@link RSAKey} object CA private key</li>
* <li>(DEPRECATED)rsaprvpem - specify PEM string of RSA CA private key</li>
* </ul>
* NOTE1: 'params' can be omitted.<br/>
* NOTE2: DSA/ECDSA is also supported for CA signging key from asn1x509 1.0.6.
* @example
* var caKey = KEYUTIL.getKey(caKeyPEM); // CA's private key
* var cert = new KJUR.asn1x509.Certificate({'tbscertobj': tbs, 'prvkeyobj': caKey});
* cert.sign(); // issue certificate by CA's private key
* var certPEM = cert.getPEMString();
*
* // Certificate ::= SEQUENCE {
* // tbsCertificate TBSCertificate,
* // signatureAlgorithm AlgorithmIdentifier,
* // signature BIT STRING }
*/
KJUR.asn1.x509.Certificate = function(params) {
KJUR.asn1.x509.Certificate.superclass.constructor.call(this);
var asn1TBSCert = null;
var asn1SignatureAlg = null;
var asn1Sig = null;
var hexSig = null;
var prvKey = null;
var rsaPrvKey = null; // DEPRECATED
/**
* set PKCS#5 encrypted RSA PEM private key as CA key
* @name setRsaPrvKeyByPEMandPass
* @memberOf KJUR.asn1.x509.Certificate#
* @function
* @param {String} rsaPEM string of PKCS#5 encrypted RSA PEM private key
* @param {String} passPEM passcode string to decrypt private key
* @since 1.0.1
* @description
* <br/>
* <h4>EXAMPLES</h4>
* @example
* var cert = new KJUR.asn1.x509.Certificate({'tbscertobj': tbs});
* cert.setRsaPrvKeyByPEMandPass("-----BEGIN RSA PRIVATE..(snip)", "password");
*/
this.setRsaPrvKeyByPEMandPass = function(rsaPEM, passPEM) {
var caKeyHex = PKCS5PKEY.getDecryptedKeyHex(rsaPEM, passPEM);
var caKey = new RSAKey();
caKey.readPrivateKeyFromASN1HexString(caKeyHex);
this.prvKey = caKey;
};
/**
* sign TBSCertificate and set signature value internally
* @name sign
* @memberOf KJUR.asn1.x509.Certificate#
* @function
* @description
* @example
* var cert = new KJUR.asn1.x509.Certificate({'tbscertobj': tbs, 'rsaprvkey': prvKey});
* cert.sign();
*/
this.sign = function() {
this.asn1SignatureAlg = this.asn1TBSCert.asn1SignatureAlg;
sig = new KJUR.crypto.Signature({ 'alg': 'SHA1withRSA' });
sig.init(this.prvKey);
sig.updateHex(this.asn1TBSCert.getEncodedHex());
this.hexSig = sig.sign();
this.asn1Sig = new KJUR.asn1.DERBitString({ 'hex': '00' + this.hexSig });
var seq = new KJUR.asn1.DERSequence({
'array': [this.asn1TBSCert,
this.asn1SignatureAlg,
this.asn1Sig
]
});
this.hTLV = seq.getEncodedHex();
this.isModified = false;
};
/**
* set signature value internally by hex string
* @name setSignatureHex
* @memberOf KJUR.asn1.x509.Certificate#
* @function
* @since asn1x509 1.0.8
* @description
* @example
* var cert = new KJUR.asn1.x509.Certificate({'tbscertobj': tbs});
* cert.setSignatureHex('01020304');
*/
this.setSignatureHex = function(sigHex) {
this.asn1SignatureAlg = this.asn1TBSCert.asn1SignatureAlg;
this.hexSig = sigHex;
this.asn1Sig = new KJUR.asn1.DERBitString({ 'hex': '00' + this.hexSig });
var seq = new KJUR.asn1.DERSequence({
'array': [this.asn1TBSCert,
this.asn1SignatureAlg,
this.asn1Sig
]
});
this.hTLV = seq.getEncodedHex();
this.isModified = false;
};
this.getEncodedHex = function() {
if (this.isModified == false && this.hTLV != null) return this.hTLV;
throw "not signed yet";
};
/**
* get PEM formatted certificate string after signed
* @name getPEMString
* @memberOf KJUR.asn1.x509.Certificate#
* @function
* @return PEM formatted string of certificate
* @description
* @example
* var cert = new KJUR.asn1.x509.Certificate({'tbscertobj': tbs, 'rsaprvkey': prvKey});
* cert.sign();
* var sPEM = cert.getPEMString();
*/
this.getPEMString = function() {
var hCert = this.getEncodedHex();
var wCert = CryptoJS.enc.Hex.parse(hCert);
var b64Cert = CryptoJS.enc.Base64.stringify(wCert);
var pemBody = b64Cert.replace(/(.{64})/g, "$1\r\n");
return "-----BEGIN CERTIFICATE-----\r\n" + pemBody + "\r\n-----END CERTIFICATE-----\r\n";
};
if (typeof params != "undefined") {
if (typeof params['tbscertobj'] != "undefined") {
this.asn1TBSCert = params['tbscertobj'];
}
if (typeof params['prvkeyobj'] != "undefined") {
this.prvKey = params['prvkeyobj'];
} else if (typeof params['rsaprvkey'] != "undefined") {
this.prvKey = params['rsaprvkey'];
} else if ((typeof params['rsaprvpem'] != "undefined") &&
(typeof params['rsaprvpas'] != "undefined")) {
this.setRsaPrvKeyByPEMandPass(params['rsaprvpem'], params['rsaprvpas']);
}
}
};
YAHOO.lang.extend(KJUR.asn1.x509.Certificate, KJUR.asn1.ASN1Object);
/**
* ASN.1 TBSCertificate structure class
* @name KJUR.asn1.x509.TBSCertificate
* @class ASN.1 TBSCertificate structure class
* @param {Array} params associative array of parameters (ex. {})
* @extends KJUR.asn1.ASN1Object
* @description
* <br/>
* <h4>EXAMPLE</h4>
* @example
* var o = new KJUR.asn1.x509.TBSCertificate();
* o.setSerialNumberByParam({'int': 4});
* o.setSignatureAlgByParam({'name': 'SHA1withRSA'});
* o.setIssuerByParam({'str': '/C=US/O=a'});
* o.setNotBeforeByParam({'str': '130504235959Z'});
* o.setNotAfterByParam({'str': '140504235959Z'});
* o.setSubjectByParam({'str': '/C=US/CN=b'});
* o.setSubjectPublicKeyByParam({'rsakey': rsaKey});
* o.appendExtension(new KJUR.asn1.x509.BasicConstraints({'cA':true}));
* o.appendExtension(new KJUR.asn1.x509.KeyUsage({'bin':'11'}));
*/
KJUR.asn1.x509.TBSCertificate = function(params) {
KJUR.asn1.x509.TBSCertificate.superclass.constructor.call(this);
this._initialize = function() {
this.asn1Array = new Array();
this.asn1Version =
new KJUR.asn1.DERTaggedObject({ 'obj': new KJUR.asn1.DERInteger({ 'int': 2 }) });
this.asn1SerialNumber = null;
this.asn1SignatureAlg = null;
this.asn1Issuer = null;
this.asn1NotBefore = null;
this.asn1NotAfter = null;
this.asn1Subject = null;
this.asn1SubjPKey = null;
this.extensionsArray = new Array();
};
/**
* set serial number field by parameter
* @name setSerialNumberByParam
* @memberOf KJUR.asn1.x509.TBSCertificate#
* @function
* @param {Array} intParam DERInteger param
* @description
* @example
* tbsc.setSerialNumberByParam({'int': 3});
*/
this.setSerialNumberByParam = function(intParam) {
this.asn1SerialNumber = new KJUR.asn1.DERInteger(intParam);
};
/**
* set signature algorithm field by parameter
* @name setSignatureAlgByParam
* @memberOf KJUR.asn1.x509.TBSCertificate#
* @function
* @param {Array} algIdParam AlgorithmIdentifier parameter
* @description
* @example
* tbsc.setSignatureAlgByParam({'name': 'SHA1withRSA'});
*/
this.setSignatureAlgByParam = function(algIdParam) {
this.asn1SignatureAlg = new KJUR.asn1.x509.AlgorithmIdentifier(algIdParam);
};
/**
* set issuer name field by parameter
* @name setIssuerByParam
* @memberOf KJUR.asn1.x509.TBSCertificate#
* @function
* @param {Array} x500NameParam X500Name parameter
* @description
* @example
* tbsc.setIssuerParam({'str': '/C=US/CN=b'});
* @see KJUR.asn1.x509.X500Name
*/
this.setIssuerByParam = function(x500NameParam) {
this.asn1Issuer = new KJUR.asn1.x509.X500Name(x500NameParam);
};
/**
* set notBefore field by parameter
* @name setNotBeforeByParam
* @memberOf KJUR.asn1.x509.TBSCertificate#
* @function
* @param {Array} timeParam Time parameter
* @description
* @example
* tbsc.setNotBeforeByParam({'str': '130508235959Z'});
* @see KJUR.asn1.x509.Time
*/
this.setNotBeforeByParam = function(timeParam) {
this.asn1NotBefore = new KJUR.asn1.x509.Time(timeParam);
};
/**
* set notAfter field by parameter
* @name setNotAfterByParam
* @memberOf KJUR.asn1.x509.TBSCertificate#
* @function
* @param {Array} timeParam Time parameter
* @description
* @example
* tbsc.setNotAfterByParam({'str': '130508235959Z'});
* @see KJUR.asn1.x509.Time
*/
this.setNotAfterByParam = function(timeParam) {
this.asn1NotAfter = new KJUR.asn1.x509.Time(timeParam);
};
/**
* set subject name field by parameter
* @name setSubjectByParam
* @memberOf KJUR.asn1.x509.TBSCertificate#
* @function
* @param {Array} x500NameParam X500Name parameter
* @description
* @example
* tbsc.setSubjectParam({'str': '/C=US/CN=b'});
* @see KJUR.asn1.x509.X500Name
*/
this.setSubjectByParam = function(x500NameParam) {
this.asn1Subject = new KJUR.asn1.x509.X500Name(x500NameParam);
};
/**
* (DEPRECATED) set subject public key info field by RSA key parameter
* @name setSubjectPublicKeyByParam
* @memberOf KJUR.asn1.x509.TBSCertificate#
* @function
* @param {Array} subjPKeyParam SubjectPublicKeyInfo parameter of RSA
* @deprecated
* @description
* @example
* tbsc.setSubjectPublicKeyByParam({'rsakey': pubKey});
* @see KJUR.asn1.x509.SubjectPublicKeyInfo
*/
this.setSubjectPublicKeyByParam = function(subjPKeyParam) {
this.asn1SubjPKey = new KJUR.asn1.x509.SubjectPublicKeyInfo(subjPKeyParam);
};
/**
* set subject public key info by RSA/ECDSA/DSA key parameter
* @name setSubjectPublicKeyByGetKey
* @memberOf KJUR.asn1.x509.TBSCertificate
* @function
* @param {Object} keyParam public key parameter which passed to {@link KEYUTIL.getKey} argument
* @description
* @example
* tbsc.setSubjectPublicKeyByGetKeyParam(certPEMString); // or
* tbsc.setSubjectPublicKeyByGetKeyParam(pkcs8PublicKeyPEMString); // or
* tbsc.setSubjectPublicKeyByGetKeyParam(kjurCryptoECDSAKeyObject); // et.al.
* @see KJUR.asn1.x509.SubjectPublicKeyInfo
* @see KEYUTIL.getKey
* @since asn1x509 1.0.6
*/
this.setSubjectPublicKeyByGetKey = function(keyParam) {
var keyObj = KEYUTIL.getKey(keyParam);
this.asn1SubjPKey = new KJUR.asn1.x509.SubjectPublicKeyInfo(keyObj);
};
/**
* append X.509v3 extension to this object
* @name appendExtension
* @memberOf KJUR.asn1.x509.TBSCertificate#
* @function
* @param {Extension} extObj X.509v3 Extension object
* @description
* @example
* tbsc.appendExtension(new KJUR.asn1.x509.BasicConstraints({'cA':true, 'critical': true}));
* tbsc.appendExtension(new KJUR.asn1.x509.KeyUsage({'bin':'11'}));
* @see KJUR.asn1.x509.Extension
*/
this.appendExtension = function(extObj) {
this.extensionsArray.push(extObj);
};
/**
* append X.509v3 extension to this object by name and parameters
* @name appendExtensionByName
* @memberOf KJUR.asn1.x509.TBSCertificate#
* @function
* @param {name} name name of X.509v3 Extension object
* @param {Array} extParams parameters as argument of Extension constructor.
* @description
* @example
* var o = new KJUR.asn1.x509.TBSCertificate();
* o.appendExtensionByName('BasicConstraints', {'cA':true, 'critical': true});
* o.appendExtensionByName('KeyUsage', {'bin':'11'});
* o.appendExtensionByName('CRLDistributionPoints', {uri: 'http://aaa.com/a.crl'});
* o.appendExtensionByName('ExtKeyUsage', {array: [{name: 'clientAuth'}]});
* o.appendExtensionByName('AuthorityKeyIdentifier', {kid: '1234ab..'});
* o.appendExtensionByName('AuthorityInfoAccess', {array: [{accessMethod:{oid:...},accessLocation:{uri:...}}]});
* @see KJUR.asn1.x509.Extension
*/
this.appendExtensionByName = function(name, extParams) {
KJUR.asn1.x509.Extension.appendByNameToArray(name,
extParams,
this.extensionsArray);
};
this.getEncodedHex = function() {
if (this.asn1NotBefore == null || this.asn1NotAfter == null)
throw "notBefore and/or notAfter not set";
var asn1Validity =
new KJUR.asn1.DERSequence({ 'array': [this.asn1NotBefore, this.asn1NotAfter] });
this.asn1Array = new Array();
this.asn1Array.push(this.asn1Version);
this.asn1Array.push(this.asn1SerialNumber);
this.asn1Array.push(this.asn1SignatureAlg);
this.asn1Array.push(this.asn1Issuer);
this.asn1Array.push(asn1Validity);
this.asn1Array.push(this.asn1Subject);
this.asn1Array.push(this.asn1SubjPKey);
if (this.extensionsArray.length > 0) {
var extSeq = new KJUR.asn1.DERSequence({ "array": this.extensionsArray });
var extTagObj = new KJUR.asn1.DERTaggedObject({
'explicit': true,
'tag': 'a3',
'obj': extSeq
});
this.asn1Array.push(extTagObj);
}
var o = new KJUR.asn1.DERSequence({ "array": this.asn1Array });
this.hTLV = o.getEncodedHex();
this.isModified = false;
return this.hTLV;
};
this._initialize();
};
YAHOO.lang.extend(KJUR.asn1.x509.TBSCertificate, KJUR.asn1.ASN1Object);
// === END TBSCertificate ===================================================
// === BEGIN X.509v3 Extensions Related =======================================
/**
* base Extension ASN.1 structure class
* @name KJUR.asn1.x509.Extension
* @class base Extension ASN.1 structure class
* @param {Array} params associative array of parameters (ex. {'critical': true})
* @extends KJUR.asn1.ASN1Object
* @description
* @example
* // Extension ::= SEQUENCE {
* // extnID OBJECT IDENTIFIER,
* // critical BOOLEAN DEFAULT FALSE,
* // extnValue OCTET STRING }
*/
KJUR.asn1.x509.Extension = function(params) {
KJUR.asn1.x509.Extension.superclass.constructor.call(this);
var asn1ExtnValue = null;
this.getEncodedHex = function() {
var asn1Oid = new KJUR.asn1.DERObjectIdentifier({ 'oid': this.oid });
var asn1EncapExtnValue =
new KJUR.asn1.DEROctetString({ 'hex': this.getExtnValueHex() });
var asn1Array = new Array();
asn1Array.push(asn1Oid);
if (this.critical) asn1Array.push(new KJUR.asn1.DERBoolean());
asn1Array.push(asn1EncapExtnValue);
var asn1Seq = new KJUR.asn1.DERSequence({ 'array': asn1Array });
return asn1Seq.getEncodedHex();
};
this.critical = false;
if (typeof params != "undefined") {
if (typeof params['critical'] != "undefined") {
this.critical = params['critical'];
}
}
};
YAHOO.lang.extend(KJUR.asn1.x509.Extension, KJUR.asn1.ASN1Object);
/**
* append X.509v3 extension to any specified array<br/>
* @name appendByNameToArray
* @memberOf KJUR.asn1.x509.Extension
* @function
* @param {String} name X.509v3 extension name
* @param {Object} extParams associative array of extension parameters
* @param {Array} a array to add specified extension
* @see KJUR.asn1.x509.Extension
* @since jsrsasign 6.2.3 asn1x509 1.0.19
* @description
* This static function add a X.509v3 extension specified by name and extParams to
* array 'a' so that 'a' will be an array of X.509v3 extension objects.
* @example
* var a = new Array();
* KJUR.asn1.x509.Extension.appendByNameToArray("BasicConstraints", {'cA':true, 'critical': true}, a);
* KJUR.asn1.x509.Extension.appendByNameToArray("KeyUsage", {'bin':'11'}, a);
*/
KJUR.asn1.x509.Extension.appendByNameToArray = function(name, extParams, a) {
if (name.toLowerCase() == "basicconstraints") {
var extObj = new KJUR.asn1.x509.BasicConstraints(extParams);
a.push(extObj);
} else if (name.toLowerCase() == "keyusage") {
var extObj = new KJUR.asn1.x509.KeyUsage(extParams);
a.push(extObj);
} else if (name.toLowerCase() == "crldistributionpoints") {
var extObj = new KJUR.asn1.x509.CRLDistributionPoints(extParams);
a.push(extObj);
} else if (name.toLowerCase() == "extkeyusage") {
var extObj = new KJUR.asn1.x509.ExtKeyUsage(extParams);
a.push(extObj);
} else if (name.toLowerCase() == "authoritykeyidentifier") {
var extObj = new KJUR.asn1.x509.AuthorityKeyIdentifier(extParams);
a.push(extObj);
} else if (name.toLowerCase() == "authorityinfoaccess") {
var extObj = new KJUR.asn1.x509.AuthorityInfoAccess(extParams);
a.push(extObj);
} else if (name.toLowerCase() == "subjectaltname") {
var extObj = new KJUR.asn1.x509.SubjectAltName(extParams);
a.push(extObj);
} else if (name.toLowerCase() == "issueraltname") {
var extObj = new KJUR.asn1.x509.IssuerAltName(extParams);
a.push(extObj);
} else {
throw "unsupported extension name: " + name;
}
};
/**
* KeyUsage ASN.1 structure class
* @name KJUR.asn1.x509.KeyUsage
* @class KeyUsage ASN.1 structure class
* @param {Array} params associative array of parameters (ex. {'bin': '11', 'critical': true})
* @extends KJUR.asn1.x509.Extension
* @description
* @example
*/
KJUR.asn1.x509.KeyUsage = function(params) {
KJUR.asn1.x509.KeyUsage.superclass.constructor.call(this, params);
this.getExtnValueHex = function() {
return this.asn1ExtnValue.getEncodedHex();
};
this.oid = "2.5.29.15";
if (typeof params != "undefined") {
if (typeof params['bin'] != "undefined") {
this.asn1ExtnValue = new KJUR.asn1.DERBitString(params);
}
}
};
YAHOO.lang.extend(KJUR.asn1.x509.KeyUsage, KJUR.asn1.x509.Extension);
/**
* BasicConstraints ASN.1 structure class
* @name KJUR.asn1.x509.BasicConstraints
* @class BasicConstraints ASN.1 structure class
* @param {Array} params associative array of parameters (ex. {'cA': true, 'critical': true})
* @extends KJUR.asn1.x509.Extension
* @description
* @example
*/
KJUR.asn1.x509.BasicConstraints = function(params) {
KJUR.asn1.x509.BasicConstraints.superclass.constructor.call(this, params);
var cA = false;
var pathLen = -1;
this.getExtnValueHex = function() {
var asn1Array = new Array();
if (this.cA) asn1Array.push(new KJUR.asn1.DERBoolean());
if (this.pathLen > -1)
asn1Array.push(new KJUR.asn1.DERInteger({ 'int': this.pathLen }));
var asn1Seq = new KJUR.asn1.DERSequence({ 'array': asn1Array });
this.asn1ExtnValue = asn1Seq;
return this.asn1ExtnValue.getEncodedHex();
};
this.oid = "2.5.29.19";
this.cA = false;
this.pathLen = -1;
if (typeof params != "undefined") {
if (typeof params['cA'] != "undefined") {
this.cA = params['cA'];
}
if (typeof params['pathLen'] != "undefined") {
this.pathLen = params['pathLen'];
}
}
};
YAHOO.lang.extend(KJUR.asn1.x509.BasicConstraints, KJUR.asn1.x509.Extension);
/**
* CRLDistributionPoints ASN.1 structure class
* @name KJUR.asn1.x509.CRLDistributionPoints
* @class CRLDistributionPoints ASN.1 structure class
* @param {Array} params associative array of parameters (ex. {'uri': 'http://a.com/', 'critical': true})
* @extends KJUR.asn1.x509.Extension
* @description
* <pre>
* id-ce-cRLDistributionPoints OBJECT IDENTIFIER ::= { id-ce 31 }
*
* CRLDistributionPoints ::= SEQUENCE SIZE (1..MAX) OF DistributionPoint
*
* DistributionPoint ::= SEQUENCE {
* distributionPoint [0] DistributionPointName OPTIONAL,
* reasons [1] ReasonFlags OPTIONAL,
* cRLIssuer [2] GeneralNames OPTIONAL }
*
* DistributionPointName ::= CHOICE {
* fullName [0] GeneralNames,
* nameRelativeToCRLIssuer [1] RelativeDistinguishedName }
*
* ReasonFlags ::= BIT STRING {
* unused (0),
* keyCompromise (1),
* cACompromise (2),
* affiliationChanged (3),
* superseded (4),
* cessationOfOperation (5),
* certificateHold (6),
* privilegeWithdrawn (7),
* aACompromise (8) }
* </pre>
* @example
*/
KJUR.asn1.x509.CRLDistributionPoints = function(params) {
KJUR.asn1.x509.CRLDistributionPoints.superclass.constructor.call(this, params);
this.getExtnValueHex = function() {
return this.asn1ExtnValue.getEncodedHex();
};
this.setByDPArray = function(dpArray) {
this.asn1ExtnValue = new KJUR.asn1.DERSequence({ 'array': dpArray });
};
this.setByOneURI = function(uri) {
var gn1 = new KJUR.asn1.x509.GeneralNames([{ 'uri': uri }]);
var dpn1 = new KJUR.asn1.x509.DistributionPointName(gn1);
var dp1 = new KJUR.asn1.x509.DistributionPoint({ 'dpobj': dpn1 });
this.setByDPArray([dp1]);
};
this.oid = "2.5.29.31";
if (typeof params != "undefined") {
if (typeof params['array'] != "undefined") {
this.setByDPArray(params['array']);
} else if (typeof params['uri'] != "undefined") {
this.setByOneURI(params['uri']);
}
}
};
YAHOO.lang.extend(KJUR.asn1.x509.CRLDistributionPoints, KJUR.asn1.x509.Extension);
/**
* KeyUsage ASN.1 structure class
* @name KJUR.asn1.x509.ExtKeyUsage
* @class ExtKeyUsage ASN.1 structure class
* @param {Array} params associative array of parameters
* @extends KJUR.asn1.x509.Extension
* @description
* @example
* e1 = new KJUR.asn1.x509.ExtKeyUsage({
* critical: true,
* array: [
* {oid: '2.5.29.37.0'}, // anyExtendedKeyUsage
* {name: 'clientAuth'}
* ]
* });
* // id-ce-extKeyUsage OBJECT IDENTIFIER ::= { id-ce 37 }
* // ExtKeyUsageSyntax ::= SEQUENCE SIZE (1..MAX) OF KeyPurposeId
* // KeyPurposeId ::= OBJECT IDENTIFIER
*/
KJUR.asn1.x509.ExtKeyUsage = function(params) {
KJUR.asn1.x509.ExtKeyUsage.superclass.constructor.call(this, params);
this.setPurposeArray = function(purposeArray) {
this.asn1ExtnValue = new KJUR.asn1.DERSequence();
for (var i = 0; i < purposeArray.length; i++) {
var o = new KJUR.asn1.DERObjectIdentifier(purposeArray[i]);
this.asn1ExtnValue.appendASN1Object(o);
}
};
this.getExtnValueHex = function() {
return this.asn1ExtnValue.getEncodedHex();
};
this.oid = "2.5.29.37";
if (typeof params != "undefined") {
if (typeof params['array'] != "undefined") {
this.setPurposeArray(params['array']);
}
}
};
YAHOO.lang.extend(KJUR.asn1.x509.ExtKeyUsage, KJUR.asn1.x509.Extension);
/**
* AuthorityKeyIdentifier ASN.1 structure class
* @name KJUR.asn1.x509.AuthorityKeyIdentifier
* @class AuthorityKeyIdentifier ASN.1 structure class
* @param {Array} params associative array of parameters (ex. {'uri': 'http://a.com/', 'critical': true})
* @extends KJUR.asn1.x509.Extension
* @since asn1x509 1.0.8
* @description
* <pre>
* d-ce-authorityKeyIdentifier OBJECT IDENTIFIER ::= { id-ce 35 }
* AuthorityKeyIdentifier ::= SEQUENCE {
* keyIdentifier [0] KeyIdentifier OPTIONAL,
* authorityCertIssuer [1] GeneralNames OPTIONAL,
* authorityCertSerialNumber [2] CertificateSerialNumber OPTIONAL }
* KeyIdentifier ::= OCTET STRING
* </pre>
* @example
* e1 = new KJUR.asn1.x509.AuthorityKeyIdentifier({
* critical: true,
* kid: {hex: '89ab'},
* issuer: {str: '/C=US/CN=a'},
* sn: {hex: '1234'}
* });
*/
KJUR.asn1.x509.AuthorityKeyIdentifier = function(params) {
KJUR.asn1.x509.AuthorityKeyIdentifier.superclass.constructor.call(this, params);
this.asn1KID = null;
this.asn1CertIssuer = null;
this.asn1CertSN = null;
this.getExtnValueHex = function() {
var a = new Array();
if (this.asn1KID)
a.push(new KJUR.asn1.DERTaggedObject({
'explicit': false,
'tag': '80',
'obj': this.asn1KID
}));
if (this.asn1CertIssuer)
a.push(new KJUR.asn1.DERTaggedObject({
'explicit': false,
'tag': 'a1',
'obj': this.asn1CertIssuer
}));
if (this.asn1CertSN)
a.push(new KJUR.asn1.DERTaggedObject({
'explicit': false,
'tag': '82',
'obj': this.asn1CertSN
}));
var asn1Seq = new KJUR.asn1.DERSequence({ 'array': a });
this.asn1ExtnValue = asn1Seq;
return this.asn1ExtnValue.getEncodedHex();
};
/**
* set keyIdentifier value by DERInteger parameter
* @name setKIDByParam
* @memberOf KJUR.asn1.x509.AuthorityKeyIdentifier#
* @function
* @param {Array} param array of {@link KJUR.asn1.DERInteger} parameter
* @since asn1x509 1.0.8
* @description
* NOTE: Automatic keyIdentifier value calculation by an issuer
* public key will be supported in future version.
*/
this.setKIDByParam = function(param) {
this.asn1KID = new KJUR.asn1.DEROctetString(param);
};
/**
* set authorityCertIssuer value by X500Name parameter
* @name setCertIssuerByParam
* @memberOf KJUR.asn1.x509.AuthorityKeyIdentifier#
* @function
* @param {Array} param array of {@link KJUR.asn1.x509.X500Name} parameter
* @since asn1x509 1.0.8
* @description
* NOTE: Automatic authorityCertIssuer name setting by an issuer
* certificate will be supported in future version.
*/
this.setCertIssuerByParam = function(param) {
this.asn1CertIssuer = new KJUR.asn1.x509.X500Name(param);
};
/**
* set authorityCertSerialNumber value by DERInteger parameter
* @name setCertSerialNumberByParam
* @memberOf KJUR.asn1.x509.AuthorityKeyIdentifier#
* @function
* @param {Array} param array of {@link KJUR.asn1.DERInteger} parameter
* @since asn1x509 1.0.8
* @description
* NOTE: Automatic authorityCertSerialNumber setting by an issuer
* certificate will be supported in future version.
*/
this.setCertSNByParam = function(param) {
this.asn1CertSN = new KJUR.asn1.DERInteger(param);
};
this.oid = "2.5.29.35";
if (typeof params != "undefined") {
if (typeof params['kid'] != "undefined") {
this.setKIDByParam(params['kid']);
}
if (typeof params['issuer'] != "undefined") {
this.setCertIssuerByParam(params['issuer']);
}
if (typeof params['sn'] != "undefined") {
this.setCertSNByParam(params['sn']);
}
}
};
YAHOO.lang.extend(KJUR.asn1.x509.AuthorityKeyIdentifier, KJUR.asn1.x509.Extension);
/**
* AuthorityInfoAccess ASN.1 structure class
* @name KJUR.asn1.x509.AuthorityInfoAccess
* @class AuthorityInfoAccess ASN.1 structure class
* @param {Array} params associative array of parameters
* @extends KJUR.asn1.x509.Extension
* @since asn1x509 1.0.8
* @description
* <pre>
* id-pe OBJECT IDENTIFIER ::= { id-pkix 1 }
* id-pe-authorityInfoAccess OBJECT IDENTIFIER ::= { id-pe 1 }
* AuthorityInfoAccessSyntax ::=
* SEQUENCE SIZE (1..MAX) OF AccessDescription
* AccessDescription ::= SEQUENCE {
* accessMethod OBJECT IDENTIFIER,
* accessLocation GeneralName }
* id-ad OBJECT IDENTIFIER ::= { id-pkix 48 }
* id-ad-caIssuers OBJECT IDENTIFIER ::= { id-ad 2 }
* id-ad-ocsp OBJECT IDENTIFIER ::= { id-ad 1 }
* </pre>
* @example
* e1 = new KJUR.asn1.x509.AuthorityInfoAccess({
* array: [{
* accessMethod:{'oid': '1.3.6.1.5.5.7.48.1'},
* accessLocation:{'uri': 'http://ocsp.cacert.org'}
* }]
* });
*/
KJUR.asn1.x509.AuthorityInfoAccess = function(params) {
KJUR.asn1.x509.AuthorityInfoAccess.superclass.constructor.call(this, params);
this.setAccessDescriptionArray = function(accessDescriptionArray) {
var array = new Array();
for (var i = 0; i < accessDescriptionArray.length; i++) {
var o = new KJUR.asn1.DERObjectIdentifier(accessDescriptionArray[i].accessMethod);
var gn = new KJUR.asn1.x509.GeneralName(accessDescriptionArray[i].accessLocation);
var accessDescription = new KJUR.asn1.DERSequence({ 'array': [o, gn] });
array.push(accessDescription);
}
this.asn1ExtnValue = new KJUR.asn1.DERSequence({ 'array': array });
};
this.getExtnValueHex = function() {
return this.asn1ExtnValue.getEncodedHex();
};
this.oid = "1.3.6.1.5.5.7.1.1";
if (typeof params != "undefined") {
if (typeof params['array'] != "undefined") {
this.setAccessDescriptionArray(params['array']);
}
}
};
YAHOO.lang.extend(KJUR.asn1.x509.AuthorityInfoAccess, KJUR.asn1.x509.Extension);
/**
* SubjectAltName ASN.1 structure class<br/>
* @name KJUR.asn1.x509.SubjectAltName
* @class SubjectAltName ASN.1 structure class
* @param {Array} params associative array of parameters
* @extends KJUR.asn1.x509.Extension
* @since jsrsasign 6.2.3 asn1x509 1.0.19
* @see KJUR.asn1.x509.GeneralNames
* @see KJUR.asn1.x509.GeneralName
* @description
* This class provides X.509v3 SubjectAltName extension.
* <pre>
* id-ce-subjectAltName OBJECT IDENTIFIER ::= { id-ce 17 }
* SubjectAltName ::= GeneralNames
* GeneralNames ::= SEQUENCE SIZE (1..MAX) OF GeneralName
* GeneralName ::= CHOICE {
* otherName [0] OtherName,
* rfc822Name [1] IA5String,
* dNSName [2] IA5String,
* x400Address [3] ORAddress,
* directoryName [4] Name,
* ediPartyName [5] EDIPartyName,
* uniformResourceIdentifier [6] IA5String,
* iPAddress [7] OCTET STRING,
* registeredID [8] OBJECT IDENTIFIER }
* </pre>
* @example
* e1 = new KJUR.asn1.x509.SubjectAltName({
* critical: true,
* array: [{uri: 'http://aaa.com/'}, {uri: 'http://bbb.com/'}]
* });
*/
KJUR.asn1.x509.SubjectAltName = function(params) {
KJUR.asn1.x509.SubjectAltName.superclass.constructor.call(this, params)
this.setNameArray = function(paramsArray) {
this.asn1ExtnValue = new KJUR.asn1.x509.GeneralNames(paramsArray);
};
this.getExtnValueHex = function() {
return this.asn1ExtnValue.getEncodedHex();
};
this.oid = "2.5.29.17";
if (params !== undefined) {
if (params.array !== undefined) {
this.setNameArray(params.array);
}
}
};
YAHOO.lang.extend(KJUR.asn1.x509.SubjectAltName, KJUR.asn1.x509.Extension);
/**
* IssuerAltName ASN.1 structure class<br/>
* @name KJUR.asn1.x509.IssuerAltName
* @class IssuerAltName ASN.1 structure class
* @param {Array} params associative array of parameters
* @extends KJUR.asn1.x509.Extension
* @since jsrsasign 6.2.3 asn1x509 1.0.19
* @see KJUR.asn1.x509.GeneralNames
* @see KJUR.asn1.x509.GeneralName
* @description
* This class provides X.509v3 IssuerAltName extension.
* <pre>
* id-ce-subjectAltName OBJECT IDENTIFIER ::= { id-ce 18 }
* IssuerAltName ::= GeneralNames
* GeneralNames ::= SEQUENCE SIZE (1..MAX) OF GeneralName
* GeneralName ::= CHOICE {
* otherName [0] OtherName,
* rfc822Name [1] IA5String,
* dNSName [2] IA5String,
* x400Address [3] ORAddress,
* directoryName [4] Name,
* ediPartyName [5] EDIPartyName,
* uniformResourceIdentifier [6] IA5String,
* iPAddress [7] OCTET STRING,
* registeredID [8] OBJECT IDENTIFIER }
* </pre>
* @example
* e1 = new KJUR.asn1.x509.IssuerAltName({
* critical: true,
* array: [{uri: 'http://aaa.com/'}, {uri: 'http://bbb.com/'}]
* });
*/
KJUR.asn1.x509.IssuerAltName = function(params) {
KJUR.asn1.x509.IssuerAltName.superclass.constructor.call(this, params)
this.setNameArray = function(paramsArray) {
this.asn1ExtnValue = new KJUR.asn1.x509.GeneralNames(paramsArray);
};
this.getExtnValueHex = function() {
return this.asn1ExtnValue.getEncodedHex();
};
this.oid = "2.5.29.18";
if (params !== undefined) {
if (params.array !== undefined) {
this.setNameArray(params.array);
}
}
};
YAHOO.lang.extend(KJUR.asn1.x509.IssuerAltName, KJUR.asn1.x509.Extension);
// === END X.509v3 Extensions Related =======================================
// === BEGIN CRL Related ===================================================
/**
* X.509 CRL class to sign and generate hex encoded CRL
* @name KJUR.asn1.x509.CRL
* @class X.509 CRL class to sign and generate hex encoded certificate
* @param {Array} params associative array of parameters (ex. {'tbsobj': obj, 'rsaprvkey': key})
* @extends KJUR.asn1.ASN1Object
* @since 1.0.3
* @description
* <br/>
* As for argument 'params' for constructor, you can specify one of
* following properties:
* <ul>
* <li>tbsobj - specify {@link KJUR.asn1.x509.TBSCertList} object to be signed</li>
* <li>rsaprvkey - specify {@link RSAKey} object CA private key</li>
* </ul>
* NOTE: 'params' can be omitted.
* <h4>EXAMPLE</h4>
* @example
* var prvKey = new RSAKey(); // CA's private key
* prvKey.readPrivateKeyFromASN1HexString("3080...");
* var crl = new KJUR.asn1x509.CRL({'tbsobj': tbs, 'rsaprvkey': prvKey});
* crl.sign(); // issue CRL by CA's private key
* var hCRL = crl.getEncodedHex();
*
* // CertificateList ::= SEQUENCE {
* // tbsCertList TBSCertList,
* // signatureAlgorithm AlgorithmIdentifier,
* // signatureValue BIT STRING }
*/
KJUR.asn1.x509.CRL = function(params) {
KJUR.asn1.x509.CRL.superclass.constructor.call(this);
var asn1TBSCertList = null;
var asn1SignatureAlg = null;
var asn1Sig = null;
var hexSig = null;
var rsaPrvKey = null;
/**
* set PKCS#5 encrypted RSA PEM private key as CA key
* @name setRsaPrvKeyByPEMandPass
* @memberOf KJUR.asn1.x509.CRL#
* @function
* @param {String} rsaPEM string of PKCS#5 encrypted RSA PEM private key
* @param {String} passPEM passcode string to decrypt private key
* @description
* <br/>
* <h4>EXAMPLES</h4>
* @example
*/
this.setRsaPrvKeyByPEMandPass = function(rsaPEM, passPEM) {
var caKeyHex = PKCS5PKEY.getDecryptedKeyHex(rsaPEM, passPEM);
var caKey = new RSAKey();
caKey.readPrivateKeyFromASN1HexString(caKeyHex);
this.rsaPrvKey = caKey;
};
/**
* sign TBSCertList and set signature value internally
* @name sign
* @memberOf KJUR.asn1.x509.CRL#
* @function
* @description
* @example
* var cert = new KJUR.asn1.x509.CRL({'tbsobj': tbs, 'rsaprvkey': prvKey});
* cert.sign();
*/
this.sign = function() {
this.asn1SignatureAlg = this.asn1TBSCertList.asn1SignatureAlg;
sig = new KJUR.crypto.Signature({ 'alg': 'SHA1withRSA', 'prov': 'cryptojs/jsrsa' });
sig.initSign(this.rsaPrvKey);
sig.updateHex(this.asn1TBSCertList.getEncodedHex());
this.hexSig = sig.sign();
this.asn1Sig = new KJUR.asn1.DERBitString({ 'hex': '00' + this.hexSig });
var seq = new KJUR.asn1.DERSequence({
'array': [this.asn1TBSCertList,
this.asn1SignatureAlg,
this.asn1Sig
]
});
this.hTLV = seq.getEncodedHex();
this.isModified = false;
};
this.getEncodedHex = function() {
if (this.isModified == false && this.hTLV != null) return this.hTLV;
throw "not signed yet";
};
/**
* get PEM formatted CRL string after signed
* @name getPEMString
* @memberOf KJUR.asn1.x509.CRL#
* @function
* @return PEM formatted string of certificate
* @description
* @example
* var cert = new KJUR.asn1.x509.CRL({'tbsobj': tbs, 'rsaprvkey': prvKey});
* cert.sign();
* var sPEM = cert.getPEMString();
*/
this.getPEMString = function() {
var hCert = this.getEncodedHex();
var wCert = CryptoJS.enc.Hex.parse(hCert);
var b64Cert = CryptoJS.enc.Base64.stringify(wCert);
var pemBody = b64Cert.replace(/(.{64})/g, "$1\r\n");
return "-----BEGIN X509 CRL-----\r\n" + pemBody + "\r\n-----END X509 CRL-----\r\n";
};
if (typeof params != "undefined") {
if (typeof params['tbsobj'] != "undefined") {
this.asn1TBSCertList = params['tbsobj'];
}
if (typeof params['rsaprvkey'] != "undefined") {
this.rsaPrvKey = params['rsaprvkey'];
}
if ((typeof params['rsaprvpem'] != "undefined") &&
(typeof params['rsaprvpas'] != "undefined")) {
this.setRsaPrvKeyByPEMandPass(params['rsaprvpem'], params['rsaprvpas']);
}
}
};
YAHOO.lang.extend(KJUR.asn1.x509.CRL, KJUR.asn1.ASN1Object);
/**
* ASN.1 TBSCertList structure class for CRL
* @name KJUR.asn1.x509.TBSCertList
* @class ASN.1 TBSCertList structure class for CRL
* @param {Array} params associative array of parameters (ex. {})
* @extends KJUR.asn1.ASN1Object
* @since 1.0.3
* @description
* <br/>
* <h4>EXAMPLE</h4>
* @example
* var o = new KJUR.asn1.x509.TBSCertList();
* o.setSignatureAlgByParam({'name': 'SHA1withRSA'});
* o.setIssuerByParam({'str': '/C=US/O=a'});
* o.setNotThisUpdateByParam({'str': '130504235959Z'});
* o.setNotNextUpdateByParam({'str': '140504235959Z'});
* o.addRevokedCert({'int': 4}, {'str':'130514235959Z'}));
* o.addRevokedCert({'hex': '0f34dd'}, {'str':'130514235959Z'}));
*
* // TBSCertList ::= SEQUENCE {
* // version Version OPTIONAL,
* // -- if present, MUST be v2
* // signature AlgorithmIdentifier,
* // issuer Name,
* // thisUpdate Time,
* // nextUpdate Time OPTIONAL,
* // revokedCertificates SEQUENCE OF SEQUENCE {
* // userCertificate CertificateSerialNumber,
* // revocationDate Time,
* // crlEntryExtensions Extensions OPTIONAL
* // -- if present, version MUST be v2
* // } OPTIONAL,
* // crlExtensions [0] EXPLICIT Extensions OPTIONAL
*/
KJUR.asn1.x509.TBSCertList = function(params) {
KJUR.asn1.x509.TBSCertList.superclass.constructor.call(this);
var aRevokedCert = null;
/**
* set signature algorithm field by parameter
* @name setSignatureAlgByParam
* @memberOf KJUR.asn1.x509.TBSCertList#
* @function
* @param {Array} algIdParam AlgorithmIdentifier parameter
* @description
* @example
* tbsc.setSignatureAlgByParam({'name': 'SHA1withRSA'});
*/
this.setSignatureAlgByParam = function(algIdParam) {
this.asn1SignatureAlg = new KJUR.asn1.x509.AlgorithmIdentifier(algIdParam);
};
/**
* set issuer name field by parameter
* @name setIssuerByParam
* @memberOf KJUR.asn1.x509.TBSCertList#
* @function
* @param {Array} x500NameParam X500Name parameter
* @description
* @example
* tbsc.setIssuerParam({'str': '/C=US/CN=b'});
* @see KJUR.asn1.x509.X500Name
*/
this.setIssuerByParam = function(x500NameParam) {
this.asn1Issuer = new KJUR.asn1.x509.X500Name(x500NameParam);
};
/**
* set thisUpdate field by parameter
* @name setThisUpdateByParam
* @memberOf KJUR.asn1.x509.TBSCertList#
* @function
* @param {Array} timeParam Time parameter
* @description
* @example
* tbsc.setThisUpdateByParam({'str': '130508235959Z'});
* @see KJUR.asn1.x509.Time
*/
this.setThisUpdateByParam = function(timeParam) {
this.asn1ThisUpdate = new KJUR.asn1.x509.Time(timeParam);
};
/**
* set nextUpdate field by parameter
* @name setNextUpdateByParam
* @memberOf KJUR.asn1.x509.TBSCertList#
* @function
* @param {Array} timeParam Time parameter
* @description
* @example
* tbsc.setNextUpdateByParam({'str': '130508235959Z'});
* @see KJUR.asn1.x509.Time
*/
this.setNextUpdateByParam = function(timeParam) {
this.asn1NextUpdate = new KJUR.asn1.x509.Time(timeParam);
};
/**
* add revoked certficate by parameter
* @name addRevokedCert
* @memberOf KJUR.asn1.x509.TBSCertList#
* @function
* @param {Array} snParam DERInteger parameter for certificate serial number
* @param {Array} timeParam Time parameter for revocation date
* @description
* @example
* tbsc.addRevokedCert({'int': 3}, {'str': '130508235959Z'});
* @see KJUR.asn1.x509.Time
*/
this.addRevokedCert = function(snParam, timeParam) {
var param = {};
if (snParam != undefined && snParam != null) param['sn'] = snParam;
if (timeParam != undefined && timeParam != null) param['time'] = timeParam;
var o = new KJUR.asn1.x509.CRLEntry(param);
this.aRevokedCert.push(o);
};
this.getEncodedHex = function() {
this.asn1Array = new Array();
if (this.asn1Version != null) this.asn1Array.push(this.asn1Version);
this.asn1Array.push(this.asn1SignatureAlg);
this.asn1Array.push(this.asn1Issuer);
this.asn1Array.push(this.asn1ThisUpdate);
if (this.asn1NextUpdate != null) this.asn1Array.push(this.asn1NextUpdate);
if (this.aRevokedCert.length > 0) {
var seq = new KJUR.asn1.DERSequence({ 'array': this.aRevokedCert });
this.asn1Array.push(seq);
}
var o = new KJUR.asn1.DERSequence({ "array": this.asn1Array });
this.hTLV = o.getEncodedHex();
this.isModified = false;
return this.hTLV;
};
this._initialize = function() {
this.asn1Version = null;
this.asn1SignatureAlg = null;
this.asn1Issuer = null;
this.asn1ThisUpdate = null;
this.asn1NextUpdate = null;
this.aRevokedCert = new Array();
};
this._initialize();
};
YAHOO.lang.extend(KJUR.asn1.x509.TBSCertList, KJUR.asn1.ASN1Object);
/**
* ASN.1 CRLEntry structure class for CRL
* @name KJUR.asn1.x509.CRLEntry
* @class ASN.1 CRLEntry structure class for CRL
* @param {Array} params associative array of parameters (ex. {})
* @extends KJUR.asn1.ASN1Object
* @since 1.0.3
* @description
* @example
* var e = new KJUR.asn1.x509.CRLEntry({'time': {'str': '130514235959Z'}, 'sn': {'int': 234}});
*
* // revokedCertificates SEQUENCE OF SEQUENCE {
* // userCertificate CertificateSerialNumber,
* // revocationDate Time,
* // crlEntryExtensions Extensions OPTIONAL
* // -- if present, version MUST be v2 }
*/
KJUR.asn1.x509.CRLEntry = function(params) {
KJUR.asn1.x509.CRLEntry.superclass.constructor.call(this);
var sn = null;
var time = null;
/**
* set DERInteger parameter for serial number of revoked certificate
* @name setCertSerial
* @memberOf KJUR.asn1.x509.CRLEntry
* @function
* @param {Array} intParam DERInteger parameter for certificate serial number
* @description
* @example
* entry.setCertSerial({'int': 3});
*/
this.setCertSerial = function(intParam) {
this.sn = new KJUR.asn1.DERInteger(intParam);
};
/**
* set Time parameter for revocation date
* @name setRevocationDate
* @memberOf KJUR.asn1.x509.CRLEntry
* @function
* @param {Array} timeParam Time parameter for revocation date
* @description
* @example
* entry.setRevocationDate({'str': '130508235959Z'});
*/
this.setRevocationDate = function(timeParam) {
this.time = new KJUR.asn1.x509.Time(timeParam);
};
this.getEncodedHex = function() {
var o = new KJUR.asn1.DERSequence({ "array": [this.sn, this.time] });
this.TLV = o.getEncodedHex();
return this.TLV;
};
if (typeof params != "undefined") {
if (typeof params['time'] != "undefined") {
this.setRevocationDate(params['time']);
}
if (typeof params['sn'] != "undefined") {
this.setCertSerial(params['sn']);
}
}
};
YAHOO.lang.extend(KJUR.asn1.x509.CRLEntry, KJUR.asn1.ASN1Object);
// === END CRL Related ===================================================
// === BEGIN X500Name Related =================================================
/**
* X500Name ASN.1 structure class
* @name KJUR.asn1.x509.X500Name
* @class X500Name ASN.1 structure class
* @param {Array} params associative array of parameters (ex. {'str': '/C=US/O=a'})
* @extends KJUR.asn1.ASN1Object
* @see KJUR.asn1.x509.X500Name
* @see KJUR.asn1.x509.RDN
* @see KJUR.asn1.x509.AttributeTypeAndValue
* @description
* This class provides DistinguishedName ASN.1 class structure
* defined in <a href="https://tools.ietf.org/html/rfc2253#section-2">RFC 2253 section 2</a>.
* <blockquote><pre>
* DistinguishedName ::= RDNSequence
*
* RDNSequence ::= SEQUENCE OF RelativeDistinguishedName
*
* RelativeDistinguishedName ::= SET SIZE (1..MAX) OF
* AttributeTypeAndValue
*
* AttributeTypeAndValue ::= SEQUENCE {
* type AttributeType,
* value AttributeValue }
* </pre></blockquote>
* <br/>
* For string representation of distinguished name in jsrsasign,
* OpenSSL oneline format is used. Please see <a href="https://github.com/kjur/jsrsasign/wiki/NOTE-distinguished-name