diff --git a/ChangeLog.txt b/ChangeLog.txt index c1a5d400..43359bba 100755 --- a/ChangeLog.txt +++ b/ChangeLog.txt @@ -1,6 +1,23 @@ ChangeLog for jsrsasign +more SubjectDirectoryExtension support +* Changes from 10.8.3 to 10.8.4 (2023-Apr-26) + - src/asn1x509.js + - SubjectDirectoryAttributes class + - add array of array support for arbitrary attribute value + - src/x509.js + - add X509.getExtSubjectDirectoryAttributes method for + ExtSubjectDirectoryAttributes extension + - update X509.getExtParam method + - support SubjectDirectoryAttributes + - parse unknown extension as ASN.1 + - src/base64x.js + - bugfix foldnl function: when length of s is multiple of n, + result has unnecessary new line in the end of string. + - qunit-do-{asn1x509,x509-ext,base64x,x500-param}.html + - update and add some test cases for above + CABF SMIMEBR OID support * Changes from 10.8.2 to 10.8.3 (2023-Apr-20) - src/asn1x509.js diff --git a/README.md b/README.md index f4d8c6ae..700f91ab 100755 --- a/README.md +++ b/README.md @@ -53,7 +53,7 @@ HIGHLIGHTS - no dependency to other library - no dependency to [W3C Web Cryptography API](https://www.w3.org/TR/WebCryptoAPI/) nor [OpenSSL](https://www.openssl.org/) - no dependency on newer ECMAScirpt function. So old browsers also supported. -- very popular crypto library with [1M+ npm downloads/month](https://npm-stat.com/charts.html?package=jsrsasign&from=2016-05-01&to=2023-04-05) +- very popular crypto library with [1M+ npm downloads/month](https://npm-stat.com/charts.html?package=jsrsasign&from=2016-05-01&to=2023-04-20) - supports "Add-on" architecture INSTALL diff --git a/api/files.html b/api/files.html index d065bc70..21039485 100644 --- a/api/files.html +++ b/api/files.html @@ -668,7 +668,7 @@

asn1x509-1.0.js

Version:
-
jsrsasign 10.6.1 asn1x509 2.1.18 (2022-Nov-20)
+
jsrsasign 10.8.4 asn1x509 2.1.20 (2023-Apr-26)
@@ -687,7 +687,7 @@

base64x-1.1.js

Version:
-
jsrsasign 10.8.0 base64x 1.1.32 (2023-Apr-08)
+
jsrsasign 10.8.4 base64x 1.1.33 (2023-Apr-26)
@@ -896,7 +896,7 @@

x509-1.1.js

Version:
-
jsrsasign 10.8.0 x509 2.1.3 (2023-Apr-08)
+
jsrsasign 10.8.4 x509 2.1.4 (2023-Apr-26)
diff --git a/api/symbols/KJUR.asn1.x509.SubjectDirectoryAttributes.html b/api/symbols/KJUR.asn1.x509.SubjectDirectoryAttributes.html index ea0e91a4..5736bb65 100644 --- a/api/symbols/KJUR.asn1.x509.SubjectDirectoryAttributes.html +++ b/api/symbols/KJUR.asn1.x509.SubjectDirectoryAttributes.html @@ -625,6 +625,15 @@

AttributeType ::= OBJECT IDENTIFIER AttributeValue ::= ANY DEFINED BY AttributeType +Value of member "array" is an array which as following associative arrays as elements: + +
+NOTE: From jsrsasign 10.8.4, member "array in array" supported for an arbitrary +attribute value. @@ -637,7 +646,8 @@

{ attr: "placeOfBirth", str: "Tokyo" }, { attr: "gender", str: "F" }, { attr: "countryOfCitizenship", str: "JP" }, - { attr: "countryOfResidence", str: "JP" } + { attr: "countryOfResidence", str: "JP" }, + { attr: "1.2.3.4.5", array: [{prnstr: {str: "aaa"}}] } ] }); @@ -667,6 +677,13 @@

+
+
See:
+ +
+ +
+ diff --git a/api/symbols/X509.html b/api/symbols/X509.html index 366752d2..d5a08ebb 100644 --- a/api/symbols/X509.html +++ b/api/symbols/X509.html @@ -1085,6 +1085,19 @@

+ +   + +
getExtSubjectDirectoryAttributes(hExtV, critical) +
+
parse SubjectDirectoryAttributes extension as JSON object
+This method parses +SubjectDirectoryAttributes extension value defined in the +defined in +RFC 3739 Qualified Certificate Profile section 3.3.2 as JSON object.
+ + +   @@ -4734,6 +4747,97 @@

+
+ + +
+ + {Array} + getExtSubjectDirectoryAttributes(hExtV, critical) + +
+
+ parse SubjectDirectoryAttributes extension as JSON object
+This method parses +SubjectDirectoryAttributes extension value defined in the +defined in +RFC 3739 Qualified Certificate Profile section 3.3.2 as JSON object. +
+SubjectDirectoryAttributes ::= Attributes
+Attributes ::= SEQUENCE SIZE (1..MAX) OF Attribute
+Attribute ::= SEQUENCE {
+  type AttributeType 
+  values SET OF AttributeValue }
+AttributeType ::= OBJECT IDENTIFIER
+AttributeValue ::= ANY DEFINED BY AttributeType
+
+
+Result of this method can be passed to +KJUR.asn1.x509.SubjectDirectoryAttributes constructor. + + +
+ + + + 
x.getExtSubjectDirectoryAttributes(<>) →
+{ "extname": "SubjectDirectoryAttributes",
+  "array": [
+    { "attr": "gender", "array": [{"prnstr": {"str": "female"}}] },
+    { "attr": "1.2.3.4.5", "array": [{"prnstr": {"str": "aaa"}}, {"utf8str": {"str": "bbb"}}] }
+  ] }
+ + + + +
+
Parameters:
+ +
+ {String} hExtV + +
+
hexadecimal string of extension value
+ +
+ {Boolean} critical + +
+
flag
+ +
+ + + +
+
Since:
+
jsrsasign 10.8.4 x509 2.1.4
+
+ + + + +
+
Returns:
+ +
{Array} JSON object of parsed SubjectDirectoryAttributes extension
+ +
+ + + +
+
See:
+ +
KJUR.asn1.x509.SubjectDirectoryAttributes
+ +
X509#getExtParamArray
+ +
X509#getExtParam
+ +
+ +
diff --git a/api/symbols/src/asn1x509-1.0.js.html b/api/symbols/src/asn1x509-1.0.js.html index dc90ceb3..979ee832 100644 --- a/api/symbols/src/asn1x509-1.0.js.html +++ b/api/symbols/src/asn1x509-1.0.js.html @@ -5,12 +5,12 @@ .STRN {color: #393;} .REGX {color: #339;} .line {border-right: 1px dotted #666; color: #666; font-style: normal;} - 
  1 /* asn1x509-2.1.18.js (c) 2013-2022 Kenji Urushima | kjur.github.io/jsrsasign/license
+	
  1 /* asn1x509-2.1.20.js (c) 2013-2022 Kenji Urushima | kjur.github.io/jsrsasign/license
   2  */
   3 /*
   4  * asn1x509.js - ASN.1 DER encoder classes for X.509 certificate
   5  *
-  6  * Copyright (c) 2013-2022 Kenji Urushima (kenji.urushima@gmail.com)
+  6  * Copyright (c) 2013-2023 Kenji Urushima (kenji.urushima@gmail.com)
   7  *
   8  * This software is licensed under the terms of the MIT License.
   9  * https://kjur.github.io/jsrsasign/license
@@ -23,7 +23,7 @@
  16  * @fileOverview
  17  * @name asn1x509-1.0.js
  18  * @author Kenji Urushima kenji.urushima@gmail.com
- 19  * @version jsrsasign 10.6.1 asn1x509 2.1.18 (2022-Nov-20)
+ 19  * @version jsrsasign 10.8.4 asn1x509 2.1.20 (2023-Apr-26)
  20  * @since jsrsasign 2.1
  21  * @license <a href="https://kjur.github.io/jsrsasign/license/">MIT License</a>
  22  */
@@ -2276,2674 +2276,2702 @@
 2269  * @param {Array} params associative array of parameters
 2270  * @extends KJUR.asn1.x509.Extension
 2271  * @since jsrsasign 10.1.9 asn1x509 2.1.7
-2272  * @description
-2273  * This class provides X.509v3 SubjectDirectoryAttributes extension
-2274  * defined in <a href="https://tools.ietf.org/html/rfc3739#section-3.3.2">
-2275  * RFC 3739 Qualified Certificate Profile section 3.3.2</a>.
-2276  * <pre>
-2277  * SubjectDirectoryAttributes ::= Attributes
-2278  * Attributes ::= SEQUENCE SIZE (1..MAX) OF Attribute
-2279  * Attribute ::= SEQUENCE {
-2280  *   type AttributeType 
-2281  *   values SET OF AttributeValue }
-2282  * AttributeType ::= OBJECT IDENTIFIER
-2283  * AttributeValue ::= ANY DEFINED BY AttributeType
-2284  * </pre>
-2285  * @example
-2286  * e1 = new KJUR.asn1.x509.SubjectDirectoryAttributes({
-2287  *   extname: "subjectDirectoryAttributes",
-2288  *   array: [
-2289  *     { attr: "dateOfBirth", str: "19701231230000Z" },
-2290  *     { attr: "placeOfBirth", str: "Tokyo" },
-2291  *     { attr: "gender", str: "F" },
-2292  *     { attr: "countryOfCitizenship", str: "JP" },
-2293  *     { attr: "countryOfResidence", str: "JP" }
-2294  *   ]
-2295  * });
-2296  */
-2297 KJUR.asn1.x509.SubjectDirectoryAttributes = function(params) {
-2298     KJUR.asn1.x509.SubjectDirectoryAttributes.superclass.constructor.call(this, params);
-2299     var _KJUR_asn1 = KJUR.asn1,
-2300 	_DERSequence = _KJUR_asn1.DERSequence,
-2301 	_newObject = _KJUR_asn1.ASN1Util.newObject,
-2302 	_name2oid = _KJUR_asn1.x509.OID.name2oid;
-2303 
-2304     this.params = null;
-2305 
-2306     this.getExtnValueHex = function() {
-2307 	var a = [];
-2308 	for (var i = 0; i < this.params.array.length; i++) {
-2309 	    var pAttr = this.params.array[i];
-2310 
-2311 	    var newparam = {
-2312 		"seq": [
-2313 		    {"oid": "1.2.3.4"},
-2314 		    {"set": [{"utf8str": "DE"}]}
-2315 		]
-2316 	    };
-2317 
-2318 	    if (pAttr.attr == "dateOfBirth") {
-2319 		newparam.seq[0].oid = _name2oid(pAttr.attr);
-2320 		newparam.seq[1].set[0] = {"gentime": pAttr.str};
-2321 	    } else if (pAttr.attr == "placeOfBirth") {
-2322 		newparam.seq[0].oid = _name2oid(pAttr.attr);
-2323 		newparam.seq[1].set[0] = {"utf8str": pAttr.str};
-2324 	    } else if (pAttr.attr == "gender") {
-2325 		newparam.seq[0].oid = _name2oid(pAttr.attr);
-2326 		newparam.seq[1].set[0] = {"prnstr": pAttr.str};
-2327 	    } else if (pAttr.attr == "countryOfCitizenship") {
-2328 		newparam.seq[0].oid = _name2oid(pAttr.attr);
-2329 		newparam.seq[1].set[0] = {"prnstr": pAttr.str};
-2330 	    } else if (pAttr.attr == "countryOfResidence") {
-2331 		newparam.seq[0].oid = _name2oid(pAttr.attr);
-2332 		newparam.seq[1].set[0] = {"prnstr": pAttr.str};
-2333 	    } else {
-2334 		throw new Error("unsupported attribute: " + pAttr.attr);
-2335 	    }
-2336 	    a.push(new _newObject(newparam));
-2337 	}
-2338 	var seq = new _DERSequence({array: a});
-2339 	this.asn1ExtnValue = seq;
-2340         return this.asn1ExtnValue.tohex();
-2341     };
-2342 
-2343     this.oid = "2.5.29.9";
-2344     if (params !== undefined) {
-2345 	this.params = params;
-2346     }
-2347 };
-2348 extendClass(KJUR.asn1.x509.SubjectDirectoryAttributes, KJUR.asn1.x509.Extension);
-2349 
-2350 
-2351 /**
-2352  * priavte extension ASN.1 structure class<br/>
-2353  * @name KJUR.asn1.x509.PrivateExtension
-2354  * @class private extension ASN.1 structure class
-2355  * @param {Array} params JSON object of private extension
-2356  * @extends KJUR.asn1.x509.Extension
-2357  * @since jsrsasign 9.1.1 asn1x509 
-2358  * @see KJUR.asn1.ASN1Util.newObject
-2359  *
-2360  * @description
-2361  * This class is to represent private extension or 
-2362  * unsupported extension. 
-2363  * <pre>
-2364  * Extension  ::=  SEQUENCE  {
-2365  *      extnID      OBJECT IDENTIFIER,
-2366  *      critical    BOOLEAN DEFAULT FALSE,
-2367  *      extnValue   OCTET STRING }
-2368  * </pre>
-2369  * Following properties can be set for JSON parameter:
-2370  * <ul>
-2371  * <li>{String}extname - string of OID or predefined extension name</li>
-2372  * <li>{Boolean}critical - critical flag</li>
-2373  * <li>{Object}extn - hexadecimal string or 
-2374  * of {@link KJUR.asn1.ASN1Util.newObject} 
-2375  * JSON parameter for extnValue field</li>
-2376  * </li>
-2377  * </ul>
-2378  *
-2379  * @example
-2380  * // extn by hexadecimal
-2381  * new KJUR.asn1.x509.PrivateExtension({
-2382  *   extname: "1.2.3.4",
-2383  *   critical: true,
-2384  *   extn: "13026161" // means PrintableString "aa"
-2385  * });
-2386  *
-2387  * // extn by JSON parameter
-2388  * new KJUR.asn1.x509.PrivateExtension({
-2389  *   extname: "1.2.3.5",
-2390  *   extn: {seq: [{prnstr:"abc"},{utf8str:"def"}]}
-2391  * });
-2392  */
-2393 KJUR.asn1.x509.PrivateExtension = function(params) {
-2394     KJUR.asn1.x509.PrivateExtension.superclass.constructor.call(this, params)
-2395 
-2396     var _KJUR = KJUR,
-2397 	_isHex = _KJUR.lang.String.isHex,
-2398 	_KJUR_asn1 = _KJUR.asn1,
-2399 	_name2oid = _KJUR_asn1.x509.OID.name2oid,
-2400 	_newObject = _KJUR_asn1.ASN1Util.newObject;
-2401 
-2402     this.params = null;
-2403 
-2404     this.setByParam = function(params) {
-2405 	this.oid = _name2oid(params.extname);
-2406 	this.params = params;
-2407     };
-2408 
-2409     this.getExtnValueHex = function() {
-2410 	if (this.params.extname == undefined ||
-2411 	    this.params.extn == undefined) {
-2412 	    throw new Error("extname or extnhex not specified");
-2413 	}
-2414 
-2415 	var extn = this.params.extn;
-2416 	if (typeof extn == "string" && _isHex(extn)) {
-2417 	    return extn;
-2418 	} else if (typeof extn == "object") {
-2419 	    try {
-2420 		return _newObject(extn).tohex();
-2421 	    } catch(ex) {}
-2422 	}
-2423 	throw new Error("unsupported extn value");
-2424     };
-2425 
-2426     if (params != undefined) {
-2427 	this.setByParam(params);
-2428     }
-2429 };
-2430 extendClass(KJUR.asn1.x509.PrivateExtension, KJUR.asn1.x509.Extension);
-2431 
-2432 // === END   X.509v3 Extensions Related =======================================
-2433 
-2434 // === BEGIN CRL Related ===================================================
-2435 /**
-2436  * X.509 CRL class to sign and generate hex encoded CRL<br/>
-2437  * @name KJUR.asn1.x509.CRL
-2438  * @class X.509 CRL class to sign and generate hex encoded certificate
-2439  * @property {Array} params JSON object of parameters
-2440  * @param {Array} params JSON object of CRL parameters
-2441  * @extends KJUR.asn1.ASN1Object
-2442  * @since 1.0.3
-2443  * @see KJUR.asn1.x509.TBSCertList
-2444  * 
-2445  * @description
-2446  * This class represents CertificateList ASN.1 structur of X.509 CRL
-2447  * defined in <a href="https://tools.ietf.org/html/rfc5280#section-5.1">
-2448  * RFC 5280 5.1</a>
-2449  * <pre>
-2450  * CertificateList  ::=  SEQUENCE  {
-2451  *     tbsCertList          TBSCertList,
-2452  *     signatureAlgorithm   AlgorithmIdentifier,
-2453  *     signatureValue       BIT STRING  }
-2454  * </pre>
-2455  * NOTE: CRL class is updated without backward 
-2456  * compatibility from jsrsasign 9.1.0 asn1x509 2.1.0.
-2457  * Most of methods are removed and parameters can be set
-2458  * by JSON object.
-2459  * <br/>
-2460  * Constructor of this class can accept all
-2461  * parameters of {@link KJUR.asn1.x509.TBSCertList}.
-2462  * It also accept following parameters additionally:
-2463  * <ul>
-2464  * <li>{TBSCertList}tbsobj (OPTION) - 
-2465  * specifies {@link KJUR.asn1.x509.TBSCertList} 
-2466  * object to be signed if needed. 
-2467  * When this isn't specified, 
-2468  * this will be set from other parametes of TBSCertList.</li>
-2469  * <li>{Object}cakey (OPTION) - specifies CRL signing private key.
-2470  * Parameter "cakey" or "sighex" shall be specified. Following
-2471  * values can be specified:
-2472  *   <ul>
-2473  *   <li>PKCS#1/5 or PKCS#8 PEM string of private key</li>
-2474  *   <li>RSAKey/DSA/ECDSA key object. {@link KEYUTIL.getKey} is useful
-2475  *   to generate a key object.</li>
-2476  *   </ul>
-2477  * </li>
-2478  * <li>{String}sighex (OPTION) - hexadecimal string of signature value
-2479  * (i.e. ASN.1 value(V) of signatureValue BIT STRING without
-2480  * unused bits)</li>
-2481  * </ul>
-2482  *
-2483  * @example
-2484  * var crl = new KJUR.asn1.x509.CRL({
-2485  *  sigalg: "SHA256withRSA",
-2486  *  issuer: {str:'/C=JP/O=Test1'},
-2487  *  thisupdate: "200821235959Z",
-2488  *  nextupdate: "200828235959Z", // OPTION
-2489  *  revcert: [{sn: {hex: "12ab"}, date: "200401235959Z"}],
-2490  *  ext: [
-2491  *   {extname: "cRLNumber", num: {'int': 8}},
-2492  *   {extname: "authorityKeyIdentifier", "kid": {hex: "12ab"}}
-2493  *  ],
-2494  *  cakey: prvkey
-2495  * });
-2496  * crl.gettohex() → "30..."
-2497  * crl.getPEM() → "-----BEGIN X509 CRL..."
-2498  */
-2499 KJUR.asn1.x509.CRL = function(params) {
-2500     KJUR.asn1.x509.CRL.superclass.constructor.call(this);
-2501     var _KJUR = KJUR,
-2502 	_KJUR_asn1 = _KJUR.asn1,
-2503 	_DERSequence = _KJUR_asn1.DERSequence,
-2504 	_DERBitString = _KJUR_asn1.DERBitString,
-2505 	_KJUR_asn1_x509 = _KJUR_asn1.x509,
-2506 	_AlgorithmIdentifier = _KJUR_asn1_x509.AlgorithmIdentifier,
-2507 	_TBSCertList = _KJUR_asn1_x509.TBSCertList;
-2508 
-2509     this.params = undefined;
-2510 
-2511     this.setByParam = function(params) {
-2512 	this.params = params;
-2513     };
-2514 
-2515     /**
-2516      * sign CRL<br/>
-2517      * @name sign
-2518      * @memberOf KJUR.asn1.x509.CRL#
-2519      * @function
-2520      * @description
-2521      * This method signs TBSCertList with a specified 
-2522      * private key and algorithm by 
-2523      * this.params.cakey and this.params.sigalg parameter.
-2524      * @example
-2525      * crl = new KJUR.asn1.x509.CRL({..., cakey:prvkey});
-2526      * crl.sign()
-2527      */
-2528     this.sign = function() {
-2529 	var hTBSCL = (new _TBSCertList(this.params)).tohex();
-2530 	var sig = new KJUR.crypto.Signature({alg: this.params.sigalg});
-2531 	sig.init(this.params.cakey);
-2532 	sig.updateHex(hTBSCL);
-2533 	var sighex = sig.sign();
-2534 	this.params.sighex = sighex;
-2535     };
-2536 
-2537     /**
-2538      * get PEM formatted CRL string after signed<br/>
-2539      * @name getPEM
-2540      * @memberOf KJUR.asn1.x509.CRL#
-2541      * @function
-2542      * @return PEM formatted string of CRL
-2543      * @since jsrsasign 9.1.0 asn1hex 2.1.0
-2544      * @description
-2545      * This method returns a string of PEM formatted 
-2546      * CRL.
-2547      * @example
-2548      * crl = new KJUR.asn1.x509.CRL({...});
-2549      * crl.getPEM() →
-2550      * "-----BEGIN X509 CRL-----\r\n..."
-2551      */
-2552     this.getPEM = function() {
-2553 	return hextopem(this.tohex(), "X509 CRL");
-2554     };
-2555 
-2556     this.tohex = function() {
-2557 	var params = this.params;
-2558 
-2559 	if (params.tbsobj == undefined) {
-2560 	    params.tbsobj = new _TBSCertList(params);
-2561 	}
-2562 
-2563 	if (params.sighex == undefined && params.cakey != undefined) {
-2564 	    this.sign();
-2565 	}
-2566 
-2567 	if (params.sighex == undefined) {
-2568 	    throw new Error("sighex or cakey parameter not defined");
-2569 	}
-2570 	
-2571 	var a = [];
-2572 	a.push(params.tbsobj);
-2573 	a.push(new _AlgorithmIdentifier({name: params.sigalg}));
-2574 	a.push(new _DERBitString({hex: "00" + params.sighex}));
-2575 	var seq = new _DERSequence({array: a});
-2576 	return seq.tohex();
-2577     };
-2578     this.getEncodedHex = function() { return this.tohex(); };
-2579 
-2580     if (params != undefined) this.params = params;
-2581 };
-2582 extendClass(KJUR.asn1.x509.CRL, KJUR.asn1.ASN1Object);
-2583 
-2584 /**
-2585  * ASN.1 TBSCertList ASN.1 structure class for CRL<br/>
-2586  * @name KJUR.asn1.x509.TBSCertList
-2587  * @class TBSCertList ASN.1 structure class for CRL
-2588  * @property {Array} params JSON object of parameters
-2589  * @param {Array} params JSON object of TBSCertList parameters
-2590  * @extends KJUR.asn1.ASN1Object
-2591  * @since 1.0.3
-2592  *
-2593  * @description
-2594  * This class represents TBSCertList of CRL defined in
-2595  * <a href="https://tools.ietf.org/html/rfc5280#section-5.1">
-2596  * RFC 5280 5.1</a>.
-2597  * <pre>
-2598  * TBSCertList  ::=  SEQUENCE  {
-2599  *       version                 Version OPTIONAL,
-2600  *                                    -- if present, MUST be v2
-2601  *       signature               AlgorithmIdentifier,
-2602  *       issuer                  Name,
-2603  *       thisUpdate              Time,
-2604  *       nextUpdate              Time OPTIONAL,
-2605  *       revokedCertificates     SEQUENCE OF SEQUENCE  {
-2606  *            userCertificate         CertificateSerialNumber,
-2607  *            revocationDate          Time,
-2608  *            crlEntryExtensions      Extensions OPTIONAL
-2609  *                                     -- if present, version MUST be v2
-2610  *                                 }  OPTIONAL,
-2611  *       crlExtensions           [0]  EXPLICIT Extensions OPTIONAL
-2612  * }
-2613  * </pre>
-2614  * NOTE: TBSCertList class is updated without backward 
-2615  * compatibility from jsrsasign 9.1.0 asn1x509 2.1.0.
-2616  * Most of methods are removed and parameters can be set
-2617  * by JSON object.
-2618  * <br/>
-2619  * Constructor of this class may have following parameters:
-2620  * <ul>
-2621  * <li>{Integer}version (OPTION) - version number. Omitted by default.</li>
-2622  * <li>{String}sigalg - signature algorithm name</li>
-2623  * <li>{Array}issuer - issuer parameter of {@link KJUR.asn1.x509.X500Name}</li>
-2624  * <li>{String}thisupdate - thisUpdate field value</li>
-2625  * <li>{String}nextupdate (OPTION) - thisUpdate field value</li>
-2626  * <li>{Array}revcert (OPTION) - revokedCertificates field value as array
-2627  *   Its element may have following property:
-2628  *   <ul>
-2629  *   <li>{Array}sn - serialNumber of userCertificate field specified
-2630  *   by {@link KJUR.asn1.DERInteger}</li>
-2631  *   <li>{String}date - revocationDate field specified by
-2632  *   a string of {@link KJUR.asn1.x509.Time} parameter</li>
-2633  *   <li>{Array}ext (OPTION) - array of CRL entry extension parameter</li>
-2634  *   </ul>
-2635  * </li>
-2636  * </ul>
-2637  * 
-2638  * @example
-2639  * var o = new KJUR.asn1.x509.TBSCertList({
-2640  *  sigalg: "SHA256withRSA",
-2641  *  issuer: {array: [[{type:'C',value:'JP',ds:'prn'}],
-2642  *                   [{type:'O',value:'T1',ds:'prn'}]]},
-2643  *  thisupdate: "200821235959Z",
-2644  *  nextupdate: "200828235959Z", // OPTION
-2645  *  revcert: [
-2646  *   {sn: {hex: "12ab"}, date: "200401235959Z", ext: [{extname: "cRLReason", code:1}]},
-2647  *   {sn: {hex: "12bc"}, date: "200405235959Z", ext: [{extname: "cRLReason", code:2}]}
-2648  *  ],
-2649  *  ext: [
-2650  *   {extname: "cRLNumber", num: {'int': 8}},
-2651  *   {extname: "authorityKeyIdentifier", "kid": {hex: "12ab"}}
-2652  *  ]
-2653  * });
-2654  * o.tohex() → "30..."
-2655  */
-2656 KJUR.asn1.x509.TBSCertList = function(params) {
-2657     KJUR.asn1.x509.TBSCertList.superclass.constructor.call(this);
-2658     var	_KJUR = KJUR,
-2659 	_KJUR_asn1 = _KJUR.asn1,
-2660 	_DERInteger = _KJUR_asn1.DERInteger,
-2661 	_DERSequence = _KJUR_asn1.DERSequence,
-2662 	_DERTaggedObject = _KJUR_asn1.DERTaggedObject,
-2663 	_DERObjectIdentifier = _KJUR_asn1.DERObjectIdentifier,
-2664 	_KJUR_asn1_x509 = _KJUR_asn1.x509,
-2665 	_AlgorithmIdentifier = _KJUR_asn1_x509.AlgorithmIdentifier,
-2666 	_Time = _KJUR_asn1_x509.Time,
-2667 	_Extensions = _KJUR_asn1_x509.Extensions,
-2668 	_X500Name = _KJUR_asn1_x509.X500Name;
-2669     this.params = null;
-2670 
-2671     /**
-2672      * get array of ASN.1 object for extensions<br/>
-2673      * @name setByParam
-2674      * @memberOf KJUR.asn1.x509.TBSCertList#
-2675      * @function
-2676      * @param {Array} JSON object of TBSCertList parameters
-2677      * @example
-2678      * tbsc = new KJUR.asn1.x509.TBSCertificate();
-2679      * tbsc.setByParam({version:3, serial:{hex:'1234...'},...});
-2680      */
-2681     this.setByParam = function(params) {
-2682 	this.params = params;
-2683     };
+2272  * @see
+2273  * 
+2274  * @description
+2275  * This class provides X.509v3 SubjectDirectoryAttributes extension
+2276  * defined in <a href="https://tools.ietf.org/html/rfc3739#section-3.3.2">
+2277  * RFC 3739 Qualified Certificate Profile section 3.3.2</a>.
+2278  * <pre>
+2279  * SubjectDirectoryAttributes ::= Attributes
+2280  * Attributes ::= SEQUENCE SIZE (1..MAX) OF Attribute
+2281  * Attribute ::= SEQUENCE {
+2282  *   type AttributeType 
+2283  *   values SET OF AttributeValue }
+2284  * AttributeType ::= OBJECT IDENTIFIER
+2285  * AttributeValue ::= ANY DEFINED BY AttributeType
+2286  * </pre>
+2287  * Value of member "array" is an array which as following associative arrays as elements:
+2288  * <ul>
+2289  * <li>attr: OID name or value of attribute type (ex. "gender" or "1.2.3.4")</li>
+2290  * <li>str: attribute value of pre defined types (See example for registered attribute types)</li>
+2291  * <li>array: array of ASN.1 parameters as attribute value (See {@link KJUR.asn1.ASN1Util#newObject})</li>
+2292  * </ul>
+2293  * <br/>
+2294  * NOTE: From jsrsasign 10.8.4, member "array in array" supported for an arbitrary
+2295  * attribute value.
+2296  *
+2297  * @example
+2298  * e1 = new KJUR.asn1.x509.SubjectDirectoryAttributes({
+2299  *   extname: "subjectDirectoryAttributes",
+2300  *   array: [
+2301  *     { attr: "dateOfBirth", str: "19701231230000Z" },
+2302  *     { attr: "placeOfBirth", str: "Tokyo" },
+2303  *     { attr: "gender", str: "F" },
+2304  *     { attr: "countryOfCitizenship", str: "JP" },
+2305  *     { attr: "countryOfResidence", str: "JP" },
+2306  *     { attr: "1.2.3.4.5", array: [{prnstr: {str: "aaa"}}] }
+2307  *   ]
+2308  * });
+2309  */
+2310 KJUR.asn1.x509.SubjectDirectoryAttributes = function(params) {
+2311     KJUR.asn1.x509.SubjectDirectoryAttributes.superclass.constructor.call(this, params);
+2312     var _KJUR_asn1 = KJUR.asn1,
+2313 	_DERSequence = _KJUR_asn1.DERSequence,
+2314 	_newObject = _KJUR_asn1.ASN1Util.newObject,
+2315 	_name2oid = _KJUR_asn1.x509.OID.name2oid;
+2316 
+2317     this.params = null;
+2318 
+2319     this.getExtnValueHex = function() {
+2320 	var a = [];
+2321 	for (var i = 0; i < this.params.array.length; i++) {
+2322 	    var pAttr = this.params.array[i];
+2323 
+2324 	    if (pAttr.attr != undefined && pAttr.array != undefined) {
+2325 		var pObj = {"seq": [{"oid": pAttr.attr}, {"set": pAttr.array}]};
+2326 		a.push(_newObject(pObj));
+2327 		continue;
+2328 	    }
+2329 
+2330 	    var newparam = {"seq": [{"oid": "1.2.3.4"}, {"set": [{"utf8str": "DE"}]}]};
+2331 
+2332 	    if (pAttr.attr == "dateOfBirth") {
+2333 		newparam.seq[0].oid = _name2oid(pAttr.attr);
+2334 		newparam.seq[1].set[0] = {"gentime": pAttr.str};
+2335 	    } else if (pAttr.attr == "placeOfBirth") {
+2336 		newparam.seq[0].oid = _name2oid(pAttr.attr);
+2337 		newparam.seq[1].set[0] = {"utf8str": pAttr.str};
+2338 	    } else if (pAttr.attr == "gender") {
+2339 		newparam.seq[0].oid = _name2oid(pAttr.attr);
+2340 		newparam.seq[1].set[0] = {"prnstr": pAttr.str};
+2341 	    } else if (pAttr.attr == "countryOfCitizenship") {
+2342 		newparam.seq[0].oid = _name2oid(pAttr.attr);
+2343 		newparam.seq[1].set[0] = {"prnstr": pAttr.str};
+2344 	    } else if (pAttr.attr == "countryOfResidence") {
+2345 		newparam.seq[0].oid = _name2oid(pAttr.attr);
+2346 		newparam.seq[1].set[0] = {"prnstr": pAttr.str};
+2347 	    } else {
+2348 		throw new Error("unsupported attribute: " + pAttr.attr);
+2349 	    }
+2350 	    a.push(new _newObject(newparam));
+2351 	}
+2352 	var seq = new _DERSequence({array: a});
+2353 	this.asn1ExtnValue = seq;
+2354         return this.asn1ExtnValue.tohex();
+2355     };
+2356 
+2357     this.oid = "2.5.29.9";
+2358     if (params !== undefined) {
+2359 	this.params = params;
+2360     }
+2361 };
+2362 extendClass(KJUR.asn1.x509.SubjectDirectoryAttributes, KJUR.asn1.x509.Extension);
+2363 
+2364 
+2365 /**
+2366  * priavte extension ASN.1 structure class<br/>
+2367  * @name KJUR.asn1.x509.PrivateExtension
+2368  * @class private extension ASN.1 structure class
+2369  * @param {Array} params JSON object of private extension
+2370  * @extends KJUR.asn1.x509.Extension
+2371  * @since jsrsasign 9.1.1 asn1x509 
+2372  * @see KJUR.asn1.ASN1Util.newObject
+2373  *
+2374  * @description
+2375  * This class is to represent private extension or 
+2376  * unsupported extension. 
+2377  * <pre>
+2378  * Extension  ::=  SEQUENCE  {
+2379  *      extnID      OBJECT IDENTIFIER,
+2380  *      critical    BOOLEAN DEFAULT FALSE,
+2381  *      extnValue   OCTET STRING }
+2382  * </pre>
+2383  * Following properties can be set for JSON parameter:
+2384  * <ul>
+2385  * <li>{String}extname - string of OID or predefined extension name</li>
+2386  * <li>{Boolean}critical - critical flag</li>
+2387  * <li>{Object}extn - hexadecimal string or 
+2388  * of {@link KJUR.asn1.ASN1Util.newObject} 
+2389  * JSON parameter for extnValue field</li>
+2390  * </li>
+2391  * </ul>
+2392  *
+2393  * @example
+2394  * // extn by hexadecimal
+2395  * new KJUR.asn1.x509.PrivateExtension({
+2396  *   extname: "1.2.3.4",
+2397  *   critical: true,
+2398  *   extn: "13026161" // means PrintableString "aa"
+2399  * });
+2400  *
+2401  * // extn by JSON parameter
+2402  * new KJUR.asn1.x509.PrivateExtension({
+2403  *   extname: "1.2.3.5",
+2404  *   extn: {seq: [{prnstr:"abc"},{utf8str:"def"}]}
+2405  * });
+2406  */
+2407 KJUR.asn1.x509.PrivateExtension = function(params) {
+2408     KJUR.asn1.x509.PrivateExtension.superclass.constructor.call(this, params)
+2409 
+2410     var _KJUR = KJUR,
+2411 	_isHex = _KJUR.lang.String.isHex,
+2412 	_KJUR_asn1 = _KJUR.asn1,
+2413 	_name2oid = _KJUR_asn1.x509.OID.name2oid,
+2414 	_newObject = _KJUR_asn1.ASN1Util.newObject;
+2415 
+2416     this.params = null;
+2417 
+2418     this.setByParam = function(params) {
+2419 	this.oid = _name2oid(params.extname);
+2420 	this.params = params;
+2421     };
+2422 
+2423     this.getExtnValueHex = function() {
+2424 	if (this.params.extname == undefined ||
+2425 	    this.params.extn == undefined) {
+2426 	    throw new Error("extname or extnhex not specified");
+2427 	}
+2428 
+2429 	var extn = this.params.extn;
+2430 	if (typeof extn == "string" && _isHex(extn)) {
+2431 	    return extn;
+2432 	} else if (typeof extn == "object") {
+2433 	    try {
+2434 		return _newObject(extn).tohex();
+2435 	    } catch(ex) {}
+2436 	}
+2437 	throw new Error("unsupported extn value");
+2438     };
+2439 
+2440     if (params != undefined) {
+2441 	this.setByParam(params);
+2442     }
+2443 };
+2444 extendClass(KJUR.asn1.x509.PrivateExtension, KJUR.asn1.x509.Extension);
+2445 
+2446 // === END   X.509v3 Extensions Related =======================================
+2447 
+2448 // === BEGIN CRL Related ===================================================
+2449 /**
+2450  * X.509 CRL class to sign and generate hex encoded CRL<br/>
+2451  * @name KJUR.asn1.x509.CRL
+2452  * @class X.509 CRL class to sign and generate hex encoded certificate
+2453  * @property {Array} params JSON object of parameters
+2454  * @param {Array} params JSON object of CRL parameters
+2455  * @extends KJUR.asn1.ASN1Object
+2456  * @since 1.0.3
+2457  * @see KJUR.asn1.x509.TBSCertList
+2458  * 
+2459  * @description
+2460  * This class represents CertificateList ASN.1 structur of X.509 CRL
+2461  * defined in <a href="https://tools.ietf.org/html/rfc5280#section-5.1">
+2462  * RFC 5280 5.1</a>
+2463  * <pre>
+2464  * CertificateList  ::=  SEQUENCE  {
+2465  *     tbsCertList          TBSCertList,
+2466  *     signatureAlgorithm   AlgorithmIdentifier,
+2467  *     signatureValue       BIT STRING  }
+2468  * </pre>
+2469  * NOTE: CRL class is updated without backward 
+2470  * compatibility from jsrsasign 9.1.0 asn1x509 2.1.0.
+2471  * Most of methods are removed and parameters can be set
+2472  * by JSON object.
+2473  * <br/>
+2474  * Constructor of this class can accept all
+2475  * parameters of {@link KJUR.asn1.x509.TBSCertList}.
+2476  * It also accept following parameters additionally:
+2477  * <ul>
+2478  * <li>{TBSCertList}tbsobj (OPTION) - 
+2479  * specifies {@link KJUR.asn1.x509.TBSCertList} 
+2480  * object to be signed if needed. 
+2481  * When this isn't specified, 
+2482  * this will be set from other parametes of TBSCertList.</li>
+2483  * <li>{Object}cakey (OPTION) - specifies CRL signing private key.
+2484  * Parameter "cakey" or "sighex" shall be specified. Following
+2485  * values can be specified:
+2486  *   <ul>
+2487  *   <li>PKCS#1/5 or PKCS#8 PEM string of private key</li>
+2488  *   <li>RSAKey/DSA/ECDSA key object. {@link KEYUTIL.getKey} is useful
+2489  *   to generate a key object.</li>
+2490  *   </ul>
+2491  * </li>
+2492  * <li>{String}sighex (OPTION) - hexadecimal string of signature value
+2493  * (i.e. ASN.1 value(V) of signatureValue BIT STRING without
+2494  * unused bits)</li>
+2495  * </ul>
+2496  *
+2497  * @example
+2498  * var crl = new KJUR.asn1.x509.CRL({
+2499  *  sigalg: "SHA256withRSA",
+2500  *  issuer: {str:'/C=JP/O=Test1'},
+2501  *  thisupdate: "200821235959Z",
+2502  *  nextupdate: "200828235959Z", // OPTION
+2503  *  revcert: [{sn: {hex: "12ab"}, date: "200401235959Z"}],
+2504  *  ext: [
+2505  *   {extname: "cRLNumber", num: {'int': 8}},
+2506  *   {extname: "authorityKeyIdentifier", "kid": {hex: "12ab"}}
+2507  *  ],
+2508  *  cakey: prvkey
+2509  * });
+2510  * crl.gettohex() → "30..."
+2511  * crl.getPEM() → "-----BEGIN X509 CRL..."
+2512  */
+2513 KJUR.asn1.x509.CRL = function(params) {
+2514     KJUR.asn1.x509.CRL.superclass.constructor.call(this);
+2515     var _KJUR = KJUR,
+2516 	_KJUR_asn1 = _KJUR.asn1,
+2517 	_DERSequence = _KJUR_asn1.DERSequence,
+2518 	_DERBitString = _KJUR_asn1.DERBitString,
+2519 	_KJUR_asn1_x509 = _KJUR_asn1.x509,
+2520 	_AlgorithmIdentifier = _KJUR_asn1_x509.AlgorithmIdentifier,
+2521 	_TBSCertList = _KJUR_asn1_x509.TBSCertList;
+2522 
+2523     this.params = undefined;
+2524 
+2525     this.setByParam = function(params) {
+2526 	this.params = params;
+2527     };
+2528 
+2529     /**
+2530      * sign CRL<br/>
+2531      * @name sign
+2532      * @memberOf KJUR.asn1.x509.CRL#
+2533      * @function
+2534      * @description
+2535      * This method signs TBSCertList with a specified 
+2536      * private key and algorithm by 
+2537      * this.params.cakey and this.params.sigalg parameter.
+2538      * @example
+2539      * crl = new KJUR.asn1.x509.CRL({..., cakey:prvkey});
+2540      * crl.sign()
+2541      */
+2542     this.sign = function() {
+2543 	var hTBSCL = (new _TBSCertList(this.params)).tohex();
+2544 	var sig = new KJUR.crypto.Signature({alg: this.params.sigalg});
+2545 	sig.init(this.params.cakey);
+2546 	sig.updateHex(hTBSCL);
+2547 	var sighex = sig.sign();
+2548 	this.params.sighex = sighex;
+2549     };
+2550 
+2551     /**
+2552      * get PEM formatted CRL string after signed<br/>
+2553      * @name getPEM
+2554      * @memberOf KJUR.asn1.x509.CRL#
+2555      * @function
+2556      * @return PEM formatted string of CRL
+2557      * @since jsrsasign 9.1.0 asn1hex 2.1.0
+2558      * @description
+2559      * This method returns a string of PEM formatted 
+2560      * CRL.
+2561      * @example
+2562      * crl = new KJUR.asn1.x509.CRL({...});
+2563      * crl.getPEM() →
+2564      * "-----BEGIN X509 CRL-----\r\n..."
+2565      */
+2566     this.getPEM = function() {
+2567 	return hextopem(this.tohex(), "X509 CRL");
+2568     };
+2569 
+2570     this.tohex = function() {
+2571 	var params = this.params;
+2572 
+2573 	if (params.tbsobj == undefined) {
+2574 	    params.tbsobj = new _TBSCertList(params);
+2575 	}
+2576 
+2577 	if (params.sighex == undefined && params.cakey != undefined) {
+2578 	    this.sign();
+2579 	}
+2580 
+2581 	if (params.sighex == undefined) {
+2582 	    throw new Error("sighex or cakey parameter not defined");
+2583 	}
+2584 	
+2585 	var a = [];
+2586 	a.push(params.tbsobj);
+2587 	a.push(new _AlgorithmIdentifier({name: params.sigalg}));
+2588 	a.push(new _DERBitString({hex: "00" + params.sighex}));
+2589 	var seq = new _DERSequence({array: a});
+2590 	return seq.tohex();
+2591     };
+2592     this.getEncodedHex = function() { return this.tohex(); };
+2593 
+2594     if (params != undefined) this.params = params;
+2595 };
+2596 extendClass(KJUR.asn1.x509.CRL, KJUR.asn1.ASN1Object);
+2597 
+2598 /**
+2599  * ASN.1 TBSCertList ASN.1 structure class for CRL<br/>
+2600  * @name KJUR.asn1.x509.TBSCertList
+2601  * @class TBSCertList ASN.1 structure class for CRL
+2602  * @property {Array} params JSON object of parameters
+2603  * @param {Array} params JSON object of TBSCertList parameters
+2604  * @extends KJUR.asn1.ASN1Object
+2605  * @since 1.0.3
+2606  *
+2607  * @description
+2608  * This class represents TBSCertList of CRL defined in
+2609  * <a href="https://tools.ietf.org/html/rfc5280#section-5.1">
+2610  * RFC 5280 5.1</a>.
+2611  * <pre>
+2612  * TBSCertList  ::=  SEQUENCE  {
+2613  *       version                 Version OPTIONAL,
+2614  *                                    -- if present, MUST be v2
+2615  *       signature               AlgorithmIdentifier,
+2616  *       issuer                  Name,
+2617  *       thisUpdate              Time,
+2618  *       nextUpdate              Time OPTIONAL,
+2619  *       revokedCertificates     SEQUENCE OF SEQUENCE  {
+2620  *            userCertificate         CertificateSerialNumber,
+2621  *            revocationDate          Time,
+2622  *            crlEntryExtensions      Extensions OPTIONAL
+2623  *                                     -- if present, version MUST be v2
+2624  *                                 }  OPTIONAL,
+2625  *       crlExtensions           [0]  EXPLICIT Extensions OPTIONAL
+2626  * }
+2627  * </pre>
+2628  * NOTE: TBSCertList class is updated without backward 
+2629  * compatibility from jsrsasign 9.1.0 asn1x509 2.1.0.
+2630  * Most of methods are removed and parameters can be set
+2631  * by JSON object.
+2632  * <br/>
+2633  * Constructor of this class may have following parameters:
+2634  * <ul>
+2635  * <li>{Integer}version (OPTION) - version number. Omitted by default.</li>
+2636  * <li>{String}sigalg - signature algorithm name</li>
+2637  * <li>{Array}issuer - issuer parameter of {@link KJUR.asn1.x509.X500Name}</li>
+2638  * <li>{String}thisupdate - thisUpdate field value</li>
+2639  * <li>{String}nextupdate (OPTION) - thisUpdate field value</li>
+2640  * <li>{Array}revcert (OPTION) - revokedCertificates field value as array
+2641  *   Its element may have following property:
+2642  *   <ul>
+2643  *   <li>{Array}sn - serialNumber of userCertificate field specified
+2644  *   by {@link KJUR.asn1.DERInteger}</li>
+2645  *   <li>{String}date - revocationDate field specified by
+2646  *   a string of {@link KJUR.asn1.x509.Time} parameter</li>
+2647  *   <li>{Array}ext (OPTION) - array of CRL entry extension parameter</li>
+2648  *   </ul>
+2649  * </li>
+2650  * </ul>
+2651  * 
+2652  * @example
+2653  * var o = new KJUR.asn1.x509.TBSCertList({
+2654  *  sigalg: "SHA256withRSA",
+2655  *  issuer: {array: [[{type:'C',value:'JP',ds:'prn'}],
+2656  *                   [{type:'O',value:'T1',ds:'prn'}]]},
+2657  *  thisupdate: "200821235959Z",
+2658  *  nextupdate: "200828235959Z", // OPTION
+2659  *  revcert: [
+2660  *   {sn: {hex: "12ab"}, date: "200401235959Z", ext: [{extname: "cRLReason", code:1}]},
+2661  *   {sn: {hex: "12bc"}, date: "200405235959Z", ext: [{extname: "cRLReason", code:2}]}
+2662  *  ],
+2663  *  ext: [
+2664  *   {extname: "cRLNumber", num: {'int': 8}},
+2665  *   {extname: "authorityKeyIdentifier", "kid": {hex: "12ab"}}
+2666  *  ]
+2667  * });
+2668  * o.tohex() → "30..."
+2669  */
+2670 KJUR.asn1.x509.TBSCertList = function(params) {
+2671     KJUR.asn1.x509.TBSCertList.superclass.constructor.call(this);
+2672     var	_KJUR = KJUR,
+2673 	_KJUR_asn1 = _KJUR.asn1,
+2674 	_DERInteger = _KJUR_asn1.DERInteger,
+2675 	_DERSequence = _KJUR_asn1.DERSequence,
+2676 	_DERTaggedObject = _KJUR_asn1.DERTaggedObject,
+2677 	_DERObjectIdentifier = _KJUR_asn1.DERObjectIdentifier,
+2678 	_KJUR_asn1_x509 = _KJUR_asn1.x509,
+2679 	_AlgorithmIdentifier = _KJUR_asn1_x509.AlgorithmIdentifier,
+2680 	_Time = _KJUR_asn1_x509.Time,
+2681 	_Extensions = _KJUR_asn1_x509.Extensions,
+2682 	_X500Name = _KJUR_asn1_x509.X500Name;
+2683     this.params = null;
 2684 
 2685     /**
-2686      * get DERSequence for revokedCertificates<br/>
-2687      * @name getRevCertSequence
+2686      * get array of ASN.1 object for extensions<br/>
+2687      * @name setByParam
 2688      * @memberOf KJUR.asn1.x509.TBSCertList#
 2689      * @function
-2690      * @return {@link KJUR.asn1.DERSequence} of revokedCertificates
-2691      */
-2692     this.getRevCertSequence = function() {
-2693 	var a = [];
-2694 	var aRevCert = this.params.revcert;
-2695 	for (var i = 0; i < aRevCert.length; i++) {
-2696 	    var aEntry = [
-2697 		new _DERInteger(aRevCert[i].sn),
-2698 		new _Time(aRevCert[i].date)
-2699 	    ];
-2700 	    if (aRevCert[i].ext != undefined) {
-2701 		aEntry.push(new _Extensions(aRevCert[i].ext));
-2702 	    }
-2703 	    a.push(new _DERSequence({array: aEntry}));
-2704 	}
-2705 	return new _DERSequence({array: a});
-2706     };
-2707 
-2708     this.tohex = function() {
-2709 	var a = [];
-2710 	var params = this.params;
-2711 
-2712 	if (params.version != undefined) {
-2713 	    var version = params.version - 1; 
-2714 	    var obj = new _DERInteger({'int': version});
-2715 	    a.push(obj);
-2716 	}
-2717 
-2718 	a.push(new _AlgorithmIdentifier({name: params.sigalg}));
-2719 	a.push(new _X500Name(params.issuer));
-2720 	a.push(new _Time(params.thisupdate));
-2721 	if (params.nextupdate != undefined) 
-2722 	    a.push(new _Time(params.nextupdate))
-2723 	if (params.revcert != undefined) {
-2724 	    a.push(this.getRevCertSequence());
-2725 	}
-2726 	if (params.ext != undefined) {
-2727 	    var dExt = new _Extensions(params.ext);
-2728 	    a.push(new _DERTaggedObject({tag:'a0',
-2729 					 explicit:true,
-2730 					 obj:dExt}));
-2731 	}
-2732 
-2733 	var seq = new _DERSequence({array: a});
-2734 	return seq.tohex();
-2735     };
-2736     this.getEncodedHex = function() { return this.tohex(); };
-2737 
-2738     if (params !== undefined) this.setByParam(params);
-2739 };
-2740 extendClass(KJUR.asn1.x509.TBSCertList, KJUR.asn1.ASN1Object);
-2741 
-2742 /**
-2743  * ASN.1 CRLEntry structure class for CRL (DEPRECATED)<br/>
-2744  * @name KJUR.asn1.x509.CRLEntry
-2745  * @class ASN.1 CRLEntry structure class for CRL
-2746  * @param {Array} params JSON object for CRL entry parameter
-2747  * @extends KJUR.asn1.ASN1Object
-2748  * @since 1.0.3
-2749  * @see KJUR.asn1.x509.TBSCertList
-2750  * @deprecated since jsrsasign 9.1.0 asn1x509 2.1.0
-2751  * @description
-2752  * This class is to represent revokedCertificate in TBSCertList.
-2753  * However this is no more used by TBSCertList since
-2754  * jsrsasign 9.1.0. So this class have been deprecated in 
-2755  * jsrsasign 9.1.0.
-2756  * <pre>
-2757  * revokedCertificates     SEQUENCE OF SEQUENCE  {
-2758  *     userCertificate         CertificateSerialNumber,
-2759  *     revocationDate          Time,
-2760  *     crlEntryExtensions      Extensions OPTIONAL
-2761  *                             -- if present, version MUST be v2 }
-2762  * </pre>
-2763  * @example
-2764  * var e = new KJUR.asn1.x509.CRLEntry({'time': {'str': '130514235959Z'}, 'sn': {'int': 234}});
-2765  */
-2766 KJUR.asn1.x509.CRLEntry = function(params) {
-2767     KJUR.asn1.x509.CRLEntry.superclass.constructor.call(this);
-2768     var sn = null,
-2769 	time = null,
-2770 	_KJUR = KJUR,
-2771 	_KJUR_asn1 = _KJUR.asn1;
-2772 
-2773     /**
-2774      * set DERInteger parameter for serial number of revoked certificate
-2775      * @name setCertSerial
-2776      * @memberOf KJUR.asn1.x509.CRLEntry
-2777      * @function
-2778      * @param {Array} intParam DERInteger parameter for certificate serial number
-2779      * @description
-2780      * @example
-2781      * entry.setCertSerial({'int': 3});
-2782      */
-2783     this.setCertSerial = function(intParam) {
-2784         this.sn = new _KJUR_asn1.DERInteger(intParam);
-2785     };
+2690      * @param {Array} JSON object of TBSCertList parameters
+2691      * @example
+2692      * tbsc = new KJUR.asn1.x509.TBSCertificate();
+2693      * tbsc.setByParam({version:3, serial:{hex:'1234...'},...});
+2694      */
+2695     this.setByParam = function(params) {
+2696 	this.params = params;
+2697     };
+2698 
+2699     /**
+2700      * get DERSequence for revokedCertificates<br/>
+2701      * @name getRevCertSequence
+2702      * @memberOf KJUR.asn1.x509.TBSCertList#
+2703      * @function
+2704      * @return {@link KJUR.asn1.DERSequence} of revokedCertificates
+2705      */
+2706     this.getRevCertSequence = function() {
+2707 	var a = [];
+2708 	var aRevCert = this.params.revcert;
+2709 	for (var i = 0; i < aRevCert.length; i++) {
+2710 	    var aEntry = [
+2711 		new _DERInteger(aRevCert[i].sn),
+2712 		new _Time(aRevCert[i].date)
+2713 	    ];
+2714 	    if (aRevCert[i].ext != undefined) {
+2715 		aEntry.push(new _Extensions(aRevCert[i].ext));
+2716 	    }
+2717 	    a.push(new _DERSequence({array: aEntry}));
+2718 	}
+2719 	return new _DERSequence({array: a});
+2720     };
+2721 
+2722     this.tohex = function() {
+2723 	var a = [];
+2724 	var params = this.params;
+2725 
+2726 	if (params.version != undefined) {
+2727 	    var version = params.version - 1; 
+2728 	    var obj = new _DERInteger({'int': version});
+2729 	    a.push(obj);
+2730 	}
+2731 
+2732 	a.push(new _AlgorithmIdentifier({name: params.sigalg}));
+2733 	a.push(new _X500Name(params.issuer));
+2734 	a.push(new _Time(params.thisupdate));
+2735 	if (params.nextupdate != undefined) 
+2736 	    a.push(new _Time(params.nextupdate))
+2737 	if (params.revcert != undefined) {
+2738 	    a.push(this.getRevCertSequence());
+2739 	}
+2740 	if (params.ext != undefined) {
+2741 	    var dExt = new _Extensions(params.ext);
+2742 	    a.push(new _DERTaggedObject({tag:'a0',
+2743 					 explicit:true,
+2744 					 obj:dExt}));
+2745 	}
+2746 
+2747 	var seq = new _DERSequence({array: a});
+2748 	return seq.tohex();
+2749     };
+2750     this.getEncodedHex = function() { return this.tohex(); };
+2751 
+2752     if (params !== undefined) this.setByParam(params);
+2753 };
+2754 extendClass(KJUR.asn1.x509.TBSCertList, KJUR.asn1.ASN1Object);
+2755 
+2756 /**
+2757  * ASN.1 CRLEntry structure class for CRL (DEPRECATED)<br/>
+2758  * @name KJUR.asn1.x509.CRLEntry
+2759  * @class ASN.1 CRLEntry structure class for CRL
+2760  * @param {Array} params JSON object for CRL entry parameter
+2761  * @extends KJUR.asn1.ASN1Object
+2762  * @since 1.0.3
+2763  * @see KJUR.asn1.x509.TBSCertList
+2764  * @deprecated since jsrsasign 9.1.0 asn1x509 2.1.0
+2765  * @description
+2766  * This class is to represent revokedCertificate in TBSCertList.
+2767  * However this is no more used by TBSCertList since
+2768  * jsrsasign 9.1.0. So this class have been deprecated in 
+2769  * jsrsasign 9.1.0.
+2770  * <pre>
+2771  * revokedCertificates     SEQUENCE OF SEQUENCE  {
+2772  *     userCertificate         CertificateSerialNumber,
+2773  *     revocationDate          Time,
+2774  *     crlEntryExtensions      Extensions OPTIONAL
+2775  *                             -- if present, version MUST be v2 }
+2776  * </pre>
+2777  * @example
+2778  * var e = new KJUR.asn1.x509.CRLEntry({'time': {'str': '130514235959Z'}, 'sn': {'int': 234}});
+2779  */
+2780 KJUR.asn1.x509.CRLEntry = function(params) {
+2781     KJUR.asn1.x509.CRLEntry.superclass.constructor.call(this);
+2782     var sn = null,
+2783 	time = null,
+2784 	_KJUR = KJUR,
+2785 	_KJUR_asn1 = _KJUR.asn1;
 2786 
 2787     /**
-2788      * set Time parameter for revocation date
-2789      * @name setRevocationDate
+2788      * set DERInteger parameter for serial number of revoked certificate
+2789      * @name setCertSerial
 2790      * @memberOf KJUR.asn1.x509.CRLEntry
 2791      * @function
-2792      * @param {Array} timeParam Time parameter for revocation date
+2792      * @param {Array} intParam DERInteger parameter for certificate serial number
 2793      * @description
 2794      * @example
-2795      * entry.setRevocationDate({'str': '130508235959Z'});
+2795      * entry.setCertSerial({'int': 3});
 2796      */
-2797     this.setRevocationDate = function(timeParam) {
-2798         this.time = new _KJUR_asn1.x509.Time(timeParam);
+2797     this.setCertSerial = function(intParam) {
+2798         this.sn = new _KJUR_asn1.DERInteger(intParam);
 2799     };
 2800 
-2801     this.tohex = function() {
-2802         var o = new _KJUR_asn1.DERSequence({"array": [this.sn, this.time]});
-2803         this.TLV = o.tohex();
-2804         return this.TLV;
-2805     };
-2806     this.getEncodedHex = function() { return this.tohex(); };
-2807 
-2808     if (params !== undefined) {
-2809         if (params.time !== undefined) {
-2810             this.setRevocationDate(params.time);
-2811         }
-2812         if (params.sn !== undefined) {
-2813             this.setCertSerial(params.sn);
-2814         }
-2815     }
-2816 };
-2817 extendClass(KJUR.asn1.x509.CRLEntry, KJUR.asn1.ASN1Object);
-2818 
-2819 /**
-2820  * CRLNumber CRL extension ASN.1 structure class<br/>
-2821  * @name KJUR.asn1.x509.CRLNumber
-2822  * @class CRLNumber CRL extension ASN.1 structure class
-2823  * @extends KJUR.asn1.x509.Extension
-2824  * @since jsrsasign 9.1.0 asn1x509 2.1.0
-2825  * @see KJUR.asn1.x509.TBSCertList
-2826  * @see KJUR.asn1.x509.Extensions
-2827  * @description
-2828  * This class represents ASN.1 structure for
-2829  * CRLNumber CRL extension defined in
-2830  * <a href="https://tools.ietf.org/html/rfc5280#section-5.2.3">
-2831  * RFC 5280 5.2.3</a>.
-2832  * <pre>
-2833  * id-ce-cRLNumber OBJECT IDENTIFIER ::= { id-ce 20 }
-2834  * CRLNumber ::= INTEGER (0..MAX)
-2835  * </pre>
-2836  * Constructor of this class may have following parameters:
-2837  * <ul>
-2838  * <li>{String}extname - name "cRLNumber". It is ignored in this class but
-2839  * required to use with {@link KJUR.asn1.x509.Extensions} class. (OPTION)</li>
-2840  * <li>{Object}num - CRLNumber value to specify
-2841  * {@link KJUR.asn1.DERInteger} parameter.</li>
-2842  * <li>{Boolean}critical - critical flag. Generally false and not specified
-2843  * in this class.(OPTION)</li>
-2844  * </ul>
-2845  *
-2846  * @example
-2847  * new KJUR.asn1.x509.CRLNumber({extname:'cRLNumber',
-2848  *                               num:{'int':147}})
-2849  */
-2850 KJUR.asn1.x509.CRLNumber = function(params) {
-2851     KJUR.asn1.x509.CRLNumber.superclass.constructor.call(this, params);
-2852     this.params = undefined;
-2853 
-2854     this.getExtnValueHex = function() {
-2855         this.asn1ExtnValue = new KJUR.asn1.DERInteger(this.params.num);
-2856         return this.asn1ExtnValue.tohex();
-2857     };
-2858 
-2859     this.oid = "2.5.29.20";
-2860     if (params != undefined) this.params = params;
-2861 };
-2862 extendClass(KJUR.asn1.x509.CRLNumber, KJUR.asn1.x509.Extension);
-2863 
-2864 /**
-2865  * CRLReason CRL entry extension ASN.1 structure class<br/>
-2866  * @name KJUR.asn1.x509.CRLReason
-2867  * @class CRLReason CRL entry extension ASN.1 structure class
-2868  * @extends KJUR.asn1.x509.Extension
-2869  * @since jsrsasign 9.1.0 asn1x509 2.1.0
-2870  * @see KJUR.asn1.x509.TBSCertList
-2871  * @see KJUR.asn1.x509.Extensions
-2872  * @description
-2873  * This class represents ASN.1 structure for
-2874  * CRLReason CRL entry extension defined in
-2875  * <a href="https://tools.ietf.org/html/rfc5280#section-5.3.1">
-2876  * RFC 5280 5.3.1</a>
-2877  * <pre>
-2878  * id-ce-cRLReasons OBJECT IDENTIFIER ::= { id-ce 21 }
-2879  * -- reasonCode ::= { CRLReason }
-2880  * CRLReason ::= ENUMERATED {
-2881  *      unspecified             (0),
-2882  *      keyCompromise           (1),
-2883  *      cACompromise            (2),
-2884  *      affiliationChanged      (3),
-2885  *      superseded              (4),
-2886  *      cessationOfOperation    (5),
-2887  *      certificateHold         (6),
-2888  *      removeFromCRL           (8),
-2889  *      privilegeWithdrawn      (9),
-2890  *      aACompromise           (10) }
-2891  * </pre>
-2892  * Constructor of this class may have following parameters:
-2893  * <ul>
-2894  * <li>{String}extname - name "cRLReason". It is ignored in this class but
-2895  * required to use with {@link KJUR.asn1.x509.Extensions} class. (OPTION)</li>
-2896  * <li>{Integer}code - reasonCode value</li>
-2897  * <li>{Boolean}critical - critical flag. Generally false and not specified
-2898  * in this class.(OPTION)</li>
-2899  * </ul>
-2900  *
-2901  * @example
-2902  * new KJUR.asn1.x509.CRLReason({extname:'cRLReason',code:4})
-2903  */
-2904 KJUR.asn1.x509.CRLReason = function(params) {
-2905     KJUR.asn1.x509.CRLReason.superclass.constructor.call(this, params);
-2906     this.params = undefined;
-2907 
-2908     this.getExtnValueHex = function() {
-2909         this.asn1ExtnValue = new KJUR.asn1.DEREnumerated(this.params.code);
-2910         return this.asn1ExtnValue.tohex();
-2911     };
-2912 
-2913     this.oid = "2.5.29.21";
-2914     if (params != undefined) this.params = params;
-2915 };
-2916 extendClass(KJUR.asn1.x509.CRLReason, KJUR.asn1.x509.Extension);
-2917 
-2918 // === END   CRL Related ===================================================
-2919 
-2920 // === BEGIN OCSP Related ===================================================
-2921 /**
-2922  * Nonce OCSP extension ASN.1 structure class<br/>
-2923  * @name KJUR.asn1.x509.OCSPNonce
-2924  * @class Nonce OCSP extension ASN.1 structure class
-2925  * @extends KJUR.asn1.x509.Extension
-2926  * @since jsrsasign 9.1.6 asn1x509 2.1.2
-2927  * @param {Array} params JSON object for Nonce extension
-2928  * @see KJUR.asn1.ocsp.ResponseData
-2929  * @see KJUR.asn1.x509.Extensions
-2930  * @see X509#getExtOCSPNonce
-2931  * @description
-2932  * This class represents
-2933  * Nonce OCSP extension value defined in
-2934  * <a href="https://tools.ietf.org/html/rfc6960#section-4.4.1">
-2935  * RFC 6960 4.4.1</a> as JSON object.
-2936  * <pre>
-2937  * id-pkix-ocsp           OBJECT IDENTIFIER ::= { id-ad-ocsp }
-2938  * id-pkix-ocsp-nonce     OBJECT IDENTIFIER ::= { id-pkix-ocsp 2 }
-2939  * Nonce ::= OCTET STRING
-2940  * </pre>
-2941  * Constructor of this class may have following parameters:
-2942  * <ul>
-2943  * <li>{String}extname - name "ocspNonce". It is ignored in this class but
-2944  * required to use with {@link KJUR.asn1.x509.Extensions} class. (OPTION)</li>
-2945  * <li>{String}hex - hexadecimal string of nonce value</li>
-2946  * <li>{Number}int - integer of nonce value. "hex" or "int" needs to be
-2947  * specified.</li>
-2948  * <li>{Boolean}critical - critical flag. Generally false and not specified
-2949  * in this class.(OPTION)</li>
-2950  * </ul>
-2951  *
-2952  * @example
-2953  * new KJUR.asn1.x509.OCSPNonce({extname:'ocspNonce',
-2954  *                               hex: '12ab...'})
-2955  */
-2956 KJUR.asn1.x509.OCSPNonce = function(params) {
-2957     KJUR.asn1.x509.OCSPNonce.superclass.constructor.call(this, params);
-2958     this.params = undefined;
-2959 
-2960     this.getExtnValueHex = function() {
-2961         this.asn1ExtnValue = new KJUR.asn1.DEROctetString(this.params);
-2962         return this.asn1ExtnValue.tohex();
-2963     };
-2964 
-2965     this.oid = "1.3.6.1.5.5.7.48.1.2";
-2966     if (params != undefined) this.params = params;
-2967 };
-2968 extendClass(KJUR.asn1.x509.OCSPNonce, KJUR.asn1.x509.Extension);
-2969 
-2970 /**
-2971  * OCSPNoCheck certificate ASN.1 structure class<br/>
-2972  * @name KJUR.asn1.x509.OCSPNoCheck
-2973  * @class OCSPNoCheck extension ASN.1 structure class
-2974  * @extends KJUR.asn1.x509.Extension
-2975  * @since jsrsasign 9.1.6 asn1x509 2.1.2
-2976  * @param {Array} params JSON object for OCSPNoCheck extension
-2977  * @see KJUR.asn1.x509.Extensions
-2978  * @see X509#getExtOCSPNoCheck
-2979  * @description
-2980  * This class represents
-2981  * OCSPNoCheck extension value defined in
-2982  * <a href="https://tools.ietf.org/html/rfc6960#section-4.2.2.2.1">
-2983  * RFC 6960 4.2.2.2.1</a> as JSON object.
-2984  * <pre>
-2985  * id-pkix-ocsp-nocheck OBJECT IDENTIFIER ::= { id-pkix-ocsp 5 }
-2986  * </pre>
-2987  * Constructor of this class may have following parameters:
-2988  * <ul>
-2989  * <li>{String}extname - name "ocspNoCheck". It is ignored in this class but
-2990  * required to use with {@link KJUR.asn1.x509.Extensions} class. (OPTION)</li>
-2991  * <li>{Boolean}critical - critical flag. Generally false and not specified
-2992  * in this class.(OPTION)</li>
-2993  * </ul>
-2994  *
-2995  * @example
-2996  * new KJUR.asn1.x509.OCSPNonce({extname:'ocspNoCheck'})
-2997  */
-2998 KJUR.asn1.x509.OCSPNoCheck = function(params) {
-2999     KJUR.asn1.x509.OCSPNoCheck.superclass.constructor.call(this, params);
-3000     this.params = undefined;
-3001 
-3002     this.getExtnValueHex = function() {
-3003         this.asn1ExtnValue = new KJUR.asn1.DERNull();
-3004         return this.asn1ExtnValue.tohex();
-3005     };
-3006 
-3007     this.oid = "1.3.6.1.5.5.7.48.1.5";
-3008     if (params != undefined) this.params = params;
-3009 };
-3010 extendClass(KJUR.asn1.x509.OCSPNoCheck, KJUR.asn1.x509.Extension);
-3011 
-3012 // === END   OCSP Related ===================================================
-3013 
-3014 // === BEGIN Other X.509v3 Extensions========================================
+2801     /**
+2802      * set Time parameter for revocation date
+2803      * @name setRevocationDate
+2804      * @memberOf KJUR.asn1.x509.CRLEntry
+2805      * @function
+2806      * @param {Array} timeParam Time parameter for revocation date
+2807      * @description
+2808      * @example
+2809      * entry.setRevocationDate({'str': '130508235959Z'});
+2810      */
+2811     this.setRevocationDate = function(timeParam) {
+2812         this.time = new _KJUR_asn1.x509.Time(timeParam);
+2813     };
+2814 
+2815     this.tohex = function() {
+2816         var o = new _KJUR_asn1.DERSequence({"array": [this.sn, this.time]});
+2817         this.TLV = o.tohex();
+2818         return this.TLV;
+2819     };
+2820     this.getEncodedHex = function() { return this.tohex(); };
+2821 
+2822     if (params !== undefined) {
+2823         if (params.time !== undefined) {
+2824             this.setRevocationDate(params.time);
+2825         }
+2826         if (params.sn !== undefined) {
+2827             this.setCertSerial(params.sn);
+2828         }
+2829     }
+2830 };
+2831 extendClass(KJUR.asn1.x509.CRLEntry, KJUR.asn1.ASN1Object);
+2832 
+2833 /**
+2834  * CRLNumber CRL extension ASN.1 structure class<br/>
+2835  * @name KJUR.asn1.x509.CRLNumber
+2836  * @class CRLNumber CRL extension ASN.1 structure class
+2837  * @extends KJUR.asn1.x509.Extension
+2838  * @since jsrsasign 9.1.0 asn1x509 2.1.0
+2839  * @see KJUR.asn1.x509.TBSCertList
+2840  * @see KJUR.asn1.x509.Extensions
+2841  * @description
+2842  * This class represents ASN.1 structure for
+2843  * CRLNumber CRL extension defined in
+2844  * <a href="https://tools.ietf.org/html/rfc5280#section-5.2.3">
+2845  * RFC 5280 5.2.3</a>.
+2846  * <pre>
+2847  * id-ce-cRLNumber OBJECT IDENTIFIER ::= { id-ce 20 }
+2848  * CRLNumber ::= INTEGER (0..MAX)
+2849  * </pre>
+2850  * Constructor of this class may have following parameters:
+2851  * <ul>
+2852  * <li>{String}extname - name "cRLNumber". It is ignored in this class but
+2853  * required to use with {@link KJUR.asn1.x509.Extensions} class. (OPTION)</li>
+2854  * <li>{Object}num - CRLNumber value to specify
+2855  * {@link KJUR.asn1.DERInteger} parameter.</li>
+2856  * <li>{Boolean}critical - critical flag. Generally false and not specified
+2857  * in this class.(OPTION)</li>
+2858  * </ul>
+2859  *
+2860  * @example
+2861  * new KJUR.asn1.x509.CRLNumber({extname:'cRLNumber',
+2862  *                               num:{'int':147}})
+2863  */
+2864 KJUR.asn1.x509.CRLNumber = function(params) {
+2865     KJUR.asn1.x509.CRLNumber.superclass.constructor.call(this, params);
+2866     this.params = undefined;
+2867 
+2868     this.getExtnValueHex = function() {
+2869         this.asn1ExtnValue = new KJUR.asn1.DERInteger(this.params.num);
+2870         return this.asn1ExtnValue.tohex();
+2871     };
+2872 
+2873     this.oid = "2.5.29.20";
+2874     if (params != undefined) this.params = params;
+2875 };
+2876 extendClass(KJUR.asn1.x509.CRLNumber, KJUR.asn1.x509.Extension);
+2877 
+2878 /**
+2879  * CRLReason CRL entry extension ASN.1 structure class<br/>
+2880  * @name KJUR.asn1.x509.CRLReason
+2881  * @class CRLReason CRL entry extension ASN.1 structure class
+2882  * @extends KJUR.asn1.x509.Extension
+2883  * @since jsrsasign 9.1.0 asn1x509 2.1.0
+2884  * @see KJUR.asn1.x509.TBSCertList
+2885  * @see KJUR.asn1.x509.Extensions
+2886  * @description
+2887  * This class represents ASN.1 structure for
+2888  * CRLReason CRL entry extension defined in
+2889  * <a href="https://tools.ietf.org/html/rfc5280#section-5.3.1">
+2890  * RFC 5280 5.3.1</a>
+2891  * <pre>
+2892  * id-ce-cRLReasons OBJECT IDENTIFIER ::= { id-ce 21 }
+2893  * -- reasonCode ::= { CRLReason }
+2894  * CRLReason ::= ENUMERATED {
+2895  *      unspecified             (0),
+2896  *      keyCompromise           (1),
+2897  *      cACompromise            (2),
+2898  *      affiliationChanged      (3),
+2899  *      superseded              (4),
+2900  *      cessationOfOperation    (5),
+2901  *      certificateHold         (6),
+2902  *      removeFromCRL           (8),
+2903  *      privilegeWithdrawn      (9),
+2904  *      aACompromise           (10) }
+2905  * </pre>
+2906  * Constructor of this class may have following parameters:
+2907  * <ul>
+2908  * <li>{String}extname - name "cRLReason". It is ignored in this class but
+2909  * required to use with {@link KJUR.asn1.x509.Extensions} class. (OPTION)</li>
+2910  * <li>{Integer}code - reasonCode value</li>
+2911  * <li>{Boolean}critical - critical flag. Generally false and not specified
+2912  * in this class.(OPTION)</li>
+2913  * </ul>
+2914  *
+2915  * @example
+2916  * new KJUR.asn1.x509.CRLReason({extname:'cRLReason',code:4})
+2917  */
+2918 KJUR.asn1.x509.CRLReason = function(params) {
+2919     KJUR.asn1.x509.CRLReason.superclass.constructor.call(this, params);
+2920     this.params = undefined;
+2921 
+2922     this.getExtnValueHex = function() {
+2923         this.asn1ExtnValue = new KJUR.asn1.DEREnumerated(this.params.code);
+2924         return this.asn1ExtnValue.tohex();
+2925     };
+2926 
+2927     this.oid = "2.5.29.21";
+2928     if (params != undefined) this.params = params;
+2929 };
+2930 extendClass(KJUR.asn1.x509.CRLReason, KJUR.asn1.x509.Extension);
+2931 
+2932 // === END   CRL Related ===================================================
+2933 
+2934 // === BEGIN OCSP Related ===================================================
+2935 /**
+2936  * Nonce OCSP extension ASN.1 structure class<br/>
+2937  * @name KJUR.asn1.x509.OCSPNonce
+2938  * @class Nonce OCSP extension ASN.1 structure class
+2939  * @extends KJUR.asn1.x509.Extension
+2940  * @since jsrsasign 9.1.6 asn1x509 2.1.2
+2941  * @param {Array} params JSON object for Nonce extension
+2942  * @see KJUR.asn1.ocsp.ResponseData
+2943  * @see KJUR.asn1.x509.Extensions
+2944  * @see X509#getExtOCSPNonce
+2945  * @description
+2946  * This class represents
+2947  * Nonce OCSP extension value defined in
+2948  * <a href="https://tools.ietf.org/html/rfc6960#section-4.4.1">
+2949  * RFC 6960 4.4.1</a> as JSON object.
+2950  * <pre>
+2951  * id-pkix-ocsp           OBJECT IDENTIFIER ::= { id-ad-ocsp }
+2952  * id-pkix-ocsp-nonce     OBJECT IDENTIFIER ::= { id-pkix-ocsp 2 }
+2953  * Nonce ::= OCTET STRING
+2954  * </pre>
+2955  * Constructor of this class may have following parameters:
+2956  * <ul>
+2957  * <li>{String}extname - name "ocspNonce". It is ignored in this class but
+2958  * required to use with {@link KJUR.asn1.x509.Extensions} class. (OPTION)</li>
+2959  * <li>{String}hex - hexadecimal string of nonce value</li>
+2960  * <li>{Number}int - integer of nonce value. "hex" or "int" needs to be
+2961  * specified.</li>
+2962  * <li>{Boolean}critical - critical flag. Generally false and not specified
+2963  * in this class.(OPTION)</li>
+2964  * </ul>
+2965  *
+2966  * @example
+2967  * new KJUR.asn1.x509.OCSPNonce({extname:'ocspNonce',
+2968  *                               hex: '12ab...'})
+2969  */
+2970 KJUR.asn1.x509.OCSPNonce = function(params) {
+2971     KJUR.asn1.x509.OCSPNonce.superclass.constructor.call(this, params);
+2972     this.params = undefined;
+2973 
+2974     this.getExtnValueHex = function() {
+2975         this.asn1ExtnValue = new KJUR.asn1.DEROctetString(this.params);
+2976         return this.asn1ExtnValue.tohex();
+2977     };
+2978 
+2979     this.oid = "1.3.6.1.5.5.7.48.1.2";
+2980     if (params != undefined) this.params = params;
+2981 };
+2982 extendClass(KJUR.asn1.x509.OCSPNonce, KJUR.asn1.x509.Extension);
+2983 
+2984 /**
+2985  * OCSPNoCheck certificate ASN.1 structure class<br/>
+2986  * @name KJUR.asn1.x509.OCSPNoCheck
+2987  * @class OCSPNoCheck extension ASN.1 structure class
+2988  * @extends KJUR.asn1.x509.Extension
+2989  * @since jsrsasign 9.1.6 asn1x509 2.1.2
+2990  * @param {Array} params JSON object for OCSPNoCheck extension
+2991  * @see KJUR.asn1.x509.Extensions
+2992  * @see X509#getExtOCSPNoCheck
+2993  * @description
+2994  * This class represents
+2995  * OCSPNoCheck extension value defined in
+2996  * <a href="https://tools.ietf.org/html/rfc6960#section-4.2.2.2.1">
+2997  * RFC 6960 4.2.2.2.1</a> as JSON object.
+2998  * <pre>
+2999  * id-pkix-ocsp-nocheck OBJECT IDENTIFIER ::= { id-pkix-ocsp 5 }
+3000  * </pre>
+3001  * Constructor of this class may have following parameters:
+3002  * <ul>
+3003  * <li>{String}extname - name "ocspNoCheck". It is ignored in this class but
+3004  * required to use with {@link KJUR.asn1.x509.Extensions} class. (OPTION)</li>
+3005  * <li>{Boolean}critical - critical flag. Generally false and not specified
+3006  * in this class.(OPTION)</li>
+3007  * </ul>
+3008  *
+3009  * @example
+3010  * new KJUR.asn1.x509.OCSPNonce({extname:'ocspNoCheck'})
+3011  */
+3012 KJUR.asn1.x509.OCSPNoCheck = function(params) {
+3013     KJUR.asn1.x509.OCSPNoCheck.superclass.constructor.call(this, params);
+3014     this.params = undefined;
 3015 
-3016 /**
-3017  * AdobeTimeStamp X.509v3 extension ASN.1 encoder class<br/>
-3018  * @name KJUR.asn1.x509.AdobeTimeStamp
-3019  * @class AdobeTimeStamp X.509v3 extension ASN.1 encoder class
-3020  * @extends KJUR.asn1.x509.Extension
-3021  * @since jsrsasign 10.0.1 asn1x509 2.1.4
-3022  * @param {Array} params JSON object for AdobeTimeStamp extension parameter
-3023  * @see KJUR.asn1.x509.Extensions
-3024  * @see X509#getExtAdobeTimeStamp
-3025  * @description
-3026  * This class represents
-3027  * AdobeTimeStamp X.509v3 extension value defined in
-3028  * <a href="https://www.adobe.com/devnet-docs/acrobatetk/tools/DigSigDC/oids.html">
-3029  * Adobe site</a> as JSON object.
-3030  * <pre>
-3031  * adbe- OBJECT IDENTIFIER ::=  { adbe(1.2.840.113583) acrobat(1) security(1) x509Ext(9) 1 }
-3032  *  ::= SEQUENCE {
-3033  *     version INTEGER  { v1(1) }, -- extension version
-3034  *     location GeneralName (In v1 GeneralName can be only uniformResourceIdentifier)
-3035  *     requiresAuth        boolean (default false), OPTIONAL }
-3036  * </pre>
-3037  * Constructor of this class may have following parameters:
-3038  * <ul>
-3039  * <li>{String}uri - RFC 3161 time stamp service URL</li>
-3040  * <li>{Boolean}reqauth - authentication required or not</li>
-3041  * </ul>
-3042  * </pre>
-3043  * <br/>
-3044  * NOTE: This extesion doesn't seem to have official name. This may be called as "pdfTimeStamp".
-3045  * @example
-3046  * new KJUR.asn1.x509.AdobeTimesStamp({
-3047  *   uri: "http://tsa.example.com/",
-3048  *   reqauth: true
-3049  * }
-3050  */
-3051 KJUR.asn1.x509.AdobeTimeStamp = function(params) {
-3052     KJUR.asn1.x509.AdobeTimeStamp.superclass.constructor.call(this, params);
-3053 
-3054     var _KJUR = KJUR,
-3055 	_KJUR_asn1 = _KJUR.asn1,
-3056 	_DERInteger = _KJUR_asn1.DERInteger,
-3057 	_DERBoolean = _KJUR_asn1.DERBoolean,
-3058 	_DERSequence = _KJUR_asn1.DERSequence,
-3059 	_GeneralName = _KJUR_asn1.x509.GeneralName;
-3060 
-3061     this.params = null;
-3062 
-3063     this.getExtnValueHex = function() {
-3064 	var params = this.params;
-3065 	var a = [new _DERInteger(1)];
-3066 	a.push(new _GeneralName({uri: params.uri}));
-3067 	if (params.reqauth != undefined) {
-3068 	    a.push(new _DERBoolean(params.reqauth));
-3069 	}
-3070 
-3071         this.asn1ExtnValue = new _DERSequence({array: a});
-3072         return this.asn1ExtnValue.tohex();
-3073     };
+3016     this.getExtnValueHex = function() {
+3017         this.asn1ExtnValue = new KJUR.asn1.DERNull();
+3018         return this.asn1ExtnValue.tohex();
+3019     };
+3020 
+3021     this.oid = "1.3.6.1.5.5.7.48.1.5";
+3022     if (params != undefined) this.params = params;
+3023 };
+3024 extendClass(KJUR.asn1.x509.OCSPNoCheck, KJUR.asn1.x509.Extension);
+3025 
+3026 // === END   OCSP Related ===================================================
+3027 
+3028 // === BEGIN Other X.509v3 Extensions========================================
+3029 
+3030 /**
+3031  * AdobeTimeStamp X.509v3 extension ASN.1 encoder class<br/>
+3032  * @name KJUR.asn1.x509.AdobeTimeStamp
+3033  * @class AdobeTimeStamp X.509v3 extension ASN.1 encoder class
+3034  * @extends KJUR.asn1.x509.Extension
+3035  * @since jsrsasign 10.0.1 asn1x509 2.1.4
+3036  * @param {Array} params JSON object for AdobeTimeStamp extension parameter
+3037  * @see KJUR.asn1.x509.Extensions
+3038  * @see X509#getExtAdobeTimeStamp
+3039  * @description
+3040  * This class represents
+3041  * AdobeTimeStamp X.509v3 extension value defined in
+3042  * <a href="https://www.adobe.com/devnet-docs/acrobatetk/tools/DigSigDC/oids.html">
+3043  * Adobe site</a> as JSON object.
+3044  * <pre>
+3045  * adbe- OBJECT IDENTIFIER ::=  { adbe(1.2.840.113583) acrobat(1) security(1) x509Ext(9) 1 }
+3046  *  ::= SEQUENCE {
+3047  *     version INTEGER  { v1(1) }, -- extension version
+3048  *     location GeneralName (In v1 GeneralName can be only uniformResourceIdentifier)
+3049  *     requiresAuth        boolean (default false), OPTIONAL }
+3050  * </pre>
+3051  * Constructor of this class may have following parameters:
+3052  * <ul>
+3053  * <li>{String}uri - RFC 3161 time stamp service URL</li>
+3054  * <li>{Boolean}reqauth - authentication required or not</li>
+3055  * </ul>
+3056  * </pre>
+3057  * <br/>
+3058  * NOTE: This extesion doesn't seem to have official name. This may be called as "pdfTimeStamp".
+3059  * @example
+3060  * new KJUR.asn1.x509.AdobeTimesStamp({
+3061  *   uri: "http://tsa.example.com/",
+3062  *   reqauth: true
+3063  * }
+3064  */
+3065 KJUR.asn1.x509.AdobeTimeStamp = function(params) {
+3066     KJUR.asn1.x509.AdobeTimeStamp.superclass.constructor.call(this, params);
+3067 
+3068     var _KJUR = KJUR,
+3069 	_KJUR_asn1 = _KJUR.asn1,
+3070 	_DERInteger = _KJUR_asn1.DERInteger,
+3071 	_DERBoolean = _KJUR_asn1.DERBoolean,
+3072 	_DERSequence = _KJUR_asn1.DERSequence,
+3073 	_GeneralName = _KJUR_asn1.x509.GeneralName;
 3074 
-3075     this.oid = "1.2.840.113583.1.1.9.1";
-3076     if (params !== undefined) this.setByParam(params);
-3077 };
-3078 extendClass(KJUR.asn1.x509.AdobeTimeStamp, KJUR.asn1.x509.Extension);
-3079  
-3080 // === END   Other X.509v3 Extensions========================================
-3081 
-3082 
-3083 // === BEGIN X500Name Related =================================================
-3084 /**
-3085  * X500Name ASN.1 structure class
-3086  * @name KJUR.asn1.x509.X500Name
-3087  * @class X500Name ASN.1 structure class
-3088  * @param {Array} params associative array of parameters (ex. {'str': '/C=US/O=a'})
-3089  * @extends KJUR.asn1.ASN1Object
-3090  * @see KJUR.asn1.x509.X500Name
-3091  * @see KJUR.asn1.x509.RDN
-3092  * @see KJUR.asn1.x509.AttributeTypeAndValue
-3093  * @see X509#getX500Name
-3094  * @description
-3095  * This class provides DistinguishedName ASN.1 class structure
-3096  * defined in <a href="https://tools.ietf.org/html/rfc2253#section-2">RFC 2253 section 2</a>.
-3097  * <blockquote><pre>
-3098  * DistinguishedName ::= RDNSequence
-3099  * RDNSequence ::= SEQUENCE OF RelativeDistinguishedName
-3100  * RelativeDistinguishedName ::= SET SIZE (1..MAX) OF
-3101  *   AttributeTypeAndValue
-3102  * AttributeTypeAndValue ::= SEQUENCE {
-3103  *   type  AttributeType,
-3104  *   value AttributeValue }
-3105  * </pre></blockquote>
-3106  * <br/>
-3107  * Argument for the constructor can be one of following parameters:
-3108  * <ul>
-3109  * <li>{Array}array - array of {@link KJUR.asn1.x509.RDN} parameter</li>
-3110  * <li>`String}str - string for distingish name in OpenSSL One line foramt (ex: /C=US/O=test/CN=test) See <a href="https://github.com/kjur/jsrsasign/wiki/NOTE-distinguished-name-representation-in-jsrsasign">this</a> in detail.</li>
-3111  * <li>{String}ldapstr - string for distinguish name in LDAP format (ex: CN=test,O=test,C=US)</li>
-3112  * <li>{String}hex - hexadecimal string for ASN.1 distinguish name structure</li>
-3113  * <li>{String}certissuer - issuer name in the specified PEM certificate</li>
-3114  * <li>{String}certsubject - subject name in the specified PEM certificate</li>
-3115  * <li>{String}rule - DirectoryString rule (ex. "prn" or "utf8")</li>
-3116  * </ul>
-3117  * <br/>
-3118  * NOTE1: The "array" and "rule" parameters have been supported
-3119  * since jsrsasign 9.0.0 asn1x509 2.0.0.
+3075     this.params = null;
+3076 
+3077     this.getExtnValueHex = function() {
+3078 	var params = this.params;
+3079 	var a = [new _DERInteger(1)];
+3080 	a.push(new _GeneralName({uri: params.uri}));
+3081 	if (params.reqauth != undefined) {
+3082 	    a.push(new _DERBoolean(params.reqauth));
+3083 	}
+3084 
+3085         this.asn1ExtnValue = new _DERSequence({array: a});
+3086         return this.asn1ExtnValue.tohex();
+3087     };
+3088 
+3089     this.oid = "1.2.840.113583.1.1.9.1";
+3090     if (params !== undefined) this.setByParam(params);
+3091 };
+3092 extendClass(KJUR.asn1.x509.AdobeTimeStamp, KJUR.asn1.x509.Extension);
+3093  
+3094 // === END   Other X.509v3 Extensions========================================
+3095 
+3096 
+3097 // === BEGIN X500Name Related =================================================
+3098 /**
+3099  * X500Name ASN.1 structure class
+3100  * @name KJUR.asn1.x509.X500Name
+3101  * @class X500Name ASN.1 structure class
+3102  * @param {Array} params associative array of parameters (ex. {'str': '/C=US/O=a'})
+3103  * @extends KJUR.asn1.ASN1Object
+3104  * @see KJUR.asn1.x509.X500Name
+3105  * @see KJUR.asn1.x509.RDN
+3106  * @see KJUR.asn1.x509.AttributeTypeAndValue
+3107  * @see X509#getX500Name
+3108  * @description
+3109  * This class provides DistinguishedName ASN.1 class structure
+3110  * defined in <a href="https://tools.ietf.org/html/rfc2253#section-2">RFC 2253 section 2</a>.
+3111  * <blockquote><pre>
+3112  * DistinguishedName ::= RDNSequence
+3113  * RDNSequence ::= SEQUENCE OF RelativeDistinguishedName
+3114  * RelativeDistinguishedName ::= SET SIZE (1..MAX) OF
+3115  *   AttributeTypeAndValue
+3116  * AttributeTypeAndValue ::= SEQUENCE {
+3117  *   type  AttributeType,
+3118  *   value AttributeValue }
+3119  * </pre></blockquote>
 3120  * <br/>
-3121  * NOTE2: Multi-valued RDN in "str" parameter have been
-3122  * supported since jsrsasign 6.2.1 asn1x509 1.0.17.
-3123  * @example
-3124  * // 1. construct with array
-3125  * new KJUR.asn1.x509.X500Name({array:[
-3126  *   [{type:'C',value:'JP',ds:'prn'}],
-3127  *   [{type:'O',value:'aaa',ds:'utf8'}, // multi-valued RDN
-3128  *    {type:'CN',value:'bob@example.com',ds:'ia5'}]
-3129  * ]})
-3130  * // 2. construct with string
-3131  * new KJUR.asn1.x509.X500Name({str: "/C=US/ST=NY/L=Ballston Spa/STREET=915 Stillwater Ave"});
-3132  * new KJUR.asn1.x509.X500Name({str: "/CN=AAA/2.5.4.42=John/surname=Ray"});
-3133  * new KJUR.asn1.x509.X500Name({str: "/C=US/O=aaa+CN=contact@example.com"}); // multi valued
-3134  * // 3. construct by LDAP string
-3135  * new KJUR.asn1.x509.X500Name({ldapstr: "CN=foo@example.com,OU=bbb,C=US"});
-3136  * // 4. construct by ASN.1 hex string
-3137  * new KJUR.asn1.x509.X500Name({hex: "304c3120..."});
-3138  * // 5. construct by issuer of PEM certificate
-3139  * new KJUR.asn1.x509.X500Name({certsubject: "-----BEGIN CERT..."});
-3140  * // 6. construct by subject of PEM certificate
-3141  * new KJUR.asn1.x509.X500Name({certissuer: "-----BEGIN CERT..."});
-3142  * // 7. construct by object (DEPRECATED)
-3143  * new KJUR.asn1.x509.X500Name({C:"US",O:"aaa",CN:"http://example.com/"});
-3144  */
-3145 KJUR.asn1.x509.X500Name = function(params) {
-3146     KJUR.asn1.x509.X500Name.superclass.constructor.call(this);
-3147     this.asn1Array = [];
-3148     this.paramArray = [];
-3149     this.sRule = "utf8";
-3150     var _KJUR = KJUR,
-3151 	_KJUR_asn1 = _KJUR.asn1,
-3152 	_KJUR_asn1_x509 = _KJUR_asn1.x509,
-3153 	_RDN = _KJUR_asn1_x509.RDN,
-3154 	_pemtohex = pemtohex;
-3155 
-3156     /**
-3157      * set DN by OpenSSL oneline distinguished name string<br/>
-3158      * @name setByString
-3159      * @memberOf KJUR.asn1.x509.X500Name#
-3160      * @function
-3161      * @param {String} dnStr distinguished name by string (ex. /C=US/O=aaa)
-3162      * @description
-3163      * Sets distinguished name by string. 
-3164      * dnStr must be formatted as 
-3165      * "/type0=value0/type1=value1/type2=value2...".
-3166      * No need to escape a slash in an attribute value.
-3167      * @example
-3168      * name = new KJUR.asn1.x509.X500Name();
-3169      * name.setByString("/C=US/O=aaa/OU=bbb/CN=foo@example.com");
-3170      * // no need to escape slash in an attribute value
-3171      * name.setByString("/C=US/O=aaa/CN=1980/12/31");
-3172      */
-3173     this.setByString = function(dnStr, sRule) {
-3174 	if (sRule !== undefined) this.sRule = sRule;
-3175         var a = dnStr.split('/');
-3176         a.shift();
-3177 
-3178 	var a1 = [];
-3179 	for (var i = 0; i < a.length; i++) {
-3180 	  if (a[i].match(/^[^=]+=.+$/)) {
-3181 	    a1.push(a[i]);
-3182 	  } else {
-3183 	    var lastidx = a1.length - 1;
-3184 	    a1[lastidx] = a1[lastidx] + "/" + a[i];
-3185 	  }
-3186 	}
-3187 
-3188         for (var i = 0; i < a1.length; i++) {
-3189             this.asn1Array.push(new _RDN({'str':a1[i], rule:this.sRule}));
-3190         }
-3191     };
-3192 
-3193     /**
-3194      * set DN by LDAP(RFC 2253) distinguished name string<br/>
-3195      * @name setByLdapString
-3196      * @memberOf KJUR.asn1.x509.X500Name#
-3197      * @function
-3198      * @param {String} dnStr distinguished name by LDAP string (ex. O=aaa,C=US)
-3199      * @since jsrsasign 6.2.2 asn1x509 1.0.18
-3200      * @see {@link KJUR.asn1.x509.X500Name.ldapToCompat}
-3201      * @description
-3202      * @example
-3203      * name = new KJUR.asn1.x509.X500Name();
-3204      * name.setByLdapString("CN=foo@example.com,OU=bbb,O=aaa,C=US");
-3205      */
-3206     this.setByLdapString = function(dnStr, sRule) {
-3207 	if (sRule !== undefined) this.sRule = sRule;
-3208 	var compat = _KJUR_asn1_x509.X500Name.ldapToCompat(dnStr);
-3209 	this.setByString(compat, sRule);
-3210     };
-3211 
-3212     /**
-3213      * set DN by associative array<br/>
-3214      * @name setByObject
-3215      * @memberOf KJUR.asn1.x509.X500Name#
-3216      * @function
-3217      * @param {Array} dnObj associative array of DN (ex. {C: "US", O: "aaa"})
-3218      * @since jsrsasign 4.9. asn1x509 1.0.13
-3219      * @description
-3220      * @example
-3221      * name = new KJUR.asn1.x509.X500Name();
-3222      * name.setByObject({C: "US", O: "aaa", CN="http://example.com/"1});
-3223      */
-3224     this.setByObject = function(dnObj, sRule) {
-3225 	if (sRule !== undefined) this.sRule = sRule;
-3226 
-3227         // Get all the dnObject attributes and stuff them in the ASN.1 array.
-3228         for (var x in dnObj) {
-3229             if (dnObj.hasOwnProperty(x)) {
-3230                 var newRDN = new _RDN({str: x + '=' + dnObj[x], rule: this.sRule});
-3231                 // Initialize or push into the ANS1 array.
-3232                 this.asn1Array ? this.asn1Array.push(newRDN)
-3233                     : this.asn1Array = [newRDN];
-3234             }
-3235         }
-3236     };
-3237 
-3238     this.setByParam = function(params) {
-3239 	if (params.rule !== undefined) this.sRule = params.rule;
+3121  * Argument for the constructor can be one of following parameters:
+3122  * <ul>
+3123  * <li>{Array}array - array of {@link KJUR.asn1.x509.RDN} parameter</li>
+3124  * <li>`String}str - string for distingish name in OpenSSL One line foramt (ex: /C=US/O=test/CN=test) See <a href="https://github.com/kjur/jsrsasign/wiki/NOTE-distinguished-name-representation-in-jsrsasign">this</a> in detail.</li>
+3125  * <li>{String}ldapstr - string for distinguish name in LDAP format (ex: CN=test,O=test,C=US)</li>
+3126  * <li>{String}hex - hexadecimal string for ASN.1 distinguish name structure</li>
+3127  * <li>{String}certissuer - issuer name in the specified PEM certificate</li>
+3128  * <li>{String}certsubject - subject name in the specified PEM certificate</li>
+3129  * <li>{String}rule - DirectoryString rule (ex. "prn" or "utf8")</li>
+3130  * </ul>
+3131  * <br/>
+3132  * NOTE1: The "array" and "rule" parameters have been supported
+3133  * since jsrsasign 9.0.0 asn1x509 2.0.0.
+3134  * <br/>
+3135  * NOTE2: Multi-valued RDN in "str" parameter have been
+3136  * supported since jsrsasign 6.2.1 asn1x509 1.0.17.
+3137  * @example
+3138  * // 1. construct with array
+3139  * new KJUR.asn1.x509.X500Name({array:[
+3140  *   [{type:'C',value:'JP',ds:'prn'}],
+3141  *   [{type:'O',value:'aaa',ds:'utf8'}, // multi-valued RDN
+3142  *    {type:'CN',value:'bob@example.com',ds:'ia5'}]
+3143  * ]})
+3144  * // 2. construct with string
+3145  * new KJUR.asn1.x509.X500Name({str: "/C=US/ST=NY/L=Ballston Spa/STREET=915 Stillwater Ave"});
+3146  * new KJUR.asn1.x509.X500Name({str: "/CN=AAA/2.5.4.42=John/surname=Ray"});
+3147  * new KJUR.asn1.x509.X500Name({str: "/C=US/O=aaa+CN=contact@example.com"}); // multi valued
+3148  * // 3. construct by LDAP string
+3149  * new KJUR.asn1.x509.X500Name({ldapstr: "CN=foo@example.com,OU=bbb,C=US"});
+3150  * // 4. construct by ASN.1 hex string
+3151  * new KJUR.asn1.x509.X500Name({hex: "304c3120..."});
+3152  * // 5. construct by issuer of PEM certificate
+3153  * new KJUR.asn1.x509.X500Name({certsubject: "-----BEGIN CERT..."});
+3154  * // 6. construct by subject of PEM certificate
+3155  * new KJUR.asn1.x509.X500Name({certissuer: "-----BEGIN CERT..."});
+3156  * // 7. construct by object (DEPRECATED)
+3157  * new KJUR.asn1.x509.X500Name({C:"US",O:"aaa",CN:"http://example.com/"});
+3158  */
+3159 KJUR.asn1.x509.X500Name = function(params) {
+3160     KJUR.asn1.x509.X500Name.superclass.constructor.call(this);
+3161     this.asn1Array = [];
+3162     this.paramArray = [];
+3163     this.sRule = "utf8";
+3164     var _KJUR = KJUR,
+3165 	_KJUR_asn1 = _KJUR.asn1,
+3166 	_KJUR_asn1_x509 = _KJUR_asn1.x509,
+3167 	_RDN = _KJUR_asn1_x509.RDN,
+3168 	_pemtohex = pemtohex;
+3169 
+3170     /**
+3171      * set DN by OpenSSL oneline distinguished name string<br/>
+3172      * @name setByString
+3173      * @memberOf KJUR.asn1.x509.X500Name#
+3174      * @function
+3175      * @param {String} dnStr distinguished name by string (ex. /C=US/O=aaa)
+3176      * @description
+3177      * Sets distinguished name by string. 
+3178      * dnStr must be formatted as 
+3179      * "/type0=value0/type1=value1/type2=value2...".
+3180      * No need to escape a slash in an attribute value.
+3181      * @example
+3182      * name = new KJUR.asn1.x509.X500Name();
+3183      * name.setByString("/C=US/O=aaa/OU=bbb/CN=foo@example.com");
+3184      * // no need to escape slash in an attribute value
+3185      * name.setByString("/C=US/O=aaa/CN=1980/12/31");
+3186      */
+3187     this.setByString = function(dnStr, sRule) {
+3188 	if (sRule !== undefined) this.sRule = sRule;
+3189         var a = dnStr.split('/');
+3190         a.shift();
+3191 
+3192 	var a1 = [];
+3193 	for (var i = 0; i < a.length; i++) {
+3194 	  if (a[i].match(/^[^=]+=.+$/)) {
+3195 	    a1.push(a[i]);
+3196 	  } else {
+3197 	    var lastidx = a1.length - 1;
+3198 	    a1[lastidx] = a1[lastidx] + "/" + a[i];
+3199 	  }
+3200 	}
+3201 
+3202         for (var i = 0; i < a1.length; i++) {
+3203             this.asn1Array.push(new _RDN({'str':a1[i], rule:this.sRule}));
+3204         }
+3205     };
+3206 
+3207     /**
+3208      * set DN by LDAP(RFC 2253) distinguished name string<br/>
+3209      * @name setByLdapString
+3210      * @memberOf KJUR.asn1.x509.X500Name#
+3211      * @function
+3212      * @param {String} dnStr distinguished name by LDAP string (ex. O=aaa,C=US)
+3213      * @since jsrsasign 6.2.2 asn1x509 1.0.18
+3214      * @see {@link KJUR.asn1.x509.X500Name.ldapToCompat}
+3215      * @description
+3216      * @example
+3217      * name = new KJUR.asn1.x509.X500Name();
+3218      * name.setByLdapString("CN=foo@example.com,OU=bbb,O=aaa,C=US");
+3219      */
+3220     this.setByLdapString = function(dnStr, sRule) {
+3221 	if (sRule !== undefined) this.sRule = sRule;
+3222 	var compat = _KJUR_asn1_x509.X500Name.ldapToCompat(dnStr);
+3223 	this.setByString(compat, sRule);
+3224     };
+3225 
+3226     /**
+3227      * set DN by associative array<br/>
+3228      * @name setByObject
+3229      * @memberOf KJUR.asn1.x509.X500Name#
+3230      * @function
+3231      * @param {Array} dnObj associative array of DN (ex. {C: "US", O: "aaa"})
+3232      * @since jsrsasign 4.9. asn1x509 1.0.13
+3233      * @description
+3234      * @example
+3235      * name = new KJUR.asn1.x509.X500Name();
+3236      * name.setByObject({C: "US", O: "aaa", CN="http://example.com/"1});
+3237      */
+3238     this.setByObject = function(dnObj, sRule) {
+3239 	if (sRule !== undefined) this.sRule = sRule;
 3240 
-3241 	if (params.array !== undefined) {
-3242 	    this.paramArray = params.array;
-3243 	} else {
-3244             if (params.str !== undefined) {
-3245 		this.setByString(params.str);
-3246             } else if (params.ldapstr !== undefined) {
-3247 		this.setByLdapString(params.ldapstr);
-3248 	    } else if (params.hex !== undefined) {
-3249 		this.hTLV = params.hex;
-3250             } else if (params.certissuer !== undefined) {
-3251 		var x = new X509();
-3252 		x.readCertPEM(params.certissuer);
-3253 		this.hTLV = x.getIssuerHex();
-3254             } else if (params.certsubject !== undefined) {
-3255 		var x = new X509();
-3256 		x.readCertPEM(params.certsubject);
-3257 		this.hTLV = x.getSubjectHex();
-3258 		// If params is an object, then set the ASN1 array
-3259 		// just using the object attributes. 
-3260 		// This is nice for fields that have lots of special
-3261 		// characters (i.e. CN: 'https://www.github.com/kjur//').
-3262             } else if (typeof params === "object" &&
-3263 		       params.certsubject === undefined &&
-3264 		       params.certissuer === undefined) {
-3265 		this.setByObject(params);
-3266             }
-3267 	}
-3268     }
-3269 
-3270     this.tohex = function() {
-3271         if (typeof this.hTLV == "string") return this.hTLV;
-3272 
-3273 	if (this.asn1Array.length == 0 && this.paramArray.length > 0) {
-3274 	    for (var i = 0; i < this.paramArray.length; i++) {
-3275 		var param = {array: this.paramArray[i]};
-3276 		if (this.sRule != "utf8") param.rule = this.sRule;
-3277 		var asn1RDN = new _RDN(param);
-3278 		this.asn1Array.push(asn1RDN);
-3279 	    }
-3280 	}
-3281 
-3282         var o = new _KJUR_asn1.DERSequence({"array": this.asn1Array});
-3283         this.hTLV = o.tohex();
-3284         return this.hTLV;
-3285     };
-3286     this.getEncodedHex = function() { return this.tohex(); };
-3287 
-3288     if (params !== undefined) this.setByParam(params);
-3289 };
-3290 extendClass(KJUR.asn1.x509.X500Name, KJUR.asn1.ASN1Object);
-3291 
-3292 /**
-3293  * convert OpenSSL compat distinguished name format string to LDAP(RFC 2253) format<br/>
-3294  * @name compatToLDAP
-3295  * @memberOf KJUR.asn1.x509.X500Name
-3296  * @function
-3297  * @param {String} s distinguished name string in OpenSSL oneline compat (ex. /C=US/O=test)
-3298  * @return {String} distinguished name string in LDAP(RFC 2253) format (ex. O=test,C=US)
-3299  * @since jsrsasign 8.0.19 asn1x509 1.1.20
-3300  * @description
-3301  * This static method converts a distinguished name string in OpenSSL compat
-3302  * format to LDAP(RFC 2253) format.
-3303  * @see <a href="https://github.com/kjur/jsrsasign/wiki/NOTE-distinguished-name-representation-in-jsrsasign">jsrsasign wiki: distinguished name string difference between OpenSSL compat and LDAP(RFC 2253)</a>
-3304  * @see <a href="https://www.openssl.org/docs/man1.0.2/man1/openssl-x509.html#NAME-OPTIONS">OpenSSL x509 command manual - NAME OPTIONS</a>
-3305  * @example
-3306  * KJUR.asn1.x509.X500Name.compatToLDAP("/C=US/O=test") → 'O=test,C=US'
-3307  * KJUR.asn1.x509.X500Name.compatToLDAP("/C=US/O=a,a") → 'O=a\,a,C=US'
-3308  */
-3309 KJUR.asn1.x509.X500Name.compatToLDAP = function(s) {
-3310     if (s.substr(0, 1) !== "/") throw "malformed input";
-3311 
-3312     var result = "";
-3313     s = s.substr(1);
-3314 
-3315     var a = s.split("/");
-3316     a.reverse();
-3317     a = a.map(function(s) {return s.replace(/,/, "\\,")});
-3318 
-3319     return a.join(",");
-3320 };
-3321 
-3322 /**
-3323  * convert OpenSSL compat distinguished name format string to LDAP(RFC 2253) format (DEPRECATED)<br/>
-3324  * @name onelineToLDAP
-3325  * @memberOf KJUR.asn1.x509.X500Name
-3326  * @function
-3327  * @param {String} s distinguished name string in OpenSSL compat format (ex. /C=US/O=test)
-3328  * @return {String} distinguished name string in LDAP(RFC 2253) format (ex. O=test,C=US)
-3329  * @since jsrsasign 6.2.2 asn1x509 1.0.18
-3330  * @see KJUR.asn1.x509.X500Name.compatToLDAP
-3331  * @description
-3332  * This method is deprecated. Please use 
-3333  * {@link KJUR.asn1.x509.X500Name.compatToLDAP} instead.
-3334  */
-3335 KJUR.asn1.x509.X500Name.onelineToLDAP = function(s) {
-3336     return KJUR.asn1.x509.X500Name.compatToLDAP(s);
-3337 }
-3338 
-3339 /**
-3340  * convert LDAP(RFC 2253) distinguished name format string to OpenSSL compat format<br/>
-3341  * @name ldapToCompat
-3342  * @memberOf KJUR.asn1.x509.X500Name
-3343  * @function
-3344  * @param {String} s distinguished name string in LDAP(RFC 2253) format (ex. O=test,C=US)
-3345  * @return {String} distinguished name string in OpenSSL compat format (ex. /C=US/O=test)
-3346  * @since jsrsasign 8.0.19 asn1x509 1.1.10
-3347  * @description
-3348  * This static method converts a distinguished name string in 
-3349  * LDAP(RFC 2253) format to OpenSSL compat format.
-3350  * @see <a href="https://github.com/kjur/jsrsasign/wiki/NOTE-distinguished-name-representation-in-jsrsasign">jsrsasign wiki: distinguished name string difference between OpenSSL compat and LDAP(RFC 2253)</a>
-3351  * @example
-3352  * KJUR.asn1.x509.X500Name.ldapToCompat('O=test,C=US') → '/C=US/O=test'
-3353  * KJUR.asn1.x509.X500Name.ldapToCompat('O=a\,a,C=US') → '/C=US/O=a,a'
-3354  * KJUR.asn1.x509.X500Name.ldapToCompat('O=a/a,C=US')  → '/C=US/O=a\/a'
-3355  */
-3356 KJUR.asn1.x509.X500Name.ldapToCompat = function(s) {
-3357     var a = s.split(",");
-3358 
-3359     // join \,
-3360     var isBSbefore = false;
-3361     var a2 = [];
-3362     for (var i = 0; a.length > 0; i++) {
-3363 	var item = a.shift();
-3364 	//console.log("item=" + item);
-3365 
-3366 	if (isBSbefore === true) {
-3367 	    var a2last = a2.pop();
-3368 	    var newitem = (a2last + "," + item).replace(/\\,/g, ",");
-3369 	    a2.push(newitem);
-3370 	    isBSbefore = false;
-3371 	} else {
-3372 	    a2.push(item);
-3373 	}
-3374 
-3375 	if (item.substr(-1, 1) === "\\") isBSbefore = true;
-3376     }
-3377 
-3378     a2 = a2.map(function(s) {return s.replace("/", "\\/")});
-3379     a2.reverse();
-3380     return "/" + a2.join("/");
-3381 };
-3382 
-3383 /**
-3384  * convert LDAP(RFC 2253) distinguished name format string to OpenSSL compat format (DEPRECATED)<br/>
-3385  * @name ldapToOneline
-3386  * @memberOf KJUR.asn1.x509.X500Name
-3387  * @function
-3388  * @param {String} s distinguished name string in LDAP(RFC 2253) format (ex. O=test,C=US)
-3389  * @return {String} distinguished name string in OpenSSL compat format (ex. /C=US/O=test)
-3390  * @since jsrsasign 6.2.2 asn1x509 1.0.18
-3391  * @description
-3392  * This method is deprecated. Please use 
-3393  * {@link KJUR.asn1.x509.X500Name.ldapToCompat} instead.
-3394  */
-3395 KJUR.asn1.x509.X500Name.ldapToOneline = function(s) {
-3396     return KJUR.asn1.x509.X500Name.ldapToCompat(s);
-3397 };
-3398 
-3399 /**
-3400  * RDN (Relative Distinguished Name) ASN.1 structure class
-3401  * @name KJUR.asn1.x509.RDN
-3402  * @class RDN (Relative Distinguished Name) ASN.1 structure class
-3403  * @param {Array} params associative array of parameters (ex. {'str': 'C=US'})
-3404  * @extends KJUR.asn1.ASN1Object
-3405  * @see KJUR.asn1.x509.X500Name
-3406  * @see KJUR.asn1.x509.RDN
-3407  * @see KJUR.asn1.x509.AttributeTypeAndValue
-3408  * @description
-3409  * This class provides RelativeDistinguishedName ASN.1 class structure
-3410  * defined in <a href="https://tools.ietf.org/html/rfc2253#section-2">RFC 2253 section 2</a>.
-3411  * <blockquote><pre>
-3412  * RelativeDistinguishedName ::= SET SIZE (1..MAX) OF
-3413  *   AttributeTypeAndValue
-3414  *
-3415  * AttributeTypeAndValue ::= SEQUENCE {
-3416  *   type  AttributeType,
-3417  *   value AttributeValue }
-3418  * </pre></blockquote>
-3419  * <br/>
-3420  * NOTE1: The "array" and "rule" parameters have been supported
-3421  * since jsrsasign 9.0.0 asn1x509 2.0.0.
-3422  * <br/>
-3423  * NOTE2: Multi-valued RDN in "str" parameter have been
-3424  * supported since jsrsasign 6.2.1 asn1x509 1.0.17.
-3425  * @example
-3426  * new KJUR.asn1.x509.RDN({array: [ // multi-valued
-3427  *    {type:"CN",value:"Bob",ds:"prn"},
-3428  *    {type:"CN",value:"bob@example.com", ds:"ia5"}
-3429  * ]});
-3430  * new KJUR.asn1.x509.RDN({str: "CN=test"});
-3431  * new KJUR.asn1.x509.RDN({str: "O=a+O=bb+O=c"}); // multi-valued
-3432  * new KJUR.asn1.x509.RDN({str: "O=a+O=b\\+b+O=c"}); // plus escaped
-3433  * new KJUR.asn1.x509.RDN({str: "O=a+O=\"b+b\"+O=c"}); // double quoted
-3434  */
-3435 KJUR.asn1.x509.RDN = function(params) {
-3436     KJUR.asn1.x509.RDN.superclass.constructor.call(this);
-3437     this.asn1Array = [];
-3438     this.paramArray = [];
-3439     this.sRule = "utf8"; // DEFAULT "utf8"
-3440     var _AttributeTypeAndValue = KJUR.asn1.x509.AttributeTypeAndValue;
-3441 
-3442     this.setByParam = function(params) {
-3443 	if (params.rule !== undefined) this.sRule = params.rule;
-3444         if (params.str !== undefined) {
-3445             this.addByMultiValuedString(params.str);
-3446         }
-3447 	if (params.array !== undefined) this.paramArray = params.array;
-3448     };
-3449 
-3450     /**
-3451      * add one AttributeTypeAndValue by string<br/>
-3452      * @name addByString
-3453      * @memberOf KJUR.asn1.x509.RDN#
-3454      * @function
-3455      * @param {String} s string of AttributeTypeAndValue
-3456      * @return {Object} unspecified
-3457      * @description
-3458      * This method add one AttributeTypeAndValue to RDN object.
-3459      * @example
-3460      * rdn = new KJUR.asn1.x509.RDN();
-3461      * rdn.addByString("CN=john");
-3462      * rdn.addByString("serialNumber=1234"); // for multi-valued RDN
-3463      */
-3464     this.addByString = function(s) {
-3465         this.asn1Array.push(new KJUR.asn1.x509.AttributeTypeAndValue({'str': s, rule: this.sRule}));
-3466     };
-3467 
-3468     /**
-3469      * add one AttributeTypeAndValue by multi-valued string<br/>
-3470      * @name addByMultiValuedString
-3471      * @memberOf KJUR.asn1.x509.RDN#
-3472      * @function
-3473      * @param {String} s string of multi-valued RDN
-3474      * @return {Object} unspecified
-3475      * @since jsrsasign 6.2.1 asn1x509 1.0.17
-3476      * @description
-3477      * This method add multi-valued RDN to RDN object.
-3478      * @example
-3479      * rdn = new KJUR.asn1.x509.RDN();
-3480      * rdn.addByMultiValuedString("CN=john+O=test");
-3481      * rdn.addByMultiValuedString("O=a+O=b\+b\+b+O=c"); // multi-valued RDN with quoted plus
-3482      * rdn.addByMultiValuedString("O=a+O=\"b+b+b\"+O=c"); // multi-valued RDN with quoted quotation
-3483      */
-3484     this.addByMultiValuedString = function(s) {
-3485 	var a = KJUR.asn1.x509.RDN.parseString(s);
-3486 	for (var i = 0; i < a.length; i++) {
-3487 	    this.addByString(a[i]);
-3488 	}
-3489     };
-3490 
-3491     this.tohex = function() {
-3492 	if (this.asn1Array.length == 0 && this.paramArray.length > 0) {
-3493 	    for (var i = 0; i < this.paramArray.length; i++) {
-3494 		var param = this.paramArray[i];
-3495 		if (param.rule !== undefined &&
-3496 		    this.sRule != "utf8") {
-3497 		    param.rule = this.sRule;
-3498 		}
-3499 		//alert(JSON.stringify(param));
-3500 		var asn1ATV = new _AttributeTypeAndValue(param);
-3501 		this.asn1Array.push(asn1ATV);
-3502 	    }
-3503 	}
-3504         var o = new KJUR.asn1.DERSet({"array": this.asn1Array});
-3505         this.TLV = o.tohex();
-3506         return this.TLV;
-3507     };
-3508     this.getEncodedHex = function() { return this.tohex(); };
-3509 
-3510     if (params !== undefined) {
-3511 	this.setByParam(params);
-3512     }
-3513 };
-3514 extendClass(KJUR.asn1.x509.RDN, KJUR.asn1.ASN1Object);
-3515 
-3516 /**
-3517  * parse multi-valued RDN string and split into array of 'AttributeTypeAndValue'<br/>
-3518  * @name parseString
-3519  * @memberOf KJUR.asn1.x509.RDN
-3520  * @function
-3521  * @param {String} s multi-valued string of RDN
-3522  * @return {Array} array of string of AttributeTypeAndValue
-3523  * @since jsrsasign 6.2.1 asn1x509 1.0.17
-3524  * @description
-3525  * This static method parses multi-valued RDN string and split into
-3526  * array of AttributeTypeAndValue.
-3527  * @example
-3528  * KJUR.asn1.x509.RDN.parseString("CN=john") → ["CN=john"]
-3529  * KJUR.asn1.x509.RDN.parseString("CN=john+OU=test") → ["CN=john", "OU=test"]
-3530  * KJUR.asn1.x509.RDN.parseString('CN="jo+hn"+OU=test') → ["CN=jo+hn", "OU=test"]
-3531  * KJUR.asn1.x509.RDN.parseString('CN=jo\+hn+OU=test') → ["CN=jo+hn", "OU=test"]
-3532  * KJUR.asn1.x509.RDN.parseString("CN=john+OU=test+OU=t1") → ["CN=john", "OU=test", "OU=t1"]
-3533  */
-3534 KJUR.asn1.x509.RDN.parseString = function(s) {
-3535     var a = s.split(/\+/);
-3536 
-3537     // join \+
-3538     var isBSbefore = false;
-3539     var a2 = [];
-3540     for (var i = 0; a.length > 0; i++) {
-3541 	var item = a.shift();
-3542 	//console.log("item=" + item);
-3543 
-3544 	if (isBSbefore === true) {
-3545 	    var a2last = a2.pop();
-3546 	    var newitem = (a2last + "+" + item).replace(/\\\+/g, "+");
-3547 	    a2.push(newitem);
-3548 	    isBSbefore = false;
-3549 	} else {
-3550 	    a2.push(item);
-3551 	}
-3552 
-3553 	if (item.substr(-1, 1) === "\\") isBSbefore = true;
-3554     }
-3555 
-3556     // join quote
-3557     var beginQuote = false;
-3558     var a3 = [];
-3559     for (var i = 0; a2.length > 0; i++) {
-3560 	var item = a2.shift();
-3561 
-3562 	if (beginQuote === true) {
-3563 	    var a3last = a3.pop();
-3564 	    if (item.match(/"$/)) {
-3565 		var newitem = (a3last + "+" + item).replace(/^([^=]+)="(.*)"$/, "$1=$2");
-3566 		a3.push(newitem);
-3567 		beginQuote = false;
-3568 	    } else {
-3569 		a3.push(a3last + "+" + item);
-3570 	    }
-3571 	} else {
-3572 	    a3.push(item);
-3573 	}
-3574 
-3575 	if (item.match(/^[^=]+="/)) {
-3576 	    //console.log(i + "=" + item);
-3577 	    beginQuote = true;
-3578 	}
-3579     }
-3580     return a3;
-3581 };
-3582 
-3583 /**
-3584  * AttributeTypeAndValue ASN.1 structure class
-3585  * @name KJUR.asn1.x509.AttributeTypeAndValue
-3586  * @class AttributeTypeAndValue ASN.1 structure class
-3587  * @param {Array} params JSON object for parameters (ex. {str: 'C=US'})
-3588  * @extends KJUR.asn1.ASN1Object
-3589  * @see KJUR.asn1.x509.X500Name
-3590  * @see KJUR.asn1.x509.RDN
-3591  * @see KJUR.asn1.x509.AttributeTypeAndValue
-3592  * @see X509#getAttrTypeAndValue
-3593  * @description
-3594  * This class generates AttributeTypeAndValue defined in
-3595  * <a href="https://tools.ietf.org/html/rfc5280#section-4.1.2.4">
-3596  * RFC 5280 4.1.2.4</a>.
-3597  * <pre>
-3598  * AttributeTypeAndValue ::= SEQUENCE {
-3599  *   type     AttributeType,
-3600  *   value    AttributeValue }
-3601  * AttributeType ::= OBJECT IDENTIFIER
-3602  * AttributeValue ::= ANY -- DEFINED BY AttributeType
-3603  * </pre>
-3604  * The constructor argument can have following parameters:
-3605  * <ul>
-3606  * <li>{String}type - AttributeType name or OID(ex. C,O,CN)</li>
-3607  * <li>{String}value - raw string of ASN.1 value of AttributeValue</li>
-3608  * <li>{String}ds - DirectoryString type of AttributeValue</li>
-3609  * <li>{String}rule - DirectoryString type rule (ex. "prn" or "utf8")
-3610  * set DirectoryString type automatically when "ds" not specified.</li>
-3611  * <li>{String}str - AttributeTypeAndVale string (ex. "C=US").
-3612  * When type and value don't exists, 
-3613  * this "str" will be converted to "type" and "value".
-3614  * </li>
-3615  * </ul>
-3616  * <br
-3617  * NOTE: Parameters "type", "value,", "ds" and "rule" have
-3618  * been supported since jsrsasign 9.0.0 asn1x509 2.0.0.
-3619  * @example
-3620  * new KJUR.asn1.x509.AttributeTypeAndValue({type:'C',value:'US',ds:'prn'})
-3621  * new KJUR.asn1.x509.AttributeTypeAndValue({type:'givenName',value:'John',ds:'prn'})
-3622  * new KJUR.asn1.x509.AttributeTypeAndValue({type:'2.5.4.9',value:'71 Bowman St',ds:'prn'})
-3623  * new KJUR.asn1.x509.AttributeTypeAndValue({str:'O=T1'})
-3624  * new KJUR.asn1.x509.AttributeTypeAndValue({str:'streetAddress=71 Bowman St'})
-3625  * new KJUR.asn1.x509.AttributeTypeAndValue({str:'O=T1',rule='prn'})
-3626  * new KJUR.asn1.x509.AttributeTypeAndValue({str:'O=T1',rule='utf8'})
-3627  */
-3628 KJUR.asn1.x509.AttributeTypeAndValue = function(params) {
-3629     KJUR.asn1.x509.AttributeTypeAndValue.superclass.constructor.call(this);
-3630     this.sRule = "utf8";
-3631     this.sType = null;
-3632     this.sValue = null;
-3633     this.dsType = null;
-3634     var _KJUR = KJUR,
-3635 	_KJUR_asn1 = _KJUR.asn1,
-3636 	_DERSequence = _KJUR_asn1.DERSequence,
-3637 	_DERUTF8String = _KJUR_asn1.DERUTF8String,
-3638 	_DERPrintableString = _KJUR_asn1.DERPrintableString,
-3639 	_DERTeletexString = _KJUR_asn1.DERTeletexString,
-3640 	_DERIA5String = _KJUR_asn1.DERIA5String,
-3641 	_DERVisibleString = _KJUR_asn1.DERVisibleString,
-3642 	_DERBMPString = _KJUR_asn1.DERBMPString,
-3643 	_isMail = _KJUR.lang.String.isMail,
-3644 	_isPrintable = _KJUR.lang.String.isPrintable;
-3645 
-3646     this.setByParam = function(params) {
-3647 	if (params.rule !== undefined) this.sRule = params.rule;
-3648 	if (params.ds !== undefined)   this.dsType = params.ds;
-3649 
-3650         if (params.value === undefined &&
-3651 	    params.str !== undefined) {
-3652 	    var str = params.str;
-3653             var matchResult = str.match(/^([^=]+)=(.+)$/);
-3654             if (matchResult) {
-3655 		this.sType = matchResult[1];
-3656 		this.sValue = matchResult[2];
-3657             } else {
-3658 		throw new Error("malformed attrTypeAndValueStr: " +
-3659 				attrTypeAndValueStr);
-3660             }
-3661 	    
-3662 	    //this.setByString(params.str);
-3663         } else {
-3664 	    this.sType = params.type;
-3665 	    this.sValue = params.value;
-3666 	}
-3667     };
-3668 
-3669     /*
-3670      * @deprecated
-3671      */
-3672     this.setByString = function(sTypeValue, sRule) {
-3673 	if (sRule !== undefined) this.sRule = sRule;
-3674         var matchResult = sTypeValue.match(/^([^=]+)=(.+)$/);
-3675         if (matchResult) {
-3676             this.setByAttrTypeAndValueStr(matchResult[1], matchResult[2]);
+3241         // Get all the dnObject attributes and stuff them in the ASN.1 array.
+3242         for (var x in dnObj) {
+3243             if (dnObj.hasOwnProperty(x)) {
+3244                 var newRDN = new _RDN({str: x + '=' + dnObj[x], rule: this.sRule});
+3245                 // Initialize or push into the ANS1 array.
+3246                 this.asn1Array ? this.asn1Array.push(newRDN)
+3247                     : this.asn1Array = [newRDN];
+3248             }
+3249         }
+3250     };
+3251 
+3252     this.setByParam = function(params) {
+3253 	if (params.rule !== undefined) this.sRule = params.rule;
+3254 
+3255 	if (params.array !== undefined) {
+3256 	    this.paramArray = params.array;
+3257 	} else {
+3258             if (params.str !== undefined) {
+3259 		this.setByString(params.str);
+3260             } else if (params.ldapstr !== undefined) {
+3261 		this.setByLdapString(params.ldapstr);
+3262 	    } else if (params.hex !== undefined) {
+3263 		this.hTLV = params.hex;
+3264             } else if (params.certissuer !== undefined) {
+3265 		var x = new X509();
+3266 		x.readCertPEM(params.certissuer);
+3267 		this.hTLV = x.getIssuerHex();
+3268             } else if (params.certsubject !== undefined) {
+3269 		var x = new X509();
+3270 		x.readCertPEM(params.certsubject);
+3271 		this.hTLV = x.getSubjectHex();
+3272 		// If params is an object, then set the ASN1 array
+3273 		// just using the object attributes. 
+3274 		// This is nice for fields that have lots of special
+3275 		// characters (i.e. CN: 'https://www.github.com/kjur//').
+3276             } else if (typeof params === "object" &&
+3277 		       params.certsubject === undefined &&
+3278 		       params.certissuer === undefined) {
+3279 		this.setByObject(params);
+3280             }
+3281 	}
+3282     }
+3283 
+3284     this.tohex = function() {
+3285         if (typeof this.hTLV == "string") return this.hTLV;
+3286 
+3287 	if (this.asn1Array.length == 0 && this.paramArray.length > 0) {
+3288 	    for (var i = 0; i < this.paramArray.length; i++) {
+3289 		var param = {array: this.paramArray[i]};
+3290 		if (this.sRule != "utf8") param.rule = this.sRule;
+3291 		var asn1RDN = new _RDN(param);
+3292 		this.asn1Array.push(asn1RDN);
+3293 	    }
+3294 	}
+3295 
+3296         var o = new _KJUR_asn1.DERSequence({"array": this.asn1Array});
+3297         this.hTLV = o.tohex();
+3298         return this.hTLV;
+3299     };
+3300     this.getEncodedHex = function() { return this.tohex(); };
+3301 
+3302     if (params !== undefined) this.setByParam(params);
+3303 };
+3304 extendClass(KJUR.asn1.x509.X500Name, KJUR.asn1.ASN1Object);
+3305 
+3306 /**
+3307  * convert OpenSSL compat distinguished name format string to LDAP(RFC 2253) format<br/>
+3308  * @name compatToLDAP
+3309  * @memberOf KJUR.asn1.x509.X500Name
+3310  * @function
+3311  * @param {String} s distinguished name string in OpenSSL oneline compat (ex. /C=US/O=test)
+3312  * @return {String} distinguished name string in LDAP(RFC 2253) format (ex. O=test,C=US)
+3313  * @since jsrsasign 8.0.19 asn1x509 1.1.20
+3314  * @description
+3315  * This static method converts a distinguished name string in OpenSSL compat
+3316  * format to LDAP(RFC 2253) format.
+3317  * @see <a href="https://github.com/kjur/jsrsasign/wiki/NOTE-distinguished-name-representation-in-jsrsasign">jsrsasign wiki: distinguished name string difference between OpenSSL compat and LDAP(RFC 2253)</a>
+3318  * @see <a href="https://www.openssl.org/docs/man1.0.2/man1/openssl-x509.html#NAME-OPTIONS">OpenSSL x509 command manual - NAME OPTIONS</a>
+3319  * @example
+3320  * KJUR.asn1.x509.X500Name.compatToLDAP("/C=US/O=test") → 'O=test,C=US'
+3321  * KJUR.asn1.x509.X500Name.compatToLDAP("/C=US/O=a,a") → 'O=a\,a,C=US'
+3322  */
+3323 KJUR.asn1.x509.X500Name.compatToLDAP = function(s) {
+3324     if (s.substr(0, 1) !== "/") throw "malformed input";
+3325 
+3326     var result = "";
+3327     s = s.substr(1);
+3328 
+3329     var a = s.split("/");
+3330     a.reverse();
+3331     a = a.map(function(s) {return s.replace(/,/, "\\,")});
+3332 
+3333     return a.join(",");
+3334 };
+3335 
+3336 /**
+3337  * convert OpenSSL compat distinguished name format string to LDAP(RFC 2253) format (DEPRECATED)<br/>
+3338  * @name onelineToLDAP
+3339  * @memberOf KJUR.asn1.x509.X500Name
+3340  * @function
+3341  * @param {String} s distinguished name string in OpenSSL compat format (ex. /C=US/O=test)
+3342  * @return {String} distinguished name string in LDAP(RFC 2253) format (ex. O=test,C=US)
+3343  * @since jsrsasign 6.2.2 asn1x509 1.0.18
+3344  * @see KJUR.asn1.x509.X500Name.compatToLDAP
+3345  * @description
+3346  * This method is deprecated. Please use 
+3347  * {@link KJUR.asn1.x509.X500Name.compatToLDAP} instead.
+3348  */
+3349 KJUR.asn1.x509.X500Name.onelineToLDAP = function(s) {
+3350     return KJUR.asn1.x509.X500Name.compatToLDAP(s);
+3351 }
+3352 
+3353 /**
+3354  * convert LDAP(RFC 2253) distinguished name format string to OpenSSL compat format<br/>
+3355  * @name ldapToCompat
+3356  * @memberOf KJUR.asn1.x509.X500Name
+3357  * @function
+3358  * @param {String} s distinguished name string in LDAP(RFC 2253) format (ex. O=test,C=US)
+3359  * @return {String} distinguished name string in OpenSSL compat format (ex. /C=US/O=test)
+3360  * @since jsrsasign 8.0.19 asn1x509 1.1.10
+3361  * @description
+3362  * This static method converts a distinguished name string in 
+3363  * LDAP(RFC 2253) format to OpenSSL compat format.
+3364  * @see <a href="https://github.com/kjur/jsrsasign/wiki/NOTE-distinguished-name-representation-in-jsrsasign">jsrsasign wiki: distinguished name string difference between OpenSSL compat and LDAP(RFC 2253)</a>
+3365  * @example
+3366  * KJUR.asn1.x509.X500Name.ldapToCompat('O=test,C=US') → '/C=US/O=test'
+3367  * KJUR.asn1.x509.X500Name.ldapToCompat('O=a\,a,C=US') → '/C=US/O=a,a'
+3368  * KJUR.asn1.x509.X500Name.ldapToCompat('O=a/a,C=US')  → '/C=US/O=a\/a'
+3369  */
+3370 KJUR.asn1.x509.X500Name.ldapToCompat = function(s) {
+3371     var a = s.split(",");
+3372 
+3373     // join \,
+3374     var isBSbefore = false;
+3375     var a2 = [];
+3376     for (var i = 0; a.length > 0; i++) {
+3377 	var item = a.shift();
+3378 	//console.log("item=" + item);
+3379 
+3380 	if (isBSbefore === true) {
+3381 	    var a2last = a2.pop();
+3382 	    var newitem = (a2last + "," + item).replace(/\\,/g, ",");
+3383 	    a2.push(newitem);
+3384 	    isBSbefore = false;
+3385 	} else {
+3386 	    a2.push(item);
+3387 	}
+3388 
+3389 	if (item.substr(-1, 1) === "\\") isBSbefore = true;
+3390     }
+3391 
+3392     a2 = a2.map(function(s) {return s.replace("/", "\\/")});
+3393     a2.reverse();
+3394     return "/" + a2.join("/");
+3395 };
+3396 
+3397 /**
+3398  * convert LDAP(RFC 2253) distinguished name format string to OpenSSL compat format (DEPRECATED)<br/>
+3399  * @name ldapToOneline
+3400  * @memberOf KJUR.asn1.x509.X500Name
+3401  * @function
+3402  * @param {String} s distinguished name string in LDAP(RFC 2253) format (ex. O=test,C=US)
+3403  * @return {String} distinguished name string in OpenSSL compat format (ex. /C=US/O=test)
+3404  * @since jsrsasign 6.2.2 asn1x509 1.0.18
+3405  * @description
+3406  * This method is deprecated. Please use 
+3407  * {@link KJUR.asn1.x509.X500Name.ldapToCompat} instead.
+3408  */
+3409 KJUR.asn1.x509.X500Name.ldapToOneline = function(s) {
+3410     return KJUR.asn1.x509.X500Name.ldapToCompat(s);
+3411 };
+3412 
+3413 /**
+3414  * RDN (Relative Distinguished Name) ASN.1 structure class
+3415  * @name KJUR.asn1.x509.RDN
+3416  * @class RDN (Relative Distinguished Name) ASN.1 structure class
+3417  * @param {Array} params associative array of parameters (ex. {'str': 'C=US'})
+3418  * @extends KJUR.asn1.ASN1Object
+3419  * @see KJUR.asn1.x509.X500Name
+3420  * @see KJUR.asn1.x509.RDN
+3421  * @see KJUR.asn1.x509.AttributeTypeAndValue
+3422  * @description
+3423  * This class provides RelativeDistinguishedName ASN.1 class structure
+3424  * defined in <a href="https://tools.ietf.org/html/rfc2253#section-2">RFC 2253 section 2</a>.
+3425  * <blockquote><pre>
+3426  * RelativeDistinguishedName ::= SET SIZE (1..MAX) OF
+3427  *   AttributeTypeAndValue
+3428  *
+3429  * AttributeTypeAndValue ::= SEQUENCE {
+3430  *   type  AttributeType,
+3431  *   value AttributeValue }
+3432  * </pre></blockquote>
+3433  * <br/>
+3434  * NOTE1: The "array" and "rule" parameters have been supported
+3435  * since jsrsasign 9.0.0 asn1x509 2.0.0.
+3436  * <br/>
+3437  * NOTE2: Multi-valued RDN in "str" parameter have been
+3438  * supported since jsrsasign 6.2.1 asn1x509 1.0.17.
+3439  * @example
+3440  * new KJUR.asn1.x509.RDN({array: [ // multi-valued
+3441  *    {type:"CN",value:"Bob",ds:"prn"},
+3442  *    {type:"CN",value:"bob@example.com", ds:"ia5"}
+3443  * ]});
+3444  * new KJUR.asn1.x509.RDN({str: "CN=test"});
+3445  * new KJUR.asn1.x509.RDN({str: "O=a+O=bb+O=c"}); // multi-valued
+3446  * new KJUR.asn1.x509.RDN({str: "O=a+O=b\\+b+O=c"}); // plus escaped
+3447  * new KJUR.asn1.x509.RDN({str: "O=a+O=\"b+b\"+O=c"}); // double quoted
+3448  */
+3449 KJUR.asn1.x509.RDN = function(params) {
+3450     KJUR.asn1.x509.RDN.superclass.constructor.call(this);
+3451     this.asn1Array = [];
+3452     this.paramArray = [];
+3453     this.sRule = "utf8"; // DEFAULT "utf8"
+3454     var _AttributeTypeAndValue = KJUR.asn1.x509.AttributeTypeAndValue;
+3455 
+3456     this.setByParam = function(params) {
+3457 	if (params.rule !== undefined) this.sRule = params.rule;
+3458         if (params.str !== undefined) {
+3459             this.addByMultiValuedString(params.str);
+3460         }
+3461 	if (params.array !== undefined) this.paramArray = params.array;
+3462     };
+3463 
+3464     /**
+3465      * add one AttributeTypeAndValue by string<br/>
+3466      * @name addByString
+3467      * @memberOf KJUR.asn1.x509.RDN#
+3468      * @function
+3469      * @param {String} s string of AttributeTypeAndValue
+3470      * @return {Object} unspecified
+3471      * @description
+3472      * This method add one AttributeTypeAndValue to RDN object.
+3473      * @example
+3474      * rdn = new KJUR.asn1.x509.RDN();
+3475      * rdn.addByString("CN=john");
+3476      * rdn.addByString("serialNumber=1234"); // for multi-valued RDN
+3477      */
+3478     this.addByString = function(s) {
+3479         this.asn1Array.push(new KJUR.asn1.x509.AttributeTypeAndValue({'str': s, rule: this.sRule}));
+3480     };
+3481 
+3482     /**
+3483      * add one AttributeTypeAndValue by multi-valued string<br/>
+3484      * @name addByMultiValuedString
+3485      * @memberOf KJUR.asn1.x509.RDN#
+3486      * @function
+3487      * @param {String} s string of multi-valued RDN
+3488      * @return {Object} unspecified
+3489      * @since jsrsasign 6.2.1 asn1x509 1.0.17
+3490      * @description
+3491      * This method add multi-valued RDN to RDN object.
+3492      * @example
+3493      * rdn = new KJUR.asn1.x509.RDN();
+3494      * rdn.addByMultiValuedString("CN=john+O=test");
+3495      * rdn.addByMultiValuedString("O=a+O=b\+b\+b+O=c"); // multi-valued RDN with quoted plus
+3496      * rdn.addByMultiValuedString("O=a+O=\"b+b+b\"+O=c"); // multi-valued RDN with quoted quotation
+3497      */
+3498     this.addByMultiValuedString = function(s) {
+3499 	var a = KJUR.asn1.x509.RDN.parseString(s);
+3500 	for (var i = 0; i < a.length; i++) {
+3501 	    this.addByString(a[i]);
+3502 	}
+3503     };
+3504 
+3505     this.tohex = function() {
+3506 	if (this.asn1Array.length == 0 && this.paramArray.length > 0) {
+3507 	    for (var i = 0; i < this.paramArray.length; i++) {
+3508 		var param = this.paramArray[i];
+3509 		if (param.rule !== undefined &&
+3510 		    this.sRule != "utf8") {
+3511 		    param.rule = this.sRule;
+3512 		}
+3513 		//alert(JSON.stringify(param));
+3514 		var asn1ATV = new _AttributeTypeAndValue(param);
+3515 		this.asn1Array.push(asn1ATV);
+3516 	    }
+3517 	}
+3518         var o = new KJUR.asn1.DERSet({"array": this.asn1Array});
+3519         this.TLV = o.tohex();
+3520         return this.TLV;
+3521     };
+3522     this.getEncodedHex = function() { return this.tohex(); };
+3523 
+3524     if (params !== undefined) {
+3525 	this.setByParam(params);
+3526     }
+3527 };
+3528 extendClass(KJUR.asn1.x509.RDN, KJUR.asn1.ASN1Object);
+3529 
+3530 /**
+3531  * parse multi-valued RDN string and split into array of 'AttributeTypeAndValue'<br/>
+3532  * @name parseString
+3533  * @memberOf KJUR.asn1.x509.RDN
+3534  * @function
+3535  * @param {String} s multi-valued string of RDN
+3536  * @return {Array} array of string of AttributeTypeAndValue
+3537  * @since jsrsasign 6.2.1 asn1x509 1.0.17
+3538  * @description
+3539  * This static method parses multi-valued RDN string and split into
+3540  * array of AttributeTypeAndValue.
+3541  * @example
+3542  * KJUR.asn1.x509.RDN.parseString("CN=john") → ["CN=john"]
+3543  * KJUR.asn1.x509.RDN.parseString("CN=john+OU=test") → ["CN=john", "OU=test"]
+3544  * KJUR.asn1.x509.RDN.parseString('CN="jo+hn"+OU=test') → ["CN=jo+hn", "OU=test"]
+3545  * KJUR.asn1.x509.RDN.parseString('CN=jo\+hn+OU=test') → ["CN=jo+hn", "OU=test"]
+3546  * KJUR.asn1.x509.RDN.parseString("CN=john+OU=test+OU=t1") → ["CN=john", "OU=test", "OU=t1"]
+3547  */
+3548 KJUR.asn1.x509.RDN.parseString = function(s) {
+3549     var a = s.split(/\+/);
+3550 
+3551     // join \+
+3552     var isBSbefore = false;
+3553     var a2 = [];
+3554     for (var i = 0; a.length > 0; i++) {
+3555 	var item = a.shift();
+3556 	//console.log("item=" + item);
+3557 
+3558 	if (isBSbefore === true) {
+3559 	    var a2last = a2.pop();
+3560 	    var newitem = (a2last + "+" + item).replace(/\\\+/g, "+");
+3561 	    a2.push(newitem);
+3562 	    isBSbefore = false;
+3563 	} else {
+3564 	    a2.push(item);
+3565 	}
+3566 
+3567 	if (item.substr(-1, 1) === "\\") isBSbefore = true;
+3568     }
+3569 
+3570     // join quote
+3571     var beginQuote = false;
+3572     var a3 = [];
+3573     for (var i = 0; a2.length > 0; i++) {
+3574 	var item = a2.shift();
+3575 
+3576 	if (beginQuote === true) {
+3577 	    var a3last = a3.pop();
+3578 	    if (item.match(/"$/)) {
+3579 		var newitem = (a3last + "+" + item).replace(/^([^=]+)="(.*)"$/, "$1=$2");
+3580 		a3.push(newitem);
+3581 		beginQuote = false;
+3582 	    } else {
+3583 		a3.push(a3last + "+" + item);
+3584 	    }
+3585 	} else {
+3586 	    a3.push(item);
+3587 	}
+3588 
+3589 	if (item.match(/^[^=]+="/)) {
+3590 	    //console.log(i + "=" + item);
+3591 	    beginQuote = true;
+3592 	}
+3593     }
+3594     return a3;
+3595 };
+3596 
+3597 /**
+3598  * AttributeTypeAndValue ASN.1 structure class
+3599  * @name KJUR.asn1.x509.AttributeTypeAndValue
+3600  * @class AttributeTypeAndValue ASN.1 structure class
+3601  * @param {Array} params JSON object for parameters (ex. {str: 'C=US'})
+3602  * @extends KJUR.asn1.ASN1Object
+3603  * @see KJUR.asn1.x509.X500Name
+3604  * @see KJUR.asn1.x509.RDN
+3605  * @see KJUR.asn1.x509.AttributeTypeAndValue
+3606  * @see X509#getAttrTypeAndValue
+3607  * @description
+3608  * This class generates AttributeTypeAndValue defined in
+3609  * <a href="https://tools.ietf.org/html/rfc5280#section-4.1.2.4">
+3610  * RFC 5280 4.1.2.4</a>.
+3611  * <pre>
+3612  * AttributeTypeAndValue ::= SEQUENCE {
+3613  *   type     AttributeType,
+3614  *   value    AttributeValue }
+3615  * AttributeType ::= OBJECT IDENTIFIER
+3616  * AttributeValue ::= ANY -- DEFINED BY AttributeType
+3617  * </pre>
+3618  * The constructor argument can have following parameters:
+3619  * <ul>
+3620  * <li>{String}type - AttributeType name or OID(ex. C,O,CN)</li>
+3621  * <li>{String}value - raw string of ASN.1 value of AttributeValue</li>
+3622  * <li>{String}ds - DirectoryString type of AttributeValue</li>
+3623  * <li>{String}rule - DirectoryString type rule (ex. "prn" or "utf8")
+3624  * set DirectoryString type automatically when "ds" not specified.</li>
+3625  * <li>{String}str - AttributeTypeAndVale string (ex. "C=US").
+3626  * When type and value don't exists, 
+3627  * this "str" will be converted to "type" and "value".
+3628  * </li>
+3629  * </ul>
+3630  * <br
+3631  * NOTE: Parameters "type", "value,", "ds" and "rule" have
+3632  * been supported since jsrsasign 9.0.0 asn1x509 2.0.0.
+3633  * @example
+3634  * new KJUR.asn1.x509.AttributeTypeAndValue({type:'C',value:'US',ds:'prn'})
+3635  * new KJUR.asn1.x509.AttributeTypeAndValue({type:'givenName',value:'John',ds:'prn'})
+3636  * new KJUR.asn1.x509.AttributeTypeAndValue({type:'2.5.4.9',value:'71 Bowman St',ds:'prn'})
+3637  * new KJUR.asn1.x509.AttributeTypeAndValue({str:'O=T1'})
+3638  * new KJUR.asn1.x509.AttributeTypeAndValue({str:'streetAddress=71 Bowman St'})
+3639  * new KJUR.asn1.x509.AttributeTypeAndValue({str:'O=T1',rule='prn'})
+3640  * new KJUR.asn1.x509.AttributeTypeAndValue({str:'O=T1',rule='utf8'})
+3641  */
+3642 KJUR.asn1.x509.AttributeTypeAndValue = function(params) {
+3643     KJUR.asn1.x509.AttributeTypeAndValue.superclass.constructor.call(this);
+3644     this.sRule = "utf8";
+3645     this.sType = null;
+3646     this.sValue = null;
+3647     this.dsType = null;
+3648     var _KJUR = KJUR,
+3649 	_KJUR_asn1 = _KJUR.asn1,
+3650 	_DERSequence = _KJUR_asn1.DERSequence,
+3651 	_DERUTF8String = _KJUR_asn1.DERUTF8String,
+3652 	_DERPrintableString = _KJUR_asn1.DERPrintableString,
+3653 	_DERTeletexString = _KJUR_asn1.DERTeletexString,
+3654 	_DERIA5String = _KJUR_asn1.DERIA5String,
+3655 	_DERVisibleString = _KJUR_asn1.DERVisibleString,
+3656 	_DERBMPString = _KJUR_asn1.DERBMPString,
+3657 	_isMail = _KJUR.lang.String.isMail,
+3658 	_isPrintable = _KJUR.lang.String.isPrintable;
+3659 
+3660     this.setByParam = function(params) {
+3661 	if (params.rule !== undefined) this.sRule = params.rule;
+3662 	if (params.ds !== undefined)   this.dsType = params.ds;
+3663 
+3664         if (params.value === undefined &&
+3665 	    params.str !== undefined) {
+3666 	    var str = params.str;
+3667             var matchResult = str.match(/^([^=]+)=(.+)$/);
+3668             if (matchResult) {
+3669 		this.sType = matchResult[1];
+3670 		this.sValue = matchResult[2];
+3671             } else {
+3672 		throw new Error("malformed attrTypeAndValueStr: " +
+3673 				attrTypeAndValueStr);
+3674             }
+3675 	    
+3676 	    //this.setByString(params.str);
 3677         } else {
-3678             throw new Error("malformed attrTypeAndValueStr: " +
-3679 			    attrTypeAndValueStr);
-3680         }
+3678 	    this.sType = params.type;
+3679 	    this.sValue = params.value;
+3680 	}
 3681     };
 3682 
-3683     this._getDsType = function() {
-3684 	var sType = this.sType;
-3685 	var sValue = this.sValue;
-3686 	var sRule = this.sRule;
-3687 
-3688 	if (sRule === "prn") {
-3689 	    if (sType == "CN" && _isMail(sValue)) return "ia5";
-3690 	    if (_isPrintable(sValue)) return "prn";
-3691 	    return "utf8";
-3692 	} else if (sRule === "utf8") {
-3693 	    if (sType == "CN" && _isMail(sValue)) return "ia5";
-3694 	    if (sType == "C") return "prn";
-3695 	    return "utf8";
-3696 	}
-3697 	return "utf8"; // default
-3698     };
-3699 
-3700     this.setByAttrTypeAndValueStr = function(sType, sValue, sRule) {
-3701 	if (sRule !== undefined) this.sRule = sRule;
-3702 	this.sType = sType;
-3703 	this.sValue = sValue;
-3704     };
-3705 
-3706     this.getValueObj = function(dsType, valueStr) {
-3707         if (dsType == "utf8") return new _DERUTF8String({"str": valueStr});
-3708         if (dsType == "prn")  return new _DERPrintableString({"str": valueStr});
-3709         if (dsType == "tel")  return new _DERTeletexString({"str": valueStr});
-3710         if (dsType == "ia5")  return new _DERIA5String({"str": valueStr});
-3711         if (dsType == "vis")  return new _DERVisibleString({"str": valueStr});
-3712         if (dsType == "bmp")  return new _DERBMPString({"str": valueStr});
-3713         throw new Error("unsupported directory string type: type=" +
-3714 			dsType + " value=" + valueStr);
-3715     };
-3716 
-3717     this.tohex = function() {
-3718 	if (this.dsType == null) this.dsType = this._getDsType();
-3719 	var asn1Type = KJUR.asn1.x509.OID.atype2obj(this.sType);
-3720 	var asn1Value = this.getValueObj(this.dsType, this.sValue);
-3721         var o = new _DERSequence({"array": [asn1Type, asn1Value]});
-3722         this.TLV = o.tohex();
-3723         return this.TLV;
-3724     }
-3725 
-3726     this.getEncodedHex = function() { return this.tohex(); };
-3727 
-3728     if (params !== undefined) {
-3729 	this.setByParam(params);
-3730     }
-3731 };
-3732 extendClass(KJUR.asn1.x509.AttributeTypeAndValue, KJUR.asn1.ASN1Object);
-3733 
-3734 // === END   X500Name Related =================================================
-3735 
-3736 // === BEGIN Other ASN1 structure class  ======================================
-3737 
-3738 /**
-3739  * SubjectPublicKeyInfo ASN.1 structure class
-3740  * @name KJUR.asn1.x509.SubjectPublicKeyInfo
-3741  * @class SubjectPublicKeyInfo ASN.1 structure class
-3742  * @param {Object} params parameter for subject public key
-3743  * @extends KJUR.asn1.ASN1Object
-3744  * @description
-3745  * <br/>
-3746  * As for argument 'params' for constructor, you can specify one of
-3747  * following properties:
-3748  * <ul>
-3749  * <li>{@link RSAKey} object</li>
-3750  * <li>{@link KJUR.crypto.ECDSA} object</li>
-3751  * <li>{@link KJUR.crypto.DSA} object</li>
-3752  * </ul>
-3753  * NOTE1: 'params' can be omitted.<br/>
-3754  * NOTE2: DSA/ECDSA key object is also supported since asn1x509 1.0.6.<br/>
-3755  * <h4>EXAMPLE</h4>
-3756  * @example
-3757  * spki = new KJUR.asn1.x509.SubjectPublicKeyInfo(RSAKey_object);
-3758  * spki = new KJUR.asn1.x509.SubjectPublicKeyInfo(KJURcryptoECDSA_object);
-3759  * spki = new KJUR.asn1.x509.SubjectPublicKeyInfo(KJURcryptoDSA_object);
-3760  */
-3761 KJUR.asn1.x509.SubjectPublicKeyInfo = function(params) {
-3762     KJUR.asn1.x509.SubjectPublicKeyInfo.superclass.constructor.call(this);
-3763     var asn1AlgId = null,
-3764 	asn1SubjPKey = null,
-3765 	_KJUR = KJUR,
-3766 	_KJUR_asn1 = _KJUR.asn1,
-3767 	_DERInteger = _KJUR_asn1.DERInteger,
-3768 	_DERBitString = _KJUR_asn1.DERBitString,
-3769 	_DERObjectIdentifier = _KJUR_asn1.DERObjectIdentifier,
-3770 	_DERSequence = _KJUR_asn1.DERSequence,
-3771 	_newObject = _KJUR_asn1.ASN1Util.newObject,
-3772 	_KJUR_asn1_x509 = _KJUR_asn1.x509,
-3773 	_AlgorithmIdentifier = _KJUR_asn1_x509.AlgorithmIdentifier,
-3774 	_KJUR_crypto = _KJUR.crypto,
-3775 	_KJUR_crypto_ECDSA = _KJUR_crypto.ECDSA,
-3776 	_KJUR_crypto_DSA = _KJUR_crypto.DSA;
-3777 
-3778     /*
-3779      * @since asn1x509 1.0.7
-3780      */
-3781     this.getASN1Object = function() {
-3782         if (this.asn1AlgId == null || this.asn1SubjPKey == null)
-3783             throw "algId and/or subjPubKey not set";
-3784         var o = new _DERSequence({'array':
-3785                                   [this.asn1AlgId, this.asn1SubjPKey]});
-3786         return o;
-3787     };
-3788 
-3789     this.tohex = function() {
-3790         var o = this.getASN1Object();
-3791         this.hTLV = o.tohex();
-3792         return this.hTLV;
-3793     };
-3794     this.getEncodedHex = function() { return this.tohex(); };
-3795 
-3796     /**
-3797      * @name setPubKey
-3798      * @memberOf KJUR.asn1.x509.SubjectPublicKeyInfo#
-3799      * @function
-3800      * @param {Object} {@link RSAKey}, {@link KJUR.crypto.ECDSA} or {@link KJUR.crypto.DSA} object
-3801      * @since jsrsasign 8.0.0 asn1x509 1.1.0
-3802      * @description
-3803      * @example
-3804      * spki = new KJUR.asn1.x509.SubjectPublicKeyInfo();
-3805      * pubKey = KEYUTIL.getKey(PKCS8PUBKEYPEM);
-3806      * spki.setPubKey(pubKey);
-3807      */
-3808     this.setPubKey = function(key) {
-3809 	try {
-3810 	    if (key instanceof RSAKey) {
-3811 		var asn1RsaPub = _newObject({
-3812 		    'seq': [{'int': {'bigint': key.n}}, {'int': {'int': key.e}}]
-3813 		});
-3814 		var rsaKeyHex = asn1RsaPub.tohex();
-3815 		this.asn1AlgId = new _AlgorithmIdentifier({'name':'rsaEncryption'});
-3816 		this.asn1SubjPKey = new _DERBitString({'hex':'00'+rsaKeyHex});
-3817 	    }
-3818 	} catch(ex) {};
-3819 
-3820 	try {
-3821 	    if (key instanceof KJUR.crypto.ECDSA) {
-3822 		var asn1Params = new _DERObjectIdentifier({'name': key.curveName});
-3823 		this.asn1AlgId =
-3824 		    new _AlgorithmIdentifier({'name': 'ecPublicKey',
-3825 					      'asn1params': asn1Params});
-3826 		this.asn1SubjPKey = new _DERBitString({'hex': '00' + key.pubKeyHex});
-3827 	    }
-3828 	} catch(ex) {};
-3829 
-3830 	try {
-3831 	    if (key instanceof KJUR.crypto.DSA) {
-3832 		var asn1Params = new _newObject({
-3833 		    'seq': [{'int': {'bigint': key.p}},
-3834 			    {'int': {'bigint': key.q}},
-3835 			    {'int': {'bigint': key.g}}]
-3836 		});
+3683     /*
+3684      * @deprecated
+3685      */
+3686     this.setByString = function(sTypeValue, sRule) {
+3687 	if (sRule !== undefined) this.sRule = sRule;
+3688         var matchResult = sTypeValue.match(/^([^=]+)=(.+)$/);
+3689         if (matchResult) {
+3690             this.setByAttrTypeAndValueStr(matchResult[1], matchResult[2]);
+3691         } else {
+3692             throw new Error("malformed attrTypeAndValueStr: " +
+3693 			    attrTypeAndValueStr);
+3694         }
+3695     };
+3696 
+3697     this._getDsType = function() {
+3698 	var sType = this.sType;
+3699 	var sValue = this.sValue;
+3700 	var sRule = this.sRule;
+3701 
+3702 	if (sRule === "prn") {
+3703 	    if (sType == "CN" && _isMail(sValue)) return "ia5";
+3704 	    if (_isPrintable(sValue)) return "prn";
+3705 	    return "utf8";
+3706 	} else if (sRule === "utf8") {
+3707 	    if (sType == "CN" && _isMail(sValue)) return "ia5";
+3708 	    if (sType == "C") return "prn";
+3709 	    return "utf8";
+3710 	}
+3711 	return "utf8"; // default
+3712     };
+3713 
+3714     this.setByAttrTypeAndValueStr = function(sType, sValue, sRule) {
+3715 	if (sRule !== undefined) this.sRule = sRule;
+3716 	this.sType = sType;
+3717 	this.sValue = sValue;
+3718     };
+3719 
+3720     this.getValueObj = function(dsType, valueStr) {
+3721         if (dsType == "utf8") return new _DERUTF8String({"str": valueStr});
+3722         if (dsType == "prn")  return new _DERPrintableString({"str": valueStr});
+3723         if (dsType == "tel")  return new _DERTeletexString({"str": valueStr});
+3724         if (dsType == "ia5")  return new _DERIA5String({"str": valueStr});
+3725         if (dsType == "vis")  return new _DERVisibleString({"str": valueStr});
+3726         if (dsType == "bmp")  return new _DERBMPString({"str": valueStr});
+3727         throw new Error("unsupported directory string type: type=" +
+3728 			dsType + " value=" + valueStr);
+3729     };
+3730 
+3731     this.tohex = function() {
+3732 	if (this.dsType == null) this.dsType = this._getDsType();
+3733 	var asn1Type = KJUR.asn1.x509.OID.atype2obj(this.sType);
+3734 	var asn1Value = this.getValueObj(this.dsType, this.sValue);
+3735         var o = new _DERSequence({"array": [asn1Type, asn1Value]});
+3736         this.TLV = o.tohex();
+3737         return this.TLV;
+3738     }
+3739 
+3740     this.getEncodedHex = function() { return this.tohex(); };
+3741 
+3742     if (params !== undefined) {
+3743 	this.setByParam(params);
+3744     }
+3745 };
+3746 extendClass(KJUR.asn1.x509.AttributeTypeAndValue, KJUR.asn1.ASN1Object);
+3747 
+3748 // === END   X500Name Related =================================================
+3749 
+3750 // === BEGIN Other ASN1 structure class  ======================================
+3751 
+3752 /**
+3753  * SubjectPublicKeyInfo ASN.1 structure class
+3754  * @name KJUR.asn1.x509.SubjectPublicKeyInfo
+3755  * @class SubjectPublicKeyInfo ASN.1 structure class
+3756  * @param {Object} params parameter for subject public key
+3757  * @extends KJUR.asn1.ASN1Object
+3758  * @description
+3759  * <br/>
+3760  * As for argument 'params' for constructor, you can specify one of
+3761  * following properties:
+3762  * <ul>
+3763  * <li>{@link RSAKey} object</li>
+3764  * <li>{@link KJUR.crypto.ECDSA} object</li>
+3765  * <li>{@link KJUR.crypto.DSA} object</li>
+3766  * </ul>
+3767  * NOTE1: 'params' can be omitted.<br/>
+3768  * NOTE2: DSA/ECDSA key object is also supported since asn1x509 1.0.6.<br/>
+3769  * <h4>EXAMPLE</h4>
+3770  * @example
+3771  * spki = new KJUR.asn1.x509.SubjectPublicKeyInfo(RSAKey_object);
+3772  * spki = new KJUR.asn1.x509.SubjectPublicKeyInfo(KJURcryptoECDSA_object);
+3773  * spki = new KJUR.asn1.x509.SubjectPublicKeyInfo(KJURcryptoDSA_object);
+3774  */
+3775 KJUR.asn1.x509.SubjectPublicKeyInfo = function(params) {
+3776     KJUR.asn1.x509.SubjectPublicKeyInfo.superclass.constructor.call(this);
+3777     var asn1AlgId = null,
+3778 	asn1SubjPKey = null,
+3779 	_KJUR = KJUR,
+3780 	_KJUR_asn1 = _KJUR.asn1,
+3781 	_DERInteger = _KJUR_asn1.DERInteger,
+3782 	_DERBitString = _KJUR_asn1.DERBitString,
+3783 	_DERObjectIdentifier = _KJUR_asn1.DERObjectIdentifier,
+3784 	_DERSequence = _KJUR_asn1.DERSequence,
+3785 	_newObject = _KJUR_asn1.ASN1Util.newObject,
+3786 	_KJUR_asn1_x509 = _KJUR_asn1.x509,
+3787 	_AlgorithmIdentifier = _KJUR_asn1_x509.AlgorithmIdentifier,
+3788 	_KJUR_crypto = _KJUR.crypto,
+3789 	_KJUR_crypto_ECDSA = _KJUR_crypto.ECDSA,
+3790 	_KJUR_crypto_DSA = _KJUR_crypto.DSA;
+3791 
+3792     /*
+3793      * @since asn1x509 1.0.7
+3794      */
+3795     this.getASN1Object = function() {
+3796         if (this.asn1AlgId == null || this.asn1SubjPKey == null)
+3797             throw "algId and/or subjPubKey not set";
+3798         var o = new _DERSequence({'array':
+3799                                   [this.asn1AlgId, this.asn1SubjPKey]});
+3800         return o;
+3801     };
+3802 
+3803     this.tohex = function() {
+3804         var o = this.getASN1Object();
+3805         this.hTLV = o.tohex();
+3806         return this.hTLV;
+3807     };
+3808     this.getEncodedHex = function() { return this.tohex(); };
+3809 
+3810     /**
+3811      * @name setPubKey
+3812      * @memberOf KJUR.asn1.x509.SubjectPublicKeyInfo#
+3813      * @function
+3814      * @param {Object} {@link RSAKey}, {@link KJUR.crypto.ECDSA} or {@link KJUR.crypto.DSA} object
+3815      * @since jsrsasign 8.0.0 asn1x509 1.1.0
+3816      * @description
+3817      * @example
+3818      * spki = new KJUR.asn1.x509.SubjectPublicKeyInfo();
+3819      * pubKey = KEYUTIL.getKey(PKCS8PUBKEYPEM);
+3820      * spki.setPubKey(pubKey);
+3821      */
+3822     this.setPubKey = function(key) {
+3823 	try {
+3824 	    if (key instanceof RSAKey) {
+3825 		var asn1RsaPub = _newObject({
+3826 		    'seq': [{'int': {'bigint': key.n}}, {'int': {'int': key.e}}]
+3827 		});
+3828 		var rsaKeyHex = asn1RsaPub.tohex();
+3829 		this.asn1AlgId = new _AlgorithmIdentifier({'name':'rsaEncryption'});
+3830 		this.asn1SubjPKey = new _DERBitString({'hex':'00'+rsaKeyHex});
+3831 	    }
+3832 	} catch(ex) {};
+3833 
+3834 	try {
+3835 	    if (key instanceof KJUR.crypto.ECDSA) {
+3836 		var asn1Params = new _DERObjectIdentifier({'name': key.curveName});
 3837 		this.asn1AlgId =
-3838 		    new _AlgorithmIdentifier({'name': 'dsa',
+3838 		    new _AlgorithmIdentifier({'name': 'ecPublicKey',
 3839 					      'asn1params': asn1Params});
-3840 		var pubInt = new _DERInteger({'bigint': key.y});
-3841 		this.asn1SubjPKey = 
-3842 		    new _DERBitString({'hex': '00' + pubInt.tohex()});
-3843 	    }
-3844 	} catch(ex) {};
-3845     };
-3846 
-3847     if (params !== undefined) {
-3848 	this.setPubKey(params);
-3849     }
-3850 };
-3851 extendClass(KJUR.asn1.x509.SubjectPublicKeyInfo, KJUR.asn1.ASN1Object);
-3852 
-3853 /**
-3854  * Time ASN.1 structure class<br/>
-3855  * @name KJUR.asn1.x509.Time
-3856  * @class Time ASN.1 structure class
-3857  * @param {Array} params associative array of parameters (ex. {'str': '130508235959Z'})
-3858  * @extends KJUR.asn1.ASN1Object
-3859  * @see KJUR.asn1.DERUTCTime
-3860  * @see KJUR.asn1.DERGeneralizedTime
-3861  * @description
-3862  * This class represents Time ASN.1 structure defined in 
-3863  * <a href="https://tools.ietf.org/html/rfc5280">RFC 5280</a>
-3864  * <pre>
-3865  * Time ::= CHOICE {
-3866  *      utcTime        UTCTime,
-3867  *      generalTime    GeneralizedTime }
-3868  * </pre>
-3869  *
-3870  * @example
-3871  * var t1 = new KJUR.asn1.x509.Time{'str': '130508235959Z'} // UTCTime by default
-3872  * var t2 = new KJUR.asn1.x509.Time{'type': 'gen',  'str': '20130508235959Z'} // GeneralizedTime
-3873  */
-3874 KJUR.asn1.x509.Time = function(params) {
-3875     KJUR.asn1.x509.Time.superclass.constructor.call(this);
-3876     var type = null,
-3877 	timeParams = null,
-3878 	_KJUR = KJUR,
-3879 	_KJUR_asn1 = _KJUR.asn1,
-3880 	_DERUTCTime = _KJUR_asn1.DERUTCTime,
-3881 	_DERGeneralizedTime = _KJUR_asn1.DERGeneralizedTime;
-3882     this.params = null;
-3883     this.type = null;
-3884 
-3885     // deprecated
-3886     this.setTimeParams = function(timeParams) {
-3887         this.timeParams = timeParams;
-3888     }
-3889 
-3890     this.setByParam = function(params) {
-3891 	this.params = params;
-3892     };
-3893 
-3894     this.getType = function(s) {
-3895         if (s.match(/^[0-9]{12}Z$/)) return "utc";
-3896         if (s.match(/^[0-9]{14}Z$/)) return "gen";
-3897         if (s.match(/^[0-9]{12}\.[0-9]+Z$/)) return "utc";
-3898         if (s.match(/^[0-9]{14}\.[0-9]+Z$/)) return "gen";
-3899 	return null;
-3900     };
-3901 
-3902     this.tohex = function() {
-3903 	var params = this.params;
-3904         var o = null;
-3905 
-3906 	if (typeof params == "string") params = {str: params};
-3907 	if (params != null &&
-3908 	    params.str && 
-3909 	    (params.type == null || params.type == undefined)) {
-3910 	    params.type = this.getType(params.str);
-3911 	}
-3912 
-3913 	if (params != null && params.str) {
-3914 	    if (params.type == "utc") o = new _DERUTCTime(params.str);
-3915 	    if (params.type == "gen") o = new _DERGeneralizedTime(params.str);
-3916 	} else {
-3917 	    if (this.type == "gen") {
-3918 		o = new _DERGeneralizedTime();
-3919 	    } else {
-3920 		o = new _DERUTCTime();
-3921 	    }
-3922 	}
-3923 
-3924 	if (o == null) throw new Error("wrong setting for Time");
-3925         this.TLV = o.tohex();
-3926         return this.TLV;
-3927     };
-3928     this.getEncodedHex = function() { return this.tohex(); };
-3929 
-3930     if (params != undefined) this.setByParam(params);
-3931 };
-3932 
-3933 KJUR.asn1.x509.Time_bak = function(params) {
-3934     KJUR.asn1.x509.Time_bak.superclass.constructor.call(this);
-3935     var type = null,
-3936 	timeParams = null,
-3937 	_KJUR = KJUR,
-3938 	_KJUR_asn1 = _KJUR.asn1,
-3939 	_DERUTCTime = _KJUR_asn1.DERUTCTime,
-3940 	_DERGeneralizedTime = _KJUR_asn1.DERGeneralizedTime;
-3941 
-3942     this.setTimeParams = function(timeParams) {
-3943         this.timeParams = timeParams;
-3944     }
-3945 
-3946     this.tohex = function() {
-3947         var o = null;
-3948 
-3949         if (this.timeParams != null) {
-3950             if (this.type == "utc") {
-3951                 o = new _DERUTCTime(this.timeParams);
-3952             } else {
-3953                 o = new _DERGeneralizedTime(this.timeParams);
-3954             }
-3955         } else {
-3956             if (this.type == "utc") {
-3957                 o = new _DERUTCTime();
-3958             } else {
-3959                 o = new _DERGeneralizedTime();
-3960             }
-3961         }
-3962         this.TLV = o.tohex();
-3963         return this.TLV;
-3964     };
-3965     this.getEncodedHex = function() { return this.tohex(); };
-3966 
-3967     this.type = "utc";
-3968     if (params !== undefined) {
-3969         if (params.type !== undefined) {
-3970             this.type = params.type;
-3971         } else {
-3972             if (params.str !== undefined) {
-3973                 if (params.str.match(/^[0-9]{12}Z$/)) this.type = "utc";
-3974                 if (params.str.match(/^[0-9]{14}Z$/)) this.type = "gen";
-3975             }
-3976         }
-3977         this.timeParams = params;
-3978     }
-3979 };
-3980 extendClass(KJUR.asn1.x509.Time, KJUR.asn1.ASN1Object);
-3981 
-3982 /**
-3983  * AlgorithmIdentifier ASN.1 structure class
-3984  * @name KJUR.asn1.x509.AlgorithmIdentifier
-3985  * @class AlgorithmIdentifier ASN.1 structure class
-3986  * @param {Array} params associative array of parameters (ex. {'name': 'SHA1withRSA'})
-3987  * @extends KJUR.asn1.ASN1Object
-3988  * @description
-3989  * The 'params' argument is an associative array and has following parameters:
-3990  * <ul>
-3991  * <li>name: algorithm name (MANDATORY, ex. sha1, SHA256withRSA)</li>
-3992  * <li>asn1params: explicitly specify ASN.1 object for algorithm.
-3993  * (OPTION)</li>
-3994  * <li>paramempty: set algorithm parameter to NULL by force.
-3995  * If paramempty is false, algorithm parameter will be set automatically.
-3996  * If paramempty is false and algorithm name is "*withDSA" or "withECDSA" parameter field of
-3997  * AlgorithmIdentifier will be ommitted otherwise
-3998  * it will be NULL by default.
-3999  * (OPTION, DEFAULT = false)</li>
-4000  * </ul>
-4001  * RSA-PSS algorithm names such as SHA{,256,384,512}withRSAandMGF1 are
-4002  * special names. They will set a suite of algorithm OID and multiple algorithm
-4003  * parameters. Its ASN.1 schema is defined in 
-4004  * <a href="https://tools.ietf.org/html/rfc3447#appendix-A.2.3">RFC 3447 PKCS#1 2.1
-4005  * section A.2.3</a>.
-4006  * <blockquote><pre>
-4007  * id-RSASSA-PSS  OBJECT IDENTIFIER ::= { pkcs-1 10 }
-4008  * RSASSA-PSS-params ::= SEQUENCE {
-4009  *   hashAlgorithm      [0] HashAlgorithm    DEFAULT sha1,
-4010  *   maskGenAlgorithm   [1] MaskGenAlgorithm DEFAULT mgf1SHA1,
-4011  *   saltLength         [2] INTEGER          DEFAULT 20,
-4012  *   trailerField       [3] TrailerField     DEFAULT trailerFieldBC }
-4013  * mgf1SHA1    MaskGenAlgorithm ::= {
-4014  *   algorithm   id-mgf1,
-4015  *   parameters  HashAlgorithm : sha1 }
-4016  * id-mgf1     OBJECT IDENTIFIER ::= { pkcs-1 8 }
-4017  * TrailerField ::= INTEGER { trailerFieldBC(1) }
-4018  * </pre></blockquote>
-4019  * Here is a table for PSS parameters:
-4020  * <table>
-4021  * <tr><th>Name</th><th>alg oid</th><th>pss hash</th><th>maskgen</th></th><th>pss saltlen</th><th>trailer</th></tr>
-4022  * <tr><td>SHAwithRSAandMGF1</td><td>1.2.840.113549.1.1.10(rsapss)</td><td>default(sha1)</td><td>default(mgf1sha1)</td><td>default(20)</td><td>default(1)</td></tr>
-4023  * <tr><td>SHA256withRSAandMGF1</td><td>1.2.840.113549.1.1.10(rsapss)</td><td>sha256</td><td>mgf1sha256</td><td>32</td><td>default(1)</td></tr>
-4024  * <tr><td>SHA384withRSAandMGF1</td><td>1.2.840.113549.1.1.10(rsapss)</td><td>sha384</td><td>mgf1sha384</td><td>48</td><td>default(1)</td></tr>
-4025  * <tr><td>SHA512withRSAandMGF1</td><td>1.2.840.113549.1.1.10(rsapss)</td><td>sha512</td><td>mgf1sha512</td><td>64</td><td>default(1)</td></tr>
-4026  * </table>
-4027  * Default value is omitted as defined in ASN.1 schema.
-4028  * These parameters are interoperable to OpenSSL or IAIK toolkit.
-4029  * <br/>
-4030  * NOTE: RSA-PSS algorihtm names are supported since jsrsasign 8.0.21. 
-4031  * @example
-4032  * new KJUR.asn1.x509.AlgorithmIdentifier({name: "sha1"})
-4033  * new KJUR.asn1.x509.AlgorithmIdentifier({name: "SHA256withRSA"})
-4034  * new KJUR.asn1.x509.AlgorithmIdentifier({name: "SHA512withRSAandMGF1"}) // set parameters automatically
-4035  * new KJUR.asn1.x509.AlgorithmIdentifier({name: "SHA256withRSA", paramempty: true})
-4036  * new KJUR.asn1.x509.AlgorithmIdentifier({name: "rsaEncryption"})
-4037  */
-4038 KJUR.asn1.x509.AlgorithmIdentifier = function(params) {
-4039     KJUR.asn1.x509.AlgorithmIdentifier.superclass.constructor.call(this);
-4040     this.nameAlg = null;
-4041     this.asn1Alg = null;
-4042     this.asn1Params = null;
-4043     this.paramEmpty = false;
-4044 
-4045     var _KJUR = KJUR,
-4046 	_KJUR_asn1 = _KJUR.asn1,
-4047 	_PSSNAME2ASN1TLV = _KJUR_asn1.x509.AlgorithmIdentifier.PSSNAME2ASN1TLV;
-4048 
-4049     this.tohex = function() {
-4050         if (this.nameAlg === null && this.asn1Alg === null) {
-4051             throw new Error("algorithm not specified");
-4052         }
-4053 
-4054 	// for RSAPSS algorithm name
-4055 	//  && this.hTLV === null
-4056 	if (this.nameAlg !== null) {
-4057 	    var hTLV = null;
-4058 	    for (var key in _PSSNAME2ASN1TLV) {
-4059 		if (key === this.nameAlg) {
-4060 		    hTLV = _PSSNAME2ASN1TLV[key];
-4061 		}
-4062 	    }
-4063 	    if (hTLV !== null) {
-4064 		this.hTLV = hTLV;
-4065 		return this.hTLV;
-4066 	    }
-4067 	}
-4068 
-4069         if (this.nameAlg !== null && this.asn1Alg === null) {
-4070             this.asn1Alg = _KJUR_asn1.x509.OID.name2obj(this.nameAlg);
-4071         }
-4072         var a = [this.asn1Alg];
-4073         if (this.asn1Params !== null) a.push(this.asn1Params);
-4074 
-4075         var o = new _KJUR_asn1.DERSequence({'array': a});
-4076         this.hTLV = o.tohex();
-4077         return this.hTLV;
-4078     };
-4079     this.getEncodedHex = function() { return this.tohex(); };
-4080 
-4081     if (params !== undefined) {
-4082         if (params.name !== undefined) {
-4083             this.nameAlg = params.name;
-4084         }
-4085         if (params.asn1params !== undefined) {
-4086             this.asn1Params = params.asn1params;
-4087         }
-4088         if (params.paramempty !== undefined) {
-4089             this.paramEmpty = params.paramempty;
-4090         }
-4091     }
-4092 
-4093     // set algorithm parameters will be ommitted for
-4094     // "*withDSA" or "*withECDSA" otherwise will be NULL.
-4095     if (this.asn1Params === null &&
-4096 	this.paramEmpty === false &&
-4097 	this.nameAlg !== null) {
-4098 
-4099 	if (this.nameAlg.name !== undefined) {
-4100 	    this.nameAlg = this.nameAlg.name;
-4101 	}
-4102 	var lcNameAlg = this.nameAlg.toLowerCase();
-4103 
-4104 	if (lcNameAlg.substr(-7, 7) !== "withdsa" &&
-4105 	    lcNameAlg.substr(-9, 9) !== "withecdsa") {
-4106             this.asn1Params = new _KJUR_asn1.DERNull();
-4107 	}
-4108     }
-4109 };
-4110 extendClass(KJUR.asn1.x509.AlgorithmIdentifier, KJUR.asn1.ASN1Object);
-4111 
-4112 /**
-4113  * AlgorithmIdentifier ASN.1 TLV string associative array for RSA-PSS algorithm names
-4114  * @const
-4115  */
-4116 KJUR.asn1.x509.AlgorithmIdentifier.PSSNAME2ASN1TLV = {
-4117     "SHAwithRSAandMGF1":
-4118     "300d06092a864886f70d01010a3000",
-4119     "SHA256withRSAandMGF1":
-4120     "303d06092a864886f70d01010a3030a00d300b0609608648016503040201a11a301806092a864886f70d010108300b0609608648016503040201a203020120",
-4121     "SHA384withRSAandMGF1":
-4122     "303d06092a864886f70d01010a3030a00d300b0609608648016503040202a11a301806092a864886f70d010108300b0609608648016503040202a203020130",
-4123     "SHA512withRSAandMGF1":
-4124     "303d06092a864886f70d01010a3030a00d300b0609608648016503040203a11a301806092a864886f70d010108300b0609608648016503040203a203020140"
-4125 };
-4126 
-4127 /**
-4128  * GeneralName ASN.1 structure class<br/>
-4129  * @name KJUR.asn1.x509.GeneralName
-4130  * @class GeneralName ASN.1 structure class
-4131  * @see KJUR.asn1.x509.OtherName
-4132  * @see KJUR.asn1.x509.X500Name
-4133  *
-4134  * @description
-4135  * <br/>
-4136  * As for argument 'params' for constructor, you can specify one of
-4137  * following properties:
-4138  * <ul>
-4139  * <li>rfc822 - rfc822Name[1] (ex. user1@foo.com)</li>
-4140  * <li>dns - dNSName[2] (ex. foo.com)</li>
-4141  * <li>uri - uniformResourceIdentifier[6] (ex. http://foo.com/)</li>
-4142  * <li>dn - directoryName[4] 
-4143  * distinguished name string or X500Name class parameters can be
-4144  * specified (ex. "/C=US/O=Test", {hex: '301c...')</li>
-4145  * <li>ldapdn - directoryName[4] (ex. O=Test,C=US)</li>
-4146  * <li>certissuer - directoryName[4] (PEM or hex string of cert)</li>
-4147  * <li>certsubj - directoryName[4] (PEM or hex string of cert)</li>
-4148  * <li>ip - iPAddress[7] (ex. 192.168.1.1, 2001:db3::43, 3faa0101...)</li>
-4149  * </ul>
-4150  * NOTE1: certissuer and certsubj were supported since asn1x509 1.0.10.<br/>
-4151  * NOTE2: dn and ldapdn were supported since jsrsasign 6.2.3 asn1x509 1.0.19.<br/>
-4152  * NOTE3: ip were supported since jsrsasign 8.0.10 asn1x509 1.1.4.<br/>
-4153  * NOTE4: X500Name parameters in dn were supported since jsrsasign 8.0.16.<br/>
-4154  * NOTE5: otherName is supported since jsrsasign 10.5.3.<br/>
-4155  *
-4156  * Here is definition of the ASN.1 syntax:
-4157  * <pre>
-4158  * -- NOTE: under the CHOICE, it will always be explicit.
-4159  * GeneralName ::= CHOICE {
-4160  *   otherName                  [0] OtherName,
-4161  *   rfc822Name                 [1] IA5String,
-4162  *   dNSName                    [2] IA5String,
-4163  *   x400Address                [3] ORAddress,
-4164  *   directoryName              [4] Name,
-4165  *   ediPartyName               [5] EDIPartyName,
-4166  *   uniformResourceIdentifier  [6] IA5String,
-4167  *   iPAddress                  [7] OCTET STRING,
-4168  *   registeredID               [8] OBJECT IDENTIFIER }
+3840 		this.asn1SubjPKey = new _DERBitString({'hex': '00' + key.pubKeyHex});
+3841 	    }
+3842 	} catch(ex) {};
+3843 
+3844 	try {
+3845 	    if (key instanceof KJUR.crypto.DSA) {
+3846 		var asn1Params = new _newObject({
+3847 		    'seq': [{'int': {'bigint': key.p}},
+3848 			    {'int': {'bigint': key.q}},
+3849 			    {'int': {'bigint': key.g}}]
+3850 		});
+3851 		this.asn1AlgId =
+3852 		    new _AlgorithmIdentifier({'name': 'dsa',
+3853 					      'asn1params': asn1Params});
+3854 		var pubInt = new _DERInteger({'bigint': key.y});
+3855 		this.asn1SubjPKey = 
+3856 		    new _DERBitString({'hex': '00' + pubInt.tohex()});
+3857 	    }
+3858 	} catch(ex) {};
+3859     };
+3860 
+3861     if (params !== undefined) {
+3862 	this.setPubKey(params);
+3863     }
+3864 };
+3865 extendClass(KJUR.asn1.x509.SubjectPublicKeyInfo, KJUR.asn1.ASN1Object);
+3866 
+3867 /**
+3868  * Time ASN.1 structure class<br/>
+3869  * @name KJUR.asn1.x509.Time
+3870  * @class Time ASN.1 structure class
+3871  * @param {Array} params associative array of parameters (ex. {'str': '130508235959Z'})
+3872  * @extends KJUR.asn1.ASN1Object
+3873  * @see KJUR.asn1.DERUTCTime
+3874  * @see KJUR.asn1.DERGeneralizedTime
+3875  * @description
+3876  * This class represents Time ASN.1 structure defined in 
+3877  * <a href="https://tools.ietf.org/html/rfc5280">RFC 5280</a>
+3878  * <pre>
+3879  * Time ::= CHOICE {
+3880  *      utcTime        UTCTime,
+3881  *      generalTime    GeneralizedTime }
+3882  * </pre>
+3883  *
+3884  * @example
+3885  * var t1 = new KJUR.asn1.x509.Time{'str': '130508235959Z'} // UTCTime by default
+3886  * var t2 = new KJUR.asn1.x509.Time{'type': 'gen',  'str': '20130508235959Z'} // GeneralizedTime
+3887  */
+3888 KJUR.asn1.x509.Time = function(params) {
+3889     KJUR.asn1.x509.Time.superclass.constructor.call(this);
+3890     var type = null,
+3891 	timeParams = null,
+3892 	_KJUR = KJUR,
+3893 	_KJUR_asn1 = _KJUR.asn1,
+3894 	_DERUTCTime = _KJUR_asn1.DERUTCTime,
+3895 	_DERGeneralizedTime = _KJUR_asn1.DERGeneralizedTime;
+3896     this.params = null;
+3897     this.type = null;
+3898 
+3899     // deprecated
+3900     this.setTimeParams = function(timeParams) {
+3901         this.timeParams = timeParams;
+3902     }
+3903 
+3904     this.setByParam = function(params) {
+3905 	this.params = params;
+3906     };
+3907 
+3908     this.getType = function(s) {
+3909         if (s.match(/^[0-9]{12}Z$/)) return "utc";
+3910         if (s.match(/^[0-9]{14}Z$/)) return "gen";
+3911         if (s.match(/^[0-9]{12}\.[0-9]+Z$/)) return "utc";
+3912         if (s.match(/^[0-9]{14}\.[0-9]+Z$/)) return "gen";
+3913 	return null;
+3914     };
+3915 
+3916     this.tohex = function() {
+3917 	var params = this.params;
+3918         var o = null;
+3919 
+3920 	if (typeof params == "string") params = {str: params};
+3921 	if (params != null &&
+3922 	    params.str && 
+3923 	    (params.type == null || params.type == undefined)) {
+3924 	    params.type = this.getType(params.str);
+3925 	}
+3926 
+3927 	if (params != null && params.str) {
+3928 	    if (params.type == "utc") o = new _DERUTCTime(params.str);
+3929 	    if (params.type == "gen") o = new _DERGeneralizedTime(params.str);
+3930 	} else {
+3931 	    if (this.type == "gen") {
+3932 		o = new _DERGeneralizedTime();
+3933 	    } else {
+3934 		o = new _DERUTCTime();
+3935 	    }
+3936 	}
+3937 
+3938 	if (o == null) throw new Error("wrong setting for Time");
+3939         this.TLV = o.tohex();
+3940         return this.TLV;
+3941     };
+3942     this.getEncodedHex = function() { return this.tohex(); };
+3943 
+3944     if (params != undefined) this.setByParam(params);
+3945 };
+3946 
+3947 KJUR.asn1.x509.Time_bak = function(params) {
+3948     KJUR.asn1.x509.Time_bak.superclass.constructor.call(this);
+3949     var type = null,
+3950 	timeParams = null,
+3951 	_KJUR = KJUR,
+3952 	_KJUR_asn1 = _KJUR.asn1,
+3953 	_DERUTCTime = _KJUR_asn1.DERUTCTime,
+3954 	_DERGeneralizedTime = _KJUR_asn1.DERGeneralizedTime;
+3955 
+3956     this.setTimeParams = function(timeParams) {
+3957         this.timeParams = timeParams;
+3958     }
+3959 
+3960     this.tohex = function() {
+3961         var o = null;
+3962 
+3963         if (this.timeParams != null) {
+3964             if (this.type == "utc") {
+3965                 o = new _DERUTCTime(this.timeParams);
+3966             } else {
+3967                 o = new _DERGeneralizedTime(this.timeParams);
+3968             }
+3969         } else {
+3970             if (this.type == "utc") {
+3971                 o = new _DERUTCTime();
+3972             } else {
+3973                 o = new _DERGeneralizedTime();
+3974             }
+3975         }
+3976         this.TLV = o.tohex();
+3977         return this.TLV;
+3978     };
+3979     this.getEncodedHex = function() { return this.tohex(); };
+3980 
+3981     this.type = "utc";
+3982     if (params !== undefined) {
+3983         if (params.type !== undefined) {
+3984             this.type = params.type;
+3985         } else {
+3986             if (params.str !== undefined) {
+3987                 if (params.str.match(/^[0-9]{12}Z$/)) this.type = "utc";
+3988                 if (params.str.match(/^[0-9]{14}Z$/)) this.type = "gen";
+3989             }
+3990         }
+3991         this.timeParams = params;
+3992     }
+3993 };
+3994 extendClass(KJUR.asn1.x509.Time, KJUR.asn1.ASN1Object);
+3995 
+3996 /**
+3997  * AlgorithmIdentifier ASN.1 structure class
+3998  * @name KJUR.asn1.x509.AlgorithmIdentifier
+3999  * @class AlgorithmIdentifier ASN.1 structure class
+4000  * @param {Array} params associative array of parameters (ex. {'name': 'SHA1withRSA'})
+4001  * @extends KJUR.asn1.ASN1Object
+4002  * @description
+4003  * The 'params' argument is an associative array and has following parameters:
+4004  * <ul>
+4005  * <li>name: algorithm name (MANDATORY, ex. sha1, SHA256withRSA)</li>
+4006  * <li>asn1params: explicitly specify ASN.1 object for algorithm.
+4007  * (OPTION)</li>
+4008  * <li>paramempty: set algorithm parameter to NULL by force.
+4009  * If paramempty is false, algorithm parameter will be set automatically.
+4010  * If paramempty is false and algorithm name is "*withDSA" or "withECDSA" parameter field of
+4011  * AlgorithmIdentifier will be ommitted otherwise
+4012  * it will be NULL by default.
+4013  * (OPTION, DEFAULT = false)</li>
+4014  * </ul>
+4015  * RSA-PSS algorithm names such as SHA{,256,384,512}withRSAandMGF1 are
+4016  * special names. They will set a suite of algorithm OID and multiple algorithm
+4017  * parameters. Its ASN.1 schema is defined in 
+4018  * <a href="https://tools.ietf.org/html/rfc3447#appendix-A.2.3">RFC 3447 PKCS#1 2.1
+4019  * section A.2.3</a>.
+4020  * <blockquote><pre>
+4021  * id-RSASSA-PSS  OBJECT IDENTIFIER ::= { pkcs-1 10 }
+4022  * RSASSA-PSS-params ::= SEQUENCE {
+4023  *   hashAlgorithm      [0] HashAlgorithm    DEFAULT sha1,
+4024  *   maskGenAlgorithm   [1] MaskGenAlgorithm DEFAULT mgf1SHA1,
+4025  *   saltLength         [2] INTEGER          DEFAULT 20,
+4026  *   trailerField       [3] TrailerField     DEFAULT trailerFieldBC }
+4027  * mgf1SHA1    MaskGenAlgorithm ::= {
+4028  *   algorithm   id-mgf1,
+4029  *   parameters  HashAlgorithm : sha1 }
+4030  * id-mgf1     OBJECT IDENTIFIER ::= { pkcs-1 8 }
+4031  * TrailerField ::= INTEGER { trailerFieldBC(1) }
+4032  * </pre></blockquote>
+4033  * Here is a table for PSS parameters:
+4034  * <table>
+4035  * <tr><th>Name</th><th>alg oid</th><th>pss hash</th><th>maskgen</th></th><th>pss saltlen</th><th>trailer</th></tr>
+4036  * <tr><td>SHAwithRSAandMGF1</td><td>1.2.840.113549.1.1.10(rsapss)</td><td>default(sha1)</td><td>default(mgf1sha1)</td><td>default(20)</td><td>default(1)</td></tr>
+4037  * <tr><td>SHA256withRSAandMGF1</td><td>1.2.840.113549.1.1.10(rsapss)</td><td>sha256</td><td>mgf1sha256</td><td>32</td><td>default(1)</td></tr>
+4038  * <tr><td>SHA384withRSAandMGF1</td><td>1.2.840.113549.1.1.10(rsapss)</td><td>sha384</td><td>mgf1sha384</td><td>48</td><td>default(1)</td></tr>
+4039  * <tr><td>SHA512withRSAandMGF1</td><td>1.2.840.113549.1.1.10(rsapss)</td><td>sha512</td><td>mgf1sha512</td><td>64</td><td>default(1)</td></tr>
+4040  * </table>
+4041  * Default value is omitted as defined in ASN.1 schema.
+4042  * These parameters are interoperable to OpenSSL or IAIK toolkit.
+4043  * <br/>
+4044  * NOTE: RSA-PSS algorihtm names are supported since jsrsasign 8.0.21. 
+4045  * @example
+4046  * new KJUR.asn1.x509.AlgorithmIdentifier({name: "sha1"})
+4047  * new KJUR.asn1.x509.AlgorithmIdentifier({name: "SHA256withRSA"})
+4048  * new KJUR.asn1.x509.AlgorithmIdentifier({name: "SHA512withRSAandMGF1"}) // set parameters automatically
+4049  * new KJUR.asn1.x509.AlgorithmIdentifier({name: "SHA256withRSA", paramempty: true})
+4050  * new KJUR.asn1.x509.AlgorithmIdentifier({name: "rsaEncryption"})
+4051  */
+4052 KJUR.asn1.x509.AlgorithmIdentifier = function(params) {
+4053     KJUR.asn1.x509.AlgorithmIdentifier.superclass.constructor.call(this);
+4054     this.nameAlg = null;
+4055     this.asn1Alg = null;
+4056     this.asn1Params = null;
+4057     this.paramEmpty = false;
+4058 
+4059     var _KJUR = KJUR,
+4060 	_KJUR_asn1 = _KJUR.asn1,
+4061 	_PSSNAME2ASN1TLV = _KJUR_asn1.x509.AlgorithmIdentifier.PSSNAME2ASN1TLV;
+4062 
+4063     this.tohex = function() {
+4064         if (this.nameAlg === null && this.asn1Alg === null) {
+4065             throw new Error("algorithm not specified");
+4066         }
+4067 
+4068 	// for RSAPSS algorithm name
+4069 	//  && this.hTLV === null
+4070 	if (this.nameAlg !== null) {
+4071 	    var hTLV = null;
+4072 	    for (var key in _PSSNAME2ASN1TLV) {
+4073 		if (key === this.nameAlg) {
+4074 		    hTLV = _PSSNAME2ASN1TLV[key];
+4075 		}
+4076 	    }
+4077 	    if (hTLV !== null) {
+4078 		this.hTLV = hTLV;
+4079 		return this.hTLV;
+4080 	    }
+4081 	}
+4082 
+4083         if (this.nameAlg !== null && this.asn1Alg === null) {
+4084             this.asn1Alg = _KJUR_asn1.x509.OID.name2obj(this.nameAlg);
+4085         }
+4086         var a = [this.asn1Alg];
+4087         if (this.asn1Params !== null) a.push(this.asn1Params);
+4088 
+4089         var o = new _KJUR_asn1.DERSequence({'array': a});
+4090         this.hTLV = o.tohex();
+4091         return this.hTLV;
+4092     };
+4093     this.getEncodedHex = function() { return this.tohex(); };
+4094 
+4095     if (params !== undefined) {
+4096         if (params.name !== undefined) {
+4097             this.nameAlg = params.name;
+4098         }
+4099         if (params.asn1params !== undefined) {
+4100             this.asn1Params = params.asn1params;
+4101         }
+4102         if (params.paramempty !== undefined) {
+4103             this.paramEmpty = params.paramempty;
+4104         }
+4105     }
+4106 
+4107     // set algorithm parameters will be ommitted for
+4108     // "*withDSA" or "*withECDSA" otherwise will be NULL.
+4109     if (this.asn1Params === null &&
+4110 	this.paramEmpty === false &&
+4111 	this.nameAlg !== null) {
+4112 
+4113 	if (this.nameAlg.name !== undefined) {
+4114 	    this.nameAlg = this.nameAlg.name;
+4115 	}
+4116 	var lcNameAlg = this.nameAlg.toLowerCase();
+4117 
+4118 	if (lcNameAlg.substr(-7, 7) !== "withdsa" &&
+4119 	    lcNameAlg.substr(-9, 9) !== "withecdsa") {
+4120             this.asn1Params = new _KJUR_asn1.DERNull();
+4121 	}
+4122     }
+4123 };
+4124 extendClass(KJUR.asn1.x509.AlgorithmIdentifier, KJUR.asn1.ASN1Object);
+4125 
+4126 /**
+4127  * AlgorithmIdentifier ASN.1 TLV string associative array for RSA-PSS algorithm names
+4128  * @const
+4129  */
+4130 KJUR.asn1.x509.AlgorithmIdentifier.PSSNAME2ASN1TLV = {
+4131     "SHAwithRSAandMGF1":
+4132     "300d06092a864886f70d01010a3000",
+4133     "SHA256withRSAandMGF1":
+4134     "303d06092a864886f70d01010a3030a00d300b0609608648016503040201a11a301806092a864886f70d010108300b0609608648016503040201a203020120",
+4135     "SHA384withRSAandMGF1":
+4136     "303d06092a864886f70d01010a3030a00d300b0609608648016503040202a11a301806092a864886f70d010108300b0609608648016503040202a203020130",
+4137     "SHA512withRSAandMGF1":
+4138     "303d06092a864886f70d01010a3030a00d300b0609608648016503040203a11a301806092a864886f70d010108300b0609608648016503040203a203020140"
+4139 };
+4140 
+4141 /**
+4142  * GeneralName ASN.1 structure class<br/>
+4143  * @name KJUR.asn1.x509.GeneralName
+4144  * @class GeneralName ASN.1 structure class
+4145  * @see KJUR.asn1.x509.OtherName
+4146  * @see KJUR.asn1.x509.X500Name
+4147  *
+4148  * @description
+4149  * <br/>
+4150  * As for argument 'params' for constructor, you can specify one of
+4151  * following properties:
+4152  * <ul>
+4153  * <li>rfc822 - rfc822Name[1] (ex. user1@foo.com)</li>
+4154  * <li>dns - dNSName[2] (ex. foo.com)</li>
+4155  * <li>uri - uniformResourceIdentifier[6] (ex. http://foo.com/)</li>
+4156  * <li>dn - directoryName[4] 
+4157  * distinguished name string or X500Name class parameters can be
+4158  * specified (ex. "/C=US/O=Test", {hex: '301c...')</li>
+4159  * <li>ldapdn - directoryName[4] (ex. O=Test,C=US)</li>
+4160  * <li>certissuer - directoryName[4] (PEM or hex string of cert)</li>
+4161  * <li>certsubj - directoryName[4] (PEM or hex string of cert)</li>
+4162  * <li>ip - iPAddress[7] (ex. 192.168.1.1, 2001:db3::43, 3faa0101...)</li>
+4163  * </ul>
+4164  * NOTE1: certissuer and certsubj were supported since asn1x509 1.0.10.<br/>
+4165  * NOTE2: dn and ldapdn were supported since jsrsasign 6.2.3 asn1x509 1.0.19.<br/>
+4166  * NOTE3: ip were supported since jsrsasign 8.0.10 asn1x509 1.1.4.<br/>
+4167  * NOTE4: X500Name parameters in dn were supported since jsrsasign 8.0.16.<br/>
+4168  * NOTE5: otherName is supported since jsrsasign 10.5.3.<br/>
 4169  *
-4170  * OtherName ::= SEQUENCE {
-4171  *   type-id    OBJECT IDENTIFIER,
-4172  *   value      [0] EXPLICIT ANY DEFINED BY type-id }
-4173  * </pre>
-4174  *
-4175  * @example
-4176  * gn = new KJUR.asn1.x509.GeneralName({dn:     '/C=US/O=Test'});
-4177  * gn = new KJUR.asn1.x509.GeneralName({dn:     X500NameObject);
-4178  * gn = new KJUR.asn1.x509.GeneralName({dn:     {str: /C=US/O=Test'});
-4179  * gn = new KJUR.asn1.x509.GeneralName({dn:     {ldapstr: 'O=Test,C=US'});
-4180  * gn = new KJUR.asn1.x509.GeneralName({dn:     {hex: '301c...'});
-4181  * gn = new KJUR.asn1.x509.GeneralName({dn:     {certissuer: PEMCERTSTRING});
-4182  * gn = new KJUR.asn1.x509.GeneralName({dn:     {certsubject: PEMCERTSTRING});
-4183  * gn = new KJUR.asn1.x509.GeneralName({ip:     '192.168.1.1'});
-4184  * gn = new KJUR.asn1.x509.GeneralName({ip:     '2001:db4::4:1'});
-4185  * gn = new KJUR.asn1.x509.GeneralName({ip:     'c0a80101'});
-4186  * gn = new KJUR.asn1.x509.GeneralName({rfc822: 'test@aaa.com'});
-4187  * gn = new KJUR.asn1.x509.GeneralName({dns:    'aaa.com'});
-4188  * gn = new KJUR.asn1.x509.GeneralName({uri:    'http://aaa.com/'});
-4189  * gn = new KJUR.asn1.x509.GeneralName({other: {
-4190  *   oid: "1.2.3.4",
-4191  *   value: {utf8str: "example"} // any ASN.1 which passed to ASN1Util.newObject
-4192  * }});
-4193  *
-4194  * gn = new KJUR.asn1.x509.GeneralName({ldapdn:     'O=Test,C=US'}); // DEPRECATED
-4195  * gn = new KJUR.asn1.x509.GeneralName({certissuer: certPEM});       // DEPRECATED
-4196  * gn = new KJUR.asn1.x509.GeneralName({certsubj:   certPEM});       // DEPRECATED
-4197  */
-4198 KJUR.asn1.x509.GeneralName = function(params) {
-4199     KJUR.asn1.x509.GeneralName.superclass.constructor.call(this);
-4200 
-4201     var pTag = { rfc822: '81', dns: '82', dn: 'a4',  
-4202 		 uri: '86', ip: '87', otherName: 'a0'},
-4203 	_KJUR = KJUR,
-4204 	_KJUR_asn1 = _KJUR.asn1,
-4205 	_KJUR_asn1_x509 = _KJUR_asn1.x509,
-4206 	_X500Name = _KJUR_asn1_x509.X500Name,
-4207 	_OtherName = _KJUR_asn1_x509.OtherName,
-4208 	_DERIA5String = _KJUR_asn1.DERIA5String,
-4209 	_DERPrintableString = _KJUR_asn1.DERPrintableString,
-4210 	_DEROctetString = _KJUR_asn1.DEROctetString,
-4211 	_DERTaggedObject = _KJUR_asn1.DERTaggedObject,
-4212 	_ASN1Object = _KJUR_asn1.ASN1Object,
-4213 	_Error = Error;
+4170  * Here is definition of the ASN.1 syntax:
+4171  * <pre>
+4172  * -- NOTE: under the CHOICE, it will always be explicit.
+4173  * GeneralName ::= CHOICE {
+4174  *   otherName                  [0] OtherName,
+4175  *   rfc822Name                 [1] IA5String,
+4176  *   dNSName                    [2] IA5String,
+4177  *   x400Address                [3] ORAddress,
+4178  *   directoryName              [4] Name,
+4179  *   ediPartyName               [5] EDIPartyName,
+4180  *   uniformResourceIdentifier  [6] IA5String,
+4181  *   iPAddress                  [7] OCTET STRING,
+4182  *   registeredID               [8] OBJECT IDENTIFIER }
+4183  *
+4184  * OtherName ::= SEQUENCE {
+4185  *   type-id    OBJECT IDENTIFIER,
+4186  *   value      [0] EXPLICIT ANY DEFINED BY type-id }
+4187  * </pre>
+4188  *
+4189  * @example
+4190  * gn = new KJUR.asn1.x509.GeneralName({dn:     '/C=US/O=Test'});
+4191  * gn = new KJUR.asn1.x509.GeneralName({dn:     X500NameObject);
+4192  * gn = new KJUR.asn1.x509.GeneralName({dn:     {str: /C=US/O=Test'});
+4193  * gn = new KJUR.asn1.x509.GeneralName({dn:     {ldapstr: 'O=Test,C=US'});
+4194  * gn = new KJUR.asn1.x509.GeneralName({dn:     {hex: '301c...'});
+4195  * gn = new KJUR.asn1.x509.GeneralName({dn:     {certissuer: PEMCERTSTRING});
+4196  * gn = new KJUR.asn1.x509.GeneralName({dn:     {certsubject: PEMCERTSTRING});
+4197  * gn = new KJUR.asn1.x509.GeneralName({ip:     '192.168.1.1'});
+4198  * gn = new KJUR.asn1.x509.GeneralName({ip:     '2001:db4::4:1'});
+4199  * gn = new KJUR.asn1.x509.GeneralName({ip:     'c0a80101'});
+4200  * gn = new KJUR.asn1.x509.GeneralName({rfc822: 'test@aaa.com'});
+4201  * gn = new KJUR.asn1.x509.GeneralName({dns:    'aaa.com'});
+4202  * gn = new KJUR.asn1.x509.GeneralName({uri:    'http://aaa.com/'});
+4203  * gn = new KJUR.asn1.x509.GeneralName({other: {
+4204  *   oid: "1.2.3.4",
+4205  *   value: {utf8str: "example"} // any ASN.1 which passed to ASN1Util.newObject
+4206  * }});
+4207  *
+4208  * gn = new KJUR.asn1.x509.GeneralName({ldapdn:     'O=Test,C=US'}); // DEPRECATED
+4209  * gn = new KJUR.asn1.x509.GeneralName({certissuer: certPEM});       // DEPRECATED
+4210  * gn = new KJUR.asn1.x509.GeneralName({certsubj:   certPEM});       // DEPRECATED
+4211  */
+4212 KJUR.asn1.x509.GeneralName = function(params) {
+4213     KJUR.asn1.x509.GeneralName.superclass.constructor.call(this);
 4214 
-4215     this.params = null;
-4216 
-4217     this.setByParam = function(params) {
-4218 	this.params = params;
-4219     };
-4220 
-4221     this.tohex = function() {
-4222 	var params = this.params;
-4223 	var hTag, explicitFlag, dObj;
-4224 	var explicitFlag = false;
-4225 	if (params.other !== undefined) {
-4226 	    hTag = "a0",
-4227 	    dObj = new _OtherName(params.other);
-4228 	} else if (params.rfc822 !== undefined) {
-4229 	    hTag = "81";
-4230 	    dObj = new _DERIA5String({str: params.rfc822});
-4231 	} else if (params.dns !== undefined) {
-4232 	    hTag = "82";
-4233 	    dObj = new _DERIA5String({str: params.dns});
-4234 	} else if (params.dn !== undefined) {
-4235 	    hTag = "a4";
-4236 	    explicitFlag = true;
-4237 	    if (typeof params.dn === "string") {
-4238 		dObj = new _X500Name({str: params.dn});
-4239 	    } else if (params.dn instanceof KJUR.asn1.x509.X500Name) {
-4240 		dObj = params.dn;
-4241 	    } else {
-4242 		dObj = new _X500Name(params.dn);
-4243 	    }
-4244 	} else if (params.ldapdn !== undefined) {
-4245 	    hTag = "a4";
-4246 	    explicitFlag = true;
-4247 	    dObj = new _X500Name({ldapstr: params.ldapdn});
-4248 	} else if (params.certissuer !== undefined ||
-4249 		   params.certsubj !== undefined) {
-4250 	    hTag = "a4";
-4251 	    explicitFlag = true;
-4252 	    var isIssuer, certStr;
-4253 	    var certHex = null;
-4254 	    if (params.certsubj !== undefined) {
-4255 		isIssuer = false;
-4256 		certStr = params.certsubj;
-4257 	    } else {
-4258 		isIssuer = true;
-4259 		certStr = params.certissuer;
-4260 	    }
-4261 
-4262 	    if (certStr.match(/^[0-9A-Fa-f]+$/)) {
-4263 		certHex == certStr;
-4264             }
-4265 	    if (certStr.indexOf("-----BEGIN ") != -1) {
-4266 		certHex = pemtohex(certStr);
-4267 	    }
-4268 	    if (certHex == null) 
-4269 		throw new Error("certsubj/certissuer not cert");
-4270 
-4271 	    var x = new X509();
-4272 	    x.hex = certHex;
-4273 
-4274 	    var hDN;
-4275 	    if (isIssuer) {
-4276 		hDN = x.getIssuerHex();
-4277 	    } else {
-4278 		hDN = x.getSubjectHex();
-4279 	    }
-4280 	    dObj = new _ASN1Object();
-4281 	    dObj.hTLV = hDN;
-4282 	} else if (params.uri !== undefined) {
-4283 	    hTag = "86";
-4284 	    dObj = new _DERIA5String({str: params.uri});
-4285 	} else if (params.ip !== undefined) {
-4286 	    hTag = "87";
-4287 	    var hIP;
-4288 	    var ip = params.ip;
-4289 	    try {
-4290 		if (ip.match(/^[0-9a-f]+$/)) {
-4291 		    var len = ip.length;
-4292 		    if (len == 8 || len == 16 || len == 32 || len == 64) {
-4293 			hIP = ip;
-4294 		    } else {
-4295 			throw "err";
-4296 		    }
-4297 		} else {
-4298 		    hIP = iptohex(ip);
-4299 		}
-4300 	    } catch(ex) {
-4301 		throw new _Error("malformed IP address: " + params.ip + ":" + ex.message);
-4302 	    }
-4303 	    dObj = new _DEROctetString({hex: hIP});
-4304 	} else {
-4305 	    throw new _Error("improper params");
-4306 	}
-4307 
-4308 	var dTag = new _DERTaggedObject({tag: hTag,
-4309 					 explicit: explicitFlag,
-4310 					 obj: dObj});
-4311 	return dTag.tohex();
-4312     };
-4313     this.getEncodedHex = function() { return this.tohex(); };
-4314 
-4315     if (params !== undefined) this.setByParam(params);
-4316 };
-4317 extendClass(KJUR.asn1.x509.GeneralName, KJUR.asn1.ASN1Object);
-4318 
-4319 /**
-4320  * GeneralNames ASN.1 structure class<br/>
-4321  * @name KJUR.asn1.x509.GeneralNames
-4322  * @class GeneralNames ASN.1 structure class
-4323  * @description
-4324  * <br/>
-4325  * <h4>EXAMPLE AND ASN.1 SYNTAX</h4>
-4326  * @example
-4327  * gns = new KJUR.asn1.x509.GeneralNames([{'uri': 'http://aaa.com/'}, {'uri': 'http://bbb.com/'}]);
-4328  *
-4329  * GeneralNames ::= SEQUENCE SIZE (1..MAX) OF GeneralName
-4330  */
-4331 KJUR.asn1.x509.GeneralNames = function(paramsArray) {
-4332     KJUR.asn1.x509.GeneralNames.superclass.constructor.call(this);
-4333     var asn1Array = null,
-4334 	_KJUR = KJUR,
-4335 	_KJUR_asn1 = _KJUR.asn1;
-4336 
-4337     /**
-4338      * set a array of {@link KJUR.asn1.x509.GeneralName} parameters<br/>
-4339      * @name setByParamArray
-4340      * @memberOf KJUR.asn1.x509.GeneralNames#
-4341      * @function
-4342      * @param {Array} paramsArray Array of {@link KJUR.asn1.x509.GeneralNames}
-4343      * @description
-4344      * <br/>
-4345      * <h4>EXAMPLES</h4>
-4346      * @example
-4347      * gns = new KJUR.asn1.x509.GeneralNames();
-4348      * gns.setByParamArray([{uri: 'http://aaa.com/'}, {uri: 'http://bbb.com/'}]);
-4349      */
-4350     this.setByParamArray = function(paramsArray) {
-4351         for (var i = 0; i < paramsArray.length; i++) {
-4352             var o = new _KJUR_asn1.x509.GeneralName(paramsArray[i]);
-4353             this.asn1Array.push(o);
-4354         }
-4355     };
-4356 
-4357     this.tohex = function() {
-4358         var o = new _KJUR_asn1.DERSequence({'array': this.asn1Array});
-4359         return o.tohex();
-4360     };
-4361     this.getEncodedHex = function() { return this.tohex(); };
-4362 
-4363     this.asn1Array = new Array();
-4364     if (typeof paramsArray != "undefined") {
-4365         this.setByParamArray(paramsArray);
-4366     }
-4367 };
-4368 extendClass(KJUR.asn1.x509.GeneralNames, KJUR.asn1.ASN1Object);
-4369 
-4370 /**
-4371  * OtherName of GeneralName ASN.1 structure class<br/>
-4372  * @name KJUR.asn1.x509.OtherName
-4373  * @class OtherName ASN.1 structure class
-4374  * @since jsrsasign 10.5.3 asn1x509 2.1.12
-4375  * @see KJUR.asn1.x509.GeneralName
-4376  * @see KJUR.asn1.ASN1Util.newObject
-4377  *
-4378  * @description
-4379  * This class is for OtherName of GeneralName ASN.1 structure.
-4380  * Constructor has two members:
-4381  * <ul>
-4382  * <li>oid - oid string (ex. "1.2.3.4")</li>
-4383  * <li>value - JSON object passed to ASN1Util.newObject or ASN1Object object</li>
-4384  * </ul>
-4385  *
-4386  * <pre>
-4387  * OtherName ::= SEQUENCE {
-4388  *   type-id    OBJECT IDENTIFIER,
-4389  *   value      [0] EXPLICIT ANY DEFINED BY type-id }
-4390  * </pre>
+4215     var pTag = { rfc822: '81', dns: '82', dn: 'a4',  
+4216 		 uri: '86', ip: '87', otherName: 'a0'},
+4217 	_KJUR = KJUR,
+4218 	_KJUR_asn1 = _KJUR.asn1,
+4219 	_KJUR_asn1_x509 = _KJUR_asn1.x509,
+4220 	_X500Name = _KJUR_asn1_x509.X500Name,
+4221 	_OtherName = _KJUR_asn1_x509.OtherName,
+4222 	_DERIA5String = _KJUR_asn1.DERIA5String,
+4223 	_DERPrintableString = _KJUR_asn1.DERPrintableString,
+4224 	_DEROctetString = _KJUR_asn1.DEROctetString,
+4225 	_DERTaggedObject = _KJUR_asn1.DERTaggedObject,
+4226 	_ASN1Object = _KJUR_asn1.ASN1Object,
+4227 	_Error = Error;
+4228 
+4229     this.params = null;
+4230 
+4231     this.setByParam = function(params) {
+4232 	this.params = params;
+4233     };
+4234 
+4235     this.tohex = function() {
+4236 	var params = this.params;
+4237 	var hTag, explicitFlag, dObj;
+4238 	var explicitFlag = false;
+4239 	if (params.other !== undefined) {
+4240 	    hTag = "a0",
+4241 	    dObj = new _OtherName(params.other);
+4242 	} else if (params.rfc822 !== undefined) {
+4243 	    hTag = "81";
+4244 	    dObj = new _DERIA5String({str: params.rfc822});
+4245 	} else if (params.dns !== undefined) {
+4246 	    hTag = "82";
+4247 	    dObj = new _DERIA5String({str: params.dns});
+4248 	} else if (params.dn !== undefined) {
+4249 	    hTag = "a4";
+4250 	    explicitFlag = true;
+4251 	    if (typeof params.dn === "string") {
+4252 		dObj = new _X500Name({str: params.dn});
+4253 	    } else if (params.dn instanceof KJUR.asn1.x509.X500Name) {
+4254 		dObj = params.dn;
+4255 	    } else {
+4256 		dObj = new _X500Name(params.dn);
+4257 	    }
+4258 	} else if (params.ldapdn !== undefined) {
+4259 	    hTag = "a4";
+4260 	    explicitFlag = true;
+4261 	    dObj = new _X500Name({ldapstr: params.ldapdn});
+4262 	} else if (params.certissuer !== undefined ||
+4263 		   params.certsubj !== undefined) {
+4264 	    hTag = "a4";
+4265 	    explicitFlag = true;
+4266 	    var isIssuer, certStr;
+4267 	    var certHex = null;
+4268 	    if (params.certsubj !== undefined) {
+4269 		isIssuer = false;
+4270 		certStr = params.certsubj;
+4271 	    } else {
+4272 		isIssuer = true;
+4273 		certStr = params.certissuer;
+4274 	    }
+4275 
+4276 	    if (certStr.match(/^[0-9A-Fa-f]+$/)) {
+4277 		certHex == certStr;
+4278             }
+4279 	    if (certStr.indexOf("-----BEGIN ") != -1) {
+4280 		certHex = pemtohex(certStr);
+4281 	    }
+4282 	    if (certHex == null) 
+4283 		throw new Error("certsubj/certissuer not cert");
+4284 
+4285 	    var x = new X509();
+4286 	    x.hex = certHex;
+4287 
+4288 	    var hDN;
+4289 	    if (isIssuer) {
+4290 		hDN = x.getIssuerHex();
+4291 	    } else {
+4292 		hDN = x.getSubjectHex();
+4293 	    }
+4294 	    dObj = new _ASN1Object();
+4295 	    dObj.hTLV = hDN;
+4296 	} else if (params.uri !== undefined) {
+4297 	    hTag = "86";
+4298 	    dObj = new _DERIA5String({str: params.uri});
+4299 	} else if (params.ip !== undefined) {
+4300 	    hTag = "87";
+4301 	    var hIP;
+4302 	    var ip = params.ip;
+4303 	    try {
+4304 		if (ip.match(/^[0-9a-f]+$/)) {
+4305 		    var len = ip.length;
+4306 		    if (len == 8 || len == 16 || len == 32 || len == 64) {
+4307 			hIP = ip;
+4308 		    } else {
+4309 			throw "err";
+4310 		    }
+4311 		} else {
+4312 		    hIP = iptohex(ip);
+4313 		}
+4314 	    } catch(ex) {
+4315 		throw new _Error("malformed IP address: " + params.ip + ":" + ex.message);
+4316 	    }
+4317 	    dObj = new _DEROctetString({hex: hIP});
+4318 	} else {
+4319 	    throw new _Error("improper params");
+4320 	}
+4321 
+4322 	var dTag = new _DERTaggedObject({tag: hTag,
+4323 					 explicit: explicitFlag,
+4324 					 obj: dObj});
+4325 	return dTag.tohex();
+4326     };
+4327     this.getEncodedHex = function() { return this.tohex(); };
+4328 
+4329     if (params !== undefined) this.setByParam(params);
+4330 };
+4331 extendClass(KJUR.asn1.x509.GeneralName, KJUR.asn1.ASN1Object);
+4332 
+4333 /**
+4334  * GeneralNames ASN.1 structure class<br/>
+4335  * @name KJUR.asn1.x509.GeneralNames
+4336  * @class GeneralNames ASN.1 structure class
+4337  * @description
+4338  * <br/>
+4339  * <h4>EXAMPLE AND ASN.1 SYNTAX</h4>
+4340  * @example
+4341  * gns = new KJUR.asn1.x509.GeneralNames([{'uri': 'http://aaa.com/'}, {'uri': 'http://bbb.com/'}]);
+4342  *
+4343  * GeneralNames ::= SEQUENCE SIZE (1..MAX) OF GeneralName
+4344  */
+4345 KJUR.asn1.x509.GeneralNames = function(paramsArray) {
+4346     KJUR.asn1.x509.GeneralNames.superclass.constructor.call(this);
+4347     var asn1Array = null,
+4348 	_KJUR = KJUR,
+4349 	_KJUR_asn1 = _KJUR.asn1;
+4350 
+4351     /**
+4352      * set a array of {@link KJUR.asn1.x509.GeneralName} parameters<br/>
+4353      * @name setByParamArray
+4354      * @memberOf KJUR.asn1.x509.GeneralNames#
+4355      * @function
+4356      * @param {Array} paramsArray Array of {@link KJUR.asn1.x509.GeneralNames}
+4357      * @description
+4358      * <br/>
+4359      * <h4>EXAMPLES</h4>
+4360      * @example
+4361      * gns = new KJUR.asn1.x509.GeneralNames();
+4362      * gns.setByParamArray([{uri: 'http://aaa.com/'}, {uri: 'http://bbb.com/'}]);
+4363      */
+4364     this.setByParamArray = function(paramsArray) {
+4365         for (var i = 0; i < paramsArray.length; i++) {
+4366             var o = new _KJUR_asn1.x509.GeneralName(paramsArray[i]);
+4367             this.asn1Array.push(o);
+4368         }
+4369     };
+4370 
+4371     this.tohex = function() {
+4372         var o = new _KJUR_asn1.DERSequence({'array': this.asn1Array});
+4373         return o.tohex();
+4374     };
+4375     this.getEncodedHex = function() { return this.tohex(); };
+4376 
+4377     this.asn1Array = new Array();
+4378     if (typeof paramsArray != "undefined") {
+4379         this.setByParamArray(paramsArray);
+4380     }
+4381 };
+4382 extendClass(KJUR.asn1.x509.GeneralNames, KJUR.asn1.ASN1Object);
+4383 
+4384 /**
+4385  * OtherName of GeneralName ASN.1 structure class<br/>
+4386  * @name KJUR.asn1.x509.OtherName
+4387  * @class OtherName ASN.1 structure class
+4388  * @since jsrsasign 10.5.3 asn1x509 2.1.12
+4389  * @see KJUR.asn1.x509.GeneralName
+4390  * @see KJUR.asn1.ASN1Util.newObject
 4391  *
-4392  * @example
-4393  * new KJUR.asn1.x509.OtherName({
-4394  *   oid: "1.2.3.4",
-4395  *   value: {prnstr: {str: "abc"}}
-4396  * })
-4397  */
-4398 KJUR.asn1.x509.OtherName = function(params) {
-4399     KJUR.asn1.x509.OtherName.superclass.constructor.call(this);
-4400 
-4401     var asn1Obj = null,
-4402 	type = null,
-4403 	_KJUR = KJUR,
-4404 	_KJUR_asn1 = _KJUR.asn1,
-4405 	_DERObjectIdentifier = _KJUR_asn1.DERObjectIdentifier,
-4406 	_DERSequence = _KJUR_asn1.DERSequence,
-4407 	_newObject = _KJUR_asn1.ASN1Util.newObject;
-4408 
-4409     this.params = null;
-4410 
-4411     this.setByParam = function(params) {
-4412 	this.params = params;
-4413     };
+4392  * @description
+4393  * This class is for OtherName of GeneralName ASN.1 structure.
+4394  * Constructor has two members:
+4395  * <ul>
+4396  * <li>oid - oid string (ex. "1.2.3.4")</li>
+4397  * <li>value - JSON object passed to ASN1Util.newObject or ASN1Object object</li>
+4398  * </ul>
+4399  *
+4400  * <pre>
+4401  * OtherName ::= SEQUENCE {
+4402  *   type-id    OBJECT IDENTIFIER,
+4403  *   value      [0] EXPLICIT ANY DEFINED BY type-id }
+4404  * </pre>
+4405  *
+4406  * @example
+4407  * new KJUR.asn1.x509.OtherName({
+4408  *   oid: "1.2.3.4",
+4409  *   value: {prnstr: {str: "abc"}}
+4410  * })
+4411  */
+4412 KJUR.asn1.x509.OtherName = function(params) {
+4413     KJUR.asn1.x509.OtherName.superclass.constructor.call(this);
 4414 
-4415     this.tohex = function() {
-4416 	var params = this.params;
-4417 
-4418 	if (params.oid == undefined || params.value == undefined)
-4419 	    throw new Error("oid or value not specified");
-4420 
-4421 	var dOid = new _DERObjectIdentifier({oid: params.oid});
-4422 	var dValue = _newObject({tag: {tag: "a0",
-4423 				       explicit: true,
-4424 				       obj: params.value}});
-4425 	var dSeq = new _DERSequence({array: [dOid, dValue]});
-4426 
-4427         return dSeq.tohex();
-4428     };
-4429     this.getEncodedHex = function() { return this.tohex(); };
-4430 
-4431     if (params !== undefined) this.setByParam(params);
-4432 };
-4433 extendClass(KJUR.asn1.x509.OtherName, KJUR.asn1.ASN1Object);
+4415     var asn1Obj = null,
+4416 	type = null,
+4417 	_KJUR = KJUR,
+4418 	_KJUR_asn1 = _KJUR.asn1,
+4419 	_DERObjectIdentifier = _KJUR_asn1.DERObjectIdentifier,
+4420 	_DERSequence = _KJUR_asn1.DERSequence,
+4421 	_newObject = _KJUR_asn1.ASN1Util.newObject;
+4422 
+4423     this.params = null;
+4424 
+4425     this.setByParam = function(params) {
+4426 	this.params = params;
+4427     };
+4428 
+4429     this.tohex = function() {
+4430 	var params = this.params;
+4431 
+4432 	if (params.oid == undefined || params.value == undefined)
+4433 	    throw new Error("oid or value not specified");
 4434 
-4435 /**
-4436  * static object for OID
-4437  * @name KJUR.asn1.x509.OID
-4438  * @class static object for OID
-4439  * @property {Assoc Array} atype2oidList for short attribute type name and oid (ex. 'C' and '2.5.4.6')
-4440  * @property {Assoc Array} name2oidList for oid name and oid (ex. 'keyUsage' and '2.5.29.15')
-4441  * @property {Assoc Array} objCache for caching name and DERObjectIdentifier object
-4442  *
-4443  * @description
-4444  * This class defines OID name and values.
-4445  * AttributeType names registered in OID.atype2oidList are following:
-4446  * <table style="border-width: thin; border-style: solid; witdh: 100%">
-4447  * <tr><th>short</th><th>long</th><th>OID</th></tr>
-4448  * <tr><td>CN</td>commonName<td></td><td>2.5.4.3</td></tr>
-4449  * <tr><td>L</td><td>localityName</td><td>2.5.4.7</td></tr>
-4450  * <tr><td>ST</td><td>stateOrProvinceName</td><td>2.5.4.8</td></tr>
-4451  * <tr><td>O</td><td>organizationName</td><td>2.5.4.10</td></tr>
-4452  * <tr><td>OU</td><td>organizationalUnitName</td><td>2.5.4.11</td></tr>
-4453  * <tr><td>C</td><td></td>countryName<td>2.5.4.6</td></tr>
-4454  * <tr><td>STREET</td>streetAddress<td></td><td>2.5.4.6</td></tr>
-4455  * <tr><td>DC</td><td>domainComponent</td><td>0.9.2342.19200300.100.1.25</td></tr>
-4456  * <tr><td>UID</td><td>userId</td><td>0.9.2342.19200300.100.1.1</td></tr>
-4457  * <tr><td>SN</td><td>surname</td><td>2.5.4.4</td></tr>
-4458  * <tr><td>DN</td><td>distinguishedName</td><td>2.5.4.49</td></tr>
-4459  * <tr><td>E</td><td>emailAddress</td><td>1.2.840.113549.1.9.1</td></tr>
-4460  * <tr><td></td><td>businessCategory</td><td>2.5.4.15</td></tr>
-4461  * <tr><td></td><td>postalCode</td><td>2.5.4.17</td></tr>
-4462  * <tr><td></td><td>jurisdictionOfIncorporationL</td><td>1.3.6.1.4.1.311.60.2.1.1</td></tr>
-4463  * <tr><td></td><td>jurisdictionOfIncorporationSP</td><td>1.3.6.1.4.1.311.60.2.1.2</td></tr>
-4464  * <tr><td></td><td>jurisdictionOfIncorporationC</td><td>1.3.6.1.4.1.311.60.2.1.3</td></tr>
-4465  * </table>
-4466  *
-4467  * @example
-4468  */
-4469 KJUR.asn1.x509.OID = new function() {
-4470     var _DERObjectIdentifier = KJUR.asn1.DERObjectIdentifier;
-4471 
-4472     this.name2oidList = {
-4473         'sha1':                 '1.3.14.3.2.26',
-4474         'sha256':               '2.16.840.1.101.3.4.2.1',
-4475         'sha384':               '2.16.840.1.101.3.4.2.2',
-4476         'sha512':               '2.16.840.1.101.3.4.2.3',
-4477         'sha224':               '2.16.840.1.101.3.4.2.4',
-4478         'md5':                  '1.2.840.113549.2.5',
-4479         'md2':                  '1.3.14.7.2.2.1',
-4480         'ripemd160':            '1.3.36.3.2.1',
-4481 
-4482         'MD2withRSA':           '1.2.840.113549.1.1.2',
-4483         'MD4withRSA':           '1.2.840.113549.1.1.3',
-4484         'MD5withRSA':           '1.2.840.113549.1.1.4',
-4485         'SHA1withRSA':          '1.2.840.113549.1.1.5',
-4486 	'pkcs1-MGF':		'1.2.840.113549.1.1.8',
-4487 	'rsaPSS':		'1.2.840.113549.1.1.10',
-4488         'SHA224withRSA':        '1.2.840.113549.1.1.14',
-4489         'SHA256withRSA':        '1.2.840.113549.1.1.11',
-4490         'SHA384withRSA':        '1.2.840.113549.1.1.12',
-4491         'SHA512withRSA':        '1.2.840.113549.1.1.13',
-4492 
-4493         'SHA1withECDSA':        '1.2.840.10045.4.1',
-4494         'SHA224withECDSA':      '1.2.840.10045.4.3.1',
-4495         'SHA256withECDSA':      '1.2.840.10045.4.3.2',
-4496         'SHA384withECDSA':      '1.2.840.10045.4.3.3',
-4497         'SHA512withECDSA':      '1.2.840.10045.4.3.4',
-4498 
-4499         'dsa':                  '1.2.840.10040.4.1',
-4500         'SHA1withDSA':          '1.2.840.10040.4.3',
-4501         'SHA224withDSA':        '2.16.840.1.101.3.4.3.1',
-4502         'SHA256withDSA':        '2.16.840.1.101.3.4.3.2',
-4503 
-4504         'rsaEncryption':        '1.2.840.113549.1.1.1',
-4505 
-4506 	// X.500 AttributeType defined in RFC 4514
-4507         'commonName':			'2.5.4.3',
-4508         'countryName':			'2.5.4.6',
-4509         'localityName':			'2.5.4.7',
-4510         'stateOrProvinceName':		'2.5.4.8',
-4511         'streetAddress':		'2.5.4.9',
-4512         'organizationName':		'2.5.4.10',
-4513         'organizationalUnitName':	'2.5.4.11',
-4514         'domainComponent':		'0.9.2342.19200300.100.1.25',
-4515         'userId':			'0.9.2342.19200300.100.1.1',
-4516 	// other AttributeType name string
-4517 	'surname':			'2.5.4.4',
-4518         'givenName':                    '2.5.4.42',
-4519         'title':			'2.5.4.12',
-4520 	'distinguishedName':		'2.5.4.49',
-4521 	'emailAddress':			'1.2.840.113549.1.9.1',
-4522 	// other AttributeType name string (no short name)
-4523 	'description':			'2.5.4.13',
-4524 	'businessCategory':		'2.5.4.15',
-4525 	'postalCode':			'2.5.4.17',
-4526 	'uniqueIdentifier':		'2.5.4.45',
-4527 	'organizationIdentifier':	'2.5.4.97',
-4528 	'jurisdictionOfIncorporationL':	'1.3.6.1.4.1.311.60.2.1.1',
-4529 	'jurisdictionOfIncorporationSP':'1.3.6.1.4.1.311.60.2.1.2',
-4530 	'jurisdictionOfIncorporationC':	'1.3.6.1.4.1.311.60.2.1.3',
-4531 
-4532         'subjectDirectoryAttributes': '2.5.29.9',
-4533         'subjectKeyIdentifier': '2.5.29.14',
-4534         'keyUsage':             '2.5.29.15',
-4535         'subjectAltName':       '2.5.29.17',
-4536         'issuerAltName':        '2.5.29.18',
-4537         'basicConstraints':     '2.5.29.19',
-4538         'cRLNumber':     	'2.5.29.20',
-4539         'cRLReason':     	'2.5.29.21',
-4540         'nameConstraints':      '2.5.29.30',
-4541         'cRLDistributionPoints':'2.5.29.31',
-4542         'certificatePolicies':  '2.5.29.32',
-4543         'anyPolicy':  		'2.5.29.32.0',
-4544 	'policyMappings':	'2.5.29.33',
-4545         'authorityKeyIdentifier':'2.5.29.35',
-4546         'policyConstraints':    '2.5.29.36',
-4547         'extKeyUsage':          '2.5.29.37',
-4548 	'inhibitAnyPolicy':	'2.5.29.54',
-4549         'authorityInfoAccess':  '1.3.6.1.5.5.7.1.1',
-4550         'ocsp':                 '1.3.6.1.5.5.7.48.1',
-4551         'ocspBasic':            '1.3.6.1.5.5.7.48.1.1',
-4552         'ocspNonce':            '1.3.6.1.5.5.7.48.1.2',
-4553         'ocspNoCheck':          '1.3.6.1.5.5.7.48.1.5',
-4554         'caIssuers':            '1.3.6.1.5.5.7.48.2',
-4555 
-4556         'anyExtendedKeyUsage':  '2.5.29.37.0',
-4557         'serverAuth':           '1.3.6.1.5.5.7.3.1',
-4558         'clientAuth':           '1.3.6.1.5.5.7.3.2',
-4559         'codeSigning':          '1.3.6.1.5.5.7.3.3',
-4560         'emailProtection':      '1.3.6.1.5.5.7.3.4',
-4561         'timeStamping':         '1.3.6.1.5.5.7.3.8',
-4562         'ocspSigning':          '1.3.6.1.5.5.7.3.9',
-4563 
-4564 	// 'otherNameForms':	'1.3.6.1.5.5.7.8',
-4565 	'smtpUTF8Mailbox':	'1.3.6.1.5.5.7.8.9',
-4566 
-4567         'dateOfBirth':          '1.3.6.1.5.5.7.9.1',
-4568         'placeOfBirth':         '1.3.6.1.5.5.7.9.2',
-4569         'gender':               '1.3.6.1.5.5.7.9.3',
-4570         'countryOfCitizenship': '1.3.6.1.5.5.7.9.4',
-4571         'countryOfResidence':   '1.3.6.1.5.5.7.9.5',
-4572 
-4573         'ecPublicKey':          '1.2.840.10045.2.1',
-4574         'P-256':                '1.2.840.10045.3.1.7',
-4575         'secp256r1':            '1.2.840.10045.3.1.7',
-4576         'secp256k1':            '1.3.132.0.10',
-4577         'secp384r1':            '1.3.132.0.34',
-4578         'secp521r1':            '1.3.132.0.35',
-4579 
-4580         'pkcs5PBES2':           '1.2.840.113549.1.5.13',
-4581         'pkcs5PBKDF2':          '1.2.840.113549.1.5.12',
-4582 
-4583         'des-EDE3-CBC':         '1.2.840.113549.3.7',
-4584 
-4585         'data':                 '1.2.840.113549.1.7.1', // CMS data
-4586         'signed-data':          '1.2.840.113549.1.7.2', // CMS signed-data
-4587         'enveloped-data':       '1.2.840.113549.1.7.3', // CMS enveloped-data
-4588         'digested-data':        '1.2.840.113549.1.7.5', // CMS digested-data
-4589         'encrypted-data':       '1.2.840.113549.1.7.6', // CMS encrypted-data
-4590         'authenticated-data':   '1.2.840.113549.1.9.16.1.2', // CMS authenticated-data
-4591         'tstinfo':              '1.2.840.113549.1.9.16.1.4', // RFC3161 TSTInfo
-4592 	'signingCertificate':	'1.2.840.113549.1.9.16.2.12',// SMIME
-4593 	'timeStampToken':	'1.2.840.113549.1.9.16.2.14',// sigTS
-4594 	'signaturePolicyIdentifier':	'1.2.840.113549.1.9.16.2.15',// cades
-4595 	'etsArchiveTimeStamp':	'1.2.840.113549.1.9.16.2.27',// SMIME
-4596 	'signingCertificateV2':	'1.2.840.113549.1.9.16.2.47',// SMIME
-4597 	'etsArchiveTimeStampV2':'1.2.840.113549.1.9.16.2.48',// SMIME
-4598         'extensionRequest':     '1.2.840.113549.1.9.14',// CSR extensionRequest
-4599 	'contentType':		'1.2.840.113549.1.9.3',//PKCS#9
-4600 	'messageDigest':	'1.2.840.113549.1.9.4',//PKCS#9
-4601 	'signingTime':		'1.2.840.113549.1.9.5',//PKCS#9
-4602 	'counterSignature':	'1.2.840.113549.1.9.6',//PKCS#9
-4603 	'archiveTimeStampV3':	'0.4.0.1733.2.4',//ETSI EN29319122/TS101733
-4604 	'pdfRevocationInfoArchival':'1.2.840.113583.1.1.8', //Adobe
-4605 	'adobeTimeStamp':	'1.2.840.113583.1.1.9.1', // Adobe
-4606     };
-4607 
-4608     this.atype2oidList = {
-4609 	// RFC 4514 AttributeType name string (MUST recognized)
-4610         'CN':		'2.5.4.3',
-4611         'L':		'2.5.4.7',
-4612         'ST':		'2.5.4.8',
-4613         'O':		'2.5.4.10',
-4614         'OU':		'2.5.4.11',
-4615         'C':		'2.5.4.6',
-4616         'STREET':	'2.5.4.9',
-4617         'DC':		'0.9.2342.19200300.100.1.25',
-4618         'UID':		'0.9.2342.19200300.100.1.1',
-4619 	// other AttributeType name string
-4620 	// http://blog.livedoor.jp/k_urushima/archives/656114.html
-4621         'SN':		'2.5.4.4', // surname
-4622         'T':		'2.5.4.12', // title
-4623         'DN':		'2.5.4.49', // distinguishedName
-4624         'E':		'1.2.840.113549.1.9.1', // emailAddress in MS.NET or Bouncy
-4625 	// other AttributeType name string (no short name)
-4626 	'description':			'2.5.4.13',
-4627 	'businessCategory':		'2.5.4.15',
-4628 	'postalCode':			'2.5.4.17',
-4629 	'serialNumber':			'2.5.4.5',
-4630 	'uniqueIdentifier':		'2.5.4.45',
-4631 	'organizationIdentifier':	'2.5.4.97',
-4632 	'jurisdictionOfIncorporationL':	'1.3.6.1.4.1.311.60.2.1.1',
-4633 	'jurisdictionOfIncorporationSP':'1.3.6.1.4.1.311.60.2.1.2',
-4634 	'jurisdictionOfIncorporationC':	'1.3.6.1.4.1.311.60.2.1.3'
-4635     };
-4636     
-4637     this.objCache = {};
-4638 
-4639     /**
-4640      * get DERObjectIdentifier by registered OID name
-4641      * @name name2obj
-4642      * @memberOf KJUR.asn1.x509.OID
-4643      * @function
-4644      * @param {String} name OID
-4645      * @return {Object} DERObjectIdentifier instance
-4646      * @see KJUR.asn1.DERObjectIdentifier
-4647      *
-4648      * @description
-4649      * This static method returns DERObjectIdentifier object
-4650      * for the specified OID.
-4651      *
-4652      * @example
-4653      * var asn1ObjOID = KJUR.asn1.x509.OID.name2obj('SHA1withRSA');
-4654      */
-4655     this.name2obj = function(name) {
-4656         if (typeof this.objCache[name] != "undefined")
-4657             return this.objCache[name];
-4658         if (typeof this.name2oidList[name] == "undefined")
-4659             throw "Name of ObjectIdentifier not defined: " + name;
-4660         var oid = this.name2oidList[name];
-4661         var obj = new _DERObjectIdentifier({'oid': oid});
-4662         this.objCache[name] = obj;
-4663         return obj;
-4664     };
-4665 
-4666     /**
-4667      * get DERObjectIdentifier by registered attribute type name such like 'C' or 'CN'<br/>
-4668      * @name atype2obj
-4669      * @memberOf KJUR.asn1.x509.OID
-4670      * @function
-4671      * @param {String} atype short attribute type name such like 'C', 'CN' or OID
-4672      * @return KJUR.asn1.DERObjectIdentifier instance
-4673      * @description
-4674      * @example
-4675      * KJUR.asn1.x509.OID.atype2obj('CN') → DERObjectIdentifier of 2.5.4.3
-4676      * KJUR.asn1.x509.OID.atype2obj('OU') → DERObjectIdentifier of 2.5.4.11
-4677      * KJUR.asn1.x509.OID.atype2obj('streetAddress') → DERObjectIdentifier of 2.5.4.9
-4678      * KJUR.asn1.x509.OID.atype2obj('2.5.4.9') → DERObjectIdentifier of 2.5.4.9
-4679      */
-4680     this.atype2obj = function(atype) {
-4681         if (this.objCache[atype] !== undefined)
-4682             return this.objCache[atype];
-4683 
-4684 	var oid;
-4685 
-4686 	if (atype.match(/^\d+\.\d+\.[0-9.]+$/)) {
-4687 	    oid = atype;
-4688 	} else if (this.atype2oidList[atype] !== undefined) {
-4689 	    oid = this.atype2oidList[atype];
-4690 	} else if (this.name2oidList[atype] !== undefined) {
-4691 	    oid = this.name2oidList[atype];
-4692     	} else {
-4693             throw new Error("AttributeType name undefined: " + atype);
-4694 	}
-4695         var obj = new _DERObjectIdentifier({'oid': oid});
-4696         this.objCache[atype] = obj;
-4697         return obj;
-4698     };
-4699 
-4700     /**
-4701      * register OID list<br/>
-4702      * @name registerOIDs
-4703      * @memberOf KJUR.asn1.x509.OID
-4704      * @function
-4705      * @param {object} oids associative array of names and oids
-4706      * @since jsrsasign 10.5.2 asn1x509 2.1.11
-4707      * @see KJUR.asn1.x509.OID.checkOIDs
-4708      * 
-4709      * @description
-4710      * This static method to register an oids to existing list
-4711      * additionally.
-4712      *
-4713      * @example
-4714      * KJUR.asn1.x509.OID.checkOIDs({
-4715      *   "test1": "4.5.7.8"
-4716      * }) // do nothing for invalid list
-4717      *
-4718      * KJUR.asn1.x509.OID.registerOIDs({
-4719      *   "test1": "1.2.3",
-4720      *   "test2": "0.2.3.4.23",
-4721      * }) // successfully registered
-4722      *
-4723      * KJUR.asn1.x509.OID.name2oid("test1") → "1.2.3"
-4724      */
-4725     this.registerOIDs = function(oids) {
-4726 	if (! this.checkOIDs(oids)) return;
-4727 	for (var name in oids) {
-4728 	    this.name2oidList[name] = oids[name];
-4729 	}
-4730     };
-4731 
-4732     /**
-4733      * check validity for OID list<br/>
-4734      * @name checkOIDs
-4735      * @memberOf KJUR.asn1.x509.OID
-4736      * @function
-4737      * @param {object} oids associative array of names and oids
-4738      * @return {boolean} return true when valid OID list otherwise false
-4739      * @since jsrsasign 10.5.2 asn1x509 2.1.11
-4740      * @see KJUR.asn1.x509.OID.registOIDs
-4741      * 
-4742      * @description
-4743      * This static method validates an associative array
-4744      * as oid list.
+4435 	var dOid = new _DERObjectIdentifier({oid: params.oid});
+4436 	var dValue = _newObject({tag: {tag: "a0",
+4437 				       explicit: true,
+4438 				       obj: params.value}});
+4439 	var dSeq = new _DERSequence({array: [dOid, dValue]});
+4440 
+4441         return dSeq.tohex();
+4442     };
+4443     this.getEncodedHex = function() { return this.tohex(); };
+4444 
+4445     if (params !== undefined) this.setByParam(params);
+4446 };
+4447 extendClass(KJUR.asn1.x509.OtherName, KJUR.asn1.ASN1Object);
+4448 
+4449 /**
+4450  * static object for OID
+4451  * @name KJUR.asn1.x509.OID
+4452  * @class static object for OID
+4453  * @property {Assoc Array} atype2oidList for short attribute type name and oid (ex. 'C' and '2.5.4.6')
+4454  * @property {Assoc Array} name2oidList for oid name and oid (ex. 'keyUsage' and '2.5.29.15')
+4455  * @property {Assoc Array} objCache for caching name and DERObjectIdentifier object
+4456  *
+4457  * @description
+4458  * This class defines OID name and values.
+4459  * AttributeType names registered in OID.atype2oidList are following:
+4460  * <table style="border-width: thin; border-style: solid; witdh: 100%">
+4461  * <tr><th>short</th><th>long</th><th>OID</th></tr>
+4462  * <tr><td>CN</td>commonName<td></td><td>2.5.4.3</td></tr>
+4463  * <tr><td>L</td><td>localityName</td><td>2.5.4.7</td></tr>
+4464  * <tr><td>ST</td><td>stateOrProvinceName</td><td>2.5.4.8</td></tr>
+4465  * <tr><td>O</td><td>organizationName</td><td>2.5.4.10</td></tr>
+4466  * <tr><td>OU</td><td>organizationalUnitName</td><td>2.5.4.11</td></tr>
+4467  * <tr><td>C</td><td></td>countryName<td>2.5.4.6</td></tr>
+4468  * <tr><td>STREET</td>streetAddress<td></td><td>2.5.4.6</td></tr>
+4469  * <tr><td>DC</td><td>domainComponent</td><td>0.9.2342.19200300.100.1.25</td></tr>
+4470  * <tr><td>UID</td><td>userId</td><td>0.9.2342.19200300.100.1.1</td></tr>
+4471  * <tr><td>SN</td><td>surname</td><td>2.5.4.4</td></tr>
+4472  * <tr><td>DN</td><td>distinguishedName</td><td>2.5.4.49</td></tr>
+4473  * <tr><td>E</td><td>emailAddress</td><td>1.2.840.113549.1.9.1</td></tr>
+4474  * <tr><td></td><td>businessCategory</td><td>2.5.4.15</td></tr>
+4475  * <tr><td></td><td>postalCode</td><td>2.5.4.17</td></tr>
+4476  * <tr><td></td><td>jurisdictionOfIncorporationL</td><td>1.3.6.1.4.1.311.60.2.1.1</td></tr>
+4477  * <tr><td></td><td>jurisdictionOfIncorporationSP</td><td>1.3.6.1.4.1.311.60.2.1.2</td></tr>
+4478  * <tr><td></td><td>jurisdictionOfIncorporationC</td><td>1.3.6.1.4.1.311.60.2.1.3</td></tr>
+4479  * </table>
+4480  *
+4481  * @example
+4482  */
+4483 KJUR.asn1.x509.OID = new function() {
+4484     var _DERObjectIdentifier = KJUR.asn1.DERObjectIdentifier;
+4485 
+4486     this.name2oidList = {
+4487         'sha1':                 '1.3.14.3.2.26',
+4488         'sha256':               '2.16.840.1.101.3.4.2.1',
+4489         'sha384':               '2.16.840.1.101.3.4.2.2',
+4490         'sha512':               '2.16.840.1.101.3.4.2.3',
+4491         'sha224':               '2.16.840.1.101.3.4.2.4',
+4492         'md5':                  '1.2.840.113549.2.5',
+4493         'md2':                  '1.3.14.7.2.2.1',
+4494         'ripemd160':            '1.3.36.3.2.1',
+4495 
+4496         'MD2withRSA':           '1.2.840.113549.1.1.2',
+4497         'MD4withRSA':           '1.2.840.113549.1.1.3',
+4498         'MD5withRSA':           '1.2.840.113549.1.1.4',
+4499         'SHA1withRSA':          '1.2.840.113549.1.1.5',
+4500 	'pkcs1-MGF':		'1.2.840.113549.1.1.8',
+4501 	'rsaPSS':		'1.2.840.113549.1.1.10',
+4502         'SHA224withRSA':        '1.2.840.113549.1.1.14',
+4503         'SHA256withRSA':        '1.2.840.113549.1.1.11',
+4504         'SHA384withRSA':        '1.2.840.113549.1.1.12',
+4505         'SHA512withRSA':        '1.2.840.113549.1.1.13',
+4506 
+4507         'SHA1withECDSA':        '1.2.840.10045.4.1',
+4508         'SHA224withECDSA':      '1.2.840.10045.4.3.1',
+4509         'SHA256withECDSA':      '1.2.840.10045.4.3.2',
+4510         'SHA384withECDSA':      '1.2.840.10045.4.3.3',
+4511         'SHA512withECDSA':      '1.2.840.10045.4.3.4',
+4512 
+4513         'dsa':                  '1.2.840.10040.4.1',
+4514         'SHA1withDSA':          '1.2.840.10040.4.3',
+4515         'SHA224withDSA':        '2.16.840.1.101.3.4.3.1',
+4516         'SHA256withDSA':        '2.16.840.1.101.3.4.3.2',
+4517 
+4518         'rsaEncryption':        '1.2.840.113549.1.1.1',
+4519 
+4520 	// X.500 AttributeType defined in RFC 4514
+4521         'commonName':			'2.5.4.3',
+4522         'countryName':			'2.5.4.6',
+4523         'localityName':			'2.5.4.7',
+4524         'stateOrProvinceName':		'2.5.4.8',
+4525         'streetAddress':		'2.5.4.9',
+4526         'organizationName':		'2.5.4.10',
+4527         'organizationalUnitName':	'2.5.4.11',
+4528         'domainComponent':		'0.9.2342.19200300.100.1.25',
+4529         'userId':			'0.9.2342.19200300.100.1.1',
+4530 	// other AttributeType name string
+4531 	'surname':			'2.5.4.4',
+4532         'givenName':                    '2.5.4.42',
+4533         'title':			'2.5.4.12',
+4534 	'distinguishedName':		'2.5.4.49',
+4535 	'emailAddress':			'1.2.840.113549.1.9.1',
+4536 	// other AttributeType name string (no short name)
+4537 	'description':			'2.5.4.13',
+4538 	'businessCategory':		'2.5.4.15',
+4539 	'postalCode':			'2.5.4.17',
+4540 	'uniqueIdentifier':		'2.5.4.45',
+4541 	'organizationIdentifier':	'2.5.4.97',
+4542 	'jurisdictionOfIncorporationL':	'1.3.6.1.4.1.311.60.2.1.1',
+4543 	'jurisdictionOfIncorporationSP':'1.3.6.1.4.1.311.60.2.1.2',
+4544 	'jurisdictionOfIncorporationC':	'1.3.6.1.4.1.311.60.2.1.3',
+4545 
+4546         'subjectDirectoryAttributes': '2.5.29.9',
+4547         'subjectKeyIdentifier': '2.5.29.14',
+4548         'keyUsage':             '2.5.29.15',
+4549         'subjectAltName':       '2.5.29.17',
+4550         'issuerAltName':        '2.5.29.18',
+4551         'basicConstraints':     '2.5.29.19',
+4552         'cRLNumber':     	'2.5.29.20',
+4553         'cRLReason':     	'2.5.29.21',
+4554         'nameConstraints':      '2.5.29.30',
+4555         'cRLDistributionPoints':'2.5.29.31',
+4556         'certificatePolicies':  '2.5.29.32',
+4557         'anyPolicy':  		'2.5.29.32.0',
+4558 	'policyMappings':	'2.5.29.33',
+4559         'authorityKeyIdentifier':'2.5.29.35',
+4560         'policyConstraints':    '2.5.29.36',
+4561         'extKeyUsage':          '2.5.29.37',
+4562 	'inhibitAnyPolicy':	'2.5.29.54',
+4563         'authorityInfoAccess':  '1.3.6.1.5.5.7.1.1',
+4564         'ocsp':                 '1.3.6.1.5.5.7.48.1',
+4565         'ocspBasic':            '1.3.6.1.5.5.7.48.1.1',
+4566         'ocspNonce':            '1.3.6.1.5.5.7.48.1.2',
+4567         'ocspNoCheck':          '1.3.6.1.5.5.7.48.1.5',
+4568         'caIssuers':            '1.3.6.1.5.5.7.48.2',
+4569 
+4570         'anyExtendedKeyUsage':  '2.5.29.37.0',
+4571         'serverAuth':           '1.3.6.1.5.5.7.3.1',
+4572         'clientAuth':           '1.3.6.1.5.5.7.3.2',
+4573         'codeSigning':          '1.3.6.1.5.5.7.3.3',
+4574         'emailProtection':      '1.3.6.1.5.5.7.3.4',
+4575         'timeStamping':         '1.3.6.1.5.5.7.3.8',
+4576         'ocspSigning':          '1.3.6.1.5.5.7.3.9',
+4577 
+4578 	// 'otherNameForms':	'1.3.6.1.5.5.7.8',
+4579 	'smtpUTF8Mailbox':	'1.3.6.1.5.5.7.8.9',
+4580 
+4581         'dateOfBirth':          '1.3.6.1.5.5.7.9.1',
+4582         'placeOfBirth':         '1.3.6.1.5.5.7.9.2',
+4583         'gender':               '1.3.6.1.5.5.7.9.3',
+4584         'countryOfCitizenship': '1.3.6.1.5.5.7.9.4',
+4585         'countryOfResidence':   '1.3.6.1.5.5.7.9.5',
+4586 
+4587         'ecPublicKey':          '1.2.840.10045.2.1',
+4588         'P-256':                '1.2.840.10045.3.1.7',
+4589         'secp256r1':            '1.2.840.10045.3.1.7',
+4590         'secp256k1':            '1.3.132.0.10',
+4591         'secp384r1':            '1.3.132.0.34',
+4592         'secp521r1':            '1.3.132.0.35',
+4593 
+4594         'pkcs5PBES2':           '1.2.840.113549.1.5.13',
+4595         'pkcs5PBKDF2':          '1.2.840.113549.1.5.12',
+4596 
+4597         'des-EDE3-CBC':         '1.2.840.113549.3.7',
+4598 
+4599         'data':                 '1.2.840.113549.1.7.1', // CMS data
+4600         'signed-data':          '1.2.840.113549.1.7.2', // CMS signed-data
+4601         'enveloped-data':       '1.2.840.113549.1.7.3', // CMS enveloped-data
+4602         'digested-data':        '1.2.840.113549.1.7.5', // CMS digested-data
+4603         'encrypted-data':       '1.2.840.113549.1.7.6', // CMS encrypted-data
+4604         'authenticated-data':   '1.2.840.113549.1.9.16.1.2', // CMS authenticated-data
+4605         'tstinfo':              '1.2.840.113549.1.9.16.1.4', // RFC3161 TSTInfo
+4606 	'signingCertificate':	'1.2.840.113549.1.9.16.2.12',// SMIME
+4607 	'timeStampToken':	'1.2.840.113549.1.9.16.2.14',// sigTS
+4608 	'signaturePolicyIdentifier':	'1.2.840.113549.1.9.16.2.15',// cades
+4609 	'etsArchiveTimeStamp':	'1.2.840.113549.1.9.16.2.27',// SMIME
+4610 	'signingCertificateV2':	'1.2.840.113549.1.9.16.2.47',// SMIME
+4611 	'etsArchiveTimeStampV2':'1.2.840.113549.1.9.16.2.48',// SMIME
+4612         'extensionRequest':     '1.2.840.113549.1.9.14',// CSR extensionRequest
+4613 	'contentType':		'1.2.840.113549.1.9.3',//PKCS#9
+4614 	'messageDigest':	'1.2.840.113549.1.9.4',//PKCS#9
+4615 	'signingTime':		'1.2.840.113549.1.9.5',//PKCS#9
+4616 	'counterSignature':	'1.2.840.113549.1.9.6',//PKCS#9
+4617 	'archiveTimeStampV3':	'0.4.0.1733.2.4',//ETSI EN29319122/TS101733
+4618 	'pdfRevocationInfoArchival':'1.2.840.113583.1.1.8', //Adobe
+4619 	'adobeTimeStamp':	'1.2.840.113583.1.1.9.1', // Adobe
+4620 	// CABF S/MIME BR
+4621 	'smimeMailboxLegacy':		'2.23.140.1.5.1.1',
+4622 	'smimeMailboxMulti':		'2.23.140.1.5.1.2',
+4623 	'smimeMailboxStrict':		'2.23.140.1.5.1.3',
+4624 	'smimeOrganizationLegacy':	'2.23.140.1.5.2.1',
+4625 	'smimeOrganizationMulti':	'2.23.140.1.5.2.2',
+4626 	'smimeOrganizationStrict':	'2.23.140.1.5.2.3',
+4627 	'smimeSponsorLegacy':		'2.23.140.1.5.3.1',
+4628 	'smimeSponsorMulti':		'2.23.140.1.5.3.2',
+4629 	'smimeSponsorStrict':		'2.23.140.1.5.3.3',
+4630 	'smimeIndividualLegacy':	'2.23.140.1.5.4.1',
+4631 	'smimeIndividualMulti':		'2.23.140.1.5.4.2',
+4632 	'smimeIndividualStrict':	'2.23.140.1.5.4.3',
+4633     };
+4634 
+4635     this.atype2oidList = {
+4636 	// RFC 4514 AttributeType name string (MUST recognized)
+4637         'CN':		'2.5.4.3',
+4638         'L':		'2.5.4.7',
+4639         'ST':		'2.5.4.8',
+4640         'O':		'2.5.4.10',
+4641         'OU':		'2.5.4.11',
+4642         'C':		'2.5.4.6',
+4643         'STREET':	'2.5.4.9',
+4644         'DC':		'0.9.2342.19200300.100.1.25',
+4645         'UID':		'0.9.2342.19200300.100.1.1',
+4646 	// other AttributeType name string
+4647 	// http://blog.livedoor.jp/k_urushima/archives/656114.html
+4648         'SN':		'2.5.4.4', // surname
+4649         'T':		'2.5.4.12', // title
+4650         'GN':		'2.5.4.42', // givenName
+4651         'DN':		'2.5.4.49', // distinguishedName
+4652         'E':		'1.2.840.113549.1.9.1', // emailAddress in MS.NET or Bouncy
+4653 	// other AttributeType name string (no short name)
+4654 	'description':			'2.5.4.13',
+4655 	'businessCategory':		'2.5.4.15',
+4656 	'postalCode':			'2.5.4.17',
+4657 	'serialNumber':			'2.5.4.5',
+4658 	'uniqueIdentifier':		'2.5.4.45',
+4659 	'organizationIdentifier':	'2.5.4.97',
+4660 	'jurisdictionOfIncorporationL':	'1.3.6.1.4.1.311.60.2.1.1',
+4661 	'jurisdictionOfIncorporationSP':'1.3.6.1.4.1.311.60.2.1.2',
+4662 	'jurisdictionOfIncorporationC':	'1.3.6.1.4.1.311.60.2.1.3'
+4663     };
+4664     
+4665     this.objCache = {};
+4666 
+4667     /**
+4668      * get DERObjectIdentifier by registered OID name
+4669      * @name name2obj
+4670      * @memberOf KJUR.asn1.x509.OID
+4671      * @function
+4672      * @param {String} name OID
+4673      * @return {Object} DERObjectIdentifier instance
+4674      * @see KJUR.asn1.DERObjectIdentifier
+4675      *
+4676      * @description
+4677      * This static method returns DERObjectIdentifier object
+4678      * for the specified OID.
+4679      *
+4680      * @example
+4681      * var asn1ObjOID = KJUR.asn1.x509.OID.name2obj('SHA1withRSA');
+4682      */
+4683     this.name2obj = function(name) {
+4684         if (typeof this.objCache[name] != "undefined")
+4685             return this.objCache[name];
+4686         if (typeof this.name2oidList[name] == "undefined")
+4687             throw "Name of ObjectIdentifier not defined: " + name;
+4688         var oid = this.name2oidList[name];
+4689         var obj = new _DERObjectIdentifier({'oid': oid});
+4690         this.objCache[name] = obj;
+4691         return obj;
+4692     };
+4693 
+4694     /**
+4695      * get DERObjectIdentifier by registered attribute type name such like 'C' or 'CN'<br/>
+4696      * @name atype2obj
+4697      * @memberOf KJUR.asn1.x509.OID
+4698      * @function
+4699      * @param {String} atype short attribute type name such like 'C', 'CN' or OID
+4700      * @return KJUR.asn1.DERObjectIdentifier instance
+4701      * @description
+4702      * @example
+4703      * KJUR.asn1.x509.OID.atype2obj('CN') → DERObjectIdentifier of 2.5.4.3
+4704      * KJUR.asn1.x509.OID.atype2obj('OU') → DERObjectIdentifier of 2.5.4.11
+4705      * KJUR.asn1.x509.OID.atype2obj('streetAddress') → DERObjectIdentifier of 2.5.4.9
+4706      * KJUR.asn1.x509.OID.atype2obj('2.5.4.9') → DERObjectIdentifier of 2.5.4.9
+4707      */
+4708     this.atype2obj = function(atype) {
+4709         if (this.objCache[atype] !== undefined)
+4710             return this.objCache[atype];
+4711 
+4712 	var oid;
+4713 
+4714 	if (atype.match(/^\d+\.\d+\.[0-9.]+$/)) {
+4715 	    oid = atype;
+4716 	} else if (this.atype2oidList[atype] !== undefined) {
+4717 	    oid = this.atype2oidList[atype];
+4718 	} else if (this.name2oidList[atype] !== undefined) {
+4719 	    oid = this.name2oidList[atype];
+4720     	} else {
+4721             throw new Error("AttributeType name undefined: " + atype);
+4722 	}
+4723         var obj = new _DERObjectIdentifier({'oid': oid});
+4724         this.objCache[atype] = obj;
+4725         return obj;
+4726     };
+4727 
+4728     /**
+4729      * register OID list<br/>
+4730      * @name registerOIDs
+4731      * @memberOf KJUR.asn1.x509.OID
+4732      * @function
+4733      * @param {object} oids associative array of names and oids
+4734      * @since jsrsasign 10.5.2 asn1x509 2.1.11
+4735      * @see KJUR.asn1.x509.OID.checkOIDs
+4736      * 
+4737      * @description
+4738      * This static method to register an oids to existing list
+4739      * additionally.
+4740      *
+4741      * @example
+4742      * KJUR.asn1.x509.OID.checkOIDs({
+4743      *   "test1": "4.5.7.8"
+4744      * }) // do nothing for invalid list
 4745      *
-4746      * @example
-4747      * KJUR.asn1.x509.OID.checkOIDs(*non-assoc-array*) → false
-4748      * KJUR.asn1.x509.OID.checkOIDs({}) → false
-4749      * KJUR.asn1.x509.OID.checkOIDs({"test1": "apple"}) → false
-4750      * KJUR.asn1.x509.OID.checkOIDs({
-4751      *   "test1": "1.2.3",
-4752      *   "test2": "0.2.3.4.23",
-4753      * }) → true // valid oids
-4754      * KJUR.asn1.x509.OID.checkOIDs({
-4755      *   "test1": "4.5.7.8"
-4756      * }) → false // invalid oid
-4757      */
-4758     this.checkOIDs = function(oids) {
-4759 	try {
-4760 	    var nameList = Object.keys(oids);
-4761 	    if (nameList.length == 0)
-4762 		return false;
-4763 	    nameList.map(function(value, index, array) {
-4764 		var oid = this[value];
-4765 		if (! oid.match(/^[0-2]\.[0-9.]+$/))
-4766 		    throw new Error("value is not OID");
-4767 	    }, oids);
-4768 	    return true;
-4769 	} catch(ex) {
-4770 	    return false;
-4771 	}
-4772     };
-4773 
-4774 
-4775 };
-4776 
-4777 /**
-4778  * convert OID to name<br/>
-4779  * @name oid2name
-4780  * @memberOf KJUR.asn1.x509.OID
-4781  * @function
-4782  * @param {String} oid dot noted Object Identifer string (ex. 1.2.3.4)
-4783  * @return {String} OID name if registered otherwise empty string
-4784  * @since asn1x509 1.0.9
-4785  * @description
-4786  * This static method converts OID string to its name.
-4787  * If OID is undefined then it returns empty string (i.e. '').
-4788  * @example
-4789  * KJUR.asn1.x509.OID.oid2name("1.3.6.1.5.5.7.1.1") → 'authorityInfoAccess'
-4790  */
-4791 KJUR.asn1.x509.OID.oid2name = function(oid) {
-4792     var list = KJUR.asn1.x509.OID.name2oidList;
-4793     for (var name in list) {
-4794         if (list[name] == oid) return name;
-4795     }
-4796     return '';
-4797 };
-4798 
-4799 /**
-4800  * convert OID to AttributeType name<br/>
-4801  * @name oid2atype
-4802  * @memberOf KJUR.asn1.x509.OID
-4803  * @function
-4804  * @param {String} oid dot noted Object Identifer string (ex. 1.2.3.4)
-4805  * @return {String} OID AttributeType name if registered otherwise oid
-4806  * @since jsrsasign 6.2.2 asn1x509 1.0.18
-4807  * @description
-4808  * This static method converts OID string to its AttributeType name.
-4809  * If OID is not defined in OID.atype2oidList associative array then it returns OID
-4810  * specified as argument.
-4811  * @example
-4812  * KJUR.asn1.x509.OID.oid2atype("2.5.4.3") → CN
-4813  * KJUR.asn1.x509.OID.oid2atype("1.3.6.1.4.1.311.60.2.1.3") → jurisdictionOfIncorporationC
-4814  * KJUR.asn1.x509.OID.oid2atype("0.1.2.3.4") → 0.1.2.3.4 // unregistered OID
-4815  */
-4816 KJUR.asn1.x509.OID.oid2atype = function(oid) {
-4817     var list = KJUR.asn1.x509.OID.atype2oidList;
-4818     for (var atype in list) {
-4819         if (list[atype] == oid) return atype;
-4820     }
-4821     return oid;
-4822 };
-4823 
-4824 /**
-4825  * convert OID name to OID value<br/>
-4826  * @name name2oid
-4827  * @memberOf KJUR.asn1.x509.OID
-4828  * @function
-4829  * @param {String} name OID name or OID (ex. "sha1" or "1.2.3.4")
-4830  * @return {String} dot noted Object Identifer string (ex. 1.2.3.4)
-4831  * @since asn1x509 1.0.11
-4832  * @description
-4833  * This static method converts from OID name to OID string.
-4834  * If OID is undefined then it returns empty string (i.e. '').
-4835  * @example
-4836  * KJUR.asn1.x509.OID.name2oid("authorityInfoAccess") → "1.3.6.1.5.5.7.1.1"
-4837  * KJUR.asn1.x509.OID.name2oid("1.2.3.4") → "1.2.3.4"
-4838  * KJUR.asn1.x509.OID.name2oid("UNKNOWN NAME") → ""
-4839  */
-4840 KJUR.asn1.x509.OID.name2oid = function(name) {
-4841     if (name.match(/^[0-9.]+$/)) return name;
-4842     var list = KJUR.asn1.x509.OID.name2oidList;
-4843     if (list[name] === undefined) return '';
-4844     return list[name];
-4845 };
-4846 
-4847 /**
-4848  * X.509 certificate and CRL utilities class<br/>
-4849  * @name KJUR.asn1.x509.X509Util
-4850  * @class X.509 certificate and CRL utilities class
-4851  */
-4852 KJUR.asn1.x509.X509Util = {};
-4853 
-4854 /**
-4855  * issue a certificate in PEM format (DEPRECATED)
-4856  * @name newCertPEM
-4857  * @memberOf KJUR.asn1.x509.X509Util
-4858  * @function
-4859  * @param {Array} param JSON object of parameter to issue a certificate
-4860  * @since asn1x509 1.0.6
-4861  * @deprecated since jsrsasign 9.0.0 asn1x509 2.0.0. please move to {@link KJUR.asn1.x509.Certificate} constructor
-4862  * @description
-4863  * This method can issue a certificate by a simple
-4864  * JSON object.
-4865  * Signature value will be provided by signing with
-4866  * private key using 'cakey' parameter or
-4867  * hexadecimal signature value by 'sighex' parameter.
-4868  * <br/>
-4869  * NOTE: Algorithm parameter of AlgorithmIdentifier will
-4870  * be set automatically by default. 
-4871  * (see {@link KJUR.asn1.x509.AlgorithmIdentifier})
-4872  * from jsrsasign 7.1.1 asn1x509 1.0.20.
-4873  * <br/>
-4874  * NOTE2: 
-4875  * RSA-PSS algorithm has been supported from jsrsasign 8.0.21.
-4876  * As for RSA-PSS signature algorithm names and signing parameters 
-4877  * such as MGF function and salt length, please see
-4878  * {@link KJUR.asn1.x509.AlgorithmIdentifier} class.
-4879  *
-4880  * @example
-4881  * var certPEM = KJUR.asn1.x509.X509Util.newCertPEM({
-4882  *   serial: {int: 4},
-4883  *   sigalg: {name: 'SHA1withECDSA'},
-4884  *   issuer: {str: '/C=US/O=a'},
-4885  *   notbefore: {'str': '130504235959Z'},
-4886  *   notafter: {'str': '140504235959Z'},
-4887  *   subject: {str: '/C=US/O=b'},
-4888  *   sbjpubkey: pubKeyObj,
-4889  *   ext: [
-4890  *     {basicConstraints: {cA: true, critical: true}},
-4891  *     {keyUsage: {bin: '11'}},
-4892  *   ],
-4893  *   cakey: prvKeyObj
-4894  * });
-4895  * // -- or --
-4896  * var certPEM = KJUR.asn1.x509.X509Util.newCertPEM({
-4897  *   serial: {int: 4},
-4898  *   sigalg: {name: 'SHA1withECDSA'},
-4899  *   issuer: {str: '/C=US/O=a'},
-4900  *   notbefore: {'str': '130504235959Z'},
-4901  *   notafter: {'str': '140504235959Z'},
-4902  *   subject: {str: '/C=US/O=b'},
-4903  *   sbjpubkey: pubKeyPEM,
-4904  *   ext: [
-4905  *     {basicConstraints: {cA: true, critical: true}},
-4906  *     {keyUsage: {bin: '11'}},
-4907  *   ],
-4908  *   cakey: [prvkey, pass]}
-4909  * );
-4910  * // -- or --
-4911  * var certPEM = KJUR.asn1.x509.X509Util.newCertPEM({
-4912  *   serial: {int: 1},
-4913  *   sigalg: {name: 'SHA1withRSA'},
-4914  *   issuer: {str: '/C=US/O=T1'},
-4915  *   notbefore: {'str': '130504235959Z'},
-4916  *   notafter: {'str': '140504235959Z'},
-4917  *   subject: {str: '/C=US/O=T1'},
-4918  *   sbjpubkey: pubKeyObj,
-4919  *   sighex: '0102030405..'
-4920  * });
-4921  * // for the issuer and subject field, another
-4922  * // representation is also available
-4923  * var certPEM = KJUR.asn1.x509.X509Util.newCertPEM({
-4924  *   serial: {int: 1},
-4925  *   sigalg: {name: 'SHA256withRSA'},
-4926  *   issuer: {C: "US", O: "T1"},
-4927  *   notbefore: {'str': '130504235959Z'},
-4928  *   notafter: {'str': '140504235959Z'},
-4929  *   subject: {C: "US", O: "T1", CN: "http://example.com/"},
-4930  *   sbjpubkey: pubKeyObj,
-4931  *   sighex: '0102030405..'
-4932  * });
-4933  */
-4934 KJUR.asn1.x509.X509Util.newCertPEM = function(param) {
-4935     var _KJUR_asn1_x509 = KJUR.asn1.x509,
-4936 	_TBSCertificate = _KJUR_asn1_x509.TBSCertificate,
-4937 	_Certificate = _KJUR_asn1_x509.Certificate;
-4938     var cert = new _Certificate(param);
-4939     return cert.getPEM();
-4940 };
-4941 
-4942 

\ No newline at end of file
+4746      * KJUR.asn1.x509.OID.registerOIDs({
+4747      *   "test1": "1.2.3",
+4748      *   "test2": "0.2.3.4.23",
+4749      * }) // successfully registered
+4750      *
+4751      * KJUR.asn1.x509.OID.name2oid("test1") → "1.2.3"
+4752      */
+4753     this.registerOIDs = function(oids) {
+4754 	if (! this.checkOIDs(oids)) return;
+4755 	for (var name in oids) {
+4756 	    this.name2oidList[name] = oids[name];
+4757 	}
+4758     };
+4759 
+4760     /**
+4761      * check validity for OID list<br/>
+4762      * @name checkOIDs
+4763      * @memberOf KJUR.asn1.x509.OID
+4764      * @function
+4765      * @param {object} oids associative array of names and oids
+4766      * @return {boolean} return true when valid OID list otherwise false
+4767      * @since jsrsasign 10.5.2 asn1x509 2.1.11
+4768      * @see KJUR.asn1.x509.OID.registOIDs
+4769      * 
+4770      * @description
+4771      * This static method validates an associative array
+4772      * as oid list.
+4773      *
+4774      * @example
+4775      * KJUR.asn1.x509.OID.checkOIDs(*non-assoc-array*) → false
+4776      * KJUR.asn1.x509.OID.checkOIDs({}) → false
+4777      * KJUR.asn1.x509.OID.checkOIDs({"test1": "apple"}) → false
+4778      * KJUR.asn1.x509.OID.checkOIDs({
+4779      *   "test1": "1.2.3",
+4780      *   "test2": "0.2.3.4.23",
+4781      * }) → true // valid oids
+4782      * KJUR.asn1.x509.OID.checkOIDs({
+4783      *   "test1": "4.5.7.8"
+4784      * }) → false // invalid oid
+4785      */
+4786     this.checkOIDs = function(oids) {
+4787 	try {
+4788 	    var nameList = Object.keys(oids);
+4789 	    if (nameList.length == 0)
+4790 		return false;
+4791 	    nameList.map(function(value, index, array) {
+4792 		var oid = this[value];
+4793 		if (! oid.match(/^[0-2]\.[0-9.]+$/))
+4794 		    throw new Error("value is not OID");
+4795 	    }, oids);
+4796 	    return true;
+4797 	} catch(ex) {
+4798 	    return false;
+4799 	}
+4800     };
+4801 
+4802 
+4803 };
+4804 
+4805 /**
+4806  * convert OID to name<br/>
+4807  * @name oid2name
+4808  * @memberOf KJUR.asn1.x509.OID
+4809  * @function
+4810  * @param {String} oid dot noted Object Identifer string (ex. 1.2.3.4)
+4811  * @return {String} OID name if registered otherwise empty string
+4812  * @since asn1x509 1.0.9
+4813  * @description
+4814  * This static method converts OID string to its name.
+4815  * If OID is undefined then it returns empty string (i.e. '').
+4816  * @example
+4817  * KJUR.asn1.x509.OID.oid2name("1.3.6.1.5.5.7.1.1") → 'authorityInfoAccess'
+4818  */
+4819 KJUR.asn1.x509.OID.oid2name = function(oid) {
+4820     var list = KJUR.asn1.x509.OID.name2oidList;
+4821     for (var name in list) {
+4822         if (list[name] == oid) return name;
+4823     }
+4824     return '';
+4825 };
+4826 
+4827 /**
+4828  * convert OID to AttributeType name<br/>
+4829  * @name oid2atype
+4830  * @memberOf KJUR.asn1.x509.OID
+4831  * @function
+4832  * @param {String} oid dot noted Object Identifer string (ex. 1.2.3.4)
+4833  * @return {String} OID AttributeType name if registered otherwise oid
+4834  * @since jsrsasign 6.2.2 asn1x509 1.0.18
+4835  * @description
+4836  * This static method converts OID string to its AttributeType name.
+4837  * If OID is not defined in OID.atype2oidList associative array then it returns OID
+4838  * specified as argument.
+4839  * @example
+4840  * KJUR.asn1.x509.OID.oid2atype("2.5.4.3") → CN
+4841  * KJUR.asn1.x509.OID.oid2atype("1.3.6.1.4.1.311.60.2.1.3") → jurisdictionOfIncorporationC
+4842  * KJUR.asn1.x509.OID.oid2atype("0.1.2.3.4") → 0.1.2.3.4 // unregistered OID
+4843  */
+4844 KJUR.asn1.x509.OID.oid2atype = function(oid) {
+4845     var list = KJUR.asn1.x509.OID.atype2oidList;
+4846     for (var atype in list) {
+4847         if (list[atype] == oid) return atype;
+4848     }
+4849     return oid;
+4850 };
+4851 
+4852 /**
+4853  * convert OID name to OID value<br/>
+4854  * @name name2oid
+4855  * @memberOf KJUR.asn1.x509.OID
+4856  * @function
+4857  * @param {String} name OID name or OID (ex. "sha1" or "1.2.3.4")
+4858  * @return {String} dot noted Object Identifer string (ex. 1.2.3.4)
+4859  * @since asn1x509 1.0.11
+4860  * @description
+4861  * This static method converts from OID name to OID string.
+4862  * If OID is undefined then it returns empty string (i.e. '').
+4863  * @example
+4864  * KJUR.asn1.x509.OID.name2oid("authorityInfoAccess") → "1.3.6.1.5.5.7.1.1"
+4865  * KJUR.asn1.x509.OID.name2oid("1.2.3.4") → "1.2.3.4"
+4866  * KJUR.asn1.x509.OID.name2oid("UNKNOWN NAME") → ""
+4867  */
+4868 KJUR.asn1.x509.OID.name2oid = function(name) {
+4869     if (name.match(/^[0-9.]+$/)) return name;
+4870     var list = KJUR.asn1.x509.OID.name2oidList;
+4871     if (list[name] === undefined) return '';
+4872     return list[name];
+4873 };
+4874 
+4875 /**
+4876  * X.509 certificate and CRL utilities class<br/>
+4877  * @name KJUR.asn1.x509.X509Util
+4878  * @class X.509 certificate and CRL utilities class
+4879  */
+4880 KJUR.asn1.x509.X509Util = {};
+4881 
+4882 /**
+4883  * issue a certificate in PEM format (DEPRECATED)
+4884  * @name newCertPEM
+4885  * @memberOf KJUR.asn1.x509.X509Util
+4886  * @function
+4887  * @param {Array} param JSON object of parameter to issue a certificate
+4888  * @since asn1x509 1.0.6
+4889  * @deprecated since jsrsasign 9.0.0 asn1x509 2.0.0. please move to {@link KJUR.asn1.x509.Certificate} constructor
+4890  * @description
+4891  * This method can issue a certificate by a simple
+4892  * JSON object.
+4893  * Signature value will be provided by signing with
+4894  * private key using 'cakey' parameter or
+4895  * hexadecimal signature value by 'sighex' parameter.
+4896  * <br/>
+4897  * NOTE: Algorithm parameter of AlgorithmIdentifier will
+4898  * be set automatically by default. 
+4899  * (see {@link KJUR.asn1.x509.AlgorithmIdentifier})
+4900  * from jsrsasign 7.1.1 asn1x509 1.0.20.
+4901  * <br/>
+4902  * NOTE2: 
+4903  * RSA-PSS algorithm has been supported from jsrsasign 8.0.21.
+4904  * As for RSA-PSS signature algorithm names and signing parameters 
+4905  * such as MGF function and salt length, please see
+4906  * {@link KJUR.asn1.x509.AlgorithmIdentifier} class.
+4907  *
+4908  * @example
+4909  * var certPEM = KJUR.asn1.x509.X509Util.newCertPEM({
+4910  *   serial: {int: 4},
+4911  *   sigalg: {name: 'SHA1withECDSA'},
+4912  *   issuer: {str: '/C=US/O=a'},
+4913  *   notbefore: {'str': '130504235959Z'},
+4914  *   notafter: {'str': '140504235959Z'},
+4915  *   subject: {str: '/C=US/O=b'},
+4916  *   sbjpubkey: pubKeyObj,
+4917  *   ext: [
+4918  *     {basicConstraints: {cA: true, critical: true}},
+4919  *     {keyUsage: {bin: '11'}},
+4920  *   ],
+4921  *   cakey: prvKeyObj
+4922  * });
+4923  * // -- or --
+4924  * var certPEM = KJUR.asn1.x509.X509Util.newCertPEM({
+4925  *   serial: {int: 4},
+4926  *   sigalg: {name: 'SHA1withECDSA'},
+4927  *   issuer: {str: '/C=US/O=a'},
+4928  *   notbefore: {'str': '130504235959Z'},
+4929  *   notafter: {'str': '140504235959Z'},
+4930  *   subject: {str: '/C=US/O=b'},
+4931  *   sbjpubkey: pubKeyPEM,
+4932  *   ext: [
+4933  *     {basicConstraints: {cA: true, critical: true}},
+4934  *     {keyUsage: {bin: '11'}},
+4935  *   ],
+4936  *   cakey: [prvkey, pass]}
+4937  * );
+4938  * // -- or --
+4939  * var certPEM = KJUR.asn1.x509.X509Util.newCertPEM({
+4940  *   serial: {int: 1},
+4941  *   sigalg: {name: 'SHA1withRSA'},
+4942  *   issuer: {str: '/C=US/O=T1'},
+4943  *   notbefore: {'str': '130504235959Z'},
+4944  *   notafter: {'str': '140504235959Z'},
+4945  *   subject: {str: '/C=US/O=T1'},
+4946  *   sbjpubkey: pubKeyObj,
+4947  *   sighex: '0102030405..'
+4948  * });
+4949  * // for the issuer and subject field, another
+4950  * // representation is also available
+4951  * var certPEM = KJUR.asn1.x509.X509Util.newCertPEM({
+4952  *   serial: {int: 1},
+4953  *   sigalg: {name: 'SHA256withRSA'},
+4954  *   issuer: {C: "US", O: "T1"},
+4955  *   notbefore: {'str': '130504235959Z'},
+4956  *   notafter: {'str': '140504235959Z'},
+4957  *   subject: {C: "US", O: "T1", CN: "http://example.com/"},
+4958  *   sbjpubkey: pubKeyObj,
+4959  *   sighex: '0102030405..'
+4960  * });
+4961  */
+4962 KJUR.asn1.x509.X509Util.newCertPEM = function(param) {
+4963     var _KJUR_asn1_x509 = KJUR.asn1.x509,
+4964 	_TBSCertificate = _KJUR_asn1_x509.TBSCertificate,
+4965 	_Certificate = _KJUR_asn1_x509.Certificate;
+4966     var cert = new _Certificate(param);
+4967     return cert.getPEM();
+4968 };
+4969 
+4970
\ No newline at end of file diff --git a/api/symbols/src/base64x-1.1.js.html b/api/symbols/src/base64x-1.1.js.html index e7f73167..f822b015 100644 --- a/api/symbols/src/base64x-1.1.js.html +++ b/api/symbols/src/base64x-1.1.js.html @@ -5,7 +5,7 @@ .STRN {color: #393;} .REGX {color: #339;} .line {border-right: 1px dotted #666; color: #666; font-style: normal;} - 
  1 /* base64x-1.1.32 (c) 2012-2023 Kenji Urushima | kjur.github.io/jsrsasign/license
+	
  1 /* base64x-1.1.33 (c) 2012-2023 Kenji Urushima | kjur.github.io/jsrsasign/license
   2  */
   3 /*
   4  * base64x.js - Base64url and supplementary functions for Tom Wu's base64.js library
@@ -23,7 +23,7 @@
  16  * @fileOverview
  17  * @name base64x-1.1.js
  18  * @author Kenji Urushima kenji.urushima@gmail.com
- 19  * @version jsrsasign 10.8.0 base64x 1.1.32 (2023-Apr-08)
+ 19  * @version jsrsasign 10.8.4 base64x 1.1.33 (2023-Apr-26)
  20  * @since jsrsasign 2.1
  21  * @license <a href="https://kjur.github.io/jsrsasign/license/">MIT License</a>
  22  */
@@ -540,1525 +540,1527 @@
 533  * 7890
 534  */
 535 function foldnl(s, n) {
-536     return s.replace(new RegExp('(.{' + n + '})', 'g'), "$1\r\n");
-537 }
-538 
-539 /**
-540  * convert a Base64 encoded string with new lines to a hexadecimal string<br/>
-541  * @name b64nltohex
-542  * @function
-543  * @param {String} s Base64 encoded string with new lines
-544  * @return {String} hexadecimal string
-545  * @since base64x 1.1.3
-546  * @description
-547  * This function converts from a Base64 encoded
-548  * string with new lines to a hexadecimal string.
-549  * This is useful to handle PEM encoded file.
-550  * This function removes any non-Base64 characters (i.e. not 0-9,A-Z,a-z,\,+,=)
-551  * including new line.
-552  * @example
-553  * hextob64nl(
-554  * "MTIzNDU2Nzg5MDEyMzQ1Njc4OTAxMjM0NTY3ODkwMTIzNDU2Nzg5MDEyMzQ1Njc4\r\n" +
-555  * "OTAxMjM0NTY3ODkwCg==\r\n")
-556  * →
-557  * "123456789012345678901234567890123456789012345678901234567890"
-558  */
-559 function b64nltohex(s) {
-560     var b64 = s.replace(/[^0-9A-Za-z\/+=]*/g, '');
-561     var hex = b64tohex(b64);
-562     return hex;
-563 } 
-564 
-565 // ==== b64 / pem =========================================
-566 /**
-567  * get PEM string from Base64 string
-568  * @name b64topem
-569  * @function
-570  * @param {string} b64 Base64 string of PEM body
-571  * @param {string} pemHeader PEM header string (ex. 'RSA PRIVATE KEY')
-572  * @return {string} PEM formatted string of input data
-573  * @since jsrasign 10.7.0 base64x 1.1.31
-574  * @description
-575  * This function converts a Base64 string to a PEM string with
-576  * a specified header. Its line break will be CRLF("\r\n").
-577  * @example
-578  * b64topem('YWFh', 'RSA PRIVATE KEY') →
-579  * -----BEGIN PRIVATE KEY-----
-580  * YWFh
-581  * -----END PRIVATE KEY-----
-582  */
-583 function b64topem(b64, pemHeader) {
-584     return "-----BEGIN " + pemHeader + "-----\r\n" + 
-585 	foldnl(b64, 64) +
-586         "\r\n-----END " + pemHeader + "-----\r\n";
-587 }
-588 
-589 
+536     s = s.replace(new RegExp('(.{' + n + '})', 'g'), "$1\r\n");
+537     s = s.replace(/\s+$/, '');
+538     return s;
+539 }
+540 
+541 /**
+542  * convert a Base64 encoded string with new lines to a hexadecimal string<br/>
+543  * @name b64nltohex
+544  * @function
+545  * @param {String} s Base64 encoded string with new lines
+546  * @return {String} hexadecimal string
+547  * @since base64x 1.1.3
+548  * @description
+549  * This function converts from a Base64 encoded
+550  * string with new lines to a hexadecimal string.
+551  * This is useful to handle PEM encoded file.
+552  * This function removes any non-Base64 characters (i.e. not 0-9,A-Z,a-z,\,+,=)
+553  * including new line.
+554  * @example
+555  * hextob64nl(
+556  * "MTIzNDU2Nzg5MDEyMzQ1Njc4OTAxMjM0NTY3ODkwMTIzNDU2Nzg5MDEyMzQ1Njc4\r\n" +
+557  * "OTAxMjM0NTY3ODkwCg==\r\n")
+558  * →
+559  * "123456789012345678901234567890123456789012345678901234567890"
+560  */
+561 function b64nltohex(s) {
+562     var b64 = s.replace(/[^0-9A-Za-z\/+=]*/g, '');
+563     var hex = b64tohex(b64);
+564     return hex;
+565 } 
+566 
+567 // ==== b64 / pem =========================================
+568 /**
+569  * get PEM string from Base64 string
+570  * @name b64topem
+571  * @function
+572  * @param {string} b64 Base64 string of PEM body
+573  * @param {string} pemHeader PEM header string (ex. 'RSA PRIVATE KEY')
+574  * @return {string} PEM formatted string of input data
+575  * @since jsrasign 10.7.0 base64x 1.1.31
+576  * @description
+577  * This function converts a Base64 string to a PEM string with
+578  * a specified header. Its line break will be CRLF("\r\n").
+579  * @example
+580  * b64topem('YWFh', 'RSA PRIVATE KEY') →
+581  * -----BEGIN PRIVATE KEY-----
+582  * YWFh
+583  * -----END PRIVATE KEY-----
+584  */
+585 function b64topem(b64, pemHeader) {
+586     return "-----BEGIN " + pemHeader + "-----\r\n" + 
+587 	foldnl(b64, 64) +
+588         "\r\n-----END " + pemHeader + "-----\r\n";
+589 }
 590 
-591 // ==== hex / pem =========================================
+591 
 592 
-593 /**
-594  * get PEM string from hexadecimal data and header string
-595  * @name hextopem
-596  * @function
-597  * @param {String} dataHex hexadecimal string of PEM body
-598  * @param {String} pemHeader PEM header string (ex. 'RSA PRIVATE KEY')
-599  * @return {String} PEM formatted string of input data
-600  * @since jsrasign 7.2.1 base64x 1.1.12
-601  * @description
-602  * This function converts a hexadecimal string to a PEM string with
-603  * a specified header. Its line break will be CRLF("\r\n").
-604  * @example
-605  * hextopem('616161', 'RSA PRIVATE KEY') →
-606  * -----BEGIN PRIVATE KEY-----
-607  * YWFh
-608  * -----END PRIVATE KEY-----
-609  */
-610 function hextopem(dataHex, pemHeader) {
-611     return "-----BEGIN " + pemHeader + "-----\r\n" + 
-612 	foldnl(hextob64(dataHex), 64) +
-613         "\r\n-----END " + pemHeader + "-----\r\n";
-614 }
-615 
-616 /**
-617  * get hexacedimal string from PEM format data<br/>
-618  * @name pemtohex
-619  * @function
-620  * @param {String} s PEM formatted string
-621  * @param {String} sHead PEM header string without BEGIN/END(OPTION)
-622  * @return {String} hexadecimal string data of PEM contents
-623  * @since jsrsasign 7.2.1 base64x 1.1.12
-624  *
-625  * @description
-626  * This static method gets a hexacedimal string of contents 
-627  * from PEM format data. You can explicitly specify PEM header 
-628  * by sHead argument. 
-629  * Any space characters such as white space or new line
-630  * will be omitted.<br/>
-631  * NOTE: Now {@link KEYUTIL.getHexFromPEM} and {@link X509.pemToHex}
-632  * have been deprecated since jsrsasign 7.2.1. <br/>
-633  * Please use this method instead.
-634  * NOTE2: From jsrsasign 8.0.14 this can process multi
-635  * "BEGIN...END" section such as "EC PRIVATE KEY" with "EC PARAMETERS".<br/>
-636  *
-637  * @example
-638  * pemtohex("-----BEGIN PUBLIC KEY...") → "3082..."
-639  * pemtohex("-----BEGIN CERTIFICATE...", "CERTIFICATE") → "3082..."
-640  * pemtohex(" \r\n-----BEGIN DSA PRIVATE KEY...") → "3082..."
-641  * pemtohex("-----BEGIN EC PARAMETERS...----BEGIN EC PRIVATE KEY...." → "3082..."
-642  */
-643 function pemtohex(s, sHead) {
-644     if (s.indexOf("-----BEGIN ") == -1)
-645         throw new Error("can't find PEM header");
-646 
-647     if (sHead !== undefined) {
-648         s = s.replace(new RegExp('^[^]*-----BEGIN ' + sHead + '-----'), '');
-649         s = s.replace(new RegExp('-----END ' + sHead + '-----[^]*$'), '');
-650     } else {
-651         s = s.replace(/^[^]*-----BEGIN [^-]+-----/, '');
-652         s = s.replace(/-----END [^-]+-----[^]*$/, '');
-653     }
-654     return b64nltohex(s);
-655 }
-656 
-657 /**
-658  * get Base64 string from PEM format data<br/>
-659  * @name pemtob64
-660  * @function
-661  * @param {string} s PEM formatted string
-662  * @return {string} Base64 string or null
-663  * @since jsrsasign 10.7.0 base64x 1.1.31
-664  *
-665  * @description
-666  * This static method gets a Base64 string of contents 
-667  * from PEM format data.
-668  * When s is not PEM data, it returns null.
-669  *
-670  * @example
-671  * pemtohex("-----BEGIN CERTIFICATE...", "CERTIFICATE") → "MIIBvTCC..."
-672  */
-673 function pemtob64(s) {
-674     if (s.indexOf("-----BEGIN ") == -1 ||
-675         s.indexOf("-----END ") == -1 ) return null;
-676     s = s.replace(/^[\s\S]*?-----BEGIN [^-]+-----/m, '');
-677     s = s.replace(/-----END [\s\S]+$/m, '');
-678     s = s.replace(/\s+/g, '');
-679     return (s.match(/^[0-9a-zA-Z+/=]+$/)) ? s : null;
-680 }
-681 
-682 // ==== hex / ArrayBuffer =================================
+593 // ==== hex / pem =========================================
+594 
+595 /**
+596  * get PEM string from hexadecimal data and header string
+597  * @name hextopem
+598  * @function
+599  * @param {String} dataHex hexadecimal string of PEM body
+600  * @param {String} pemHeader PEM header string (ex. 'RSA PRIVATE KEY')
+601  * @return {String} PEM formatted string of input data
+602  * @since jsrasign 7.2.1 base64x 1.1.12
+603  * @description
+604  * This function converts a hexadecimal string to a PEM string with
+605  * a specified header. Its line break will be CRLF("\r\n").
+606  * @example
+607  * hextopem('616161', 'RSA PRIVATE KEY') →
+608  * -----BEGIN PRIVATE KEY-----
+609  * YWFh
+610  * -----END PRIVATE KEY-----
+611  */
+612 function hextopem(dataHex, pemHeader) {
+613     return "-----BEGIN " + pemHeader + "-----\r\n" + 
+614 	foldnl(hextob64(dataHex), 64) +
+615         "\r\n-----END " + pemHeader + "-----\r\n";
+616 }
+617 
+618 /**
+619  * get hexacedimal string from PEM format data<br/>
+620  * @name pemtohex
+621  * @function
+622  * @param {String} s PEM formatted string
+623  * @param {String} sHead PEM header string without BEGIN/END(OPTION)
+624  * @return {String} hexadecimal string data of PEM contents
+625  * @since jsrsasign 7.2.1 base64x 1.1.12
+626  *
+627  * @description
+628  * This static method gets a hexacedimal string of contents 
+629  * from PEM format data. You can explicitly specify PEM header 
+630  * by sHead argument. 
+631  * Any space characters such as white space or new line
+632  * will be omitted.<br/>
+633  * NOTE: Now {@link KEYUTIL.getHexFromPEM} and {@link X509.pemToHex}
+634  * have been deprecated since jsrsasign 7.2.1. <br/>
+635  * Please use this method instead.
+636  * NOTE2: From jsrsasign 8.0.14 this can process multi
+637  * "BEGIN...END" section such as "EC PRIVATE KEY" with "EC PARAMETERS".<br/>
+638  *
+639  * @example
+640  * pemtohex("-----BEGIN PUBLIC KEY...") → "3082..."
+641  * pemtohex("-----BEGIN CERTIFICATE...", "CERTIFICATE") → "3082..."
+642  * pemtohex(" \r\n-----BEGIN DSA PRIVATE KEY...") → "3082..."
+643  * pemtohex("-----BEGIN EC PARAMETERS...----BEGIN EC PRIVATE KEY...." → "3082..."
+644  */
+645 function pemtohex(s, sHead) {
+646     if (s.indexOf("-----BEGIN ") == -1)
+647         throw new Error("can't find PEM header");
+648 
+649     if (sHead !== undefined) {
+650         s = s.replace(new RegExp('^[^]*-----BEGIN ' + sHead + '-----'), '');
+651         s = s.replace(new RegExp('-----END ' + sHead + '-----[^]*$'), '');
+652     } else {
+653         s = s.replace(/^[^]*-----BEGIN [^-]+-----/, '');
+654         s = s.replace(/-----END [^-]+-----[^]*$/, '');
+655     }
+656     return b64nltohex(s);
+657 }
+658 
+659 /**
+660  * get Base64 string from PEM format data<br/>
+661  * @name pemtob64
+662  * @function
+663  * @param {string} s PEM formatted string
+664  * @return {string} Base64 string or null
+665  * @since jsrsasign 10.7.0 base64x 1.1.31
+666  *
+667  * @description
+668  * This static method gets a Base64 string of contents 
+669  * from PEM format data.
+670  * When s is not PEM data, it returns null.
+671  *
+672  * @example
+673  * pemtohex("-----BEGIN CERTIFICATE...", "CERTIFICATE") → "MIIBvTCC..."
+674  */
+675 function pemtob64(s) {
+676     if (s.indexOf("-----BEGIN ") == -1 ||
+677         s.indexOf("-----END ") == -1 ) return null;
+678     s = s.replace(/^[\s\S]*?-----BEGIN [^-]+-----/m, '');
+679     s = s.replace(/-----END [\s\S]+$/m, '');
+680     s = s.replace(/\s+/g, '');
+681     return (s.match(/^[0-9a-zA-Z+/=]+$/)) ? s : null;
+682 }
 683 
-684 /**
-685  * convert a hexadecimal string to an ArrayBuffer<br/>
-686  * @name hextoArrayBuffer
-687  * @function
-688  * @param {String} hex hexadecimal string
-689  * @return {ArrayBuffer} ArrayBuffer
-690  * @since jsrsasign 6.1.4 base64x 1.1.8
-691  * @description
-692  * This function converts from a hexadecimal string to an ArrayBuffer.
-693  * @example
-694  * hextoArrayBuffer("fffa01") → ArrayBuffer of [255, 250, 1]
-695  */
-696 function hextoArrayBuffer(hex) {
-697     if (hex.length % 2 != 0) throw "input is not even length";
-698     if (hex.match(/^[0-9A-Fa-f]+$/) == null) throw "input is not hexadecimal";
-699 
-700     var buffer = new ArrayBuffer(hex.length / 2);
-701     var view = new DataView(buffer);
-702 
-703     for (var i = 0; i < hex.length / 2; i++) {
-704 	view.setUint8(i, parseInt(hex.substr(i * 2, 2), 16));
-705     }
-706 
-707     return buffer;
-708 }
-709 
-710 // ==== ArrayBuffer / hex =================================
+684 // ==== hex / ArrayBuffer =================================
+685 
+686 /**
+687  * convert a hexadecimal string to an ArrayBuffer<br/>
+688  * @name hextoArrayBuffer
+689  * @function
+690  * @param {String} hex hexadecimal string
+691  * @return {ArrayBuffer} ArrayBuffer
+692  * @since jsrsasign 6.1.4 base64x 1.1.8
+693  * @description
+694  * This function converts from a hexadecimal string to an ArrayBuffer.
+695  * @example
+696  * hextoArrayBuffer("fffa01") → ArrayBuffer of [255, 250, 1]
+697  */
+698 function hextoArrayBuffer(hex) {
+699     if (hex.length % 2 != 0) throw "input is not even length";
+700     if (hex.match(/^[0-9A-Fa-f]+$/) == null) throw "input is not hexadecimal";
+701 
+702     var buffer = new ArrayBuffer(hex.length / 2);
+703     var view = new DataView(buffer);
+704 
+705     for (var i = 0; i < hex.length / 2; i++) {
+706 	view.setUint8(i, parseInt(hex.substr(i * 2, 2), 16));
+707     }
+708 
+709     return buffer;
+710 }
 711 
-712 /**
-713  * convert an ArrayBuffer to a hexadecimal string<br/>
-714  * @name ArrayBuffertohex
-715  * @function
-716  * @param {ArrayBuffer} buffer ArrayBuffer
-717  * @return {String} hexadecimal string
-718  * @since jsrsasign 6.1.4 base64x 1.1.8
-719  * @description
-720  * This function converts from an ArrayBuffer to a hexadecimal string.
-721  * @example
-722  * var buffer = new ArrayBuffer(3);
-723  * var view = new DataView(buffer);
-724  * view.setUint8(0, 0xfa);
-725  * view.setUint8(1, 0xfb);
-726  * view.setUint8(2, 0x01);
-727  * ArrayBuffertohex(buffer) → "fafb01"
-728  */
-729 function ArrayBuffertohex(buffer) {
-730     var hex = "";
-731     var view = new DataView(buffer);
-732 
-733     for (var i = 0; i < buffer.byteLength; i++) {
-734 	hex += ("00" + view.getUint8(i).toString(16)).slice(-2);
-735     }
-736 
-737     return hex;
-738 }
-739 
-740 // ==== zulu / int =================================
-741 /**
-742  * GeneralizedTime or UTCTime string to milliseconds from Unix origin<br>
-743  * @name zulutomsec
-744  * @function
-745  * @param {String} s GeneralizedTime or UTCTime string (ex. 20170412235959.384Z)
-746  * @return {Number} milliseconds from Unix origin time (i.e. Jan 1, 1970 0:00:00 UTC)
-747  * @since jsrsasign 7.1.3 base64x 1.1.9
-748  * @description
-749  * This function converts from GeneralizedTime string (i.e. YYYYMMDDHHmmSSZ) or
-750  * UTCTime string (i.e. YYMMDDHHmmSSZ) to milliseconds from Unix origin time
-751  * (i.e. Jan 1 1970 0:00:00 UTC). 
-752  * Argument string may have fraction of seconds and
-753  * its length is one or more digits such as "20170410235959.1234567Z".
-754  * As for UTCTime, if year "YY" is equal or less than 49 then it is 20YY.
-755  * If year "YY" is equal or greater than 50 then it is 19YY.
-756  * @example
-757  * zulutomsec(  "071231235959Z")       → 1199145599000 #Mon, 31 Dec 2007 23:59:59 GMT
-758  * zulutomsec(  "071231235959.1Z")     → 1199145599100 #Mon, 31 Dec 2007 23:59:59 GMT
-759  * zulutomsec(  "071231235959.12345Z") → 1199145599123 #Mon, 31 Dec 2007 23:59:59 GMT
-760  * zulutomsec("20071231235959Z")       → 1199145599000 #Mon, 31 Dec 2007 23:59:59 GMT
-761  * zulutomsec(  "931231235959Z")       → -410227201000 #Mon, 31 Dec 1956 23:59:59 GMT
-762  */
-763 function zulutomsec(s) {
-764     var year, month, day, hour, min, sec, msec, d;
-765     var sYear, sFrac, sMsec, matchResult;
-766 
-767     s = timetogen(s);
-768     matchResult = s.match(/^(\d{4})(\d\d)(\d\d)(\d\d)(\d\d)(\d\d)(|\.\d+)Z$/);
-769 
-770     if (matchResult) {
-771 	year = parseInt(matchResult[1]);
-772 	month = parseInt(matchResult[2]) - 1;
-773 	day = parseInt(matchResult[3]);
-774 	hour = parseInt(matchResult[4]);
-775 	min = parseInt(matchResult[5]);
-776 	sec = parseInt(matchResult[6]);
-777 	msec = 0;
-778 
-779 	sFrac = matchResult[7];
-780 	if (sFrac !== "") {
-781 	    sMsec = (sFrac.substr(1) + "00").substr(0, 3); // .12 -> 012
-782 	    msec = parseInt(sMsec);
-783 	}
-784 	return Date.UTC(year, month, day, hour, min, sec, msec);
-785     }
-786     throw new Error("unsupported zulu format: " + s);
-787 }
-788 
-789 /**
-790  * Unix origin milliseconds GeneralizedTime string<br>
-791  * @name msectozulu
-792  * @function
-793  * @param {number} n milliseconds from Unix origin time (i.e. Jan 1, 1970 0:00:00 UTC)
-794  * @return {string} GeneralizedTime string (ex. 20170412235959.384Z)
-795  * @since jsrsasign 10.8.0 base64x 1.1.31
-796  *
-797  * @description
-798  * This function converts from milliseconds of Unix origin time (ex. 1199145599000
-799  * for 31 Dec 2007 23:59:59 GMT) to GeneralizedTime string (i.e. YYYYMMDDHHmmSSZ).
-800  * The result string may have a fraction of second.
-801  *
-802  * @example
-803  * msectozulu(1199145599000) → "20071231235959Z"       #Mon, 31 Dec 2007 23:59:59     GMT
-804  * msectozulu(1199145599100) → "20071231235959.1Z"     #Mon, 31 Dec 2007 23:59:59.1   GMT
-805  * msectozulu(1199145599123) → "20071231235959.123Z"   #Mon, 31 Dec 2007 23:59:59.123 GMT
-806  */
-807 function msectozulu(n) {
-808     var d = new Date(n),
-809         year = ("0000" + d.getUTCFullYear()).slice(-4),
-810         mon =  ("00" + (d.getUTCMonth() + 1)).slice(-2),
-811         day =  ("00" + d.getUTCDate()).slice(-2),
-812         hour = ("00" + d.getUTCHours()).slice(-2),
-813         min =  ("00" + d.getUTCMinutes()).slice(-2),
-814         sec =  ("00" + d.getUTCSeconds()).slice(-2),
-815 	msec = ("000" + d.getUTCMilliseconds()).slice(-3);
-816     msec = msec.replace(/0+$/, '');
-817     msec = (msec != '') ? '.' + msec : msec;
-818     return year + mon + day + hour + min + sec + msec + "Z";
-819 }
-820 
-821 /**
-822  * GeneralizedTime or UTCTime string to seconds from Unix origin<br>
-823  * @name zulutosec
-824  * @function
-825  * @param {String} s GeneralizedTime or UTCTime string (ex. 20170412235959.384Z)
-826  * @return {Number} seconds from Unix origin time (i.e. Jan 1, 1970 0:00:00 UTC)
-827  * @since jsrsasign 7.1.3 base64x 1.1.9
-828  * @description
-829  * This function converts from GeneralizedTime string (i.e. YYYYMMDDHHmmSSZ) or
-830  * UTCTime string (i.e. YYMMDDHHmmSSZ) to seconds from Unix origin time
-831  * (i.e. Jan 1 1970 0:00:00 UTC). Argument string may have fraction of seconds 
-832  * however result value will be omitted.
-833  * As for UTCTime, if year "YY" is equal or less than 49 then it is 20YY.
-834  * If year "YY" is equal or greater than 50 then it is 19YY.
-835  * @example
-836  * zulutosec(  "071231235959Z")       → 1199145599 #Mon, 31 Dec 2007 23:59:59 GMT
-837  * zulutosec(  "071231235959.1Z")     → 1199145599 #Mon, 31 Dec 2007 23:59:59 GMT
-838  * zulutosec("20071231235959Z")       → 1199145599 #Mon, 31 Dec 2007 23:59:59 GMT
-839  */
-840 function zulutosec(s) {
-841     return Math.round(zulutomsec(s) / 1000.0);
-842 }
-843 
-844 // ==== zulu / Date =================================
+712 // ==== ArrayBuffer / hex =================================
+713 
+714 /**
+715  * convert an ArrayBuffer to a hexadecimal string<br/>
+716  * @name ArrayBuffertohex
+717  * @function
+718  * @param {ArrayBuffer} buffer ArrayBuffer
+719  * @return {String} hexadecimal string
+720  * @since jsrsasign 6.1.4 base64x 1.1.8
+721  * @description
+722  * This function converts from an ArrayBuffer to a hexadecimal string.
+723  * @example
+724  * var buffer = new ArrayBuffer(3);
+725  * var view = new DataView(buffer);
+726  * view.setUint8(0, 0xfa);
+727  * view.setUint8(1, 0xfb);
+728  * view.setUint8(2, 0x01);
+729  * ArrayBuffertohex(buffer) → "fafb01"
+730  */
+731 function ArrayBuffertohex(buffer) {
+732     var hex = "";
+733     var view = new DataView(buffer);
+734 
+735     for (var i = 0; i < buffer.byteLength; i++) {
+736 	hex += ("00" + view.getUint8(i).toString(16)).slice(-2);
+737     }
+738 
+739     return hex;
+740 }
+741 
+742 // ==== zulu / int =================================
+743 /**
+744  * GeneralizedTime or UTCTime string to milliseconds from Unix origin<br>
+745  * @name zulutomsec
+746  * @function
+747  * @param {String} s GeneralizedTime or UTCTime string (ex. 20170412235959.384Z)
+748  * @return {Number} milliseconds from Unix origin time (i.e. Jan 1, 1970 0:00:00 UTC)
+749  * @since jsrsasign 7.1.3 base64x 1.1.9
+750  * @description
+751  * This function converts from GeneralizedTime string (i.e. YYYYMMDDHHmmSSZ) or
+752  * UTCTime string (i.e. YYMMDDHHmmSSZ) to milliseconds from Unix origin time
+753  * (i.e. Jan 1 1970 0:00:00 UTC). 
+754  * Argument string may have fraction of seconds and
+755  * its length is one or more digits such as "20170410235959.1234567Z".
+756  * As for UTCTime, if year "YY" is equal or less than 49 then it is 20YY.
+757  * If year "YY" is equal or greater than 50 then it is 19YY.
+758  * @example
+759  * zulutomsec(  "071231235959Z")       → 1199145599000 #Mon, 31 Dec 2007 23:59:59 GMT
+760  * zulutomsec(  "071231235959.1Z")     → 1199145599100 #Mon, 31 Dec 2007 23:59:59 GMT
+761  * zulutomsec(  "071231235959.12345Z") → 1199145599123 #Mon, 31 Dec 2007 23:59:59 GMT
+762  * zulutomsec("20071231235959Z")       → 1199145599000 #Mon, 31 Dec 2007 23:59:59 GMT
+763  * zulutomsec(  "931231235959Z")       → -410227201000 #Mon, 31 Dec 1956 23:59:59 GMT
+764  */
+765 function zulutomsec(s) {
+766     var year, month, day, hour, min, sec, msec, d;
+767     var sYear, sFrac, sMsec, matchResult;
+768 
+769     s = timetogen(s);
+770     matchResult = s.match(/^(\d{4})(\d\d)(\d\d)(\d\d)(\d\d)(\d\d)(|\.\d+)Z$/);
+771 
+772     if (matchResult) {
+773 	year = parseInt(matchResult[1]);
+774 	month = parseInt(matchResult[2]) - 1;
+775 	day = parseInt(matchResult[3]);
+776 	hour = parseInt(matchResult[4]);
+777 	min = parseInt(matchResult[5]);
+778 	sec = parseInt(matchResult[6]);
+779 	msec = 0;
+780 
+781 	sFrac = matchResult[7];
+782 	if (sFrac !== "") {
+783 	    sMsec = (sFrac.substr(1) + "00").substr(0, 3); // .12 -> 012
+784 	    msec = parseInt(sMsec);
+785 	}
+786 	return Date.UTC(year, month, day, hour, min, sec, msec);
+787     }
+788     throw new Error("unsupported zulu format: " + s);
+789 }
+790 
+791 /**
+792  * Unix origin milliseconds GeneralizedTime string<br>
+793  * @name msectozulu
+794  * @function
+795  * @param {number} n milliseconds from Unix origin time (i.e. Jan 1, 1970 0:00:00 UTC)
+796  * @return {string} GeneralizedTime string (ex. 20170412235959.384Z)
+797  * @since jsrsasign 10.8.0 base64x 1.1.31
+798  *
+799  * @description
+800  * This function converts from milliseconds of Unix origin time (ex. 1199145599000
+801  * for 31 Dec 2007 23:59:59 GMT) to GeneralizedTime string (i.e. YYYYMMDDHHmmSSZ).
+802  * The result string may have a fraction of second.
+803  *
+804  * @example
+805  * msectozulu(1199145599000) → "20071231235959Z"       #Mon, 31 Dec 2007 23:59:59     GMT
+806  * msectozulu(1199145599100) → "20071231235959.1Z"     #Mon, 31 Dec 2007 23:59:59.1   GMT
+807  * msectozulu(1199145599123) → "20071231235959.123Z"   #Mon, 31 Dec 2007 23:59:59.123 GMT
+808  */
+809 function msectozulu(n) {
+810     var d = new Date(n),
+811         year = ("0000" + d.getUTCFullYear()).slice(-4),
+812         mon =  ("00" + (d.getUTCMonth() + 1)).slice(-2),
+813         day =  ("00" + d.getUTCDate()).slice(-2),
+814         hour = ("00" + d.getUTCHours()).slice(-2),
+815         min =  ("00" + d.getUTCMinutes()).slice(-2),
+816         sec =  ("00" + d.getUTCSeconds()).slice(-2),
+817 	msec = ("000" + d.getUTCMilliseconds()).slice(-3);
+818     msec = msec.replace(/0+$/, '');
+819     msec = (msec != '') ? '.' + msec : msec;
+820     return year + mon + day + hour + min + sec + msec + "Z";
+821 }
+822 
+823 /**
+824  * GeneralizedTime or UTCTime string to seconds from Unix origin<br>
+825  * @name zulutosec
+826  * @function
+827  * @param {String} s GeneralizedTime or UTCTime string (ex. 20170412235959.384Z)
+828  * @return {Number} seconds from Unix origin time (i.e. Jan 1, 1970 0:00:00 UTC)
+829  * @since jsrsasign 7.1.3 base64x 1.1.9
+830  * @description
+831  * This function converts from GeneralizedTime string (i.e. YYYYMMDDHHmmSSZ) or
+832  * UTCTime string (i.e. YYMMDDHHmmSSZ) to seconds from Unix origin time
+833  * (i.e. Jan 1 1970 0:00:00 UTC). Argument string may have fraction of seconds 
+834  * however result value will be omitted.
+835  * As for UTCTime, if year "YY" is equal or less than 49 then it is 20YY.
+836  * If year "YY" is equal or greater than 50 then it is 19YY.
+837  * @example
+838  * zulutosec(  "071231235959Z")       → 1199145599 #Mon, 31 Dec 2007 23:59:59 GMT
+839  * zulutosec(  "071231235959.1Z")     → 1199145599 #Mon, 31 Dec 2007 23:59:59 GMT
+840  * zulutosec("20071231235959Z")       → 1199145599 #Mon, 31 Dec 2007 23:59:59 GMT
+841  */
+842 function zulutosec(s) {
+843     return Math.round(zulutomsec(s) / 1000.0);
+844 }
 845 
-846 /**
-847  * GeneralizedTime or UTCTime string to Date object<br>
-848  * @name zulutodate
-849  * @function
-850  * @param {String} s GeneralizedTime or UTCTime string (ex. 20170412235959.384Z)
-851  * @return {Date} Date object for specified time
-852  * @since jsrsasign 7.1.3 base64x 1.1.9
-853  * @description
-854  * This function converts from GeneralizedTime string (i.e. YYYYMMDDHHmmSSZ) or
-855  * UTCTime string (i.e. YYMMDDHHmmSSZ) to Date object.
-856  * Argument string may have fraction of seconds and
-857  * its length is one or more digits such as "20170410235959.1234567Z".
-858  * As for UTCTime, if year "YY" is equal or less than 49 then it is 20YY.
-859  * If year "YY" is equal or greater than 50 then it is 19YY.
-860  * @example
-861  * zulutodate(  "071231235959Z").toUTCString()   → "Mon, 31 Dec 2007 23:59:59 GMT"
-862  * zulutodate(  "071231235959.1Z").toUTCString() → "Mon, 31 Dec 2007 23:59:59 GMT"
-863  * zulutodate("20071231235959Z").toUTCString()   → "Mon, 31 Dec 2007 23:59:59 GMT"
-864  * zulutodate(  "071231235959.34").getMilliseconds() → 340
-865  */
-866 function zulutodate(s) {
-867     return new Date(zulutomsec(s));
-868 }
-869 
-870 /**
-871  * Date object to zulu time string<br>
-872  * @name datetozulu
-873  * @function
-874  * @param {Date} d Date object for specified time
-875  * @param {Boolean} flagUTCTime if this is true year will be YY otherwise YYYY
-876  * @param {Boolean} flagMilli if this is true result concludes milliseconds
-877  * @return {String} GeneralizedTime or UTCTime string (ex. 20170412235959.384Z)
-878  * @since jsrsasign 7.2.0 base64x 1.1.11
-879  * @description
-880  * This function converts from Date object to GeneralizedTime string (i.e. YYYYMMDDHHmmSSZ) or
-881  * UTCTime string (i.e. YYMMDDHHmmSSZ).
-882  * As for UTCTime, if year "YY" is equal or less than 49 then it is 20YY.
-883  * If year "YY" is equal or greater than 50 then it is 19YY.
-884  * If flagMilli is true its result concludes milliseconds such like
-885  * "20170520235959.42Z". 
-886  * @example
-887  * d = new Date(Date.UTC(2017,4,20,23,59,59,670));
-888  * datetozulu(d) → "20170520235959Z"
-889  * datetozulu(d, true) → "170520235959Z"
-890  * datetozulu(d, false, true) → "20170520235959.67Z"
-891  */
-892 function datetozulu(d, flagUTCTime, flagMilli) {
-893     var s;
-894     var year = d.getUTCFullYear();
-895     if (flagUTCTime) {
-896 	if (year < 1950 || 2049 < year) 
-897 	    throw "not proper year for UTCTime: " + year;
-898 	s = ("" + year).slice(-2);
-899     } else {
-900 	s = ("000" + year).slice(-4);
-901     }
-902     s += ("0" + (d.getUTCMonth() + 1)).slice(-2);
-903     s += ("0" + d.getUTCDate()).slice(-2);
-904     s += ("0" + d.getUTCHours()).slice(-2);
-905     s += ("0" + d.getUTCMinutes()).slice(-2);
-906     s += ("0" + d.getUTCSeconds()).slice(-2);
-907     if (flagMilli) {
-908 	var milli = d.getUTCMilliseconds();
-909 	if (milli !== 0) {
-910 	    milli = ("00" + milli).slice(-3);
-911 	    milli = milli.replace(/0+$/g, "");
-912 	    s += "." + milli;
-913 	}
-914     }
-915     s += "Z";
-916     return s;
-917 }
-918 
-919 /**
-920  * GeneralizedTime or UTCTime string to GeneralizedTime<br>
-921  * @name timetogen
-922  * @function
-923  * @param {string} s GeneralizedTime or UTCTime string (ex. 20170412235959.384Z)
-924  * @return {string} GeneralizedTime
-925  * @since jsrsasign 10.7.0 base64x 1.1.31
-926  * @description
-927  * This function converts UTCTime string (i.e. YYMMDDHHmmSSZ ) to 
-928  * GeneralizedTime (YYYYMMDDHHmmSSZ) when the argument 's' is UTCTime. 
-929  * Argument string may have fraction of seconds and
-930  * its length is one or more digits such as "170410235959.1234567Z".
-931  * As for UTCTime, if year "YY" is equal or less than 49 then it is 20YY.
-932  * If year "YY" is equal or greater than 50 then it is 19YY.
-933  * @example
-934  * timetogen(  "071231235959Z") → "20071231235959Z"
-935  * timetogen(  "971231235959Z") → "19971231235959Z"
-936  * timetogen("20071231235959Z") → "20071231235959Z"
-937  * timetogen(  "971231235959.123Z") → "19971231235959.123Z"
-938  */
-939 function timetogen(s) {
-940     if (s.match(/^[0-9]{12}Z$/) || s.match(/^[0-9]{12}[.][0-9]*Z$/)) {
-941 	return (s.match(/^[0-4]/)) ? "20" + s : "19" + s;
-942     }
-943     return s;
-944 }
-945 
-946 // ==== URIComponent / hex ================================
-947 /**
-948  * convert a URLComponent string such like "%67%68" to a hexadecimal string.<br/>
-949  * @name uricmptohex
-950  * @function
-951  * @param {String} s URIComponent string such like "%67%68"
-952  * @return {String} hexadecimal string
-953  * @since 1.1
-954  */
-955 function uricmptohex(s) {
-956   return s.replace(/%/g, "");
-957 }
-958 
-959 /**
-960  * convert a hexadecimal string to a URLComponent string such like "%67%68".<br/>
-961  * @name hextouricmp
-962  * @function
-963  * @param {String} s hexadecimal string
-964  * @return {String} URIComponent string such like "%67%68"
-965  * @since 1.1
-966  */
-967 function hextouricmp(s) {
-968   return s.replace(/(..)/g, "%$1");
-969 }
-970 
-971 // ==== hex / ipv6 =================================
+846 // ==== zulu / Date =================================
+847 
+848 /**
+849  * GeneralizedTime or UTCTime string to Date object<br>
+850  * @name zulutodate
+851  * @function
+852  * @param {String} s GeneralizedTime or UTCTime string (ex. 20170412235959.384Z)
+853  * @return {Date} Date object for specified time
+854  * @since jsrsasign 7.1.3 base64x 1.1.9
+855  * @description
+856  * This function converts from GeneralizedTime string (i.e. YYYYMMDDHHmmSSZ) or
+857  * UTCTime string (i.e. YYMMDDHHmmSSZ) to Date object.
+858  * Argument string may have fraction of seconds and
+859  * its length is one or more digits such as "20170410235959.1234567Z".
+860  * As for UTCTime, if year "YY" is equal or less than 49 then it is 20YY.
+861  * If year "YY" is equal or greater than 50 then it is 19YY.
+862  * @example
+863  * zulutodate(  "071231235959Z").toUTCString()   → "Mon, 31 Dec 2007 23:59:59 GMT"
+864  * zulutodate(  "071231235959.1Z").toUTCString() → "Mon, 31 Dec 2007 23:59:59 GMT"
+865  * zulutodate("20071231235959Z").toUTCString()   → "Mon, 31 Dec 2007 23:59:59 GMT"
+866  * zulutodate(  "071231235959.34").getMilliseconds() → 340
+867  */
+868 function zulutodate(s) {
+869     return new Date(zulutomsec(s));
+870 }
+871 
+872 /**
+873  * Date object to zulu time string<br>
+874  * @name datetozulu
+875  * @function
+876  * @param {Date} d Date object for specified time
+877  * @param {Boolean} flagUTCTime if this is true year will be YY otherwise YYYY
+878  * @param {Boolean} flagMilli if this is true result concludes milliseconds
+879  * @return {String} GeneralizedTime or UTCTime string (ex. 20170412235959.384Z)
+880  * @since jsrsasign 7.2.0 base64x 1.1.11
+881  * @description
+882  * This function converts from Date object to GeneralizedTime string (i.e. YYYYMMDDHHmmSSZ) or
+883  * UTCTime string (i.e. YYMMDDHHmmSSZ).
+884  * As for UTCTime, if year "YY" is equal or less than 49 then it is 20YY.
+885  * If year "YY" is equal or greater than 50 then it is 19YY.
+886  * If flagMilli is true its result concludes milliseconds such like
+887  * "20170520235959.42Z". 
+888  * @example
+889  * d = new Date(Date.UTC(2017,4,20,23,59,59,670));
+890  * datetozulu(d) → "20170520235959Z"
+891  * datetozulu(d, true) → "170520235959Z"
+892  * datetozulu(d, false, true) → "20170520235959.67Z"
+893  */
+894 function datetozulu(d, flagUTCTime, flagMilli) {
+895     var s;
+896     var year = d.getUTCFullYear();
+897     if (flagUTCTime) {
+898 	if (year < 1950 || 2049 < year) 
+899 	    throw "not proper year for UTCTime: " + year;
+900 	s = ("" + year).slice(-2);
+901     } else {
+902 	s = ("000" + year).slice(-4);
+903     }
+904     s += ("0" + (d.getUTCMonth() + 1)).slice(-2);
+905     s += ("0" + d.getUTCDate()).slice(-2);
+906     s += ("0" + d.getUTCHours()).slice(-2);
+907     s += ("0" + d.getUTCMinutes()).slice(-2);
+908     s += ("0" + d.getUTCSeconds()).slice(-2);
+909     if (flagMilli) {
+910 	var milli = d.getUTCMilliseconds();
+911 	if (milli !== 0) {
+912 	    milli = ("00" + milli).slice(-3);
+913 	    milli = milli.replace(/0+$/g, "");
+914 	    s += "." + milli;
+915 	}
+916     }
+917     s += "Z";
+918     return s;
+919 }
+920 
+921 /**
+922  * GeneralizedTime or UTCTime string to GeneralizedTime<br>
+923  * @name timetogen
+924  * @function
+925  * @param {string} s GeneralizedTime or UTCTime string (ex. 20170412235959.384Z)
+926  * @return {string} GeneralizedTime
+927  * @since jsrsasign 10.7.0 base64x 1.1.31
+928  * @description
+929  * This function converts UTCTime string (i.e. YYMMDDHHmmSSZ ) to 
+930  * GeneralizedTime (YYYYMMDDHHmmSSZ) when the argument 's' is UTCTime. 
+931  * Argument string may have fraction of seconds and
+932  * its length is one or more digits such as "170410235959.1234567Z".
+933  * As for UTCTime, if year "YY" is equal or less than 49 then it is 20YY.
+934  * If year "YY" is equal or greater than 50 then it is 19YY.
+935  * @example
+936  * timetogen(  "071231235959Z") → "20071231235959Z"
+937  * timetogen(  "971231235959Z") → "19971231235959Z"
+938  * timetogen("20071231235959Z") → "20071231235959Z"
+939  * timetogen(  "971231235959.123Z") → "19971231235959.123Z"
+940  */
+941 function timetogen(s) {
+942     if (s.match(/^[0-9]{12}Z$/) || s.match(/^[0-9]{12}[.][0-9]*Z$/)) {
+943 	return (s.match(/^[0-4]/)) ? "20" + s : "19" + s;
+944     }
+945     return s;
+946 }
+947 
+948 // ==== URIComponent / hex ================================
+949 /**
+950  * convert a URLComponent string such like "%67%68" to a hexadecimal string.<br/>
+951  * @name uricmptohex
+952  * @function
+953  * @param {String} s URIComponent string such like "%67%68"
+954  * @return {String} hexadecimal string
+955  * @since 1.1
+956  */
+957 function uricmptohex(s) {
+958   return s.replace(/%/g, "");
+959 }
+960 
+961 /**
+962  * convert a hexadecimal string to a URLComponent string such like "%67%68".<br/>
+963  * @name hextouricmp
+964  * @function
+965  * @param {String} s hexadecimal string
+966  * @return {String} URIComponent string such like "%67%68"
+967  * @since 1.1
+968  */
+969 function hextouricmp(s) {
+970   return s.replace(/(..)/g, "%$1");
+971 }
 972 
-973 /**
-974  * convert any IPv6 address to a 16 byte hexadecimal string
-975  * @function
-976  * @param s string of IPv6 address
-977  * @return {String} 16 byte hexadecimal string of IPv6 address
-978  * @description
-979  * This function converts any IPv6 address representation string
-980  * to a 16 byte hexadecimal string of address.
-981  * @example
-982  * 
-983  */
-984 function ipv6tohex(s) {
-985   var msgMalformedAddress = "malformed IPv6 address";
-986   if (! s.match(/^[0-9A-Fa-f:]+$/))
-987     throw msgMalformedAddress;
-988 
-989   // 1. downcase
-990   s = s.toLowerCase();
-991 
-992   // 2. expand ::
-993   var num_colon = s.split(':').length - 1;
-994   if (num_colon < 2) throw msgMalformedAddress;
-995   var colon_replacer = ':'.repeat(7 - num_colon + 2);
-996   s = s.replace('::', colon_replacer);
-997 
-998   // 3. fill zero
-999   var a = s.split(':');
-1000   if (a.length != 8) throw msgMalformedAddress;
-1001   for (var i = 0; i < 8; i++) {
-1002     a[i] = ("0000" + a[i]).slice(-4);
-1003   }
-1004   return a.join('');
-1005 }
-1006 
-1007 /**
-1008  * convert a 16 byte hexadecimal string to RFC 5952 canonicalized IPv6 address<br/>
-1009  * @name hextoipv6
-1010  * @function
-1011  * @param {String} s hexadecimal string of 16 byte IPv6 address
-1012  * @return {String} IPv6 address string canonicalized by RFC 5952
-1013  * @since jsrsasign 8.0.10 base64x 1.1.13
-1014  * @description
-1015  * This function converts a 16 byte hexadecimal string to 
-1016  * <a href="https://tools.ietf.org/html/rfc5952">RFC 5952</a>
-1017  * canonicalized IPv6 address string.
-1018  * @example
-1019  * hextoipv6("871020010db8000000000000000000000004") &rarr "2001:db8::4"
-1020  * hextoipv6("871020010db8000000000000000000") &rarr raise exception
-1021  * hextoipv6("xyzxyzxyzxyzxyzxyzxyzxyzxyzxyzxyzxyz") &rarr raise exception
-1022  */
-1023 function hextoipv6(s) {
-1024     if (! s.match(/^[0-9A-Fa-f]{32}$/))
-1025 	throw new Error("malformed IPv6 address: " + s);
-1026 
-1027     // 1. downcase
-1028     s = s.toLowerCase();
-1029 
-1030     // 2. split 4 > ["0123", "00a4", "0000", ..., "ffff"]
-1031     var a = s.match(/.{1,4}/g);
-1032 
-1033     // 3. trim leading 0 for items and join > "123:a4:0:...:ffff"
-1034     a = a.map(function(s){return s.replace(/^0+/, '')});
-1035     a = a.map(function(s){return s == '' ? '0' : s});
-1036     s = ':' + a.join(':') + ':';
-1037 
-1038     // 4. find shrinkable candidates :0:0:..:0:
-1039     var aZero = s.match(/:(0:){2,}/g);
-1040 
-1041     // 5. no shrinkable
-1042     if (aZero == null) return s.slice(1, -1);
-1043 
-1044     // 6. fix max length zero(:0:...:0:)
-1045     var sMaxZero = aZero.sort().slice(-1)[0];
-1046 
-1047     // 7. replace shrinked
-1048     s = s.replace(sMaxZero.substr(0, sMaxZero.length - 1), ':');
-1049 
-1050     // 8. trim leading ':' if not '::'
-1051     if (s.substr(0, 2) != '::') s = s.substr(1);
-1052 
-1053     // 9. trim tail ':' if not '::'
-1054     if (s.substr(-2, 2) != '::') s = s.substr(0, s.length - 1);
-1055 
-1056     return s;
-1057 }
-1058 
-1059 // ==== hex / ip =================================
+973 // ==== hex / ipv6 =================================
+974 
+975 /**
+976  * convert any IPv6 address to a 16 byte hexadecimal string
+977  * @function
+978  * @param s string of IPv6 address
+979  * @return {String} 16 byte hexadecimal string of IPv6 address
+980  * @description
+981  * This function converts any IPv6 address representation string
+982  * to a 16 byte hexadecimal string of address.
+983  * @example
+984  * 
+985  */
+986 function ipv6tohex(s) {
+987   var msgMalformedAddress = "malformed IPv6 address";
+988   if (! s.match(/^[0-9A-Fa-f:]+$/))
+989     throw msgMalformedAddress;
+990 
+991   // 1. downcase
+992   s = s.toLowerCase();
+993 
+994   // 2. expand ::
+995   var num_colon = s.split(':').length - 1;
+996   if (num_colon < 2) throw msgMalformedAddress;
+997   var colon_replacer = ':'.repeat(7 - num_colon + 2);
+998   s = s.replace('::', colon_replacer);
+999 
+1000   // 3. fill zero
+1001   var a = s.split(':');
+1002   if (a.length != 8) throw msgMalformedAddress;
+1003   for (var i = 0; i < 8; i++) {
+1004     a[i] = ("0000" + a[i]).slice(-4);
+1005   }
+1006   return a.join('');
+1007 }
+1008 
+1009 /**
+1010  * convert a 16 byte hexadecimal string to RFC 5952 canonicalized IPv6 address<br/>
+1011  * @name hextoipv6
+1012  * @function
+1013  * @param {String} s hexadecimal string of 16 byte IPv6 address
+1014  * @return {String} IPv6 address string canonicalized by RFC 5952
+1015  * @since jsrsasign 8.0.10 base64x 1.1.13
+1016  * @description
+1017  * This function converts a 16 byte hexadecimal string to 
+1018  * <a href="https://tools.ietf.org/html/rfc5952">RFC 5952</a>
+1019  * canonicalized IPv6 address string.
+1020  * @example
+1021  * hextoipv6("871020010db8000000000000000000000004") &rarr "2001:db8::4"
+1022  * hextoipv6("871020010db8000000000000000000") &rarr raise exception
+1023  * hextoipv6("xyzxyzxyzxyzxyzxyzxyzxyzxyzxyzxyzxyz") &rarr raise exception
+1024  */
+1025 function hextoipv6(s) {
+1026     if (! s.match(/^[0-9A-Fa-f]{32}$/))
+1027 	throw new Error("malformed IPv6 address: " + s);
+1028 
+1029     // 1. downcase
+1030     s = s.toLowerCase();
+1031 
+1032     // 2. split 4 > ["0123", "00a4", "0000", ..., "ffff"]
+1033     var a = s.match(/.{1,4}/g);
+1034 
+1035     // 3. trim leading 0 for items and join > "123:a4:0:...:ffff"
+1036     a = a.map(function(s){return s.replace(/^0+/, '')});
+1037     a = a.map(function(s){return s == '' ? '0' : s});
+1038     s = ':' + a.join(':') + ':';
+1039 
+1040     // 4. find shrinkable candidates :0:0:..:0:
+1041     var aZero = s.match(/:(0:){2,}/g);
+1042 
+1043     // 5. no shrinkable
+1044     if (aZero == null) return s.slice(1, -1);
+1045 
+1046     // 6. fix max length zero(:0:...:0:)
+1047     var sMaxZero = aZero.sort().slice(-1)[0];
+1048 
+1049     // 7. replace shrinked
+1050     s = s.replace(sMaxZero.substr(0, sMaxZero.length - 1), ':');
+1051 
+1052     // 8. trim leading ':' if not '::'
+1053     if (s.substr(0, 2) != '::') s = s.substr(1);
+1054 
+1055     // 9. trim tail ':' if not '::'
+1056     if (s.substr(-2, 2) != '::') s = s.substr(0, s.length - 1);
+1057 
+1058     return s;
+1059 }
 1060 
-1061 /**
-1062  * convert a hexadecimal string to IP addresss<br/>
-1063  * @name hextoip
-1064  * @function
-1065  * @param {String} s hexadecimal string of IP address
-1066  * @return {String} IP address string
-1067  * @since jsrsasign 8.0.10 base64x 1.1.13
-1068  * @see hextoipv6
-1069  * @see iptohex
-1070  *
-1071  * @description
-1072  * This function converts a hexadecimal string of IPv4 or 
-1073  * IPv6 address to IPv4 or IPv6 address string.
-1074  * If byte length is not 4 nor 16, this returns a
-1075  * hexadecimal string without conversion.
-1076  * <br/>
-1077  * NOTE: From jsrsasign 10.5.17, CIDR subnet mask notation also supported.
-1078  *
-1079  * @example
-1080  * hextoip("c0a80101") → "192.168.1.1"
-1081  * hextoip("871020010db8000000000000000000000004") &rarr "2001:db8::4"
-1082  * hextoip("c0a80100ffffff00") → "192.168.1.0/24"
-1083  * hextoip("c0a801010203") → "c0a801010203" // wrong 6 bytes
-1084  * hextoip("zzz")) → raise exception because of not hexadecimal
-1085  */
-1086 function hextoip(s) {
-1087     var malformedErr = new Error("malformed hex value");
-1088     if (! s.match(/^([0-9A-Fa-f][0-9A-Fa-f]){1,}$/))
-1089 	throw malformedErr;
-1090     if (s.length == 8) { // ipv4
-1091 	var ip;
-1092 	try {
-1093 	    ip = parseInt(s.substr(0, 2), 16) + "." +
-1094  		 parseInt(s.substr(2, 2), 16) + "." +
-1095 		 parseInt(s.substr(4, 2), 16) + "." +
-1096 		 parseInt(s.substr(6, 2), 16);
-1097 	    return ip;
-1098 	} catch (ex) {
-1099 	    throw malformedErr;
-1100 	}
-1101   } else if (s.length == 16) {
-1102       try {
-1103 	  return hextoip(s.substr(0, 8)) + "/" + ipprefixlen(s.substr(8));
-1104       } catch (ex) {
-1105 	  throw malformedErr;
-1106       }
-1107   } else if (s.length == 32) {
-1108       return hextoipv6(s);
-1109   } else if (s.length == 64) {
-1110       try {
-1111 	  return hextoipv6(s.substr(0, 32)) + "/" + ipprefixlen(s.substr(32));
-1112       } catch (ex) {
-1113 	  throw malformedErr;
-1114       }
-1115       return 
-1116   } else {
-1117     return s;
-1118   }
-1119 }
-1120 
-1121 /*
-1122  * convert subnet mask hex to ip address prefix length<br/>
-1123  * @name ipprefixlen
-1124  * @param {string} hMask hexadecimal string of ipv4/6 subnet mask (ex. "ffffff00" for v4 class C)
-1125  * @return {nummber} ip address prefix length (ex. 24 for IPv4 class C)
-1126  */
-1127 function ipprefixlen(hMask) {
-1128     var malformedErr = new Error("malformed mask");
-1129     var bMask;
-1130     try {
-1131 	bMask = new BigInteger(hMask, 16).toString(2);
-1132     } catch(ex) {
-1133 	throw malformedErr;
-1134     }
-1135     if (! bMask.match(/^1*0*$/)) throw malformedErr;
-1136     return bMask.replace(/0+$/, '').length;
-1137 }
-1138 
-1139 /**
-1140  * convert IPv4/v6 addresss to a hexadecimal string<br/>
-1141  * @name iptohex
-1142  * @function
-1143  * @param {String} s IPv4/v6 address string
-1144  * @return {String} hexadecimal string of IP address
-1145  * @since jsrsasign 8.0.12 base64x 1.1.14
-1146  * @see hextoip
-1147  * @see ipv6tohex
-1148  *
-1149  * @description
-1150  * This function converts IPv4 or IPv6 address string to
-1151  * a hexadecimal string of IPv4 or IPv6 address.
-1152  * <br/>
-1153  * NOTE: From jsrsasign 10.5.17, CIDR net mask notation also supported.
-1154  *
-1155  * @example
-1156  * iptohex("192.168.1.1") → "c0a80101"
-1157  * iptohex("2001:db8::4") → "871020010db8000000000000000000000004"
-1158  * iptohex("192.168.1.1/24") → "c0a80101ffffff00"
-1159  * iptohex("2001:db8::/120") → "871020010db8000000000000000000000000ffffffffffffffffffffffffffffffffff00"
-1160  * iptohex("zzz")) → raise exception
-1161  */
-1162 function iptohex(s) {
-1163     var malformedErr = new Error("malformed IP address");
-1164     s = s.toLowerCase(s);
-1165 
-1166     if (! s.match(/^[0-9a-f.:/]+$/) ) throw malformedErr;
+1061 // ==== hex / ip =================================
+1062 
+1063 /**
+1064  * convert a hexadecimal string to IP addresss<br/>
+1065  * @name hextoip
+1066  * @function
+1067  * @param {String} s hexadecimal string of IP address
+1068  * @return {String} IP address string
+1069  * @since jsrsasign 8.0.10 base64x 1.1.13
+1070  * @see hextoipv6
+1071  * @see iptohex
+1072  *
+1073  * @description
+1074  * This function converts a hexadecimal string of IPv4 or 
+1075  * IPv6 address to IPv4 or IPv6 address string.
+1076  * If byte length is not 4 nor 16, this returns a
+1077  * hexadecimal string without conversion.
+1078  * <br/>
+1079  * NOTE: From jsrsasign 10.5.17, CIDR subnet mask notation also supported.
+1080  *
+1081  * @example
+1082  * hextoip("c0a80101") → "192.168.1.1"
+1083  * hextoip("871020010db8000000000000000000000004") &rarr "2001:db8::4"
+1084  * hextoip("c0a80100ffffff00") → "192.168.1.0/24"
+1085  * hextoip("c0a801010203") → "c0a801010203" // wrong 6 bytes
+1086  * hextoip("zzz")) → raise exception because of not hexadecimal
+1087  */
+1088 function hextoip(s) {
+1089     var malformedErr = new Error("malformed hex value");
+1090     if (! s.match(/^([0-9A-Fa-f][0-9A-Fa-f]){1,}$/))
+1091 	throw malformedErr;
+1092     if (s.length == 8) { // ipv4
+1093 	var ip;
+1094 	try {
+1095 	    ip = parseInt(s.substr(0, 2), 16) + "." +
+1096  		 parseInt(s.substr(2, 2), 16) + "." +
+1097 		 parseInt(s.substr(4, 2), 16) + "." +
+1098 		 parseInt(s.substr(6, 2), 16);
+1099 	    return ip;
+1100 	} catch (ex) {
+1101 	    throw malformedErr;
+1102 	}
+1103   } else if (s.length == 16) {
+1104       try {
+1105 	  return hextoip(s.substr(0, 8)) + "/" + ipprefixlen(s.substr(8));
+1106       } catch (ex) {
+1107 	  throw malformedErr;
+1108       }
+1109   } else if (s.length == 32) {
+1110       return hextoipv6(s);
+1111   } else if (s.length == 64) {
+1112       try {
+1113 	  return hextoipv6(s.substr(0, 32)) + "/" + ipprefixlen(s.substr(32));
+1114       } catch (ex) {
+1115 	  throw malformedErr;
+1116       }
+1117       return 
+1118   } else {
+1119     return s;
+1120   }
+1121 }
+1122 
+1123 /*
+1124  * convert subnet mask hex to ip address prefix length<br/>
+1125  * @name ipprefixlen
+1126  * @param {string} hMask hexadecimal string of ipv4/6 subnet mask (ex. "ffffff00" for v4 class C)
+1127  * @return {nummber} ip address prefix length (ex. 24 for IPv4 class C)
+1128  */
+1129 function ipprefixlen(hMask) {
+1130     var malformedErr = new Error("malformed mask");
+1131     var bMask;
+1132     try {
+1133 	bMask = new BigInteger(hMask, 16).toString(2);
+1134     } catch(ex) {
+1135 	throw malformedErr;
+1136     }
+1137     if (! bMask.match(/^1*0*$/)) throw malformedErr;
+1138     return bMask.replace(/0+$/, '').length;
+1139 }
+1140 
+1141 /**
+1142  * convert IPv4/v6 addresss to a hexadecimal string<br/>
+1143  * @name iptohex
+1144  * @function
+1145  * @param {String} s IPv4/v6 address string
+1146  * @return {String} hexadecimal string of IP address
+1147  * @since jsrsasign 8.0.12 base64x 1.1.14
+1148  * @see hextoip
+1149  * @see ipv6tohex
+1150  *
+1151  * @description
+1152  * This function converts IPv4 or IPv6 address string to
+1153  * a hexadecimal string of IPv4 or IPv6 address.
+1154  * <br/>
+1155  * NOTE: From jsrsasign 10.5.17, CIDR net mask notation also supported.
+1156  *
+1157  * @example
+1158  * iptohex("192.168.1.1") → "c0a80101"
+1159  * iptohex("2001:db8::4") → "871020010db8000000000000000000000004"
+1160  * iptohex("192.168.1.1/24") → "c0a80101ffffff00"
+1161  * iptohex("2001:db8::/120") → "871020010db8000000000000000000000000ffffffffffffffffffffffffffffffffff00"
+1162  * iptohex("zzz")) → raise exception
+1163  */
+1164 function iptohex(s) {
+1165     var malformedErr = new Error("malformed IP address");
+1166     s = s.toLowerCase(s);
 1167 
-1168     if (s.match(/^[0-9.]+$/)) {
-1169 	var a = s.split(".");
-1170 	if (a.length !== 4) throw malformedErr;
-1171 	var hex = "";
-1172 	try {
-1173 	    for (var i = 0; i < 4; i++) {
-1174 		var d = parseInt(a[i]);
-1175 		hex += ("0" + d.toString(16)).slice(-2);
-1176 	    }
-1177 	    return hex;
-1178 	} catch(ex) {
-1179 	    throw malformedErr;
-1180 	}
-1181     } else if (s.match(/^[0-9.]+\/[0-9]+$/)) {
-1182 	var aItem = s.split("/");
-1183 	return iptohex(aItem[0]) + ipnetmask(parseInt(aItem[1]), 32);
-1184     } else if (s.match(/^[0-9a-f:]+$/) && s.indexOf(":") !== -1) {
-1185 	return ipv6tohex(s);
-1186     } else if (s.match(/^[0-9a-f:]+\/[0-9]+$/) && s.indexOf(":") !== -1) {
-1187 	var aItem = s.split("/");
-1188 	return ipv6tohex(aItem[0]) + ipnetmask(parseInt(aItem[1]), 128);
-1189     } else {
-1190 	throw malformedErr;
-1191     }
-1192 }
-1193 
-1194 /*
-1195  * convert ip prefix length to net mask octets<br/>
-1196  * @param {number} prefixlen ip prefix length value (ex. 24 for IPv4 class C)
-1197  * @param {number} len ip address length (ex. 32 for IPv4 and 128 for IPv6)
-1198  * @return {string} hexadecimal string of net mask octets
-1199  * @example
-1200  * ipnetmask(24, 32) → "ffffff00" 
-1201  * ipnetmask(120, 128) → "ffffffffffffffffffffffffffffff00"
-1202  */
-1203 function ipnetmask(prefixlen, len) {
-1204     if (len == 32 && prefixlen == 0) return "00000000"; // v4
-1205     if (len == 128 && prefixlen == 0) return "00000000000000000000000000000000"; // v6
-1206     var b = Array(prefixlen + 1).join("1") + Array(len - prefixlen + 1).join("0");
-1207     return new BigInteger(b, 2).toString(16);
-1208 }
-1209 
-1210 // ==== ucs2hex / utf8 ==============================
+1168     if (! s.match(/^[0-9a-f.:/]+$/) ) throw malformedErr;
+1169 
+1170     if (s.match(/^[0-9.]+$/)) {
+1171 	var a = s.split(".");
+1172 	if (a.length !== 4) throw malformedErr;
+1173 	var hex = "";
+1174 	try {
+1175 	    for (var i = 0; i < 4; i++) {
+1176 		var d = parseInt(a[i]);
+1177 		hex += ("0" + d.toString(16)).slice(-2);
+1178 	    }
+1179 	    return hex;
+1180 	} catch(ex) {
+1181 	    throw malformedErr;
+1182 	}
+1183     } else if (s.match(/^[0-9.]+\/[0-9]+$/)) {
+1184 	var aItem = s.split("/");
+1185 	return iptohex(aItem[0]) + ipnetmask(parseInt(aItem[1]), 32);
+1186     } else if (s.match(/^[0-9a-f:]+$/) && s.indexOf(":") !== -1) {
+1187 	return ipv6tohex(s);
+1188     } else if (s.match(/^[0-9a-f:]+\/[0-9]+$/) && s.indexOf(":") !== -1) {
+1189 	var aItem = s.split("/");
+1190 	return ipv6tohex(aItem[0]) + ipnetmask(parseInt(aItem[1]), 128);
+1191     } else {
+1192 	throw malformedErr;
+1193     }
+1194 }
+1195 
+1196 /*
+1197  * convert ip prefix length to net mask octets<br/>
+1198  * @param {number} prefixlen ip prefix length value (ex. 24 for IPv4 class C)
+1199  * @param {number} len ip address length (ex. 32 for IPv4 and 128 for IPv6)
+1200  * @return {string} hexadecimal string of net mask octets
+1201  * @example
+1202  * ipnetmask(24, 32) → "ffffff00" 
+1203  * ipnetmask(120, 128) → "ffffffffffffffffffffffffffffff00"
+1204  */
+1205 function ipnetmask(prefixlen, len) {
+1206     if (len == 32 && prefixlen == 0) return "00000000"; // v4
+1207     if (len == 128 && prefixlen == 0) return "00000000000000000000000000000000"; // v6
+1208     var b = Array(prefixlen + 1).join("1") + Array(len - prefixlen + 1).join("0");
+1209     return new BigInteger(b, 2).toString(16);
+1210 }
 1211 
-1212 /**
-1213  * convert UCS-2 hexadecimal stirng to UTF-8 string<br/>
-1214  * @name ucs2hextoutf8
-1215  * @function
-1216  * @param {String} s hexadecimal string of UCS-2 string (ex. "0066")
-1217  * @return {String} UTF-8 string
-1218  * @since jsrsasign 10.1.13 base64x 1.1.20
-1219  * @description
-1220  * This function converts hexadecimal value of UCS-2 string to 
-1221  * UTF-8 string.
-1222  * @example
-1223  * ucs2hextoutf8("006600fc0072") &rarr "für"
-1224  */
-1225 /*
-1226 See: http://nomenclator.la.coocan.jp/unicode/ucs_utf.htm
-1227 UCS-2 to UTF-8
-1228 UCS-2 code point | UCS-2 bytes       | UTF-8 bytes
-1229 U+0000 .. U+007F | 00000000-0xxxxxxx | 0xxxxxxx (1 byte)
-1230 U+0080 .. U+07FF | 00000xxx-xxyyyyyy | 110xxxxx 10yyyyyy (2 byte)
-1231 U+0800 .. U+FFFF | xxxxyyyy-yyzzzzzz | 1110xxxx 10yyyyyy 10zzzzzz (3 byte)
-1232  */
-1233 function ucs2hextoutf8(s) {
-1234     function _conv(s) {
-1235 	var i1 = parseInt(s.substr(0, 2), 16);
-1236 	var i2 = parseInt(s.substr(2), 16);
-1237 	if (i1 == 0 & i2 < 0x80) { // 1 byte
-1238 	    return String.fromCharCode(i2);
-1239 	}
-1240 	if (i1 < 8) { // 2 bytes
-1241 	    var u1 = 0xc0 | ((i1 & 0x07) << 3) | ((i2 & 0xc0) >> 6);
-1242 	    var u2 = 0x80 | (i2 & 0x3f);
-1243 	    return hextoutf8(u1.toString(16) + u2.toString(16));
-1244 	}
-1245 	// 3 bytes
-1246 	var u1 = 0xe0 | ((i1 & 0xf0) >> 4);
-1247 	var u2 = 0x80 | ((i1 & 0x0f) << 2) | ((i2 & 0xc0) >> 6);
-1248 	var u3 = 0x80 | (i2 & 0x3f);
-1249 	return hextoutf8(u1.toString(16) + u2.toString(16) + u3.toString(16));
-1250     }
-1251     var a = s.match(/.{4}/g);
-1252     var a2 = a.map(_conv);
-1253     return a2.join("");
-1254 }
-1255 
-1256 // ==== URIComponent ================================
-1257 /**
-1258  * convert UTFa hexadecimal string to a URLComponent string such like "%67%68".<br/>
-1259  * Note that these "<code>0-9A-Za-z!'()*-._~</code>" characters will not
-1260  * converted to "%xx" format by builtin 'encodeURIComponent()' function.
-1261  * However this 'encodeURIComponentAll()' function will convert 
-1262  * all of characters into "%xx" format.
-1263  * @name encodeURIComponentAll
-1264  * @function
-1265  * @param {String} s hexadecimal string
-1266  * @return {String} URIComponent string such like "%67%68"
-1267  * @since 1.1
-1268  */
-1269 function encodeURIComponentAll(u8) {
-1270   var s = encodeURIComponent(u8);
-1271   var s2 = "";
-1272   for (var i = 0; i < s.length; i++) {
-1273     if (s[i] == "%") {
-1274       s2 = s2 + s.substr(i, 3);
-1275       i = i + 2;
-1276     } else {
-1277       s2 = s2 + "%" + stohex(s[i]);
-1278     }
-1279   }
-1280   return s2;
-1281 }
-1282 
-1283 // ==== new lines ================================
-1284 /**
-1285  * convert all DOS new line("\r\n") to UNIX new line("\n") in 
-1286  * a String "s".
-1287  * @name newline_toUnix
-1288  * @function
-1289  * @param {String} s string 
-1290  * @return {String} converted string
-1291  */
-1292 function newline_toUnix(s) {
-1293     s = s.replace(/\r\n/mg, "\n");
-1294     return s;
-1295 }
-1296 
-1297 /**
-1298  * convert all UNIX new line("\r\n") to DOS new line("\n") in 
-1299  * a String "s".
-1300  * @name newline_toDos
-1301  * @function
-1302  * @param {String} s string 
-1303  * @return {String} converted string
-1304  */
-1305 function newline_toDos(s) {
-1306     s = s.replace(/\r\n/mg, "\n");
-1307     s = s.replace(/\n/mg, "\r\n");
-1308     return s;
-1309 }
-1310 
-1311 // ==== string type checker ===================
+1212 // ==== ucs2hex / utf8 ==============================
+1213 
+1214 /**
+1215  * convert UCS-2 hexadecimal stirng to UTF-8 string<br/>
+1216  * @name ucs2hextoutf8
+1217  * @function
+1218  * @param {String} s hexadecimal string of UCS-2 string (ex. "0066")
+1219  * @return {String} UTF-8 string
+1220  * @since jsrsasign 10.1.13 base64x 1.1.20
+1221  * @description
+1222  * This function converts hexadecimal value of UCS-2 string to 
+1223  * UTF-8 string.
+1224  * @example
+1225  * ucs2hextoutf8("006600fc0072") &rarr "für"
+1226  */
+1227 /*
+1228 See: http://nomenclator.la.coocan.jp/unicode/ucs_utf.htm
+1229 UCS-2 to UTF-8
+1230 UCS-2 code point | UCS-2 bytes       | UTF-8 bytes
+1231 U+0000 .. U+007F | 00000000-0xxxxxxx | 0xxxxxxx (1 byte)
+1232 U+0080 .. U+07FF | 00000xxx-xxyyyyyy | 110xxxxx 10yyyyyy (2 byte)
+1233 U+0800 .. U+FFFF | xxxxyyyy-yyzzzzzz | 1110xxxx 10yyyyyy 10zzzzzz (3 byte)
+1234  */
+1235 function ucs2hextoutf8(s) {
+1236     function _conv(s) {
+1237 	var i1 = parseInt(s.substr(0, 2), 16);
+1238 	var i2 = parseInt(s.substr(2), 16);
+1239 	if (i1 == 0 & i2 < 0x80) { // 1 byte
+1240 	    return String.fromCharCode(i2);
+1241 	}
+1242 	if (i1 < 8) { // 2 bytes
+1243 	    var u1 = 0xc0 | ((i1 & 0x07) << 3) | ((i2 & 0xc0) >> 6);
+1244 	    var u2 = 0x80 | (i2 & 0x3f);
+1245 	    return hextoutf8(u1.toString(16) + u2.toString(16));
+1246 	}
+1247 	// 3 bytes
+1248 	var u1 = 0xe0 | ((i1 & 0xf0) >> 4);
+1249 	var u2 = 0x80 | ((i1 & 0x0f) << 2) | ((i2 & 0xc0) >> 6);
+1250 	var u3 = 0x80 | (i2 & 0x3f);
+1251 	return hextoutf8(u1.toString(16) + u2.toString(16) + u3.toString(16));
+1252     }
+1253     var a = s.match(/.{4}/g);
+1254     var a2 = a.map(_conv);
+1255     return a2.join("");
+1256 }
+1257 
+1258 // ==== URIComponent ================================
+1259 /**
+1260  * convert UTFa hexadecimal string to a URLComponent string such like "%67%68".<br/>
+1261  * Note that these "<code>0-9A-Za-z!'()*-._~</code>" characters will not
+1262  * converted to "%xx" format by builtin 'encodeURIComponent()' function.
+1263  * However this 'encodeURIComponentAll()' function will convert 
+1264  * all of characters into "%xx" format.
+1265  * @name encodeURIComponentAll
+1266  * @function
+1267  * @param {String} s hexadecimal string
+1268  * @return {String} URIComponent string such like "%67%68"
+1269  * @since 1.1
+1270  */
+1271 function encodeURIComponentAll(u8) {
+1272   var s = encodeURIComponent(u8);
+1273   var s2 = "";
+1274   for (var i = 0; i < s.length; i++) {
+1275     if (s[i] == "%") {
+1276       s2 = s2 + s.substr(i, 3);
+1277       i = i + 2;
+1278     } else {
+1279       s2 = s2 + "%" + stohex(s[i]);
+1280     }
+1281   }
+1282   return s2;
+1283 }
+1284 
+1285 // ==== new lines ================================
+1286 /**
+1287  * convert all DOS new line("\r\n") to UNIX new line("\n") in 
+1288  * a String "s".
+1289  * @name newline_toUnix
+1290  * @function
+1291  * @param {String} s string 
+1292  * @return {String} converted string
+1293  */
+1294 function newline_toUnix(s) {
+1295     s = s.replace(/\r\n/mg, "\n");
+1296     return s;
+1297 }
+1298 
+1299 /**
+1300  * convert all UNIX new line("\r\n") to DOS new line("\n") in 
+1301  * a String "s".
+1302  * @name newline_toDos
+1303  * @function
+1304  * @param {String} s string 
+1305  * @return {String} converted string
+1306  */
+1307 function newline_toDos(s) {
+1308     s = s.replace(/\r\n/mg, "\n");
+1309     s = s.replace(/\n/mg, "\r\n");
+1310     return s;
+1311 }
 1312 
-1313 /**
-1314  * check whether a string is an integer string or not<br/>
-1315  * @name isInteger
-1316  * @memberOf KJUR.lang.String
-1317  * @function
-1318  * @static
-1319  * @param {String} s input string
-1320  * @return {Boolean} true if a string "s" is an integer string otherwise false
-1321  * @since base64x 1.1.7 jsrsasign 5.0.13
-1322  * @example
-1323  * KJUR.lang.String.isInteger("12345") → true
-1324  * KJUR.lang.String.isInteger("123ab") → false
-1325  */
-1326 KJUR.lang.String.isInteger = function(s) {
-1327     if (s.match(/^[0-9]+$/)) {
-1328 	return true;
-1329     } else if (s.match(/^-[0-9]+$/)) {
+1313 // ==== string type checker ===================
+1314 
+1315 /**
+1316  * check whether a string is an integer string or not<br/>
+1317  * @name isInteger
+1318  * @memberOf KJUR.lang.String
+1319  * @function
+1320  * @static
+1321  * @param {String} s input string
+1322  * @return {Boolean} true if a string "s" is an integer string otherwise false
+1323  * @since base64x 1.1.7 jsrsasign 5.0.13
+1324  * @example
+1325  * KJUR.lang.String.isInteger("12345") → true
+1326  * KJUR.lang.String.isInteger("123ab") → false
+1327  */
+1328 KJUR.lang.String.isInteger = function(s) {
+1329     if (s.match(/^[0-9]+$/)) {
 1330 	return true;
-1331     } else {
-1332 	return false;
-1333     }
-1334 };
-1335 
-1336 /**
-1337  * check whether a string is an hexadecimal string or not (DEPRECATED)<br/>
-1338  * @name isHex
-1339  * @memberOf KJUR.lang.String
-1340  * @function
-1341  * @static
-1342  * @param {String} s input string
-1343  * @return {Boolean} true if a string "s" is an hexadecimal string otherwise false
-1344  * @since base64x 1.1.7 jsrsasign 5.0.13
-1345  * @deprecated from 10.0.6. please use {@link ishex}
-1346  * @see ishex
-1347  * @example
-1348  * KJUR.lang.String.isHex("1234") → true
-1349  * KJUR.lang.String.isHex("12ab") → true
-1350  * KJUR.lang.String.isHex("12AB") → true
-1351  * KJUR.lang.String.isHex("12ZY") → false
-1352  * KJUR.lang.String.isHex("121") → false -- odd length
-1353  */
-1354 KJUR.lang.String.isHex = function(s) {
-1355     return ishex(s);
-1356 };
-1357 
-1358 /**
-1359  * check whether a string is an hexadecimal string or not<br/>
-1360  * @name ishex
-1361  * @function
-1362  * @static
-1363  * @param {String} s input string
-1364  * @return {Boolean} true if a string "s" is an hexadecimal string otherwise false
-1365  * @since base64x 1.1.7 jsrsasign 5.0.13
-1366  * @example
-1367  * ishex("1234") → true
-1368  * ishex("12ab") → true
-1369  * ishex("12AB") → true
-1370  * ishex("12ZY") → false
-1371  * ishex("121") → false -- odd length
-1372  */
-1373 function ishex(s) {
-1374     if (s.length % 2 == 0 &&
-1375 	(s.match(/^[0-9a-f]+$/) || s.match(/^[0-9A-F]+$/))) {
-1376 	return true;
-1377     } else {
-1378 	return false;
-1379     }
-1380 };
-1381 
-1382 /**
-1383  * check whether a string is a base64 encoded string or not<br/>
-1384  * Input string can conclude new lines or space characters.
-1385  * @name isBase64
-1386  * @memberOf KJUR.lang.String
-1387  * @function
-1388  * @static
-1389  * @param {String} s input string
-1390  * @return {Boolean} true if a string "s" is a base64 encoded string otherwise false
-1391  * @since base64x 1.1.7 jsrsasign 5.0.13
-1392  * @example
-1393  * KJUR.lang.String.isBase64("YWE=") → true
-1394  * KJUR.lang.String.isBase64("YW_=") → false
-1395  * KJUR.lang.String.isBase64("YWE") → false -- length shall be multiples of 4
-1396  */
-1397 KJUR.lang.String.isBase64 = function(s) {
-1398     s = s.replace(/\s+/g, "");
-1399     if (s.match(/^[0-9A-Za-z+\/]+={0,3}$/) && s.length % 4 == 0) {
-1400 	return true;
-1401     } else {
-1402 	return false;
-1403     }
-1404 };
-1405 
-1406 /**
-1407  * check whether a string is a base64url encoded string or not<br/>
-1408  * Input string can conclude new lines or space characters.
-1409  * @name isBase64URL
-1410  * @memberOf KJUR.lang.String
-1411  * @function
-1412  * @static
-1413  * @param {String} s input string
-1414  * @return {Boolean} true if a string "s" is a base64url encoded string otherwise false
-1415  * @since base64x 1.1.7 jsrsasign 5.0.13
-1416  * @example
-1417  * KJUR.lang.String.isBase64URL("YWE") → true
-1418  * KJUR.lang.String.isBase64URL("YW-") → true
-1419  * KJUR.lang.String.isBase64URL("YW+") → false
-1420  */
-1421 KJUR.lang.String.isBase64URL = function(s) {
-1422     if (s.match(/[+/=]/)) return false;
-1423     s = b64utob64(s);
-1424     return KJUR.lang.String.isBase64(s);
-1425 };
-1426 
-1427 
-1428 /**
-1429  * check whether a string is a base64url encoded string and dot or not<br/>
-1430  * Input string can conclude new lines or space characters.
-1431  * @name isBase64URLDot
-1432  * @function
-1433  * @static
-1434  * @param {String} s input string
-1435  * @return {Boolean} true if a string "s" is a base64url encoded string and dot otherwise false
-1436  * @since base64x 1.1.30 jsrsasign 10.5.25
-1437  * @example
-1438  * isBase64URLDot("YWE") → true
-1439  * isBase64URLDot("YWE.YWE.YWE") → true
-1440  * isBase64URLDot("YW-") → true
-1441  * isBase64URLDot("YW+") → false
-1442  */
-1443 function isBase64URLDot(s) {
-1444     if (s.match(/^[0-9A-Za-z-_.]+$/)) return true;
-1445     return false;
-1446 }
-1447 
-1448 /**
-1449  * check whether a string is a string of integer array or not<br/>
-1450  * Input string can conclude new lines or space characters.
-1451  * @name isIntegerArray
-1452  * @memberOf KJUR.lang.String
-1453  * @function
-1454  * @static
-1455  * @param {String} s input string
-1456  * @return {Boolean} true if a string "s" is a string of integer array otherwise false
-1457  * @since base64x 1.1.7 jsrsasign 5.0.13
-1458  * @example
-1459  * KJUR.lang.String.isIntegerArray("[1,2,3]") → true
-1460  * KJUR.lang.String.isIntegerArray("  [1, 2, 3  ] ") → true
-1461  * KJUR.lang.String.isIntegerArray("[a,2]") → false
-1462  */
-1463 KJUR.lang.String.isIntegerArray = function(s) {
-1464     s = s.replace(/\s+/g, "");
-1465     if (s.match(/^\[[0-9,]+\]$/)) {
-1466 	return true;
-1467     } else {
-1468 	return false;
-1469     }
-1470 };
-1471 
-1472 /**
-1473  * check whether a string consists of PrintableString characters<br/>
-1474  * @name isPrintable
-1475  * @memberOf KJUR.lang.String
-1476  * @function
-1477  * @static
-1478  * @param {String} s input string
-1479  * @return {Boolean} true if a string "s" consists of PrintableString characters
-1480  * @since jsrsasign 9.0.0 base64x 1.1.16
-1481  * A PrintableString consists of following characters
-1482  * <pre>
-1483  * 0-9A-Za-z '()+,-./:=?
-1484  * </pre>
-1485  * This method returns false when other characters than above.
-1486  * Otherwise it returns true.
-1487  * @example
-1488  * KJUR.lang.String.isPrintable("abc") → true
-1489  * KJUR.lang.String.isPrintable("abc@") → false
-1490  * KJUR.lang.String.isPrintable("あいう") → false
-1491  */
-1492 KJUR.lang.String.isPrintable = function(s) {
-1493     if (s.match(/^[0-9A-Za-z '()+,-./:=?]*$/) !== null) return true;
-1494     return false;
-1495 };
-1496 
-1497 /**
-1498  * check whether a string consists of IAString characters<br/>
-1499  * @name isIA5
-1500  * @memberOf KJUR.lang.String
-1501  * @function
-1502  * @static
-1503  * @param {String} s input string
-1504  * @return {Boolean} true if a string "s" consists of IA5String characters
-1505  * @since jsrsasign 9.0.0 base64x 1.1.16
-1506  * A IA5String consists of following characters
-1507  * <pre>
-1508  * %x00-21/%x23-7F (i.e. ASCII characters excludes double quote(%x22)
-1509  * </pre>
-1510  * This method returns false when other characters than above.
-1511  * Otherwise it returns true.
-1512  * @example
-1513  * KJUR.lang.String.isIA5("abc") → true
-1514  * KJUR.lang.String.isIA5('"abc"') → false
-1515  * KJUR.lang.String.isIA5("あいう") → false
-1516  */
-1517 KJUR.lang.String.isIA5 = function(s) {
-1518     if (s.match(/^[\x20-\x21\x23-\x7f]*$/) !== null) return true;
-1519     return false;
-1520 };
-1521 
-1522 /**
-1523  * check whether a string is RFC 822 mail address<br/>
-1524  * @name isMail
-1525  * @memberOf KJUR.lang.String
-1526  * @function
-1527  * @static
-1528  * @param {String} s input string
-1529  * @return {Boolean} true if a string "s" RFC 822 mail address
-1530  * @since jsrsasign 9.0.0 base64x 1.1.16
-1531  * This static method will check string s is RFC 822 compliant mail address.
-1532  * @example
-1533  * KJUR.lang.String.isMail("abc") → false
-1534  * KJUR.lang.String.isMail("abc@example") → false
-1535  * KJUR.lang.String.isMail("abc@example.com") → true
-1536  */
-1537 KJUR.lang.String.isMail = function(s) {
-1538     if (s.match(/^[A-Za-z0-9]{1}[A-Za-z0-9_.-]*@{1}[A-Za-z0-9_.-]{1,}\.[A-Za-z0-9]{1,}$/) !== null) return true;
-1539     return false;
-1540 };
-1541 
-1542 // ==== others ================================
+1331     } else if (s.match(/^-[0-9]+$/)) {
+1332 	return true;
+1333     } else {
+1334 	return false;
+1335     }
+1336 };
+1337 
+1338 /**
+1339  * check whether a string is an hexadecimal string or not (DEPRECATED)<br/>
+1340  * @name isHex
+1341  * @memberOf KJUR.lang.String
+1342  * @function
+1343  * @static
+1344  * @param {String} s input string
+1345  * @return {Boolean} true if a string "s" is an hexadecimal string otherwise false
+1346  * @since base64x 1.1.7 jsrsasign 5.0.13
+1347  * @deprecated from 10.0.6. please use {@link ishex}
+1348  * @see ishex
+1349  * @example
+1350  * KJUR.lang.String.isHex("1234") → true
+1351  * KJUR.lang.String.isHex("12ab") → true
+1352  * KJUR.lang.String.isHex("12AB") → true
+1353  * KJUR.lang.String.isHex("12ZY") → false
+1354  * KJUR.lang.String.isHex("121") → false -- odd length
+1355  */
+1356 KJUR.lang.String.isHex = function(s) {
+1357     return ishex(s);
+1358 };
+1359 
+1360 /**
+1361  * check whether a string is an hexadecimal string or not<br/>
+1362  * @name ishex
+1363  * @function
+1364  * @static
+1365  * @param {String} s input string
+1366  * @return {Boolean} true if a string "s" is an hexadecimal string otherwise false
+1367  * @since base64x 1.1.7 jsrsasign 5.0.13
+1368  * @example
+1369  * ishex("1234") → true
+1370  * ishex("12ab") → true
+1371  * ishex("12AB") → true
+1372  * ishex("12ZY") → false
+1373  * ishex("121") → false -- odd length
+1374  */
+1375 function ishex(s) {
+1376     if (s.length % 2 == 0 &&
+1377 	(s.match(/^[0-9a-f]+$/) || s.match(/^[0-9A-F]+$/))) {
+1378 	return true;
+1379     } else {
+1380 	return false;
+1381     }
+1382 };
+1383 
+1384 /**
+1385  * check whether a string is a base64 encoded string or not<br/>
+1386  * Input string can conclude new lines or space characters.
+1387  * @name isBase64
+1388  * @memberOf KJUR.lang.String
+1389  * @function
+1390  * @static
+1391  * @param {String} s input string
+1392  * @return {Boolean} true if a string "s" is a base64 encoded string otherwise false
+1393  * @since base64x 1.1.7 jsrsasign 5.0.13
+1394  * @example
+1395  * KJUR.lang.String.isBase64("YWE=") → true
+1396  * KJUR.lang.String.isBase64("YW_=") → false
+1397  * KJUR.lang.String.isBase64("YWE") → false -- length shall be multiples of 4
+1398  */
+1399 KJUR.lang.String.isBase64 = function(s) {
+1400     s = s.replace(/\s+/g, "");
+1401     if (s.match(/^[0-9A-Za-z+\/]+={0,3}$/) && s.length % 4 == 0) {
+1402 	return true;
+1403     } else {
+1404 	return false;
+1405     }
+1406 };
+1407 
+1408 /**
+1409  * check whether a string is a base64url encoded string or not<br/>
+1410  * Input string can conclude new lines or space characters.
+1411  * @name isBase64URL
+1412  * @memberOf KJUR.lang.String
+1413  * @function
+1414  * @static
+1415  * @param {String} s input string
+1416  * @return {Boolean} true if a string "s" is a base64url encoded string otherwise false
+1417  * @since base64x 1.1.7 jsrsasign 5.0.13
+1418  * @example
+1419  * KJUR.lang.String.isBase64URL("YWE") → true
+1420  * KJUR.lang.String.isBase64URL("YW-") → true
+1421  * KJUR.lang.String.isBase64URL("YW+") → false
+1422  */
+1423 KJUR.lang.String.isBase64URL = function(s) {
+1424     if (s.match(/[+/=]/)) return false;
+1425     s = b64utob64(s);
+1426     return KJUR.lang.String.isBase64(s);
+1427 };
+1428 
+1429 
+1430 /**
+1431  * check whether a string is a base64url encoded string and dot or not<br/>
+1432  * Input string can conclude new lines or space characters.
+1433  * @name isBase64URLDot
+1434  * @function
+1435  * @static
+1436  * @param {String} s input string
+1437  * @return {Boolean} true if a string "s" is a base64url encoded string and dot otherwise false
+1438  * @since base64x 1.1.30 jsrsasign 10.5.25
+1439  * @example
+1440  * isBase64URLDot("YWE") → true
+1441  * isBase64URLDot("YWE.YWE.YWE") → true
+1442  * isBase64URLDot("YW-") → true
+1443  * isBase64URLDot("YW+") → false
+1444  */
+1445 function isBase64URLDot(s) {
+1446     if (s.match(/^[0-9A-Za-z-_.]+$/)) return true;
+1447     return false;
+1448 }
+1449 
+1450 /**
+1451  * check whether a string is a string of integer array or not<br/>
+1452  * Input string can conclude new lines or space characters.
+1453  * @name isIntegerArray
+1454  * @memberOf KJUR.lang.String
+1455  * @function
+1456  * @static
+1457  * @param {String} s input string
+1458  * @return {Boolean} true if a string "s" is a string of integer array otherwise false
+1459  * @since base64x 1.1.7 jsrsasign 5.0.13
+1460  * @example
+1461  * KJUR.lang.String.isIntegerArray("[1,2,3]") → true
+1462  * KJUR.lang.String.isIntegerArray("  [1, 2, 3  ] ") → true
+1463  * KJUR.lang.String.isIntegerArray("[a,2]") → false
+1464  */
+1465 KJUR.lang.String.isIntegerArray = function(s) {
+1466     s = s.replace(/\s+/g, "");
+1467     if (s.match(/^\[[0-9,]+\]$/)) {
+1468 	return true;
+1469     } else {
+1470 	return false;
+1471     }
+1472 };
+1473 
+1474 /**
+1475  * check whether a string consists of PrintableString characters<br/>
+1476  * @name isPrintable
+1477  * @memberOf KJUR.lang.String
+1478  * @function
+1479  * @static
+1480  * @param {String} s input string
+1481  * @return {Boolean} true if a string "s" consists of PrintableString characters
+1482  * @since jsrsasign 9.0.0 base64x 1.1.16
+1483  * A PrintableString consists of following characters
+1484  * <pre>
+1485  * 0-9A-Za-z '()+,-./:=?
+1486  * </pre>
+1487  * This method returns false when other characters than above.
+1488  * Otherwise it returns true.
+1489  * @example
+1490  * KJUR.lang.String.isPrintable("abc") → true
+1491  * KJUR.lang.String.isPrintable("abc@") → false
+1492  * KJUR.lang.String.isPrintable("あいう") → false
+1493  */
+1494 KJUR.lang.String.isPrintable = function(s) {
+1495     if (s.match(/^[0-9A-Za-z '()+,-./:=?]*$/) !== null) return true;
+1496     return false;
+1497 };
+1498 
+1499 /**
+1500  * check whether a string consists of IAString characters<br/>
+1501  * @name isIA5
+1502  * @memberOf KJUR.lang.String
+1503  * @function
+1504  * @static
+1505  * @param {String} s input string
+1506  * @return {Boolean} true if a string "s" consists of IA5String characters
+1507  * @since jsrsasign 9.0.0 base64x 1.1.16
+1508  * A IA5String consists of following characters
+1509  * <pre>
+1510  * %x00-21/%x23-7F (i.e. ASCII characters excludes double quote(%x22)
+1511  * </pre>
+1512  * This method returns false when other characters than above.
+1513  * Otherwise it returns true.
+1514  * @example
+1515  * KJUR.lang.String.isIA5("abc") → true
+1516  * KJUR.lang.String.isIA5('"abc"') → false
+1517  * KJUR.lang.String.isIA5("あいう") → false
+1518  */
+1519 KJUR.lang.String.isIA5 = function(s) {
+1520     if (s.match(/^[\x20-\x21\x23-\x7f]*$/) !== null) return true;
+1521     return false;
+1522 };
+1523 
+1524 /**
+1525  * check whether a string is RFC 822 mail address<br/>
+1526  * @name isMail
+1527  * @memberOf KJUR.lang.String
+1528  * @function
+1529  * @static
+1530  * @param {String} s input string
+1531  * @return {Boolean} true if a string "s" RFC 822 mail address
+1532  * @since jsrsasign 9.0.0 base64x 1.1.16
+1533  * This static method will check string s is RFC 822 compliant mail address.
+1534  * @example
+1535  * KJUR.lang.String.isMail("abc") → false
+1536  * KJUR.lang.String.isMail("abc@example") → false
+1537  * KJUR.lang.String.isMail("abc@example.com") → true
+1538  */
+1539 KJUR.lang.String.isMail = function(s) {
+1540     if (s.match(/^[A-Za-z0-9]{1}[A-Za-z0-9_.-]*@{1}[A-Za-z0-9_.-]{1,}\.[A-Za-z0-9]{1,}$/) !== null) return true;
+1541     return false;
+1542 };
 1543 
-1544 /**
-1545  * canonicalize hexadecimal string of positive integer<br/>
-1546  * @name hextoposhex
-1547  * @function
-1548  * @param {String} s hexadecimal string 
-1549  * @return {String} canonicalized hexadecimal string of positive integer
-1550  * @since base64x 1.1.10 jsrsasign 7.1.4
-1551  * @description
-1552  * This method canonicalize a hexadecimal string of positive integer
-1553  * for two's complement representation.
-1554  * Canonicalized hexadecimal string of positive integer will be:
-1555  * <ul>
-1556  * <li>Its length is always even.</li>
-1557  * <li>If odd length it will be padded with leading zero.<li>
-1558  * <li>If it is even length and its first character is "8" or greater,
-1559  * it will be padded with "00" to make it positive integer.</li>
-1560  * </ul>
-1561  * @example
-1562  * hextoposhex("abcd") → "00abcd"
-1563  * hextoposhex("1234") → "1234"
-1564  * hextoposhex("12345") → "012345"
-1565  */
-1566 function hextoposhex(s) {
-1567     if (s.length % 2 == 1) return "0" + s;
-1568     if (s.substr(0, 1) > "7") return "00" + s;
-1569     return s;
-1570 }
-1571 
-1572 /**
-1573  * convert string of integer array to hexadecimal string.<br/>
-1574  * @name intarystrtohex
-1575  * @function
-1576  * @param {String} s string of integer array
-1577  * @return {String} hexadecimal string
-1578  * @since base64x 1.1.6 jsrsasign 5.0.2
-1579  * @throws "malformed integer array string: *" for wrong input
-1580  * @description
-1581  * This function converts a string of JavaScript integer array to
-1582  * a hexadecimal string. Each integer value shall be in a range 
-1583  * from 0 to 255 otherwise it raise exception. Input string can
-1584  * have extra space or newline string so that they will be ignored.
-1585  * 
-1586  * @example
-1587  * intarystrtohex(" [123, 34, 101, 34, 58] ")
-1588  * → 7b2265223a (i.e. '{"e":' as string)
-1589  */
-1590 function intarystrtohex(s) {
-1591   s = s.replace(/^\s*\[\s*/, '');
-1592   s = s.replace(/\s*\]\s*$/, '');
-1593   s = s.replace(/\s*/g, '');
-1594   try {
-1595     var hex = s.split(/,/).map(function(element, index, array) {
-1596       var i = parseInt(element);
-1597       if (i < 0 || 255 < i) throw "integer not in range 0-255";
-1598       var hI = ("00" + i.toString(16)).slice(-2);
-1599       return hI;
-1600     }).join('');
-1601     return hex;
-1602   } catch(ex) {
-1603     throw "malformed integer array string: " + ex;
-1604   }
-1605 }
-1606 
-1607 /**
-1608  * find index of string where two string differs
-1609  * @name strdiffidx
-1610  * @function
-1611  * @param {String} s1 string to compare
-1612  * @param {String} s2 string to compare
-1613  * @return {Number} string index of where character differs. Return -1 if same.
-1614  * @since jsrsasign 4.9.0 base64x 1.1.5
-1615  * @example
-1616  * strdiffidx("abcdefg", "abcd4fg") -> 4
-1617  * strdiffidx("abcdefg", "abcdefg") -> -1
-1618  * strdiffidx("abcdefg", "abcdef") -> 6
-1619  * strdiffidx("abcdefgh", "abcdef") -> 6
-1620  */
-1621 var strdiffidx = function(s1, s2) {
-1622     var n = s1.length;
-1623     if (s1.length > s2.length) n = s2.length;
-1624     for (var i = 0; i < n; i++) {
-1625 	if (s1.charCodeAt(i) != s2.charCodeAt(i)) return i;
-1626     }
-1627     if (s1.length != s2.length) return n;
-1628     return -1; // same
-1629 };
-1630 
-1631 // ==== hex / oid =================================
+1544 // ==== others ================================
+1545 
+1546 /**
+1547  * canonicalize hexadecimal string of positive integer<br/>
+1548  * @name hextoposhex
+1549  * @function
+1550  * @param {String} s hexadecimal string 
+1551  * @return {String} canonicalized hexadecimal string of positive integer
+1552  * @since base64x 1.1.10 jsrsasign 7.1.4
+1553  * @description
+1554  * This method canonicalize a hexadecimal string of positive integer
+1555  * for two's complement representation.
+1556  * Canonicalized hexadecimal string of positive integer will be:
+1557  * <ul>
+1558  * <li>Its length is always even.</li>
+1559  * <li>If odd length it will be padded with leading zero.<li>
+1560  * <li>If it is even length and its first character is "8" or greater,
+1561  * it will be padded with "00" to make it positive integer.</li>
+1562  * </ul>
+1563  * @example
+1564  * hextoposhex("abcd") → "00abcd"
+1565  * hextoposhex("1234") → "1234"
+1566  * hextoposhex("12345") → "012345"
+1567  */
+1568 function hextoposhex(s) {
+1569     if (s.length % 2 == 1) return "0" + s;
+1570     if (s.substr(0, 1) > "7") return "00" + s;
+1571     return s;
+1572 }
+1573 
+1574 /**
+1575  * convert string of integer array to hexadecimal string.<br/>
+1576  * @name intarystrtohex
+1577  * @function
+1578  * @param {String} s string of integer array
+1579  * @return {String} hexadecimal string
+1580  * @since base64x 1.1.6 jsrsasign 5.0.2
+1581  * @throws "malformed integer array string: *" for wrong input
+1582  * @description
+1583  * This function converts a string of JavaScript integer array to
+1584  * a hexadecimal string. Each integer value shall be in a range 
+1585  * from 0 to 255 otherwise it raise exception. Input string can
+1586  * have extra space or newline string so that they will be ignored.
+1587  * 
+1588  * @example
+1589  * intarystrtohex(" [123, 34, 101, 34, 58] ")
+1590  * → 7b2265223a (i.e. '{"e":' as string)
+1591  */
+1592 function intarystrtohex(s) {
+1593   s = s.replace(/^\s*\[\s*/, '');
+1594   s = s.replace(/\s*\]\s*$/, '');
+1595   s = s.replace(/\s*/g, '');
+1596   try {
+1597     var hex = s.split(/,/).map(function(element, index, array) {
+1598       var i = parseInt(element);
+1599       if (i < 0 || 255 < i) throw "integer not in range 0-255";
+1600       var hI = ("00" + i.toString(16)).slice(-2);
+1601       return hI;
+1602     }).join('');
+1603     return hex;
+1604   } catch(ex) {
+1605     throw "malformed integer array string: " + ex;
+1606   }
+1607 }
+1608 
+1609 /**
+1610  * find index of string where two string differs
+1611  * @name strdiffidx
+1612  * @function
+1613  * @param {String} s1 string to compare
+1614  * @param {String} s2 string to compare
+1615  * @return {Number} string index of where character differs. Return -1 if same.
+1616  * @since jsrsasign 4.9.0 base64x 1.1.5
+1617  * @example
+1618  * strdiffidx("abcdefg", "abcd4fg") -> 4
+1619  * strdiffidx("abcdefg", "abcdefg") -> -1
+1620  * strdiffidx("abcdefg", "abcdef") -> 6
+1621  * strdiffidx("abcdefgh", "abcdef") -> 6
+1622  */
+1623 var strdiffidx = function(s1, s2) {
+1624     var n = s1.length;
+1625     if (s1.length > s2.length) n = s2.length;
+1626     for (var i = 0; i < n; i++) {
+1627 	if (s1.charCodeAt(i) != s2.charCodeAt(i)) return i;
+1628     }
+1629     if (s1.length != s2.length) return n;
+1630     return -1; // same
+1631 };
 1632 
-1633 /**
-1634  * get hexadecimal value of object identifier from dot noted oid value
-1635  * @name oidtohex
-1636  * @function
-1637  * @param {String} oidString dot noted string of object identifier
-1638  * @return {String} hexadecimal value of object identifier
-1639  * @since jsrsasign 10.1.0 base64x 1.1.18
-1640  * @see hextooid
-1641  * @see ASN1HEX.hextooidstr
-1642  * @see KJUR.asn1.ASN1Util.oidIntToHex
-1643  * @description
-1644  * This static method converts from object identifier value string.
-1645  * to hexadecimal string representation of it.
-1646  * {@link hextooid} is a reverse function of this.
-1647  * @example
-1648  * oidtohex("2.5.4.6") → "550406"
-1649  */
-1650 function oidtohex(oidString) {
-1651     var itox = function(i) {
-1652         var h = i.toString(16);
-1653         if (h.length == 1) h = '0' + h;
-1654         return h;
-1655     };
-1656 
-1657     var roidtox = function(roid) {
-1658         var h = '';
-1659         var bi = parseInt(roid, 10);
-1660         var b = bi.toString(2);
-1661 
-1662         var padLen = 7 - b.length % 7;
-1663         if (padLen == 7) padLen = 0;
-1664         var bPad = '';
-1665         for (var i = 0; i < padLen; i++) bPad += '0';
-1666         b = bPad + b;
-1667         for (var i = 0; i < b.length - 1; i += 7) {
-1668             var b8 = b.substr(i, 7);
-1669             if (i != b.length - 7) b8 = '1' + b8;
-1670             h += itox(parseInt(b8, 2));
-1671         }
-1672         return h;
-1673     };
-1674     
-1675     try {
-1676 	if (! oidString.match(/^[0-9.]+$/)) return null;
-1677     
-1678 	var h = '';
-1679 	var a = oidString.split('.');
-1680 	var i0 = parseInt(a[0], 10) * 40 + parseInt(a[1], 10);
-1681 	h += itox(i0);
-1682 	a.splice(0, 2);
-1683 	for (var i = 0; i < a.length; i++) {
-1684             h += roidtox(a[i]);
-1685 	}
-1686 	return h;
-1687     } catch(ex) {
-1688 	return null;
-1689     }
-1690 };
-1691 
-1692 /**
-1693  * get oid string from hexadecimal value of object identifier<br/>
-1694  * @name hextooid
-1695  * @function
-1696  * @param {String} h hexadecimal value of object identifier
-1697  * @return {String} dot noted string of object identifier (ex. "1.2.3.4")
-1698  * @since jsrsasign 10.1.0 base64x 1.1.18
-1699  * @see oidtohex
-1700  * @see ASN1HEX.hextooidstr
-1701  * @see KJUR.asn1.ASN1Util.oidIntToHex
-1702  * @description
-1703  * This static method converts from hexadecimal object identifier value 
-1704  * to dot noted OID value (ex. "1.2.3.4").
-1705  * {@link oidtohex} is a reverse function of this.
-1706  * @example
-1707  * hextooid("550406") → "2.5.4.6"
-1708  */
-1709 function hextooid(h) {
-1710     if (! ishex(h)) return null;
-1711     try {
-1712 	var a = [];
-1713 
-1714 	// a[0], a[1]
-1715 	var hex0 = h.substr(0, 2);
-1716 	var i0 = parseInt(hex0, 16);
-1717 	a[0] = new String(Math.floor(i0 / 40));
-1718 	a[1] = new String(i0 % 40);
-1719 
-1720 	// a[2]..a[n]
-1721 	var hex1 = h.substr(2);
-1722 	var b = [];
-1723 	for (var i = 0; i < hex1.length / 2; i++) {
-1724 	    b.push(parseInt(hex1.substr(i * 2, 2), 16));
-1725 	}
-1726 	var c = [];
-1727 	var cbin = "";
-1728 	for (var i = 0; i < b.length; i++) {
-1729             if (b[i] & 0x80) {
-1730 		cbin = cbin + strpad((b[i] & 0x7f).toString(2), 7);
-1731             } else {
+1633 // ==== hex / oid =================================
+1634 
+1635 /**
+1636  * get hexadecimal value of object identifier from dot noted oid value
+1637  * @name oidtohex
+1638  * @function
+1639  * @param {String} oidString dot noted string of object identifier
+1640  * @return {String} hexadecimal value of object identifier
+1641  * @since jsrsasign 10.1.0 base64x 1.1.18
+1642  * @see hextooid
+1643  * @see ASN1HEX.hextooidstr
+1644  * @see KJUR.asn1.ASN1Util.oidIntToHex
+1645  * @description
+1646  * This static method converts from object identifier value string.
+1647  * to hexadecimal string representation of it.
+1648  * {@link hextooid} is a reverse function of this.
+1649  * @example
+1650  * oidtohex("2.5.4.6") → "550406"
+1651  */
+1652 function oidtohex(oidString) {
+1653     var itox = function(i) {
+1654         var h = i.toString(16);
+1655         if (h.length == 1) h = '0' + h;
+1656         return h;
+1657     };
+1658 
+1659     var roidtox = function(roid) {
+1660         var h = '';
+1661         var bi = parseInt(roid, 10);
+1662         var b = bi.toString(2);
+1663 
+1664         var padLen = 7 - b.length % 7;
+1665         if (padLen == 7) padLen = 0;
+1666         var bPad = '';
+1667         for (var i = 0; i < padLen; i++) bPad += '0';
+1668         b = bPad + b;
+1669         for (var i = 0; i < b.length - 1; i += 7) {
+1670             var b8 = b.substr(i, 7);
+1671             if (i != b.length - 7) b8 = '1' + b8;
+1672             h += itox(parseInt(b8, 2));
+1673         }
+1674         return h;
+1675     };
+1676     
+1677     try {
+1678 	if (! oidString.match(/^[0-9.]+$/)) return null;
+1679     
+1680 	var h = '';
+1681 	var a = oidString.split('.');
+1682 	var i0 = parseInt(a[0], 10) * 40 + parseInt(a[1], 10);
+1683 	h += itox(i0);
+1684 	a.splice(0, 2);
+1685 	for (var i = 0; i < a.length; i++) {
+1686             h += roidtox(a[i]);
+1687 	}
+1688 	return h;
+1689     } catch(ex) {
+1690 	return null;
+1691     }
+1692 };
+1693 
+1694 /**
+1695  * get oid string from hexadecimal value of object identifier<br/>
+1696  * @name hextooid
+1697  * @function
+1698  * @param {String} h hexadecimal value of object identifier
+1699  * @return {String} dot noted string of object identifier (ex. "1.2.3.4")
+1700  * @since jsrsasign 10.1.0 base64x 1.1.18
+1701  * @see oidtohex
+1702  * @see ASN1HEX.hextooidstr
+1703  * @see KJUR.asn1.ASN1Util.oidIntToHex
+1704  * @description
+1705  * This static method converts from hexadecimal object identifier value 
+1706  * to dot noted OID value (ex. "1.2.3.4").
+1707  * {@link oidtohex} is a reverse function of this.
+1708  * @example
+1709  * hextooid("550406") → "2.5.4.6"
+1710  */
+1711 function hextooid(h) {
+1712     if (! ishex(h)) return null;
+1713     try {
+1714 	var a = [];
+1715 
+1716 	// a[0], a[1]
+1717 	var hex0 = h.substr(0, 2);
+1718 	var i0 = parseInt(hex0, 16);
+1719 	a[0] = new String(Math.floor(i0 / 40));
+1720 	a[1] = new String(i0 % 40);
+1721 
+1722 	// a[2]..a[n]
+1723 	var hex1 = h.substr(2);
+1724 	var b = [];
+1725 	for (var i = 0; i < hex1.length / 2; i++) {
+1726 	    b.push(parseInt(hex1.substr(i * 2, 2), 16));
+1727 	}
+1728 	var c = [];
+1729 	var cbin = "";
+1730 	for (var i = 0; i < b.length; i++) {
+1731             if (b[i] & 0x80) {
 1732 		cbin = cbin + strpad((b[i] & 0x7f).toString(2), 7);
-1733 		c.push(new String(parseInt(cbin, 2)));
-1734 		cbin = "";
-1735             }
-1736 	}
-1737 
-1738 	var s = a.join(".");
-1739 	if (c.length > 0) s = s + "." + c.join(".");
-1740 	return s;
-1741     } catch(ex) {
-1742 	return null;
-1743     }
-1744 };
-1745 
-1746 /**
-1747  * string padding<br/>
-1748  * @name strpad
-1749  * @function
-1750  * @param {String} s input string
-1751  * @param {Number} len output string length
-1752  * @param {String} padchar padding character (default is "0")
-1753  * @return {String} padded string
-1754  * @since jsrsasign 10.1.0 base64x 1.1.18
-1755  * @example
-1756  * strpad("1234", 10, "0") → "0000001234"
-1757  * strpad("1234", 10, " ") → "      1234"
-1758  * strpad("1234", 10)      → "0000001234"
-1759  */
-1760 var strpad = function(s, len, padchar) {
-1761     if (padchar == undefined) padchar = "0";
-1762     if (s.length >= len) return s;
-1763     return new Array(len - s.length + 1).join(padchar) + s;
-1764 };
-1765 
-1766 // ==== bitstr hex / int =================================
+1733             } else {
+1734 		cbin = cbin + strpad((b[i] & 0x7f).toString(2), 7);
+1735 		c.push(new String(parseInt(cbin, 2)));
+1736 		cbin = "";
+1737             }
+1738 	}
+1739 
+1740 	var s = a.join(".");
+1741 	if (c.length > 0) s = s + "." + c.join(".");
+1742 	return s;
+1743     } catch(ex) {
+1744 	return null;
+1745     }
+1746 };
+1747 
+1748 /**
+1749  * string padding<br/>
+1750  * @name strpad
+1751  * @function
+1752  * @param {String} s input string
+1753  * @param {Number} len output string length
+1754  * @param {String} padchar padding character (default is "0")
+1755  * @return {String} padded string
+1756  * @since jsrsasign 10.1.0 base64x 1.1.18
+1757  * @example
+1758  * strpad("1234", 10, "0") → "0000001234"
+1759  * strpad("1234", 10, " ") → "      1234"
+1760  * strpad("1234", 10)      → "0000001234"
+1761  */
+1762 var strpad = function(s, len, padchar) {
+1763     if (padchar == undefined) padchar = "0";
+1764     if (s.length >= len) return s;
+1765     return new Array(len - s.length + 1).join(padchar) + s;
+1766 };
 1767 
-1768 /**
-1769  * convert from hexadecimal string of ASN.1 BitString value with unused bit to integer value<br/>
-1770  * @name bitstrtoint
-1771  * @function
-1772  * @param {String} h hexadecimal string of ASN.1 BitString value with unused bit
-1773  * @return {Number} positive integer value of the BitString
-1774  * @since jsrsasign 10.1.3 base64x 1.1.19
-1775  * @see inttobitstr
-1776  * @see KJUR.asn1.DERBitString
-1777  * @see ASN1HEX.getInt
-1778  * 
-1779  * @description
-1780  * This function converts from hexadecimal string of ASN.1 BitString
-1781  * value with unused bit to its integer value. <br/>
-1782  * When an improper hexadecimal string of BitString value
-1783  * is applied, this returns -1.
-1784  * 
-1785  * @example
-1786  * // "03c8" → 0xc8 unusedbit=03 → 11001000b unusedbit=03 → 11001b → 25
-1787  * bitstrtoint("03c8") → 25
-1788  * // "02fff8" → 0xfff8 unusedbit=02 → 1111111111111000b unusedbit=02
-1789  * //   11111111111110b → 16382
-1790  * bitstrtoint("02fff8") → 16382
-1791  * bitstrtoint("05a0") → 5 (=101b)
-1792  * bitstrtoint("ff00") → -1 // for improper BitString value
-1793  * bitstrtoint("05a0").toString(2) → "101"
-1794  * bitstrtoint("07a080").toString(2) → "101000001"
-1795  */
-1796 function bitstrtoint(h) {
-1797     if (h.length % 2 != 0) return -1; 
-1798     h = h.toLowerCase();
-1799     if (h.match(/^[0-9a-f]+$/) == null) return -1;
-1800     try {
-1801 	var hUnusedbit = h.substr(0, 2);
-1802 	if (hUnusedbit == "00")
-1803 	    return parseInt(h.substr(2), 16);
-1804 	var iUnusedbit = parseInt(hUnusedbit, 16);
-1805 	if (iUnusedbit > 7) return -1;
-1806 	var hValue = h.substr(2);
-1807 	var bValue = parseInt(hValue, 16).toString(2);
-1808 	if (bValue == "0") bValue = "00000000";
-1809 	bValue = bValue.slice(0, 0 - iUnusedbit);
-1810 	var iValue = parseInt(bValue, 2);
-1811 	if (iValue == NaN) return -1;
-1812 	return iValue;
-1813     } catch(ex) {
-1814 	return -1;
-1815     }
-1816 };
-1817 
-1818 /**
-1819  * convert from integer value to hexadecimal string of ASN.1 BitString value with unused bit<br/>
-1820  * @name inttobitstr
-1821  * @function
-1822  * @param {Number} n integer value of ASN.1 BitString
-1823  * @return {String} hexadecimal string of ASN.1 BitString value with unused bit
-1824  * @since jsrsasign 10.1.3 base64x 1.1.19
-1825  * @see bitstrtoint
-1826  * @see KJUR.asn1.DERBitString
-1827  * @see ASN1HEX.getInt
-1828  * 
-1829  * @description
-1830  * This function converts from an integer value to 
-1831  * hexadecimal string of ASN.1 BitString value
-1832  * with unused bit. <br/>
-1833  * When "n" is not non-negative number, this returns null
-1834  * 
-1835  * @example
-1836  * // 25 → 11001b → 11001000b unusedbit=03 → 0xc8 unusedbit=03 → "03c8"
-1837  * inttobitstr(25) → "03c8"
-1838  * inttobitstr(-3) → null
-1839  * inttobitstr("abc") → null
-1840  * inttobitstr(parseInt("11001", 2)) → "03c8"
-1841  * inttobitstr(parseInt("101", 2)) → "05a0"
-1842  * inttobitstr(parseInt("101000001", 2)) → "07a080"
-1843  */
-1844 function inttobitstr(n) {
-1845     if (typeof n != "number") return null;
-1846     if (n < 0) return null;
-1847     var bValue = Number(n).toString(2);
-1848     var iUnusedbit = 8 - bValue.length % 8;
-1849     if (iUnusedbit == 8) iUnusedbit = 0;
-1850     bValue = bValue + strpad("", iUnusedbit, "0");
-1851     var hValue = parseInt(bValue, 2).toString(16);
-1852     if (hValue.length % 2 == 1) hValue = "0" + hValue;
-1853     var hUnusedbit = "0" + iUnusedbit;
-1854     return hUnusedbit + hValue;
-1855 };
-1856 
-1857 // ==== bitstr hex / binary string =======================
+1768 // ==== bitstr hex / int =================================
+1769 
+1770 /**
+1771  * convert from hexadecimal string of ASN.1 BitString value with unused bit to integer value<br/>
+1772  * @name bitstrtoint
+1773  * @function
+1774  * @param {String} h hexadecimal string of ASN.1 BitString value with unused bit
+1775  * @return {Number} positive integer value of the BitString
+1776  * @since jsrsasign 10.1.3 base64x 1.1.19
+1777  * @see inttobitstr
+1778  * @see KJUR.asn1.DERBitString
+1779  * @see ASN1HEX.getInt
+1780  * 
+1781  * @description
+1782  * This function converts from hexadecimal string of ASN.1 BitString
+1783  * value with unused bit to its integer value. <br/>
+1784  * When an improper hexadecimal string of BitString value
+1785  * is applied, this returns -1.
+1786  * 
+1787  * @example
+1788  * // "03c8" → 0xc8 unusedbit=03 → 11001000b unusedbit=03 → 11001b → 25
+1789  * bitstrtoint("03c8") → 25
+1790  * // "02fff8" → 0xfff8 unusedbit=02 → 1111111111111000b unusedbit=02
+1791  * //   11111111111110b → 16382
+1792  * bitstrtoint("02fff8") → 16382
+1793  * bitstrtoint("05a0") → 5 (=101b)
+1794  * bitstrtoint("ff00") → -1 // for improper BitString value
+1795  * bitstrtoint("05a0").toString(2) → "101"
+1796  * bitstrtoint("07a080").toString(2) → "101000001"
+1797  */
+1798 function bitstrtoint(h) {
+1799     if (h.length % 2 != 0) return -1; 
+1800     h = h.toLowerCase();
+1801     if (h.match(/^[0-9a-f]+$/) == null) return -1;
+1802     try {
+1803 	var hUnusedbit = h.substr(0, 2);
+1804 	if (hUnusedbit == "00")
+1805 	    return parseInt(h.substr(2), 16);
+1806 	var iUnusedbit = parseInt(hUnusedbit, 16);
+1807 	if (iUnusedbit > 7) return -1;
+1808 	var hValue = h.substr(2);
+1809 	var bValue = parseInt(hValue, 16).toString(2);
+1810 	if (bValue == "0") bValue = "00000000";
+1811 	bValue = bValue.slice(0, 0 - iUnusedbit);
+1812 	var iValue = parseInt(bValue, 2);
+1813 	if (iValue == NaN) return -1;
+1814 	return iValue;
+1815     } catch(ex) {
+1816 	return -1;
+1817     }
+1818 };
+1819 
+1820 /**
+1821  * convert from integer value to hexadecimal string of ASN.1 BitString value with unused bit<br/>
+1822  * @name inttobitstr
+1823  * @function
+1824  * @param {Number} n integer value of ASN.1 BitString
+1825  * @return {String} hexadecimal string of ASN.1 BitString value with unused bit
+1826  * @since jsrsasign 10.1.3 base64x 1.1.19
+1827  * @see bitstrtoint
+1828  * @see KJUR.asn1.DERBitString
+1829  * @see ASN1HEX.getInt
+1830  * 
+1831  * @description
+1832  * This function converts from an integer value to 
+1833  * hexadecimal string of ASN.1 BitString value
+1834  * with unused bit. <br/>
+1835  * When "n" is not non-negative number, this returns null
+1836  * 
+1837  * @example
+1838  * // 25 → 11001b → 11001000b unusedbit=03 → 0xc8 unusedbit=03 → "03c8"
+1839  * inttobitstr(25) → "03c8"
+1840  * inttobitstr(-3) → null
+1841  * inttobitstr("abc") → null
+1842  * inttobitstr(parseInt("11001", 2)) → "03c8"
+1843  * inttobitstr(parseInt("101", 2)) → "05a0"
+1844  * inttobitstr(parseInt("101000001", 2)) → "07a080"
+1845  */
+1846 function inttobitstr(n) {
+1847     if (typeof n != "number") return null;
+1848     if (n < 0) return null;
+1849     var bValue = Number(n).toString(2);
+1850     var iUnusedbit = 8 - bValue.length % 8;
+1851     if (iUnusedbit == 8) iUnusedbit = 0;
+1852     bValue = bValue + strpad("", iUnusedbit, "0");
+1853     var hValue = parseInt(bValue, 2).toString(16);
+1854     if (hValue.length % 2 == 1) hValue = "0" + hValue;
+1855     var hUnusedbit = "0" + iUnusedbit;
+1856     return hUnusedbit + hValue;
+1857 };
 1858 
-1859 /**
-1860  * convert from hexadecimal string of ASN.1 BitString value with unused bit to binary string<br/>
-1861  * @name bitstrtobinstr
-1862  * @function
-1863  * @param {string} h hexadecimal string of ASN.1 BitString value with unused bit
-1864  * @return {string} binary string
-1865  * @since jsrsasign 10.5.4 base64x 1.1.21
-1866  * @see binstrtobitstr
-1867  * @see inttobitstr
-1868  * 
-1869  * @description
-1870  * This function converts from hexadecimal string of ASN.1 BitString
-1871  * value with unused bit to its integer value. <br/>
-1872  * When an improper hexadecimal string of BitString value
-1873  * is applied, this returns null.
-1874  * 
-1875  * @example
-1876  * bitstrtobinstr("05a0") → "101"
-1877  * bitstrtobinstr("0520") → "001"
-1878  * bitstrtobinstr("07a080") → "101000001"
-1879  * bitstrtobinstr(502) → null // non ASN.1 BitString value
-1880  * bitstrtobinstr("ff00") → null // for improper BitString value
-1881  */
-1882 function bitstrtobinstr(h) {
-1883     if (typeof h != "string") return null;
-1884     if (h.length % 2 != 0) return null;
-1885     if (! h.match(/^[0-9a-f]+$/)) return null;
-1886     try {
-1887 	var unusedBits = parseInt(h.substr(0, 2), 16);
-1888 	if (unusedBits < 0 || 7 < unusedBits) return null
-1889 
-1890 	var value = h.substr(2);
-1891 	var bin = "";
-1892 	for (var i = 0; i < value.length; i += 2) {
-1893 	    var hi = value.substr(i, 2);
-1894 	    var bi = parseInt(hi, 16).toString(2);
-1895 	    bi = ("0000000" + bi).slice(-8);
-1896 	    bin += bi;
-1897 	}
-1898 	return  bin.substr(0, bin.length - unusedBits);
-1899     } catch(ex) {
-1900 	return null;
-1901     }
-1902 }
-1903 
-1904 /**
-1905  * convert from binary string to hexadecimal string of ASN.1 BitString value with unused bit<br/>
-1906  * @name binstrtobitstr
-1907  * @function
-1908  * @param {string} s binary string (ex. "101")
-1909  * @return {string} hexadecimal string of ASN.1 BitString value with unused bit
-1910  * @since jsrsasign 10.5.4 base64x 1.1.21
-1911  * @see bitstrtobinstr
-1912  * @see inttobitstr
-1913  * @see KJUR.asn1.DERBitString
-1914  * 
-1915  * @description
-1916  * This function converts from an binary string (ex. "101") to 
-1917  * hexadecimal string of ASN.1 BitString value
-1918  * with unused bit (ex. "05a0"). <br/>
-1919  * When "s" is not binary string, this returns null.
-1920  * 
-1921  * @example
-1922  * binstrtobitstr("101") → "05a0"
-1923  * binstrtobitstr("001") → "0520"
-1924  * binstrtobitstr("11001") → "03c8"
-1925  * binstrtobitstr("101000001") → "07a080"
-1926  * binstrtobitstr(101) → null // not number
-1927  * binstrtobitstr("xyz") → null // not binary string
-1928  */
-1929 function binstrtobitstr(s) {
-1930     if (typeof s != "string") return null;
-1931     if (s.match(/^[01]+$/) == null) return null;
-1932     try {
-1933 	var n = parseInt(s, 2);
-1934 	return inttobitstr(n);
-1935     } catch(ex) {
-1936 	return null;
-1937     }
-1938 }
-1939 
-1940 // =======================================================
-1941 /**
-1942  * convert array of names to bit string<br/>
-1943  * @name namearraytobinstr
-1944  * @function
-1945  * @param {array} namearray array of name string
-1946  * @param {object} namedb associative array of name and value
-1947  * @return {string} binary string (ex. "110001")
-1948  * @since jsrsasign 10.5.21 base64x 1.1.27
-1949  * @see KJUR.asn1.x509.KeyUsage
-1950  * @see KJUR.asn1.tsp.PKIFailureInfo
-1951  * 
-1952  * @description
-1953  * This function converts from an array of names to
-1954  * a binary string. DB value bit will be set.
-1955  * Note that ordering of namearray items
-1956  * will be ignored.
-1957  *
-1958  * @example
-1959  * db = { a: 0, b: 3, c: 8, d: 9, e: 17, f: 19 };
-1960  * namearraytobinstr(['a', 'c', 'd'], db) &rarr: '1000000011'
-1961  * namearraytobinstr(['c', 'b'], db) &rarr: '000100001'
-1962  */
-1963 function namearraytobinstr (namearray, namedb) {
-1964     var d = 0;
-1965     for (var i = 0; i < namearray.length; i++) {
-1966 	d |= 1 << namedb[namearray[i]];
-1967     }
-1968 
-1969     var s = d.toString(2);
-1970     var r = "";
-1971     for (var i = s.length - 1; i >=0; i--) {
-1972 	r += s[i];
-1973     }
-1974     return r;
-1975 }
-1976 
-1977 /**
-1978  * get value of array by key name list<br/>
-1979  * @function
-1980  * @param {object} val array of associative array
-1981  * @param {string} keys concatinated key list with dot (ex. 'type.name.0.info')
-1982  * @param {object} def default value if value is not found (OPTIONAL)
-1983  * @return {object} value if found otherwise returns def
-1984  * @since jsrsasign 10.8.0 base64x 1.1.32
-1985  *
-1986  * @description
-1987  * This function returns the value of an array or associative array 
-1988  * which referred by a concatinated key list string.
-1989  * If a value for key is not defined, it returns 'undefined' by default.
-1990  * When an optional argument 'def' is specified and a value for key is
-1991  * not defined, it returns a value of 'def'.
-1992  * 
-1993  * @example
-1994  * let p = {
-1995  *   fruit: apple,
-1996  *   info: [
-1997  *     { toy: 4 },
-1998  *     { pen: 6 }
-1999  *   ]
-2000  * };
-2001  * aryval(p, 'fruit') &rarr "apple"
-2002  * aryval(p, 'info') &rarr [{toy: 4},{pen: 6}]
-2003  * aryval(p, 'info.1') &rarr {pen: 6}
-2004  * aryval(p, 'info.1.pen') &rarr 6
-2005  * aryval(p, 'money.amount') &rarr undefined
-2006  * aryval(p, 'money.amount', null) &rarr null
-2007  */
-2008 function aryval(val, keys, def) {
-2009     if (typeof val != "object") return undefined
-2010     var keys = String(keys).split('.');
-2011     for (var i = 0; i < keys.length && val; i++) {
-2012 	var key = keys[i];
-2013 	if (key.match(/^[0-9]+$/)) key = parseInt(key);
-2014         val = val[key];
-2015     }
-2016     return val || val === false ? val : def;
-2017 }
-2018 
-2019 
-2020 // =======================================================
-2021 /**
-2022  * set class inheritance<br/>
-2023  * @name extendClass
-2024  * @function
-2025  * @param {Function} subClass sub class to set inheritance
-2026  * @param {Function} superClass super class to inherit
-2027  * @since jsrsasign 10.3.0 base64x 1.1.21
-2028  *
-2029  * @description
-2030  * This function extends a class and set an inheritance
-2031  * for member variables and methods.
-2032  *
-2033  * @example
-2034  * var Animal = function() {
-2035  *   this.hello = function(){console.log("Hello")};
-2036  *   this.name="Ani";
-2037  * };
-2038  * var Dog = function() {
-2039  *   Dog.superclass.constructor.call(this);
-2040  *   this.vow = function(){console.log("Vow wow")};
-2041  *   this.tail=true;
-2042  * };
-2043  * extendClass(Dog, Animal);
-2044  */
-2045 function extendClass(subClass, superClass) {
-2046     var F = function() {};
-2047     F.prototype = superClass.prototype;
-2048     subClass.prototype = new F();
-2049     subClass.prototype.constructor = subClass;
-2050     subClass.superclass = superClass.prototype;
-2051      
-2052     if (superClass.prototype.constructor == Object.prototype.constructor) {
-2053         superClass.prototype.constructor = superClass;
-2054     }
-2055 };
-2056 
-2057 

\ No newline at end of file
+1859 // ==== bitstr hex / binary string =======================
+1860 
+1861 /**
+1862  * convert from hexadecimal string of ASN.1 BitString value with unused bit to binary string<br/>
+1863  * @name bitstrtobinstr
+1864  * @function
+1865  * @param {string} h hexadecimal string of ASN.1 BitString value with unused bit
+1866  * @return {string} binary string
+1867  * @since jsrsasign 10.5.4 base64x 1.1.21
+1868  * @see binstrtobitstr
+1869  * @see inttobitstr
+1870  * 
+1871  * @description
+1872  * This function converts from hexadecimal string of ASN.1 BitString
+1873  * value with unused bit to its integer value. <br/>
+1874  * When an improper hexadecimal string of BitString value
+1875  * is applied, this returns null.
+1876  * 
+1877  * @example
+1878  * bitstrtobinstr("05a0") → "101"
+1879  * bitstrtobinstr("0520") → "001"
+1880  * bitstrtobinstr("07a080") → "101000001"
+1881  * bitstrtobinstr(502) → null // non ASN.1 BitString value
+1882  * bitstrtobinstr("ff00") → null // for improper BitString value
+1883  */
+1884 function bitstrtobinstr(h) {
+1885     if (typeof h != "string") return null;
+1886     if (h.length % 2 != 0) return null;
+1887     if (! h.match(/^[0-9a-f]+$/)) return null;
+1888     try {
+1889 	var unusedBits = parseInt(h.substr(0, 2), 16);
+1890 	if (unusedBits < 0 || 7 < unusedBits) return null
+1891 
+1892 	var value = h.substr(2);
+1893 	var bin = "";
+1894 	for (var i = 0; i < value.length; i += 2) {
+1895 	    var hi = value.substr(i, 2);
+1896 	    var bi = parseInt(hi, 16).toString(2);
+1897 	    bi = ("0000000" + bi).slice(-8);
+1898 	    bin += bi;
+1899 	}
+1900 	return  bin.substr(0, bin.length - unusedBits);
+1901     } catch(ex) {
+1902 	return null;
+1903     }
+1904 }
+1905 
+1906 /**
+1907  * convert from binary string to hexadecimal string of ASN.1 BitString value with unused bit<br/>
+1908  * @name binstrtobitstr
+1909  * @function
+1910  * @param {string} s binary string (ex. "101")
+1911  * @return {string} hexadecimal string of ASN.1 BitString value with unused bit
+1912  * @since jsrsasign 10.5.4 base64x 1.1.21
+1913  * @see bitstrtobinstr
+1914  * @see inttobitstr
+1915  * @see KJUR.asn1.DERBitString
+1916  * 
+1917  * @description
+1918  * This function converts from an binary string (ex. "101") to 
+1919  * hexadecimal string of ASN.1 BitString value
+1920  * with unused bit (ex. "05a0"). <br/>
+1921  * When "s" is not binary string, this returns null.
+1922  * 
+1923  * @example
+1924  * binstrtobitstr("101") → "05a0"
+1925  * binstrtobitstr("001") → "0520"
+1926  * binstrtobitstr("11001") → "03c8"
+1927  * binstrtobitstr("101000001") → "07a080"
+1928  * binstrtobitstr(101) → null // not number
+1929  * binstrtobitstr("xyz") → null // not binary string
+1930  */
+1931 function binstrtobitstr(s) {
+1932     if (typeof s != "string") return null;
+1933     if (s.match(/^[01]+$/) == null) return null;
+1934     try {
+1935 	var n = parseInt(s, 2);
+1936 	return inttobitstr(n);
+1937     } catch(ex) {
+1938 	return null;
+1939     }
+1940 }
+1941 
+1942 // =======================================================
+1943 /**
+1944  * convert array of names to bit string<br/>
+1945  * @name namearraytobinstr
+1946  * @function
+1947  * @param {array} namearray array of name string
+1948  * @param {object} namedb associative array of name and value
+1949  * @return {string} binary string (ex. "110001")
+1950  * @since jsrsasign 10.5.21 base64x 1.1.27
+1951  * @see KJUR.asn1.x509.KeyUsage
+1952  * @see KJUR.asn1.tsp.PKIFailureInfo
+1953  * 
+1954  * @description
+1955  * This function converts from an array of names to
+1956  * a binary string. DB value bit will be set.
+1957  * Note that ordering of namearray items
+1958  * will be ignored.
+1959  *
+1960  * @example
+1961  * db = { a: 0, b: 3, c: 8, d: 9, e: 17, f: 19 };
+1962  * namearraytobinstr(['a', 'c', 'd'], db) &rarr: '1000000011'
+1963  * namearraytobinstr(['c', 'b'], db) &rarr: '000100001'
+1964  */
+1965 function namearraytobinstr (namearray, namedb) {
+1966     var d = 0;
+1967     for (var i = 0; i < namearray.length; i++) {
+1968 	d |= 1 << namedb[namearray[i]];
+1969     }
+1970 
+1971     var s = d.toString(2);
+1972     var r = "";
+1973     for (var i = s.length - 1; i >=0; i--) {
+1974 	r += s[i];
+1975     }
+1976     return r;
+1977 }
+1978 
+1979 /**
+1980  * get value of array by key name list<br/>
+1981  * @function
+1982  * @param {object} val array of associative array
+1983  * @param {string} keys concatinated key list with dot (ex. 'type.name.0.info')
+1984  * @param {object} def default value if value is not found (OPTIONAL)
+1985  * @return {object} value if found otherwise returns def
+1986  * @since jsrsasign 10.8.0 base64x 1.1.32
+1987  *
+1988  * @description
+1989  * This function returns the value of an array or associative array 
+1990  * which referred by a concatinated key list string.
+1991  * If a value for key is not defined, it returns 'undefined' by default.
+1992  * When an optional argument 'def' is specified and a value for key is
+1993  * not defined, it returns a value of 'def'.
+1994  * 
+1995  * @example
+1996  * let p = {
+1997  *   fruit: apple,
+1998  *   info: [
+1999  *     { toy: 4 },
+2000  *     { pen: 6 }
+2001  *   ]
+2002  * };
+2003  * aryval(p, 'fruit') &rarr "apple"
+2004  * aryval(p, 'info') &rarr [{toy: 4},{pen: 6}]
+2005  * aryval(p, 'info.1') &rarr {pen: 6}
+2006  * aryval(p, 'info.1.pen') &rarr 6
+2007  * aryval(p, 'money.amount') &rarr undefined
+2008  * aryval(p, 'money.amount', null) &rarr null
+2009  */
+2010 function aryval(val, keys, def) {
+2011     if (typeof val != "object") return undefined
+2012     var keys = String(keys).split('.');
+2013     for (var i = 0; i < keys.length && val; i++) {
+2014 	var key = keys[i];
+2015 	if (key.match(/^[0-9]+$/)) key = parseInt(key);
+2016         val = val[key];
+2017     }
+2018     return val || val === false ? val : def;
+2019 }
+2020 
+2021 
+2022 // =======================================================
+2023 /**
+2024  * set class inheritance<br/>
+2025  * @name extendClass
+2026  * @function
+2027  * @param {Function} subClass sub class to set inheritance
+2028  * @param {Function} superClass super class to inherit
+2029  * @since jsrsasign 10.3.0 base64x 1.1.21
+2030  *
+2031  * @description
+2032  * This function extends a class and set an inheritance
+2033  * for member variables and methods.
+2034  *
+2035  * @example
+2036  * var Animal = function() {
+2037  *   this.hello = function(){console.log("Hello")};
+2038  *   this.name="Ani";
+2039  * };
+2040  * var Dog = function() {
+2041  *   Dog.superclass.constructor.call(this);
+2042  *   this.vow = function(){console.log("Vow wow")};
+2043  *   this.tail=true;
+2044  * };
+2045  * extendClass(Dog, Animal);
+2046  */
+2047 function extendClass(subClass, superClass) {
+2048     var F = function() {};
+2049     F.prototype = superClass.prototype;
+2050     subClass.prototype = new F();
+2051     subClass.prototype.constructor = subClass;
+2052     subClass.superclass = superClass.prototype;
+2053      
+2054     if (superClass.prototype.constructor == Object.prototype.constructor) {
+2055         superClass.prototype.constructor = superClass;
+2056     }
+2057 };
+2058 
+2059
\ No newline at end of file diff --git a/api/symbols/src/x509-1.1.js.html b/api/symbols/src/x509-1.1.js.html index 3665f43c..c5f91063 100644 --- a/api/symbols/src/x509-1.1.js.html +++ b/api/symbols/src/x509-1.1.js.html @@ -5,7 +5,7 @@ .STRN {color: #393;} .REGX {color: #339;} .line {border-right: 1px dotted #666; color: #666; font-style: normal;} - 
  1 /* x509-2.1.3.js (c) 2012-2023 Kenji Urushima | kjur.github.io/jsrsasign/license
+	
  1 /* x509-2.1.4.js (c) 2012-2023 Kenji Urushima | kjur.github.io/jsrsasign/license
   2  */
   3 /*
   4  * x509.js - X509 class to read subject public key from certificate.
@@ -23,7 +23,7 @@
  16  * @fileOverview
  17  * @name x509-1.1.js
  18  * @author Kenji Urushima kenji.urushima@gmail.com
- 19  * @version jsrsasign 10.8.0 x509 2.1.3 (2023-Apr-08)
+ 19  * @version jsrsasign 10.8.4 x509 2.1.4 (2023-Apr-26)
  20  * @since jsrsasign 1.x.x
  21  * @license <a href="https://kjur.github.io/jsrsasign/license/">MIT License</a>
  22  */
@@ -2555,1321 +2555,1391 @@
 2548 	return result;
 2549     };
 2550 
-2551     // ===== BEGIN X500Name related =====================================
-2552     /*
-2553      * convert ASN.1 parsed object to attrTypeAndValue assoc array<br/>
-2554      * @name _convATV
-2555      * @param p associative array of parsed attrTypeAndValue object
-2556      * @return attrTypeAndValue associative array
-2557      * @since jsrsasign 10.5.12 x509 2.0.14
-2558      * @example
-2559      * _convATV({seq: [...]} &rarr: {type:"C",value:"JP",ds:"prn"}
-2560      */
-2561     var _convATV = function(p) {
-2562 	var result = {};
-2563 	try {
-2564 	    var name = p.seq[0].oid;
-2565 	    var oid = KJUR.asn1.x509.OID.name2oid(name);
-2566 	    result.type = KJUR.asn1.x509.OID.oid2atype(oid);
-2567 	    var item1 = p.seq[1];
-2568 	    if (item1.utf8str != undefined) {
-2569 		result.ds = "utf8";
-2570 		result.value = item1.utf8str.str;
-2571 	    } else if (item1.numstr != undefined) {
-2572 		result.ds = "num";
-2573 		result.value = item1.numstr.str;
-2574 	    } else if (item1.telstr != undefined) {
-2575 		result.ds = "tel";
-2576 		result.value = item1.telstr.str;
-2577 	    } else if (item1.prnstr != undefined) {
-2578 		result.ds = "prn";
-2579 		result.value = item1.prnstr.str;
-2580 	    } else if (item1.ia5str != undefined) {
-2581 		result.ds = "ia5";
-2582 		result.value = item1.ia5str.str;
-2583 	    } else if (item1.visstr != undefined) {
-2584 		result.ds = "vis";
-2585 		result.value = item1.visstr.str;
-2586 	    } else if (item1.bmpstr != undefined) {
-2587 		result.ds = "bmp";
-2588 		result.value = item1.bmpstr.str;
-2589 	    } else {
-2590 		throw "error";
-2591 	    }
-2592 	    return result;
-2593 	} catch(ex) {
-2594 	    throw new Erorr("improper ASN.1 parsed AttrTypeAndValue");
-2595 	}
-2596     };
+2551     /**
+2552      * parse SubjectDirectoryAttributes extension as JSON object<br/>
+2553      * @name getExtSubjectDirectoryAttributes
+2554      * @memberOf X509#
+2555      * @function
+2556      * @param {String} hExtV hexadecimal string of extension value
+2557      * @param {Boolean} critical flag
+2558      * @return {Array} JSON object of parsed SubjectDirectoryAttributes extension
+2559      * @since jsrsasign 10.8.4 x509 2.1.4
+2560      * @see KJUR.asn1.x509.SubjectDirectoryAttributes
+2561      * @see X509#getExtParamArray
+2562      * @see X509#getExtParam
+2563      *
+2564      * @description
+2565      * This method parses
+2566      * SubjectDirectoryAttributes extension value defined in the
+2567      * defined in <a href="https://tools.ietf.org/html/rfc3739#section-3.3.2">
+2568      * RFC 3739 Qualified Certificate Profile section 3.3.2</a> as JSON object.
+2569      * <pre>
+2570      * SubjectDirectoryAttributes ::= Attributes
+2571      * Attributes ::= SEQUENCE SIZE (1..MAX) OF Attribute
+2572      * Attribute ::= SEQUENCE {
+2573      *   type AttributeType 
+2574      *   values SET OF AttributeValue }
+2575      * AttributeType ::= OBJECT IDENTIFIER
+2576      * AttributeValue ::= ANY DEFINED BY AttributeType
+2577      * </pre>
+2578      * <br/>
+2579      * Result of this method can be passed to 
+2580      * {@link KJUR.asn1.x509.SubjectDirectoryAttributes} constructor.
+2581      *
+2582      * @example
+2583      * x.getExtSubjectDirectoryAttributes(<<extn hex value >>) →
+2584      * { "extname": "SubjectDirectoryAttributes",
+2585      *   "array": [
+2586      *     { "attr": "gender", "array": [{"prnstr": {"str": "female"}}] },
+2587      *     { "attr": "1.2.3.4.5", "array": [{"prnstr": {"str": "aaa"}}, {"utf8str": {"str": "bbb"}}] }
+2588      *   ] }
+2589      */
+2590     this.getExtSubjectDirectoryAttributes = function(hExtV, critical) {
+2591 	if (hExtV === undefined && critical === undefined) {
+2592 	    var info = this.getExtInfo("subjectDirectoryAttributes");
+2593 	    if (info === undefined) return undefined;
+2594 	    hExtV = _getTLV(this.hex, info.vidx);
+2595 	    critical = info.critical;
+2596 	}
 2597 
-2598     /*
-2599      * convert ASN.1 parsed object to RDN array<br/>
-2600      * @name _convRDN
-2601      * @param p associative array of parsed RDN object
-2602      * @return RDN array
-2603      * @since jsrsasign 10.5.12 x509 2.0.14
-2604      * @example
-2605      * _convRDN({set: [...]} &rarr: [{type:"C",value:"JP",ds:"prn"}]
-2606      */
-2607     var _convRDN = function(p) {
-2608 	try {
-2609 	    return p.set.map(function(pATV){return _convATV(pATV)});
+2598 	var result = { extname: "subjectDirectoryAttributes" };
+2599 	if (critical) result.critical = true;
+2600 	try {
+2601 	    var pASN1 = _ASN1HEX_parse(hExtV);
+2602 	    for (var i = 0; i < pASN1.seq.length; i++) {
+2603 		var aASN1Attribute = pASN1.seq[i];
+2604 		var attrType = aryval(aASN1Attribute, "0.oid");
+2605 		var attrValue = aryval(aASN1Attribute, "1.set");
+2606 		return { attr: attrType, array: attrValue };
+2607 	    }
+2608 	    result.array = aValue;
+2609 	    return result;
 2610 	} catch(ex) {
-2611 	    throw new Error("improper ASN.1 parsed RDN: " + ex);
+2611 	    throw new Error("malformed subjectDirectoryAttributes extension value");
 2612 	}
-2613     };
+2613     }
 2614 
-2615     /*
-2616      * convert ASN.1 parsed object to X500Name array<br/>
-2617      * @name _convX500Name
-2618      * @param p associative array of parsed X500Name array object
-2619      * @return RDN array
-2620      * @since jsrsasign 10.5.12 x509 2.0.14
-2621      * @example
-2622      * _convX500Name({seq: [...]} &rarr: [[{type:"C",value:"JP",ds:"prn"}]]
-2623      */
-2624     var _convX500Name = function(p) {
-2625 	try {
-2626 	    return p.seq.map(function(pRDN){return _convRDN(pRDN)});
-2627 	} catch(ex) {
-2628 	    throw new Error("improper ASN.1 parsed X500Name: " + ex);
-2629 	}
-2630     };
-2631 
-2632     this.getX500NameRule = function(aDN) {
-2633 	var isPRNRule = true;
-2634 	var isUTF8Rule = true;
-2635 	var isMixedRule = false;
-2636 	var logfull = "";
-2637 	var logcheck = "";
-2638 	var lasttag = null;
-2639 
-2640 	var a = [];
-2641 	for (var i = 0; i < aDN.length; i++) {
-2642 	    var aRDN = aDN[i];
-2643 	    for (var j = 0; j < aRDN.length; j++) {
-2644 		a.push(aRDN[j]);
-2645 	    }
-2646 	}
-2647 
-2648 	for (var i = 0; i < a.length; i++) {
-2649 	    var item = a[i];
-2650 	    var tag = item.ds;
-2651 	    var value = item.value;
-2652 	    var type = item.type;
-2653 	    logfull += ":" + tag;
-2654 	    
-2655 	    if (tag != "prn" && tag != "utf8" && tag != "ia5") {
-2656 		return "mixed";
-2657 	    }
-2658 	    if (tag == "ia5") {
-2659 		if (type != "CN") {
-2660 		    return "mixed";
-2661 		} else {
-2662 		    if (! KJUR.lang.String.isMail(value)) {
-2663 			return "mixed";
-2664 		    } else {
-2665 			continue;
-2666 		    }
-2667 		}
-2668 	    }
-2669 	    if (type == "C") {
-2670 		if (tag == "prn") {
-2671 		    continue;
-2672 		} else {
-2673 		    return "mixed";
-2674 		}
-2675 	    }
-2676 	    logcheck += ":" + tag;
-2677 	    if (lasttag == null) {
-2678 		lasttag = tag;
-2679 	    } else {
-2680 		if (lasttag !== tag) return "mixed";
-2681 	    }
-2682 	}
-2683 	if (lasttag == null) {
-2684 	    return "prn";
-2685 	} else {
-2686 	    return lasttag;
-2687 	}
-2688     };
-2689 
-2690     /**
-2691      * get AttributeTypeAndValue ASN.1 structure parameter as JSON object<br/>
-2692      * @name getAttrTypeAndValue
-2693      * @memberOf X509#
-2694      * @function
-2695      * @param {String} h hexadecimal string of AttributeTypeAndValue
-2696      * @return {Object} JSON object of AttributeTypeAndValue parameters
-2697      * @since jsrsasign 9.0.0 x509 2.0.0
-2698      * @see X509#getX500Name
-2699      * @see X509#getRDN
-2700      * @description
-2701      * This method will get AttributeTypeAndValue parameters defined in
-2702      * <a href="https://tools.ietf.org/html/rfc5280#section-4.1.2.4">
-2703      * RFC 5280 4.1.2.4</a>.
-2704      * <pre>
-2705      * AttributeTypeAndValue ::= SEQUENCE {
-2706      *   type     AttributeType,
-2707      *   value    AttributeValue }
-2708      * AttributeType ::= OBJECT IDENTIFIER
-2709      * AttributeValue ::= ANY -- DEFINED BY AttributeType
-2710      * </pre>
-2711      * <ul>
-2712      * <li>{String}type - AttributeType name or OID(ex. C,O,CN)</li>
-2713      * <li>{String}value - raw string of ASN.1 value of AttributeValue</li>
-2714      * <li>{String}ds - DirectoryString type of AttributeValue</li>
-2715      * </ul>
-2716      * "ds" has one of following value:
-2717      * <ul>
-2718      * <li>utf8 - (0x0c) UTF8String</li>
-2719      * <li>num  - (0x12) NumericString</li>
-2720      * <li>prn  - (0x13) PrintableString</li>
-2721      * <li>tel  - (0x14) TeletexString</li>
-2722      * <li>ia5  - (0x16) IA5String</li>
-2723      * <li>vis  - (0x1a) VisibleString</li>
-2724      * <li>bmp  - (0x1e) BMPString</li>
-2725      * </ul>
-2726      * @example
-2727      * x = new X509();
-2728      * x.getAttrTypeAndValue("30...") →
-2729      * {type:"CN",value:"john.smith@example.com",ds:"ia5"} or
-2730      * {type:"O",value:"Sample Corp.",ds:"prn"}
-2731      */
-2732     // unv  - (0x1c??) UniversalString ... for future
-2733     this.getAttrTypeAndValue = function(h) {
-2734 	var p = _ASN1HEX_parse(h);
-2735 	return _convATV(p);
-2736     };
-2737 
-2738     /**
-2739      * get RelativeDistinguishedName ASN.1 structure parameter array<br/>
-2740      * @name getRDN
-2741      * @memberOf X509#
-2742      * @function
-2743      * @param {String} h hexadecimal string of RDN
-2744      * @return {Array} array of AttrTypeAndValue parameters
-2745      * @since jsrsasign 9.0.0 x509 2.0.0
-2746      * @see X509#getX500Name
-2747      * @see X509#getRDN
-2748      * @see X509#getAttrTypeAndValue
-2749      * @description
-2750      * This method will get RelativeDistinguishedName parameters defined in
-2751      * <a href="https://tools.ietf.org/html/rfc5280#section-4.1.2.4">
-2752      * RFC 5280 4.1.2.4</a>.
-2753      * <pre>
-2754      * RelativeDistinguishedName ::=
-2755      *   SET SIZE (1..MAX) OF AttributeTypeAndValue
-2756      * </pre>
-2757      * @example
-2758      * x = new X509();
-2759      * x.getRDN("31...") →
-2760      * [{type:"C",value:"US",ds:"prn"}] or
-2761      * [{type:"O",value:"Sample Corp.",ds:"prn"}] or
-2762      * [{type:"CN",value:"john.smith@example.com",ds:"ia5"}]
-2763      */
-2764     this.getRDN = function(h) {
-2765 	var p = _ASN1HEX_parse(h);
-2766 	return _convRDN(p);
-2767     };
-2768 
-2769     /**
-2770      * get X.500 Name ASN.1 structure parameter array<br/>
-2771      * @name getX500NameArray
-2772      * @memberOf X509#
-2773      * @function
-2774      * @param {String} h hexadecimal string of Name
-2775      * @return {Array} array of RDN parameter array
-2776      * @since jsrsasign 10.0.6 x509 2.0.9
-2777      * @see X509#getX500Name
-2778      * @see X509#getRDN
-2779      * @see X509#getAttrTypeAndValue
-2780      * @description
-2781      * This method will get Name parameter defined in
-2782      * <a href="https://tools.ietf.org/html/rfc5280#section-4.1.2.4">
-2783      * RFC 5280 4.1.2.4</a>.
-2784      * <pre>
-2785      * Name ::= CHOICE { -- only one possibility for now --
-2786      *   rdnSequence  RDNSequence }
-2787      * RDNSequence ::= SEQUENCE OF RelativeDistinguishedName
-2788      * </pre>
-2789      * @example
-2790      * x = new X509();
-2791      * x.getX500NameArray("30...") →
-2792      * [[{type:"C",value:"US",ds:"prn"}],
-2793      *  [{type:"O",value:"Sample Corp.",ds:"utf8"}],
-2794      *  [{type:"CN",value:"john.smith@example.com",ds:"ia5"}]]
+2615     // ===== BEGIN X500Name related =====================================
+2616     /*
+2617      * convert ASN.1 parsed object to attrTypeAndValue assoc array<br/>
+2618      * @name _convATV
+2619      * @param p associative array of parsed attrTypeAndValue object
+2620      * @return attrTypeAndValue associative array
+2621      * @since jsrsasign 10.5.12 x509 2.0.14
+2622      * @example
+2623      * _convATV({seq: [...]} &rarr: {type:"C",value:"JP",ds:"prn"}
+2624      */
+2625     var _convATV = function(p) {
+2626 	var result = {};
+2627 	try {
+2628 	    var name = p.seq[0].oid;
+2629 	    var oid = KJUR.asn1.x509.OID.name2oid(name);
+2630 	    result.type = KJUR.asn1.x509.OID.oid2atype(oid);
+2631 	    var item1 = p.seq[1];
+2632 	    if (item1.utf8str != undefined) {
+2633 		result.ds = "utf8";
+2634 		result.value = item1.utf8str.str;
+2635 	    } else if (item1.numstr != undefined) {
+2636 		result.ds = "num";
+2637 		result.value = item1.numstr.str;
+2638 	    } else if (item1.telstr != undefined) {
+2639 		result.ds = "tel";
+2640 		result.value = item1.telstr.str;
+2641 	    } else if (item1.prnstr != undefined) {
+2642 		result.ds = "prn";
+2643 		result.value = item1.prnstr.str;
+2644 	    } else if (item1.ia5str != undefined) {
+2645 		result.ds = "ia5";
+2646 		result.value = item1.ia5str.str;
+2647 	    } else if (item1.visstr != undefined) {
+2648 		result.ds = "vis";
+2649 		result.value = item1.visstr.str;
+2650 	    } else if (item1.bmpstr != undefined) {
+2651 		result.ds = "bmp";
+2652 		result.value = item1.bmpstr.str;
+2653 	    } else {
+2654 		throw "error";
+2655 	    }
+2656 	    return result;
+2657 	} catch(ex) {
+2658 	    throw new Erorr("improper ASN.1 parsed AttrTypeAndValue");
+2659 	}
+2660     };
+2661 
+2662     /*
+2663      * convert ASN.1 parsed object to RDN array<br/>
+2664      * @name _convRDN
+2665      * @param p associative array of parsed RDN object
+2666      * @return RDN array
+2667      * @since jsrsasign 10.5.12 x509 2.0.14
+2668      * @example
+2669      * _convRDN({set: [...]} &rarr: [{type:"C",value:"JP",ds:"prn"}]
+2670      */
+2671     var _convRDN = function(p) {
+2672 	try {
+2673 	    return p.set.map(function(pATV){return _convATV(pATV)});
+2674 	} catch(ex) {
+2675 	    throw new Error("improper ASN.1 parsed RDN: " + ex);
+2676 	}
+2677     };
+2678 
+2679     /*
+2680      * convert ASN.1 parsed object to X500Name array<br/>
+2681      * @name _convX500Name
+2682      * @param p associative array of parsed X500Name array object
+2683      * @return RDN array
+2684      * @since jsrsasign 10.5.12 x509 2.0.14
+2685      * @example
+2686      * _convX500Name({seq: [...]} &rarr: [[{type:"C",value:"JP",ds:"prn"}]]
+2687      */
+2688     var _convX500Name = function(p) {
+2689 	try {
+2690 	    return p.seq.map(function(pRDN){return _convRDN(pRDN)});
+2691 	} catch(ex) {
+2692 	    throw new Error("improper ASN.1 parsed X500Name: " + ex);
+2693 	}
+2694     };
+2695 
+2696     this.getX500NameRule = function(aDN) {
+2697 	var isPRNRule = true;
+2698 	var isUTF8Rule = true;
+2699 	var isMixedRule = false;
+2700 	var logfull = "";
+2701 	var logcheck = "";
+2702 	var lasttag = null;
+2703 
+2704 	var a = [];
+2705 	for (var i = 0; i < aDN.length; i++) {
+2706 	    var aRDN = aDN[i];
+2707 	    for (var j = 0; j < aRDN.length; j++) {
+2708 		a.push(aRDN[j]);
+2709 	    }
+2710 	}
+2711 
+2712 	for (var i = 0; i < a.length; i++) {
+2713 	    var item = a[i];
+2714 	    var tag = item.ds;
+2715 	    var value = item.value;
+2716 	    var type = item.type;
+2717 	    logfull += ":" + tag;
+2718 	    
+2719 	    if (tag != "prn" && tag != "utf8" && tag != "ia5") {
+2720 		return "mixed";
+2721 	    }
+2722 	    if (tag == "ia5") {
+2723 		if (type != "CN") {
+2724 		    return "mixed";
+2725 		} else {
+2726 		    if (! KJUR.lang.String.isMail(value)) {
+2727 			return "mixed";
+2728 		    } else {
+2729 			continue;
+2730 		    }
+2731 		}
+2732 	    }
+2733 	    if (type == "C") {
+2734 		if (tag == "prn") {
+2735 		    continue;
+2736 		} else {
+2737 		    return "mixed";
+2738 		}
+2739 	    }
+2740 	    logcheck += ":" + tag;
+2741 	    if (lasttag == null) {
+2742 		lasttag = tag;
+2743 	    } else {
+2744 		if (lasttag !== tag) return "mixed";
+2745 	    }
+2746 	}
+2747 	if (lasttag == null) {
+2748 	    return "prn";
+2749 	} else {
+2750 	    return lasttag;
+2751 	}
+2752     };
+2753 
+2754     /**
+2755      * get AttributeTypeAndValue ASN.1 structure parameter as JSON object<br/>
+2756      * @name getAttrTypeAndValue
+2757      * @memberOf X509#
+2758      * @function
+2759      * @param {String} h hexadecimal string of AttributeTypeAndValue
+2760      * @return {Object} JSON object of AttributeTypeAndValue parameters
+2761      * @since jsrsasign 9.0.0 x509 2.0.0
+2762      * @see X509#getX500Name
+2763      * @see X509#getRDN
+2764      * @description
+2765      * This method will get AttributeTypeAndValue parameters defined in
+2766      * <a href="https://tools.ietf.org/html/rfc5280#section-4.1.2.4">
+2767      * RFC 5280 4.1.2.4</a>.
+2768      * <pre>
+2769      * AttributeTypeAndValue ::= SEQUENCE {
+2770      *   type     AttributeType,
+2771      *   value    AttributeValue }
+2772      * AttributeType ::= OBJECT IDENTIFIER
+2773      * AttributeValue ::= ANY -- DEFINED BY AttributeType
+2774      * </pre>
+2775      * <ul>
+2776      * <li>{String}type - AttributeType name or OID(ex. C,O,CN)</li>
+2777      * <li>{String}value - raw string of ASN.1 value of AttributeValue</li>
+2778      * <li>{String}ds - DirectoryString type of AttributeValue</li>
+2779      * </ul>
+2780      * "ds" has one of following value:
+2781      * <ul>
+2782      * <li>utf8 - (0x0c) UTF8String</li>
+2783      * <li>num  - (0x12) NumericString</li>
+2784      * <li>prn  - (0x13) PrintableString</li>
+2785      * <li>tel  - (0x14) TeletexString</li>
+2786      * <li>ia5  - (0x16) IA5String</li>
+2787      * <li>vis  - (0x1a) VisibleString</li>
+2788      * <li>bmp  - (0x1e) BMPString</li>
+2789      * </ul>
+2790      * @example
+2791      * x = new X509();
+2792      * x.getAttrTypeAndValue("30...") →
+2793      * {type:"CN",value:"john.smith@example.com",ds:"ia5"} or
+2794      * {type:"O",value:"Sample Corp.",ds:"prn"}
 2795      */
-2796     this.getX500NameArray = function(h) {
-2797 	var p = _ASN1HEX_parse(h);
-2798 	return _convX500Name(p);
-2799     };
-2800 
-2801     /**
-2802      * get Name ASN.1 structure parameter array<br/>
-2803      * @name getX500Name
-2804      * @memberOf X509#
-2805      * @function
-2806      * @param {String} h hexadecimal string of Name
-2807      * @param {boolean} flagCanon flag to conclude canonicalized name (DEFAULT false)
-2808      * @param {boolean} flagHex flag to conclude hexadecimal string (DEFAULT false)
-2809      * @return {Array} array of RDN parameter array
-2810      * @since jsrsasign 9.0.0 x509 2.0.0
-2811      * @see X509#getX500NameArray
-2812      * @see X509#getRDN
-2813      * @see X509#getAttrTypeAndValue
-2814      * @see X509#c14nRDNArray
-2815      * @see KJUR.asn1.x509.X500Name
-2816      * @see KJUR.asn1.x509.GeneralName
-2817      * @see KJUR.asn1.x509.GeneralNames
-2818      *
-2819      * @description
-2820      * This method will get Name parameter defined in
-2821      * <a href="https://tools.ietf.org/html/rfc5280#section-4.1.2.4">
-2822      * RFC 5280 4.1.2.4</a>.
-2823      * <pre>
-2824      * Name ::= CHOICE { -- only one possibility for now --
-2825      *   rdnSequence  RDNSequence }
-2826      * RDNSequence ::= SEQUENCE OF RelativeDistinguishedName
-2827      * </pre>
-2828      * <br>
-2829      * NOTE: From jsrsasign 10.6.0, flagHex and flagCanon has been 
-2830      * supported to conclude a canonicalized name for caseIgnoreMatch
-2831      * desribed in <a href="https://tools.ietf.org/html/rfc4518">
-2832      * RFC 4518</a>.
-2833      *
-2834      * @example
-2835      * x = new X509();
-2836      * x.getX500Name("30...") →
-2837      * { array: [
-2838      *     [{type:"C",value:"US",ds:"prn"}],
-2839      *     [{type:"O",value:"Sample Corp.",ds:"utf8"}],
-2840      *     [{type:"CN",value:"john.smith@example.com",ds:"ia5"}]
-2841      *   ],
-2842      *   str: "/C=US/O=Sample Corp./CN=john.smith@example.com",
-2843      *   hex: "30..." }
-2844      *
-2845      * x.getX500Name("30...", true) →
-2846      * { array: [
-2847      *     [{type:"C",value:"US",ds:"prn"}],
-2848      *     [{type:"O",value:"Sample    Corp.",ds:"utf8"}]
-2849      *   ],
-2850      *   str: "/C=US/O=Sample    Corp.",
-2851      *   canon: "/c=us/o=sample corp.",
-2852      *   hex: "30..." }
-2853      */
-2854     this.getX500Name = function(h, flagCanon, flagHex) {
-2855 	var a = this.getX500NameArray(h);
-2856 	var s = this.dnarraytostr(a);
-2857 	var result = { str: s };
-2858 
-2859 	result.array = a;
-2860 	if (flagHex == true) result.hex = h;
-2861 	if (flagCanon == true) result.canon = this.c14nRDNArray(a);
-2862 	return result;
+2796     // unv  - (0x1c??) UniversalString ... for future
+2797     this.getAttrTypeAndValue = function(h) {
+2798 	var p = _ASN1HEX_parse(h);
+2799 	return _convATV(p);
+2800     };
+2801 
+2802     /**
+2803      * get RelativeDistinguishedName ASN.1 structure parameter array<br/>
+2804      * @name getRDN
+2805      * @memberOf X509#
+2806      * @function
+2807      * @param {String} h hexadecimal string of RDN
+2808      * @return {Array} array of AttrTypeAndValue parameters
+2809      * @since jsrsasign 9.0.0 x509 2.0.0
+2810      * @see X509#getX500Name
+2811      * @see X509#getRDN
+2812      * @see X509#getAttrTypeAndValue
+2813      * @description
+2814      * This method will get RelativeDistinguishedName parameters defined in
+2815      * <a href="https://tools.ietf.org/html/rfc5280#section-4.1.2.4">
+2816      * RFC 5280 4.1.2.4</a>.
+2817      * <pre>
+2818      * RelativeDistinguishedName ::=
+2819      *   SET SIZE (1..MAX) OF AttributeTypeAndValue
+2820      * </pre>
+2821      * @example
+2822      * x = new X509();
+2823      * x.getRDN("31...") →
+2824      * [{type:"C",value:"US",ds:"prn"}] or
+2825      * [{type:"O",value:"Sample Corp.",ds:"prn"}] or
+2826      * [{type:"CN",value:"john.smith@example.com",ds:"ia5"}]
+2827      */
+2828     this.getRDN = function(h) {
+2829 	var p = _ASN1HEX_parse(h);
+2830 	return _convRDN(p);
+2831     };
+2832 
+2833     /**
+2834      * get X.500 Name ASN.1 structure parameter array<br/>
+2835      * @name getX500NameArray
+2836      * @memberOf X509#
+2837      * @function
+2838      * @param {String} h hexadecimal string of Name
+2839      * @return {Array} array of RDN parameter array
+2840      * @since jsrsasign 10.0.6 x509 2.0.9
+2841      * @see X509#getX500Name
+2842      * @see X509#getRDN
+2843      * @see X509#getAttrTypeAndValue
+2844      * @description
+2845      * This method will get Name parameter defined in
+2846      * <a href="https://tools.ietf.org/html/rfc5280#section-4.1.2.4">
+2847      * RFC 5280 4.1.2.4</a>.
+2848      * <pre>
+2849      * Name ::= CHOICE { -- only one possibility for now --
+2850      *   rdnSequence  RDNSequence }
+2851      * RDNSequence ::= SEQUENCE OF RelativeDistinguishedName
+2852      * </pre>
+2853      * @example
+2854      * x = new X509();
+2855      * x.getX500NameArray("30...") →
+2856      * [[{type:"C",value:"US",ds:"prn"}],
+2857      *  [{type:"O",value:"Sample Corp.",ds:"utf8"}],
+2858      *  [{type:"CN",value:"john.smith@example.com",ds:"ia5"}]]
+2859      */
+2860     this.getX500NameArray = function(h) {
+2861 	var p = _ASN1HEX_parse(h);
+2862 	return _convX500Name(p);
 2863     };
 2864 
-2865     // ===== END X500Name related =====================================
-2866 
-2867     // ===== BEGIN read certificate =====================================
-2868     /**
-2869      * read PEM formatted X.509 certificate from string.<br/>
-2870      * @name readCertPEM
-2871      * @memberOf X509#
-2872      * @function
-2873      * @param {String} sCertPEM string for PEM formatted X.509 certificate
-2874      * @example
-2875      * x = new X509();
-2876      * x.readCertPEM(sCertPEM); // read certificate
-2877      */
-2878     this.readCertPEM = function(sCertPEM) {
-2879         this.readCertHex(_pemtohex(sCertPEM));
-2880     };
-2881 
-2882     /**
-2883      * read a hexadecimal string of X.509 certificate<br/>
-2884      * @name readCertHex
-2885      * @memberOf X509#
-2886      * @function
-2887      * @param {String} sCertHex hexadecimal string of X.509 certificate
-2888      * @since jsrsasign 7.1.4 x509 1.1.13
-2889      * @description
-2890      * NOTE: {@link X509#parseExt} will called internally since jsrsasign 7.2.0.
-2891      * @example
-2892      * x = new X509();
-2893      * x.readCertHex("3082..."); // read certificate
-2894      */
-2895     this.readCertHex = function(sCertHex) {
-2896         this.hex = sCertHex;
-2897 	this.getVersion(); // set version parameter
-2898 
-2899 	try {
-2900 	    _getIdxbyList(this.hex, 0, [0, 7], "a3"); // has [3] v3ext
-2901 	    this.parseExt();
-2902 	} catch(ex) {};
-2903     };
-2904 
-2905     // ===== END read certificate =====================================
-2906 
-2907     /**
-2908      * get JSON object of certificate parameters<br/>
-2909      * @name getParam
-2910      * @memberOf X509#
-2911      * @function
-2912      * @param {Object} option optional setting for return object
-2913      * @return {Object} JSON object of certificate parameters
-2914      * @since jsrsasign 9.0.0 x509 2.0.0
-2915      * @see KJUR.asn1.x509.X509Util.newCertPEM
-2916      *
-2917      * @description
-2918      * This method returns a JSON object of the certificate
-2919      * parameters. Return value can be passed to
-2920      * {@link KJUR.asn1.x509.X509Util.newCertPEM}.
-2921      * <br/>
-2922      * NOTE1: From jsrsasign 10.5.16, optional argument can be applied.
-2923      * It can have following members:
-2924      * <ul>
-2925      * <li>tbshex - (boolean) tbshex member with hex value of 
-2926      * tbsCertificate will be added if true (DEFAULT undefined)</li>
-2927      * <li>nodnarray - (boolean) array member for subject and
-2928      * issuer will be deleted to simplify it if true (DEFAULT undefined)<li>
-2929      * <li>dncanon - (boolean) add canon member to subject and issuer for DN StringPrep if true(DEFAULT undefined)</li>
-2930      * <li>dnhex - (boolean) add hex member to subject and issuer if true(DEFAULT undefined)</li>
-2931      * </ul>
-2932      * <br/>
-2933      * NOTE2: From jsrsasign 10.6.0, member "dncanon" and "dnhex" supported
-2934      * in the "option" argument.
-2935      *
-2936      * @example
-2937      * x = new X509();
-2938      * x.readCertPEM("-----BEGIN CERTIFICATE...");
-2939      * x.getParam() →
-2940      * {version:3,
-2941      *  serial:{hex:"12ab"},
-2942      *  sigalg:"SHA256withRSA",
-2943      *  issuer: {array:[[{type:'CN',value:'CA1',ds:'prn'}]],str:"/O=CA1"},
-2944      *  notbefore:"160403023700Z",
-2945      *  notafter:"160702023700Z",
-2946      *  subject: {array:[[{type:'CN',value:'Test1',ds:'prn'}]],str:"/CN=Test1"},
-2947      *  sbjpubkey:"-----BEGIN PUBLIC KEY...",
-2948      *  ext:[
-2949      *   {extname:"keyUsage",critical:true,names:["digitalSignature"]},
-2950      *   {extname:"basicConstraints",critical:true},
-2951      *   {extname:"subjectKeyIdentifier",kid:{hex:"f2eb..."}},
-2952      *   {extname:"authorityKeyIdentifier",kid:{hex:"12ab..."}},
-2953      *   {extname:"authorityInfoAccess",array:[{ocsp:"http://ocsp.example.com/"}]},
-2954      *   {extname:"certificatePolicies",array:[{policyoid:"2.23.140.1.2.1"}]}
-2955      *  ],
-2956      *  sighex:"0b76...8"
-2957      * };
-2958      *
-2959      * x.getParam({tbshex: true}) → { ... , tbshex: "30..." }
-2960      * x.getParam({nodnarray: true}) → {issuer: {str: "/C=JP"}, ...}
-2961      * x.getParam({dncanon: true}) → {... {issuer: {canon: "/c=jp/o=..."} ...} ...}
-2962      * x.getParam({dnhex: true}) → {... {issuer: {hex: "30..."} ...} ...}
-2963      */
-2964     this.getParam = function(option) {
-2965 	var result = {};
-2966 	if (option == undefined) option = {};
-2967 
-2968 	result.version = this.getVersion();
-2969 	result.serial = {hex: this.getSerialNumberHex()};
-2970 	result.sigalg = this.getSignatureAlgorithmField();
-2971 	result.issuer = this.getIssuer(option.dncanon, option.dnhex);
-2972 	result.notbefore = this.getNotBefore();
-2973 	result.notafter = this.getNotAfter();
-2974 	result.subject = this.getSubject(option.dncanon, option.dnhex);
-2975 	result.sbjpubkey = hextopem(this.getPublicKeyHex(), "PUBLIC KEY");
-2976 	if (this.aExtInfo != undefined &&
-2977 	    this.aExtInfo.length > 0) {
-2978 	    result.ext = this.getExtParamArray();
-2979 	}
-2980 	result.sighex = this.getSignatureValueHex();
-2981 
-2982 	// for options
-2983 	if (option.tbshex == true) {
-2984 	    result.tbshex = _getTLVbyList(this.hex, 0, [0]);
-2985 	}
-2986 	if (option.nodnarray == true) {
-2987 	    delete result.issuer.array;
-2988 	    delete result.subject.array;
-2989 	}
-2990 
-2991 	return result;
-2992     };
-2993 
-2994     /** 
-2995      * get array of certificate extension parameter JSON object<br/>
-2996      * @name getExtParamArray
-2997      * @memberOf X509#
-2998      * @function
-2999      * @param {String} hExtSeq hexadecimal string of SEQUENCE of Extension
-3000      * @return {Array} array of certificate extension parameter JSON object
-3001      * @since jsrsasign 9.0.0 x509 2.0.0
-3002      * @see KJUR.asn1.x509.X509Util.newCertPEM
-3003      * @see X509#getParam
-3004      * @see X509#getExtParam
-3005      * @see X509CRL#getParam
-3006      * @see KJUR.asn1.csr.CSRUtil.getParam
-3007      *
-3008      * @description
-3009      * This method returns an array of certificate extension
-3010      * parameters. 
-3011      * <br/>
-3012      * NOTE: Argument "hExtSeq" have been supported since jsrsasign 9.1.1.
-3013      *
-3014      * @example
-3015      * x = new X509();
-3016      * x.readCertPEM("-----BEGIN CERTIFICATE...");
-3017      * x.getExtParamArray() →
-3018      * [ {extname:"keyUsage",critical:true,names:["digitalSignature"]},
-3019      *   {extname:"basicConstraints",critical:true},
-3020      *   {extname:"subjectKeyIdentifier",kid:{hex:"f2eb..."}},
-3021      *   {extname:"authorityKeyIdentifier",kid:{hex:"12ab..."}},
-3022      *   {extname:"authorityInfoAccess",array:[{ocsp:"http://ocsp.example.com/"}]},
-3023      *   {extname:"certificatePolicies",array:[{policyoid:"2.23.140.1.2.1"}]}]
-3024      */
-3025     this.getExtParamArray = function(hExtSeq) {
-3026 	if (hExtSeq == undefined) {
-3027 	    // for X.509v3 certificate
-3028 	    var idx1 = _getIdxbyListEx(this.hex, 0, [0, "[3]"]);
-3029 	    if (idx1 != -1) {
-3030 		hExtSeq = _getTLVbyListEx(this.hex, 0, [0, "[3]", 0], "30");
-3031 	    }
-3032 	}
-3033 	var result = [];
-3034 	var aIdx = _getChildIdx(hExtSeq, 0);
-3035 
-3036 	for (var i = 0; i < aIdx.length; i++) {
-3037 	    var hExt = _getTLV(hExtSeq, aIdx[i]);
-3038 	    var extParam = this.getExtParam(hExt);
-3039 	    if (extParam != null) result.push(extParam);
-3040 	}
-3041 
-3042 	return result;
-3043     };
-3044 
-3045     /** 
-3046      * get a extension parameter JSON object<br/>
-3047      * @name getExtParam
-3048      * @memberOf X509#
-3049      * @function
-3050      * @param {String} hExt hexadecimal string of Extension
-3051      * @return {Array} Extension parameter JSON object
-3052      * @since jsrsasign 9.1.1 x509 2.0.1
-3053      * @see KJUR.asn1.x509.X509Util.newCertPEM
-3054      * @see X509#getParam
-3055      * @see X509#getExtParamArray
-3056      * @see X509CRL#getParam
-3057      * @see KJUR.asn1.csr.CSRUtil.getParam
-3058      *
-3059      * @description
-3060      * This method returns a extension parameters as JSON object. 
-3061      *
-3062      * @example
-3063      * x = new X509();
-3064      * ...
-3065      * x.getExtParam("30...") →
-3066      * {extname:"keyUsage",critical:true,names:["digitalSignature"]}
-3067      */
-3068     this.getExtParam = function(hExt) {
-3069 	var result = {};
-3070 	var aIdx = _getChildIdx(hExt, 0);
-3071 	var aIdxLen = aIdx.length;
-3072 	if (aIdxLen != 2 && aIdxLen != 3)
-3073 	    throw new Error("wrong number elements in Extension: " + 
-3074 			    aIdxLen + " " + hExt);
-3075 
-3076 	var oid = _hextooidstr(_getVbyList(hExt, 0, [0], "06"));
-3077 
-3078 	var critical = false;
-3079 	if (aIdxLen == 3 && _getTLVbyList(hExt, 0, [1]) == "0101ff")
-3080 	    critical = true;
-3081 
-3082 	var hExtV = _getTLVbyList(hExt, 0, [aIdxLen - 1, 0]);
-3083 
-3084 	var extParam = undefined;
-3085 	if (oid == "2.5.29.14") {
-3086 	    extParam = this.getExtSubjectKeyIdentifier(hExtV, critical);
-3087 	} else if (oid == "2.5.29.15") {
-3088 	    extParam = this.getExtKeyUsage(hExtV, critical);
-3089 	} else if (oid == "2.5.29.17") {
-3090 	    extParam = this.getExtSubjectAltName(hExtV, critical);
-3091 	} else if (oid == "2.5.29.18") {
-3092 	    extParam = this.getExtIssuerAltName(hExtV, critical);
-3093 	} else if (oid == "2.5.29.19") {
-3094 	    extParam = this.getExtBasicConstraints(hExtV, critical);
-3095 	} else if (oid == "2.5.29.30") {
-3096 	    extParam = this.getExtNameConstraints(hExtV, critical);
-3097 	} else if (oid == "2.5.29.31") {
-3098 	    extParam = this.getExtCRLDistributionPoints(hExtV, critical);
-3099 	} else if (oid == "2.5.29.32") {
-3100 	    extParam = this.getExtCertificatePolicies(hExtV, critical);
-3101 	} else if (oid == "2.5.29.33") {
-3102 	    extParam = this.getExtPolicyMappings(hExtV, critical);
-3103 	} else if (oid == "2.5.29.35") {
-3104 	    extParam = this.getExtAuthorityKeyIdentifier(hExtV, critical);
-3105 	} else if (oid == "2.5.29.36") {
-3106 	    extParam = this.getExtPolicyConstraints(hExtV, critical);
-3107 	} else if (oid == "2.5.29.37") {
-3108 	    extParam = this.getExtExtKeyUsage(hExtV, critical);
-3109 	} else if (oid == "2.5.29.54") {
-3110 	    extParam = this.getExtInhibitAnyPolicy(hExtV, critical);
-3111 	} else if (oid == "1.3.6.1.5.5.7.1.1") {
-3112 	    extParam = this.getExtAuthorityInfoAccess(hExtV, critical);
-3113 	} else if (oid == "2.5.29.20") {
-3114 	    extParam = this.getExtCRLNumber(hExtV, critical);
-3115 	} else if (oid == "2.5.29.21") {
-3116 	    extParam = this.getExtCRLReason(hExtV, critical);
-3117 	} else if (oid == "1.3.6.1.5.5.7.48.1.2") {
-3118 	    extParam = this.getExtOcspNonce(hExtV, critical);
-3119 	} else if (oid == "1.3.6.1.5.5.7.48.1.5") {
-3120 	    extParam = this.getExtOcspNoCheck(hExtV, critical);
-3121 	} else if (oid == "1.2.840.113583.1.1.9.1") {
-3122 	    extParam = this.getExtAdobeTimeStamp(hExtV, critical);
-3123 	} else if (X509.EXT_PARSER[oid] != undefined) {
-3124 	    extParam = X509.EXT_PARSER[oid](oid, critical, hExtV);
-3125 	}
-3126 	if (extParam != undefined) return extParam;
-3127 
-3128 	var privateParam = { extname: oid, extn: hExtV };
-3129 	if (critical) privateParam.critical = true;
-3130 	return privateParam;
-3131     };
-3132 
-3133     /**
-3134      * find extension parameter in array<br/>
-3135      * @name findExt
-3136      * @memberOf X509#
-3137      * @function
-3138      * @param {Array} aExt array of extension parameters
-3139      * @param {String} extname extension name
-3140      * @return {Array} extension parameter in the array or null
-3141      * @since jsrsasign 10.0.3 x509 2.0.7
-3142      * @see X509#getParam
-3143      *
-3144      * @description
-3145      * This method returns an extension parameter for
-3146      * specified extension name in the array.
-3147      * This method is useful to update extension parameter value.
-3148      * When there is no such extension with the extname,
-3149      * this returns "null".
-3150      *
-3151      * @example
-3152      * // (1) 
-3153      * x = new X509(CERTPEM);
-3154      * params = x.getParam();
-3155      * pSKID = x.findExt(params.ext, "subjectKeyIdentifier");
-3156      * pSKID.kid = "1234abced..."; // skid in the params is updated.
-3157      *   // then params was updated
-3158      *
-3159      * // (2) another example
-3160      * aExt = [
-3161      *   {extname:"keyUsage",critical:true,names:["digitalSignature"]},
-3162      *   {extname:"basicConstraints",critical:true},
-3163      *   {extname:"subjectKeyIdentifier",kid:{hex:"f2eb..."}},
-3164      *   {extname:"authorityKeyIdentifier",kid:{hex:"12ab..."}},
-3165      *   {extname:"authorityInfoAccess",array:[{ocsp:"http://ocsp.example.com/"}]},
-3166      *   {extname:"certificatePolicies",array:[{policyoid:"2.23.140.1.2.1"}]}
-3167      * ];
-3168      * var x = new X509();
-3169      * x.findExt(aExt, "authorityKeyInfoAccess").array[0].ocsp = "http://aaa.com";
-3170      * pKU = x.findExt(aExt, "keyUsage");
-3171      * delete pKU["critical"]; // clear criticla flag
-3172      * pKU.names = ["keyCertSign", "cRLSign"];
-3173      *   // then aExt was updated
-3174      */
-3175     this.findExt = function(aExt, extname) {
-3176 	for (var i = 0; i < aExt.length; i++) {
-3177 	    if (aExt[i].extname == extname) return aExt[i];
-3178 	}
-3179 	return null;
-3180 
-3181     };
-3182 
-3183     /**
-3184      * update CRLDistributionPoints Full URI in parameter<br/>
-3185      * @name updateCDPFullURI
-3186      * @memberOf X509#
-3187      * @function
-3188      * @param {Array} aExt array of extension parameters
-3189      * @param {String} newURI string of new uri
-3190      * @since jsrsasign 10.0.4 x509 2.0.8
-3191      * @see X509#findExt
-3192      * @see KJUR.asn1.x509.CRLDistributionPoints
-3193      *
-3194      * @description
-3195      * This method updates Full URI of CRLDistributionPoints extension
-3196      * in the extension parameter array if it exists.
-3197      *
-3198      * @example
-3199      * aExt = [
-3200      *   {extname:"authorityKeyIdentifier",kid:{hex:"12ab..."}},
-3201      *   {extname:"cRLDistributionPoints",
-3202      *    array:[{dpname:{full:[{uri:"http://example.com/a.crl"}]}}]},
-3203      * ];
-3204      * x = new X509();
-3205      * x.updateCDPFullURI(aExt, "http://crl2.example.new/b.crl");
-3206      */
-3207     this.updateExtCDPFullURI = function(aExt, newURI) {
-3208 	var pExt = this.findExt(aExt, "cRLDistributionPoints");
-3209 	if (pExt == null) return;
-3210 	if (pExt.array == undefined) return;
-3211 	var aDP = pExt.array;
-3212 	for (var i = 0; i < aDP.length; i++) {
-3213 	    if (aDP[i].dpname == undefined) continue;
-3214 	    if (aDP[i].dpname.full == undefined) continue;
-3215 	    var aURI = aDP[i].dpname.full;
-3216 	    for (var j = 0; j < aURI.length; j++) {
-3217 		var pURI = aURI[i];
-3218 		if (pURI.uri == undefined) continue;
-3219 		pURI.uri = newURI;
-3220 	    }
-3221 	}
-3222     };
-3223 
-3224     /**
-3225      * update authorityInfoAccess ocsp in parameter<br/>
-3226      * @name updateAIAOCSP
-3227      * @memberOf X509#
-3228      * @function
-3229      * @param {Array} aExt array of extension parameters
-3230      * @param {String} newURI string of new uri
-3231      * @since jsrsasign 10.0.4 x509 2.0.8
-3232      * @see X509#findExt
-3233      * @see KJUR.asn1.x509.AuthorityInfoAccess
-3234      *
-3235      * @description
-3236      * This method updates "ocsp" accessMethod URI of 
-3237      * AuthorityInfoAccess extension
-3238      * in the extension parameter array if it exists.
-3239      *
-3240      * @example
-3241      * aExt = [
-3242      *   {extname:"authorityKeyIdentifier",kid:{hex:"12ab..."}},
-3243      *   {extname:"authoriyInfoAccess",
-3244      *    array:[
-3245      *      {ocsp: "http://ocsp1.example.com"},
-3246      *      {caissuer: "http://example.com/a.crt"}
-3247      *    ]}
-3248      * ];
-3249      * x = new X509();
-3250      * x.updateAIAOCSP(aExt, "http://ocsp2.example.net");
-3251      */
-3252     this.updateExtAIAOCSP = function(aExt, newURI) {
-3253 	var pExt = this.findExt(aExt, "authorityInfoAccess");
-3254 	if (pExt == null) return;
-3255 	if (pExt.array == undefined) return;
-3256 	var a = pExt.array;
-3257 	for (var i = 0; i < a.length; i++) {
-3258 	    if (a[i].ocsp != undefined) a[i].ocsp = newURI;
-3259 	}
-3260     };
-3261 
-3262     /**
-3263      * update authorityInfoAccess caIssuer in parameter<br/>
-3264      * @name updateAIACAIssuer
-3265      * @memberOf X509#
-3266      * @function
-3267      * @param {Array} aExt array of extension parameters
-3268      * @param {String} newURI string of new uri
-3269      * @since jsrsasign 10.0.4 x509 2.0.8
-3270      * @see X509#findExt
-3271      * @see KJUR.asn1.x509.AuthorityInfoAccess
-3272      *
-3273      * @description
-3274      * This method updates "caIssuer" accessMethod URI of 
-3275      * AuthorityInfoAccess extension
-3276      * in the extension parameter array if it exists.
-3277      *
-3278      * @example
-3279      * aExt = [
-3280      *   {extname:"authorityKeyIdentifier",kid:{hex:"12ab..."}},
-3281      *   {extname:"authoriyInfoAccess",
-3282      *    array:[
-3283      *      {ocsp: "http://ocsp1.example.com"},
-3284      *      {caissuer: "http://example.com/a.crt"}
-3285      *    ]}
-3286      * ];
-3287      * x = new X509();
-3288      * x.updateAIACAIssuer(aExt, "http://example.net/b.crt");
-3289      */
-3290     this.updateExtAIACAIssuer = function(aExt, newURI) {
-3291 	var pExt = this.findExt(aExt, "authorityInfoAccess");
-3292 	if (pExt == null) return;
-3293 	if (pExt.array == undefined) return;
-3294 	var a = pExt.array;
-3295 	for (var i = 0; i < a.length; i++) {
-3296 	    if (a[i].caissuer != undefined) a[i].caissuer = newURI;
-3297 	}
-3298     };
-3299 
-3300     /**
-3301      * convert array for X500 distinguish name to distinguish name string<br/>
-3302      * @name dnarraytostr
-3303      * @memberOf X509#
-3304      * @function
-3305      * @param {Array} aDN array for X500 distinguish name
-3306      * @return {String} distinguish name
-3307      * @since jsrsasign 10.0.6 x509 2.0.8
-3308      * @see X509#getX500Name
-3309      * @see X509#getX500NameArray
-3310      * @see KJUR.asn1.x509.X500Name
-3311      *
-3312      * @description
-3313      * This method converts from an array representation of 
-3314      * X.500 distinguished name to X.500 name string.
-3315      * This supports multi-valued RDN.
-3316      * 
-3317      * @example
-3318      * var x = new X509();
-3319      * x.dnarraytostr(
-3320      *   [[{type:"C",value:"JP",ds:"prn"}],
-3321      *   [{type:"O",value:"T1",ds:"prn"}]]) → "/C=JP/O=T1"
-3322      * x.dnarraytostr(
-3323      *   [[{type:"C",value:"JP",ds:"prn"}],
-3324      *   [{type:"O",value:"T1",ds:"prn"}
-3325      *    {type:"CN",value:"Bob",ds:"prn"}]]) → "/C=JP/O=T1+CN=Bob"
-3326      */
-3327     this.dnarraytostr = function(aDN) {
-3328 	function rdnarraytostr(aRDN) {
-3329 	    return aRDN.map(function(x){return atvtostr(x).replace(/\+/,"\\+");}).join("+");
-3330 	};
+2865     /**
+2866      * get Name ASN.1 structure parameter array<br/>
+2867      * @name getX500Name
+2868      * @memberOf X509#
+2869      * @function
+2870      * @param {String} h hexadecimal string of Name
+2871      * @param {boolean} flagCanon flag to conclude canonicalized name (DEFAULT false)
+2872      * @param {boolean} flagHex flag to conclude hexadecimal string (DEFAULT false)
+2873      * @return {Array} array of RDN parameter array
+2874      * @since jsrsasign 9.0.0 x509 2.0.0
+2875      * @see X509#getX500NameArray
+2876      * @see X509#getRDN
+2877      * @see X509#getAttrTypeAndValue
+2878      * @see X509#c14nRDNArray
+2879      * @see KJUR.asn1.x509.X500Name
+2880      * @see KJUR.asn1.x509.GeneralName
+2881      * @see KJUR.asn1.x509.GeneralNames
+2882      *
+2883      * @description
+2884      * This method will get Name parameter defined in
+2885      * <a href="https://tools.ietf.org/html/rfc5280#section-4.1.2.4">
+2886      * RFC 5280 4.1.2.4</a>.
+2887      * <pre>
+2888      * Name ::= CHOICE { -- only one possibility for now --
+2889      *   rdnSequence  RDNSequence }
+2890      * RDNSequence ::= SEQUENCE OF RelativeDistinguishedName
+2891      * </pre>
+2892      * <br>
+2893      * NOTE: From jsrsasign 10.6.0, flagHex and flagCanon has been 
+2894      * supported to conclude a canonicalized name for caseIgnoreMatch
+2895      * desribed in <a href="https://tools.ietf.org/html/rfc4518">
+2896      * RFC 4518</a>.
+2897      *
+2898      * @example
+2899      * x = new X509();
+2900      * x.getX500Name("30...") →
+2901      * { array: [
+2902      *     [{type:"C",value:"US",ds:"prn"}],
+2903      *     [{type:"O",value:"Sample Corp.",ds:"utf8"}],
+2904      *     [{type:"CN",value:"john.smith@example.com",ds:"ia5"}]
+2905      *   ],
+2906      *   str: "/C=US/O=Sample Corp./CN=john.smith@example.com",
+2907      *   hex: "30..." }
+2908      *
+2909      * x.getX500Name("30...", true) →
+2910      * { array: [
+2911      *     [{type:"C",value:"US",ds:"prn"}],
+2912      *     [{type:"O",value:"Sample    Corp.",ds:"utf8"}]
+2913      *   ],
+2914      *   str: "/C=US/O=Sample    Corp.",
+2915      *   canon: "/c=us/o=sample corp.",
+2916      *   hex: "30..." }
+2917      */
+2918     this.getX500Name = function(h, flagCanon, flagHex) {
+2919 	var a = this.getX500NameArray(h);
+2920 	var s = this.dnarraytostr(a);
+2921 	var result = { str: s };
+2922 
+2923 	result.array = a;
+2924 	if (flagHex == true) result.hex = h;
+2925 	if (flagCanon == true) result.canon = this.c14nRDNArray(a);
+2926 	return result;
+2927     };
+2928 
+2929     // ===== END X500Name related =====================================
+2930 
+2931     // ===== BEGIN read certificate =====================================
+2932     /**
+2933      * read PEM formatted X.509 certificate from string.<br/>
+2934      * @name readCertPEM
+2935      * @memberOf X509#
+2936      * @function
+2937      * @param {String} sCertPEM string for PEM formatted X.509 certificate
+2938      * @example
+2939      * x = new X509();
+2940      * x.readCertPEM(sCertPEM); // read certificate
+2941      */
+2942     this.readCertPEM = function(sCertPEM) {
+2943         this.readCertHex(_pemtohex(sCertPEM));
+2944     };
+2945 
+2946     /**
+2947      * read a hexadecimal string of X.509 certificate<br/>
+2948      * @name readCertHex
+2949      * @memberOf X509#
+2950      * @function
+2951      * @param {String} sCertHex hexadecimal string of X.509 certificate
+2952      * @since jsrsasign 7.1.4 x509 1.1.13
+2953      * @description
+2954      * NOTE: {@link X509#parseExt} will called internally since jsrsasign 7.2.0.
+2955      * @example
+2956      * x = new X509();
+2957      * x.readCertHex("3082..."); // read certificate
+2958      */
+2959     this.readCertHex = function(sCertHex) {
+2960         this.hex = sCertHex;
+2961 	this.getVersion(); // set version parameter
+2962 
+2963 	try {
+2964 	    _getIdxbyList(this.hex, 0, [0, 7], "a3"); // has [3] v3ext
+2965 	    this.parseExt();
+2966 	} catch(ex) {};
+2967     };
+2968 
+2969     // ===== END read certificate =====================================
+2970 
+2971     /**
+2972      * get JSON object of certificate parameters<br/>
+2973      * @name getParam
+2974      * @memberOf X509#
+2975      * @function
+2976      * @param {Object} option optional setting for return object
+2977      * @return {Object} JSON object of certificate parameters
+2978      * @since jsrsasign 9.0.0 x509 2.0.0
+2979      * @see KJUR.asn1.x509.X509Util.newCertPEM
+2980      *
+2981      * @description
+2982      * This method returns a JSON object of the certificate
+2983      * parameters. Return value can be passed to
+2984      * {@link KJUR.asn1.x509.X509Util.newCertPEM}.
+2985      * <br/>
+2986      * NOTE1: From jsrsasign 10.5.16, optional argument can be applied.
+2987      * It can have following members:
+2988      * <ul>
+2989      * <li>tbshex - (boolean) tbshex member with hex value of 
+2990      * tbsCertificate will be added if true (DEFAULT undefined)</li>
+2991      * <li>nodnarray - (boolean) array member for subject and
+2992      * issuer will be deleted to simplify it if true (DEFAULT undefined)<li>
+2993      * <li>dncanon - (boolean) add canon member to subject and issuer for DN StringPrep if true(DEFAULT undefined)</li>
+2994      * <li>dnhex - (boolean) add hex member to subject and issuer if true(DEFAULT undefined)</li>
+2995      * </ul>
+2996      * <br/>
+2997      * NOTE2: From jsrsasign 10.6.0, member "dncanon" and "dnhex" supported
+2998      * in the "option" argument.
+2999      *
+3000      * @example
+3001      * x = new X509();
+3002      * x.readCertPEM("-----BEGIN CERTIFICATE...");
+3003      * x.getParam() →
+3004      * {version:3,
+3005      *  serial:{hex:"12ab"},
+3006      *  sigalg:"SHA256withRSA",
+3007      *  issuer: {array:[[{type:'CN',value:'CA1',ds:'prn'}]],str:"/O=CA1"},
+3008      *  notbefore:"160403023700Z",
+3009      *  notafter:"160702023700Z",
+3010      *  subject: {array:[[{type:'CN',value:'Test1',ds:'prn'}]],str:"/CN=Test1"},
+3011      *  sbjpubkey:"-----BEGIN PUBLIC KEY...",
+3012      *  ext:[
+3013      *   {extname:"keyUsage",critical:true,names:["digitalSignature"]},
+3014      *   {extname:"basicConstraints",critical:true},
+3015      *   {extname:"subjectKeyIdentifier",kid:{hex:"f2eb..."}},
+3016      *   {extname:"authorityKeyIdentifier",kid:{hex:"12ab..."}},
+3017      *   {extname:"authorityInfoAccess",array:[{ocsp:"http://ocsp.example.com/"}]},
+3018      *   {extname:"certificatePolicies",array:[{policyoid:"2.23.140.1.2.1"}]}
+3019      *  ],
+3020      *  sighex:"0b76...8"
+3021      * };
+3022      *
+3023      * x.getParam({tbshex: true}) → { ... , tbshex: "30..." }
+3024      * x.getParam({nodnarray: true}) → {issuer: {str: "/C=JP"}, ...}
+3025      * x.getParam({dncanon: true}) → {... {issuer: {canon: "/c=jp/o=..."} ...} ...}
+3026      * x.getParam({dnhex: true}) → {... {issuer: {hex: "30..."} ...} ...}
+3027      */
+3028     this.getParam = function(option) {
+3029 	var result = {};
+3030 	if (option == undefined) option = {};
+3031 
+3032 	result.version = this.getVersion();
+3033 	result.serial = {hex: this.getSerialNumberHex()};
+3034 	result.sigalg = this.getSignatureAlgorithmField();
+3035 	result.issuer = this.getIssuer(option.dncanon, option.dnhex);
+3036 	result.notbefore = this.getNotBefore();
+3037 	result.notafter = this.getNotAfter();
+3038 	result.subject = this.getSubject(option.dncanon, option.dnhex);
+3039 	result.sbjpubkey = hextopem(this.getPublicKeyHex(), "PUBLIC KEY");
+3040 	if (this.aExtInfo != undefined &&
+3041 	    this.aExtInfo.length > 0) {
+3042 	    result.ext = this.getExtParamArray();
+3043 	}
+3044 	result.sighex = this.getSignatureValueHex();
+3045 
+3046 	// for options
+3047 	if (option.tbshex == true) {
+3048 	    result.tbshex = _getTLVbyList(this.hex, 0, [0]);
+3049 	}
+3050 	if (option.nodnarray == true) {
+3051 	    delete result.issuer.array;
+3052 	    delete result.subject.array;
+3053 	}
+3054 
+3055 	return result;
+3056     };
+3057 
+3058     /** 
+3059      * get array of certificate extension parameter JSON object<br/>
+3060      * @name getExtParamArray
+3061      * @memberOf X509#
+3062      * @function
+3063      * @param {String} hExtSeq hexadecimal string of SEQUENCE of Extension
+3064      * @return {Array} array of certificate extension parameter JSON object
+3065      * @since jsrsasign 9.0.0 x509 2.0.0
+3066      * @see KJUR.asn1.x509.X509Util.newCertPEM
+3067      * @see X509#getParam
+3068      * @see X509#getExtParam
+3069      * @see X509CRL#getParam
+3070      * @see KJUR.asn1.csr.CSRUtil.getParam
+3071      *
+3072      * @description
+3073      * This method returns an array of certificate extension
+3074      * parameters. 
+3075      * <br/>
+3076      * NOTE: Argument "hExtSeq" have been supported since jsrsasign 9.1.1.
+3077      *
+3078      * @example
+3079      * x = new X509();
+3080      * x.readCertPEM("-----BEGIN CERTIFICATE...");
+3081      * x.getExtParamArray() →
+3082      * [ {extname:"keyUsage",critical:true,names:["digitalSignature"]},
+3083      *   {extname:"basicConstraints",critical:true},
+3084      *   {extname:"subjectKeyIdentifier",kid:{hex:"f2eb..."}},
+3085      *   {extname:"authorityKeyIdentifier",kid:{hex:"12ab..."}},
+3086      *   {extname:"authorityInfoAccess",array:[{ocsp:"http://ocsp.example.com/"}]},
+3087      *   {extname:"certificatePolicies",array:[{policyoid:"2.23.140.1.2.1"}]}]
+3088      */
+3089     this.getExtParamArray = function(hExtSeq) {
+3090 	if (hExtSeq == undefined) {
+3091 	    // for X.509v3 certificate
+3092 	    var idx1 = _getIdxbyListEx(this.hex, 0, [0, "[3]"]);
+3093 	    if (idx1 != -1) {
+3094 		hExtSeq = _getTLVbyListEx(this.hex, 0, [0, "[3]", 0], "30");
+3095 	    }
+3096 	}
+3097 	var result = [];
+3098 	var aIdx = _getChildIdx(hExtSeq, 0);
+3099 
+3100 	for (var i = 0; i < aIdx.length; i++) {
+3101 	    var hExt = _getTLV(hExtSeq, aIdx[i]);
+3102 	    var extParam = this.getExtParam(hExt);
+3103 	    if (extParam != null) result.push(extParam);
+3104 	}
+3105 
+3106 	return result;
+3107     };
+3108 
+3109     /** 
+3110      * get a extension parameter JSON object<br/>
+3111      * @name getExtParam
+3112      * @memberOf X509#
+3113      * @function
+3114      * @param {String} hExt hexadecimal string of Extension
+3115      * @return {Array} Extension parameter JSON object
+3116      * @since jsrsasign 9.1.1 x509 2.0.1
+3117      * @see KJUR.asn1.x509.X509Util.newCertPEM
+3118      * @see X509#getParam
+3119      * @see X509#getExtParamArray
+3120      * @see X509CRL#getParam
+3121      * @see KJUR.asn1.csr.CSRUtil.getParam
+3122      *
+3123      * @description
+3124      * This method returns a extension parameters as JSON object. 
+3125      *
+3126      * @example
+3127      * x = new X509();
+3128      * ...
+3129      * x.getExtParam("30...") →
+3130      * {extname:"keyUsage",critical:true,names:["digitalSignature"]}
+3131      */
+3132     this.getExtParam = function(hExt) {
+3133 	var result = {};
+3134 	var aIdx = _getChildIdx(hExt, 0);
+3135 	var aIdxLen = aIdx.length;
+3136 	if (aIdxLen != 2 && aIdxLen != 3)
+3137 	    throw new Error("wrong number elements in Extension: " + 
+3138 			    aIdxLen + " " + hExt);
+3139 
+3140 	var oid = _hextooidstr(_getVbyList(hExt, 0, [0], "06"));
+3141 
+3142 	var critical = false;
+3143 	if (aIdxLen == 3 && _getTLVbyList(hExt, 0, [1]) == "0101ff")
+3144 	    critical = true;
+3145 
+3146 	var hExtV = _getTLVbyList(hExt, 0, [aIdxLen - 1, 0]);
+3147 
+3148 	var extParam = undefined;
+3149 	if (oid == "2.5.29.14") {
+3150 	    extParam = this.getExtSubjectKeyIdentifier(hExtV, critical);
+3151 	} else if (oid == "2.5.29.15") {
+3152 	    extParam = this.getExtKeyUsage(hExtV, critical);
+3153 	} else if (oid == "2.5.29.17") {
+3154 	    extParam = this.getExtSubjectAltName(hExtV, critical);
+3155 	} else if (oid == "2.5.29.18") {
+3156 	    extParam = this.getExtIssuerAltName(hExtV, critical);
+3157 	} else if (oid == "2.5.29.19") {
+3158 	    extParam = this.getExtBasicConstraints(hExtV, critical);
+3159 	} else if (oid == "2.5.29.30") {
+3160 	    extParam = this.getExtNameConstraints(hExtV, critical);
+3161 	} else if (oid == "2.5.29.31") {
+3162 	    extParam = this.getExtCRLDistributionPoints(hExtV, critical);
+3163 	} else if (oid == "2.5.29.32") {
+3164 	    extParam = this.getExtCertificatePolicies(hExtV, critical);
+3165 	} else if (oid == "2.5.29.33") {
+3166 	    extParam = this.getExtPolicyMappings(hExtV, critical);
+3167 	} else if (oid == "2.5.29.35") {
+3168 	    extParam = this.getExtAuthorityKeyIdentifier(hExtV, critical);
+3169 	} else if (oid == "2.5.29.36") {
+3170 	    extParam = this.getExtPolicyConstraints(hExtV, critical);
+3171 	} else if (oid == "2.5.29.37") {
+3172 	    extParam = this.getExtExtKeyUsage(hExtV, critical);
+3173 	} else if (oid == "2.5.29.54") {
+3174 	    extParam = this.getExtInhibitAnyPolicy(hExtV, critical);
+3175 	} else if (oid == "1.3.6.1.5.5.7.1.1") {
+3176 	    extParam = this.getExtAuthorityInfoAccess(hExtV, critical);
+3177 	} else if (oid == "2.5.29.20") {
+3178 	    extParam = this.getExtCRLNumber(hExtV, critical);
+3179 	} else if (oid == "2.5.29.21") {
+3180 	    extParam = this.getExtCRLReason(hExtV, critical);
+3181 	} else if (oid == "2.5.29.9") {
+3182 	    extParam = this.getExtSubjectDirectoryAttributes(hExtV, critical);
+3183 	} else if (oid == "1.3.6.1.5.5.7.48.1.2") {
+3184 	    extParam = this.getExtOcspNonce(hExtV, critical);
+3185 	} else if (oid == "1.3.6.1.5.5.7.48.1.5") {
+3186 	    extParam = this.getExtOcspNoCheck(hExtV, critical);
+3187 	} else if (oid == "1.2.840.113583.1.1.9.1") {
+3188 	    extParam = this.getExtAdobeTimeStamp(hExtV, critical);
+3189 	} else if (X509.EXT_PARSER[oid] != undefined) {
+3190 	    extParam = X509.EXT_PARSER[oid](oid, critical, hExtV);
+3191 	}
+3192 	if (extParam != undefined) return extParam;
+3193 
+3194 	// for private or unsupported extension
+3195 	var privateParam = { extname: oid, extn: hExtV };
+3196 	try {
+3197 	    privateParam.extn = _ASN1HEX_parse(hExtV);
+3198 	} catch(ex) {}
+3199 	if (critical) privateParam.critical = true;
+3200 	return privateParam;
+3201     };
+3202 
+3203     /**
+3204      * find extension parameter in array<br/>
+3205      * @name findExt
+3206      * @memberOf X509#
+3207      * @function
+3208      * @param {Array} aExt array of extension parameters
+3209      * @param {String} extname extension name
+3210      * @return {Array} extension parameter in the array or null
+3211      * @since jsrsasign 10.0.3 x509 2.0.7
+3212      * @see X509#getParam
+3213      *
+3214      * @description
+3215      * This method returns an extension parameter for
+3216      * specified extension name in the array.
+3217      * This method is useful to update extension parameter value.
+3218      * When there is no such extension with the extname,
+3219      * this returns "null".
+3220      *
+3221      * @example
+3222      * // (1) 
+3223      * x = new X509(CERTPEM);
+3224      * params = x.getParam();
+3225      * pSKID = x.findExt(params.ext, "subjectKeyIdentifier");
+3226      * pSKID.kid = "1234abced..."; // skid in the params is updated.
+3227      *   // then params was updated
+3228      *
+3229      * // (2) another example
+3230      * aExt = [
+3231      *   {extname:"keyUsage",critical:true,names:["digitalSignature"]},
+3232      *   {extname:"basicConstraints",critical:true},
+3233      *   {extname:"subjectKeyIdentifier",kid:{hex:"f2eb..."}},
+3234      *   {extname:"authorityKeyIdentifier",kid:{hex:"12ab..."}},
+3235      *   {extname:"authorityInfoAccess",array:[{ocsp:"http://ocsp.example.com/"}]},
+3236      *   {extname:"certificatePolicies",array:[{policyoid:"2.23.140.1.2.1"}]}
+3237      * ];
+3238      * var x = new X509();
+3239      * x.findExt(aExt, "authorityKeyInfoAccess").array[0].ocsp = "http://aaa.com";
+3240      * pKU = x.findExt(aExt, "keyUsage");
+3241      * delete pKU["critical"]; // clear criticla flag
+3242      * pKU.names = ["keyCertSign", "cRLSign"];
+3243      *   // then aExt was updated
+3244      */
+3245     this.findExt = function(aExt, extname) {
+3246 	for (var i = 0; i < aExt.length; i++) {
+3247 	    if (aExt[i].extname == extname) return aExt[i];
+3248 	}
+3249 	return null;
+3250 
+3251     };
+3252 
+3253     /**
+3254      * update CRLDistributionPoints Full URI in parameter<br/>
+3255      * @name updateCDPFullURI
+3256      * @memberOf X509#
+3257      * @function
+3258      * @param {Array} aExt array of extension parameters
+3259      * @param {String} newURI string of new uri
+3260      * @since jsrsasign 10.0.4 x509 2.0.8
+3261      * @see X509#findExt
+3262      * @see KJUR.asn1.x509.CRLDistributionPoints
+3263      *
+3264      * @description
+3265      * This method updates Full URI of CRLDistributionPoints extension
+3266      * in the extension parameter array if it exists.
+3267      *
+3268      * @example
+3269      * aExt = [
+3270      *   {extname:"authorityKeyIdentifier",kid:{hex:"12ab..."}},
+3271      *   {extname:"cRLDistributionPoints",
+3272      *    array:[{dpname:{full:[{uri:"http://example.com/a.crl"}]}}]},
+3273      * ];
+3274      * x = new X509();
+3275      * x.updateCDPFullURI(aExt, "http://crl2.example.new/b.crl");
+3276      */
+3277     this.updateExtCDPFullURI = function(aExt, newURI) {
+3278 	var pExt = this.findExt(aExt, "cRLDistributionPoints");
+3279 	if (pExt == null) return;
+3280 	if (pExt.array == undefined) return;
+3281 	var aDP = pExt.array;
+3282 	for (var i = 0; i < aDP.length; i++) {
+3283 	    if (aDP[i].dpname == undefined) continue;
+3284 	    if (aDP[i].dpname.full == undefined) continue;
+3285 	    var aURI = aDP[i].dpname.full;
+3286 	    for (var j = 0; j < aURI.length; j++) {
+3287 		var pURI = aURI[i];
+3288 		if (pURI.uri == undefined) continue;
+3289 		pURI.uri = newURI;
+3290 	    }
+3291 	}
+3292     };
+3293 
+3294     /**
+3295      * update authorityInfoAccess ocsp in parameter<br/>
+3296      * @name updateAIAOCSP
+3297      * @memberOf X509#
+3298      * @function
+3299      * @param {Array} aExt array of extension parameters
+3300      * @param {String} newURI string of new uri
+3301      * @since jsrsasign 10.0.4 x509 2.0.8
+3302      * @see X509#findExt
+3303      * @see KJUR.asn1.x509.AuthorityInfoAccess
+3304      *
+3305      * @description
+3306      * This method updates "ocsp" accessMethod URI of 
+3307      * AuthorityInfoAccess extension
+3308      * in the extension parameter array if it exists.
+3309      *
+3310      * @example
+3311      * aExt = [
+3312      *   {extname:"authorityKeyIdentifier",kid:{hex:"12ab..."}},
+3313      *   {extname:"authoriyInfoAccess",
+3314      *    array:[
+3315      *      {ocsp: "http://ocsp1.example.com"},
+3316      *      {caissuer: "http://example.com/a.crt"}
+3317      *    ]}
+3318      * ];
+3319      * x = new X509();
+3320      * x.updateAIAOCSP(aExt, "http://ocsp2.example.net");
+3321      */
+3322     this.updateExtAIAOCSP = function(aExt, newURI) {
+3323 	var pExt = this.findExt(aExt, "authorityInfoAccess");
+3324 	if (pExt == null) return;
+3325 	if (pExt.array == undefined) return;
+3326 	var a = pExt.array;
+3327 	for (var i = 0; i < a.length; i++) {
+3328 	    if (a[i].ocsp != undefined) a[i].ocsp = newURI;
+3329 	}
+3330     };
 3331 
-3332 	function atvtostr(pATV) {
-3333 	    return pATV.type + "=" + pATV.value;
-3334 	};
-3335 
-3336 	return "/" + aDN.map(function(x){return rdnarraytostr(x).replace(/\//, "\\/");}).join("/");
-3337     };
-3338 
-3339     /**
-3340      * set canonicalized DN to a DN parameter<br/>
-3341      * @name setCanonicalizedDN
-3342      * @memberOf X509#
-3343      * @function
-3344      * @param {object} pDN DN parameter associative array
-3345      * @since jsrsasign 10.6.0 x509 2.1.0
-3346      * 
-3347      * @description
-3348      * This method canonicalizes a DN string as following:
-3349      * <ul>
-3350      * <li>convert to lower case</li>
-3351      * <li>convert from all multiple spaces to a space</li>
-3352      * </ul>
-3353      * 
-3354      * @example
-3355      * var x = new X509();
-3356      * var pDN = {
-3357      *   array: [
-3358      *     [{type:'C',value:'JP',ds:'prn'}],
-3359      *     [{type:'O',value:'Test    1',ds:'prn'}] ],
-3360      *   str: "/C=JP/O=Test    1" };
-3361      * x.setCanonicalizedDN(pDN);
-3362 
-3363      * // pDN will become following
-3364      * pDN = {
-3365      *   array: [
-3366      *     [{type:'C',value:'JP',ds:'prn'}],
-3367      *     [{type:'O',value:'Test    1',ds:'prn'}] ],
-3368      *   str: "/C=JP/O=Test    1",
-3369      *   canon: "/c=jp/o=test 1" };
-3370      */
-3371     this.setCanonicalizedDN = function(pDN) {
-3372 	var aRDN;
-3373 	if (pDN.str != undefined && pDN.array == undefined) {
-3374 	    var dDN = new KJUR.asn1.x509.X500Name({str: pDN.str});
-3375 	    var hDN = dDN.tohex();
-3376 	    aRDN = this.getX500NameArray(hDN);
-3377 	} else {
-3378 	    aRDN = pDN.array;
-3379 	}
-3380 	if (pDN.canon == undefined) {
-3381 	    pDN.canon = this.c14nRDNArray(aRDN);
-3382 	}
-3383     };
-3384 
-3385     /**
-3386      * simple canonicalization(c14n) for RDN array<br/>
-3387      * @name c14nRDNArray
-3388      * @memberOf X509#
-3389      * @function
-3390      * @param {array} aRDN array of RDN parameters
-3391      * @return {string} canonicalized distinguish name (ex. "/c=jp/o=test ca")
-3392      * @since jsrsasign 10.6.0 x509 2.1.0
-3393      * 
-3394      * @description
-3395      * This method canonicalizes a DN string according to
-3396      * <a href="https://datatracker.ietf.org/doc/html/rfc4518#appendix-B">
-3397      * "RFC 4518 StringPrep Appendix B Substring Matching"</a> as following:
-3398      * <ul>
-3399      * <li>convert to lower case</li>
-3400      * <li>convert from all sequence of spaces to a space</li>
-3401      * <li>remove leading and trailing spaces</li>
-3402      * </ul>
-3403      * 
-3404      * @example
-3405      * var x = new X509();
-3406      * x.c14nRDNArray([
-3407      *   [{type:"C", value:"JP", ds: "prn"}],
-3408      *   [{type:"O", value:"    Test    1234     ", ds: "utf8"}],
-3409      *   [{type:"OU", value:"HR   45", ds: "utf8"}]
-3410      * ]) → "/c=jp/o=test 1234/ou=hr 45"
-3411      */
-3412     this.c14nRDNArray = function(aRDN) {
-3413 	var a = [];
-3414 	for (var i = 0; i < aRDN.length; i++) {
-3415 	    var aAVA = aRDN[i];
-3416 	    var a2 = [];
-3417 	    for (var j = 0; j < aAVA.length; j++) {
-3418 		var pAVA = aAVA[j];
-3419 		var value = pAVA.value;
-3420 		value = value.replace(/^\s*/, '');
-3421 		value = value.replace(/\s*$/, '');
-3422 		value = value.replace(/\s+/g, ' ');
-3423 		value = value.toLowerCase();
-3424 		a2.push(pAVA.type.toLowerCase() + "=" + value);
-3425 	    }
-3426 	    a.push(a2.join("+"));
-3427 	}
-3428 	return "/" + a.join("/");
-3429     };
-3430 
-3431     /**
-3432      * get certificate information as string.<br/>
-3433      * @name getInfo
-3434      * @memberOf X509#
-3435      * @function
-3436      * @return {String} certificate information string
-3437      * @since jsrsasign 5.0.10 x509 1.1.8
-3438      * @example
-3439      * x = new X509();
-3440      * x.readCertPEM(certPEM);
-3441      * console.log(x.getInfo());
-3442      * // this shows as following
-3443      * Basic Fields
-3444      *   serial number: 02ac5c266a0b409b8f0b79f2ae462577
-3445      *   signature algorithm: SHA1withRSA
-3446      *   issuer: /C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert High Assurance EV Root CA
-3447      *   notBefore: 061110000000Z
-3448      *   notAfter: 311110000000Z
-3449      *   subject: /C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert High Assurance EV Root CA
-3450      *   subject public key info:
-3451      *     key algorithm: RSA
-3452      *     n=c6cce573e6fbd4bb...
-3453      *     e=10001
-3454      * X509v3 Extensions:
-3455      *   keyUsage CRITICAL:
-3456      *     digitalSignature,keyCertSign,cRLSign
-3457      *   basicConstraints CRITICAL:
-3458      *     cA=true
-3459      *   subjectKeyIdentifier :
-3460      *     b13ec36903f8bf4701d498261a0802ef63642bc3
-3461      *   authorityKeyIdentifier :
-3462      *     kid=b13ec36903f8bf4701d498261a0802ef63642bc3
-3463      * signature algorithm: SHA1withRSA
-3464      * signature: 1c1a0697dcd79c9f...
-3465      */
-3466     this.getInfo = function() {
-3467 	var _getSubjectAltNameStr = function(params) {
-3468 	    var s = "";
-3469 	    var indent = "    ";
-3470 	    var NL = "\n";
-3471 	    var a = params.array;
-3472 	    for (var i = 0; i < a.length; i++) {
-3473 		var pGN = a[i];
-3474 		if (pGN.dn != undefined)	s += indent + "dn: " + pGN.dn.str + NL;
-3475 		if (pGN.ip != undefined)	s += indent + "ip: " + pGN.ip + NL;
-3476 		if (pGN.rfc822 != undefined)	s += indent + "rfc822: " + pGN.rfc822 + NL;
-3477 		if (pGN.dns != undefined)	s += indent + "dns: " + pGN.dns + NL;
-3478 		if (pGN.uri != undefined)	s += indent + "uri: " + pGN.uri + NL;
-3479 		if (pGN.other != undefined) {
-3480 		    var oidname = pGN.other.oid;
-3481 		    var value = JSON.stringify(pGN.other.value).replace(/\"/g, '');
-3482 		    s += indent + "other: " + oidname + "=" + value + NL;
-3483 		}
-3484 	    }
-3485 	    s = s.replace(/\n$/, '');
-3486 	    return s;
-3487 	};
-3488 	var _getCertificatePoliciesStr = function(params) {
-3489 	    var s = "";
-3490 	    var a = params.array;
-3491 	    for (var i = 0; i < a.length; i++) {
-3492 		var pi = a[i];
-3493 		s += "    policy oid: " + pi.policyoid + "\n";
-3494 		if (pi.array === undefined) continue;
-3495 		for (var j = 0; j < pi.array.length; j++) {
-3496 		    var pqi = pi.array[j];
-3497 		    if (pqi.cps !== undefined) {
-3498 			s += "    cps: " + pqi.cps + "\n";
-3499 		    }
-3500 		}
-3501 	    }
-3502 	    return s;
-3503 	};
-3504 	var _getCRLDistributionPointsStr = function(params) {
-3505 	    var s = "";
-3506 	    var a = params.array;
-3507 	    for (var i = 0; i < a.length; i++) {
-3508 		var dp = a[i];
-3509 		try {
-3510 		    if (dp.dpname.full[0].uri !== undefined)
-3511 			s += "    " + dp.dpname.full[0].uri + "\n";
-3512 		} catch(ex) {};
-3513 		try {
-3514 		    if (dp.dname.full[0].dn.hex !== undefined)
-3515 			s += "    " + X509.hex2dn(dp.dpname.full[0].dn.hex) + "\n";
-3516 		} catch(ex) {};
-3517 	    }
-3518 	    return s;
-3519 	}
-3520 	var _getAuthorityInfoAccessStr = function(params) {
-3521 	    var s = "";
-3522 	    var a = params.array;
-3523 	    for (var i = 0; i < a.length; i++) {
-3524 		var ad = a[i];
-3525 
-3526 		if (ad.caissuer !== undefined)
-3527 		    s += "    caissuer: " + ad.caissuer + "\n";
-3528 		if (ad.ocsp !== undefined)
-3529 		    s += "    ocsp: " + ad.ocsp + "\n";
-3530 	    }
-3531 	    return s;
-3532 	};
-3533 	var _X509 = X509;
-3534 	var s, pubkey, aExt;
-3535 	s  = "Basic Fields\n";
-3536         s += "  serial number: " + this.getSerialNumberHex() + "\n";
-3537 	s += "  signature algorithm: " + this.getSignatureAlgorithmField() + "\n";
-3538 	s += "  issuer: " + this.getIssuerString() + "\n";
-3539 	s += "  notBefore: " + this.getNotBefore() + "\n";
-3540 	s += "  notAfter: " + this.getNotAfter() + "\n";
-3541 	s += "  subject: " + this.getSubjectString() + "\n";
-3542 	s += "  subject public key info: " + "\n";
-3543 
-3544 	// subject public key info
-3545 	pubkey = this.getPublicKey();
-3546 	s += "    key algorithm: " + pubkey.type + "\n";
-3547 
-3548 	if (pubkey.type === "RSA") {
-3549 	    s += "    n=" + hextoposhex(pubkey.n.toString(16)).substr(0, 16) + "...\n";
-3550 	    s += "    e=" + hextoposhex(pubkey.e.toString(16)) + "\n";
-3551 	}
-3552 
-3553 	// X.509v3 Extensions
-3554         aExt = this.aExtInfo;
-3555 
-3556 	if (aExt !== undefined && aExt !== null) {
-3557             s += "X509v3 Extensions:\n";
-3558 	    
-3559             for (var i = 0; i < aExt.length; i++) {
-3560 		var info = aExt[i];
-3561 
-3562 		// show extension name and critical flag
-3563 		var extName = KJUR.asn1.x509.OID.oid2name(info["oid"]);
-3564 		if (extName === '') extName = info["oid"];
-3565 
-3566 		var critical = '';
-3567 		if (info["critical"] === true) critical = "CRITICAL";
-3568 
-3569 		s += "  " + extName + " " + critical + ":\n";
-3570 
-3571 		// show extension value if supported
-3572 		if (extName === "basicConstraints") {
-3573 		    var bc = this.getExtBasicConstraints();
-3574 		    if (bc.cA === undefined) {
-3575 			s += "    {}\n";
-3576 		    } else {
-3577 			s += "    cA=true";
-3578 			if (bc.pathLen !== undefined)
-3579 			    s += ", pathLen=" + bc.pathLen;
-3580 			s += "\n";
-3581 		    }
-3582 		} else if (extName == "policyMappings") {
-3583 		    var a = this.getExtPolicyMappings().array;
-3584 		    var sMap = a.map(function(item){
-3585 			var aPolicy = item;
-3586 			return aPolicy[0] + ":" + aPolicy[1];
-3587 		    }).join(", ");
-3588 		    s += "    " + sMap + "\n";
-3589 		} else if (extName == "policyConstraints") {
-3590 		    var p = this.getExtPolicyConstraints();
-3591 		    s += "    ";
-3592 		    if (p.reqexp != undefined) s += " reqexp=" + p.reqexp;
-3593 		    if (p.inhibit != undefined) s += " inhibit=" + p.inhibit;
-3594 		    s += "\n";
-3595 		} else if (extName == "inhibitAnyPolicy") {
-3596 		    var p = this.getExtInhibitAnyPolicy();
-3597 		    s += "    skip=" + p.skip + "\n";
-3598 		} else if (extName == "keyUsage") {
-3599 		    s += "    " + this.getExtKeyUsageString() + "\n";
-3600 		} else if (extName == "subjectKeyIdentifier") {
-3601 		    s += "    " + this.getExtSubjectKeyIdentifier().kid.hex + "\n";
-3602 		} else if (extName == "authorityKeyIdentifier") {
-3603 		    var akid = this.getExtAuthorityKeyIdentifier();
-3604 		    if (akid.kid !== undefined)
-3605 			s += "    kid=" + akid.kid.hex + "\n";
-3606 		} else if (extName == "extKeyUsage") {
-3607 		    var eku = this.getExtExtKeyUsage().array;
-3608 		    s += "    " + eku.join(", ") + "\n";
-3609 		} else if (extName == "subjectAltName") {
-3610 		    var san = _getSubjectAltNameStr(this.getExtSubjectAltName());
-3611 		    s += san + "\n";
-3612 		} else if (extName == "cRLDistributionPoints") {
-3613 		    var cdp = this.getExtCRLDistributionPoints();
-3614 		    s += _getCRLDistributionPointsStr(cdp);
-3615 		} else if (extName == "authorityInfoAccess") {
-3616 		    var aia = this.getExtAuthorityInfoAccess();
-3617 		    s += _getAuthorityInfoAccessStr(aia);
-3618 		} else if (extName == "certificatePolicies") {
-3619 		    s += _getCertificatePoliciesStr(this.getExtCertificatePolicies());
-3620 		}
-3621 	    }
-3622         }
-3623 
-3624 	s += "signature algorithm: " + this.getSignatureAlgorithmName() + "\n";
-3625 	s += "signature: " + this.getSignatureValueHex().substr(0, 16) + "...\n";
-3626 	return s;
-3627     };
-3628 
-3629     if (typeof params == "string") {
-3630 	if (params.indexOf("-----BEGIN") != -1) {
-3631 	    this.readCertPEM(params);
-3632 	} else if (KJUR.lang.String.isHex(params)) {
-3633 	    this.readCertHex(params);
-3634 	}
-3635     }
-3636 };
-3637 // ----- END of X509 class -----
+3332     /**
+3333      * update authorityInfoAccess caIssuer in parameter<br/>
+3334      * @name updateAIACAIssuer
+3335      * @memberOf X509#
+3336      * @function
+3337      * @param {Array} aExt array of extension parameters
+3338      * @param {String} newURI string of new uri
+3339      * @since jsrsasign 10.0.4 x509 2.0.8
+3340      * @see X509#findExt
+3341      * @see KJUR.asn1.x509.AuthorityInfoAccess
+3342      *
+3343      * @description
+3344      * This method updates "caIssuer" accessMethod URI of 
+3345      * AuthorityInfoAccess extension
+3346      * in the extension parameter array if it exists.
+3347      *
+3348      * @example
+3349      * aExt = [
+3350      *   {extname:"authorityKeyIdentifier",kid:{hex:"12ab..."}},
+3351      *   {extname:"authoriyInfoAccess",
+3352      *    array:[
+3353      *      {ocsp: "http://ocsp1.example.com"},
+3354      *      {caissuer: "http://example.com/a.crt"}
+3355      *    ]}
+3356      * ];
+3357      * x = new X509();
+3358      * x.updateAIACAIssuer(aExt, "http://example.net/b.crt");
+3359      */
+3360     this.updateExtAIACAIssuer = function(aExt, newURI) {
+3361 	var pExt = this.findExt(aExt, "authorityInfoAccess");
+3362 	if (pExt == null) return;
+3363 	if (pExt.array == undefined) return;
+3364 	var a = pExt.array;
+3365 	for (var i = 0; i < a.length; i++) {
+3366 	    if (a[i].caissuer != undefined) a[i].caissuer = newURI;
+3367 	}
+3368     };
+3369 
+3370     /**
+3371      * convert array for X500 distinguish name to distinguish name string<br/>
+3372      * @name dnarraytostr
+3373      * @memberOf X509#
+3374      * @function
+3375      * @param {Array} aDN array for X500 distinguish name
+3376      * @return {String} distinguish name
+3377      * @since jsrsasign 10.0.6 x509 2.0.8
+3378      * @see X509#getX500Name
+3379      * @see X509#getX500NameArray
+3380      * @see KJUR.asn1.x509.X500Name
+3381      *
+3382      * @description
+3383      * This method converts from an array representation of 
+3384      * X.500 distinguished name to X.500 name string.
+3385      * This supports multi-valued RDN.
+3386      * 
+3387      * @example
+3388      * var x = new X509();
+3389      * x.dnarraytostr(
+3390      *   [[{type:"C",value:"JP",ds:"prn"}],
+3391      *   [{type:"O",value:"T1",ds:"prn"}]]) → "/C=JP/O=T1"
+3392      * x.dnarraytostr(
+3393      *   [[{type:"C",value:"JP",ds:"prn"}],
+3394      *   [{type:"O",value:"T1",ds:"prn"}
+3395      *    {type:"CN",value:"Bob",ds:"prn"}]]) → "/C=JP/O=T1+CN=Bob"
+3396      */
+3397     this.dnarraytostr = function(aDN) {
+3398 	function rdnarraytostr(aRDN) {
+3399 	    return aRDN.map(function(x){return atvtostr(x).replace(/\+/,"\\+");}).join("+");
+3400 	};
+3401 
+3402 	function atvtostr(pATV) {
+3403 	    return pATV.type + "=" + pATV.value;
+3404 	};
+3405 
+3406 	return "/" + aDN.map(function(x){return rdnarraytostr(x).replace(/\//, "\\/");}).join("/");
+3407     };
+3408 
+3409     /**
+3410      * set canonicalized DN to a DN parameter<br/>
+3411      * @name setCanonicalizedDN
+3412      * @memberOf X509#
+3413      * @function
+3414      * @param {object} pDN DN parameter associative array
+3415      * @since jsrsasign 10.6.0 x509 2.1.0
+3416      * 
+3417      * @description
+3418      * This method canonicalizes a DN string as following:
+3419      * <ul>
+3420      * <li>convert to lower case</li>
+3421      * <li>convert from all multiple spaces to a space</li>
+3422      * </ul>
+3423      * 
+3424      * @example
+3425      * var x = new X509();
+3426      * var pDN = {
+3427      *   array: [
+3428      *     [{type:'C',value:'JP',ds:'prn'}],
+3429      *     [{type:'O',value:'Test    1',ds:'prn'}] ],
+3430      *   str: "/C=JP/O=Test    1" };
+3431      * x.setCanonicalizedDN(pDN);
+3432 
+3433      * // pDN will become following
+3434      * pDN = {
+3435      *   array: [
+3436      *     [{type:'C',value:'JP',ds:'prn'}],
+3437      *     [{type:'O',value:'Test    1',ds:'prn'}] ],
+3438      *   str: "/C=JP/O=Test    1",
+3439      *   canon: "/c=jp/o=test 1" };
+3440      */
+3441     this.setCanonicalizedDN = function(pDN) {
+3442 	var aRDN;
+3443 	if (pDN.str != undefined && pDN.array == undefined) {
+3444 	    var dDN = new KJUR.asn1.x509.X500Name({str: pDN.str});
+3445 	    var hDN = dDN.tohex();
+3446 	    aRDN = this.getX500NameArray(hDN);
+3447 	} else {
+3448 	    aRDN = pDN.array;
+3449 	}
+3450 	if (pDN.canon == undefined) {
+3451 	    pDN.canon = this.c14nRDNArray(aRDN);
+3452 	}
+3453     };
+3454 
+3455     /**
+3456      * simple canonicalization(c14n) for RDN array<br/>
+3457      * @name c14nRDNArray
+3458      * @memberOf X509#
+3459      * @function
+3460      * @param {array} aRDN array of RDN parameters
+3461      * @return {string} canonicalized distinguish name (ex. "/c=jp/o=test ca")
+3462      * @since jsrsasign 10.6.0 x509 2.1.0
+3463      * 
+3464      * @description
+3465      * This method canonicalizes a DN string according to
+3466      * <a href="https://datatracker.ietf.org/doc/html/rfc4518#appendix-B">
+3467      * "RFC 4518 StringPrep Appendix B Substring Matching"</a> as following:
+3468      * <ul>
+3469      * <li>convert to lower case</li>
+3470      * <li>convert from all sequence of spaces to a space</li>
+3471      * <li>remove leading and trailing spaces</li>
+3472      * </ul>
+3473      * 
+3474      * @example
+3475      * var x = new X509();
+3476      * x.c14nRDNArray([
+3477      *   [{type:"C", value:"JP", ds: "prn"}],
+3478      *   [{type:"O", value:"    Test    1234     ", ds: "utf8"}],
+3479      *   [{type:"OU", value:"HR   45", ds: "utf8"}]
+3480      * ]) → "/c=jp/o=test 1234/ou=hr 45"
+3481      */
+3482     this.c14nRDNArray = function(aRDN) {
+3483 	var a = [];
+3484 	for (var i = 0; i < aRDN.length; i++) {
+3485 	    var aAVA = aRDN[i];
+3486 	    var a2 = [];
+3487 	    for (var j = 0; j < aAVA.length; j++) {
+3488 		var pAVA = aAVA[j];
+3489 		var value = pAVA.value;
+3490 		value = value.replace(/^\s*/, '');
+3491 		value = value.replace(/\s*$/, '');
+3492 		value = value.replace(/\s+/g, ' ');
+3493 		value = value.toLowerCase();
+3494 		a2.push(pAVA.type.toLowerCase() + "=" + value);
+3495 	    }
+3496 	    a.push(a2.join("+"));
+3497 	}
+3498 	return "/" + a.join("/");
+3499     };
+3500 
+3501     /**
+3502      * get certificate information as string.<br/>
+3503      * @name getInfo
+3504      * @memberOf X509#
+3505      * @function
+3506      * @return {String} certificate information string
+3507      * @since jsrsasign 5.0.10 x509 1.1.8
+3508      * @example
+3509      * x = new X509();
+3510      * x.readCertPEM(certPEM);
+3511      * console.log(x.getInfo());
+3512      * // this shows as following
+3513      * Basic Fields
+3514      *   serial number: 02ac5c266a0b409b8f0b79f2ae462577
+3515      *   signature algorithm: SHA1withRSA
+3516      *   issuer: /C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert High Assurance EV Root CA
+3517      *   notBefore: 061110000000Z
+3518      *   notAfter: 311110000000Z
+3519      *   subject: /C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert High Assurance EV Root CA
+3520      *   subject public key info:
+3521      *     key algorithm: RSA
+3522      *     n=c6cce573e6fbd4bb...
+3523      *     e=10001
+3524      * X509v3 Extensions:
+3525      *   keyUsage CRITICAL:
+3526      *     digitalSignature,keyCertSign,cRLSign
+3527      *   basicConstraints CRITICAL:
+3528      *     cA=true
+3529      *   subjectKeyIdentifier :
+3530      *     b13ec36903f8bf4701d498261a0802ef63642bc3
+3531      *   authorityKeyIdentifier :
+3532      *     kid=b13ec36903f8bf4701d498261a0802ef63642bc3
+3533      * signature algorithm: SHA1withRSA
+3534      * signature: 1c1a0697dcd79c9f...
+3535      */
+3536     this.getInfo = function() {
+3537 	var _getSubjectAltNameStr = function(params) {
+3538 	    var s = "";
+3539 	    var indent = "    ";
+3540 	    var NL = "\n";
+3541 	    var a = params.array;
+3542 	    for (var i = 0; i < a.length; i++) {
+3543 		var pGN = a[i];
+3544 		if (pGN.dn != undefined)	s += indent + "dn: " + pGN.dn.str + NL;
+3545 		if (pGN.ip != undefined)	s += indent + "ip: " + pGN.ip + NL;
+3546 		if (pGN.rfc822 != undefined)	s += indent + "rfc822: " + pGN.rfc822 + NL;
+3547 		if (pGN.dns != undefined)	s += indent + "dns: " + pGN.dns + NL;
+3548 		if (pGN.uri != undefined)	s += indent + "uri: " + pGN.uri + NL;
+3549 		if (pGN.other != undefined) {
+3550 		    var oidname = pGN.other.oid;
+3551 		    var value = JSON.stringify(pGN.other.value).replace(/\"/g, '');
+3552 		    s += indent + "other: " + oidname + "=" + value + NL;
+3553 		}
+3554 	    }
+3555 	    s = s.replace(/\n$/, '');
+3556 	    return s;
+3557 	};
+3558 	var _getCertificatePoliciesStr = function(params) {
+3559 	    var s = "";
+3560 	    var a = params.array;
+3561 	    for (var i = 0; i < a.length; i++) {
+3562 		var pi = a[i];
+3563 		s += "    policy oid: " + pi.policyoid + "\n";
+3564 		if (pi.array === undefined) continue;
+3565 		for (var j = 0; j < pi.array.length; j++) {
+3566 		    var pqi = pi.array[j];
+3567 		    if (pqi.cps !== undefined) {
+3568 			s += "    cps: " + pqi.cps + "\n";
+3569 		    }
+3570 		}
+3571 	    }
+3572 	    return s;
+3573 	};
+3574 	var _getCRLDistributionPointsStr = function(params) {
+3575 	    var s = "";
+3576 	    var a = params.array;
+3577 	    for (var i = 0; i < a.length; i++) {
+3578 		var dp = a[i];
+3579 		try {
+3580 		    if (dp.dpname.full[0].uri !== undefined)
+3581 			s += "    " + dp.dpname.full[0].uri + "\n";
+3582 		} catch(ex) {};
+3583 		try {
+3584 		    if (dp.dname.full[0].dn.hex !== undefined)
+3585 			s += "    " + X509.hex2dn(dp.dpname.full[0].dn.hex) + "\n";
+3586 		} catch(ex) {};
+3587 	    }
+3588 	    return s;
+3589 	}
+3590 	var _getAuthorityInfoAccessStr = function(params) {
+3591 	    var s = "";
+3592 	    var a = params.array;
+3593 	    for (var i = 0; i < a.length; i++) {
+3594 		var ad = a[i];
+3595 
+3596 		if (ad.caissuer !== undefined)
+3597 		    s += "    caissuer: " + ad.caissuer + "\n";
+3598 		if (ad.ocsp !== undefined)
+3599 		    s += "    ocsp: " + ad.ocsp + "\n";
+3600 	    }
+3601 	    return s;
+3602 	};
+3603 	var _X509 = X509;
+3604 	var s, pubkey, aExt;
+3605 	s  = "Basic Fields\n";
+3606         s += "  serial number: " + this.getSerialNumberHex() + "\n";
+3607 	s += "  signature algorithm: " + this.getSignatureAlgorithmField() + "\n";
+3608 	s += "  issuer: " + this.getIssuerString() + "\n";
+3609 	s += "  notBefore: " + this.getNotBefore() + "\n";
+3610 	s += "  notAfter: " + this.getNotAfter() + "\n";
+3611 	s += "  subject: " + this.getSubjectString() + "\n";
+3612 	s += "  subject public key info: " + "\n";
+3613 
+3614 	// subject public key info
+3615 	pubkey = this.getPublicKey();
+3616 	s += "    key algorithm: " + pubkey.type + "\n";
+3617 
+3618 	if (pubkey.type === "RSA") {
+3619 	    s += "    n=" + hextoposhex(pubkey.n.toString(16)).substr(0, 16) + "...\n";
+3620 	    s += "    e=" + hextoposhex(pubkey.e.toString(16)) + "\n";
+3621 	}
+3622 
+3623 	// X.509v3 Extensions
+3624         aExt = this.aExtInfo;
+3625 
+3626 	if (aExt !== undefined && aExt !== null) {
+3627             s += "X509v3 Extensions:\n";
+3628 	    
+3629             for (var i = 0; i < aExt.length; i++) {
+3630 		var info = aExt[i];
+3631 
+3632 		// show extension name and critical flag
+3633 		var extName = KJUR.asn1.x509.OID.oid2name(info["oid"]);
+3634 		if (extName === '') extName = info["oid"];
+3635 
+3636 		var critical = '';
+3637 		if (info["critical"] === true) critical = "CRITICAL";
 3638 
-3639 /**
-3640  * additional definition for X.509 extension parsers<br/>
-3641  * @see X509.registExtParser
-3642  */
-3643 X509.EXT_PARSER = {
-3644 };
-3645 
-3646 /**
-3647  * define X.509 extension parser for specified OID<br/>
-3648  * @name registExtParser
-3649  * @memberOf X509
-3650  * @function
-3651  * @param {string} oid extension OID string (ex. "1.2.3.4")
-3652  * @param {function} func registering func extension value parsing function
-3653  * @return unspecified
-3654  * @since jsrsasign 10.7.0 x509 2.1.2
-3655  * 
-3656  * @description
-3657  * <p>
-3658  * This static method specifies a X.509 extension value parsing function
-3659  * for specified an extension OID.
-3660  * </p>
-3661  * <p>
-3662  * Extension parser function must have following three arguments:
-3663  * <ul>
-3664  * <li>{string} oid - OID for extension (ex. "1.2.3.4")</li>
-3665  * <li>{boolean} critical - critical flag of extension</li>
-3666  * <li>{string} hExtV - hexadecimal string of extension value</li>
-3667  * </ul>
-3668  * The funcition must return an associative array for the extension
-3669  * when hExtV can be parsed properly. Otherwise it must return
-3670  * value "undefined".
-3671  * </p>
-3672  *
-3673  * @example
-3674  * function _extparser1(oid, critical, hExtV) {
-3675  *   try {
-3676  *     var result = { extname: oid, value: ASN1HEX.parse(hExtV).utf8str.str };
-3677  *     if (critical) result.critical = true;
-3678  *     return result;
-3679  *   } catch(ex) {
-3680  *     return undefined;
-3681  *   }
-3682  * }
-3683  * X509.registExtParser("1.2.3.4", _extparser1);
-3684  */
-3685 X509.registExtParser = function(oid, func) {
-3686     X509.EXT_PARSER[oid] = func;
-3687 };
-3688 
-3689 /**
-3690  * get distinguished name string in OpenSSL online format from hexadecimal string of ASN.1 DER X.500 name<br/>
-3691  * @name hex2dn
-3692  * @memberOf X509
-3693  * @function
-3694  * @param {String} hex hexadecimal string of ASN.1 DER distinguished name
-3695  * @param {Integer} idx index of hexadecimal string (DEFAULT=0)
-3696  * @return {String} OpenSSL online format distinguished name
-3697  * @description
-3698  * This static method converts from a hexadecimal string of 
-3699  * distinguished name (DN)
-3700  * specified by 'hex' and 'idx' to OpenSSL oneline string representation (ex. /C=US/O=a).
-3701  * @example
-3702  * X509.hex2dn("3031310b3...") → /C=US/O=a/CN=b2+OU=b1
-3703  */
-3704 X509.hex2dn = function(hex, idx) {
-3705     if (idx === undefined) idx = 0;
-3706     var x = new X509();
-3707     var hDN = ASN1HEX.getTLV(hex, idx);
-3708     var pDN = x.getX500Name(hex);
-3709     return pDN.str;
-3710 };
-3711 
-3712 /**
-3713  * get relative distinguished name string in OpenSSL online format from hexadecimal string of ASN.1 DER RDN<br/>
-3714  * @name hex2rdn
-3715  * @memberOf X509
-3716  * @function
-3717  * @param {String} hex hexadecimal string of ASN.1 DER concludes relative distinguished name
-3718  * @param {Integer} idx index of hexadecimal string (DEFAULT=0)
-3719  * @return {String} OpenSSL online format relative distinguished name
-3720  * @description
-3721  * This static method converts from a hexadecimal string of 
-3722  * relative distinguished name (RDN)
-3723  * specified by 'hex' and 'idx' to LDAP string representation (ex. O=test+CN=test).<br/>
-3724  * NOTE: Multi-valued RDN is supported since jsnrsasign 6.2.2 x509 1.1.10.
-3725  * @example
-3726  * X509.hex2rdn("310a3008060355040a0c0161") → O=a
-3727  * X509.hex2rdn("31143008060355040a0c01613008060355040a0c0162") → O=a+O=b
-3728  */
-3729 X509.hex2rdn = function(hex, idx) {
-3730     if (idx === undefined) idx = 0;
-3731     if (hex.substr(idx, 2) !== "31") throw new Error("malformed RDN");
-3732 
-3733     var a = new Array();
-3734 
-3735     var aIdx = ASN1HEX.getChildIdx(hex, idx);
-3736     for (var i = 0; i < aIdx.length; i++) {
-3737 	a.push(X509.hex2attrTypeValue(hex, aIdx[i]));
-3738     }
-3739 
-3740     a = a.map(function(s) { return s.replace("+", "\\+"); });
-3741     return a.join("+");
-3742 };
-3743 
-3744 /**
-3745  * get string from hexadecimal string of ASN.1 DER AttributeTypeAndValue<br/>
-3746  * @name hex2attrTypeValue
-3747  * @memberOf X509
-3748  * @function
-3749  * @param {String} hex hexadecimal string of ASN.1 DER concludes AttributeTypeAndValue
-3750  * @param {Integer} idx index of hexadecimal string (DEFAULT=0)
-3751  * @return {String} string representation of AttributeTypeAndValue (ex. C=US)
-3752  * @description
-3753  * This static method converts from a hexadecimal string of AttributeTypeAndValue
-3754  * specified by 'hex' and 'idx' to LDAP string representation (ex. C=US).
-3755  * @example
-3756  * X509.hex2attrTypeValue("3008060355040a0c0161") → O=a
-3757  * X509.hex2attrTypeValue("300806035504060c0161") → C=a
-3758  * X509.hex2attrTypeValue("...3008060355040a0c0161...", 128) → O=a
-3759  */
-3760 X509.hex2attrTypeValue = function(hex, idx) {
-3761     var _ASN1HEX = ASN1HEX;
-3762     var _getV = _ASN1HEX.getV;
-3763 
-3764     if (idx === undefined) idx = 0;
-3765     if (hex.substr(idx, 2) !== "30") 
-3766 	throw new Error("malformed attribute type and value");
-3767 
-3768     var aIdx = _ASN1HEX.getChildIdx(hex, idx);
-3769     if (aIdx.length !== 2 || hex.substr(aIdx[0], 2) !== "06")
-3770 	"malformed attribute type and value";
-3771 
-3772     var oidHex = _getV(hex, aIdx[0]);
-3773     var oidInt = KJUR.asn1.ASN1Util.oidHexToInt(oidHex);
-3774     var atype = KJUR.asn1.x509.OID.oid2atype(oidInt);
-3775 
-3776     var hV = _getV(hex, aIdx[1]);
-3777     var rawV = hextorstr(hV);
-3778 
-3779     return atype + "=" + rawV;
+3639 		s += "  " + extName + " " + critical + ":\n";
+3640 
+3641 		// show extension value if supported
+3642 		if (extName === "basicConstraints") {
+3643 		    var bc = this.getExtBasicConstraints();
+3644 		    if (bc.cA === undefined) {
+3645 			s += "    {}\n";
+3646 		    } else {
+3647 			s += "    cA=true";
+3648 			if (bc.pathLen !== undefined)
+3649 			    s += ", pathLen=" + bc.pathLen;
+3650 			s += "\n";
+3651 		    }
+3652 		} else if (extName == "policyMappings") {
+3653 		    var a = this.getExtPolicyMappings().array;
+3654 		    var sMap = a.map(function(item){
+3655 			var aPolicy = item;
+3656 			return aPolicy[0] + ":" + aPolicy[1];
+3657 		    }).join(", ");
+3658 		    s += "    " + sMap + "\n";
+3659 		} else if (extName == "policyConstraints") {
+3660 		    var p = this.getExtPolicyConstraints();
+3661 		    s += "    ";
+3662 		    if (p.reqexp != undefined) s += " reqexp=" + p.reqexp;
+3663 		    if (p.inhibit != undefined) s += " inhibit=" + p.inhibit;
+3664 		    s += "\n";
+3665 		} else if (extName == "inhibitAnyPolicy") {
+3666 		    var p = this.getExtInhibitAnyPolicy();
+3667 		    s += "    skip=" + p.skip + "\n";
+3668 		} else if (extName == "keyUsage") {
+3669 		    s += "    " + this.getExtKeyUsageString() + "\n";
+3670 		} else if (extName == "subjectKeyIdentifier") {
+3671 		    s += "    " + this.getExtSubjectKeyIdentifier().kid.hex + "\n";
+3672 		} else if (extName == "authorityKeyIdentifier") {
+3673 		    var akid = this.getExtAuthorityKeyIdentifier();
+3674 		    if (akid.kid !== undefined)
+3675 			s += "    kid=" + akid.kid.hex + "\n";
+3676 		} else if (extName == "extKeyUsage") {
+3677 		    var eku = this.getExtExtKeyUsage().array;
+3678 		    s += "    " + eku.join(", ") + "\n";
+3679 		} else if (extName == "subjectAltName") {
+3680 		    var san = _getSubjectAltNameStr(this.getExtSubjectAltName());
+3681 		    s += san + "\n";
+3682 		} else if (extName == "cRLDistributionPoints") {
+3683 		    var cdp = this.getExtCRLDistributionPoints();
+3684 		    s += _getCRLDistributionPointsStr(cdp);
+3685 		} else if (extName == "authorityInfoAccess") {
+3686 		    var aia = this.getExtAuthorityInfoAccess();
+3687 		    s += _getAuthorityInfoAccessStr(aia);
+3688 		} else if (extName == "certificatePolicies") {
+3689 		    s += _getCertificatePoliciesStr(this.getExtCertificatePolicies());
+3690 		}
+3691 	    }
+3692         }
+3693 
+3694 	s += "signature algorithm: " + this.getSignatureAlgorithmName() + "\n";
+3695 	s += "signature: " + this.getSignatureValueHex().substr(0, 16) + "...\n";
+3696 	return s;
+3697     };
+3698 
+3699     if (typeof params == "string") {
+3700 	if (params.indexOf("-----BEGIN") != -1) {
+3701 	    this.readCertPEM(params);
+3702 	} else if (KJUR.lang.String.isHex(params)) {
+3703 	    this.readCertHex(params);
+3704 	}
+3705     }
+3706 };
+3707 // ----- END of X509 class -----
+3708 
+3709 /**
+3710  * additional definition for X.509 extension parsers<br/>
+3711  * @see X509.registExtParser
+3712  */
+3713 X509.EXT_PARSER = {
+3714 };
+3715 
+3716 /**
+3717  * define X.509 extension parser for specified OID<br/>
+3718  * @name registExtParser
+3719  * @memberOf X509
+3720  * @function
+3721  * @param {string} oid extension OID string (ex. "1.2.3.4")
+3722  * @param {function} func registering func extension value parsing function
+3723  * @return unspecified
+3724  * @since jsrsasign 10.7.0 x509 2.1.2
+3725  * 
+3726  * @description
+3727  * <p>
+3728  * This static method specifies a X.509 extension value parsing function
+3729  * for specified an extension OID.
+3730  * </p>
+3731  * <p>
+3732  * Extension parser function must have following three arguments:
+3733  * <ul>
+3734  * <li>{string} oid - OID for extension (ex. "1.2.3.4")</li>
+3735  * <li>{boolean} critical - critical flag of extension</li>
+3736  * <li>{string} hExtV - hexadecimal string of extension value</li>
+3737  * </ul>
+3738  * The funcition must return an associative array for the extension
+3739  * when hExtV can be parsed properly. Otherwise it must return
+3740  * value "undefined".
+3741  * </p>
+3742  *
+3743  * @example
+3744  * function _extparser1(oid, critical, hExtV) {
+3745  *   try {
+3746  *     var result = { extname: oid, value: ASN1HEX.parse(hExtV).utf8str.str };
+3747  *     if (critical) result.critical = true;
+3748  *     return result;
+3749  *   } catch(ex) {
+3750  *     return undefined;
+3751  *   }
+3752  * }
+3753  * X509.registExtParser("1.2.3.4", _extparser1);
+3754  */
+3755 X509.registExtParser = function(oid, func) {
+3756     X509.EXT_PARSER[oid] = func;
+3757 };
+3758 
+3759 /**
+3760  * get distinguished name string in OpenSSL online format from hexadecimal string of ASN.1 DER X.500 name<br/>
+3761  * @name hex2dn
+3762  * @memberOf X509
+3763  * @function
+3764  * @param {String} hex hexadecimal string of ASN.1 DER distinguished name
+3765  * @param {Integer} idx index of hexadecimal string (DEFAULT=0)
+3766  * @return {String} OpenSSL online format distinguished name
+3767  * @description
+3768  * This static method converts from a hexadecimal string of 
+3769  * distinguished name (DN)
+3770  * specified by 'hex' and 'idx' to OpenSSL oneline string representation (ex. /C=US/O=a).
+3771  * @example
+3772  * X509.hex2dn("3031310b3...") → /C=US/O=a/CN=b2+OU=b1
+3773  */
+3774 X509.hex2dn = function(hex, idx) {
+3775     if (idx === undefined) idx = 0;
+3776     var x = new X509();
+3777     var hDN = ASN1HEX.getTLV(hex, idx);
+3778     var pDN = x.getX500Name(hex);
+3779     return pDN.str;
 3780 };
 3781 
 3782 /**
-3783  * get RSA/DSA/ECDSA public key object from X.509 certificate hexadecimal string<br/>
-3784  * @name getPublicKeyFromCertHex
+3783  * get relative distinguished name string in OpenSSL online format from hexadecimal string of ASN.1 DER RDN<br/>
+3784  * @name hex2rdn
 3785  * @memberOf X509
 3786  * @function
-3787  * @param {String} h hexadecimal string of X.509 certificate for RSA/ECDSA/DSA public key
-3788  * @return returns RSAKey/KJUR.crypto.{ECDSA,DSA} object of public key
-3789  * @since jsrasign 7.1.0 x509 1.1.11
-3790  */
-3791 X509.getPublicKeyFromCertHex = function(h) {
-3792     var x = new X509();
-3793     x.readCertHex(h);
-3794     return x.getPublicKey();
-3795 };
-3796 
-3797 /**
-3798  * get RSA/DSA/ECDSA public key object from PEM certificate string
-3799  * @name getPublicKeyFromCertPEM
-3800  * @memberOf X509
-3801  * @function
-3802  * @param {String} sCertPEM PEM formatted RSA/ECDSA/DSA X.509 certificate
-3803  * @return returns RSAKey/KJUR.crypto.{ECDSA,DSA} object of public key
-3804  * @since x509 1.1.1
-3805  * @description
-3806  * NOTE: DSA is also supported since x509 1.1.2.
-3807  */
-3808 X509.getPublicKeyFromCertPEM = function(sCertPEM) {
-3809     var x = new X509();
-3810     x.readCertPEM(sCertPEM);
-3811     return x.getPublicKey();
+3787  * @param {String} hex hexadecimal string of ASN.1 DER concludes relative distinguished name
+3788  * @param {Integer} idx index of hexadecimal string (DEFAULT=0)
+3789  * @return {String} OpenSSL online format relative distinguished name
+3790  * @description
+3791  * This static method converts from a hexadecimal string of 
+3792  * relative distinguished name (RDN)
+3793  * specified by 'hex' and 'idx' to LDAP string representation (ex. O=test+CN=test).<br/>
+3794  * NOTE: Multi-valued RDN is supported since jsnrsasign 6.2.2 x509 1.1.10.
+3795  * @example
+3796  * X509.hex2rdn("310a3008060355040a0c0161") → O=a
+3797  * X509.hex2rdn("31143008060355040a0c01613008060355040a0c0162") → O=a+O=b
+3798  */
+3799 X509.hex2rdn = function(hex, idx) {
+3800     if (idx === undefined) idx = 0;
+3801     if (hex.substr(idx, 2) !== "31") throw new Error("malformed RDN");
+3802 
+3803     var a = new Array();
+3804 
+3805     var aIdx = ASN1HEX.getChildIdx(hex, idx);
+3806     for (var i = 0; i < aIdx.length; i++) {
+3807 	a.push(X509.hex2attrTypeValue(hex, aIdx[i]));
+3808     }
+3809 
+3810     a = a.map(function(s) { return s.replace("+", "\\+"); });
+3811     return a.join("+");
 3812 };
 3813 
 3814 /**
-3815  * get public key information from PEM certificate
-3816  * @name getPublicKeyInfoPropOfCertPEM
+3815  * get string from hexadecimal string of ASN.1 DER AttributeTypeAndValue<br/>
+3816  * @name hex2attrTypeValue
 3817  * @memberOf X509
 3818  * @function
-3819  * @param {String} sCertPEM string of PEM formatted certificate
-3820  * @return {Hash} hash of information for public key
-3821  * @since x509 1.1.1
+3819  * @param {String} hex hexadecimal string of ASN.1 DER concludes AttributeTypeAndValue
+3820  * @param {Integer} idx index of hexadecimal string (DEFAULT=0)
+3821  * @return {String} string representation of AttributeTypeAndValue (ex. C=US)
 3822  * @description
-3823  * Resulted associative array has following properties:<br/>
-3824  * <ul>
-3825  * <li>algoid - hexadecimal string of OID of asymmetric key algorithm</li>
-3826  * <li>algparam - hexadecimal string of OID of ECC curve name or null</li>
-3827  * <li>keyhex - hexadecimal string of key in the certificate</li>
-3828  * </ul>
-3829  * NOTE: X509v1 certificate is also supported since x509.js 1.1.9.
-3830  */
-3831 X509.getPublicKeyInfoPropOfCertPEM = function(sCertPEM) {
-3832     var _ASN1HEX = ASN1HEX;
-3833     var _getVbyList = _ASN1HEX.getVbyList;
-3834 
-3835     var result = {};
-3836     var x, hSPKI, pubkey;
-3837     result.algparam = null;
-3838 
-3839     x = new X509();
-3840     x.readCertPEM(sCertPEM);
+3823  * This static method converts from a hexadecimal string of AttributeTypeAndValue
+3824  * specified by 'hex' and 'idx' to LDAP string representation (ex. C=US).
+3825  * @example
+3826  * X509.hex2attrTypeValue("3008060355040a0c0161") → O=a
+3827  * X509.hex2attrTypeValue("300806035504060c0161") → C=a
+3828  * X509.hex2attrTypeValue("...3008060355040a0c0161...", 128) → O=a
+3829  */
+3830 X509.hex2attrTypeValue = function(hex, idx) {
+3831     var _ASN1HEX = ASN1HEX;
+3832     var _getV = _ASN1HEX.getV;
+3833 
+3834     if (idx === undefined) idx = 0;
+3835     if (hex.substr(idx, 2) !== "30") 
+3836 	throw new Error("malformed attribute type and value");
+3837 
+3838     var aIdx = _ASN1HEX.getChildIdx(hex, idx);
+3839     if (aIdx.length !== 2 || hex.substr(aIdx[0], 2) !== "06")
+3840 	"malformed attribute type and value";
 3841 
-3842     hSPKI = x.getPublicKeyHex();
-3843     result.keyhex = _getVbyList(hSPKI, 0, [1], "03").substr(2);
-3844     result.algoid = _getVbyList(hSPKI, 0, [0, 0], "06");
+3842     var oidHex = _getV(hex, aIdx[0]);
+3843     var oidInt = KJUR.asn1.ASN1Util.oidHexToInt(oidHex);
+3844     var atype = KJUR.asn1.x509.OID.oid2atype(oidInt);
 3845 
-3846     if (result.algoid === "2a8648ce3d0201") { // ecPublicKey
-3847 	result.algparam = _getVbyList(hSPKI, 0, [0, 1], "06");
-3848     };
-3849 
-3850     return result;
-3851 };
-3852 
-3853 /* ======================================================================
-3854  *   Specific V3 Extensions
-3855  * ====================================================================== */
-3856 
-3857 X509.KEYUSAGE_NAME = [
-3858     "digitalSignature",
-3859     "nonRepudiation",
-3860     "keyEncipherment",
-3861     "dataEncipherment",
-3862     "keyAgreement",
-3863     "keyCertSign",
-3864     "cRLSign",
-3865     "encipherOnly",
-3866     "decipherOnly"
-3867 ];
-3868 

\ No newline at end of file
+3846     var hV = _getV(hex, aIdx[1]);
+3847     var rawV = hextorstr(hV);
+3848 
+3849     return atype + "=" + rawV;
+3850 };
+3851 
+3852 /**
+3853  * get RSA/DSA/ECDSA public key object from X.509 certificate hexadecimal string<br/>
+3854  * @name getPublicKeyFromCertHex
+3855  * @memberOf X509
+3856  * @function
+3857  * @param {String} h hexadecimal string of X.509 certificate for RSA/ECDSA/DSA public key
+3858  * @return returns RSAKey/KJUR.crypto.{ECDSA,DSA} object of public key
+3859  * @since jsrasign 7.1.0 x509 1.1.11
+3860  */
+3861 X509.getPublicKeyFromCertHex = function(h) {
+3862     var x = new X509();
+3863     x.readCertHex(h);
+3864     return x.getPublicKey();
+3865 };
+3866 
+3867 /**
+3868  * get RSA/DSA/ECDSA public key object from PEM certificate string
+3869  * @name getPublicKeyFromCertPEM
+3870  * @memberOf X509
+3871  * @function
+3872  * @param {String} sCertPEM PEM formatted RSA/ECDSA/DSA X.509 certificate
+3873  * @return returns RSAKey/KJUR.crypto.{ECDSA,DSA} object of public key
+3874  * @since x509 1.1.1
+3875  * @description
+3876  * NOTE: DSA is also supported since x509 1.1.2.
+3877  */
+3878 X509.getPublicKeyFromCertPEM = function(sCertPEM) {
+3879     var x = new X509();
+3880     x.readCertPEM(sCertPEM);
+3881     return x.getPublicKey();
+3882 };
+3883 
+3884 /**
+3885  * get public key information from PEM certificate
+3886  * @name getPublicKeyInfoPropOfCertPEM
+3887  * @memberOf X509
+3888  * @function
+3889  * @param {String} sCertPEM string of PEM formatted certificate
+3890  * @return {Hash} hash of information for public key
+3891  * @since x509 1.1.1
+3892  * @description
+3893  * Resulted associative array has following properties:<br/>
+3894  * <ul>
+3895  * <li>algoid - hexadecimal string of OID of asymmetric key algorithm</li>
+3896  * <li>algparam - hexadecimal string of OID of ECC curve name or null</li>
+3897  * <li>keyhex - hexadecimal string of key in the certificate</li>
+3898  * </ul>
+3899  * NOTE: X509v1 certificate is also supported since x509.js 1.1.9.
+3900  */
+3901 X509.getPublicKeyInfoPropOfCertPEM = function(sCertPEM) {
+3902     var _ASN1HEX = ASN1HEX;
+3903     var _getVbyList = _ASN1HEX.getVbyList;
+3904 
+3905     var result = {};
+3906     var x, hSPKI, pubkey;
+3907     result.algparam = null;
+3908 
+3909     x = new X509();
+3910     x.readCertPEM(sCertPEM);
+3911 
+3912     hSPKI = x.getPublicKeyHex();
+3913     result.keyhex = _getVbyList(hSPKI, 0, [1], "03").substr(2);
+3914     result.algoid = _getVbyList(hSPKI, 0, [0, 0], "06");
+3915 
+3916     if (result.algoid === "2a8648ce3d0201") { // ecPublicKey
+3917 	result.algparam = _getVbyList(hSPKI, 0, [0, 1], "06");
+3918     };
+3919 
+3920     return result;
+3921 };
+3922 
+3923 /* ======================================================================
+3924  *   Specific V3 Extensions
+3925  * ====================================================================== */
+3926 
+3927 X509.KEYUSAGE_NAME = [
+3928     "digitalSignature",
+3929     "nonRepudiation",
+3930     "keyEncipherment",
+3931     "dataEncipherment",
+3932     "keyAgreement",
+3933     "keyCertSign",
+3934     "cRLSign",
+3935     "encipherOnly",
+3936     "decipherOnly"
+3937 ];
+3938
\ No newline at end of file diff --git a/bower.json b/bower.json index 158928c4..f05664af 100644 --- a/bower.json +++ b/bower.json @@ -1,6 +1,6 @@ { "name": "kjur-jsrsasign", - "version": "10.8.3", + "version": "10.8.4", "main": "jsrsasign-all-min.js", "description": "The 'jsrsasign' (RSA-Sign JavaScript Library) is an opensource free cryptography library supporting RSA/RSAPSS/ECDSA/DSA signing/validation, ASN.1, PKCS#1/5/8 private/public key, X.509 certificate, CRL, OCSP, CMS SignedData, TimeStamp, CAdES, JWS and JWT in pure JavaScript.", "license": "MIT", diff --git a/jsrsasign-all-min.js b/jsrsasign-all-min.js index e4e10c10..d49f103b 100644 --- a/jsrsasign-all-min.js +++ b/jsrsasign-all-min.js @@ -1,8 +1,8 @@ /* - * jsrsasign(all) 10.8.3 (2023-04-20) (c) 2010-2023 Kenji Urushima | kjur.github.io/jsrsasign/license + * jsrsasign(all) 10.8.4 (2023-04-26) (c) 2010-2023 Kenji Urushima | kjur.github.io/jsrsasign/license */ -var VERSION = "10.8.3"; -var VERSION_FULL = "jsrsasign(all) 10.8.3 (2023-04-20) (c) 2010-2023 Kenji Urushima | kjur.github.io/jsrsasign/license"; +var VERSION = "10.8.4"; +var VERSION_FULL = "jsrsasign(all) 10.8.4 (2023-04-26) (c) 2010-2023 Kenji Urushima | kjur.github.io/jsrsasign/license"; /*! CryptoJS v3.1.2 core-fix.js * code.google.com/p/crypto-js @@ -221,13 +221,13 @@ ECFieldElementFp.prototype.getByteLength=function(){return Math.floor((this.toBi var jsonParse=(function(){var e="(?:-?\\b(?:0|[1-9][0-9]*)(?:\\.[0-9]+)?(?:[eE][+-]?[0-9]+)?\\b)";var j='(?:[^\\0-\\x08\\x0a-\\x1f"\\\\]|\\\\(?:["/\\\\bfnrt]|u[0-9A-Fa-f]{4}))';var i='(?:"'+j+'*")';var d=new RegExp("(?:false|true|null|[\\{\\}\\[\\]]|"+e+"|"+i+")","g");var k=new RegExp("\\\\(?:([^u])|u(.{4}))","g");var g={'"':'"',"/":"/","\\":"\\",b:"\b",f:"\f",n:"\n",r:"\r",t:"\t"};function h(l,m,n){return m?g[m]:String.fromCharCode(parseInt(n,16))}var c=new String("");var a="\\";var f={"{":Object,"[":Array};var b=Object.hasOwnProperty;return function(u,q){var p=u.match(d);var x;var v=p[0];var l=false;if("{"===v){x={}}else{if("["===v){x=[]}else{x=[];l=true}}var t;var r=[x];for(var o=1-l,m=p.length;o=0;){delete D[n[A]]}}}return q.call(C,B,D)};x=s({"":x},"")}return x}})(); if(typeof KJUR=="undefined"||!KJUR){KJUR={}}if(typeof KJUR.asn1=="undefined"||!KJUR.asn1){KJUR.asn1={}}KJUR.asn1.ASN1Util=new function(){this.integerToByteHex=function(a){var b=a.toString(16);if((b.length%2)==1){b="0"+b}return b};this.bigIntToMinTwosComplementsHex=function(j){var f=j.toString(16);if(f.substr(0,1)!="-"){if(f.length%2==1){f="0"+f}else{if(!f.match(/^[0-7]/)){f="00"+f}}}else{var a=f.substr(1);var e=a.length;if(e%2==1){e+=1}else{if(!f.match(/^[0-7]/)){e+=2}}var g="";for(var d=0;d15){throw new Error("ASN.1 length too long to represent by 8x: n = "+j.toString(16))}var g=128+h;return g.toString(16)+i}};this.tohex=function(){if(this.hTLV==null||this.isModified){this.hV=this.getFreshValueHex();this.hL=this.getLengthHexFromValue();this.hTLV=this.hT+this.hL+this.hV;this.isModified=false}return this.hTLV};this.getEncodedHex=function(){return this.tohex()};this.getValueHex=function(){this.tohex();return this.hV};this.getFreshValueHex=function(){return""};this.setByParam=function(g){this.params=g};if(e!=undefined){if(e.tlv!=undefined){this.hTLV=e.tlv;this.isModified=false}}};KJUR.asn1.DERAbstractString=function(c){KJUR.asn1.DERAbstractString.superclass.constructor.call(this);var b=null;var a=null;this.getString=function(){return this.s};this.setString=function(d){this.hTLV=null;this.isModified=true;this.s=d;this.hV=utf8tohex(this.s).toLowerCase()};this.setStringHex=function(d){this.hTLV=null;this.isModified=true;this.s=null;this.hV=d};this.getFreshValueHex=function(){return this.hV};if(typeof c!="undefined"){if(typeof c=="string"){this.setString(c)}else{if(typeof c.str!="undefined"){this.setString(c.str)}else{if(typeof c.hex!="undefined"){this.setStringHex(c.hex)}}}}};extendClass(KJUR.asn1.DERAbstractString,KJUR.asn1.ASN1Object);KJUR.asn1.DERAbstractTime=function(c){KJUR.asn1.DERAbstractTime.superclass.constructor.call(this);var b=null;var a=null;this.localDateToUTC=function(g){var e=g.getTime()+(g.getTimezoneOffset()*60000);var f=new Date(e);return f};this.formatDate=function(m,o,e){var g=this.zeroPadding;var n=this.localDateToUTC(m);var p=String(n.getFullYear());if(o=="utc"){p=p.substr(2,2)}var l=g(String(n.getMonth()+1),2);var q=g(String(n.getDate()),2);var h=g(String(n.getHours()),2);var i=g(String(n.getMinutes()),2);var j=g(String(n.getSeconds()),2);var r=p+l+q+h+i+j;if(e===true){var f=n.getMilliseconds();if(f!=0){var k=g(String(f),3);k=k.replace(/[0]+$/,"");r=r+"."+k}}return r+"Z"};this.zeroPadding=function(e,d){if(e.length>=d){return e}return new Array(d-e.length+1).join("0")+e};this.setByParam=function(d){this.hV=null;this.hTLV=null;this.params=d};this.getString=function(){return undefined};this.setString=function(d){this.hTLV=null;this.isModified=true;if(this.params==undefined){this.params={}}this.params.str=d};this.setByDate=function(d){this.hTLV=null;this.isModified=true;if(this.params==undefined){this.params={}}this.params.date=d};this.setByDateValue=function(h,j,e,d,f,g){var i=new Date(Date.UTC(h,j-1,e,d,f,g,0));this.setByDate(i)};this.getFreshValueHex=function(){return this.hV}};extendClass(KJUR.asn1.DERAbstractTime,KJUR.asn1.ASN1Object);KJUR.asn1.DERAbstractStructured=function(b){KJUR.asn1.DERAbstractString.superclass.constructor.call(this);var a=null;this.setByASN1ObjectArray=function(c){this.hTLV=null;this.isModified=true;this.asn1Array=c};this.appendASN1Object=function(c){this.hTLV=null;this.isModified=true;this.asn1Array.push(c)};this.asn1Array=new Array();if(typeof b!="undefined"){if(typeof b.array!="undefined"){this.asn1Array=b.array}}};extendClass(KJUR.asn1.DERAbstractStructured,KJUR.asn1.ASN1Object);KJUR.asn1.DERBoolean=function(a){KJUR.asn1.DERBoolean.superclass.constructor.call(this);this.hT="01";if(a==false){this.hTLV="010100"}else{this.hTLV="0101ff"}};extendClass(KJUR.asn1.DERBoolean,KJUR.asn1.ASN1Object);KJUR.asn1.DERInteger=function(b){KJUR.asn1.DERInteger.superclass.constructor.call(this);this.hT="02";this.params=null;var a=KJUR.asn1.ASN1Util.bigIntToMinTwosComplementsHex;this.setByBigInteger=function(c){this.isModified=true;this.params={bigint:c}};this.setByInteger=function(c){this.isModified=true;this.params=c};this.setValueHex=function(c){this.isModified=true;this.params={hex:c}};this.getFreshValueHex=function(){var d=this.params;var c=null;if(d==null){throw new Error("value not set")}if(typeof d=="object"&&d.hex!=undefined){this.hV=d.hex;return this.hV}if(typeof d=="number"){c=new BigInteger(String(d),10)}else{if(d["int"]!=undefined){c=new BigInteger(String(d["int"]),10)}else{if(d.bigint!=undefined){c=d.bigint}else{throw new Error("wrong parameter")}}}this.hV=a(c);return this.hV};if(b!=undefined){this.params=b}};extendClass(KJUR.asn1.DERInteger,KJUR.asn1.ASN1Object);KJUR.asn1.DERBitString=function(b){if(b!==undefined&&typeof b.obj!=="undefined"){var a=KJUR.asn1.ASN1Util.newObject(b.obj);b.hex="00"+a.tohex()}KJUR.asn1.DERBitString.superclass.constructor.call(this);this.hT="03";this.setHexValueIncludingUnusedBits=function(c){this.hTLV=null;this.isModified=true;this.hV=c};this.setUnusedBitsAndHexValue=function(c,e){if(c<0||7=f){break}}return j};ASN1HEX.getNthChildIdx=function(d,b,e){var c=ASN1HEX.getChildIdx(d,b);return c[e]};ASN1HEX.getIdxbyList=function(e,d,c,i){var g=ASN1HEX;var f,b;if(c.length==0){if(i!==undefined){if(e.substr(d,2)!==i){return -1}}return d}f=c.shift();b=g.getChildIdx(e,d);if(f>=b.length){return -1}return g.getIdxbyList(e,b[f],c,i)};ASN1HEX.getIdxbyListEx=function(f,k,b,g){var m=ASN1HEX;var d,l;if(b.length==0){if(g!==undefined){if(f.substr(k,2)!==g){return -1}}return k}d=b.shift();l=m.getChildIdx(f,k);var j=0;for(var e=0;e=d.length){return null}return e.getTLV(d,a)};ASN1HEX.getTLVbyListEx=function(d,c,b,f){var e=ASN1HEX;var a=e.getIdxbyListEx(d,c,b,f);if(a==-1){return null}return e.getTLV(d,a)};ASN1HEX.getVbyList=function(e,c,b,g,i){var f=ASN1HEX;var a,d;a=f.getIdxbyList(e,c,b,g);if(a==-1){return null}if(a>=e.length){return null}d=f.getV(e,a);if(i===true){d=d.substr(2)}return d};ASN1HEX.getVbyListEx=function(b,e,a,d,f){var j=ASN1HEX;var g,c,i;g=j.getIdxbyListEx(b,e,a,d);if(g==-1){return null}i=j.getV(b,g);if(b.substr(g,2)=="03"&&f!==false){i=i.substr(2)}return i};ASN1HEX.getInt=function(e,b,f){if(f==undefined){f=-1}try{var c=e.substr(b,2);if(c!="02"&&c!="03"){return f}var a=ASN1HEX.getV(e,b);if(c=="02"){return parseInt(a,16)}else{return bitstrtoint(a)}}catch(d){return f}};ASN1HEX.getOID=function(c,a,d){if(d==undefined){d=null}try{if(c.substr(a,2)!="06"){return d}var e=ASN1HEX.getV(c,a);return hextooid(e)}catch(b){return d}};ASN1HEX.getOIDName=function(d,a,f){if(f==undefined){f=null}try{var e=ASN1HEX.getOID(d,a,f);if(e==f){return f}var b=KJUR.asn1.x509.OID.oid2name(e);if(b==""){return e}return b}catch(c){return f}};ASN1HEX.getString=function(d,b,e){if(e==undefined){e=null}try{var a=ASN1HEX.getV(d,b);return hextorstr(a)}catch(c){return e}};ASN1HEX.hextooidstr=function(e){var h=function(b,a){if(b.length>=a){return b}return new Array(a-b.length+1).join("0")+b};var l=[];var o=e.substr(0,2);var f=parseInt(o,16);l[0]=new String(Math.floor(f/40));l[1]=new String(f%40);var m=e.substr(2);var k=[];for(var g=0;g0){n=n+"."+j.join(".")}return n};ASN1HEX.dump=function(t,c,l,g){var p=ASN1HEX;var j=p.getV;var y=p.dump;var w=p.getChildIdx;var e=t;if(t instanceof KJUR.asn1.ASN1Object){e=t.tohex()}var q=function(A,i){if(A.length<=i*2){return A}else{var v=A.substr(0,i)+"..(total "+A.length/2+"bytes).."+A.substr(A.length-i,i);return v}};if(c===undefined){c={ommit_long_octet:32}}if(l===undefined){l=0}if(g===undefined){g=""}var x=c.ommit_long_octet;var z=e.substr(l,2);if(z=="01"){var h=j(e,l);if(h=="00"){return g+"BOOLEAN FALSE\n"}else{return g+"BOOLEAN TRUE\n"}}if(z=="02"){var h=j(e,l);return g+"INTEGER "+q(h,x)+"\n"}if(z=="03"){var h=j(e,l);if(p.isASN1HEX(h.substr(2))){var k=g+"BITSTRING, encapsulates\n";k=k+y(h.substr(2),c,0,g+" ");return k}else{return g+"BITSTRING "+q(h,x)+"\n"}}if(z=="04"){var h=j(e,l);if(p.isASN1HEX(h)){var k=g+"OCTETSTRING, encapsulates\n";k=k+y(h,c,0,g+" ");return k}else{return g+"OCTETSTRING "+q(h,x)+"\n"}}if(z=="05"){return g+"NULL\n"}if(z=="06"){var m=j(e,l);var b=KJUR.asn1.ASN1Util.oidHexToInt(m);var o=KJUR.asn1.x509.OID.oid2name(b);var a=b.replace(/\./g," ");if(o!=""){return g+"ObjectIdentifier "+o+" ("+a+")\n"}else{return g+"ObjectIdentifier ("+a+")\n"}}if(z=="0a"){return g+"ENUMERATED "+parseInt(j(e,l))+"\n"}if(z=="0c"){return g+"UTF8String '"+hextoutf8(j(e,l))+"'\n"}if(z=="13"){return g+"PrintableString '"+hextoutf8(j(e,l))+"'\n"}if(z=="14"){return g+"TeletexString '"+hextoutf8(j(e,l))+"'\n"}if(z=="16"){return g+"IA5String '"+hextoutf8(j(e,l))+"'\n"}if(z=="17"){return g+"UTCTime "+hextoutf8(j(e,l))+"\n"}if(z=="18"){return g+"GeneralizedTime "+hextoutf8(j(e,l))+"\n"}if(z=="1a"){return g+"VisualString '"+hextoutf8(j(e,l))+"'\n"}if(z=="1e"){return g+"BMPString '"+ucs2hextoutf8(j(e,l))+"'\n"}if(z=="30"){if(e.substr(l,4)=="3000"){return g+"SEQUENCE {}\n"}var k=g+"SEQUENCE\n";var d=w(e,l);var f=c;if((d.length==2||d.length==3)&&e.substr(d[0],2)=="06"&&e.substr(d[d.length-1],2)=="04"){var o=p.oidname(j(e,d[0]));var r=JSON.parse(JSON.stringify(c));r.x509ExtName=o;f=r}for(var u=0;u4){return{"enum":{hex:p}}}else{return{"enum":parseInt(p,16)}}}else{if(C=="30"||C=="31"){j[c[C]]=u(x);return j}else{if(C=="14"){var o=q(p);j[c[C]]={str:o};return j}else{if(C=="1e"){var o=n(p);j[c[C]]={str:o};return j}else{if(":0c:12:13:16:17:18:1a:".indexOf(C)!=-1){var o=k(p);j[c[C]]={str:o};return j}else{if(C.match(/^8[0-9]$/)){var o=k(p);if(o==null|o==""){return{tag:{tag:C,explicit:false,hex:p}}}else{if(o.match(/[\x00-\x1F\x7F-\x9F]/)!=null||o.match(/[\u0000-\u001F\u0080–\u009F]/)!=null){return{tag:{tag:C,explicit:false,hex:p}}}else{return{tag:{tag:C,explicit:false,str:o}}}}}else{if(C.match(/^a[0-9]$/)){try{if(!a(p)){throw new Error("not encap")}return{tag:{tag:C,explicit:true,obj:f(p)}}}catch(z){return{tag:{tag:C,explicit:true,hex:p}}}}else{var A=new KJUR.asn1.ASN1Object();A.hV=p;var w=A.getLengthHexFromValue();return{asn1:{tlv:C+w+p}}}}}}}}}}}}}}}};ASN1HEX.isContextTag=function(c,b){c=c.toLowerCase();var f,e;try{f=parseInt(c,16)}catch(d){return -1}if(b===undefined){if((f&192)==128){return true}else{return false}}try{var a=b.match(/^\[[0-9]+\]$/);if(a==null){return false}e=parseInt(b.substr(1,b.length-1),10);if(e>31){return false}if(((f&192)==128)&&((f&31)==e)){return true}return false}catch(d){return false}};ASN1HEX.isASN1HEX=function(e){var d=ASN1HEX;if(e.length%2==1){return false}var c=d.getVblen(e,0);var b=e.substr(0,2);var f=d.getL(e,0);var a=e.length-b.length-f.length;if(a==c*2){return true}return false};ASN1HEX.checkStrictDER=function(g,o,d,c,r){var s=ASN1HEX;if(d===undefined){if(typeof g!="string"){throw new Error("not hex string")}g=g.toLowerCase();if(!KJUR.lang.String.isHex(g)){throw new Error("not hex string")}d=g.length;c=g.length/2;if(c<128){r=1}else{r=Math.ceil(c.toString(16))+1}}var k=s.getL(g,o);if(k.length>r*2){throw new Error("L of TLV too long: idx="+o)}var n=s.getVblen(g,o);if(n>c){throw new Error("value of L too long than hex: idx="+o)}var q=s.getTLV(g,o);var f=q.length-2-s.getL(g,o).length;if(f!==(n*2)){throw new Error("V string length and L's value not the same:"+f+"/"+(n*2))}if(o===0){if(g.length!=q.length){throw new Error("total length and TLV length unmatch:"+g.length+"!="+q.length)}}var b=g.substr(o,2);if(b==="02"){var a=s.getVidx(g,o);if(g.substr(a,2)=="00"&&g.charCodeAt(a+2)<56){throw new Error("not least zeros for DER INTEGER")}}if(parseInt(b,16)&32){var p=s.getVblen(g,o);var m=0;var l=s.getChildIdx(g,o);for(var e=0;e0){n.push(new c({tag:"a3",obj:new j(q.ext)}))}var o=new KJUR.asn1.DERSequence({array:n});return o.tohex()};this.getEncodedHex=function(){return this.tohex()};if(f!==undefined){this.setByParam(f)}};extendClass(KJUR.asn1.x509.TBSCertificate,KJUR.asn1.ASN1Object);KJUR.asn1.x509.Extensions=function(d){KJUR.asn1.x509.Extensions.superclass.constructor.call(this);var c=KJUR,b=c.asn1,a=b.DERSequence,e=b.x509;this.aParam=[];this.setByParam=function(f){this.aParam=f};this.tohex=function(){var f=[];for(var h=0;h-1){i.push(new f({"int":this.pathLen}))}var h=new b({array:i});this.asn1ExtnValue=h;return this.asn1ExtnValue.tohex()};this.oid="2.5.29.19";this.cA=false;this.pathLen=-1;if(g!==undefined){if(g.cA!==undefined){this.cA=g.cA}if(g.pathLen!==undefined){this.pathLen=g.pathLen}}};extendClass(KJUR.asn1.x509.BasicConstraints,KJUR.asn1.x509.Extension);KJUR.asn1.x509.CRLDistributionPoints=function(d){KJUR.asn1.x509.CRLDistributionPoints.superclass.constructor.call(this,d);var b=KJUR,a=b.asn1,c=a.x509;this.getExtnValueHex=function(){return this.asn1ExtnValue.tohex()};this.setByDPArray=function(e){var f=[];for(var g=0;g0){f.push(new b({array:j}))}}var g=new b({array:f});return g.tohex()};this.getEncodedHex=function(){return this.tohex()};if(d!==undefined){this.params=d}};extendClass(KJUR.asn1.x509.PolicyInformation,KJUR.asn1.ASN1Object);KJUR.asn1.x509.PolicyQualifierInfo=function(e){KJUR.asn1.x509.PolicyQualifierInfo.superclass.constructor.call(this,e);var c=KJUR.asn1,b=c.DERSequence,d=c.DERIA5String,f=c.DERObjectIdentifier,a=c.x509.UserNotice;this.params=null;this.tohex=function(){if(this.params.cps!==undefined){var g=new b({array:[new f({oid:"1.3.6.1.5.5.7.2.1"}),new d({str:this.params.cps})]});return g.tohex()}if(this.params.unotice!=undefined){var g=new b({array:[new f({oid:"1.3.6.1.5.5.7.2.2"}),new a(this.params.unotice)]});return g.tohex()}};this.getEncodedHex=function(){return this.tohex()};if(e!==undefined){this.params=e}};extendClass(KJUR.asn1.x509.PolicyQualifierInfo,KJUR.asn1.ASN1Object);KJUR.asn1.x509.UserNotice=function(e){KJUR.asn1.x509.UserNotice.superclass.constructor.call(this,e);var a=KJUR.asn1.DERSequence,d=KJUR.asn1.DERInteger,c=KJUR.asn1.x509.DisplayText,b=KJUR.asn1.x509.NoticeReference;this.params=null;this.tohex=function(){var f=[];if(this.params.noticeref!==undefined){f.push(new b(this.params.noticeref))}if(this.params.exptext!==undefined){f.push(new c(this.params.exptext))}var g=new a({array:f});return g.tohex()};this.getEncodedHex=function(){return this.tohex()};if(e!==undefined){this.params=e}};extendClass(KJUR.asn1.x509.UserNotice,KJUR.asn1.ASN1Object);KJUR.asn1.x509.NoticeReference=function(d){KJUR.asn1.x509.NoticeReference.superclass.constructor.call(this,d);var a=KJUR.asn1.DERSequence,c=KJUR.asn1.DERInteger,b=KJUR.asn1.x509.DisplayText;this.params=null;this.tohex=function(){var f=[];if(this.params.org!==undefined){f.push(new b(this.params.org))}if(this.params.noticenum!==undefined){var h=[];var e=this.params.noticenum;for(var j=0;j0){for(var g=0;g0;f++){var h=c.shift();if(e===true){var d=b.pop();var j=(d+","+h).replace(/\\,/g,",");b.push(j);e=false}else{b.push(h)}if(h.substr(-1,1)==="\\"){e=true}}b=b.map(function(a){return a.replace("/","\\/")});b.reverse();return"/"+b.join("/")};KJUR.asn1.x509.X500Name.ldapToOneline=function(a){return KJUR.asn1.x509.X500Name.ldapToCompat(a)};KJUR.asn1.x509.RDN=function(b){KJUR.asn1.x509.RDN.superclass.constructor.call(this);this.asn1Array=[];this.paramArray=[];this.sRule="utf8";var a=KJUR.asn1.x509.AttributeTypeAndValue;this.setByParam=function(c){if(c.rule!==undefined){this.sRule=c.rule}if(c.str!==undefined){this.addByMultiValuedString(c.str)}if(c.array!==undefined){this.paramArray=c.array}};this.addByString=function(c){this.asn1Array.push(new KJUR.asn1.x509.AttributeTypeAndValue({str:c,rule:this.sRule}))};this.addByMultiValuedString=function(e){var c=KJUR.asn1.x509.RDN.parseString(e);for(var d=0;d0){for(var d=0;d0;g++){var k=j.shift();if(h===true){var f=c.pop();var d=(f+"+"+k).replace(/\\\+/g,"+");c.push(d);h=false}else{c.push(k)}if(k.substr(-1,1)==="\\"){h=true}}var l=false;var b=[];for(var g=0;c.length>0;g++){var k=c.shift();if(l===true){var e=b.pop();if(k.match(/"$/)){var d=(e+"+"+k).replace(/^([^=]+)="(.*)"$/,"$1=$2");b.push(d);l=false}else{b.push(e+"+"+k)}}else{b.push(k)}if(k.match(/^[^=]+="/)){l=true}}return b};KJUR.asn1.x509.AttributeTypeAndValue=function(c){KJUR.asn1.x509.AttributeTypeAndValue.superclass.constructor.call(this);this.sRule="utf8";this.sType=null;this.sValue=null;this.dsType=null;var a=KJUR,g=a.asn1,d=g.DERSequence,l=g.DERUTF8String,i=g.DERPrintableString,h=g.DERTeletexString,b=g.DERIA5String,e=g.DERVisibleString,k=g.DERBMPString,f=a.lang.String.isMail,j=a.lang.String.isPrintable;this.setByParam=function(o){if(o.rule!==undefined){this.sRule=o.rule}if(o.ds!==undefined){this.dsType=o.ds}if(o.value===undefined&&o.str!==undefined){var n=o.str;var m=n.match(/^([^=]+)=(.+)$/);if(m){this.sType=m[1];this.sValue=m[2]}else{throw new Error("malformed attrTypeAndValueStr: "+attrTypeAndValueStr)}}else{this.sType=o.type;this.sValue=o.value}};this.setByString=function(n,o){if(o!==undefined){this.sRule=o}var m=n.match(/^([^=]+)=(.+)$/);if(m){this.setByAttrTypeAndValueStr(m[1],m[2])}else{throw new Error("malformed attrTypeAndValueStr: "+attrTypeAndValueStr)}};this._getDsType=function(){var o=this.sType;var n=this.sValue;var m=this.sRule;if(m==="prn"){if(o=="CN"&&f(n)){return"ia5"}if(j(n)){return"prn"}return"utf8"}else{if(m==="utf8"){if(o=="CN"&&f(n)){return"ia5"}if(o=="C"){return"prn"}return"utf8"}}return"utf8"};this.setByAttrTypeAndValueStr=function(o,n,m){if(m!==undefined){this.sRule=m}this.sType=o;this.sValue=n};this.getValueObj=function(n,m){if(n=="utf8"){return new l({str:m})}if(n=="prn"){return new i({str:m})}if(n=="tel"){return new h({str:m})}if(n=="ia5"){return new b({str:m})}if(n=="vis"){return new e({str:m})}if(n=="bmp"){return new k({str:m})}throw new Error("unsupported directory string type: type="+n+" value="+m)};this.tohex=function(){if(this.dsType==null){this.dsType=this._getDsType()}var n=KJUR.asn1.x509.OID.atype2obj(this.sType);var m=this.getValueObj(this.dsType,this.sValue);var p=new d({array:[n,m]});this.TLV=p.tohex();return this.TLV};this.getEncodedHex=function(){return this.tohex()};if(c!==undefined){this.setByParam(c)}};extendClass(KJUR.asn1.x509.AttributeTypeAndValue,KJUR.asn1.ASN1Object);KJUR.asn1.x509.SubjectPublicKeyInfo=function(f){KJUR.asn1.x509.SubjectPublicKeyInfo.superclass.constructor.call(this);var l=null,k=null,a=KJUR,j=a.asn1,i=j.DERInteger,b=j.DERBitString,m=j.DERObjectIdentifier,e=j.DERSequence,h=j.ASN1Util.newObject,d=j.x509,o=d.AlgorithmIdentifier,g=a.crypto,n=g.ECDSA,c=g.DSA;this.getASN1Object=function(){if(this.asn1AlgId==null||this.asn1SubjPKey==null){throw"algId and/or subjPubKey not set"}var p=new e({array:[this.asn1AlgId,this.asn1SubjPKey]});return p};this.tohex=function(){var p=this.getASN1Object();this.hTLV=p.tohex();return this.hTLV};this.getEncodedHex=function(){return this.tohex()};this.setPubKey=function(q){try{if(q instanceof RSAKey){var u=h({seq:[{"int":{bigint:q.n}},{"int":{"int":q.e}}]});var s=u.tohex();this.asn1AlgId=new o({name:"rsaEncryption"});this.asn1SubjPKey=new b({hex:"00"+s})}}catch(p){}try{if(q instanceof KJUR.crypto.ECDSA){var r=new m({name:q.curveName});this.asn1AlgId=new o({name:"ecPublicKey",asn1params:r});this.asn1SubjPKey=new b({hex:"00"+q.pubKeyHex})}}catch(p){}try{if(q instanceof KJUR.crypto.DSA){var r=new h({seq:[{"int":{bigint:q.p}},{"int":{bigint:q.q}},{"int":{bigint:q.g}}]});this.asn1AlgId=new o({name:"dsa",asn1params:r});var t=new i({bigint:q.y});this.asn1SubjPKey=new b({hex:"00"+t.tohex()})}}catch(p){}};if(f!==undefined){this.setPubKey(f)}};extendClass(KJUR.asn1.x509.SubjectPublicKeyInfo,KJUR.asn1.ASN1Object);KJUR.asn1.x509.Time=function(f){KJUR.asn1.x509.Time.superclass.constructor.call(this);var e=null,a=null,d=KJUR,c=d.asn1,b=c.DERUTCTime,g=c.DERGeneralizedTime;this.params=null;this.type=null;this.setTimeParams=function(h){this.timeParams=h};this.setByParam=function(h){this.params=h};this.getType=function(h){if(h.match(/^[0-9]{12}Z$/)){return"utc"}if(h.match(/^[0-9]{14}Z$/)){return"gen"}if(h.match(/^[0-9]{12}\.[0-9]+Z$/)){return"utc"}if(h.match(/^[0-9]{14}\.[0-9]+Z$/)){return"gen"}return null};this.tohex=function(){var i=this.params;var h=null;if(typeof i=="string"){i={str:i}}if(i!=null&&i.str&&(i.type==null||i.type==undefined)){i.type=this.getType(i.str)}if(i!=null&&i.str){if(i.type=="utc"){h=new b(i.str)}if(i.type=="gen"){h=new g(i.str)}}else{if(this.type=="gen"){h=new g()}else{h=new b()}}if(h==null){throw new Error("wrong setting for Time")}this.TLV=h.tohex();return this.TLV};this.getEncodedHex=function(){return this.tohex()};if(f!=undefined){this.setByParam(f)}};KJUR.asn1.x509.Time_bak=function(f){KJUR.asn1.x509.Time_bak.superclass.constructor.call(this);var e=null,a=null,d=KJUR,c=d.asn1,b=c.DERUTCTime,g=c.DERGeneralizedTime;this.setTimeParams=function(h){this.timeParams=h};this.tohex=function(){var h=null;if(this.timeParams!=null){if(this.type=="utc"){h=new b(this.timeParams)}else{h=new g(this.timeParams)}}else{if(this.type=="utc"){h=new b()}else{h=new g()}}this.TLV=h.tohex();return this.TLV};this.getEncodedHex=function(){return this.tohex()};this.type="utc";if(f!==undefined){if(f.type!==undefined){this.type=f.type}else{if(f.str!==undefined){if(f.str.match(/^[0-9]{12}Z$/)){this.type="utc"}if(f.str.match(/^[0-9]{14}Z$/)){this.type="gen"}}}this.timeParams=f}};extendClass(KJUR.asn1.x509.Time,KJUR.asn1.ASN1Object);KJUR.asn1.x509.AlgorithmIdentifier=function(e){KJUR.asn1.x509.AlgorithmIdentifier.superclass.constructor.call(this);this.nameAlg=null;this.asn1Alg=null;this.asn1Params=null;this.paramEmpty=false;var b=KJUR,a=b.asn1,c=a.x509.AlgorithmIdentifier.PSSNAME2ASN1TLV;this.tohex=function(){if(this.nameAlg===null&&this.asn1Alg===null){throw new Error("algorithm not specified")}if(this.nameAlg!==null){var f=null;for(var h in c){if(h===this.nameAlg){f=c[h]}}if(f!==null){this.hTLV=f;return this.hTLV}}if(this.nameAlg!==null&&this.asn1Alg===null){this.asn1Alg=a.x509.OID.name2obj(this.nameAlg)}var g=[this.asn1Alg];if(this.asn1Params!==null){g.push(this.asn1Params)}var i=new a.DERSequence({array:g});this.hTLV=i.tohex();return this.hTLV};this.getEncodedHex=function(){return this.tohex()};if(e!==undefined){if(e.name!==undefined){this.nameAlg=e.name}if(e.asn1params!==undefined){this.asn1Params=e.asn1params}if(e.paramempty!==undefined){this.paramEmpty=e.paramempty}}if(this.asn1Params===null&&this.paramEmpty===false&&this.nameAlg!==null){if(this.nameAlg.name!==undefined){this.nameAlg=this.nameAlg.name}var d=this.nameAlg.toLowerCase();if(d.substr(-7,7)!=="withdsa"&&d.substr(-9,9)!=="withecdsa"){this.asn1Params=new a.DERNull()}}};extendClass(KJUR.asn1.x509.AlgorithmIdentifier,KJUR.asn1.ASN1Object);KJUR.asn1.x509.AlgorithmIdentifier.PSSNAME2ASN1TLV={SHAwithRSAandMGF1:"300d06092a864886f70d01010a3000",SHA256withRSAandMGF1:"303d06092a864886f70d01010a3030a00d300b0609608648016503040201a11a301806092a864886f70d010108300b0609608648016503040201a203020120",SHA384withRSAandMGF1:"303d06092a864886f70d01010a3030a00d300b0609608648016503040202a11a301806092a864886f70d010108300b0609608648016503040202a203020130",SHA512withRSAandMGF1:"303d06092a864886f70d01010a3030a00d300b0609608648016503040203a11a301806092a864886f70d010108300b0609608648016503040203a203020140"};KJUR.asn1.x509.GeneralName=function(f){KJUR.asn1.x509.GeneralName.superclass.constructor.call(this);var l={rfc822:"81",dns:"82",dn:"a4",uri:"86",ip:"87",otherName:"a0"},b=KJUR,h=b.asn1,d=h.x509,a=d.X500Name,g=d.OtherName,e=h.DERIA5String,i=h.DERPrintableString,k=h.DEROctetString,c=h.DERTaggedObject,m=h.ASN1Object,j=Error;this.params=null;this.setByParam=function(n){this.params=n};this.tohex=function(){var p=this.params;var A,y,q;var y=false;if(p.other!==undefined){A="a0",q=new g(p.other)}else{if(p.rfc822!==undefined){A="81";q=new e({str:p.rfc822})}else{if(p.dns!==undefined){A="82";q=new e({str:p.dns})}else{if(p.dn!==undefined){A="a4";y=true;if(typeof p.dn==="string"){q=new a({str:p.dn})}else{if(p.dn instanceof KJUR.asn1.x509.X500Name){q=p.dn}else{q=new a(p.dn)}}}else{if(p.ldapdn!==undefined){A="a4";y=true;q=new a({ldapstr:p.ldapdn})}else{if(p.certissuer!==undefined||p.certsubj!==undefined){A="a4";y=true;var n,o;var z=null;if(p.certsubj!==undefined){n=false;o=p.certsubj}else{n=true;o=p.certissuer}if(o.match(/^[0-9A-Fa-f]+$/)){z==o}if(o.indexOf("-----BEGIN ")!=-1){z=pemtohex(o)}if(z==null){throw new Error("certsubj/certissuer not cert")}var w=new X509();w.hex=z;var s;if(n){s=w.getIssuerHex()}else{s=w.getSubjectHex()}q=new m();q.hTLV=s}else{if(p.uri!==undefined){A="86";q=new e({str:p.uri})}else{if(p.ip!==undefined){A="87";var v;var t=p.ip;try{if(t.match(/^[0-9a-f]+$/)){var r=t.length;if(r==8||r==16||r==32||r==64){v=t}else{throw"err"}}else{v=iptohex(t)}}catch(u){throw new j("malformed IP address: "+p.ip+":"+u.message)}q=new k({hex:v})}else{throw new j("improper params")}}}}}}}}var B=new c({tag:A,explicit:y,obj:q});return B.tohex()};this.getEncodedHex=function(){return this.tohex()};if(f!==undefined){this.setByParam(f)}};extendClass(KJUR.asn1.x509.GeneralName,KJUR.asn1.ASN1Object);KJUR.asn1.x509.GeneralNames=function(d){KJUR.asn1.x509.GeneralNames.superclass.constructor.call(this);var a=null,c=KJUR,b=c.asn1;this.setByParamArray=function(g){for(var e=0;e0){n.push(new c({tag:"a3",obj:new j(q.ext)}))}var o=new KJUR.asn1.DERSequence({array:n});return o.tohex()};this.getEncodedHex=function(){return this.tohex()};if(f!==undefined){this.setByParam(f)}};extendClass(KJUR.asn1.x509.TBSCertificate,KJUR.asn1.ASN1Object);KJUR.asn1.x509.Extensions=function(d){KJUR.asn1.x509.Extensions.superclass.constructor.call(this);var c=KJUR,b=c.asn1,a=b.DERSequence,e=b.x509;this.aParam=[];this.setByParam=function(f){this.aParam=f};this.tohex=function(){var f=[];for(var h=0;h-1){i.push(new f({"int":this.pathLen}))}var h=new b({array:i});this.asn1ExtnValue=h;return this.asn1ExtnValue.tohex()};this.oid="2.5.29.19";this.cA=false;this.pathLen=-1;if(g!==undefined){if(g.cA!==undefined){this.cA=g.cA}if(g.pathLen!==undefined){this.pathLen=g.pathLen}}};extendClass(KJUR.asn1.x509.BasicConstraints,KJUR.asn1.x509.Extension);KJUR.asn1.x509.CRLDistributionPoints=function(d){KJUR.asn1.x509.CRLDistributionPoints.superclass.constructor.call(this,d);var b=KJUR,a=b.asn1,c=a.x509;this.getExtnValueHex=function(){return this.asn1ExtnValue.tohex()};this.setByDPArray=function(e){var f=[];for(var g=0;g0){f.push(new b({array:j}))}}var g=new b({array:f});return g.tohex()};this.getEncodedHex=function(){return this.tohex()};if(d!==undefined){this.params=d}};extendClass(KJUR.asn1.x509.PolicyInformation,KJUR.asn1.ASN1Object);KJUR.asn1.x509.PolicyQualifierInfo=function(e){KJUR.asn1.x509.PolicyQualifierInfo.superclass.constructor.call(this,e);var c=KJUR.asn1,b=c.DERSequence,d=c.DERIA5String,f=c.DERObjectIdentifier,a=c.x509.UserNotice;this.params=null;this.tohex=function(){if(this.params.cps!==undefined){var g=new b({array:[new f({oid:"1.3.6.1.5.5.7.2.1"}),new d({str:this.params.cps})]});return g.tohex()}if(this.params.unotice!=undefined){var g=new b({array:[new f({oid:"1.3.6.1.5.5.7.2.2"}),new a(this.params.unotice)]});return g.tohex()}};this.getEncodedHex=function(){return this.tohex()};if(e!==undefined){this.params=e}};extendClass(KJUR.asn1.x509.PolicyQualifierInfo,KJUR.asn1.ASN1Object);KJUR.asn1.x509.UserNotice=function(e){KJUR.asn1.x509.UserNotice.superclass.constructor.call(this,e);var a=KJUR.asn1.DERSequence,d=KJUR.asn1.DERInteger,c=KJUR.asn1.x509.DisplayText,b=KJUR.asn1.x509.NoticeReference;this.params=null;this.tohex=function(){var f=[];if(this.params.noticeref!==undefined){f.push(new b(this.params.noticeref))}if(this.params.exptext!==undefined){f.push(new c(this.params.exptext))}var g=new a({array:f});return g.tohex()};this.getEncodedHex=function(){return this.tohex()};if(e!==undefined){this.params=e}};extendClass(KJUR.asn1.x509.UserNotice,KJUR.asn1.ASN1Object);KJUR.asn1.x509.NoticeReference=function(d){KJUR.asn1.x509.NoticeReference.superclass.constructor.call(this,d);var a=KJUR.asn1.DERSequence,c=KJUR.asn1.DERInteger,b=KJUR.asn1.x509.DisplayText;this.params=null;this.tohex=function(){var f=[];if(this.params.org!==undefined){f.push(new b(this.params.org))}if(this.params.noticenum!==undefined){var h=[];var e=this.params.noticenum;for(var j=0;j0){for(var g=0;g0;f++){var h=c.shift();if(e===true){var d=b.pop();var j=(d+","+h).replace(/\\,/g,",");b.push(j);e=false}else{b.push(h)}if(h.substr(-1,1)==="\\"){e=true}}b=b.map(function(a){return a.replace("/","\\/")});b.reverse();return"/"+b.join("/")};KJUR.asn1.x509.X500Name.ldapToOneline=function(a){return KJUR.asn1.x509.X500Name.ldapToCompat(a)};KJUR.asn1.x509.RDN=function(b){KJUR.asn1.x509.RDN.superclass.constructor.call(this);this.asn1Array=[];this.paramArray=[];this.sRule="utf8";var a=KJUR.asn1.x509.AttributeTypeAndValue;this.setByParam=function(c){if(c.rule!==undefined){this.sRule=c.rule}if(c.str!==undefined){this.addByMultiValuedString(c.str)}if(c.array!==undefined){this.paramArray=c.array}};this.addByString=function(c){this.asn1Array.push(new KJUR.asn1.x509.AttributeTypeAndValue({str:c,rule:this.sRule}))};this.addByMultiValuedString=function(e){var c=KJUR.asn1.x509.RDN.parseString(e);for(var d=0;d0){for(var d=0;d0;g++){var k=j.shift();if(h===true){var f=c.pop();var d=(f+"+"+k).replace(/\\\+/g,"+");c.push(d);h=false}else{c.push(k)}if(k.substr(-1,1)==="\\"){h=true}}var l=false;var b=[];for(var g=0;c.length>0;g++){var k=c.shift();if(l===true){var e=b.pop();if(k.match(/"$/)){var d=(e+"+"+k).replace(/^([^=]+)="(.*)"$/,"$1=$2");b.push(d);l=false}else{b.push(e+"+"+k)}}else{b.push(k)}if(k.match(/^[^=]+="/)){l=true}}return b};KJUR.asn1.x509.AttributeTypeAndValue=function(c){KJUR.asn1.x509.AttributeTypeAndValue.superclass.constructor.call(this);this.sRule="utf8";this.sType=null;this.sValue=null;this.dsType=null;var a=KJUR,g=a.asn1,d=g.DERSequence,l=g.DERUTF8String,i=g.DERPrintableString,h=g.DERTeletexString,b=g.DERIA5String,e=g.DERVisibleString,k=g.DERBMPString,f=a.lang.String.isMail,j=a.lang.String.isPrintable;this.setByParam=function(o){if(o.rule!==undefined){this.sRule=o.rule}if(o.ds!==undefined){this.dsType=o.ds}if(o.value===undefined&&o.str!==undefined){var n=o.str;var m=n.match(/^([^=]+)=(.+)$/);if(m){this.sType=m[1];this.sValue=m[2]}else{throw new Error("malformed attrTypeAndValueStr: "+attrTypeAndValueStr)}}else{this.sType=o.type;this.sValue=o.value}};this.setByString=function(n,o){if(o!==undefined){this.sRule=o}var m=n.match(/^([^=]+)=(.+)$/);if(m){this.setByAttrTypeAndValueStr(m[1],m[2])}else{throw new Error("malformed attrTypeAndValueStr: "+attrTypeAndValueStr)}};this._getDsType=function(){var o=this.sType;var n=this.sValue;var m=this.sRule;if(m==="prn"){if(o=="CN"&&f(n)){return"ia5"}if(j(n)){return"prn"}return"utf8"}else{if(m==="utf8"){if(o=="CN"&&f(n)){return"ia5"}if(o=="C"){return"prn"}return"utf8"}}return"utf8"};this.setByAttrTypeAndValueStr=function(o,n,m){if(m!==undefined){this.sRule=m}this.sType=o;this.sValue=n};this.getValueObj=function(n,m){if(n=="utf8"){return new l({str:m})}if(n=="prn"){return new i({str:m})}if(n=="tel"){return new h({str:m})}if(n=="ia5"){return new b({str:m})}if(n=="vis"){return new e({str:m})}if(n=="bmp"){return new k({str:m})}throw new Error("unsupported directory string type: type="+n+" value="+m)};this.tohex=function(){if(this.dsType==null){this.dsType=this._getDsType()}var n=KJUR.asn1.x509.OID.atype2obj(this.sType);var m=this.getValueObj(this.dsType,this.sValue);var p=new d({array:[n,m]});this.TLV=p.tohex();return this.TLV};this.getEncodedHex=function(){return this.tohex()};if(c!==undefined){this.setByParam(c)}};extendClass(KJUR.asn1.x509.AttributeTypeAndValue,KJUR.asn1.ASN1Object);KJUR.asn1.x509.SubjectPublicKeyInfo=function(f){KJUR.asn1.x509.SubjectPublicKeyInfo.superclass.constructor.call(this);var l=null,k=null,a=KJUR,j=a.asn1,i=j.DERInteger,b=j.DERBitString,m=j.DERObjectIdentifier,e=j.DERSequence,h=j.ASN1Util.newObject,d=j.x509,o=d.AlgorithmIdentifier,g=a.crypto,n=g.ECDSA,c=g.DSA;this.getASN1Object=function(){if(this.asn1AlgId==null||this.asn1SubjPKey==null){throw"algId and/or subjPubKey not set"}var p=new e({array:[this.asn1AlgId,this.asn1SubjPKey]});return p};this.tohex=function(){var p=this.getASN1Object();this.hTLV=p.tohex();return this.hTLV};this.getEncodedHex=function(){return this.tohex()};this.setPubKey=function(q){try{if(q instanceof RSAKey){var u=h({seq:[{"int":{bigint:q.n}},{"int":{"int":q.e}}]});var s=u.tohex();this.asn1AlgId=new o({name:"rsaEncryption"});this.asn1SubjPKey=new b({hex:"00"+s})}}catch(p){}try{if(q instanceof KJUR.crypto.ECDSA){var r=new m({name:q.curveName});this.asn1AlgId=new o({name:"ecPublicKey",asn1params:r});this.asn1SubjPKey=new b({hex:"00"+q.pubKeyHex})}}catch(p){}try{if(q instanceof KJUR.crypto.DSA){var r=new h({seq:[{"int":{bigint:q.p}},{"int":{bigint:q.q}},{"int":{bigint:q.g}}]});this.asn1AlgId=new o({name:"dsa",asn1params:r});var t=new i({bigint:q.y});this.asn1SubjPKey=new b({hex:"00"+t.tohex()})}}catch(p){}};if(f!==undefined){this.setPubKey(f)}};extendClass(KJUR.asn1.x509.SubjectPublicKeyInfo,KJUR.asn1.ASN1Object);KJUR.asn1.x509.Time=function(f){KJUR.asn1.x509.Time.superclass.constructor.call(this);var e=null,a=null,d=KJUR,c=d.asn1,b=c.DERUTCTime,g=c.DERGeneralizedTime;this.params=null;this.type=null;this.setTimeParams=function(h){this.timeParams=h};this.setByParam=function(h){this.params=h};this.getType=function(h){if(h.match(/^[0-9]{12}Z$/)){return"utc"}if(h.match(/^[0-9]{14}Z$/)){return"gen"}if(h.match(/^[0-9]{12}\.[0-9]+Z$/)){return"utc"}if(h.match(/^[0-9]{14}\.[0-9]+Z$/)){return"gen"}return null};this.tohex=function(){var i=this.params;var h=null;if(typeof i=="string"){i={str:i}}if(i!=null&&i.str&&(i.type==null||i.type==undefined)){i.type=this.getType(i.str)}if(i!=null&&i.str){if(i.type=="utc"){h=new b(i.str)}if(i.type=="gen"){h=new g(i.str)}}else{if(this.type=="gen"){h=new g()}else{h=new b()}}if(h==null){throw new Error("wrong setting for Time")}this.TLV=h.tohex();return this.TLV};this.getEncodedHex=function(){return this.tohex()};if(f!=undefined){this.setByParam(f)}};KJUR.asn1.x509.Time_bak=function(f){KJUR.asn1.x509.Time_bak.superclass.constructor.call(this);var e=null,a=null,d=KJUR,c=d.asn1,b=c.DERUTCTime,g=c.DERGeneralizedTime;this.setTimeParams=function(h){this.timeParams=h};this.tohex=function(){var h=null;if(this.timeParams!=null){if(this.type=="utc"){h=new b(this.timeParams)}else{h=new g(this.timeParams)}}else{if(this.type=="utc"){h=new b()}else{h=new g()}}this.TLV=h.tohex();return this.TLV};this.getEncodedHex=function(){return this.tohex()};this.type="utc";if(f!==undefined){if(f.type!==undefined){this.type=f.type}else{if(f.str!==undefined){if(f.str.match(/^[0-9]{12}Z$/)){this.type="utc"}if(f.str.match(/^[0-9]{14}Z$/)){this.type="gen"}}}this.timeParams=f}};extendClass(KJUR.asn1.x509.Time,KJUR.asn1.ASN1Object);KJUR.asn1.x509.AlgorithmIdentifier=function(e){KJUR.asn1.x509.AlgorithmIdentifier.superclass.constructor.call(this);this.nameAlg=null;this.asn1Alg=null;this.asn1Params=null;this.paramEmpty=false;var b=KJUR,a=b.asn1,c=a.x509.AlgorithmIdentifier.PSSNAME2ASN1TLV;this.tohex=function(){if(this.nameAlg===null&&this.asn1Alg===null){throw new Error("algorithm not specified")}if(this.nameAlg!==null){var f=null;for(var h in c){if(h===this.nameAlg){f=c[h]}}if(f!==null){this.hTLV=f;return this.hTLV}}if(this.nameAlg!==null&&this.asn1Alg===null){this.asn1Alg=a.x509.OID.name2obj(this.nameAlg)}var g=[this.asn1Alg];if(this.asn1Params!==null){g.push(this.asn1Params)}var i=new a.DERSequence({array:g});this.hTLV=i.tohex();return this.hTLV};this.getEncodedHex=function(){return this.tohex()};if(e!==undefined){if(e.name!==undefined){this.nameAlg=e.name}if(e.asn1params!==undefined){this.asn1Params=e.asn1params}if(e.paramempty!==undefined){this.paramEmpty=e.paramempty}}if(this.asn1Params===null&&this.paramEmpty===false&&this.nameAlg!==null){if(this.nameAlg.name!==undefined){this.nameAlg=this.nameAlg.name}var d=this.nameAlg.toLowerCase();if(d.substr(-7,7)!=="withdsa"&&d.substr(-9,9)!=="withecdsa"){this.asn1Params=new a.DERNull()}}};extendClass(KJUR.asn1.x509.AlgorithmIdentifier,KJUR.asn1.ASN1Object);KJUR.asn1.x509.AlgorithmIdentifier.PSSNAME2ASN1TLV={SHAwithRSAandMGF1:"300d06092a864886f70d01010a3000",SHA256withRSAandMGF1:"303d06092a864886f70d01010a3030a00d300b0609608648016503040201a11a301806092a864886f70d010108300b0609608648016503040201a203020120",SHA384withRSAandMGF1:"303d06092a864886f70d01010a3030a00d300b0609608648016503040202a11a301806092a864886f70d010108300b0609608648016503040202a203020130",SHA512withRSAandMGF1:"303d06092a864886f70d01010a3030a00d300b0609608648016503040203a11a301806092a864886f70d010108300b0609608648016503040203a203020140"};KJUR.asn1.x509.GeneralName=function(f){KJUR.asn1.x509.GeneralName.superclass.constructor.call(this);var l={rfc822:"81",dns:"82",dn:"a4",uri:"86",ip:"87",otherName:"a0"},b=KJUR,h=b.asn1,d=h.x509,a=d.X500Name,g=d.OtherName,e=h.DERIA5String,i=h.DERPrintableString,k=h.DEROctetString,c=h.DERTaggedObject,m=h.ASN1Object,j=Error;this.params=null;this.setByParam=function(n){this.params=n};this.tohex=function(){var p=this.params;var A,y,q;var y=false;if(p.other!==undefined){A="a0",q=new g(p.other)}else{if(p.rfc822!==undefined){A="81";q=new e({str:p.rfc822})}else{if(p.dns!==undefined){A="82";q=new e({str:p.dns})}else{if(p.dn!==undefined){A="a4";y=true;if(typeof p.dn==="string"){q=new a({str:p.dn})}else{if(p.dn instanceof KJUR.asn1.x509.X500Name){q=p.dn}else{q=new a(p.dn)}}}else{if(p.ldapdn!==undefined){A="a4";y=true;q=new a({ldapstr:p.ldapdn})}else{if(p.certissuer!==undefined||p.certsubj!==undefined){A="a4";y=true;var n,o;var z=null;if(p.certsubj!==undefined){n=false;o=p.certsubj}else{n=true;o=p.certissuer}if(o.match(/^[0-9A-Fa-f]+$/)){z==o}if(o.indexOf("-----BEGIN ")!=-1){z=pemtohex(o)}if(z==null){throw new Error("certsubj/certissuer not cert")}var w=new X509();w.hex=z;var s;if(n){s=w.getIssuerHex()}else{s=w.getSubjectHex()}q=new m();q.hTLV=s}else{if(p.uri!==undefined){A="86";q=new e({str:p.uri})}else{if(p.ip!==undefined){A="87";var v;var t=p.ip;try{if(t.match(/^[0-9a-f]+$/)){var r=t.length;if(r==8||r==16||r==32||r==64){v=t}else{throw"err"}}else{v=iptohex(t)}}catch(u){throw new j("malformed IP address: "+p.ip+":"+u.message)}q=new k({hex:v})}else{throw new j("improper params")}}}}}}}}var B=new c({tag:A,explicit:y,obj:q});return B.tohex()};this.getEncodedHex=function(){return this.tohex()};if(f!==undefined){this.setByParam(f)}};extendClass(KJUR.asn1.x509.GeneralName,KJUR.asn1.ASN1Object);KJUR.asn1.x509.GeneralNames=function(d){KJUR.asn1.x509.GeneralNames.superclass.constructor.call(this);var a=null,c=KJUR,b=c.asn1;this.setByParamArray=function(g){for(var e=0;e0){var m=b(n.valhex,q[0]);var p=j(m,0);var t=[];for(var o=0;o1){var r=b(n.valhex,q[1]);n.polhex=r}delete n.valhex};this.setSignaturePolicyIdentifier=function(s){var q=j(s.valhex,0);if(q.length>0){var r=l.getOID(s.valhex,q[0]);s.oid=r}if(q.length>1){var m=new a();var t=j(s.valhex,q[1]);var p=b(s.valhex,t[0]);var o=m.getAlgorithmIdentifierName(p);s.alg=o;var n=i(s.valhex,t[1]);s.hash=n}delete s.valhex};this.setSigningCertificateV2=function(o){var s=j(o.valhex,0);if(s.length>0){var n=b(o.valhex,s[0]);var r=j(n,0);var u=[];for(var q=0;q1){var t=b(o.valhex,s[1]);o.polhex=t}delete o.valhex};this.getESSCertID=function(o){var p={};var n=j(o,0);if(n.length>0){var q=i(o,n[0]);p.hash=q}if(n.length>1){var m=b(o,n[1]);var r=this.getIssuerSerial(m);if(r.serial!=undefined){p.serial=r.serial}if(r.issuer!=undefined){p.issuer=r.issuer}}return p};this.getESSCertIDv2=function(q){var s={};var p=j(q,0);if(p.length<1||3r+1){var m=b(q,p[r+1]);var t=this.getIssuerSerial(m);s.issuer=t.issuer;s.serial=t.serial}return s};this.getIssuerSerial=function(q){var r={};var n=j(q,0);var m=b(q,n[0]);var p=h.getGeneralNames(m);var o=p[0].dn;r.issuer=o;var s=i(q,n[1]);r.serial={hex:s};return r};this.getCertificateSet=function(p){var n=j(p,0);var m=[];for(var o=0;o=0;j--){l+=k[j]}return l}else{if(typeof n=="string"&&a[n]!=undefined){return namearraytobinstr([n],a)}else{if(typeof n=="object"&&n.length!=undefined){return namearraytobinstr(n,a)}else{throw new f("wrong params")}}}return};this.tohex=function(){var j=this.params;var i=this.getBinValue();return(new g({bin:i})).tohex()};this.getEncodedHex=function(){return this.tohex()};if(h!=undefined){this.setByParam(h)}};extendClass(KJUR.asn1.tsp.PKIFailureInfo,KJUR.asn1.ASN1Object);KJUR.asn1.tsp.AbstractTSAAdapter=function(a){this.getTSTHex=function(c,b){throw"not implemented yet"}};KJUR.asn1.tsp.SimpleTSAAdapter=function(e){var d=KJUR,c=d.asn1,a=c.tsp,b=d.crypto.Util.hashHex;a.SimpleTSAAdapter.superclass.constructor.call(this);this.params=null;this.serial=0;this.getTSTHex=function(g,f){var i=b(g,f);this.params.econtent.content.messageImprint={alg:f,hash:i};this.params.econtent.content.serial={"int":this.serial++};var h=Math.floor(Math.random()*1000000000);this.params.econtent.content.nonce={"int":h};var j=new a.TimeStampToken(this.params);return j.getContentInfoEncodedHex()};if(e!==undefined){this.params=e}};extendClass(KJUR.asn1.tsp.SimpleTSAAdapter,KJUR.asn1.tsp.AbstractTSAAdapter);KJUR.asn1.tsp.FixedTSAAdapter=function(e){var d=KJUR,c=d.asn1,a=c.tsp,b=d.crypto.Util.hashHex;a.FixedTSAAdapter.superclass.constructor.call(this);this.params=null;this.getTSTHex=function(g,f){var h=b(g,f);this.params.econtent.content.messageImprint={alg:f,hash:h};var i=new a.TimeStampToken(this.params);return i.getContentInfoEncodedHex()};if(e!==undefined){this.params=e}};extendClass(KJUR.asn1.tsp.FixedTSAAdapter,KJUR.asn1.tsp.AbstractTSAAdapter);KJUR.asn1.tsp.TSPUtil=new function(){};KJUR.asn1.tsp.TSPUtil.newTimeStampToken=function(a){return new KJUR.asn1.tsp.TimeStampToken(a)};KJUR.asn1.tsp.TSPUtil.parseTimeStampReq=function(a){var b=new KJUR.asn1.tsp.TSPParser();return b.getTimeStampReq(a)};KJUR.asn1.tsp.TSPUtil.parseMessageImprint=function(a){var b=new KJUR.asn1.tsp.TSPParser();return b.getMessageImprint(a)};KJUR.asn1.tsp.TSPParser=function(){var e=Error,a=X509,f=new a(),k=ASN1HEX,g=k.getV,b=k.getTLV,d=k.getIdxbyList,c=k.getTLVbyListEx,i=k.getChildIdx;var j=["granted","grantedWithMods","rejection","waiting","revocationWarning","revocationNotification"];var h={0:"badAlg",2:"badRequest",5:"badDataFormat",14:"timeNotAvailable",15:"unacceptedPolicy",16:"unacceptedExtension",17:"addInfoNotAvailable",25:"systemFailure"};this.getResponse=function(n){var l=i(n,0);if(l.length==1){return this.getPKIStatusInfo(b(n,l[0]))}else{if(l.length>1){var o=this.getPKIStatusInfo(b(n,l[0]));var m=b(n,l[1]);var p=this.getToken(m);p.statusinfo=o;return p}}};this.getToken=function(m){var l=new KJUR.asn1.cms.CMSParser;var n=l.getCMSSignedData(m);this.setTSTInfo(n);return n};this.setTSTInfo=function(l){var o=l.econtent;if(o.type=="tstinfo"){var n=o.content.hex;var m=this.getTSTInfo(n);o.content=m}};this.getTSTInfo=function(r){var x={};var s=i(r,0);var p=g(r,s[1]);x.policy=hextooid(p);var o=b(r,s[2]);x.messageImprint=this.getMessageImprint(o);var u=g(r,s[3]);x.serial={hex:u};var y=g(r,s[4]);x.genTime={str:hextoutf8(y)};var q=0;if(s.length>5&&r.substr(s[5],2)=="30"){var v=b(r,s[5]);x.accuracy=this.getAccuracy(v);q++}if(s.length>5+q&&r.substr(s[5+q],2)=="01"){var z=g(r,s[5+q]);if(z=="ff"){x.ordering=true}q++}if(s.length>5+q&&r.substr(s[5+q],2)=="02"){var n=g(r,s[5+q]);x.nonce={hex:n};q++}if(s.length>5+q&&r.substr(s[5+q],2)=="a0"){var m=b(r,s[5+q]);m="30"+m.substr(2);pGeneralNames=f.getGeneralNames(m);var t=pGeneralNames[0].dn;x.tsa=t;q++}if(s.length>5+q&&r.substr(s[5+q],2)=="a1"){var l=b(r,s[5+q]);l="30"+l.substr(2);var w=f.getExtParamArray(l);x.ext=w;q++}return x};this.getAccuracy=function(q){var r={};var o=i(q,0);for(var p=0;p1&&o.substr(r[1],2)=="30"){var m=b(o,r[1]);t.statusstr=this.getPKIFreeText(m);n++}if(r.length>n&&o.substr(r[1+n],2)=="03"){var q=b(o,r[1+n]);t.failinfo=this.getPKIFailureInfo(q)}return t};this.getPKIFreeText=function(n){var o=[];var l=i(n,0);for(var m=0;m>6);var i=128|(a&63);return hextoutf8(j.toString(16)+i.toString(16))}var j=224|((h&240)>>4);var i=128|((h&15)<<2)|((a&192)>>6);var g=128|(a&63);return hextoutf8(j.toString(16)+i.toString(16)+g.toString(16))}var c=d.match(/.{4}/g);var b=c.map(e);return b.join("")}function encodeURIComponentAll(a){var d=encodeURIComponent(a);var b="";for(var c=0;c"7"){return"00"+a}return a}function intarystrtohex(b){b=b.replace(/^\s*\[\s*/,"");b=b.replace(/\s*\]\s*$/,"");b=b.replace(/\s*/g,"");try{var c=b.split(/,/).map(function(g,e,h){var f=parseInt(g);if(f<0||255a.length){d=a.length}for(var b=0;b0){o=o+"."+k.join(".")}return o}catch(j){return null}}var strpad=function(c,b,a){if(a==undefined){a="0"}if(c.length>=b){return c}return new Array(b-c.length+1).join(a)+c};function bitstrtoint(e){if(e.length%2!=0){return -1}e=e.toLowerCase();if(e.match(/^[0-9a-f]+$/)==null){return -1}try{var a=e.substr(0,2);if(a=="00"){return parseInt(e.substr(2),16)}var b=parseInt(a,16);if(b>7){return -1}var g=e.substr(2);var d=parseInt(g,16).toString(2);if(d=="0"){d="00000000"}d=d.slice(0,0-b);var f=parseInt(d,2);if(f==NaN){return -1}return f}catch(c){return -1}}function inttobitstr(e){if(typeof e!="number"){return null}if(e<0){return null}var c=Number(e).toString(2);var b=8-c.length%8;if(b==8){b=0}c=c+strpad("",b,"0");var d=parseInt(c,2).toString(16);if(d.length%2==1){d="0"+d}var a="0"+b;return a+d}function bitstrtobinstr(g){if(typeof g!="string"){return null}if(g.length%2!=0){return null}if(!g.match(/^[0-9a-f]+$/)){return null}try{var c=parseInt(g.substr(0,2),16);if(c<0||7=0;a--){c+=b[a]}return c}function aryval(e,c,d){if(typeof e!="object"){return undefined}var c=String(c).split(".");for(var b=0;b>6);var i=128|(a&63);return hextoutf8(j.toString(16)+i.toString(16))}var j=224|((h&240)>>4);var i=128|((h&15)<<2)|((a&192)>>6);var g=128|(a&63);return hextoutf8(j.toString(16)+i.toString(16)+g.toString(16))}var c=d.match(/.{4}/g);var b=c.map(e);return b.join("")}function encodeURIComponentAll(a){var d=encodeURIComponent(a);var b="";for(var c=0;c"7"){return"00"+a}return a}function intarystrtohex(b){b=b.replace(/^\s*\[\s*/,"");b=b.replace(/\s*\]\s*$/,"");b=b.replace(/\s*/g,"");try{var c=b.split(/,/).map(function(g,e,h){var f=parseInt(g);if(f<0||255a.length){d=a.length}for(var b=0;b0){o=o+"."+k.join(".")}return o}catch(j){return null}}var strpad=function(c,b,a){if(a==undefined){a="0"}if(c.length>=b){return c}return new Array(b-c.length+1).join(a)+c};function bitstrtoint(e){if(e.length%2!=0){return -1}e=e.toLowerCase();if(e.match(/^[0-9a-f]+$/)==null){return -1}try{var a=e.substr(0,2);if(a=="00"){return parseInt(e.substr(2),16)}var b=parseInt(a,16);if(b>7){return -1}var g=e.substr(2);var d=parseInt(g,16).toString(2);if(d=="0"){d="00000000"}d=d.slice(0,0-b);var f=parseInt(d,2);if(f==NaN){return -1}return f}catch(c){return -1}}function inttobitstr(e){if(typeof e!="number"){return null}if(e<0){return null}var c=Number(e).toString(2);var b=8-c.length%8;if(b==8){b=0}c=c+strpad("",b,"0");var d=parseInt(c,2).toString(16);if(d.length%2==1){d="0"+d}var a="0"+b;return a+d}function bitstrtobinstr(g){if(typeof g!="string"){return null}if(g.length%2!=0){return null}if(!g.match(/^[0-9a-f]+$/)){return null}try{var c=parseInt(g.substr(0,2),16);if(c<0||7=0;a--){c+=b[a]}return c}function aryval(e,c,d){if(typeof e!="object"){return undefined}var c=String(c).split(".");for(var b=0;bd){throw"key is too short for SigAlg: keylen="+j+","+a}var b="0001";var k="00"+c;var g="";var l=d-b.length-k.length;for(var f=0;f=0;--u){v=v.twice2D();v.z=f.ONE;if(t.testBit(u)){if(s.testBit(u)){v=v.add2D(y)}else{v=v.add2D(x)}}else{if(s.testBit(u)){v=v.add2D(w)}}}return v}this.getBigRandom=function(r){return new f(r.bitLength(),a).mod(r.subtract(f.ONE)).add(f.ONE)};this.setNamedCurve=function(r){this.ecparams=c.getByName(r);this.prvKeyHex=null;this.pubKeyHex=null;this.curveName=r};this.setPrivateKeyHex=function(r){this.isPrivate=true;this.prvKeyHex=r};this.setPublicKeyHex=function(r){this.isPublic=true;this.pubKeyHex=r};this.getPublicKeyXYHex=function(){var t=this.pubKeyHex;if(t.substr(0,2)!=="04"){throw"this method supports uncompressed format(04) only"}var s=this.ecparams.keycharlen;if(t.length!==2+s*2){throw"malformed public key hex length"}var r={};r.x=t.substr(2,s);r.y=t.substr(2+s);return r};this.getShortNISTPCurveName=function(){var r=this.curveName;if(r==="secp256r1"||r==="NIST P-256"||r==="P-256"||r==="prime256v1"){return"P-256"}if(r==="secp384r1"||r==="NIST P-384"||r==="P-384"){return"P-384"}if(r==="secp521r1"||r==="NIST P-521"||r==="P-521"){return"P-521"}return null};this.generateKeyPairHex=function(){var s=this.ecparams.n;var u=this.getBigRandom(s);var r=this.ecparams.keycharlen;var t=("0000000000"+u.toString(16)).slice(-r);this.setPrivateKeyHex(t);var v=this.generatePublicKeyHex();return{ecprvhex:t,ecpubhex:v}};this.generatePublicKeyHex=function(){var u=new f(this.prvKeyHex,16);var w=this.ecparams.G.multiply(u);var t=w.getX().toBigInteger();var s=w.getY().toBigInteger();var r=this.ecparams.keycharlen;var y=("0000000000"+t.toString(16)).slice(-r);var v=("0000000000"+s.toString(16)).slice(-r);var x="04"+y+v;this.setPublicKeyHex(x);return x};this.signWithMessageHash=function(r){return this.signHex(r,this.prvKeyHex)};this.signHex=function(x,u){var A=new f(u,16);var v=this.ecparams.n;var z=new f(x.substring(0,this.ecparams.keycharlen),16);do{var w=this.getBigRandom(v);var B=this.ecparams.G;var y=B.multiply(w);var t=y.getX().toBigInteger().mod(v)}while(t.compareTo(f.ZERO)<=0);var C=w.modInverse(v).multiply(z.add(A.multiply(t))).mod(v);return m.biRSSigToASN1Sig(t,C)};this.sign=function(w,B){var z=B;var u=this.ecparams.n;var y=f.fromByteArrayUnsigned(w);do{var v=this.getBigRandom(u);var A=this.ecparams.G;var x=A.multiply(v);var t=x.getX().toBigInteger().mod(u)}while(t.compareTo(BigInteger.ZERO)<=0);var C=v.modInverse(u).multiply(y.add(z.multiply(t))).mod(u);return this.serializeSig(t,C)};this.verifyWithMessageHash=function(s,r){return this.verifyHex(s,r,this.pubKeyHex)};this.verifyHex=function(v,y,u){try{var t,B;var w=m.parseSigHex(y);t=w.r;B=w.s;var x=h.decodeFromHex(this.ecparams.curve,u);var z=new f(v.substring(0,this.ecparams.keycharlen),16);return this.verifyRaw(z,t,B,x)}catch(A){return false}};this.verify=function(z,A,u){var w,t;if(Bitcoin.Util.isArray(A)){var y=this.parseSig(A);w=y.r;t=y.s}else{if("object"===typeof A&&A.r&&A.s){w=A.r;t=A.s}else{throw"Invalid value for signature"}}var v;if(u instanceof ECPointFp){v=u}else{if(Bitcoin.Util.isArray(u)){v=h.decodeFrom(this.ecparams.curve,u)}else{throw"Invalid format for pubkey value, must be byte array or ECPointFp"}}var x=f.fromByteArrayUnsigned(z);return this.verifyRaw(x,w,t,v)};this.verifyRaw=function(z,t,E,y){var x=this.ecparams.n;var D=this.ecparams.G;if(t.compareTo(f.ONE)<0||t.compareTo(x)>=0){return false}if(E.compareTo(f.ONE)<0||E.compareTo(x)>=0){return false}var A=E.modInverse(x);var w=z.multiply(A).mod(x);var u=t.multiply(A).mod(x);var B=D.multiply(w).add(y.multiply(u));var C=B.getX().toBigInteger().mod(x);return C.equals(t)};this.serializeSig=function(v,u){var w=v.toByteArraySigned();var t=u.toByteArraySigned();var x=[];x.push(2);x.push(w.length);x=x.concat(w);x.push(2);x.push(t.length);x=x.concat(t);x.unshift(x.length);x.unshift(48);return x};this.parseSig=function(y){var x;if(y[0]!=48){throw new Error("Signature not a valid DERSequence")}x=2;if(y[x]!=2){throw new Error("First element in signature must be a DERInteger")}var w=y.slice(x+2,x+2+y[x+1]);x+=2+y[x+1];if(y[x]!=2){throw new Error("Second element in signature must be a DERInteger")}var t=y.slice(x+2,x+2+y[x+1]);x+=2+y[x+1];var v=f.fromByteArrayUnsigned(w);var u=f.fromByteArrayUnsigned(t);return{r:v,s:u}};this.parseSigCompact=function(w){if(w.length!==65){throw"Signature has the wrong length"}var t=w[0]-27;if(t<0||t>7){throw"Invalid signature type"}var x=this.ecparams.n;var v=f.fromByteArrayUnsigned(w.slice(1,33)).mod(x);var u=f.fromByteArrayUnsigned(w.slice(33,65)).mod(x);return{r:v,s:u,i:t}};this.readPKCS5PrvKeyHex=function(u){if(k(u)===false){throw new Error("not ASN.1 hex string")}var r,t,v;try{r=n(u,0,["[0]",0],"06");t=n(u,0,[1],"04");try{v=n(u,0,["[1]",0],"03")}catch(s){}}catch(s){throw new Error("malformed PKCS#1/5 plain ECC private key")}this.curveName=d(r);if(this.curveName===undefined){throw"unsupported curve name"}this.setNamedCurve(this.curveName);this.setPublicKeyHex(v);this.setPrivateKeyHex(t);this.isPublic=false};this.readPKCS8PrvKeyHex=function(v){if(k(v)===false){throw new j("not ASN.1 hex string")}var t,r,u,w;try{t=n(v,0,[1,0],"06");r=n(v,0,[1,1],"06");u=n(v,0,[2,0,1],"04");try{w=n(v,0,[2,0,"[1]",0],"03")}catch(s){}}catch(s){throw new j("malformed PKCS#8 plain ECC private key")}this.curveName=d(r);if(this.curveName===undefined){throw new j("unsupported curve name")}this.setNamedCurve(this.curveName);this.setPublicKeyHex(w);this.setPrivateKeyHex(u);this.isPublic=false};this.readPKCS8PubKeyHex=function(u){if(k(u)===false){throw new j("not ASN.1 hex string")}var t,r,v;try{t=n(u,0,[0,0],"06");r=n(u,0,[0,1],"06");v=n(u,0,[1],"03")}catch(s){throw new j("malformed PKCS#8 ECC public key")}this.curveName=d(r);if(this.curveName===null){throw new j("unsupported curve name")}this.setNamedCurve(this.curveName);this.setPublicKeyHex(v)};this.readCertPubKeyHex=function(t,v){if(k(t)===false){throw new j("not ASN.1 hex string")}var r,u;try{r=n(t,0,[0,5,0,1],"06");u=n(t,0,[0,5,1],"03")}catch(s){throw new j("malformed X.509 certificate ECC public key")}this.curveName=d(r);if(this.curveName===null){throw new j("unsupported curve name")}this.setNamedCurve(this.curveName);this.setPublicKeyHex(u)};if(e!==undefined){if(e.curve!==undefined){this.curveName=e.curve}}if(this.curveName===undefined){this.curveName=g}this.setNamedCurve(this.curveName);if(e!==undefined){if(e.prv!==undefined){this.setPrivateKeyHex(e.prv)}if(e.pub!==undefined){this.setPublicKeyHex(e.pub)}}};KJUR.crypto.ECDSA.parseSigHex=function(a){var b=KJUR.crypto.ECDSA.parseSigHexInHexRS(a);var d=new BigInteger(b.r,16);var c=new BigInteger(b.s,16);return{r:d,s:c}};KJUR.crypto.ECDSA.parseSigHexInHexRS=function(f){var j=ASN1HEX,i=j.getChildIdx,g=j.getV;j.checkStrictDER(f,0);if(f.substr(0,2)!="30"){throw new Error("signature is not a ASN.1 sequence")}var h=i(f,0);if(h.length!=2){throw new Error("signature shall have two elements")}var e=h[0];var d=h[1];if(f.substr(e,2)!="02"){throw new Error("1st item not ASN.1 integer")}if(f.substr(d,2)!="02"){throw new Error("2nd item not ASN.1 integer")}var c=g(f,e);var b=g(f,d);return{r:c,s:b}};KJUR.crypto.ECDSA.asn1SigToConcatSig=function(d){var e=KJUR.crypto.ECDSA.parseSigHexInHexRS(d);var b=e.r;var a=e.s;if(b.length>=130&&b.length<=134){if(b.length%2!=0){throw Error("unknown ECDSA sig r length error")}if(a.length%2!=0){throw Error("unknown ECDSA sig s length error")}if(b.substr(0,2)=="00"){b=b.substr(2)}if(a.substr(0,2)=="00"){a=a.substr(2)}var c=Math.max(b.length,a.length);b=("000000"+b).slice(-c);a=("000000"+a).slice(-c);return b+a}if(b.substr(0,2)=="00"&&(b.length%32)==2){b=b.substr(2)}if(a.substr(0,2)=="00"&&(a.length%32)==2){a=a.substr(2)}if((b.length%32)==30){b="00"+b}if((a.length%32)==30){a="00"+a}if(b.length%32!=0){throw Error("unknown ECDSA sig r length error")}if(a.length%32!=0){throw Error("unknown ECDSA sig s length error")}return b+a};KJUR.crypto.ECDSA.concatSigToASN1Sig=function(a){if(a.length%4!=0){throw Error("unknown ECDSA concatinated r-s sig length error")}var c=a.substr(0,a.length/2);var b=a.substr(a.length/2);return KJUR.crypto.ECDSA.hexRSSigToASN1Sig(c,b)};KJUR.crypto.ECDSA.hexRSSigToASN1Sig=function(b,a){var d=new BigInteger(b,16);var c=new BigInteger(a,16);return KJUR.crypto.ECDSA.biRSSigToASN1Sig(d,c)};KJUR.crypto.ECDSA.biRSSigToASN1Sig=function(f,d){var c=KJUR.asn1;var b=new c.DERInteger({bigint:f});var a=new c.DERInteger({bigint:d});var e=new c.DERSequence({array:[b,a]});return e.tohex()};KJUR.crypto.ECDSA.getName=function(a){if(a==="2b8104001f"){return"secp192k1"}if(a==="2a8648ce3d030107"){return"secp256r1"}if(a==="2b8104000a"){return"secp256k1"}if(a==="2b81040021"){return"secp224r1"}if(a==="2b81040022"){return"secp384r1"}if(a==="2b81040023"){return"secp521r1"}if("|secp256r1|NIST P-256|P-256|prime256v1|".indexOf(a)!==-1){return"secp256r1"}if("|secp256k1|".indexOf(a)!==-1){return"secp256k1"}if("|secp224r1|NIST P-224|P-224|".indexOf(a)!==-1){return"secp224r1"}if("|secp384r1|NIST P-384|P-384|".indexOf(a)!==-1){return"secp384r1"}if("|secp521r1|NIST P-521|P-521|".indexOf(a)!==-1){return"secp521r1"}return null}; if(typeof KJUR=="undefined"||!KJUR){KJUR={}}if(typeof KJUR.crypto=="undefined"||!KJUR.crypto){KJUR.crypto={}}KJUR.crypto.ECParameterDB=new function(){var b={};var c={};function a(d){return new BigInteger(d,16)}this.getByName=function(e){var d=e;if(typeof c[d]!="undefined"){d=c[e]}if(typeof b[d]!="undefined"){return b[d]}throw"unregistered EC curve name: "+d};this.regist=function(A,l,o,g,m,e,j,f,k,u,d,x){b[A]={};var s=a(o);var z=a(g);var y=a(m);var t=a(e);var w=a(j);var r=new ECCurveFp(s,z,y);var q=r.decodePointHex("04"+f+k);b[A]["name"]=A;b[A]["keylen"]=l;b[A]["keycharlen"]=Math.ceil(l/8)*2;b[A]["curve"]=r;b[A]["G"]=q;b[A]["n"]=t;b[A]["h"]=w;b[A]["oid"]=d;b[A]["info"]=x;for(var v=0;v=u*2){break}}var z={};z.keyhex=x.substr(0,i[q]["keylen"]*2);z.ivhex=x.substr(i[q]["keylen"]*2,i[q]["ivlen"]*2);return z};var b=function(p,v,r,w){var s=CryptoJS.enc.Base64.parse(p);var q=CryptoJS.enc.Hex.stringify(s);var u=i[v]["proc"];var t=u(q,r,w);return t};var h=function(p,s,q,u){var r=i[s]["eproc"];var t=r(p,q,u);return t};return{version:"1.0.0",parsePKCS5PEM:function(p){return n(p)},getKeyAndUnusedIvByPasscodeAndIvsalt:function(q,p,r){return j(q,p,r)},decryptKeyB64:function(p,r,q,s){return b(p,r,q,s)},getDecryptedKeyHex:function(y,x){var q=n(y);var t=q.type;var r=q.cipher;var p=q.ivsalt;var s=q.data;var w=j(r,x,p);var v=w.keyhex;var u=b(s,r,v,p);return u},getEncryptedPKCS5PEMFromPrvKeyHex:function(x,s,A,t,r){var p="";if(typeof t=="undefined"||t==null){t="AES-256-CBC"}if(typeof i[t]=="undefined"){throw new Error("KEYUTIL unsupported algorithm: "+t)}if(typeof r=="undefined"||r==null){var v=i[t]["ivlen"];var u=m(v);r=u.toUpperCase()}var z=j(t,A,r);var y=z.keyhex;var w=h(s,t,y,r);var q=w.replace(/(.{64})/g,"$1\r\n");var p="-----BEGIN "+x+" PRIVATE KEY-----\r\n";p+="Proc-Type: 4,ENCRYPTED\r\n";p+="DEK-Info: "+t+","+r+"\r\n";p+="\r\n";p+=q;p+="\r\n-----END "+x+" PRIVATE KEY-----\r\n";return p},parseHexOfEncryptedPKCS8:function(y){var B=ASN1HEX;var z=B.getChildIdx;var w=B.getV;var t={};var r=z(y,0);if(r.length!=2){throw new Error("malformed format: SEQUENCE(0).items != 2: "+r.length)}t.ciphertext=w(y,r[1]);var A=z(y,r[0]);if(A.length!=2){throw new Error("malformed format: SEQUENCE(0.0).items != 2: "+A.length)}if(w(y,A[0])!="2a864886f70d01050d"){throw new Error("this only supports pkcs5PBES2")}var p=z(y,A[1]);if(A.length!=2){throw new Error("malformed format: SEQUENCE(0.0.1).items != 2: "+p.length)}var q=z(y,p[1]);if(q.length!=2){throw new Error("malformed format: SEQUENCE(0.0.1.1).items != 2: "+q.length)}if(w(y,q[0])!="2a864886f70d0307"){throw"this only supports TripleDES"}t.encryptionSchemeAlg="TripleDES";t.encryptionSchemeIV=w(y,q[1]);var s=z(y,p[0]);if(s.length!=2){throw new Error("malformed format: SEQUENCE(0.0.1.0).items != 2: "+s.length)}if(w(y,s[0])!="2a864886f70d01050c"){throw new Error("this only supports pkcs5PBKDF2")}var x=z(y,s[1]);if(x.length<2){throw new Error("malformed format: SEQUENCE(0.0.1.0.1).items < 2: "+x.length)}t.pbkdf2Salt=w(y,x[0]);var u=w(y,x[1]);try{t.pbkdf2Iter=parseInt(u,16)}catch(v){throw new Error("malformed format pbkdf2Iter: "+u)}return t},getPBKDF2KeyHexFromParam:function(u,p){var t=CryptoJS.enc.Hex.parse(u.pbkdf2Salt);var q=u.pbkdf2Iter;var s=CryptoJS.PBKDF2(p,t,{keySize:192/32,iterations:q});var r=CryptoJS.enc.Hex.stringify(s);return r},_getPlainPKCS8HexFromEncryptedPKCS8PEM:function(x,y){var r=pemtohex(x,"ENCRYPTED PRIVATE KEY");var p=this.parseHexOfEncryptedPKCS8(r);var u=KEYUTIL.getPBKDF2KeyHexFromParam(p,y);var v={};v.ciphertext=CryptoJS.enc.Hex.parse(p.ciphertext);var t=CryptoJS.enc.Hex.parse(u);var s=CryptoJS.enc.Hex.parse(p.encryptionSchemeIV);var w=CryptoJS.TripleDES.decrypt(v,t,{iv:s});var q=CryptoJS.enc.Hex.stringify(w);return q},getKeyFromEncryptedPKCS8PEM:function(s,q){var p=this._getPlainPKCS8HexFromEncryptedPKCS8PEM(s,q);var r=this.getKeyFromPlainPrivatePKCS8Hex(p);return r},parsePlainPrivatePKCS8Hex:function(s){var v=ASN1HEX;var u=v.getChildIdx;var t=v.getV;var q={};q.algparam=null;if(s.substr(0,2)!="30"){throw new Error("malformed plain PKCS8 private key(code:001)")}var r=u(s,0);if(r.length<3){throw new Error("malformed plain PKCS8 private key(code:002)")}if(s.substr(r[1],2)!="30"){throw new Error("malformed PKCS8 private key(code:003)")}var p=u(s,r[1]);if(p.length!=2){throw new Error("malformed PKCS8 private key(code:004)")}if(s.substr(p[0],2)!="06"){throw new Error("malformed PKCS8 private key(code:005)")}q.algoid=t(s,p[0]);if(s.substr(p[1],2)=="06"){q.algparam=t(s,p[1])}if(s.substr(r[2],2)!="04"){throw new Error("malformed PKCS8 private key(code:006)")}q.keyidx=v.getVidx(s,r[2]);return q},getKeyFromPlainPrivatePKCS8PEM:function(q){var p=pemtohex(q,"PRIVATE KEY");var r=this.getKeyFromPlainPrivatePKCS8Hex(p);return r},getKeyFromPlainPrivatePKCS8Hex:function(p){var q=this.parsePlainPrivatePKCS8Hex(p);var r;if(q.algoid=="2a864886f70d010101"){r=new RSAKey()}else{if(q.algoid=="2a8648ce380401"){r=new KJUR.crypto.DSA()}else{if(q.algoid=="2a8648ce3d0201"){r=new KJUR.crypto.ECDSA()}else{throw new Error("unsupported private key algorithm")}}}r.readPKCS8PrvKeyHex(p);return r},_getKeyFromPublicPKCS8Hex:function(q){var p;var r=ASN1HEX.getVbyList(q,0,[0,0],"06");if(r==="2a864886f70d010101"){p=new RSAKey()}else{if(r==="2a8648ce380401"){p=new KJUR.crypto.DSA()}else{if(r==="2a8648ce3d0201"){p=new KJUR.crypto.ECDSA()}else{throw new Error("unsupported PKCS#8 public key hex")}}}p.readPKCS8PubKeyHex(q);return p},parsePublicRawRSAKeyHex:function(r){var u=ASN1HEX;var t=u.getChildIdx;var s=u.getV;var p={};if(r.substr(0,2)!="30"){throw new Error("malformed RSA key(code:001)")}var q=t(r,0);if(q.length!=2){throw new Error("malformed RSA key(code:002)")}if(r.substr(q[0],2)!="02"){throw new Error("malformed RSA key(code:003)")}p.n=s(r,q[0]);if(r.substr(q[1],2)!="02"){throw new Error("malformed RSA key(code:004)")}p.e=s(r,q[1]);return p},parsePublicPKCS8Hex:function(t){var v=ASN1HEX;var u=v.getChildIdx;var s=v.getV;var q={};q.algparam=null;var r=u(t,0);if(r.length!=2){throw new Error("outer DERSequence shall have 2 elements: "+r.length)}var w=r[0];if(t.substr(w,2)!="30"){throw new Error("malformed PKCS8 public key(code:001)")}var p=u(t,w);if(p.length!=2){throw new Error("malformed PKCS8 public key(code:002)")}if(t.substr(p[0],2)!="06"){throw new Error("malformed PKCS8 public key(code:003)")}q.algoid=s(t,p[0]);if(t.substr(p[1],2)=="06"){q.algparam=s(t,p[1])}else{if(t.substr(p[1],2)=="30"){q.algparam={};q.algparam.p=v.getVbyList(t,p[1],[0],"02");q.algparam.q=v.getVbyList(t,p[1],[1],"02");q.algparam.g=v.getVbyList(t,p[1],[2],"02")}}if(t.substr(r[1],2)!="03"){throw new Error("malformed PKCS8 public key(code:004)")}q.key=s(t,r[1]).substr(2);return q},}}();KEYUTIL.getKey=function(l,k,n){var G=ASN1HEX,L=G.getChildIdx,v=G.getV,d=G.getVbyList,c=KJUR.crypto,i=c.ECDSA,C=c.DSA,w=RSAKey,M=pemtohex,F=KEYUTIL;if(typeof w!="undefined"&&l instanceof w){return l}if(typeof i!="undefined"&&l instanceof i){return l}if(typeof C!="undefined"&&l instanceof C){return l}if(l.curve!==undefined&&l.xy!==undefined&&l.d===undefined){return new i({pub:l.xy,curve:l.curve})}if(l.curve!==undefined&&l.d!==undefined){return new i({prv:l.d,curve:l.curve})}if(l.kty===undefined&&l.n!==undefined&&l.e!==undefined&&l.d===undefined){var P=new w();P.setPublic(l.n,l.e);return P}if(l.kty===undefined&&l.n!==undefined&&l.e!==undefined&&l.d!==undefined&&l.p!==undefined&&l.q!==undefined&&l.dp!==undefined&&l.dq!==undefined&&l.co!==undefined&&l.qi===undefined){var P=new w();P.setPrivateEx(l.n,l.e,l.d,l.p,l.q,l.dp,l.dq,l.co);return P}if(l.kty===undefined&&l.n!==undefined&&l.e!==undefined&&l.d!==undefined&&l.p===undefined){var P=new w();P.setPrivate(l.n,l.e,l.d);return P}if(l.p!==undefined&&l.q!==undefined&&l.g!==undefined&&l.y!==undefined&&l.x===undefined){var P=new C();P.setPublic(l.p,l.q,l.g,l.y);return P}if(l.p!==undefined&&l.q!==undefined&&l.g!==undefined&&l.y!==undefined&&l.x!==undefined){var P=new C();P.setPrivate(l.p,l.q,l.g,l.y,l.x);return P}if(l.kty==="RSA"&&l.n!==undefined&&l.e!==undefined&&l.d===undefined){var P=new w();P.setPublic(b64utohex(l.n),b64utohex(l.e));return P}if(l.kty==="RSA"&&l.n!==undefined&&l.e!==undefined&&l.d!==undefined&&l.p!==undefined&&l.q!==undefined&&l.dp!==undefined&&l.dq!==undefined&&l.qi!==undefined){var P=new w();P.setPrivateEx(b64utohex(l.n),b64utohex(l.e),b64utohex(l.d),b64utohex(l.p),b64utohex(l.q),b64utohex(l.dp),b64utohex(l.dq),b64utohex(l.qi));return P}if(l.kty==="RSA"&&l.n!==undefined&&l.e!==undefined&&l.d!==undefined){var P=new w();P.setPrivate(b64utohex(l.n),b64utohex(l.e),b64utohex(l.d));return P}if(l.kty==="EC"&&l.crv!==undefined&&l.x!==undefined&&l.y!==undefined&&l.d===undefined){var j=new i({curve:l.crv});var t=j.ecparams.keycharlen;var B=("0000000000"+b64utohex(l.x)).slice(-t);var z=("0000000000"+b64utohex(l.y)).slice(-t);var u="04"+B+z;j.setPublicKeyHex(u);return j}if(l.kty==="EC"&&l.crv!==undefined&&l.x!==undefined&&l.y!==undefined&&l.d!==undefined){var j=new i({curve:l.crv});var t=j.ecparams.keycharlen;var B=("0000000000"+b64utohex(l.x)).slice(-t);var z=("0000000000"+b64utohex(l.y)).slice(-t);var u="04"+B+z;var b=("0000000000"+b64utohex(l.d)).slice(-t);j.setPublicKeyHex(u);j.setPrivateKeyHex(b);return j}if(n==="pkcs5prv"){var J=l,G=ASN1HEX,N,P;N=L(J,0);if(N.length===9){P=new w();P.readPKCS5PrvKeyHex(J)}else{if(N.length===6){P=new C();P.readPKCS5PrvKeyHex(J)}else{if(N.length>2&&J.substr(N[1],2)==="04"){P=new i();P.readPKCS5PrvKeyHex(J)}else{throw new Error("unsupported PKCS#1/5 hexadecimal key")}}}return P}if(n==="pkcs8prv"){var P=F.getKeyFromPlainPrivatePKCS8Hex(l);return P}if(n==="pkcs8pub"){return F._getKeyFromPublicPKCS8Hex(l)}if(n==="x509pub"){return X509.getPublicKeyFromCertHex(l)}if(l.indexOf("-END CERTIFICATE-",0)!=-1||l.indexOf("-END X509 CERTIFICATE-",0)!=-1||l.indexOf("-END TRUSTED CERTIFICATE-",0)!=-1){return X509.getPublicKeyFromCertPEM(l)}if(l.indexOf("-END PUBLIC KEY-")!=-1){var O=pemtohex(l,"PUBLIC KEY");return F._getKeyFromPublicPKCS8Hex(O)}if(l.indexOf("-END RSA PRIVATE KEY-")!=-1&&l.indexOf("4,ENCRYPTED")==-1){var m=M(l,"RSA PRIVATE KEY");return F.getKey(m,null,"pkcs5prv")}if(l.indexOf("-END DSA PRIVATE KEY-")!=-1&&l.indexOf("4,ENCRYPTED")==-1){var I=M(l,"DSA PRIVATE KEY");var E=d(I,0,[1],"02");var D=d(I,0,[2],"02");var K=d(I,0,[3],"02");var r=d(I,0,[4],"02");var s=d(I,0,[5],"02");var P=new C();P.setPrivate(new BigInteger(E,16),new BigInteger(D,16),new BigInteger(K,16),new BigInteger(r,16),new BigInteger(s,16));return P}if(l.indexOf("-END EC PRIVATE KEY-")!=-1&&l.indexOf("4,ENCRYPTED")==-1){var m=M(l,"EC PRIVATE KEY");return F.getKey(m,null,"pkcs5prv")}if(l.indexOf("-END PRIVATE KEY-")!=-1){return F.getKeyFromPlainPrivatePKCS8PEM(l)}if(l.indexOf("-END RSA PRIVATE KEY-")!=-1&&l.indexOf("4,ENCRYPTED")!=-1){var o=F.getDecryptedKeyHex(l,k);var H=new RSAKey();H.readPKCS5PrvKeyHex(o);return H}if(l.indexOf("-END EC PRIVATE KEY-")!=-1&&l.indexOf("4,ENCRYPTED")!=-1){var I=F.getDecryptedKeyHex(l,k);var P=d(I,0,[1],"04");var f=d(I,0,[2,0],"06");var A=d(I,0,[3,0],"03").substr(2);var e="";if(KJUR.crypto.OID.oidhex2name[f]!==undefined){e=KJUR.crypto.OID.oidhex2name[f]}else{throw new Error("undefined OID(hex) in KJUR.crypto.OID: "+f)}var j=new i({curve:e});j.setPublicKeyHex(A);j.setPrivateKeyHex(P);j.isPublic=false;return j}if(l.indexOf("-END DSA PRIVATE KEY-")!=-1&&l.indexOf("4,ENCRYPTED")!=-1){var I=F.getDecryptedKeyHex(l,k);var E=d(I,0,[1],"02");var D=d(I,0,[2],"02");var K=d(I,0,[3],"02");var r=d(I,0,[4],"02");var s=d(I,0,[5],"02");var P=new C();P.setPrivate(new BigInteger(E,16),new BigInteger(D,16),new BigInteger(K,16),new BigInteger(r,16),new BigInteger(s,16));return P}if(l.indexOf("-END ENCRYPTED PRIVATE KEY-")!=-1){return F.getKeyFromEncryptedPKCS8PEM(l,k)}throw new Error("not supported argument")};KEYUTIL.generateKeypair=function(a,c){if(a=="RSA"){var b=c;var h=new RSAKey();h.generate(b,"10001");h.isPrivate=true;h.isPublic=true;var f=new RSAKey();var e=h.n.toString(16);var i=h.e.toString(16);f.setPublic(e,i);f.isPrivate=false;f.isPublic=true;var k={};k.prvKeyObj=h;k.pubKeyObj=f;return k}else{if(a=="EC"){var d=c;var g=new KJUR.crypto.ECDSA({curve:d});var j=g.generateKeyPairHex();var h=new KJUR.crypto.ECDSA({curve:d});h.setPublicKeyHex(j.ecpubhex);h.setPrivateKeyHex(j.ecprvhex);h.isPrivate=true;h.isPublic=false;var f=new KJUR.crypto.ECDSA({curve:d});f.setPublicKeyHex(j.ecpubhex);f.isPrivate=false;f.isPublic=true;var k={};k.prvKeyObj=h;k.pubKeyObj=f;return k}else{throw new Error("unknown algorithm: "+a)}}};KEYUTIL.getPEM=function(b,D,y,m,q,j){var F=KJUR,k=F.asn1,z=k.DERObjectIdentifier,f=k.DERInteger,l=k.ASN1Util.newObject,a=k.x509,C=a.SubjectPublicKeyInfo,e=F.crypto,u=e.DSA,r=e.ECDSA,n=RSAKey;function A(s){var H=l({seq:[{"int":0},{"int":{bigint:s.n}},{"int":s.e},{"int":{bigint:s.d}},{"int":{bigint:s.p}},{"int":{bigint:s.q}},{"int":{bigint:s.dmp1}},{"int":{bigint:s.dmq1}},{"int":{bigint:s.coeff}}]});return H}function B(H){var s=l({seq:[{"int":1},{octstr:{hex:H.prvKeyHex}},{tag:["a0",true,{oid:{name:H.curveName}}]},{tag:["a1",true,{bitstr:{hex:"00"+H.pubKeyHex}}]}]});return s}function x(s){var H=l({seq:[{"int":0},{"int":{bigint:s.p}},{"int":{bigint:s.q}},{"int":{bigint:s.g}},{"int":{bigint:s.y}},{"int":{bigint:s.x}}]});return H}if(((n!==undefined&&b instanceof n)||(u!==undefined&&b instanceof u)||(r!==undefined&&b instanceof r))&&b.isPublic==true&&(D===undefined||D=="PKCS8PUB")){var E=new C(b);var w=E.tohex();return hextopem(w,"PUBLIC KEY")}if(D=="PKCS1PRV"&&n!==undefined&&b instanceof n&&(y===undefined||y==null)&&b.isPrivate==true){var E=A(b);var w=E.tohex();return hextopem(w,"RSA PRIVATE KEY")}if(D=="PKCS1PRV"&&r!==undefined&&b instanceof r&&(y===undefined||y==null)&&b.isPrivate==true){var i=new z({name:b.curveName});var v=i.tohex();var h=B(b);var t=h.tohex();var p="";p+=hextopem(v,"EC PARAMETERS");p+=hextopem(t,"EC PRIVATE KEY");return p}if(D=="PKCS1PRV"&&u!==undefined&&b instanceof u&&(y===undefined||y==null)&&b.isPrivate==true){var E=x(b);var w=E.tohex();return hextopem(w,"DSA PRIVATE KEY")}if(D=="PKCS5PRV"&&n!==undefined&&b instanceof n&&(y!==undefined&&y!=null)&&b.isPrivate==true){var E=A(b);var w=E.tohex();if(m===undefined){m="DES-EDE3-CBC"}return this.getEncryptedPKCS5PEMFromPrvKeyHex("RSA",w,y,m,j)}if(D=="PKCS5PRV"&&r!==undefined&&b instanceof r&&(y!==undefined&&y!=null)&&b.isPrivate==true){var E=B(b);var w=E.tohex();if(m===undefined){m="DES-EDE3-CBC"}return this.getEncryptedPKCS5PEMFromPrvKeyHex("EC",w,y,m,j)}if(D=="PKCS5PRV"&&u!==undefined&&b instanceof u&&(y!==undefined&&y!=null)&&b.isPrivate==true){var E=x(b);var w=E.tohex();if(m===undefined){m="DES-EDE3-CBC"}return this.getEncryptedPKCS5PEMFromPrvKeyHex("DSA",w,y,m,j)}var o=function(H,s){var J=c(H,s);var I=new l({seq:[{seq:[{oid:{name:"pkcs5PBES2"}},{seq:[{seq:[{oid:{name:"pkcs5PBKDF2"}},{seq:[{octstr:{hex:J.pbkdf2Salt}},{"int":J.pbkdf2Iter}]}]},{seq:[{oid:{name:"des-EDE3-CBC"}},{octstr:{hex:J.encryptionSchemeIV}}]}]}]},{octstr:{hex:J.ciphertext}}]});return I.tohex()};var c=function(O,P){var I=100;var N=CryptoJS.lib.WordArray.random(8);var M="DES-EDE3-CBC";var s=CryptoJS.lib.WordArray.random(8);var J=CryptoJS.PBKDF2(P,N,{keySize:192/32,iterations:I});var K=CryptoJS.enc.Hex.parse(O);var L=CryptoJS.TripleDES.encrypt(K,J,{iv:s})+"";var H={};H.ciphertext=L;H.pbkdf2Salt=CryptoJS.enc.Hex.stringify(N);H.pbkdf2Iter=I;H.encryptionSchemeAlg=M;H.encryptionSchemeIV=CryptoJS.enc.Hex.stringify(s);return H};if(D=="PKCS8PRV"&&n!=undefined&&b instanceof n&&b.isPrivate==true){var g=A(b);var d=g.tohex();var E=l({seq:[{"int":0},{seq:[{oid:{name:"rsaEncryption"}},{"null":true}]},{octstr:{hex:d}}]});var w=E.tohex();if(y===undefined||y==null){return hextopem(w,"PRIVATE KEY")}else{var t=o(w,y);return hextopem(t,"ENCRYPTED PRIVATE KEY")}}if(D=="PKCS8PRV"&&r!==undefined&&b instanceof r&&b.isPrivate==true){var G={seq:[{"int":1},{octstr:{hex:b.prvKeyHex}}]};if(typeof b.pubKeyHex=="string"){G.seq.push({tag:["a1",true,{bitstr:{hex:"00"+b.pubKeyHex}}]})}var g=new l(G);var d=g.tohex();var E=l({seq:[{"int":0},{seq:[{oid:{name:"ecPublicKey"}},{oid:{name:b.curveName}}]},{octstr:{hex:d}}]});var w=E.tohex();if(y===undefined||y==null){return hextopem(w,"PRIVATE KEY")}else{var t=o(w,y);return hextopem(t,"ENCRYPTED PRIVATE KEY")}}if(D=="PKCS8PRV"&&u!==undefined&&b instanceof u&&b.isPrivate==true){var g=new f({bigint:b.x});var d=g.tohex();var E=l({seq:[{"int":0},{seq:[{oid:{name:"dsa"}},{seq:[{"int":{bigint:b.p}},{"int":{bigint:b.q}},{"int":{bigint:b.g}}]}]},{octstr:{hex:d}}]});var w=E.tohex();if(y===undefined||y==null){return hextopem(w,"PRIVATE KEY")}else{var t=o(w,y);return hextopem(t,"ENCRYPTED PRIVATE KEY")}}throw new Error("unsupported object nor format")};KEYUTIL.getKeyFromCSRPEM=function(b){var a=pemtohex(b,"CERTIFICATE REQUEST");var c=KEYUTIL.getKeyFromCSRHex(a);return c};KEYUTIL.getKeyFromCSRHex=function(a){var c=KEYUTIL.parseCSRHex(a);var b=KEYUTIL.getKey(c.p8pubkeyhex,null,"pkcs8pub");return b};KEYUTIL.parseCSRHex=function(d){var i=ASN1HEX;var f=i.getChildIdx;var c=i.getTLV;var b={};var g=d;if(g.substr(0,2)!="30"){throw new Error("malformed CSR(code:001)")}var e=f(g,0);if(e.length<1){throw new Error("malformed CSR(code:002)")}if(g.substr(e[0],2)!="30"){throw new Error("malformed CSR(code:003)")}var a=f(g,e[0]);if(a.length<3){throw new Error("malformed CSR(code:004)")}b.p8pubkeyhex=c(g,a[2]);return b};KEYUTIL.getKeyID=function(f){var c=KEYUTIL;var e=ASN1HEX;if(typeof f==="string"&&f.indexOf("BEGIN ")!=-1){f=c.getKey(f)}var d=pemtohex(c.getPEM(f));var b=e.getIdxbyList(d,0,[1]);var a=e.getV(d,b).substring(2);return KJUR.crypto.Util.hashHex(a,"sha1")};KEYUTIL.getJWK=function(d,h,g,b,f){var i;var k={};var e;var c=KJUR.crypto.Util.hashHex;if(typeof d=="string"){i=KEYUTIL.getKey(d);if(d.indexOf("CERTIFICATE")!=-1){e=pemtohex(d)}}else{if(typeof d=="object"){if(d instanceof X509){i=d.getPublicKey();e=d.hex}else{i=d}}else{throw new Error("unsupported keyinfo type")}}if(i instanceof RSAKey&&i.isPrivate){k.kty="RSA";k.n=hextob64u(i.n.toString(16));k.e=hextob64u(i.e.toString(16));k.d=hextob64u(i.d.toString(16));k.p=hextob64u(i.p.toString(16));k.q=hextob64u(i.q.toString(16));k.dp=hextob64u(i.dmp1.toString(16));k.dq=hextob64u(i.dmq1.toString(16));k.qi=hextob64u(i.coeff.toString(16))}else{if(i instanceof RSAKey&&i.isPublic){k.kty="RSA";k.n=hextob64u(i.n.toString(16));k.e=hextob64u(i.e.toString(16))}else{if(i instanceof KJUR.crypto.ECDSA&&i.isPrivate){var a=i.getShortNISTPCurveName();if(a!=="P-256"&&a!=="P-384"&&a!=="P-521"){throw new Error("unsupported curve name for JWT: "+a)}var j=i.getPublicKeyXYHex();k.kty="EC";k.crv=a;k.x=hextob64u(j.x);k.y=hextob64u(j.y);k.d=hextob64u(i.prvKeyHex)}else{if(i instanceof KJUR.crypto.ECDSA&&i.isPublic){var a=i.getShortNISTPCurveName();if(a!=="P-256"&&a!=="P-384"&&a!=="P-521"){throw new Error("unsupported curve name for JWT: "+a)}var j=i.getPublicKeyXYHex();k.kty="EC";k.crv=a;k.x=hextob64u(j.x);k.y=hextob64u(j.y)}}}}if(k.kty==undefined){throw new Error("unsupported keyinfo")}if((!i.isPrivate)&&h!=true){k.kid=KJUR.jws.JWS.getJWKthumbprint(k)}if(e!=undefined&&g!=true){k.x5c=[hex2b64(e)]}if(e!=undefined&&b!=true){k.x5t=b64tob64u(hex2b64(c(e,"sha1")))}if(e!=undefined&&f!=true){k["x5t#S256"]=b64tob64u(hex2b64(c(e,"sha256")))}return k};KEYUTIL.getJWKFromKey=function(a){return KEYUTIL.getJWK(a,true,true,true,true)}; RSAKey.getPosArrayOfChildrenFromHex=function(a){return ASN1HEX.getChildIdx(a,0)};RSAKey.getHexValueArrayOfChildrenFromHex=function(f){var n=ASN1HEX;var i=n.getV;var k=RSAKey.getPosArrayOfChildrenFromHex(f);var e=i(f,k[0]);var j=i(f,k[1]);var b=i(f,k[2]);var c=i(f,k[3]);var h=i(f,k[4]);var g=i(f,k[5]);var m=i(f,k[6]);var l=i(f,k[7]);var d=i(f,k[8]);var k=new Array();k.push(e,j,b,c,h,g,m,l,d);return k};RSAKey.prototype.readPrivateKeyFromPEMString=function(d){var c=pemtohex(d);var b=RSAKey.getHexValueArrayOfChildrenFromHex(c);this.setPrivateEx(b[1],b[2],b[3],b[4],b[5],b[6],b[7],b[8])};RSAKey.prototype.readPKCS5PrvKeyHex=function(c){var b=RSAKey.getHexValueArrayOfChildrenFromHex(c);this.setPrivateEx(b[1],b[2],b[3],b[4],b[5],b[6],b[7],b[8])};RSAKey.prototype.readPKCS8PrvKeyHex=function(e){var c,i,k,b,a,f,d,j;var m=ASN1HEX;var l=m.getVbyListEx;if(m.isASN1HEX(e)===false){throw new Error("not ASN.1 hex string")}try{c=l(e,0,[2,0,1],"02");i=l(e,0,[2,0,2],"02");k=l(e,0,[2,0,3],"02");b=l(e,0,[2,0,4],"02");a=l(e,0,[2,0,5],"02");f=l(e,0,[2,0,6],"02");d=l(e,0,[2,0,7],"02");j=l(e,0,[2,0,8],"02")}catch(g){throw new Error("malformed PKCS#8 plain RSA private key")}this.setPrivateEx(c,i,k,b,a,f,d,j)};RSAKey.prototype.readPKCS5PubKeyHex=function(c){var e=ASN1HEX;var b=e.getV;if(e.isASN1HEX(c)===false){throw new Error("keyHex is not ASN.1 hex string")}var a=e.getChildIdx(c,0);if(a.length!==2||c.substr(a[0],2)!=="02"||c.substr(a[1],2)!=="02"){throw new Error("wrong hex for PKCS#5 public key")}var f=b(c,a[0]);var d=b(c,a[1]);this.setPublic(f,d)};RSAKey.prototype.readPKCS8PubKeyHex=function(b){var c=ASN1HEX;if(c.isASN1HEX(b)===false){throw new Error("not ASN.1 hex string")}if(c.getTLVbyListEx(b,0,[0,0])!=="06092a864886f70d010101"){throw new Error("not PKCS8 RSA public key")}var a=c.getTLVbyListEx(b,0,[1,0]);this.readPKCS5PubKeyHex(a)};RSAKey.prototype.readCertPubKeyHex=function(b,d){var a,c;a=new X509();a.readCertHex(b);c=a.getPublicKeyHex();this.readPKCS8PubKeyHex(c)}; var _RE_HEXDECONLY=new RegExp("[^0-9a-f]","gi");function _rsasign_getHexPaddedDigestInfoForString(d,e,a){var b=function(f){return KJUR.crypto.Util.hashString(f,a)};var c=b(d);return KJUR.crypto.Util.getPaddedDigestInfoHex(c,a,e)}function _zeroPaddingOfSignature(e,d){var c="";var a=d/4-e.length;for(var b=0;b>24,(d&16711680)>>16,(d&65280)>>8,d&255]))));d+=1}return b}RSAKey.prototype.signPSS=function(e,a,d){var c=function(f){return KJUR.crypto.Util.hashHex(f,a)};var b=c(rstrtohex(e));if(d===undefined){d=-1}return this.signWithMessageHashPSS(b,a,d)};RSAKey.prototype.signWithMessageHashPSS=function(l,a,k){var b=hextorstr(l);var g=b.length;var m=this.n.bitLength()-1;var c=Math.ceil(m/8);var d;var o=function(i){return KJUR.crypto.Util.hashHex(i,a)};if(k===-1||k===undefined){k=g}else{if(k===-2){k=c-g-2}else{if(k<-2){throw new Error("invalid salt length")}}}if(c<(g+k+2)){throw new Error("data too long")}var f="";if(k>0){f=new Array(k);new SecureRandom().nextBytes(f);f=String.fromCharCode.apply(String,f)}var n=hextorstr(o(rstrtohex("\x00\x00\x00\x00\x00\x00\x00\x00"+b+f)));var j=[];for(d=0;d>(8*c-m))&255;q[0]&=~p;for(d=0;dk){return false}var j=this.doPublic(b);var i=j.toString(16);if(i.length+3!=k/4){return false}var e=i.replace(/^1f+00/,"");var g=_rsasign_getAlgNameAndHashFromHexDisgestInfo(e);if(g.length==0){return false}var d=g[0];var h=g[1];var a=function(m){return KJUR.crypto.Util.hashString(m,d)};var c=a(f);return(h==c)};RSAKey.prototype.verifyWithMessageHash=function(e,a){if(a.length!=Math.ceil(this.n.bitLength()/4)){return false}var b=parseBigInt(a,16);if(b.bitLength()>this.n.bitLength()){return 0}var h=this.doPublic(b);var g=h.toString(16).replace(/^1f+00/,"");var c=_rsasign_getAlgNameAndHashFromHexDisgestInfo(g);if(c.length==0){return false}var d=c[0];var f=c[1];return(f==e)};RSAKey.prototype.verifyPSS=function(c,b,a,f){var e=function(g){return KJUR.crypto.Util.hashHex(g,a)};var d=e(rstrtohex(c));if(f===undefined){f=-1}return this.verifyWithMessageHashPSS(d,b,a,f)};RSAKey.prototype.verifyWithMessageHashPSS=function(f,s,l,c){if(s.length!=Math.ceil(this.n.bitLength()/4)){return false}var k=new BigInteger(s,16);var r=function(i){return KJUR.crypto.Util.hashHex(i,l)};var j=hextorstr(f);var h=j.length;var g=this.n.bitLength()-1;var m=Math.ceil(g/8);var q;if(c===-1||c===undefined){c=h}else{if(c===-2){c=m-h-2}else{if(c<-2){throw new Error("invalid salt length")}}}if(m<(h+c+2)){throw new Error("data too long")}var a=this.doPublic(k).toByteArray();for(q=0;q>(8*m-g))&255;if((d.charCodeAt(0)&p)!==0){throw new Error("bits beyond keysize not zero")}var n=pss_mgf1_str(e,d.length,r);var o=[];for(q=0;q0){return z}return undefined}catch(B){return undefined}};this._asn1ToNoticeRef=function(F){try{var A={};var B=aryval(F,"seq");for(var D=0;D0){return A}return undefined}catch(C){return undefined}};this._asn1ToNoticeNum=function(E){try{var A=aryval(E,"seq");var z=[];for(var C=0;C1){var G=b(C,B[1]);var A=this.getGeneralName(G);if(A.uri!=undefined){z.uri=A.uri}}if(B.length>2){var D=b(C,B[2]);if(D=="0101ff"){z.reqauth=true}if(D=="010100"){z.reqauth=false}}return z};var e=function(E){var z={};try{var B=E.seq[0].oid;var D=KJUR.asn1.x509.OID.name2oid(B);z.type=KJUR.asn1.x509.OID.oid2atype(D);var A=E.seq[1];if(A.utf8str!=undefined){z.ds="utf8";z.value=A.utf8str.str}else{if(A.numstr!=undefined){z.ds="num";z.value=A.numstr.str}else{if(A.telstr!=undefined){z.ds="tel";z.value=A.telstr.str}else{if(A.prnstr!=undefined){z.ds="prn";z.value=A.prnstr.str}else{if(A.ia5str!=undefined){z.ds="ia5";z.value=A.ia5str.str}else{if(A.visstr!=undefined){z.ds="vis";z.value=A.visstr.str}else{if(A.bmpstr!=undefined){z.ds="bmp";z.value=A.bmpstr.str}else{throw"error"}}}}}}}return z}catch(C){throw new Erorr("improper ASN.1 parsed AttrTypeAndValue")}};var i=function(A){try{return A.set.map(function(B){return e(B)})}catch(z){throw new Error("improper ASN.1 parsed RDN: "+z)}};var h=function(A){try{return A.seq.map(function(B){return i(B)})}catch(z){throw new Error("improper ASN.1 parsed X500Name: "+z)}};this.getX500NameRule=function(z){var G=true;var K=true;var J=false;var A="";var D="";var M=null;var H=[];for(var C=0;C0){z.ext=this.getExtParamArray()}z.sighex=this.getSignatureValueHex();if(A.tbshex==true){z.tbshex=a(this.hex,0,[0])}if(A.nodnarray==true){delete z.issuer.array;delete z.subject.array}return z};this.getExtParamArray=function(A){if(A==undefined){var C=f(this.hex,0,[0,"[3]"]);if(C!=-1){A=q(this.hex,0,[0,"[3]",0],"30")}}var z=[];var B=s(A,0);for(var D=0;D0){return z}return undefined}catch(B){return undefined}};this._asn1ToNoticeRef=function(F){try{var A={};var B=aryval(F,"seq");for(var D=0;D0){return A}return undefined}catch(C){return undefined}};this._asn1ToNoticeNum=function(E){try{var A=aryval(E,"seq");var z=[];for(var C=0;C1){var G=b(C,B[1]);var A=this.getGeneralName(G);if(A.uri!=undefined){z.uri=A.uri}}if(B.length>2){var D=b(C,B[2]);if(D=="0101ff"){z.reqauth=true}if(D=="010100"){z.reqauth=false}}return z};this.getExtSubjectDirectoryAttributes=function(H,G){if(H===undefined&&G===undefined){var B=this.getExtInfo("subjectDirectoryAttributes");if(B===undefined){return undefined}H=b(this.hex,B.vidx);G=B.critical}var I={extname:"subjectDirectoryAttributes"};if(G){I.critical=true}try{var z=j(H);for(var D=0;D0){z.ext=this.getExtParamArray()}z.sighex=this.getSignatureValueHex();if(A.tbshex==true){z.tbshex=a(this.hex,0,[0])}if(A.nodnarray==true){delete z.issuer.array;delete z.subject.array}return z};this.getExtParamArray=function(A){if(A==undefined){var C=f(this.hex,0,[0,"[3]"]);if(C!=-1){A=q(this.hex,0,[0,"[3]",0],"30")}}var z=[];var B=s(A,0);for(var D=0;D0){var b=":"+n.join(":")+":";if(b.indexOf(":"+k+":")==-1){throw"algorithm '"+k+"' not accepted in the list"}}if(k!="none"&&B===null){throw"key shall be specified to verify."}if(typeof B=="string"&&B.indexOf("-----BEGIN ")!=-1){B=KEYUTIL.getKey(B)}if(z=="RS"||z=="PS"){if(!(B instanceof m)){throw"key shall be a RSAKey obj for RS* and PS* algs"}}if(z=="ES"){if(!(B instanceof p)){throw"key shall be a ECDSA obj for ES* algs"}}if(k=="none"){}var u=null;if(t.jwsalg2sigalg[l.alg]===undefined){throw"unsupported alg name: "+k}else{u=t.jwsalg2sigalg[k]}if(u=="none"){throw"not supported"}else{if(u.substr(0,4)=="Hmac"){var o=null;if(B===undefined){throw"hexadecimal key shall be specified for HMAC"}var j=new s({alg:u,pass:B});j.updateString(c);o=j.doFinal();return A==o}else{if(u.indexOf("withECDSA")!=-1){var h=null;try{h=p.concatSigToASN1Sig(A)}catch(v){return false}var g=new d({alg:u});g.init(B);g.updateString(c);return g.verify(h)}else{var g=new d({alg:u});g.init(B);g.updateString(c);return g.verify(A)}}}};KJUR.jws.JWS.parse=function(g){var c=g.split(".");var b={};var f,e,d;if(c.length!=2&&c.length!=3){throw"malformed sJWS: wrong number of '.' splitted elements"}f=c[0];e=c[1];if(c.length==3){d=c[2]}b.headerObj=KJUR.jws.JWS.readSafeJSONString(b64utoutf8(f));b.payloadObj=KJUR.jws.JWS.readSafeJSONString(b64utoutf8(e));b.headerPP=JSON.stringify(b.headerObj,null," ");if(b.payloadObj==null){b.payloadPP=b64utoutf8(e)}else{b.payloadPP=JSON.stringify(b.payloadObj,null," ")}if(d!==undefined){b.sigHex=b64utohex(d)}return b};KJUR.jws.JWS.verifyJWT=function(e,l,r){var d=KJUR,j=d.jws,o=j.JWS,n=o.readSafeJSONString,p=o.inArray,f=o.includedArray;if(!isBase64URLDot(e)){return false}var k=e.split(".");if(k.length!=3){return false}var c=k[0];var i=k[1];var q=c+"."+i;var m=b64utohex(k[2]);var h=n(b64utoutf8(c));var g=n(b64utoutf8(i));if(h.alg===undefined){return false}if(r.alg===undefined){throw"acceptField.alg shall be specified"}if(!p(h.alg,r.alg)){return false}if(g.iss!==undefined&&typeof r.iss==="object"){if(!p(g.iss,r.iss)){return false}}if(g.sub!==undefined&&typeof r.sub==="object"){if(!p(g.sub,r.sub)){return false}}if(g.aud!==undefined&&typeof r.aud==="object"){if(typeof g.aud=="string"){if(!p(g.aud,r.aud)){return false}}else{if(typeof g.aud=="object"){if(!f(g.aud,r.aud)){return false}}}}var b=j.IntDate.getNow();if(r.verifyAt!==undefined&&typeof r.verifyAt==="number"){b=r.verifyAt}if(r.gracePeriod===undefined||typeof r.gracePeriod!=="number"){r.gracePeriod=0}if(g.exp!==undefined&&typeof g.exp=="number"){if(g.exp+r.gracePeriodl){this.aHeader.pop()}if(this.aSignature.length>l){this.aSignature.pop()}throw"addSignature failed: "+i}};this.verifyAll=function(h){if(this.aHeader.length!==h.length||this.aSignature.length!==h.length){return false}for(var g=0;g0){this.aHeader=g.headers}else{throw"malformed header"}if(typeof g.payload==="string"){this.sPayload=g.payload}else{throw"malformed signatures"}if(g.signatures.length>0){this.aSignature=g.signatures}else{throw"malformed signatures"}}catch(e){throw"malformed JWS-JS JSON object: "+e}}};this.getJSON=function(){return{headers:this.aHeader,payload:this.sPayload,signatures:this.aSignature}};this.isEmpty=function(){if(this.aHeader.length==0){return 1}return 0}}; diff --git a/jsrsasign-jwths-min.js b/jsrsasign-jwths-min.js index 1893645c..e9100723 100644 --- a/jsrsasign-jwths-min.js +++ b/jsrsasign-jwths-min.js @@ -1,8 +1,8 @@ /* - * jsrsasign(jwths) 10.8.3 (2023-04-20) (c) 2010-2023 Kenji Urushima | kjur.github.io/jsrsasign/license + * jsrsasign(jwths) 10.8.4 (2023-04-26) (c) 2010-2023 Kenji Urushima | kjur.github.io/jsrsasign/license */ -var VERSION = "10.8.3"; -var VERSION_FULL = "jsrsasign(jwths) 10.8.3 (2023-04-20) (c) 2010-2023 Kenji Urushima | kjur.github.io/jsrsasign/license"; +var VERSION = "10.8.4"; +var VERSION_FULL = "jsrsasign(jwths) 10.8.4 (2023-04-26) (c) 2010-2023 Kenji Urushima | kjur.github.io/jsrsasign/license"; /*! CryptoJS v3.1.2 core-fix.js * code.google.com/p/crypto-js @@ -113,6 +113,6 @@ var rng_state;var rng_pool;var rng_pptr;function rng_seed_int(a){rng_pool[rng_pp /*! Mike Samuel (c) 2009 | code.google.com/p/json-sans-eval */ var jsonParse=(function(){var e="(?:-?\\b(?:0|[1-9][0-9]*)(?:\\.[0-9]+)?(?:[eE][+-]?[0-9]+)?\\b)";var j='(?:[^\\0-\\x08\\x0a-\\x1f"\\\\]|\\\\(?:["/\\\\bfnrt]|u[0-9A-Fa-f]{4}))';var i='(?:"'+j+'*")';var d=new RegExp("(?:false|true|null|[\\{\\}\\[\\]]|"+e+"|"+i+")","g");var k=new RegExp("\\\\(?:([^u])|u(.{4}))","g");var g={'"':'"',"/":"/","\\":"\\",b:"\b",f:"\f",n:"\n",r:"\r",t:"\t"};function h(l,m,n){return m?g[m]:String.fromCharCode(parseInt(n,16))}var c=new String("");var a="\\";var f={"{":Object,"[":Array};var b=Object.hasOwnProperty;return function(u,q){var p=u.match(d);var x;var v=p[0];var l=false;if("{"===v){x={}}else{if("["===v){x=[]}else{x=[];l=true}}var t;var r=[x];for(var o=1-l,m=p.length;o=0;){delete D[n[A]]}}}return q.call(C,B,D)};x=s({"":x},"")}return x}})(); -var KJUR;if(typeof KJUR=="undefined"||!KJUR){KJUR={}}if(typeof KJUR.lang=="undefined"||!KJUR.lang){KJUR.lang={}}KJUR.lang.String=function(){};function Base64x(){}function stoBA(d){var b=new Array();for(var c=0;c>6);var i=128|(a&63);return hextoutf8(j.toString(16)+i.toString(16))}var j=224|((h&240)>>4);var i=128|((h&15)<<2)|((a&192)>>6);var g=128|(a&63);return hextoutf8(j.toString(16)+i.toString(16)+g.toString(16))}var c=d.match(/.{4}/g);var b=c.map(e);return b.join("")}function encodeURIComponentAll(a){var d=encodeURIComponent(a);var b="";for(var c=0;c"7"){return"00"+a}return a}function intarystrtohex(b){b=b.replace(/^\s*\[\s*/,"");b=b.replace(/\s*\]\s*$/,"");b=b.replace(/\s*/g,"");try{var c=b.split(/,/).map(function(g,e,h){var f=parseInt(g);if(f<0||255a.length){d=a.length}for(var b=0;b0){o=o+"."+k.join(".")}return o}catch(j){return null}}var strpad=function(c,b,a){if(a==undefined){a="0"}if(c.length>=b){return c}return new Array(b-c.length+1).join(a)+c};function bitstrtoint(e){if(e.length%2!=0){return -1}e=e.toLowerCase();if(e.match(/^[0-9a-f]+$/)==null){return -1}try{var a=e.substr(0,2);if(a=="00"){return parseInt(e.substr(2),16)}var b=parseInt(a,16);if(b>7){return -1}var g=e.substr(2);var d=parseInt(g,16).toString(2);if(d=="0"){d="00000000"}d=d.slice(0,0-b);var f=parseInt(d,2);if(f==NaN){return -1}return f}catch(c){return -1}}function inttobitstr(e){if(typeof e!="number"){return null}if(e<0){return null}var c=Number(e).toString(2);var b=8-c.length%8;if(b==8){b=0}c=c+strpad("",b,"0");var d=parseInt(c,2).toString(16);if(d.length%2==1){d="0"+d}var a="0"+b;return a+d}function bitstrtobinstr(g){if(typeof g!="string"){return null}if(g.length%2!=0){return null}if(!g.match(/^[0-9a-f]+$/)){return null}try{var c=parseInt(g.substr(0,2),16);if(c<0||7=0;a--){c+=b[a]}return c}function aryval(e,c,d){if(typeof e!="object"){return undefined}var c=String(c).split(".");for(var b=0;b>6);var i=128|(a&63);return hextoutf8(j.toString(16)+i.toString(16))}var j=224|((h&240)>>4);var i=128|((h&15)<<2)|((a&192)>>6);var g=128|(a&63);return hextoutf8(j.toString(16)+i.toString(16)+g.toString(16))}var c=d.match(/.{4}/g);var b=c.map(e);return b.join("")}function encodeURIComponentAll(a){var d=encodeURIComponent(a);var b="";for(var c=0;c"7"){return"00"+a}return a}function intarystrtohex(b){b=b.replace(/^\s*\[\s*/,"");b=b.replace(/\s*\]\s*$/,"");b=b.replace(/\s*/g,"");try{var c=b.split(/,/).map(function(g,e,h){var f=parseInt(g);if(f<0||255a.length){d=a.length}for(var b=0;b0){o=o+"."+k.join(".")}return o}catch(j){return null}}var strpad=function(c,b,a){if(a==undefined){a="0"}if(c.length>=b){return c}return new Array(b-c.length+1).join(a)+c};function bitstrtoint(e){if(e.length%2!=0){return -1}e=e.toLowerCase();if(e.match(/^[0-9a-f]+$/)==null){return -1}try{var a=e.substr(0,2);if(a=="00"){return parseInt(e.substr(2),16)}var b=parseInt(a,16);if(b>7){return -1}var g=e.substr(2);var d=parseInt(g,16).toString(2);if(d=="0"){d="00000000"}d=d.slice(0,0-b);var f=parseInt(d,2);if(f==NaN){return -1}return f}catch(c){return -1}}function inttobitstr(e){if(typeof e!="number"){return null}if(e<0){return null}var c=Number(e).toString(2);var b=8-c.length%8;if(b==8){b=0}c=c+strpad("",b,"0");var d=parseInt(c,2).toString(16);if(d.length%2==1){d="0"+d}var a="0"+b;return a+d}function bitstrtobinstr(g){if(typeof g!="string"){return null}if(g.length%2!=0){return null}if(!g.match(/^[0-9a-f]+$/)){return null}try{var c=parseInt(g.substr(0,2),16);if(c<0||7=0;a--){c+=b[a]}return c}function aryval(e,c,d){if(typeof e!="object"){return undefined}var c=String(c).split(".");for(var b=0;bd){throw"key is too short for SigAlg: keylen="+j+","+a}var b="0001";var k="00"+c;var g="";var l=d-b.length-k.length;for(var f=0;f0){var b=":"+n.join(":")+":";if(b.indexOf(":"+k+":")==-1){throw"algorithm '"+k+"' not accepted in the list"}}if(k!="none"&&B===null){throw"key shall be specified to verify."}if(typeof B=="string"&&B.indexOf("-----BEGIN ")!=-1){B=KEYUTIL.getKey(B)}if(z=="RS"||z=="PS"){if(!(B instanceof m)){throw"key shall be a RSAKey obj for RS* and PS* algs"}}if(z=="ES"){if(!(B instanceof p)){throw"key shall be a ECDSA obj for ES* algs"}}if(k=="none"){}var u=null;if(t.jwsalg2sigalg[l.alg]===undefined){throw"unsupported alg name: "+k}else{u=t.jwsalg2sigalg[k]}if(u=="none"){throw"not supported"}else{if(u.substr(0,4)=="Hmac"){var o=null;if(B===undefined){throw"hexadecimal key shall be specified for HMAC"}var j=new s({alg:u,pass:B});j.updateString(c);o=j.doFinal();return A==o}else{if(u.indexOf("withECDSA")!=-1){var h=null;try{h=p.concatSigToASN1Sig(A)}catch(v){return false}var g=new d({alg:u});g.init(B);g.updateString(c);return g.verify(h)}else{var g=new d({alg:u});g.init(B);g.updateString(c);return g.verify(A)}}}};KJUR.jws.JWS.parse=function(g){var c=g.split(".");var b={};var f,e,d;if(c.length!=2&&c.length!=3){throw"malformed sJWS: wrong number of '.' splitted elements"}f=c[0];e=c[1];if(c.length==3){d=c[2]}b.headerObj=KJUR.jws.JWS.readSafeJSONString(b64utoutf8(f));b.payloadObj=KJUR.jws.JWS.readSafeJSONString(b64utoutf8(e));b.headerPP=JSON.stringify(b.headerObj,null," ");if(b.payloadObj==null){b.payloadPP=b64utoutf8(e)}else{b.payloadPP=JSON.stringify(b.payloadObj,null," ")}if(d!==undefined){b.sigHex=b64utohex(d)}return b};KJUR.jws.JWS.verifyJWT=function(e,l,r){var d=KJUR,j=d.jws,o=j.JWS,n=o.readSafeJSONString,p=o.inArray,f=o.includedArray;if(!isBase64URLDot(e)){return false}var k=e.split(".");if(k.length!=3){return false}var c=k[0];var i=k[1];var q=c+"."+i;var m=b64utohex(k[2]);var h=n(b64utoutf8(c));var g=n(b64utoutf8(i));if(h.alg===undefined){return false}if(r.alg===undefined){throw"acceptField.alg shall be specified"}if(!p(h.alg,r.alg)){return false}if(g.iss!==undefined&&typeof r.iss==="object"){if(!p(g.iss,r.iss)){return false}}if(g.sub!==undefined&&typeof r.sub==="object"){if(!p(g.sub,r.sub)){return false}}if(g.aud!==undefined&&typeof r.aud==="object"){if(typeof g.aud=="string"){if(!p(g.aud,r.aud)){return false}}else{if(typeof g.aud=="object"){if(!f(g.aud,r.aud)){return false}}}}var b=j.IntDate.getNow();if(r.verifyAt!==undefined&&typeof r.verifyAt==="number"){b=r.verifyAt}if(r.gracePeriod===undefined||typeof r.gracePeriod!=="number"){r.gracePeriod=0}if(g.exp!==undefined&&typeof g.exp=="number"){if(g.exp+r.gracePeriod=a.length){return null}}var e="";while(++f191)&&(h<224)){e+=String.fromCharCode(((h&31)<<6)|(a[f+1]&63));++f}else{e+=String.fromCharCode(((h&15)<<12)|((a[f+1]&63)<<6)|(a[f+2]&63));f+=2}}}return e}function oaep_mgf1_str(c,a,e){var b="",d=0;while(b.length>24,(d&16711680)>>16,(d&65280)>>8,d&255]));d+=1}return b}function oaep_unpad(o,b,g,p){var e=KJUR.crypto.MessageDigest;var r=KJUR.crypto.Util;var c=null;if(!g){g="sha1"}if(typeof g==="string"){c=e.getCanonicalAlgName(g);p=e.getHashLength(c);g=function(d){return hextorstr(r.hashHex(rstrtohex(d),c))}}o=o.toByteArray();var h;for(h=0;h0&&a.length>0){this.n=parseBigInt(c,16);this.e=parseInt(a,16);this.d=parseBigInt(b,16)}else{throw"Invalid RSA private key"}}}function RSASetPrivateEx(g,d,e,c,b,a,h,f){this.isPrivate=true;this.isPublic=false;if(g==null){throw"RSASetPrivateEx N == null"}if(d==null){throw"RSASetPrivateEx E == null"}if(g.length==0){throw"RSASetPrivateEx N.length == 0"}if(d.length==0){throw"RSASetPrivateEx E.length == 0"}if(g!=null&&d!=null&&g.length>0&&d.length>0){this.n=parseBigInt(g,16);this.e=parseInt(d,16);this.d=parseBigInt(e,16);this.p=parseBigInt(c,16);this.q=parseBigInt(b,16);this.dmp1=parseBigInt(a,16);this.dmq1=parseBigInt(h,16);this.coeff=parseBigInt(f,16)}else{throw"Invalid RSA private key in RSASetPrivateEx"}}function RSAGenerate(b,l){var a=new SecureRandom();var g=b>>1;this.e=parseInt(l,16);var c=new BigInteger(l,16);var d=(b/2)-100;var k=BigInteger.ONE.shiftLeft(d);for(;;){for(;;){this.p=new BigInteger(b-g,1,a);if(this.p.subtract(BigInteger.ONE).gcd(c).compareTo(BigInteger.ONE)==0&&this.p.isProbablePrime(10)){break}}for(;;){this.q=new BigInteger(g,1,a);if(this.q.subtract(BigInteger.ONE).gcd(c).compareTo(BigInteger.ONE)==0&&this.q.isProbablePrime(10)){break}}if(this.p.compareTo(this.q)<=0){var j=this.p;this.p=this.q;this.q=j}var h=this.q.subtract(this.p).abs();if(h.bitLength()>3)}function RSADecryptOAEP(e,d,b){if(e.length!=Math.ceil(this.n.bitLength()/4)){throw new Error("wrong ctext length")}var f=parseBigInt(e,16);var a=this.doPrivate(f);if(a==null){return null}return oaep_unpad(a,(this.n.bitLength()+7)>>3,d,b)}RSAKey.prototype.doPrivate=RSADoPrivate;RSAKey.prototype.setPrivate=RSASetPrivate;RSAKey.prototype.setPrivateEx=RSASetPrivateEx;RSAKey.prototype.generate=RSAGenerate;RSAKey.prototype.decrypt=RSADecrypt;RSAKey.prototype.decryptOAEP=RSADecryptOAEP; if(typeof KJUR=="undefined"||!KJUR){KJUR={}}if(typeof KJUR.asn1=="undefined"||!KJUR.asn1){KJUR.asn1={}}KJUR.asn1.ASN1Util=new function(){this.integerToByteHex=function(a){var b=a.toString(16);if((b.length%2)==1){b="0"+b}return b};this.bigIntToMinTwosComplementsHex=function(j){var f=j.toString(16);if(f.substr(0,1)!="-"){if(f.length%2==1){f="0"+f}else{if(!f.match(/^[0-7]/)){f="00"+f}}}else{var a=f.substr(1);var e=a.length;if(e%2==1){e+=1}else{if(!f.match(/^[0-7]/)){e+=2}}var g="";for(var d=0;d15){throw new Error("ASN.1 length too long to represent by 8x: n = "+j.toString(16))}var g=128+h;return g.toString(16)+i}};this.tohex=function(){if(this.hTLV==null||this.isModified){this.hV=this.getFreshValueHex();this.hL=this.getLengthHexFromValue();this.hTLV=this.hT+this.hL+this.hV;this.isModified=false}return this.hTLV};this.getEncodedHex=function(){return this.tohex()};this.getValueHex=function(){this.tohex();return this.hV};this.getFreshValueHex=function(){return""};this.setByParam=function(g){this.params=g};if(e!=undefined){if(e.tlv!=undefined){this.hTLV=e.tlv;this.isModified=false}}};KJUR.asn1.DERAbstractString=function(c){KJUR.asn1.DERAbstractString.superclass.constructor.call(this);var b=null;var a=null;this.getString=function(){return this.s};this.setString=function(d){this.hTLV=null;this.isModified=true;this.s=d;this.hV=utf8tohex(this.s).toLowerCase()};this.setStringHex=function(d){this.hTLV=null;this.isModified=true;this.s=null;this.hV=d};this.getFreshValueHex=function(){return this.hV};if(typeof c!="undefined"){if(typeof c=="string"){this.setString(c)}else{if(typeof c.str!="undefined"){this.setString(c.str)}else{if(typeof c.hex!="undefined"){this.setStringHex(c.hex)}}}}};extendClass(KJUR.asn1.DERAbstractString,KJUR.asn1.ASN1Object);KJUR.asn1.DERAbstractTime=function(c){KJUR.asn1.DERAbstractTime.superclass.constructor.call(this);var b=null;var a=null;this.localDateToUTC=function(g){var e=g.getTime()+(g.getTimezoneOffset()*60000);var f=new Date(e);return f};this.formatDate=function(m,o,e){var g=this.zeroPadding;var n=this.localDateToUTC(m);var p=String(n.getFullYear());if(o=="utc"){p=p.substr(2,2)}var l=g(String(n.getMonth()+1),2);var q=g(String(n.getDate()),2);var h=g(String(n.getHours()),2);var i=g(String(n.getMinutes()),2);var j=g(String(n.getSeconds()),2);var r=p+l+q+h+i+j;if(e===true){var f=n.getMilliseconds();if(f!=0){var k=g(String(f),3);k=k.replace(/[0]+$/,"");r=r+"."+k}}return r+"Z"};this.zeroPadding=function(e,d){if(e.length>=d){return e}return new Array(d-e.length+1).join("0")+e};this.setByParam=function(d){this.hV=null;this.hTLV=null;this.params=d};this.getString=function(){return undefined};this.setString=function(d){this.hTLV=null;this.isModified=true;if(this.params==undefined){this.params={}}this.params.str=d};this.setByDate=function(d){this.hTLV=null;this.isModified=true;if(this.params==undefined){this.params={}}this.params.date=d};this.setByDateValue=function(h,j,e,d,f,g){var i=new Date(Date.UTC(h,j-1,e,d,f,g,0));this.setByDate(i)};this.getFreshValueHex=function(){return this.hV}};extendClass(KJUR.asn1.DERAbstractTime,KJUR.asn1.ASN1Object);KJUR.asn1.DERAbstractStructured=function(b){KJUR.asn1.DERAbstractString.superclass.constructor.call(this);var a=null;this.setByASN1ObjectArray=function(c){this.hTLV=null;this.isModified=true;this.asn1Array=c};this.appendASN1Object=function(c){this.hTLV=null;this.isModified=true;this.asn1Array.push(c)};this.asn1Array=new Array();if(typeof b!="undefined"){if(typeof b.array!="undefined"){this.asn1Array=b.array}}};extendClass(KJUR.asn1.DERAbstractStructured,KJUR.asn1.ASN1Object);KJUR.asn1.DERBoolean=function(a){KJUR.asn1.DERBoolean.superclass.constructor.call(this);this.hT="01";if(a==false){this.hTLV="010100"}else{this.hTLV="0101ff"}};extendClass(KJUR.asn1.DERBoolean,KJUR.asn1.ASN1Object);KJUR.asn1.DERInteger=function(b){KJUR.asn1.DERInteger.superclass.constructor.call(this);this.hT="02";this.params=null;var a=KJUR.asn1.ASN1Util.bigIntToMinTwosComplementsHex;this.setByBigInteger=function(c){this.isModified=true;this.params={bigint:c}};this.setByInteger=function(c){this.isModified=true;this.params=c};this.setValueHex=function(c){this.isModified=true;this.params={hex:c}};this.getFreshValueHex=function(){var d=this.params;var c=null;if(d==null){throw new Error("value not set")}if(typeof d=="object"&&d.hex!=undefined){this.hV=d.hex;return this.hV}if(typeof d=="number"){c=new BigInteger(String(d),10)}else{if(d["int"]!=undefined){c=new BigInteger(String(d["int"]),10)}else{if(d.bigint!=undefined){c=d.bigint}else{throw new Error("wrong parameter")}}}this.hV=a(c);return this.hV};if(b!=undefined){this.params=b}};extendClass(KJUR.asn1.DERInteger,KJUR.asn1.ASN1Object);KJUR.asn1.DERBitString=function(b){if(b!==undefined&&typeof b.obj!=="undefined"){var a=KJUR.asn1.ASN1Util.newObject(b.obj);b.hex="00"+a.tohex()}KJUR.asn1.DERBitString.superclass.constructor.call(this);this.hT="03";this.setHexValueIncludingUnusedBits=function(c){this.hTLV=null;this.isModified=true;this.hV=c};this.setUnusedBitsAndHexValue=function(c,e){if(c<0||7=f){break}}return j};ASN1HEX.getNthChildIdx=function(d,b,e){var c=ASN1HEX.getChildIdx(d,b);return c[e]};ASN1HEX.getIdxbyList=function(e,d,c,i){var g=ASN1HEX;var f,b;if(c.length==0){if(i!==undefined){if(e.substr(d,2)!==i){return -1}}return d}f=c.shift();b=g.getChildIdx(e,d);if(f>=b.length){return -1}return g.getIdxbyList(e,b[f],c,i)};ASN1HEX.getIdxbyListEx=function(f,k,b,g){var m=ASN1HEX;var d,l;if(b.length==0){if(g!==undefined){if(f.substr(k,2)!==g){return -1}}return k}d=b.shift();l=m.getChildIdx(f,k);var j=0;for(var e=0;e=d.length){return null}return e.getTLV(d,a)};ASN1HEX.getTLVbyListEx=function(d,c,b,f){var e=ASN1HEX;var a=e.getIdxbyListEx(d,c,b,f);if(a==-1){return null}return e.getTLV(d,a)};ASN1HEX.getVbyList=function(e,c,b,g,i){var f=ASN1HEX;var a,d;a=f.getIdxbyList(e,c,b,g);if(a==-1){return null}if(a>=e.length){return null}d=f.getV(e,a);if(i===true){d=d.substr(2)}return d};ASN1HEX.getVbyListEx=function(b,e,a,d,f){var j=ASN1HEX;var g,c,i;g=j.getIdxbyListEx(b,e,a,d);if(g==-1){return null}i=j.getV(b,g);if(b.substr(g,2)=="03"&&f!==false){i=i.substr(2)}return i};ASN1HEX.getInt=function(e,b,f){if(f==undefined){f=-1}try{var c=e.substr(b,2);if(c!="02"&&c!="03"){return f}var a=ASN1HEX.getV(e,b);if(c=="02"){return parseInt(a,16)}else{return bitstrtoint(a)}}catch(d){return f}};ASN1HEX.getOID=function(c,a,d){if(d==undefined){d=null}try{if(c.substr(a,2)!="06"){return d}var e=ASN1HEX.getV(c,a);return hextooid(e)}catch(b){return d}};ASN1HEX.getOIDName=function(d,a,f){if(f==undefined){f=null}try{var e=ASN1HEX.getOID(d,a,f);if(e==f){return f}var b=KJUR.asn1.x509.OID.oid2name(e);if(b==""){return e}return b}catch(c){return f}};ASN1HEX.getString=function(d,b,e){if(e==undefined){e=null}try{var a=ASN1HEX.getV(d,b);return hextorstr(a)}catch(c){return e}};ASN1HEX.hextooidstr=function(e){var h=function(b,a){if(b.length>=a){return b}return new Array(a-b.length+1).join("0")+b};var l=[];var o=e.substr(0,2);var f=parseInt(o,16);l[0]=new String(Math.floor(f/40));l[1]=new String(f%40);var m=e.substr(2);var k=[];for(var g=0;g0){n=n+"."+j.join(".")}return n};ASN1HEX.dump=function(t,c,l,g){var p=ASN1HEX;var j=p.getV;var y=p.dump;var w=p.getChildIdx;var e=t;if(t instanceof KJUR.asn1.ASN1Object){e=t.tohex()}var q=function(A,i){if(A.length<=i*2){return A}else{var v=A.substr(0,i)+"..(total "+A.length/2+"bytes).."+A.substr(A.length-i,i);return v}};if(c===undefined){c={ommit_long_octet:32}}if(l===undefined){l=0}if(g===undefined){g=""}var x=c.ommit_long_octet;var z=e.substr(l,2);if(z=="01"){var h=j(e,l);if(h=="00"){return g+"BOOLEAN FALSE\n"}else{return g+"BOOLEAN TRUE\n"}}if(z=="02"){var h=j(e,l);return g+"INTEGER "+q(h,x)+"\n"}if(z=="03"){var h=j(e,l);if(p.isASN1HEX(h.substr(2))){var k=g+"BITSTRING, encapsulates\n";k=k+y(h.substr(2),c,0,g+" ");return k}else{return g+"BITSTRING "+q(h,x)+"\n"}}if(z=="04"){var h=j(e,l);if(p.isASN1HEX(h)){var k=g+"OCTETSTRING, encapsulates\n";k=k+y(h,c,0,g+" ");return k}else{return g+"OCTETSTRING "+q(h,x)+"\n"}}if(z=="05"){return g+"NULL\n"}if(z=="06"){var m=j(e,l);var b=KJUR.asn1.ASN1Util.oidHexToInt(m);var o=KJUR.asn1.x509.OID.oid2name(b);var a=b.replace(/\./g," ");if(o!=""){return g+"ObjectIdentifier "+o+" ("+a+")\n"}else{return g+"ObjectIdentifier ("+a+")\n"}}if(z=="0a"){return g+"ENUMERATED "+parseInt(j(e,l))+"\n"}if(z=="0c"){return g+"UTF8String '"+hextoutf8(j(e,l))+"'\n"}if(z=="13"){return g+"PrintableString '"+hextoutf8(j(e,l))+"'\n"}if(z=="14"){return g+"TeletexString '"+hextoutf8(j(e,l))+"'\n"}if(z=="16"){return g+"IA5String '"+hextoutf8(j(e,l))+"'\n"}if(z=="17"){return g+"UTCTime "+hextoutf8(j(e,l))+"\n"}if(z=="18"){return g+"GeneralizedTime "+hextoutf8(j(e,l))+"\n"}if(z=="1a"){return g+"VisualString '"+hextoutf8(j(e,l))+"'\n"}if(z=="1e"){return g+"BMPString '"+ucs2hextoutf8(j(e,l))+"'\n"}if(z=="30"){if(e.substr(l,4)=="3000"){return g+"SEQUENCE {}\n"}var k=g+"SEQUENCE\n";var d=w(e,l);var f=c;if((d.length==2||d.length==3)&&e.substr(d[0],2)=="06"&&e.substr(d[d.length-1],2)=="04"){var o=p.oidname(j(e,d[0]));var r=JSON.parse(JSON.stringify(c));r.x509ExtName=o;f=r}for(var u=0;u4){return{"enum":{hex:p}}}else{return{"enum":parseInt(p,16)}}}else{if(C=="30"||C=="31"){j[c[C]]=u(x);return j}else{if(C=="14"){var o=q(p);j[c[C]]={str:o};return j}else{if(C=="1e"){var o=n(p);j[c[C]]={str:o};return j}else{if(":0c:12:13:16:17:18:1a:".indexOf(C)!=-1){var o=k(p);j[c[C]]={str:o};return j}else{if(C.match(/^8[0-9]$/)){var o=k(p);if(o==null|o==""){return{tag:{tag:C,explicit:false,hex:p}}}else{if(o.match(/[\x00-\x1F\x7F-\x9F]/)!=null||o.match(/[\u0000-\u001F\u0080–\u009F]/)!=null){return{tag:{tag:C,explicit:false,hex:p}}}else{return{tag:{tag:C,explicit:false,str:o}}}}}else{if(C.match(/^a[0-9]$/)){try{if(!a(p)){throw new Error("not encap")}return{tag:{tag:C,explicit:true,obj:f(p)}}}catch(z){return{tag:{tag:C,explicit:true,hex:p}}}}else{var A=new KJUR.asn1.ASN1Object();A.hV=p;var w=A.getLengthHexFromValue();return{asn1:{tlv:C+w+p}}}}}}}}}}}}}}}};ASN1HEX.isContextTag=function(c,b){c=c.toLowerCase();var f,e;try{f=parseInt(c,16)}catch(d){return -1}if(b===undefined){if((f&192)==128){return true}else{return false}}try{var a=b.match(/^\[[0-9]+\]$/);if(a==null){return false}e=parseInt(b.substr(1,b.length-1),10);if(e>31){return false}if(((f&192)==128)&&((f&31)==e)){return true}return false}catch(d){return false}};ASN1HEX.isASN1HEX=function(e){var d=ASN1HEX;if(e.length%2==1){return false}var c=d.getVblen(e,0);var b=e.substr(0,2);var f=d.getL(e,0);var a=e.length-b.length-f.length;if(a==c*2){return true}return false};ASN1HEX.checkStrictDER=function(g,o,d,c,r){var s=ASN1HEX;if(d===undefined){if(typeof g!="string"){throw new Error("not hex string")}g=g.toLowerCase();if(!KJUR.lang.String.isHex(g)){throw new Error("not hex string")}d=g.length;c=g.length/2;if(c<128){r=1}else{r=Math.ceil(c.toString(16))+1}}var k=s.getL(g,o);if(k.length>r*2){throw new Error("L of TLV too long: idx="+o)}var n=s.getVblen(g,o);if(n>c){throw new Error("value of L too long than hex: idx="+o)}var q=s.getTLV(g,o);var f=q.length-2-s.getL(g,o).length;if(f!==(n*2)){throw new Error("V string length and L's value not the same:"+f+"/"+(n*2))}if(o===0){if(g.length!=q.length){throw new Error("total length and TLV length unmatch:"+g.length+"!="+q.length)}}var b=g.substr(o,2);if(b==="02"){var a=s.getVidx(g,o);if(g.substr(a,2)=="00"&&g.charCodeAt(a+2)<56){throw new Error("not least zeros for DER INTEGER")}}if(parseInt(b,16)&32){var p=s.getVblen(g,o);var m=0;var l=s.getChildIdx(g,o);for(var e=0;e>6);var i=128|(a&63);return hextoutf8(j.toString(16)+i.toString(16))}var j=224|((h&240)>>4);var i=128|((h&15)<<2)|((a&192)>>6);var g=128|(a&63);return hextoutf8(j.toString(16)+i.toString(16)+g.toString(16))}var c=d.match(/.{4}/g);var b=c.map(e);return b.join("")}function encodeURIComponentAll(a){var d=encodeURIComponent(a);var b="";for(var c=0;c"7"){return"00"+a}return a}function intarystrtohex(b){b=b.replace(/^\s*\[\s*/,"");b=b.replace(/\s*\]\s*$/,"");b=b.replace(/\s*/g,"");try{var c=b.split(/,/).map(function(g,e,h){var f=parseInt(g);if(f<0||255a.length){d=a.length}for(var b=0;b0){o=o+"."+k.join(".")}return o}catch(j){return null}}var strpad=function(c,b,a){if(a==undefined){a="0"}if(c.length>=b){return c}return new Array(b-c.length+1).join(a)+c};function bitstrtoint(e){if(e.length%2!=0){return -1}e=e.toLowerCase();if(e.match(/^[0-9a-f]+$/)==null){return -1}try{var a=e.substr(0,2);if(a=="00"){return parseInt(e.substr(2),16)}var b=parseInt(a,16);if(b>7){return -1}var g=e.substr(2);var d=parseInt(g,16).toString(2);if(d=="0"){d="00000000"}d=d.slice(0,0-b);var f=parseInt(d,2);if(f==NaN){return -1}return f}catch(c){return -1}}function inttobitstr(e){if(typeof e!="number"){return null}if(e<0){return null}var c=Number(e).toString(2);var b=8-c.length%8;if(b==8){b=0}c=c+strpad("",b,"0");var d=parseInt(c,2).toString(16);if(d.length%2==1){d="0"+d}var a="0"+b;return a+d}function bitstrtobinstr(g){if(typeof g!="string"){return null}if(g.length%2!=0){return null}if(!g.match(/^[0-9a-f]+$/)){return null}try{var c=parseInt(g.substr(0,2),16);if(c<0||7=0;a--){c+=b[a]}return c}function aryval(e,c,d){if(typeof e!="object"){return undefined}var c=String(c).split(".");for(var b=0;b>6);var i=128|(a&63);return hextoutf8(j.toString(16)+i.toString(16))}var j=224|((h&240)>>4);var i=128|((h&15)<<2)|((a&192)>>6);var g=128|(a&63);return hextoutf8(j.toString(16)+i.toString(16)+g.toString(16))}var c=d.match(/.{4}/g);var b=c.map(e);return b.join("")}function encodeURIComponentAll(a){var d=encodeURIComponent(a);var b="";for(var c=0;c"7"){return"00"+a}return a}function intarystrtohex(b){b=b.replace(/^\s*\[\s*/,"");b=b.replace(/\s*\]\s*$/,"");b=b.replace(/\s*/g,"");try{var c=b.split(/,/).map(function(g,e,h){var f=parseInt(g);if(f<0||255a.length){d=a.length}for(var b=0;b0){o=o+"."+k.join(".")}return o}catch(j){return null}}var strpad=function(c,b,a){if(a==undefined){a="0"}if(c.length>=b){return c}return new Array(b-c.length+1).join(a)+c};function bitstrtoint(e){if(e.length%2!=0){return -1}e=e.toLowerCase();if(e.match(/^[0-9a-f]+$/)==null){return -1}try{var a=e.substr(0,2);if(a=="00"){return parseInt(e.substr(2),16)}var b=parseInt(a,16);if(b>7){return -1}var g=e.substr(2);var d=parseInt(g,16).toString(2);if(d=="0"){d="00000000"}d=d.slice(0,0-b);var f=parseInt(d,2);if(f==NaN){return -1}return f}catch(c){return -1}}function inttobitstr(e){if(typeof e!="number"){return null}if(e<0){return null}var c=Number(e).toString(2);var b=8-c.length%8;if(b==8){b=0}c=c+strpad("",b,"0");var d=parseInt(c,2).toString(16);if(d.length%2==1){d="0"+d}var a="0"+b;return a+d}function bitstrtobinstr(g){if(typeof g!="string"){return null}if(g.length%2!=0){return null}if(!g.match(/^[0-9a-f]+$/)){return null}try{var c=parseInt(g.substr(0,2),16);if(c<0||7=0;a--){c+=b[a]}return c}function aryval(e,c,d){if(typeof e!="object"){return undefined}var c=String(c).split(".");for(var b=0;bd){throw"key is too short for SigAlg: keylen="+j+","+a}var b="0001";var k="00"+c;var g="";var l=d-b.length-k.length;for(var f=0;f>24,(d&16711680)>>16,(d&65280)>>8,d&255]))));d+=1}return b}RSAKey.prototype.signPSS=function(e,a,d){var c=function(f){return KJUR.crypto.Util.hashHex(f,a)};var b=c(rstrtohex(e));if(d===undefined){d=-1}return this.signWithMessageHashPSS(b,a,d)};RSAKey.prototype.signWithMessageHashPSS=function(l,a,k){var b=hextorstr(l);var g=b.length;var m=this.n.bitLength()-1;var c=Math.ceil(m/8);var d;var o=function(i){return KJUR.crypto.Util.hashHex(i,a)};if(k===-1||k===undefined){k=g}else{if(k===-2){k=c-g-2}else{if(k<-2){throw new Error("invalid salt length")}}}if(c<(g+k+2)){throw new Error("data too long")}var f="";if(k>0){f=new Array(k);new SecureRandom().nextBytes(f);f=String.fromCharCode.apply(String,f)}var n=hextorstr(o(rstrtohex("\x00\x00\x00\x00\x00\x00\x00\x00"+b+f)));var j=[];for(d=0;d>(8*c-m))&255;q[0]&=~p;for(d=0;dk){return false}var j=this.doPublic(b);var i=j.toString(16);if(i.length+3!=k/4){return false}var e=i.replace(/^1f+00/,"");var g=_rsasign_getAlgNameAndHashFromHexDisgestInfo(e);if(g.length==0){return false}var d=g[0];var h=g[1];var a=function(m){return KJUR.crypto.Util.hashString(m,d)};var c=a(f);return(h==c)};RSAKey.prototype.verifyWithMessageHash=function(e,a){if(a.length!=Math.ceil(this.n.bitLength()/4)){return false}var b=parseBigInt(a,16);if(b.bitLength()>this.n.bitLength()){return 0}var h=this.doPublic(b);var g=h.toString(16).replace(/^1f+00/,"");var c=_rsasign_getAlgNameAndHashFromHexDisgestInfo(g);if(c.length==0){return false}var d=c[0];var f=c[1];return(f==e)};RSAKey.prototype.verifyPSS=function(c,b,a,f){var e=function(g){return KJUR.crypto.Util.hashHex(g,a)};var d=e(rstrtohex(c));if(f===undefined){f=-1}return this.verifyWithMessageHashPSS(d,b,a,f)};RSAKey.prototype.verifyWithMessageHashPSS=function(f,s,l,c){if(s.length!=Math.ceil(this.n.bitLength()/4)){return false}var k=new BigInteger(s,16);var r=function(i){return KJUR.crypto.Util.hashHex(i,l)};var j=hextorstr(f);var h=j.length;var g=this.n.bitLength()-1;var m=Math.ceil(g/8);var q;if(c===-1||c===undefined){c=h}else{if(c===-2){c=m-h-2}else{if(c<-2){throw new Error("invalid salt length")}}}if(m<(h+c+2)){throw new Error("data too long")}var a=this.doPublic(k).toByteArray();for(q=0;q>(8*m-g))&255;if((d.charCodeAt(0)&p)!==0){throw new Error("bits beyond keysize not zero")}var n=pss_mgf1_str(e,d.length,r);var o=[];for(q=0;q0){n.push(new c({tag:"a3",obj:new j(q.ext)}))}var o=new KJUR.asn1.DERSequence({array:n});return o.tohex()};this.getEncodedHex=function(){return this.tohex()};if(f!==undefined){this.setByParam(f)}};extendClass(KJUR.asn1.x509.TBSCertificate,KJUR.asn1.ASN1Object);KJUR.asn1.x509.Extensions=function(d){KJUR.asn1.x509.Extensions.superclass.constructor.call(this);var c=KJUR,b=c.asn1,a=b.DERSequence,e=b.x509;this.aParam=[];this.setByParam=function(f){this.aParam=f};this.tohex=function(){var f=[];for(var h=0;h-1){i.push(new f({"int":this.pathLen}))}var h=new b({array:i});this.asn1ExtnValue=h;return this.asn1ExtnValue.tohex()};this.oid="2.5.29.19";this.cA=false;this.pathLen=-1;if(g!==undefined){if(g.cA!==undefined){this.cA=g.cA}if(g.pathLen!==undefined){this.pathLen=g.pathLen}}};extendClass(KJUR.asn1.x509.BasicConstraints,KJUR.asn1.x509.Extension);KJUR.asn1.x509.CRLDistributionPoints=function(d){KJUR.asn1.x509.CRLDistributionPoints.superclass.constructor.call(this,d);var b=KJUR,a=b.asn1,c=a.x509;this.getExtnValueHex=function(){return this.asn1ExtnValue.tohex()};this.setByDPArray=function(e){var f=[];for(var g=0;g0){f.push(new b({array:j}))}}var g=new b({array:f});return g.tohex()};this.getEncodedHex=function(){return this.tohex()};if(d!==undefined){this.params=d}};extendClass(KJUR.asn1.x509.PolicyInformation,KJUR.asn1.ASN1Object);KJUR.asn1.x509.PolicyQualifierInfo=function(e){KJUR.asn1.x509.PolicyQualifierInfo.superclass.constructor.call(this,e);var c=KJUR.asn1,b=c.DERSequence,d=c.DERIA5String,f=c.DERObjectIdentifier,a=c.x509.UserNotice;this.params=null;this.tohex=function(){if(this.params.cps!==undefined){var g=new b({array:[new f({oid:"1.3.6.1.5.5.7.2.1"}),new d({str:this.params.cps})]});return g.tohex()}if(this.params.unotice!=undefined){var g=new b({array:[new f({oid:"1.3.6.1.5.5.7.2.2"}),new a(this.params.unotice)]});return g.tohex()}};this.getEncodedHex=function(){return this.tohex()};if(e!==undefined){this.params=e}};extendClass(KJUR.asn1.x509.PolicyQualifierInfo,KJUR.asn1.ASN1Object);KJUR.asn1.x509.UserNotice=function(e){KJUR.asn1.x509.UserNotice.superclass.constructor.call(this,e);var a=KJUR.asn1.DERSequence,d=KJUR.asn1.DERInteger,c=KJUR.asn1.x509.DisplayText,b=KJUR.asn1.x509.NoticeReference;this.params=null;this.tohex=function(){var f=[];if(this.params.noticeref!==undefined){f.push(new b(this.params.noticeref))}if(this.params.exptext!==undefined){f.push(new c(this.params.exptext))}var g=new a({array:f});return g.tohex()};this.getEncodedHex=function(){return this.tohex()};if(e!==undefined){this.params=e}};extendClass(KJUR.asn1.x509.UserNotice,KJUR.asn1.ASN1Object);KJUR.asn1.x509.NoticeReference=function(d){KJUR.asn1.x509.NoticeReference.superclass.constructor.call(this,d);var a=KJUR.asn1.DERSequence,c=KJUR.asn1.DERInteger,b=KJUR.asn1.x509.DisplayText;this.params=null;this.tohex=function(){var f=[];if(this.params.org!==undefined){f.push(new b(this.params.org))}if(this.params.noticenum!==undefined){var h=[];var e=this.params.noticenum;for(var j=0;j0){for(var g=0;g0;f++){var h=c.shift();if(e===true){var d=b.pop();var j=(d+","+h).replace(/\\,/g,",");b.push(j);e=false}else{b.push(h)}if(h.substr(-1,1)==="\\"){e=true}}b=b.map(function(a){return a.replace("/","\\/")});b.reverse();return"/"+b.join("/")};KJUR.asn1.x509.X500Name.ldapToOneline=function(a){return KJUR.asn1.x509.X500Name.ldapToCompat(a)};KJUR.asn1.x509.RDN=function(b){KJUR.asn1.x509.RDN.superclass.constructor.call(this);this.asn1Array=[];this.paramArray=[];this.sRule="utf8";var a=KJUR.asn1.x509.AttributeTypeAndValue;this.setByParam=function(c){if(c.rule!==undefined){this.sRule=c.rule}if(c.str!==undefined){this.addByMultiValuedString(c.str)}if(c.array!==undefined){this.paramArray=c.array}};this.addByString=function(c){this.asn1Array.push(new KJUR.asn1.x509.AttributeTypeAndValue({str:c,rule:this.sRule}))};this.addByMultiValuedString=function(e){var c=KJUR.asn1.x509.RDN.parseString(e);for(var d=0;d0){for(var d=0;d0;g++){var k=j.shift();if(h===true){var f=c.pop();var d=(f+"+"+k).replace(/\\\+/g,"+");c.push(d);h=false}else{c.push(k)}if(k.substr(-1,1)==="\\"){h=true}}var l=false;var b=[];for(var g=0;c.length>0;g++){var k=c.shift();if(l===true){var e=b.pop();if(k.match(/"$/)){var d=(e+"+"+k).replace(/^([^=]+)="(.*)"$/,"$1=$2");b.push(d);l=false}else{b.push(e+"+"+k)}}else{b.push(k)}if(k.match(/^[^=]+="/)){l=true}}return b};KJUR.asn1.x509.AttributeTypeAndValue=function(c){KJUR.asn1.x509.AttributeTypeAndValue.superclass.constructor.call(this);this.sRule="utf8";this.sType=null;this.sValue=null;this.dsType=null;var a=KJUR,g=a.asn1,d=g.DERSequence,l=g.DERUTF8String,i=g.DERPrintableString,h=g.DERTeletexString,b=g.DERIA5String,e=g.DERVisibleString,k=g.DERBMPString,f=a.lang.String.isMail,j=a.lang.String.isPrintable;this.setByParam=function(o){if(o.rule!==undefined){this.sRule=o.rule}if(o.ds!==undefined){this.dsType=o.ds}if(o.value===undefined&&o.str!==undefined){var n=o.str;var m=n.match(/^([^=]+)=(.+)$/);if(m){this.sType=m[1];this.sValue=m[2]}else{throw new Error("malformed attrTypeAndValueStr: "+attrTypeAndValueStr)}}else{this.sType=o.type;this.sValue=o.value}};this.setByString=function(n,o){if(o!==undefined){this.sRule=o}var m=n.match(/^([^=]+)=(.+)$/);if(m){this.setByAttrTypeAndValueStr(m[1],m[2])}else{throw new Error("malformed attrTypeAndValueStr: "+attrTypeAndValueStr)}};this._getDsType=function(){var o=this.sType;var n=this.sValue;var m=this.sRule;if(m==="prn"){if(o=="CN"&&f(n)){return"ia5"}if(j(n)){return"prn"}return"utf8"}else{if(m==="utf8"){if(o=="CN"&&f(n)){return"ia5"}if(o=="C"){return"prn"}return"utf8"}}return"utf8"};this.setByAttrTypeAndValueStr=function(o,n,m){if(m!==undefined){this.sRule=m}this.sType=o;this.sValue=n};this.getValueObj=function(n,m){if(n=="utf8"){return new l({str:m})}if(n=="prn"){return new i({str:m})}if(n=="tel"){return new h({str:m})}if(n=="ia5"){return new b({str:m})}if(n=="vis"){return new e({str:m})}if(n=="bmp"){return new k({str:m})}throw new Error("unsupported directory string type: type="+n+" value="+m)};this.tohex=function(){if(this.dsType==null){this.dsType=this._getDsType()}var n=KJUR.asn1.x509.OID.atype2obj(this.sType);var m=this.getValueObj(this.dsType,this.sValue);var p=new d({array:[n,m]});this.TLV=p.tohex();return this.TLV};this.getEncodedHex=function(){return this.tohex()};if(c!==undefined){this.setByParam(c)}};extendClass(KJUR.asn1.x509.AttributeTypeAndValue,KJUR.asn1.ASN1Object);KJUR.asn1.x509.SubjectPublicKeyInfo=function(f){KJUR.asn1.x509.SubjectPublicKeyInfo.superclass.constructor.call(this);var l=null,k=null,a=KJUR,j=a.asn1,i=j.DERInteger,b=j.DERBitString,m=j.DERObjectIdentifier,e=j.DERSequence,h=j.ASN1Util.newObject,d=j.x509,o=d.AlgorithmIdentifier,g=a.crypto,n=g.ECDSA,c=g.DSA;this.getASN1Object=function(){if(this.asn1AlgId==null||this.asn1SubjPKey==null){throw"algId and/or subjPubKey not set"}var p=new e({array:[this.asn1AlgId,this.asn1SubjPKey]});return p};this.tohex=function(){var p=this.getASN1Object();this.hTLV=p.tohex();return this.hTLV};this.getEncodedHex=function(){return this.tohex()};this.setPubKey=function(q){try{if(q instanceof RSAKey){var u=h({seq:[{"int":{bigint:q.n}},{"int":{"int":q.e}}]});var s=u.tohex();this.asn1AlgId=new o({name:"rsaEncryption"});this.asn1SubjPKey=new b({hex:"00"+s})}}catch(p){}try{if(q instanceof KJUR.crypto.ECDSA){var r=new m({name:q.curveName});this.asn1AlgId=new o({name:"ecPublicKey",asn1params:r});this.asn1SubjPKey=new b({hex:"00"+q.pubKeyHex})}}catch(p){}try{if(q instanceof KJUR.crypto.DSA){var r=new h({seq:[{"int":{bigint:q.p}},{"int":{bigint:q.q}},{"int":{bigint:q.g}}]});this.asn1AlgId=new o({name:"dsa",asn1params:r});var t=new i({bigint:q.y});this.asn1SubjPKey=new b({hex:"00"+t.tohex()})}}catch(p){}};if(f!==undefined){this.setPubKey(f)}};extendClass(KJUR.asn1.x509.SubjectPublicKeyInfo,KJUR.asn1.ASN1Object);KJUR.asn1.x509.Time=function(f){KJUR.asn1.x509.Time.superclass.constructor.call(this);var e=null,a=null,d=KJUR,c=d.asn1,b=c.DERUTCTime,g=c.DERGeneralizedTime;this.params=null;this.type=null;this.setTimeParams=function(h){this.timeParams=h};this.setByParam=function(h){this.params=h};this.getType=function(h){if(h.match(/^[0-9]{12}Z$/)){return"utc"}if(h.match(/^[0-9]{14}Z$/)){return"gen"}if(h.match(/^[0-9]{12}\.[0-9]+Z$/)){return"utc"}if(h.match(/^[0-9]{14}\.[0-9]+Z$/)){return"gen"}return null};this.tohex=function(){var i=this.params;var h=null;if(typeof i=="string"){i={str:i}}if(i!=null&&i.str&&(i.type==null||i.type==undefined)){i.type=this.getType(i.str)}if(i!=null&&i.str){if(i.type=="utc"){h=new b(i.str)}if(i.type=="gen"){h=new g(i.str)}}else{if(this.type=="gen"){h=new g()}else{h=new b()}}if(h==null){throw new Error("wrong setting for Time")}this.TLV=h.tohex();return this.TLV};this.getEncodedHex=function(){return this.tohex()};if(f!=undefined){this.setByParam(f)}};KJUR.asn1.x509.Time_bak=function(f){KJUR.asn1.x509.Time_bak.superclass.constructor.call(this);var e=null,a=null,d=KJUR,c=d.asn1,b=c.DERUTCTime,g=c.DERGeneralizedTime;this.setTimeParams=function(h){this.timeParams=h};this.tohex=function(){var h=null;if(this.timeParams!=null){if(this.type=="utc"){h=new b(this.timeParams)}else{h=new g(this.timeParams)}}else{if(this.type=="utc"){h=new b()}else{h=new g()}}this.TLV=h.tohex();return this.TLV};this.getEncodedHex=function(){return this.tohex()};this.type="utc";if(f!==undefined){if(f.type!==undefined){this.type=f.type}else{if(f.str!==undefined){if(f.str.match(/^[0-9]{12}Z$/)){this.type="utc"}if(f.str.match(/^[0-9]{14}Z$/)){this.type="gen"}}}this.timeParams=f}};extendClass(KJUR.asn1.x509.Time,KJUR.asn1.ASN1Object);KJUR.asn1.x509.AlgorithmIdentifier=function(e){KJUR.asn1.x509.AlgorithmIdentifier.superclass.constructor.call(this);this.nameAlg=null;this.asn1Alg=null;this.asn1Params=null;this.paramEmpty=false;var b=KJUR,a=b.asn1,c=a.x509.AlgorithmIdentifier.PSSNAME2ASN1TLV;this.tohex=function(){if(this.nameAlg===null&&this.asn1Alg===null){throw new Error("algorithm not specified")}if(this.nameAlg!==null){var f=null;for(var h in c){if(h===this.nameAlg){f=c[h]}}if(f!==null){this.hTLV=f;return this.hTLV}}if(this.nameAlg!==null&&this.asn1Alg===null){this.asn1Alg=a.x509.OID.name2obj(this.nameAlg)}var g=[this.asn1Alg];if(this.asn1Params!==null){g.push(this.asn1Params)}var i=new a.DERSequence({array:g});this.hTLV=i.tohex();return this.hTLV};this.getEncodedHex=function(){return this.tohex()};if(e!==undefined){if(e.name!==undefined){this.nameAlg=e.name}if(e.asn1params!==undefined){this.asn1Params=e.asn1params}if(e.paramempty!==undefined){this.paramEmpty=e.paramempty}}if(this.asn1Params===null&&this.paramEmpty===false&&this.nameAlg!==null){if(this.nameAlg.name!==undefined){this.nameAlg=this.nameAlg.name}var d=this.nameAlg.toLowerCase();if(d.substr(-7,7)!=="withdsa"&&d.substr(-9,9)!=="withecdsa"){this.asn1Params=new a.DERNull()}}};extendClass(KJUR.asn1.x509.AlgorithmIdentifier,KJUR.asn1.ASN1Object);KJUR.asn1.x509.AlgorithmIdentifier.PSSNAME2ASN1TLV={SHAwithRSAandMGF1:"300d06092a864886f70d01010a3000",SHA256withRSAandMGF1:"303d06092a864886f70d01010a3030a00d300b0609608648016503040201a11a301806092a864886f70d010108300b0609608648016503040201a203020120",SHA384withRSAandMGF1:"303d06092a864886f70d01010a3030a00d300b0609608648016503040202a11a301806092a864886f70d010108300b0609608648016503040202a203020130",SHA512withRSAandMGF1:"303d06092a864886f70d01010a3030a00d300b0609608648016503040203a11a301806092a864886f70d010108300b0609608648016503040203a203020140"};KJUR.asn1.x509.GeneralName=function(f){KJUR.asn1.x509.GeneralName.superclass.constructor.call(this);var l={rfc822:"81",dns:"82",dn:"a4",uri:"86",ip:"87",otherName:"a0"},b=KJUR,h=b.asn1,d=h.x509,a=d.X500Name,g=d.OtherName,e=h.DERIA5String,i=h.DERPrintableString,k=h.DEROctetString,c=h.DERTaggedObject,m=h.ASN1Object,j=Error;this.params=null;this.setByParam=function(n){this.params=n};this.tohex=function(){var p=this.params;var A,y,q;var y=false;if(p.other!==undefined){A="a0",q=new g(p.other)}else{if(p.rfc822!==undefined){A="81";q=new e({str:p.rfc822})}else{if(p.dns!==undefined){A="82";q=new e({str:p.dns})}else{if(p.dn!==undefined){A="a4";y=true;if(typeof p.dn==="string"){q=new a({str:p.dn})}else{if(p.dn instanceof KJUR.asn1.x509.X500Name){q=p.dn}else{q=new a(p.dn)}}}else{if(p.ldapdn!==undefined){A="a4";y=true;q=new a({ldapstr:p.ldapdn})}else{if(p.certissuer!==undefined||p.certsubj!==undefined){A="a4";y=true;var n,o;var z=null;if(p.certsubj!==undefined){n=false;o=p.certsubj}else{n=true;o=p.certissuer}if(o.match(/^[0-9A-Fa-f]+$/)){z==o}if(o.indexOf("-----BEGIN ")!=-1){z=pemtohex(o)}if(z==null){throw new Error("certsubj/certissuer not cert")}var w=new X509();w.hex=z;var s;if(n){s=w.getIssuerHex()}else{s=w.getSubjectHex()}q=new m();q.hTLV=s}else{if(p.uri!==undefined){A="86";q=new e({str:p.uri})}else{if(p.ip!==undefined){A="87";var v;var t=p.ip;try{if(t.match(/^[0-9a-f]+$/)){var r=t.length;if(r==8||r==16||r==32||r==64){v=t}else{throw"err"}}else{v=iptohex(t)}}catch(u){throw new j("malformed IP address: "+p.ip+":"+u.message)}q=new k({hex:v})}else{throw new j("improper params")}}}}}}}}var B=new c({tag:A,explicit:y,obj:q});return B.tohex()};this.getEncodedHex=function(){return this.tohex()};if(f!==undefined){this.setByParam(f)}};extendClass(KJUR.asn1.x509.GeneralName,KJUR.asn1.ASN1Object);KJUR.asn1.x509.GeneralNames=function(d){KJUR.asn1.x509.GeneralNames.superclass.constructor.call(this);var a=null,c=KJUR,b=c.asn1;this.setByParamArray=function(g){for(var e=0;e0){n.push(new c({tag:"a3",obj:new j(q.ext)}))}var o=new KJUR.asn1.DERSequence({array:n});return o.tohex()};this.getEncodedHex=function(){return this.tohex()};if(f!==undefined){this.setByParam(f)}};extendClass(KJUR.asn1.x509.TBSCertificate,KJUR.asn1.ASN1Object);KJUR.asn1.x509.Extensions=function(d){KJUR.asn1.x509.Extensions.superclass.constructor.call(this);var c=KJUR,b=c.asn1,a=b.DERSequence,e=b.x509;this.aParam=[];this.setByParam=function(f){this.aParam=f};this.tohex=function(){var f=[];for(var h=0;h-1){i.push(new f({"int":this.pathLen}))}var h=new b({array:i});this.asn1ExtnValue=h;return this.asn1ExtnValue.tohex()};this.oid="2.5.29.19";this.cA=false;this.pathLen=-1;if(g!==undefined){if(g.cA!==undefined){this.cA=g.cA}if(g.pathLen!==undefined){this.pathLen=g.pathLen}}};extendClass(KJUR.asn1.x509.BasicConstraints,KJUR.asn1.x509.Extension);KJUR.asn1.x509.CRLDistributionPoints=function(d){KJUR.asn1.x509.CRLDistributionPoints.superclass.constructor.call(this,d);var b=KJUR,a=b.asn1,c=a.x509;this.getExtnValueHex=function(){return this.asn1ExtnValue.tohex()};this.setByDPArray=function(e){var f=[];for(var g=0;g0){f.push(new b({array:j}))}}var g=new b({array:f});return g.tohex()};this.getEncodedHex=function(){return this.tohex()};if(d!==undefined){this.params=d}};extendClass(KJUR.asn1.x509.PolicyInformation,KJUR.asn1.ASN1Object);KJUR.asn1.x509.PolicyQualifierInfo=function(e){KJUR.asn1.x509.PolicyQualifierInfo.superclass.constructor.call(this,e);var c=KJUR.asn1,b=c.DERSequence,d=c.DERIA5String,f=c.DERObjectIdentifier,a=c.x509.UserNotice;this.params=null;this.tohex=function(){if(this.params.cps!==undefined){var g=new b({array:[new f({oid:"1.3.6.1.5.5.7.2.1"}),new d({str:this.params.cps})]});return g.tohex()}if(this.params.unotice!=undefined){var g=new b({array:[new f({oid:"1.3.6.1.5.5.7.2.2"}),new a(this.params.unotice)]});return g.tohex()}};this.getEncodedHex=function(){return this.tohex()};if(e!==undefined){this.params=e}};extendClass(KJUR.asn1.x509.PolicyQualifierInfo,KJUR.asn1.ASN1Object);KJUR.asn1.x509.UserNotice=function(e){KJUR.asn1.x509.UserNotice.superclass.constructor.call(this,e);var a=KJUR.asn1.DERSequence,d=KJUR.asn1.DERInteger,c=KJUR.asn1.x509.DisplayText,b=KJUR.asn1.x509.NoticeReference;this.params=null;this.tohex=function(){var f=[];if(this.params.noticeref!==undefined){f.push(new b(this.params.noticeref))}if(this.params.exptext!==undefined){f.push(new c(this.params.exptext))}var g=new a({array:f});return g.tohex()};this.getEncodedHex=function(){return this.tohex()};if(e!==undefined){this.params=e}};extendClass(KJUR.asn1.x509.UserNotice,KJUR.asn1.ASN1Object);KJUR.asn1.x509.NoticeReference=function(d){KJUR.asn1.x509.NoticeReference.superclass.constructor.call(this,d);var a=KJUR.asn1.DERSequence,c=KJUR.asn1.DERInteger,b=KJUR.asn1.x509.DisplayText;this.params=null;this.tohex=function(){var f=[];if(this.params.org!==undefined){f.push(new b(this.params.org))}if(this.params.noticenum!==undefined){var h=[];var e=this.params.noticenum;for(var j=0;j0){for(var g=0;g0;f++){var h=c.shift();if(e===true){var d=b.pop();var j=(d+","+h).replace(/\\,/g,",");b.push(j);e=false}else{b.push(h)}if(h.substr(-1,1)==="\\"){e=true}}b=b.map(function(a){return a.replace("/","\\/")});b.reverse();return"/"+b.join("/")};KJUR.asn1.x509.X500Name.ldapToOneline=function(a){return KJUR.asn1.x509.X500Name.ldapToCompat(a)};KJUR.asn1.x509.RDN=function(b){KJUR.asn1.x509.RDN.superclass.constructor.call(this);this.asn1Array=[];this.paramArray=[];this.sRule="utf8";var a=KJUR.asn1.x509.AttributeTypeAndValue;this.setByParam=function(c){if(c.rule!==undefined){this.sRule=c.rule}if(c.str!==undefined){this.addByMultiValuedString(c.str)}if(c.array!==undefined){this.paramArray=c.array}};this.addByString=function(c){this.asn1Array.push(new KJUR.asn1.x509.AttributeTypeAndValue({str:c,rule:this.sRule}))};this.addByMultiValuedString=function(e){var c=KJUR.asn1.x509.RDN.parseString(e);for(var d=0;d0){for(var d=0;d0;g++){var k=j.shift();if(h===true){var f=c.pop();var d=(f+"+"+k).replace(/\\\+/g,"+");c.push(d);h=false}else{c.push(k)}if(k.substr(-1,1)==="\\"){h=true}}var l=false;var b=[];for(var g=0;c.length>0;g++){var k=c.shift();if(l===true){var e=b.pop();if(k.match(/"$/)){var d=(e+"+"+k).replace(/^([^=]+)="(.*)"$/,"$1=$2");b.push(d);l=false}else{b.push(e+"+"+k)}}else{b.push(k)}if(k.match(/^[^=]+="/)){l=true}}return b};KJUR.asn1.x509.AttributeTypeAndValue=function(c){KJUR.asn1.x509.AttributeTypeAndValue.superclass.constructor.call(this);this.sRule="utf8";this.sType=null;this.sValue=null;this.dsType=null;var a=KJUR,g=a.asn1,d=g.DERSequence,l=g.DERUTF8String,i=g.DERPrintableString,h=g.DERTeletexString,b=g.DERIA5String,e=g.DERVisibleString,k=g.DERBMPString,f=a.lang.String.isMail,j=a.lang.String.isPrintable;this.setByParam=function(o){if(o.rule!==undefined){this.sRule=o.rule}if(o.ds!==undefined){this.dsType=o.ds}if(o.value===undefined&&o.str!==undefined){var n=o.str;var m=n.match(/^([^=]+)=(.+)$/);if(m){this.sType=m[1];this.sValue=m[2]}else{throw new Error("malformed attrTypeAndValueStr: "+attrTypeAndValueStr)}}else{this.sType=o.type;this.sValue=o.value}};this.setByString=function(n,o){if(o!==undefined){this.sRule=o}var m=n.match(/^([^=]+)=(.+)$/);if(m){this.setByAttrTypeAndValueStr(m[1],m[2])}else{throw new Error("malformed attrTypeAndValueStr: "+attrTypeAndValueStr)}};this._getDsType=function(){var o=this.sType;var n=this.sValue;var m=this.sRule;if(m==="prn"){if(o=="CN"&&f(n)){return"ia5"}if(j(n)){return"prn"}return"utf8"}else{if(m==="utf8"){if(o=="CN"&&f(n)){return"ia5"}if(o=="C"){return"prn"}return"utf8"}}return"utf8"};this.setByAttrTypeAndValueStr=function(o,n,m){if(m!==undefined){this.sRule=m}this.sType=o;this.sValue=n};this.getValueObj=function(n,m){if(n=="utf8"){return new l({str:m})}if(n=="prn"){return new i({str:m})}if(n=="tel"){return new h({str:m})}if(n=="ia5"){return new b({str:m})}if(n=="vis"){return new e({str:m})}if(n=="bmp"){return new k({str:m})}throw new Error("unsupported directory string type: type="+n+" value="+m)};this.tohex=function(){if(this.dsType==null){this.dsType=this._getDsType()}var n=KJUR.asn1.x509.OID.atype2obj(this.sType);var m=this.getValueObj(this.dsType,this.sValue);var p=new d({array:[n,m]});this.TLV=p.tohex();return this.TLV};this.getEncodedHex=function(){return this.tohex()};if(c!==undefined){this.setByParam(c)}};extendClass(KJUR.asn1.x509.AttributeTypeAndValue,KJUR.asn1.ASN1Object);KJUR.asn1.x509.SubjectPublicKeyInfo=function(f){KJUR.asn1.x509.SubjectPublicKeyInfo.superclass.constructor.call(this);var l=null,k=null,a=KJUR,j=a.asn1,i=j.DERInteger,b=j.DERBitString,m=j.DERObjectIdentifier,e=j.DERSequence,h=j.ASN1Util.newObject,d=j.x509,o=d.AlgorithmIdentifier,g=a.crypto,n=g.ECDSA,c=g.DSA;this.getASN1Object=function(){if(this.asn1AlgId==null||this.asn1SubjPKey==null){throw"algId and/or subjPubKey not set"}var p=new e({array:[this.asn1AlgId,this.asn1SubjPKey]});return p};this.tohex=function(){var p=this.getASN1Object();this.hTLV=p.tohex();return this.hTLV};this.getEncodedHex=function(){return this.tohex()};this.setPubKey=function(q){try{if(q instanceof RSAKey){var u=h({seq:[{"int":{bigint:q.n}},{"int":{"int":q.e}}]});var s=u.tohex();this.asn1AlgId=new o({name:"rsaEncryption"});this.asn1SubjPKey=new b({hex:"00"+s})}}catch(p){}try{if(q instanceof KJUR.crypto.ECDSA){var r=new m({name:q.curveName});this.asn1AlgId=new o({name:"ecPublicKey",asn1params:r});this.asn1SubjPKey=new b({hex:"00"+q.pubKeyHex})}}catch(p){}try{if(q instanceof KJUR.crypto.DSA){var r=new h({seq:[{"int":{bigint:q.p}},{"int":{bigint:q.q}},{"int":{bigint:q.g}}]});this.asn1AlgId=new o({name:"dsa",asn1params:r});var t=new i({bigint:q.y});this.asn1SubjPKey=new b({hex:"00"+t.tohex()})}}catch(p){}};if(f!==undefined){this.setPubKey(f)}};extendClass(KJUR.asn1.x509.SubjectPublicKeyInfo,KJUR.asn1.ASN1Object);KJUR.asn1.x509.Time=function(f){KJUR.asn1.x509.Time.superclass.constructor.call(this);var e=null,a=null,d=KJUR,c=d.asn1,b=c.DERUTCTime,g=c.DERGeneralizedTime;this.params=null;this.type=null;this.setTimeParams=function(h){this.timeParams=h};this.setByParam=function(h){this.params=h};this.getType=function(h){if(h.match(/^[0-9]{12}Z$/)){return"utc"}if(h.match(/^[0-9]{14}Z$/)){return"gen"}if(h.match(/^[0-9]{12}\.[0-9]+Z$/)){return"utc"}if(h.match(/^[0-9]{14}\.[0-9]+Z$/)){return"gen"}return null};this.tohex=function(){var i=this.params;var h=null;if(typeof i=="string"){i={str:i}}if(i!=null&&i.str&&(i.type==null||i.type==undefined)){i.type=this.getType(i.str)}if(i!=null&&i.str){if(i.type=="utc"){h=new b(i.str)}if(i.type=="gen"){h=new g(i.str)}}else{if(this.type=="gen"){h=new g()}else{h=new b()}}if(h==null){throw new Error("wrong setting for Time")}this.TLV=h.tohex();return this.TLV};this.getEncodedHex=function(){return this.tohex()};if(f!=undefined){this.setByParam(f)}};KJUR.asn1.x509.Time_bak=function(f){KJUR.asn1.x509.Time_bak.superclass.constructor.call(this);var e=null,a=null,d=KJUR,c=d.asn1,b=c.DERUTCTime,g=c.DERGeneralizedTime;this.setTimeParams=function(h){this.timeParams=h};this.tohex=function(){var h=null;if(this.timeParams!=null){if(this.type=="utc"){h=new b(this.timeParams)}else{h=new g(this.timeParams)}}else{if(this.type=="utc"){h=new b()}else{h=new g()}}this.TLV=h.tohex();return this.TLV};this.getEncodedHex=function(){return this.tohex()};this.type="utc";if(f!==undefined){if(f.type!==undefined){this.type=f.type}else{if(f.str!==undefined){if(f.str.match(/^[0-9]{12}Z$/)){this.type="utc"}if(f.str.match(/^[0-9]{14}Z$/)){this.type="gen"}}}this.timeParams=f}};extendClass(KJUR.asn1.x509.Time,KJUR.asn1.ASN1Object);KJUR.asn1.x509.AlgorithmIdentifier=function(e){KJUR.asn1.x509.AlgorithmIdentifier.superclass.constructor.call(this);this.nameAlg=null;this.asn1Alg=null;this.asn1Params=null;this.paramEmpty=false;var b=KJUR,a=b.asn1,c=a.x509.AlgorithmIdentifier.PSSNAME2ASN1TLV;this.tohex=function(){if(this.nameAlg===null&&this.asn1Alg===null){throw new Error("algorithm not specified")}if(this.nameAlg!==null){var f=null;for(var h in c){if(h===this.nameAlg){f=c[h]}}if(f!==null){this.hTLV=f;return this.hTLV}}if(this.nameAlg!==null&&this.asn1Alg===null){this.asn1Alg=a.x509.OID.name2obj(this.nameAlg)}var g=[this.asn1Alg];if(this.asn1Params!==null){g.push(this.asn1Params)}var i=new a.DERSequence({array:g});this.hTLV=i.tohex();return this.hTLV};this.getEncodedHex=function(){return this.tohex()};if(e!==undefined){if(e.name!==undefined){this.nameAlg=e.name}if(e.asn1params!==undefined){this.asn1Params=e.asn1params}if(e.paramempty!==undefined){this.paramEmpty=e.paramempty}}if(this.asn1Params===null&&this.paramEmpty===false&&this.nameAlg!==null){if(this.nameAlg.name!==undefined){this.nameAlg=this.nameAlg.name}var d=this.nameAlg.toLowerCase();if(d.substr(-7,7)!=="withdsa"&&d.substr(-9,9)!=="withecdsa"){this.asn1Params=new a.DERNull()}}};extendClass(KJUR.asn1.x509.AlgorithmIdentifier,KJUR.asn1.ASN1Object);KJUR.asn1.x509.AlgorithmIdentifier.PSSNAME2ASN1TLV={SHAwithRSAandMGF1:"300d06092a864886f70d01010a3000",SHA256withRSAandMGF1:"303d06092a864886f70d01010a3030a00d300b0609608648016503040201a11a301806092a864886f70d010108300b0609608648016503040201a203020120",SHA384withRSAandMGF1:"303d06092a864886f70d01010a3030a00d300b0609608648016503040202a11a301806092a864886f70d010108300b0609608648016503040202a203020130",SHA512withRSAandMGF1:"303d06092a864886f70d01010a3030a00d300b0609608648016503040203a11a301806092a864886f70d010108300b0609608648016503040203a203020140"};KJUR.asn1.x509.GeneralName=function(f){KJUR.asn1.x509.GeneralName.superclass.constructor.call(this);var l={rfc822:"81",dns:"82",dn:"a4",uri:"86",ip:"87",otherName:"a0"},b=KJUR,h=b.asn1,d=h.x509,a=d.X500Name,g=d.OtherName,e=h.DERIA5String,i=h.DERPrintableString,k=h.DEROctetString,c=h.DERTaggedObject,m=h.ASN1Object,j=Error;this.params=null;this.setByParam=function(n){this.params=n};this.tohex=function(){var p=this.params;var A,y,q;var y=false;if(p.other!==undefined){A="a0",q=new g(p.other)}else{if(p.rfc822!==undefined){A="81";q=new e({str:p.rfc822})}else{if(p.dns!==undefined){A="82";q=new e({str:p.dns})}else{if(p.dn!==undefined){A="a4";y=true;if(typeof p.dn==="string"){q=new a({str:p.dn})}else{if(p.dn instanceof KJUR.asn1.x509.X500Name){q=p.dn}else{q=new a(p.dn)}}}else{if(p.ldapdn!==undefined){A="a4";y=true;q=new a({ldapstr:p.ldapdn})}else{if(p.certissuer!==undefined||p.certsubj!==undefined){A="a4";y=true;var n,o;var z=null;if(p.certsubj!==undefined){n=false;o=p.certsubj}else{n=true;o=p.certissuer}if(o.match(/^[0-9A-Fa-f]+$/)){z==o}if(o.indexOf("-----BEGIN ")!=-1){z=pemtohex(o)}if(z==null){throw new Error("certsubj/certissuer not cert")}var w=new X509();w.hex=z;var s;if(n){s=w.getIssuerHex()}else{s=w.getSubjectHex()}q=new m();q.hTLV=s}else{if(p.uri!==undefined){A="86";q=new e({str:p.uri})}else{if(p.ip!==undefined){A="87";var v;var t=p.ip;try{if(t.match(/^[0-9a-f]+$/)){var r=t.length;if(r==8||r==16||r==32||r==64){v=t}else{throw"err"}}else{v=iptohex(t)}}catch(u){throw new j("malformed IP address: "+p.ip+":"+u.message)}q=new k({hex:v})}else{throw new j("improper params")}}}}}}}}var B=new c({tag:A,explicit:y,obj:q});return B.tohex()};this.getEncodedHex=function(){return this.tohex()};if(f!==undefined){this.setByParam(f)}};extendClass(KJUR.asn1.x509.GeneralName,KJUR.asn1.ASN1Object);KJUR.asn1.x509.GeneralNames=function(d){KJUR.asn1.x509.GeneralNames.superclass.constructor.call(this);var a=null,c=KJUR,b=c.asn1;this.setByParamArray=function(g){for(var e=0;e>6);var i=128|(a&63);return hextoutf8(j.toString(16)+i.toString(16))}var j=224|((h&240)>>4);var i=128|((h&15)<<2)|((a&192)>>6);var g=128|(a&63);return hextoutf8(j.toString(16)+i.toString(16)+g.toString(16))}var c=d.match(/.{4}/g);var b=c.map(e);return b.join("")}function encodeURIComponentAll(a){var d=encodeURIComponent(a);var b="";for(var c=0;c"7"){return"00"+a}return a}function intarystrtohex(b){b=b.replace(/^\s*\[\s*/,"");b=b.replace(/\s*\]\s*$/,"");b=b.replace(/\s*/g,"");try{var c=b.split(/,/).map(function(g,e,h){var f=parseInt(g);if(f<0||255a.length){d=a.length}for(var b=0;b0){o=o+"."+k.join(".")}return o}catch(j){return null}}var strpad=function(c,b,a){if(a==undefined){a="0"}if(c.length>=b){return c}return new Array(b-c.length+1).join(a)+c};function bitstrtoint(e){if(e.length%2!=0){return -1}e=e.toLowerCase();if(e.match(/^[0-9a-f]+$/)==null){return -1}try{var a=e.substr(0,2);if(a=="00"){return parseInt(e.substr(2),16)}var b=parseInt(a,16);if(b>7){return -1}var g=e.substr(2);var d=parseInt(g,16).toString(2);if(d=="0"){d="00000000"}d=d.slice(0,0-b);var f=parseInt(d,2);if(f==NaN){return -1}return f}catch(c){return -1}}function inttobitstr(e){if(typeof e!="number"){return null}if(e<0){return null}var c=Number(e).toString(2);var b=8-c.length%8;if(b==8){b=0}c=c+strpad("",b,"0");var d=parseInt(c,2).toString(16);if(d.length%2==1){d="0"+d}var a="0"+b;return a+d}function bitstrtobinstr(g){if(typeof g!="string"){return null}if(g.length%2!=0){return null}if(!g.match(/^[0-9a-f]+$/)){return null}try{var c=parseInt(g.substr(0,2),16);if(c<0||7=0;a--){c+=b[a]}return c}function aryval(e,c,d){if(typeof e!="object"){return undefined}var c=String(c).split(".");for(var b=0;b>6);var i=128|(a&63);return hextoutf8(j.toString(16)+i.toString(16))}var j=224|((h&240)>>4);var i=128|((h&15)<<2)|((a&192)>>6);var g=128|(a&63);return hextoutf8(j.toString(16)+i.toString(16)+g.toString(16))}var c=d.match(/.{4}/g);var b=c.map(e);return b.join("")}function encodeURIComponentAll(a){var d=encodeURIComponent(a);var b="";for(var c=0;c"7"){return"00"+a}return a}function intarystrtohex(b){b=b.replace(/^\s*\[\s*/,"");b=b.replace(/\s*\]\s*$/,"");b=b.replace(/\s*/g,"");try{var c=b.split(/,/).map(function(g,e,h){var f=parseInt(g);if(f<0||255a.length){d=a.length}for(var b=0;b0){o=o+"."+k.join(".")}return o}catch(j){return null}}var strpad=function(c,b,a){if(a==undefined){a="0"}if(c.length>=b){return c}return new Array(b-c.length+1).join(a)+c};function bitstrtoint(e){if(e.length%2!=0){return -1}e=e.toLowerCase();if(e.match(/^[0-9a-f]+$/)==null){return -1}try{var a=e.substr(0,2);if(a=="00"){return parseInt(e.substr(2),16)}var b=parseInt(a,16);if(b>7){return -1}var g=e.substr(2);var d=parseInt(g,16).toString(2);if(d=="0"){d="00000000"}d=d.slice(0,0-b);var f=parseInt(d,2);if(f==NaN){return -1}return f}catch(c){return -1}}function inttobitstr(e){if(typeof e!="number"){return null}if(e<0){return null}var c=Number(e).toString(2);var b=8-c.length%8;if(b==8){b=0}c=c+strpad("",b,"0");var d=parseInt(c,2).toString(16);if(d.length%2==1){d="0"+d}var a="0"+b;return a+d}function bitstrtobinstr(g){if(typeof g!="string"){return null}if(g.length%2!=0){return null}if(!g.match(/^[0-9a-f]+$/)){return null}try{var c=parseInt(g.substr(0,2),16);if(c<0||7=0;a--){c+=b[a]}return c}function aryval(e,c,d){if(typeof e!="object"){return undefined}var c=String(c).split(".");for(var b=0;b0){return z}return undefined}catch(B){return undefined}};this._asn1ToNoticeRef=function(F){try{var A={};var B=aryval(F,"seq");for(var D=0;D0){return A}return undefined}catch(C){return undefined}};this._asn1ToNoticeNum=function(E){try{var A=aryval(E,"seq");var z=[];for(var C=0;C1){var G=b(C,B[1]);var A=this.getGeneralName(G);if(A.uri!=undefined){z.uri=A.uri}}if(B.length>2){var D=b(C,B[2]);if(D=="0101ff"){z.reqauth=true}if(D=="010100"){z.reqauth=false}}return z};var e=function(E){var z={};try{var B=E.seq[0].oid;var D=KJUR.asn1.x509.OID.name2oid(B);z.type=KJUR.asn1.x509.OID.oid2atype(D);var A=E.seq[1];if(A.utf8str!=undefined){z.ds="utf8";z.value=A.utf8str.str}else{if(A.numstr!=undefined){z.ds="num";z.value=A.numstr.str}else{if(A.telstr!=undefined){z.ds="tel";z.value=A.telstr.str}else{if(A.prnstr!=undefined){z.ds="prn";z.value=A.prnstr.str}else{if(A.ia5str!=undefined){z.ds="ia5";z.value=A.ia5str.str}else{if(A.visstr!=undefined){z.ds="vis";z.value=A.visstr.str}else{if(A.bmpstr!=undefined){z.ds="bmp";z.value=A.bmpstr.str}else{throw"error"}}}}}}}return z}catch(C){throw new Erorr("improper ASN.1 parsed AttrTypeAndValue")}};var i=function(A){try{return A.set.map(function(B){return e(B)})}catch(z){throw new Error("improper ASN.1 parsed RDN: "+z)}};var h=function(A){try{return A.seq.map(function(B){return i(B)})}catch(z){throw new Error("improper ASN.1 parsed X500Name: "+z)}};this.getX500NameRule=function(z){var G=true;var K=true;var J=false;var A="";var D="";var M=null;var H=[];for(var C=0;C0){z.ext=this.getExtParamArray()}z.sighex=this.getSignatureValueHex();if(A.tbshex==true){z.tbshex=a(this.hex,0,[0])}if(A.nodnarray==true){delete z.issuer.array;delete z.subject.array}return z};this.getExtParamArray=function(A){if(A==undefined){var C=f(this.hex,0,[0,"[3]"]);if(C!=-1){A=q(this.hex,0,[0,"[3]",0],"30")}}var z=[];var B=s(A,0);for(var D=0;D0){return z}return undefined}catch(B){return undefined}};this._asn1ToNoticeRef=function(F){try{var A={};var B=aryval(F,"seq");for(var D=0;D0){return A}return undefined}catch(C){return undefined}};this._asn1ToNoticeNum=function(E){try{var A=aryval(E,"seq");var z=[];for(var C=0;C1){var G=b(C,B[1]);var A=this.getGeneralName(G);if(A.uri!=undefined){z.uri=A.uri}}if(B.length>2){var D=b(C,B[2]);if(D=="0101ff"){z.reqauth=true}if(D=="010100"){z.reqauth=false}}return z};this.getExtSubjectDirectoryAttributes=function(H,G){if(H===undefined&&G===undefined){var B=this.getExtInfo("subjectDirectoryAttributes");if(B===undefined){return undefined}H=b(this.hex,B.vidx);G=B.critical}var I={extname:"subjectDirectoryAttributes"};if(G){I.critical=true}try{var z=j(H);for(var D=0;D0){z.ext=this.getExtParamArray()}z.sighex=this.getSignatureValueHex();if(A.tbshex==true){z.tbshex=a(this.hex,0,[0])}if(A.nodnarray==true){delete z.issuer.array;delete z.subject.array}return z};this.getExtParamArray=function(A){if(A==undefined){var C=f(this.hex,0,[0,"[3]"]);if(C!=-1){A=q(this.hex,0,[0,"[3]",0],"30")}}var z=[];var B=s(A,0);for(var D=0;D=0;){delete D[n[A]]}}}return q.call(C,B,D)};x=s({"":x},"")}return x}})(); if(typeof KJUR=="undefined"||!KJUR){KJUR={}}if(typeof KJUR.asn1=="undefined"||!KJUR.asn1){KJUR.asn1={}}KJUR.asn1.ASN1Util=new function(){this.integerToByteHex=function(a){var b=a.toString(16);if((b.length%2)==1){b="0"+b}return b};this.bigIntToMinTwosComplementsHex=function(j){var f=j.toString(16);if(f.substr(0,1)!="-"){if(f.length%2==1){f="0"+f}else{if(!f.match(/^[0-7]/)){f="00"+f}}}else{var a=f.substr(1);var e=a.length;if(e%2==1){e+=1}else{if(!f.match(/^[0-7]/)){e+=2}}var g="";for(var d=0;d15){throw new Error("ASN.1 length too long to represent by 8x: n = "+j.toString(16))}var g=128+h;return g.toString(16)+i}};this.tohex=function(){if(this.hTLV==null||this.isModified){this.hV=this.getFreshValueHex();this.hL=this.getLengthHexFromValue();this.hTLV=this.hT+this.hL+this.hV;this.isModified=false}return this.hTLV};this.getEncodedHex=function(){return this.tohex()};this.getValueHex=function(){this.tohex();return this.hV};this.getFreshValueHex=function(){return""};this.setByParam=function(g){this.params=g};if(e!=undefined){if(e.tlv!=undefined){this.hTLV=e.tlv;this.isModified=false}}};KJUR.asn1.DERAbstractString=function(c){KJUR.asn1.DERAbstractString.superclass.constructor.call(this);var b=null;var a=null;this.getString=function(){return this.s};this.setString=function(d){this.hTLV=null;this.isModified=true;this.s=d;this.hV=utf8tohex(this.s).toLowerCase()};this.setStringHex=function(d){this.hTLV=null;this.isModified=true;this.s=null;this.hV=d};this.getFreshValueHex=function(){return this.hV};if(typeof c!="undefined"){if(typeof c=="string"){this.setString(c)}else{if(typeof c.str!="undefined"){this.setString(c.str)}else{if(typeof c.hex!="undefined"){this.setStringHex(c.hex)}}}}};extendClass(KJUR.asn1.DERAbstractString,KJUR.asn1.ASN1Object);KJUR.asn1.DERAbstractTime=function(c){KJUR.asn1.DERAbstractTime.superclass.constructor.call(this);var b=null;var a=null;this.localDateToUTC=function(g){var e=g.getTime()+(g.getTimezoneOffset()*60000);var f=new Date(e);return f};this.formatDate=function(m,o,e){var g=this.zeroPadding;var n=this.localDateToUTC(m);var p=String(n.getFullYear());if(o=="utc"){p=p.substr(2,2)}var l=g(String(n.getMonth()+1),2);var q=g(String(n.getDate()),2);var h=g(String(n.getHours()),2);var i=g(String(n.getMinutes()),2);var j=g(String(n.getSeconds()),2);var r=p+l+q+h+i+j;if(e===true){var f=n.getMilliseconds();if(f!=0){var k=g(String(f),3);k=k.replace(/[0]+$/,"");r=r+"."+k}}return r+"Z"};this.zeroPadding=function(e,d){if(e.length>=d){return e}return new Array(d-e.length+1).join("0")+e};this.setByParam=function(d){this.hV=null;this.hTLV=null;this.params=d};this.getString=function(){return undefined};this.setString=function(d){this.hTLV=null;this.isModified=true;if(this.params==undefined){this.params={}}this.params.str=d};this.setByDate=function(d){this.hTLV=null;this.isModified=true;if(this.params==undefined){this.params={}}this.params.date=d};this.setByDateValue=function(h,j,e,d,f,g){var i=new Date(Date.UTC(h,j-1,e,d,f,g,0));this.setByDate(i)};this.getFreshValueHex=function(){return this.hV}};extendClass(KJUR.asn1.DERAbstractTime,KJUR.asn1.ASN1Object);KJUR.asn1.DERAbstractStructured=function(b){KJUR.asn1.DERAbstractString.superclass.constructor.call(this);var a=null;this.setByASN1ObjectArray=function(c){this.hTLV=null;this.isModified=true;this.asn1Array=c};this.appendASN1Object=function(c){this.hTLV=null;this.isModified=true;this.asn1Array.push(c)};this.asn1Array=new Array();if(typeof b!="undefined"){if(typeof b.array!="undefined"){this.asn1Array=b.array}}};extendClass(KJUR.asn1.DERAbstractStructured,KJUR.asn1.ASN1Object);KJUR.asn1.DERBoolean=function(a){KJUR.asn1.DERBoolean.superclass.constructor.call(this);this.hT="01";if(a==false){this.hTLV="010100"}else{this.hTLV="0101ff"}};extendClass(KJUR.asn1.DERBoolean,KJUR.asn1.ASN1Object);KJUR.asn1.DERInteger=function(b){KJUR.asn1.DERInteger.superclass.constructor.call(this);this.hT="02";this.params=null;var a=KJUR.asn1.ASN1Util.bigIntToMinTwosComplementsHex;this.setByBigInteger=function(c){this.isModified=true;this.params={bigint:c}};this.setByInteger=function(c){this.isModified=true;this.params=c};this.setValueHex=function(c){this.isModified=true;this.params={hex:c}};this.getFreshValueHex=function(){var d=this.params;var c=null;if(d==null){throw new Error("value not set")}if(typeof d=="object"&&d.hex!=undefined){this.hV=d.hex;return this.hV}if(typeof d=="number"){c=new BigInteger(String(d),10)}else{if(d["int"]!=undefined){c=new BigInteger(String(d["int"]),10)}else{if(d.bigint!=undefined){c=d.bigint}else{throw new Error("wrong parameter")}}}this.hV=a(c);return this.hV};if(b!=undefined){this.params=b}};extendClass(KJUR.asn1.DERInteger,KJUR.asn1.ASN1Object);KJUR.asn1.DERBitString=function(b){if(b!==undefined&&typeof b.obj!=="undefined"){var a=KJUR.asn1.ASN1Util.newObject(b.obj);b.hex="00"+a.tohex()}KJUR.asn1.DERBitString.superclass.constructor.call(this);this.hT="03";this.setHexValueIncludingUnusedBits=function(c){this.hTLV=null;this.isModified=true;this.hV=c};this.setUnusedBitsAndHexValue=function(c,e){if(c<0||7=f){break}}return j};ASN1HEX.getNthChildIdx=function(d,b,e){var c=ASN1HEX.getChildIdx(d,b);return c[e]};ASN1HEX.getIdxbyList=function(e,d,c,i){var g=ASN1HEX;var f,b;if(c.length==0){if(i!==undefined){if(e.substr(d,2)!==i){return -1}}return d}f=c.shift();b=g.getChildIdx(e,d);if(f>=b.length){return -1}return g.getIdxbyList(e,b[f],c,i)};ASN1HEX.getIdxbyListEx=function(f,k,b,g){var m=ASN1HEX;var d,l;if(b.length==0){if(g!==undefined){if(f.substr(k,2)!==g){return -1}}return k}d=b.shift();l=m.getChildIdx(f,k);var j=0;for(var e=0;e=d.length){return null}return e.getTLV(d,a)};ASN1HEX.getTLVbyListEx=function(d,c,b,f){var e=ASN1HEX;var a=e.getIdxbyListEx(d,c,b,f);if(a==-1){return null}return e.getTLV(d,a)};ASN1HEX.getVbyList=function(e,c,b,g,i){var f=ASN1HEX;var a,d;a=f.getIdxbyList(e,c,b,g);if(a==-1){return null}if(a>=e.length){return null}d=f.getV(e,a);if(i===true){d=d.substr(2)}return d};ASN1HEX.getVbyListEx=function(b,e,a,d,f){var j=ASN1HEX;var g,c,i;g=j.getIdxbyListEx(b,e,a,d);if(g==-1){return null}i=j.getV(b,g);if(b.substr(g,2)=="03"&&f!==false){i=i.substr(2)}return i};ASN1HEX.getInt=function(e,b,f){if(f==undefined){f=-1}try{var c=e.substr(b,2);if(c!="02"&&c!="03"){return f}var a=ASN1HEX.getV(e,b);if(c=="02"){return parseInt(a,16)}else{return bitstrtoint(a)}}catch(d){return f}};ASN1HEX.getOID=function(c,a,d){if(d==undefined){d=null}try{if(c.substr(a,2)!="06"){return d}var e=ASN1HEX.getV(c,a);return hextooid(e)}catch(b){return d}};ASN1HEX.getOIDName=function(d,a,f){if(f==undefined){f=null}try{var e=ASN1HEX.getOID(d,a,f);if(e==f){return f}var b=KJUR.asn1.x509.OID.oid2name(e);if(b==""){return e}return b}catch(c){return f}};ASN1HEX.getString=function(d,b,e){if(e==undefined){e=null}try{var a=ASN1HEX.getV(d,b);return hextorstr(a)}catch(c){return e}};ASN1HEX.hextooidstr=function(e){var h=function(b,a){if(b.length>=a){return b}return new Array(a-b.length+1).join("0")+b};var l=[];var o=e.substr(0,2);var f=parseInt(o,16);l[0]=new String(Math.floor(f/40));l[1]=new String(f%40);var m=e.substr(2);var k=[];for(var g=0;g0){n=n+"."+j.join(".")}return n};ASN1HEX.dump=function(t,c,l,g){var p=ASN1HEX;var j=p.getV;var y=p.dump;var w=p.getChildIdx;var e=t;if(t instanceof KJUR.asn1.ASN1Object){e=t.tohex()}var q=function(A,i){if(A.length<=i*2){return A}else{var v=A.substr(0,i)+"..(total "+A.length/2+"bytes).."+A.substr(A.length-i,i);return v}};if(c===undefined){c={ommit_long_octet:32}}if(l===undefined){l=0}if(g===undefined){g=""}var x=c.ommit_long_octet;var z=e.substr(l,2);if(z=="01"){var h=j(e,l);if(h=="00"){return g+"BOOLEAN FALSE\n"}else{return g+"BOOLEAN TRUE\n"}}if(z=="02"){var h=j(e,l);return g+"INTEGER "+q(h,x)+"\n"}if(z=="03"){var h=j(e,l);if(p.isASN1HEX(h.substr(2))){var k=g+"BITSTRING, encapsulates\n";k=k+y(h.substr(2),c,0,g+" ");return k}else{return g+"BITSTRING "+q(h,x)+"\n"}}if(z=="04"){var h=j(e,l);if(p.isASN1HEX(h)){var k=g+"OCTETSTRING, encapsulates\n";k=k+y(h,c,0,g+" ");return k}else{return g+"OCTETSTRING "+q(h,x)+"\n"}}if(z=="05"){return g+"NULL\n"}if(z=="06"){var m=j(e,l);var b=KJUR.asn1.ASN1Util.oidHexToInt(m);var o=KJUR.asn1.x509.OID.oid2name(b);var a=b.replace(/\./g," ");if(o!=""){return g+"ObjectIdentifier "+o+" ("+a+")\n"}else{return g+"ObjectIdentifier ("+a+")\n"}}if(z=="0a"){return g+"ENUMERATED "+parseInt(j(e,l))+"\n"}if(z=="0c"){return g+"UTF8String '"+hextoutf8(j(e,l))+"'\n"}if(z=="13"){return g+"PrintableString '"+hextoutf8(j(e,l))+"'\n"}if(z=="14"){return g+"TeletexString '"+hextoutf8(j(e,l))+"'\n"}if(z=="16"){return g+"IA5String '"+hextoutf8(j(e,l))+"'\n"}if(z=="17"){return g+"UTCTime "+hextoutf8(j(e,l))+"\n"}if(z=="18"){return g+"GeneralizedTime "+hextoutf8(j(e,l))+"\n"}if(z=="1a"){return g+"VisualString '"+hextoutf8(j(e,l))+"'\n"}if(z=="1e"){return g+"BMPString '"+ucs2hextoutf8(j(e,l))+"'\n"}if(z=="30"){if(e.substr(l,4)=="3000"){return g+"SEQUENCE {}\n"}var k=g+"SEQUENCE\n";var d=w(e,l);var f=c;if((d.length==2||d.length==3)&&e.substr(d[0],2)=="06"&&e.substr(d[d.length-1],2)=="04"){var o=p.oidname(j(e,d[0]));var r=JSON.parse(JSON.stringify(c));r.x509ExtName=o;f=r}for(var u=0;u4){return{"enum":{hex:p}}}else{return{"enum":parseInt(p,16)}}}else{if(C=="30"||C=="31"){j[c[C]]=u(x);return j}else{if(C=="14"){var o=q(p);j[c[C]]={str:o};return j}else{if(C=="1e"){var o=n(p);j[c[C]]={str:o};return j}else{if(":0c:12:13:16:17:18:1a:".indexOf(C)!=-1){var o=k(p);j[c[C]]={str:o};return j}else{if(C.match(/^8[0-9]$/)){var o=k(p);if(o==null|o==""){return{tag:{tag:C,explicit:false,hex:p}}}else{if(o.match(/[\x00-\x1F\x7F-\x9F]/)!=null||o.match(/[\u0000-\u001F\u0080–\u009F]/)!=null){return{tag:{tag:C,explicit:false,hex:p}}}else{return{tag:{tag:C,explicit:false,str:o}}}}}else{if(C.match(/^a[0-9]$/)){try{if(!a(p)){throw new Error("not encap")}return{tag:{tag:C,explicit:true,obj:f(p)}}}catch(z){return{tag:{tag:C,explicit:true,hex:p}}}}else{var A=new KJUR.asn1.ASN1Object();A.hV=p;var w=A.getLengthHexFromValue();return{asn1:{tlv:C+w+p}}}}}}}}}}}}}}}};ASN1HEX.isContextTag=function(c,b){c=c.toLowerCase();var f,e;try{f=parseInt(c,16)}catch(d){return -1}if(b===undefined){if((f&192)==128){return true}else{return false}}try{var a=b.match(/^\[[0-9]+\]$/);if(a==null){return false}e=parseInt(b.substr(1,b.length-1),10);if(e>31){return false}if(((f&192)==128)&&((f&31)==e)){return true}return false}catch(d){return false}};ASN1HEX.isASN1HEX=function(e){var d=ASN1HEX;if(e.length%2==1){return false}var c=d.getVblen(e,0);var b=e.substr(0,2);var f=d.getL(e,0);var a=e.length-b.length-f.length;if(a==c*2){return true}return false};ASN1HEX.checkStrictDER=function(g,o,d,c,r){var s=ASN1HEX;if(d===undefined){if(typeof g!="string"){throw new Error("not hex string")}g=g.toLowerCase();if(!KJUR.lang.String.isHex(g)){throw new Error("not hex string")}d=g.length;c=g.length/2;if(c<128){r=1}else{r=Math.ceil(c.toString(16))+1}}var k=s.getL(g,o);if(k.length>r*2){throw new Error("L of TLV too long: idx="+o)}var n=s.getVblen(g,o);if(n>c){throw new Error("value of L too long than hex: idx="+o)}var q=s.getTLV(g,o);var f=q.length-2-s.getL(g,o).length;if(f!==(n*2)){throw new Error("V string length and L's value not the same:"+f+"/"+(n*2))}if(o===0){if(g.length!=q.length){throw new Error("total length and TLV length unmatch:"+g.length+"!="+q.length)}}var b=g.substr(o,2);if(b==="02"){var a=s.getVidx(g,o);if(g.substr(a,2)=="00"&&g.charCodeAt(a+2)<56){throw new Error("not least zeros for DER INTEGER")}}if(parseInt(b,16)&32){var p=s.getVblen(g,o);var m=0;var l=s.getChildIdx(g,o);for(var e=0;e0){n.push(new c({tag:"a3",obj:new j(q.ext)}))}var o=new KJUR.asn1.DERSequence({array:n});return o.tohex()};this.getEncodedHex=function(){return this.tohex()};if(f!==undefined){this.setByParam(f)}};extendClass(KJUR.asn1.x509.TBSCertificate,KJUR.asn1.ASN1Object);KJUR.asn1.x509.Extensions=function(d){KJUR.asn1.x509.Extensions.superclass.constructor.call(this);var c=KJUR,b=c.asn1,a=b.DERSequence,e=b.x509;this.aParam=[];this.setByParam=function(f){this.aParam=f};this.tohex=function(){var f=[];for(var h=0;h-1){i.push(new f({"int":this.pathLen}))}var h=new b({array:i});this.asn1ExtnValue=h;return this.asn1ExtnValue.tohex()};this.oid="2.5.29.19";this.cA=false;this.pathLen=-1;if(g!==undefined){if(g.cA!==undefined){this.cA=g.cA}if(g.pathLen!==undefined){this.pathLen=g.pathLen}}};extendClass(KJUR.asn1.x509.BasicConstraints,KJUR.asn1.x509.Extension);KJUR.asn1.x509.CRLDistributionPoints=function(d){KJUR.asn1.x509.CRLDistributionPoints.superclass.constructor.call(this,d);var b=KJUR,a=b.asn1,c=a.x509;this.getExtnValueHex=function(){return this.asn1ExtnValue.tohex()};this.setByDPArray=function(e){var f=[];for(var g=0;g0){f.push(new b({array:j}))}}var g=new b({array:f});return g.tohex()};this.getEncodedHex=function(){return this.tohex()};if(d!==undefined){this.params=d}};extendClass(KJUR.asn1.x509.PolicyInformation,KJUR.asn1.ASN1Object);KJUR.asn1.x509.PolicyQualifierInfo=function(e){KJUR.asn1.x509.PolicyQualifierInfo.superclass.constructor.call(this,e);var c=KJUR.asn1,b=c.DERSequence,d=c.DERIA5String,f=c.DERObjectIdentifier,a=c.x509.UserNotice;this.params=null;this.tohex=function(){if(this.params.cps!==undefined){var g=new b({array:[new f({oid:"1.3.6.1.5.5.7.2.1"}),new d({str:this.params.cps})]});return g.tohex()}if(this.params.unotice!=undefined){var g=new b({array:[new f({oid:"1.3.6.1.5.5.7.2.2"}),new a(this.params.unotice)]});return g.tohex()}};this.getEncodedHex=function(){return this.tohex()};if(e!==undefined){this.params=e}};extendClass(KJUR.asn1.x509.PolicyQualifierInfo,KJUR.asn1.ASN1Object);KJUR.asn1.x509.UserNotice=function(e){KJUR.asn1.x509.UserNotice.superclass.constructor.call(this,e);var a=KJUR.asn1.DERSequence,d=KJUR.asn1.DERInteger,c=KJUR.asn1.x509.DisplayText,b=KJUR.asn1.x509.NoticeReference;this.params=null;this.tohex=function(){var f=[];if(this.params.noticeref!==undefined){f.push(new b(this.params.noticeref))}if(this.params.exptext!==undefined){f.push(new c(this.params.exptext))}var g=new a({array:f});return g.tohex()};this.getEncodedHex=function(){return this.tohex()};if(e!==undefined){this.params=e}};extendClass(KJUR.asn1.x509.UserNotice,KJUR.asn1.ASN1Object);KJUR.asn1.x509.NoticeReference=function(d){KJUR.asn1.x509.NoticeReference.superclass.constructor.call(this,d);var a=KJUR.asn1.DERSequence,c=KJUR.asn1.DERInteger,b=KJUR.asn1.x509.DisplayText;this.params=null;this.tohex=function(){var f=[];if(this.params.org!==undefined){f.push(new b(this.params.org))}if(this.params.noticenum!==undefined){var h=[];var e=this.params.noticenum;for(var j=0;j0){for(var g=0;g0;f++){var h=c.shift();if(e===true){var d=b.pop();var j=(d+","+h).replace(/\\,/g,",");b.push(j);e=false}else{b.push(h)}if(h.substr(-1,1)==="\\"){e=true}}b=b.map(function(a){return a.replace("/","\\/")});b.reverse();return"/"+b.join("/")};KJUR.asn1.x509.X500Name.ldapToOneline=function(a){return KJUR.asn1.x509.X500Name.ldapToCompat(a)};KJUR.asn1.x509.RDN=function(b){KJUR.asn1.x509.RDN.superclass.constructor.call(this);this.asn1Array=[];this.paramArray=[];this.sRule="utf8";var a=KJUR.asn1.x509.AttributeTypeAndValue;this.setByParam=function(c){if(c.rule!==undefined){this.sRule=c.rule}if(c.str!==undefined){this.addByMultiValuedString(c.str)}if(c.array!==undefined){this.paramArray=c.array}};this.addByString=function(c){this.asn1Array.push(new KJUR.asn1.x509.AttributeTypeAndValue({str:c,rule:this.sRule}))};this.addByMultiValuedString=function(e){var c=KJUR.asn1.x509.RDN.parseString(e);for(var d=0;d0){for(var d=0;d0;g++){var k=j.shift();if(h===true){var f=c.pop();var d=(f+"+"+k).replace(/\\\+/g,"+");c.push(d);h=false}else{c.push(k)}if(k.substr(-1,1)==="\\"){h=true}}var l=false;var b=[];for(var g=0;c.length>0;g++){var k=c.shift();if(l===true){var e=b.pop();if(k.match(/"$/)){var d=(e+"+"+k).replace(/^([^=]+)="(.*)"$/,"$1=$2");b.push(d);l=false}else{b.push(e+"+"+k)}}else{b.push(k)}if(k.match(/^[^=]+="/)){l=true}}return b};KJUR.asn1.x509.AttributeTypeAndValue=function(c){KJUR.asn1.x509.AttributeTypeAndValue.superclass.constructor.call(this);this.sRule="utf8";this.sType=null;this.sValue=null;this.dsType=null;var a=KJUR,g=a.asn1,d=g.DERSequence,l=g.DERUTF8String,i=g.DERPrintableString,h=g.DERTeletexString,b=g.DERIA5String,e=g.DERVisibleString,k=g.DERBMPString,f=a.lang.String.isMail,j=a.lang.String.isPrintable;this.setByParam=function(o){if(o.rule!==undefined){this.sRule=o.rule}if(o.ds!==undefined){this.dsType=o.ds}if(o.value===undefined&&o.str!==undefined){var n=o.str;var m=n.match(/^([^=]+)=(.+)$/);if(m){this.sType=m[1];this.sValue=m[2]}else{throw new Error("malformed attrTypeAndValueStr: "+attrTypeAndValueStr)}}else{this.sType=o.type;this.sValue=o.value}};this.setByString=function(n,o){if(o!==undefined){this.sRule=o}var m=n.match(/^([^=]+)=(.+)$/);if(m){this.setByAttrTypeAndValueStr(m[1],m[2])}else{throw new Error("malformed attrTypeAndValueStr: "+attrTypeAndValueStr)}};this._getDsType=function(){var o=this.sType;var n=this.sValue;var m=this.sRule;if(m==="prn"){if(o=="CN"&&f(n)){return"ia5"}if(j(n)){return"prn"}return"utf8"}else{if(m==="utf8"){if(o=="CN"&&f(n)){return"ia5"}if(o=="C"){return"prn"}return"utf8"}}return"utf8"};this.setByAttrTypeAndValueStr=function(o,n,m){if(m!==undefined){this.sRule=m}this.sType=o;this.sValue=n};this.getValueObj=function(n,m){if(n=="utf8"){return new l({str:m})}if(n=="prn"){return new i({str:m})}if(n=="tel"){return new h({str:m})}if(n=="ia5"){return new b({str:m})}if(n=="vis"){return new e({str:m})}if(n=="bmp"){return new k({str:m})}throw new Error("unsupported directory string type: type="+n+" value="+m)};this.tohex=function(){if(this.dsType==null){this.dsType=this._getDsType()}var n=KJUR.asn1.x509.OID.atype2obj(this.sType);var m=this.getValueObj(this.dsType,this.sValue);var p=new d({array:[n,m]});this.TLV=p.tohex();return this.TLV};this.getEncodedHex=function(){return this.tohex()};if(c!==undefined){this.setByParam(c)}};extendClass(KJUR.asn1.x509.AttributeTypeAndValue,KJUR.asn1.ASN1Object);KJUR.asn1.x509.SubjectPublicKeyInfo=function(f){KJUR.asn1.x509.SubjectPublicKeyInfo.superclass.constructor.call(this);var l=null,k=null,a=KJUR,j=a.asn1,i=j.DERInteger,b=j.DERBitString,m=j.DERObjectIdentifier,e=j.DERSequence,h=j.ASN1Util.newObject,d=j.x509,o=d.AlgorithmIdentifier,g=a.crypto,n=g.ECDSA,c=g.DSA;this.getASN1Object=function(){if(this.asn1AlgId==null||this.asn1SubjPKey==null){throw"algId and/or subjPubKey not set"}var p=new e({array:[this.asn1AlgId,this.asn1SubjPKey]});return p};this.tohex=function(){var p=this.getASN1Object();this.hTLV=p.tohex();return this.hTLV};this.getEncodedHex=function(){return this.tohex()};this.setPubKey=function(q){try{if(q instanceof RSAKey){var u=h({seq:[{"int":{bigint:q.n}},{"int":{"int":q.e}}]});var s=u.tohex();this.asn1AlgId=new o({name:"rsaEncryption"});this.asn1SubjPKey=new b({hex:"00"+s})}}catch(p){}try{if(q instanceof KJUR.crypto.ECDSA){var r=new m({name:q.curveName});this.asn1AlgId=new o({name:"ecPublicKey",asn1params:r});this.asn1SubjPKey=new b({hex:"00"+q.pubKeyHex})}}catch(p){}try{if(q instanceof KJUR.crypto.DSA){var r=new h({seq:[{"int":{bigint:q.p}},{"int":{bigint:q.q}},{"int":{bigint:q.g}}]});this.asn1AlgId=new o({name:"dsa",asn1params:r});var t=new i({bigint:q.y});this.asn1SubjPKey=new b({hex:"00"+t.tohex()})}}catch(p){}};if(f!==undefined){this.setPubKey(f)}};extendClass(KJUR.asn1.x509.SubjectPublicKeyInfo,KJUR.asn1.ASN1Object);KJUR.asn1.x509.Time=function(f){KJUR.asn1.x509.Time.superclass.constructor.call(this);var e=null,a=null,d=KJUR,c=d.asn1,b=c.DERUTCTime,g=c.DERGeneralizedTime;this.params=null;this.type=null;this.setTimeParams=function(h){this.timeParams=h};this.setByParam=function(h){this.params=h};this.getType=function(h){if(h.match(/^[0-9]{12}Z$/)){return"utc"}if(h.match(/^[0-9]{14}Z$/)){return"gen"}if(h.match(/^[0-9]{12}\.[0-9]+Z$/)){return"utc"}if(h.match(/^[0-9]{14}\.[0-9]+Z$/)){return"gen"}return null};this.tohex=function(){var i=this.params;var h=null;if(typeof i=="string"){i={str:i}}if(i!=null&&i.str&&(i.type==null||i.type==undefined)){i.type=this.getType(i.str)}if(i!=null&&i.str){if(i.type=="utc"){h=new b(i.str)}if(i.type=="gen"){h=new g(i.str)}}else{if(this.type=="gen"){h=new g()}else{h=new b()}}if(h==null){throw new Error("wrong setting for Time")}this.TLV=h.tohex();return this.TLV};this.getEncodedHex=function(){return this.tohex()};if(f!=undefined){this.setByParam(f)}};KJUR.asn1.x509.Time_bak=function(f){KJUR.asn1.x509.Time_bak.superclass.constructor.call(this);var e=null,a=null,d=KJUR,c=d.asn1,b=c.DERUTCTime,g=c.DERGeneralizedTime;this.setTimeParams=function(h){this.timeParams=h};this.tohex=function(){var h=null;if(this.timeParams!=null){if(this.type=="utc"){h=new b(this.timeParams)}else{h=new g(this.timeParams)}}else{if(this.type=="utc"){h=new b()}else{h=new g()}}this.TLV=h.tohex();return this.TLV};this.getEncodedHex=function(){return this.tohex()};this.type="utc";if(f!==undefined){if(f.type!==undefined){this.type=f.type}else{if(f.str!==undefined){if(f.str.match(/^[0-9]{12}Z$/)){this.type="utc"}if(f.str.match(/^[0-9]{14}Z$/)){this.type="gen"}}}this.timeParams=f}};extendClass(KJUR.asn1.x509.Time,KJUR.asn1.ASN1Object);KJUR.asn1.x509.AlgorithmIdentifier=function(e){KJUR.asn1.x509.AlgorithmIdentifier.superclass.constructor.call(this);this.nameAlg=null;this.asn1Alg=null;this.asn1Params=null;this.paramEmpty=false;var b=KJUR,a=b.asn1,c=a.x509.AlgorithmIdentifier.PSSNAME2ASN1TLV;this.tohex=function(){if(this.nameAlg===null&&this.asn1Alg===null){throw new Error("algorithm not specified")}if(this.nameAlg!==null){var f=null;for(var h in c){if(h===this.nameAlg){f=c[h]}}if(f!==null){this.hTLV=f;return this.hTLV}}if(this.nameAlg!==null&&this.asn1Alg===null){this.asn1Alg=a.x509.OID.name2obj(this.nameAlg)}var g=[this.asn1Alg];if(this.asn1Params!==null){g.push(this.asn1Params)}var i=new a.DERSequence({array:g});this.hTLV=i.tohex();return this.hTLV};this.getEncodedHex=function(){return this.tohex()};if(e!==undefined){if(e.name!==undefined){this.nameAlg=e.name}if(e.asn1params!==undefined){this.asn1Params=e.asn1params}if(e.paramempty!==undefined){this.paramEmpty=e.paramempty}}if(this.asn1Params===null&&this.paramEmpty===false&&this.nameAlg!==null){if(this.nameAlg.name!==undefined){this.nameAlg=this.nameAlg.name}var d=this.nameAlg.toLowerCase();if(d.substr(-7,7)!=="withdsa"&&d.substr(-9,9)!=="withecdsa"){this.asn1Params=new a.DERNull()}}};extendClass(KJUR.asn1.x509.AlgorithmIdentifier,KJUR.asn1.ASN1Object);KJUR.asn1.x509.AlgorithmIdentifier.PSSNAME2ASN1TLV={SHAwithRSAandMGF1:"300d06092a864886f70d01010a3000",SHA256withRSAandMGF1:"303d06092a864886f70d01010a3030a00d300b0609608648016503040201a11a301806092a864886f70d010108300b0609608648016503040201a203020120",SHA384withRSAandMGF1:"303d06092a864886f70d01010a3030a00d300b0609608648016503040202a11a301806092a864886f70d010108300b0609608648016503040202a203020130",SHA512withRSAandMGF1:"303d06092a864886f70d01010a3030a00d300b0609608648016503040203a11a301806092a864886f70d010108300b0609608648016503040203a203020140"};KJUR.asn1.x509.GeneralName=function(f){KJUR.asn1.x509.GeneralName.superclass.constructor.call(this);var l={rfc822:"81",dns:"82",dn:"a4",uri:"86",ip:"87",otherName:"a0"},b=KJUR,h=b.asn1,d=h.x509,a=d.X500Name,g=d.OtherName,e=h.DERIA5String,i=h.DERPrintableString,k=h.DEROctetString,c=h.DERTaggedObject,m=h.ASN1Object,j=Error;this.params=null;this.setByParam=function(n){this.params=n};this.tohex=function(){var p=this.params;var A,y,q;var y=false;if(p.other!==undefined){A="a0",q=new g(p.other)}else{if(p.rfc822!==undefined){A="81";q=new e({str:p.rfc822})}else{if(p.dns!==undefined){A="82";q=new e({str:p.dns})}else{if(p.dn!==undefined){A="a4";y=true;if(typeof p.dn==="string"){q=new a({str:p.dn})}else{if(p.dn instanceof KJUR.asn1.x509.X500Name){q=p.dn}else{q=new a(p.dn)}}}else{if(p.ldapdn!==undefined){A="a4";y=true;q=new a({ldapstr:p.ldapdn})}else{if(p.certissuer!==undefined||p.certsubj!==undefined){A="a4";y=true;var n,o;var z=null;if(p.certsubj!==undefined){n=false;o=p.certsubj}else{n=true;o=p.certissuer}if(o.match(/^[0-9A-Fa-f]+$/)){z==o}if(o.indexOf("-----BEGIN ")!=-1){z=pemtohex(o)}if(z==null){throw new Error("certsubj/certissuer not cert")}var w=new X509();w.hex=z;var s;if(n){s=w.getIssuerHex()}else{s=w.getSubjectHex()}q=new m();q.hTLV=s}else{if(p.uri!==undefined){A="86";q=new e({str:p.uri})}else{if(p.ip!==undefined){A="87";var v;var t=p.ip;try{if(t.match(/^[0-9a-f]+$/)){var r=t.length;if(r==8||r==16||r==32||r==64){v=t}else{throw"err"}}else{v=iptohex(t)}}catch(u){throw new j("malformed IP address: "+p.ip+":"+u.message)}q=new k({hex:v})}else{throw new j("improper params")}}}}}}}}var B=new c({tag:A,explicit:y,obj:q});return B.tohex()};this.getEncodedHex=function(){return this.tohex()};if(f!==undefined){this.setByParam(f)}};extendClass(KJUR.asn1.x509.GeneralName,KJUR.asn1.ASN1Object);KJUR.asn1.x509.GeneralNames=function(d){KJUR.asn1.x509.GeneralNames.superclass.constructor.call(this);var a=null,c=KJUR,b=c.asn1;this.setByParamArray=function(g){for(var e=0;e0){n.push(new c({tag:"a3",obj:new j(q.ext)}))}var o=new KJUR.asn1.DERSequence({array:n});return o.tohex()};this.getEncodedHex=function(){return this.tohex()};if(f!==undefined){this.setByParam(f)}};extendClass(KJUR.asn1.x509.TBSCertificate,KJUR.asn1.ASN1Object);KJUR.asn1.x509.Extensions=function(d){KJUR.asn1.x509.Extensions.superclass.constructor.call(this);var c=KJUR,b=c.asn1,a=b.DERSequence,e=b.x509;this.aParam=[];this.setByParam=function(f){this.aParam=f};this.tohex=function(){var f=[];for(var h=0;h-1){i.push(new f({"int":this.pathLen}))}var h=new b({array:i});this.asn1ExtnValue=h;return this.asn1ExtnValue.tohex()};this.oid="2.5.29.19";this.cA=false;this.pathLen=-1;if(g!==undefined){if(g.cA!==undefined){this.cA=g.cA}if(g.pathLen!==undefined){this.pathLen=g.pathLen}}};extendClass(KJUR.asn1.x509.BasicConstraints,KJUR.asn1.x509.Extension);KJUR.asn1.x509.CRLDistributionPoints=function(d){KJUR.asn1.x509.CRLDistributionPoints.superclass.constructor.call(this,d);var b=KJUR,a=b.asn1,c=a.x509;this.getExtnValueHex=function(){return this.asn1ExtnValue.tohex()};this.setByDPArray=function(e){var f=[];for(var g=0;g0){f.push(new b({array:j}))}}var g=new b({array:f});return g.tohex()};this.getEncodedHex=function(){return this.tohex()};if(d!==undefined){this.params=d}};extendClass(KJUR.asn1.x509.PolicyInformation,KJUR.asn1.ASN1Object);KJUR.asn1.x509.PolicyQualifierInfo=function(e){KJUR.asn1.x509.PolicyQualifierInfo.superclass.constructor.call(this,e);var c=KJUR.asn1,b=c.DERSequence,d=c.DERIA5String,f=c.DERObjectIdentifier,a=c.x509.UserNotice;this.params=null;this.tohex=function(){if(this.params.cps!==undefined){var g=new b({array:[new f({oid:"1.3.6.1.5.5.7.2.1"}),new d({str:this.params.cps})]});return g.tohex()}if(this.params.unotice!=undefined){var g=new b({array:[new f({oid:"1.3.6.1.5.5.7.2.2"}),new a(this.params.unotice)]});return g.tohex()}};this.getEncodedHex=function(){return this.tohex()};if(e!==undefined){this.params=e}};extendClass(KJUR.asn1.x509.PolicyQualifierInfo,KJUR.asn1.ASN1Object);KJUR.asn1.x509.UserNotice=function(e){KJUR.asn1.x509.UserNotice.superclass.constructor.call(this,e);var a=KJUR.asn1.DERSequence,d=KJUR.asn1.DERInteger,c=KJUR.asn1.x509.DisplayText,b=KJUR.asn1.x509.NoticeReference;this.params=null;this.tohex=function(){var f=[];if(this.params.noticeref!==undefined){f.push(new b(this.params.noticeref))}if(this.params.exptext!==undefined){f.push(new c(this.params.exptext))}var g=new a({array:f});return g.tohex()};this.getEncodedHex=function(){return this.tohex()};if(e!==undefined){this.params=e}};extendClass(KJUR.asn1.x509.UserNotice,KJUR.asn1.ASN1Object);KJUR.asn1.x509.NoticeReference=function(d){KJUR.asn1.x509.NoticeReference.superclass.constructor.call(this,d);var a=KJUR.asn1.DERSequence,c=KJUR.asn1.DERInteger,b=KJUR.asn1.x509.DisplayText;this.params=null;this.tohex=function(){var f=[];if(this.params.org!==undefined){f.push(new b(this.params.org))}if(this.params.noticenum!==undefined){var h=[];var e=this.params.noticenum;for(var j=0;j0){for(var g=0;g0;f++){var h=c.shift();if(e===true){var d=b.pop();var j=(d+","+h).replace(/\\,/g,",");b.push(j);e=false}else{b.push(h)}if(h.substr(-1,1)==="\\"){e=true}}b=b.map(function(a){return a.replace("/","\\/")});b.reverse();return"/"+b.join("/")};KJUR.asn1.x509.X500Name.ldapToOneline=function(a){return KJUR.asn1.x509.X500Name.ldapToCompat(a)};KJUR.asn1.x509.RDN=function(b){KJUR.asn1.x509.RDN.superclass.constructor.call(this);this.asn1Array=[];this.paramArray=[];this.sRule="utf8";var a=KJUR.asn1.x509.AttributeTypeAndValue;this.setByParam=function(c){if(c.rule!==undefined){this.sRule=c.rule}if(c.str!==undefined){this.addByMultiValuedString(c.str)}if(c.array!==undefined){this.paramArray=c.array}};this.addByString=function(c){this.asn1Array.push(new KJUR.asn1.x509.AttributeTypeAndValue({str:c,rule:this.sRule}))};this.addByMultiValuedString=function(e){var c=KJUR.asn1.x509.RDN.parseString(e);for(var d=0;d0){for(var d=0;d0;g++){var k=j.shift();if(h===true){var f=c.pop();var d=(f+"+"+k).replace(/\\\+/g,"+");c.push(d);h=false}else{c.push(k)}if(k.substr(-1,1)==="\\"){h=true}}var l=false;var b=[];for(var g=0;c.length>0;g++){var k=c.shift();if(l===true){var e=b.pop();if(k.match(/"$/)){var d=(e+"+"+k).replace(/^([^=]+)="(.*)"$/,"$1=$2");b.push(d);l=false}else{b.push(e+"+"+k)}}else{b.push(k)}if(k.match(/^[^=]+="/)){l=true}}return b};KJUR.asn1.x509.AttributeTypeAndValue=function(c){KJUR.asn1.x509.AttributeTypeAndValue.superclass.constructor.call(this);this.sRule="utf8";this.sType=null;this.sValue=null;this.dsType=null;var a=KJUR,g=a.asn1,d=g.DERSequence,l=g.DERUTF8String,i=g.DERPrintableString,h=g.DERTeletexString,b=g.DERIA5String,e=g.DERVisibleString,k=g.DERBMPString,f=a.lang.String.isMail,j=a.lang.String.isPrintable;this.setByParam=function(o){if(o.rule!==undefined){this.sRule=o.rule}if(o.ds!==undefined){this.dsType=o.ds}if(o.value===undefined&&o.str!==undefined){var n=o.str;var m=n.match(/^([^=]+)=(.+)$/);if(m){this.sType=m[1];this.sValue=m[2]}else{throw new Error("malformed attrTypeAndValueStr: "+attrTypeAndValueStr)}}else{this.sType=o.type;this.sValue=o.value}};this.setByString=function(n,o){if(o!==undefined){this.sRule=o}var m=n.match(/^([^=]+)=(.+)$/);if(m){this.setByAttrTypeAndValueStr(m[1],m[2])}else{throw new Error("malformed attrTypeAndValueStr: "+attrTypeAndValueStr)}};this._getDsType=function(){var o=this.sType;var n=this.sValue;var m=this.sRule;if(m==="prn"){if(o=="CN"&&f(n)){return"ia5"}if(j(n)){return"prn"}return"utf8"}else{if(m==="utf8"){if(o=="CN"&&f(n)){return"ia5"}if(o=="C"){return"prn"}return"utf8"}}return"utf8"};this.setByAttrTypeAndValueStr=function(o,n,m){if(m!==undefined){this.sRule=m}this.sType=o;this.sValue=n};this.getValueObj=function(n,m){if(n=="utf8"){return new l({str:m})}if(n=="prn"){return new i({str:m})}if(n=="tel"){return new h({str:m})}if(n=="ia5"){return new b({str:m})}if(n=="vis"){return new e({str:m})}if(n=="bmp"){return new k({str:m})}throw new Error("unsupported directory string type: type="+n+" value="+m)};this.tohex=function(){if(this.dsType==null){this.dsType=this._getDsType()}var n=KJUR.asn1.x509.OID.atype2obj(this.sType);var m=this.getValueObj(this.dsType,this.sValue);var p=new d({array:[n,m]});this.TLV=p.tohex();return this.TLV};this.getEncodedHex=function(){return this.tohex()};if(c!==undefined){this.setByParam(c)}};extendClass(KJUR.asn1.x509.AttributeTypeAndValue,KJUR.asn1.ASN1Object);KJUR.asn1.x509.SubjectPublicKeyInfo=function(f){KJUR.asn1.x509.SubjectPublicKeyInfo.superclass.constructor.call(this);var l=null,k=null,a=KJUR,j=a.asn1,i=j.DERInteger,b=j.DERBitString,m=j.DERObjectIdentifier,e=j.DERSequence,h=j.ASN1Util.newObject,d=j.x509,o=d.AlgorithmIdentifier,g=a.crypto,n=g.ECDSA,c=g.DSA;this.getASN1Object=function(){if(this.asn1AlgId==null||this.asn1SubjPKey==null){throw"algId and/or subjPubKey not set"}var p=new e({array:[this.asn1AlgId,this.asn1SubjPKey]});return p};this.tohex=function(){var p=this.getASN1Object();this.hTLV=p.tohex();return this.hTLV};this.getEncodedHex=function(){return this.tohex()};this.setPubKey=function(q){try{if(q instanceof RSAKey){var u=h({seq:[{"int":{bigint:q.n}},{"int":{"int":q.e}}]});var s=u.tohex();this.asn1AlgId=new o({name:"rsaEncryption"});this.asn1SubjPKey=new b({hex:"00"+s})}}catch(p){}try{if(q instanceof KJUR.crypto.ECDSA){var r=new m({name:q.curveName});this.asn1AlgId=new o({name:"ecPublicKey",asn1params:r});this.asn1SubjPKey=new b({hex:"00"+q.pubKeyHex})}}catch(p){}try{if(q instanceof KJUR.crypto.DSA){var r=new h({seq:[{"int":{bigint:q.p}},{"int":{bigint:q.q}},{"int":{bigint:q.g}}]});this.asn1AlgId=new o({name:"dsa",asn1params:r});var t=new i({bigint:q.y});this.asn1SubjPKey=new b({hex:"00"+t.tohex()})}}catch(p){}};if(f!==undefined){this.setPubKey(f)}};extendClass(KJUR.asn1.x509.SubjectPublicKeyInfo,KJUR.asn1.ASN1Object);KJUR.asn1.x509.Time=function(f){KJUR.asn1.x509.Time.superclass.constructor.call(this);var e=null,a=null,d=KJUR,c=d.asn1,b=c.DERUTCTime,g=c.DERGeneralizedTime;this.params=null;this.type=null;this.setTimeParams=function(h){this.timeParams=h};this.setByParam=function(h){this.params=h};this.getType=function(h){if(h.match(/^[0-9]{12}Z$/)){return"utc"}if(h.match(/^[0-9]{14}Z$/)){return"gen"}if(h.match(/^[0-9]{12}\.[0-9]+Z$/)){return"utc"}if(h.match(/^[0-9]{14}\.[0-9]+Z$/)){return"gen"}return null};this.tohex=function(){var i=this.params;var h=null;if(typeof i=="string"){i={str:i}}if(i!=null&&i.str&&(i.type==null||i.type==undefined)){i.type=this.getType(i.str)}if(i!=null&&i.str){if(i.type=="utc"){h=new b(i.str)}if(i.type=="gen"){h=new g(i.str)}}else{if(this.type=="gen"){h=new g()}else{h=new b()}}if(h==null){throw new Error("wrong setting for Time")}this.TLV=h.tohex();return this.TLV};this.getEncodedHex=function(){return this.tohex()};if(f!=undefined){this.setByParam(f)}};KJUR.asn1.x509.Time_bak=function(f){KJUR.asn1.x509.Time_bak.superclass.constructor.call(this);var e=null,a=null,d=KJUR,c=d.asn1,b=c.DERUTCTime,g=c.DERGeneralizedTime;this.setTimeParams=function(h){this.timeParams=h};this.tohex=function(){var h=null;if(this.timeParams!=null){if(this.type=="utc"){h=new b(this.timeParams)}else{h=new g(this.timeParams)}}else{if(this.type=="utc"){h=new b()}else{h=new g()}}this.TLV=h.tohex();return this.TLV};this.getEncodedHex=function(){return this.tohex()};this.type="utc";if(f!==undefined){if(f.type!==undefined){this.type=f.type}else{if(f.str!==undefined){if(f.str.match(/^[0-9]{12}Z$/)){this.type="utc"}if(f.str.match(/^[0-9]{14}Z$/)){this.type="gen"}}}this.timeParams=f}};extendClass(KJUR.asn1.x509.Time,KJUR.asn1.ASN1Object);KJUR.asn1.x509.AlgorithmIdentifier=function(e){KJUR.asn1.x509.AlgorithmIdentifier.superclass.constructor.call(this);this.nameAlg=null;this.asn1Alg=null;this.asn1Params=null;this.paramEmpty=false;var b=KJUR,a=b.asn1,c=a.x509.AlgorithmIdentifier.PSSNAME2ASN1TLV;this.tohex=function(){if(this.nameAlg===null&&this.asn1Alg===null){throw new Error("algorithm not specified")}if(this.nameAlg!==null){var f=null;for(var h in c){if(h===this.nameAlg){f=c[h]}}if(f!==null){this.hTLV=f;return this.hTLV}}if(this.nameAlg!==null&&this.asn1Alg===null){this.asn1Alg=a.x509.OID.name2obj(this.nameAlg)}var g=[this.asn1Alg];if(this.asn1Params!==null){g.push(this.asn1Params)}var i=new a.DERSequence({array:g});this.hTLV=i.tohex();return this.hTLV};this.getEncodedHex=function(){return this.tohex()};if(e!==undefined){if(e.name!==undefined){this.nameAlg=e.name}if(e.asn1params!==undefined){this.asn1Params=e.asn1params}if(e.paramempty!==undefined){this.paramEmpty=e.paramempty}}if(this.asn1Params===null&&this.paramEmpty===false&&this.nameAlg!==null){if(this.nameAlg.name!==undefined){this.nameAlg=this.nameAlg.name}var d=this.nameAlg.toLowerCase();if(d.substr(-7,7)!=="withdsa"&&d.substr(-9,9)!=="withecdsa"){this.asn1Params=new a.DERNull()}}};extendClass(KJUR.asn1.x509.AlgorithmIdentifier,KJUR.asn1.ASN1Object);KJUR.asn1.x509.AlgorithmIdentifier.PSSNAME2ASN1TLV={SHAwithRSAandMGF1:"300d06092a864886f70d01010a3000",SHA256withRSAandMGF1:"303d06092a864886f70d01010a3030a00d300b0609608648016503040201a11a301806092a864886f70d010108300b0609608648016503040201a203020120",SHA384withRSAandMGF1:"303d06092a864886f70d01010a3030a00d300b0609608648016503040202a11a301806092a864886f70d010108300b0609608648016503040202a203020130",SHA512withRSAandMGF1:"303d06092a864886f70d01010a3030a00d300b0609608648016503040203a11a301806092a864886f70d010108300b0609608648016503040203a203020140"};KJUR.asn1.x509.GeneralName=function(f){KJUR.asn1.x509.GeneralName.superclass.constructor.call(this);var l={rfc822:"81",dns:"82",dn:"a4",uri:"86",ip:"87",otherName:"a0"},b=KJUR,h=b.asn1,d=h.x509,a=d.X500Name,g=d.OtherName,e=h.DERIA5String,i=h.DERPrintableString,k=h.DEROctetString,c=h.DERTaggedObject,m=h.ASN1Object,j=Error;this.params=null;this.setByParam=function(n){this.params=n};this.tohex=function(){var p=this.params;var A,y,q;var y=false;if(p.other!==undefined){A="a0",q=new g(p.other)}else{if(p.rfc822!==undefined){A="81";q=new e({str:p.rfc822})}else{if(p.dns!==undefined){A="82";q=new e({str:p.dns})}else{if(p.dn!==undefined){A="a4";y=true;if(typeof p.dn==="string"){q=new a({str:p.dn})}else{if(p.dn instanceof KJUR.asn1.x509.X500Name){q=p.dn}else{q=new a(p.dn)}}}else{if(p.ldapdn!==undefined){A="a4";y=true;q=new a({ldapstr:p.ldapdn})}else{if(p.certissuer!==undefined||p.certsubj!==undefined){A="a4";y=true;var n,o;var z=null;if(p.certsubj!==undefined){n=false;o=p.certsubj}else{n=true;o=p.certissuer}if(o.match(/^[0-9A-Fa-f]+$/)){z==o}if(o.indexOf("-----BEGIN ")!=-1){z=pemtohex(o)}if(z==null){throw new Error("certsubj/certissuer not cert")}var w=new X509();w.hex=z;var s;if(n){s=w.getIssuerHex()}else{s=w.getSubjectHex()}q=new m();q.hTLV=s}else{if(p.uri!==undefined){A="86";q=new e({str:p.uri})}else{if(p.ip!==undefined){A="87";var v;var t=p.ip;try{if(t.match(/^[0-9a-f]+$/)){var r=t.length;if(r==8||r==16||r==32||r==64){v=t}else{throw"err"}}else{v=iptohex(t)}}catch(u){throw new j("malformed IP address: "+p.ip+":"+u.message)}q=new k({hex:v})}else{throw new j("improper params")}}}}}}}}var B=new c({tag:A,explicit:y,obj:q});return B.tohex()};this.getEncodedHex=function(){return this.tohex()};if(f!==undefined){this.setByParam(f)}};extendClass(KJUR.asn1.x509.GeneralName,KJUR.asn1.ASN1Object);KJUR.asn1.x509.GeneralNames=function(d){KJUR.asn1.x509.GeneralNames.superclass.constructor.call(this);var a=null,c=KJUR,b=c.asn1;this.setByParamArray=function(g){for(var e=0;e0){var m=b(n.valhex,q[0]);var p=j(m,0);var t=[];for(var o=0;o1){var r=b(n.valhex,q[1]);n.polhex=r}delete n.valhex};this.setSignaturePolicyIdentifier=function(s){var q=j(s.valhex,0);if(q.length>0){var r=l.getOID(s.valhex,q[0]);s.oid=r}if(q.length>1){var m=new a();var t=j(s.valhex,q[1]);var p=b(s.valhex,t[0]);var o=m.getAlgorithmIdentifierName(p);s.alg=o;var n=i(s.valhex,t[1]);s.hash=n}delete s.valhex};this.setSigningCertificateV2=function(o){var s=j(o.valhex,0);if(s.length>0){var n=b(o.valhex,s[0]);var r=j(n,0);var u=[];for(var q=0;q1){var t=b(o.valhex,s[1]);o.polhex=t}delete o.valhex};this.getESSCertID=function(o){var p={};var n=j(o,0);if(n.length>0){var q=i(o,n[0]);p.hash=q}if(n.length>1){var m=b(o,n[1]);var r=this.getIssuerSerial(m);if(r.serial!=undefined){p.serial=r.serial}if(r.issuer!=undefined){p.issuer=r.issuer}}return p};this.getESSCertIDv2=function(q){var s={};var p=j(q,0);if(p.length<1||3r+1){var m=b(q,p[r+1]);var t=this.getIssuerSerial(m);s.issuer=t.issuer;s.serial=t.serial}return s};this.getIssuerSerial=function(q){var r={};var n=j(q,0);var m=b(q,n[0]);var p=h.getGeneralNames(m);var o=p[0].dn;r.issuer=o;var s=i(q,n[1]);r.serial={hex:s};return r};this.getCertificateSet=function(p){var n=j(p,0);var m=[];for(var o=0;o=0;j--){l+=k[j]}return l}else{if(typeof n=="string"&&a[n]!=undefined){return namearraytobinstr([n],a)}else{if(typeof n=="object"&&n.length!=undefined){return namearraytobinstr(n,a)}else{throw new f("wrong params")}}}return};this.tohex=function(){var j=this.params;var i=this.getBinValue();return(new g({bin:i})).tohex()};this.getEncodedHex=function(){return this.tohex()};if(h!=undefined){this.setByParam(h)}};extendClass(KJUR.asn1.tsp.PKIFailureInfo,KJUR.asn1.ASN1Object);KJUR.asn1.tsp.AbstractTSAAdapter=function(a){this.getTSTHex=function(c,b){throw"not implemented yet"}};KJUR.asn1.tsp.SimpleTSAAdapter=function(e){var d=KJUR,c=d.asn1,a=c.tsp,b=d.crypto.Util.hashHex;a.SimpleTSAAdapter.superclass.constructor.call(this);this.params=null;this.serial=0;this.getTSTHex=function(g,f){var i=b(g,f);this.params.econtent.content.messageImprint={alg:f,hash:i};this.params.econtent.content.serial={"int":this.serial++};var h=Math.floor(Math.random()*1000000000);this.params.econtent.content.nonce={"int":h};var j=new a.TimeStampToken(this.params);return j.getContentInfoEncodedHex()};if(e!==undefined){this.params=e}};extendClass(KJUR.asn1.tsp.SimpleTSAAdapter,KJUR.asn1.tsp.AbstractTSAAdapter);KJUR.asn1.tsp.FixedTSAAdapter=function(e){var d=KJUR,c=d.asn1,a=c.tsp,b=d.crypto.Util.hashHex;a.FixedTSAAdapter.superclass.constructor.call(this);this.params=null;this.getTSTHex=function(g,f){var h=b(g,f);this.params.econtent.content.messageImprint={alg:f,hash:h};var i=new a.TimeStampToken(this.params);return i.getContentInfoEncodedHex()};if(e!==undefined){this.params=e}};extendClass(KJUR.asn1.tsp.FixedTSAAdapter,KJUR.asn1.tsp.AbstractTSAAdapter);KJUR.asn1.tsp.TSPUtil=new function(){};KJUR.asn1.tsp.TSPUtil.newTimeStampToken=function(a){return new KJUR.asn1.tsp.TimeStampToken(a)};KJUR.asn1.tsp.TSPUtil.parseTimeStampReq=function(a){var b=new KJUR.asn1.tsp.TSPParser();return b.getTimeStampReq(a)};KJUR.asn1.tsp.TSPUtil.parseMessageImprint=function(a){var b=new KJUR.asn1.tsp.TSPParser();return b.getMessageImprint(a)};KJUR.asn1.tsp.TSPParser=function(){var e=Error,a=X509,f=new a(),k=ASN1HEX,g=k.getV,b=k.getTLV,d=k.getIdxbyList,c=k.getTLVbyListEx,i=k.getChildIdx;var j=["granted","grantedWithMods","rejection","waiting","revocationWarning","revocationNotification"];var h={0:"badAlg",2:"badRequest",5:"badDataFormat",14:"timeNotAvailable",15:"unacceptedPolicy",16:"unacceptedExtension",17:"addInfoNotAvailable",25:"systemFailure"};this.getResponse=function(n){var l=i(n,0);if(l.length==1){return this.getPKIStatusInfo(b(n,l[0]))}else{if(l.length>1){var o=this.getPKIStatusInfo(b(n,l[0]));var m=b(n,l[1]);var p=this.getToken(m);p.statusinfo=o;return p}}};this.getToken=function(m){var l=new KJUR.asn1.cms.CMSParser;var n=l.getCMSSignedData(m);this.setTSTInfo(n);return n};this.setTSTInfo=function(l){var o=l.econtent;if(o.type=="tstinfo"){var n=o.content.hex;var m=this.getTSTInfo(n);o.content=m}};this.getTSTInfo=function(r){var x={};var s=i(r,0);var p=g(r,s[1]);x.policy=hextooid(p);var o=b(r,s[2]);x.messageImprint=this.getMessageImprint(o);var u=g(r,s[3]);x.serial={hex:u};var y=g(r,s[4]);x.genTime={str:hextoutf8(y)};var q=0;if(s.length>5&&r.substr(s[5],2)=="30"){var v=b(r,s[5]);x.accuracy=this.getAccuracy(v);q++}if(s.length>5+q&&r.substr(s[5+q],2)=="01"){var z=g(r,s[5+q]);if(z=="ff"){x.ordering=true}q++}if(s.length>5+q&&r.substr(s[5+q],2)=="02"){var n=g(r,s[5+q]);x.nonce={hex:n};q++}if(s.length>5+q&&r.substr(s[5+q],2)=="a0"){var m=b(r,s[5+q]);m="30"+m.substr(2);pGeneralNames=f.getGeneralNames(m);var t=pGeneralNames[0].dn;x.tsa=t;q++}if(s.length>5+q&&r.substr(s[5+q],2)=="a1"){var l=b(r,s[5+q]);l="30"+l.substr(2);var w=f.getExtParamArray(l);x.ext=w;q++}return x};this.getAccuracy=function(q){var r={};var o=i(q,0);for(var p=0;p1&&o.substr(r[1],2)=="30"){var m=b(o,r[1]);t.statusstr=this.getPKIFreeText(m);n++}if(r.length>n&&o.substr(r[1+n],2)=="03"){var q=b(o,r[1+n]);t.failinfo=this.getPKIFailureInfo(q)}return t};this.getPKIFreeText=function(n){var o=[];var l=i(n,0);for(var m=0;m>6);var i=128|(a&63);return hextoutf8(j.toString(16)+i.toString(16))}var j=224|((h&240)>>4);var i=128|((h&15)<<2)|((a&192)>>6);var g=128|(a&63);return hextoutf8(j.toString(16)+i.toString(16)+g.toString(16))}var c=d.match(/.{4}/g);var b=c.map(e);return b.join("")}function encodeURIComponentAll(a){var d=encodeURIComponent(a);var b="";for(var c=0;c"7"){return"00"+a}return a}function intarystrtohex(b){b=b.replace(/^\s*\[\s*/,"");b=b.replace(/\s*\]\s*$/,"");b=b.replace(/\s*/g,"");try{var c=b.split(/,/).map(function(g,e,h){var f=parseInt(g);if(f<0||255a.length){d=a.length}for(var b=0;b0){o=o+"."+k.join(".")}return o}catch(j){return null}}var strpad=function(c,b,a){if(a==undefined){a="0"}if(c.length>=b){return c}return new Array(b-c.length+1).join(a)+c};function bitstrtoint(e){if(e.length%2!=0){return -1}e=e.toLowerCase();if(e.match(/^[0-9a-f]+$/)==null){return -1}try{var a=e.substr(0,2);if(a=="00"){return parseInt(e.substr(2),16)}var b=parseInt(a,16);if(b>7){return -1}var g=e.substr(2);var d=parseInt(g,16).toString(2);if(d=="0"){d="00000000"}d=d.slice(0,0-b);var f=parseInt(d,2);if(f==NaN){return -1}return f}catch(c){return -1}}function inttobitstr(e){if(typeof e!="number"){return null}if(e<0){return null}var c=Number(e).toString(2);var b=8-c.length%8;if(b==8){b=0}c=c+strpad("",b,"0");var d=parseInt(c,2).toString(16);if(d.length%2==1){d="0"+d}var a="0"+b;return a+d}function bitstrtobinstr(g){if(typeof g!="string"){return null}if(g.length%2!=0){return null}if(!g.match(/^[0-9a-f]+$/)){return null}try{var c=parseInt(g.substr(0,2),16);if(c<0||7=0;a--){c+=b[a]}return c}function aryval(e,c,d){if(typeof e!="object"){return undefined}var c=String(c).split(".");for(var b=0;b>6);var i=128|(a&63);return hextoutf8(j.toString(16)+i.toString(16))}var j=224|((h&240)>>4);var i=128|((h&15)<<2)|((a&192)>>6);var g=128|(a&63);return hextoutf8(j.toString(16)+i.toString(16)+g.toString(16))}var c=d.match(/.{4}/g);var b=c.map(e);return b.join("")}function encodeURIComponentAll(a){var d=encodeURIComponent(a);var b="";for(var c=0;c"7"){return"00"+a}return a}function intarystrtohex(b){b=b.replace(/^\s*\[\s*/,"");b=b.replace(/\s*\]\s*$/,"");b=b.replace(/\s*/g,"");try{var c=b.split(/,/).map(function(g,e,h){var f=parseInt(g);if(f<0||255a.length){d=a.length}for(var b=0;b0){o=o+"."+k.join(".")}return o}catch(j){return null}}var strpad=function(c,b,a){if(a==undefined){a="0"}if(c.length>=b){return c}return new Array(b-c.length+1).join(a)+c};function bitstrtoint(e){if(e.length%2!=0){return -1}e=e.toLowerCase();if(e.match(/^[0-9a-f]+$/)==null){return -1}try{var a=e.substr(0,2);if(a=="00"){return parseInt(e.substr(2),16)}var b=parseInt(a,16);if(b>7){return -1}var g=e.substr(2);var d=parseInt(g,16).toString(2);if(d=="0"){d="00000000"}d=d.slice(0,0-b);var f=parseInt(d,2);if(f==NaN){return -1}return f}catch(c){return -1}}function inttobitstr(e){if(typeof e!="number"){return null}if(e<0){return null}var c=Number(e).toString(2);var b=8-c.length%8;if(b==8){b=0}c=c+strpad("",b,"0");var d=parseInt(c,2).toString(16);if(d.length%2==1){d="0"+d}var a="0"+b;return a+d}function bitstrtobinstr(g){if(typeof g!="string"){return null}if(g.length%2!=0){return null}if(!g.match(/^[0-9a-f]+$/)){return null}try{var c=parseInt(g.substr(0,2),16);if(c<0||7=0;a--){c+=b[a]}return c}function aryval(e,c,d){if(typeof e!="object"){return undefined}var c=String(c).split(".");for(var b=0;bd){throw"key is too short for SigAlg: keylen="+j+","+a}var b="0001";var k="00"+c;var g="";var l=d-b.length-k.length;for(var f=0;f=0;--u){v=v.twice2D();v.z=f.ONE;if(t.testBit(u)){if(s.testBit(u)){v=v.add2D(y)}else{v=v.add2D(x)}}else{if(s.testBit(u)){v=v.add2D(w)}}}return v}this.getBigRandom=function(r){return new f(r.bitLength(),a).mod(r.subtract(f.ONE)).add(f.ONE)};this.setNamedCurve=function(r){this.ecparams=c.getByName(r);this.prvKeyHex=null;this.pubKeyHex=null;this.curveName=r};this.setPrivateKeyHex=function(r){this.isPrivate=true;this.prvKeyHex=r};this.setPublicKeyHex=function(r){this.isPublic=true;this.pubKeyHex=r};this.getPublicKeyXYHex=function(){var t=this.pubKeyHex;if(t.substr(0,2)!=="04"){throw"this method supports uncompressed format(04) only"}var s=this.ecparams.keycharlen;if(t.length!==2+s*2){throw"malformed public key hex length"}var r={};r.x=t.substr(2,s);r.y=t.substr(2+s);return r};this.getShortNISTPCurveName=function(){var r=this.curveName;if(r==="secp256r1"||r==="NIST P-256"||r==="P-256"||r==="prime256v1"){return"P-256"}if(r==="secp384r1"||r==="NIST P-384"||r==="P-384"){return"P-384"}if(r==="secp521r1"||r==="NIST P-521"||r==="P-521"){return"P-521"}return null};this.generateKeyPairHex=function(){var s=this.ecparams.n;var u=this.getBigRandom(s);var r=this.ecparams.keycharlen;var t=("0000000000"+u.toString(16)).slice(-r);this.setPrivateKeyHex(t);var v=this.generatePublicKeyHex();return{ecprvhex:t,ecpubhex:v}};this.generatePublicKeyHex=function(){var u=new f(this.prvKeyHex,16);var w=this.ecparams.G.multiply(u);var t=w.getX().toBigInteger();var s=w.getY().toBigInteger();var r=this.ecparams.keycharlen;var y=("0000000000"+t.toString(16)).slice(-r);var v=("0000000000"+s.toString(16)).slice(-r);var x="04"+y+v;this.setPublicKeyHex(x);return x};this.signWithMessageHash=function(r){return this.signHex(r,this.prvKeyHex)};this.signHex=function(x,u){var A=new f(u,16);var v=this.ecparams.n;var z=new f(x.substring(0,this.ecparams.keycharlen),16);do{var w=this.getBigRandom(v);var B=this.ecparams.G;var y=B.multiply(w);var t=y.getX().toBigInteger().mod(v)}while(t.compareTo(f.ZERO)<=0);var C=w.modInverse(v).multiply(z.add(A.multiply(t))).mod(v);return m.biRSSigToASN1Sig(t,C)};this.sign=function(w,B){var z=B;var u=this.ecparams.n;var y=f.fromByteArrayUnsigned(w);do{var v=this.getBigRandom(u);var A=this.ecparams.G;var x=A.multiply(v);var t=x.getX().toBigInteger().mod(u)}while(t.compareTo(BigInteger.ZERO)<=0);var C=v.modInverse(u).multiply(y.add(z.multiply(t))).mod(u);return this.serializeSig(t,C)};this.verifyWithMessageHash=function(s,r){return this.verifyHex(s,r,this.pubKeyHex)};this.verifyHex=function(v,y,u){try{var t,B;var w=m.parseSigHex(y);t=w.r;B=w.s;var x=h.decodeFromHex(this.ecparams.curve,u);var z=new f(v.substring(0,this.ecparams.keycharlen),16);return this.verifyRaw(z,t,B,x)}catch(A){return false}};this.verify=function(z,A,u){var w,t;if(Bitcoin.Util.isArray(A)){var y=this.parseSig(A);w=y.r;t=y.s}else{if("object"===typeof A&&A.r&&A.s){w=A.r;t=A.s}else{throw"Invalid value for signature"}}var v;if(u instanceof ECPointFp){v=u}else{if(Bitcoin.Util.isArray(u)){v=h.decodeFrom(this.ecparams.curve,u)}else{throw"Invalid format for pubkey value, must be byte array or ECPointFp"}}var x=f.fromByteArrayUnsigned(z);return this.verifyRaw(x,w,t,v)};this.verifyRaw=function(z,t,E,y){var x=this.ecparams.n;var D=this.ecparams.G;if(t.compareTo(f.ONE)<0||t.compareTo(x)>=0){return false}if(E.compareTo(f.ONE)<0||E.compareTo(x)>=0){return false}var A=E.modInverse(x);var w=z.multiply(A).mod(x);var u=t.multiply(A).mod(x);var B=D.multiply(w).add(y.multiply(u));var C=B.getX().toBigInteger().mod(x);return C.equals(t)};this.serializeSig=function(v,u){var w=v.toByteArraySigned();var t=u.toByteArraySigned();var x=[];x.push(2);x.push(w.length);x=x.concat(w);x.push(2);x.push(t.length);x=x.concat(t);x.unshift(x.length);x.unshift(48);return x};this.parseSig=function(y){var x;if(y[0]!=48){throw new Error("Signature not a valid DERSequence")}x=2;if(y[x]!=2){throw new Error("First element in signature must be a DERInteger")}var w=y.slice(x+2,x+2+y[x+1]);x+=2+y[x+1];if(y[x]!=2){throw new Error("Second element in signature must be a DERInteger")}var t=y.slice(x+2,x+2+y[x+1]);x+=2+y[x+1];var v=f.fromByteArrayUnsigned(w);var u=f.fromByteArrayUnsigned(t);return{r:v,s:u}};this.parseSigCompact=function(w){if(w.length!==65){throw"Signature has the wrong length"}var t=w[0]-27;if(t<0||t>7){throw"Invalid signature type"}var x=this.ecparams.n;var v=f.fromByteArrayUnsigned(w.slice(1,33)).mod(x);var u=f.fromByteArrayUnsigned(w.slice(33,65)).mod(x);return{r:v,s:u,i:t}};this.readPKCS5PrvKeyHex=function(u){if(k(u)===false){throw new Error("not ASN.1 hex string")}var r,t,v;try{r=n(u,0,["[0]",0],"06");t=n(u,0,[1],"04");try{v=n(u,0,["[1]",0],"03")}catch(s){}}catch(s){throw new Error("malformed PKCS#1/5 plain ECC private key")}this.curveName=d(r);if(this.curveName===undefined){throw"unsupported curve name"}this.setNamedCurve(this.curveName);this.setPublicKeyHex(v);this.setPrivateKeyHex(t);this.isPublic=false};this.readPKCS8PrvKeyHex=function(v){if(k(v)===false){throw new j("not ASN.1 hex string")}var t,r,u,w;try{t=n(v,0,[1,0],"06");r=n(v,0,[1,1],"06");u=n(v,0,[2,0,1],"04");try{w=n(v,0,[2,0,"[1]",0],"03")}catch(s){}}catch(s){throw new j("malformed PKCS#8 plain ECC private key")}this.curveName=d(r);if(this.curveName===undefined){throw new j("unsupported curve name")}this.setNamedCurve(this.curveName);this.setPublicKeyHex(w);this.setPrivateKeyHex(u);this.isPublic=false};this.readPKCS8PubKeyHex=function(u){if(k(u)===false){throw new j("not ASN.1 hex string")}var t,r,v;try{t=n(u,0,[0,0],"06");r=n(u,0,[0,1],"06");v=n(u,0,[1],"03")}catch(s){throw new j("malformed PKCS#8 ECC public key")}this.curveName=d(r);if(this.curveName===null){throw new j("unsupported curve name")}this.setNamedCurve(this.curveName);this.setPublicKeyHex(v)};this.readCertPubKeyHex=function(t,v){if(k(t)===false){throw new j("not ASN.1 hex string")}var r,u;try{r=n(t,0,[0,5,0,1],"06");u=n(t,0,[0,5,1],"03")}catch(s){throw new j("malformed X.509 certificate ECC public key")}this.curveName=d(r);if(this.curveName===null){throw new j("unsupported curve name")}this.setNamedCurve(this.curveName);this.setPublicKeyHex(u)};if(e!==undefined){if(e.curve!==undefined){this.curveName=e.curve}}if(this.curveName===undefined){this.curveName=g}this.setNamedCurve(this.curveName);if(e!==undefined){if(e.prv!==undefined){this.setPrivateKeyHex(e.prv)}if(e.pub!==undefined){this.setPublicKeyHex(e.pub)}}};KJUR.crypto.ECDSA.parseSigHex=function(a){var b=KJUR.crypto.ECDSA.parseSigHexInHexRS(a);var d=new BigInteger(b.r,16);var c=new BigInteger(b.s,16);return{r:d,s:c}};KJUR.crypto.ECDSA.parseSigHexInHexRS=function(f){var j=ASN1HEX,i=j.getChildIdx,g=j.getV;j.checkStrictDER(f,0);if(f.substr(0,2)!="30"){throw new Error("signature is not a ASN.1 sequence")}var h=i(f,0);if(h.length!=2){throw new Error("signature shall have two elements")}var e=h[0];var d=h[1];if(f.substr(e,2)!="02"){throw new Error("1st item not ASN.1 integer")}if(f.substr(d,2)!="02"){throw new Error("2nd item not ASN.1 integer")}var c=g(f,e);var b=g(f,d);return{r:c,s:b}};KJUR.crypto.ECDSA.asn1SigToConcatSig=function(d){var e=KJUR.crypto.ECDSA.parseSigHexInHexRS(d);var b=e.r;var a=e.s;if(b.length>=130&&b.length<=134){if(b.length%2!=0){throw Error("unknown ECDSA sig r length error")}if(a.length%2!=0){throw Error("unknown ECDSA sig s length error")}if(b.substr(0,2)=="00"){b=b.substr(2)}if(a.substr(0,2)=="00"){a=a.substr(2)}var c=Math.max(b.length,a.length);b=("000000"+b).slice(-c);a=("000000"+a).slice(-c);return b+a}if(b.substr(0,2)=="00"&&(b.length%32)==2){b=b.substr(2)}if(a.substr(0,2)=="00"&&(a.length%32)==2){a=a.substr(2)}if((b.length%32)==30){b="00"+b}if((a.length%32)==30){a="00"+a}if(b.length%32!=0){throw Error("unknown ECDSA sig r length error")}if(a.length%32!=0){throw Error("unknown ECDSA sig s length error")}return b+a};KJUR.crypto.ECDSA.concatSigToASN1Sig=function(a){if(a.length%4!=0){throw Error("unknown ECDSA concatinated r-s sig length error")}var c=a.substr(0,a.length/2);var b=a.substr(a.length/2);return KJUR.crypto.ECDSA.hexRSSigToASN1Sig(c,b)};KJUR.crypto.ECDSA.hexRSSigToASN1Sig=function(b,a){var d=new BigInteger(b,16);var c=new BigInteger(a,16);return KJUR.crypto.ECDSA.biRSSigToASN1Sig(d,c)};KJUR.crypto.ECDSA.biRSSigToASN1Sig=function(f,d){var c=KJUR.asn1;var b=new c.DERInteger({bigint:f});var a=new c.DERInteger({bigint:d});var e=new c.DERSequence({array:[b,a]});return e.tohex()};KJUR.crypto.ECDSA.getName=function(a){if(a==="2b8104001f"){return"secp192k1"}if(a==="2a8648ce3d030107"){return"secp256r1"}if(a==="2b8104000a"){return"secp256k1"}if(a==="2b81040021"){return"secp224r1"}if(a==="2b81040022"){return"secp384r1"}if(a==="2b81040023"){return"secp521r1"}if("|secp256r1|NIST P-256|P-256|prime256v1|".indexOf(a)!==-1){return"secp256r1"}if("|secp256k1|".indexOf(a)!==-1){return"secp256k1"}if("|secp224r1|NIST P-224|P-224|".indexOf(a)!==-1){return"secp224r1"}if("|secp384r1|NIST P-384|P-384|".indexOf(a)!==-1){return"secp384r1"}if("|secp521r1|NIST P-521|P-521|".indexOf(a)!==-1){return"secp521r1"}return null}; if(typeof KJUR=="undefined"||!KJUR){KJUR={}}if(typeof KJUR.crypto=="undefined"||!KJUR.crypto){KJUR.crypto={}}KJUR.crypto.ECParameterDB=new function(){var b={};var c={};function a(d){return new BigInteger(d,16)}this.getByName=function(e){var d=e;if(typeof c[d]!="undefined"){d=c[e]}if(typeof b[d]!="undefined"){return b[d]}throw"unregistered EC curve name: "+d};this.regist=function(A,l,o,g,m,e,j,f,k,u,d,x){b[A]={};var s=a(o);var z=a(g);var y=a(m);var t=a(e);var w=a(j);var r=new ECCurveFp(s,z,y);var q=r.decodePointHex("04"+f+k);b[A]["name"]=A;b[A]["keylen"]=l;b[A]["keycharlen"]=Math.ceil(l/8)*2;b[A]["curve"]=r;b[A]["G"]=q;b[A]["n"]=t;b[A]["h"]=w;b[A]["oid"]=d;b[A]["info"]=x;for(var v=0;v=u*2){break}}var z={};z.keyhex=x.substr(0,i[q]["keylen"]*2);z.ivhex=x.substr(i[q]["keylen"]*2,i[q]["ivlen"]*2);return z};var b=function(p,v,r,w){var s=CryptoJS.enc.Base64.parse(p);var q=CryptoJS.enc.Hex.stringify(s);var u=i[v]["proc"];var t=u(q,r,w);return t};var h=function(p,s,q,u){var r=i[s]["eproc"];var t=r(p,q,u);return t};return{version:"1.0.0",parsePKCS5PEM:function(p){return n(p)},getKeyAndUnusedIvByPasscodeAndIvsalt:function(q,p,r){return j(q,p,r)},decryptKeyB64:function(p,r,q,s){return b(p,r,q,s)},getDecryptedKeyHex:function(y,x){var q=n(y);var t=q.type;var r=q.cipher;var p=q.ivsalt;var s=q.data;var w=j(r,x,p);var v=w.keyhex;var u=b(s,r,v,p);return u},getEncryptedPKCS5PEMFromPrvKeyHex:function(x,s,A,t,r){var p="";if(typeof t=="undefined"||t==null){t="AES-256-CBC"}if(typeof i[t]=="undefined"){throw new Error("KEYUTIL unsupported algorithm: "+t)}if(typeof r=="undefined"||r==null){var v=i[t]["ivlen"];var u=m(v);r=u.toUpperCase()}var z=j(t,A,r);var y=z.keyhex;var w=h(s,t,y,r);var q=w.replace(/(.{64})/g,"$1\r\n");var p="-----BEGIN "+x+" PRIVATE KEY-----\r\n";p+="Proc-Type: 4,ENCRYPTED\r\n";p+="DEK-Info: "+t+","+r+"\r\n";p+="\r\n";p+=q;p+="\r\n-----END "+x+" PRIVATE KEY-----\r\n";return p},parseHexOfEncryptedPKCS8:function(y){var B=ASN1HEX;var z=B.getChildIdx;var w=B.getV;var t={};var r=z(y,0);if(r.length!=2){throw new Error("malformed format: SEQUENCE(0).items != 2: "+r.length)}t.ciphertext=w(y,r[1]);var A=z(y,r[0]);if(A.length!=2){throw new Error("malformed format: SEQUENCE(0.0).items != 2: "+A.length)}if(w(y,A[0])!="2a864886f70d01050d"){throw new Error("this only supports pkcs5PBES2")}var p=z(y,A[1]);if(A.length!=2){throw new Error("malformed format: SEQUENCE(0.0.1).items != 2: "+p.length)}var q=z(y,p[1]);if(q.length!=2){throw new Error("malformed format: SEQUENCE(0.0.1.1).items != 2: "+q.length)}if(w(y,q[0])!="2a864886f70d0307"){throw"this only supports TripleDES"}t.encryptionSchemeAlg="TripleDES";t.encryptionSchemeIV=w(y,q[1]);var s=z(y,p[0]);if(s.length!=2){throw new Error("malformed format: SEQUENCE(0.0.1.0).items != 2: "+s.length)}if(w(y,s[0])!="2a864886f70d01050c"){throw new Error("this only supports pkcs5PBKDF2")}var x=z(y,s[1]);if(x.length<2){throw new Error("malformed format: SEQUENCE(0.0.1.0.1).items < 2: "+x.length)}t.pbkdf2Salt=w(y,x[0]);var u=w(y,x[1]);try{t.pbkdf2Iter=parseInt(u,16)}catch(v){throw new Error("malformed format pbkdf2Iter: "+u)}return t},getPBKDF2KeyHexFromParam:function(u,p){var t=CryptoJS.enc.Hex.parse(u.pbkdf2Salt);var q=u.pbkdf2Iter;var s=CryptoJS.PBKDF2(p,t,{keySize:192/32,iterations:q});var r=CryptoJS.enc.Hex.stringify(s);return r},_getPlainPKCS8HexFromEncryptedPKCS8PEM:function(x,y){var r=pemtohex(x,"ENCRYPTED PRIVATE KEY");var p=this.parseHexOfEncryptedPKCS8(r);var u=KEYUTIL.getPBKDF2KeyHexFromParam(p,y);var v={};v.ciphertext=CryptoJS.enc.Hex.parse(p.ciphertext);var t=CryptoJS.enc.Hex.parse(u);var s=CryptoJS.enc.Hex.parse(p.encryptionSchemeIV);var w=CryptoJS.TripleDES.decrypt(v,t,{iv:s});var q=CryptoJS.enc.Hex.stringify(w);return q},getKeyFromEncryptedPKCS8PEM:function(s,q){var p=this._getPlainPKCS8HexFromEncryptedPKCS8PEM(s,q);var r=this.getKeyFromPlainPrivatePKCS8Hex(p);return r},parsePlainPrivatePKCS8Hex:function(s){var v=ASN1HEX;var u=v.getChildIdx;var t=v.getV;var q={};q.algparam=null;if(s.substr(0,2)!="30"){throw new Error("malformed plain PKCS8 private key(code:001)")}var r=u(s,0);if(r.length<3){throw new Error("malformed plain PKCS8 private key(code:002)")}if(s.substr(r[1],2)!="30"){throw new Error("malformed PKCS8 private key(code:003)")}var p=u(s,r[1]);if(p.length!=2){throw new Error("malformed PKCS8 private key(code:004)")}if(s.substr(p[0],2)!="06"){throw new Error("malformed PKCS8 private key(code:005)")}q.algoid=t(s,p[0]);if(s.substr(p[1],2)=="06"){q.algparam=t(s,p[1])}if(s.substr(r[2],2)!="04"){throw new Error("malformed PKCS8 private key(code:006)")}q.keyidx=v.getVidx(s,r[2]);return q},getKeyFromPlainPrivatePKCS8PEM:function(q){var p=pemtohex(q,"PRIVATE KEY");var r=this.getKeyFromPlainPrivatePKCS8Hex(p);return r},getKeyFromPlainPrivatePKCS8Hex:function(p){var q=this.parsePlainPrivatePKCS8Hex(p);var r;if(q.algoid=="2a864886f70d010101"){r=new RSAKey()}else{if(q.algoid=="2a8648ce380401"){r=new KJUR.crypto.DSA()}else{if(q.algoid=="2a8648ce3d0201"){r=new KJUR.crypto.ECDSA()}else{throw new Error("unsupported private key algorithm")}}}r.readPKCS8PrvKeyHex(p);return r},_getKeyFromPublicPKCS8Hex:function(q){var p;var r=ASN1HEX.getVbyList(q,0,[0,0],"06");if(r==="2a864886f70d010101"){p=new RSAKey()}else{if(r==="2a8648ce380401"){p=new KJUR.crypto.DSA()}else{if(r==="2a8648ce3d0201"){p=new KJUR.crypto.ECDSA()}else{throw new Error("unsupported PKCS#8 public key hex")}}}p.readPKCS8PubKeyHex(q);return p},parsePublicRawRSAKeyHex:function(r){var u=ASN1HEX;var t=u.getChildIdx;var s=u.getV;var p={};if(r.substr(0,2)!="30"){throw new Error("malformed RSA key(code:001)")}var q=t(r,0);if(q.length!=2){throw new Error("malformed RSA key(code:002)")}if(r.substr(q[0],2)!="02"){throw new Error("malformed RSA key(code:003)")}p.n=s(r,q[0]);if(r.substr(q[1],2)!="02"){throw new Error("malformed RSA key(code:004)")}p.e=s(r,q[1]);return p},parsePublicPKCS8Hex:function(t){var v=ASN1HEX;var u=v.getChildIdx;var s=v.getV;var q={};q.algparam=null;var r=u(t,0);if(r.length!=2){throw new Error("outer DERSequence shall have 2 elements: "+r.length)}var w=r[0];if(t.substr(w,2)!="30"){throw new Error("malformed PKCS8 public key(code:001)")}var p=u(t,w);if(p.length!=2){throw new Error("malformed PKCS8 public key(code:002)")}if(t.substr(p[0],2)!="06"){throw new Error("malformed PKCS8 public key(code:003)")}q.algoid=s(t,p[0]);if(t.substr(p[1],2)=="06"){q.algparam=s(t,p[1])}else{if(t.substr(p[1],2)=="30"){q.algparam={};q.algparam.p=v.getVbyList(t,p[1],[0],"02");q.algparam.q=v.getVbyList(t,p[1],[1],"02");q.algparam.g=v.getVbyList(t,p[1],[2],"02")}}if(t.substr(r[1],2)!="03"){throw new Error("malformed PKCS8 public key(code:004)")}q.key=s(t,r[1]).substr(2);return q},}}();KEYUTIL.getKey=function(l,k,n){var G=ASN1HEX,L=G.getChildIdx,v=G.getV,d=G.getVbyList,c=KJUR.crypto,i=c.ECDSA,C=c.DSA,w=RSAKey,M=pemtohex,F=KEYUTIL;if(typeof w!="undefined"&&l instanceof w){return l}if(typeof i!="undefined"&&l instanceof i){return l}if(typeof C!="undefined"&&l instanceof C){return l}if(l.curve!==undefined&&l.xy!==undefined&&l.d===undefined){return new i({pub:l.xy,curve:l.curve})}if(l.curve!==undefined&&l.d!==undefined){return new i({prv:l.d,curve:l.curve})}if(l.kty===undefined&&l.n!==undefined&&l.e!==undefined&&l.d===undefined){var P=new w();P.setPublic(l.n,l.e);return P}if(l.kty===undefined&&l.n!==undefined&&l.e!==undefined&&l.d!==undefined&&l.p!==undefined&&l.q!==undefined&&l.dp!==undefined&&l.dq!==undefined&&l.co!==undefined&&l.qi===undefined){var P=new w();P.setPrivateEx(l.n,l.e,l.d,l.p,l.q,l.dp,l.dq,l.co);return P}if(l.kty===undefined&&l.n!==undefined&&l.e!==undefined&&l.d!==undefined&&l.p===undefined){var P=new w();P.setPrivate(l.n,l.e,l.d);return P}if(l.p!==undefined&&l.q!==undefined&&l.g!==undefined&&l.y!==undefined&&l.x===undefined){var P=new C();P.setPublic(l.p,l.q,l.g,l.y);return P}if(l.p!==undefined&&l.q!==undefined&&l.g!==undefined&&l.y!==undefined&&l.x!==undefined){var P=new C();P.setPrivate(l.p,l.q,l.g,l.y,l.x);return P}if(l.kty==="RSA"&&l.n!==undefined&&l.e!==undefined&&l.d===undefined){var P=new w();P.setPublic(b64utohex(l.n),b64utohex(l.e));return P}if(l.kty==="RSA"&&l.n!==undefined&&l.e!==undefined&&l.d!==undefined&&l.p!==undefined&&l.q!==undefined&&l.dp!==undefined&&l.dq!==undefined&&l.qi!==undefined){var P=new w();P.setPrivateEx(b64utohex(l.n),b64utohex(l.e),b64utohex(l.d),b64utohex(l.p),b64utohex(l.q),b64utohex(l.dp),b64utohex(l.dq),b64utohex(l.qi));return P}if(l.kty==="RSA"&&l.n!==undefined&&l.e!==undefined&&l.d!==undefined){var P=new w();P.setPrivate(b64utohex(l.n),b64utohex(l.e),b64utohex(l.d));return P}if(l.kty==="EC"&&l.crv!==undefined&&l.x!==undefined&&l.y!==undefined&&l.d===undefined){var j=new i({curve:l.crv});var t=j.ecparams.keycharlen;var B=("0000000000"+b64utohex(l.x)).slice(-t);var z=("0000000000"+b64utohex(l.y)).slice(-t);var u="04"+B+z;j.setPublicKeyHex(u);return j}if(l.kty==="EC"&&l.crv!==undefined&&l.x!==undefined&&l.y!==undefined&&l.d!==undefined){var j=new i({curve:l.crv});var t=j.ecparams.keycharlen;var B=("0000000000"+b64utohex(l.x)).slice(-t);var z=("0000000000"+b64utohex(l.y)).slice(-t);var u="04"+B+z;var b=("0000000000"+b64utohex(l.d)).slice(-t);j.setPublicKeyHex(u);j.setPrivateKeyHex(b);return j}if(n==="pkcs5prv"){var J=l,G=ASN1HEX,N,P;N=L(J,0);if(N.length===9){P=new w();P.readPKCS5PrvKeyHex(J)}else{if(N.length===6){P=new C();P.readPKCS5PrvKeyHex(J)}else{if(N.length>2&&J.substr(N[1],2)==="04"){P=new i();P.readPKCS5PrvKeyHex(J)}else{throw new Error("unsupported PKCS#1/5 hexadecimal key")}}}return P}if(n==="pkcs8prv"){var P=F.getKeyFromPlainPrivatePKCS8Hex(l);return P}if(n==="pkcs8pub"){return F._getKeyFromPublicPKCS8Hex(l)}if(n==="x509pub"){return X509.getPublicKeyFromCertHex(l)}if(l.indexOf("-END CERTIFICATE-",0)!=-1||l.indexOf("-END X509 CERTIFICATE-",0)!=-1||l.indexOf("-END TRUSTED CERTIFICATE-",0)!=-1){return X509.getPublicKeyFromCertPEM(l)}if(l.indexOf("-END PUBLIC KEY-")!=-1){var O=pemtohex(l,"PUBLIC KEY");return F._getKeyFromPublicPKCS8Hex(O)}if(l.indexOf("-END RSA PRIVATE KEY-")!=-1&&l.indexOf("4,ENCRYPTED")==-1){var m=M(l,"RSA PRIVATE KEY");return F.getKey(m,null,"pkcs5prv")}if(l.indexOf("-END DSA PRIVATE KEY-")!=-1&&l.indexOf("4,ENCRYPTED")==-1){var I=M(l,"DSA PRIVATE KEY");var E=d(I,0,[1],"02");var D=d(I,0,[2],"02");var K=d(I,0,[3],"02");var r=d(I,0,[4],"02");var s=d(I,0,[5],"02");var P=new C();P.setPrivate(new BigInteger(E,16),new BigInteger(D,16),new BigInteger(K,16),new BigInteger(r,16),new BigInteger(s,16));return P}if(l.indexOf("-END EC PRIVATE KEY-")!=-1&&l.indexOf("4,ENCRYPTED")==-1){var m=M(l,"EC PRIVATE KEY");return F.getKey(m,null,"pkcs5prv")}if(l.indexOf("-END PRIVATE KEY-")!=-1){return F.getKeyFromPlainPrivatePKCS8PEM(l)}if(l.indexOf("-END RSA PRIVATE KEY-")!=-1&&l.indexOf("4,ENCRYPTED")!=-1){var o=F.getDecryptedKeyHex(l,k);var H=new RSAKey();H.readPKCS5PrvKeyHex(o);return H}if(l.indexOf("-END EC PRIVATE KEY-")!=-1&&l.indexOf("4,ENCRYPTED")!=-1){var I=F.getDecryptedKeyHex(l,k);var P=d(I,0,[1],"04");var f=d(I,0,[2,0],"06");var A=d(I,0,[3,0],"03").substr(2);var e="";if(KJUR.crypto.OID.oidhex2name[f]!==undefined){e=KJUR.crypto.OID.oidhex2name[f]}else{throw new Error("undefined OID(hex) in KJUR.crypto.OID: "+f)}var j=new i({curve:e});j.setPublicKeyHex(A);j.setPrivateKeyHex(P);j.isPublic=false;return j}if(l.indexOf("-END DSA PRIVATE KEY-")!=-1&&l.indexOf("4,ENCRYPTED")!=-1){var I=F.getDecryptedKeyHex(l,k);var E=d(I,0,[1],"02");var D=d(I,0,[2],"02");var K=d(I,0,[3],"02");var r=d(I,0,[4],"02");var s=d(I,0,[5],"02");var P=new C();P.setPrivate(new BigInteger(E,16),new BigInteger(D,16),new BigInteger(K,16),new BigInteger(r,16),new BigInteger(s,16));return P}if(l.indexOf("-END ENCRYPTED PRIVATE KEY-")!=-1){return F.getKeyFromEncryptedPKCS8PEM(l,k)}throw new Error("not supported argument")};KEYUTIL.generateKeypair=function(a,c){if(a=="RSA"){var b=c;var h=new RSAKey();h.generate(b,"10001");h.isPrivate=true;h.isPublic=true;var f=new RSAKey();var e=h.n.toString(16);var i=h.e.toString(16);f.setPublic(e,i);f.isPrivate=false;f.isPublic=true;var k={};k.prvKeyObj=h;k.pubKeyObj=f;return k}else{if(a=="EC"){var d=c;var g=new KJUR.crypto.ECDSA({curve:d});var j=g.generateKeyPairHex();var h=new KJUR.crypto.ECDSA({curve:d});h.setPublicKeyHex(j.ecpubhex);h.setPrivateKeyHex(j.ecprvhex);h.isPrivate=true;h.isPublic=false;var f=new KJUR.crypto.ECDSA({curve:d});f.setPublicKeyHex(j.ecpubhex);f.isPrivate=false;f.isPublic=true;var k={};k.prvKeyObj=h;k.pubKeyObj=f;return k}else{throw new Error("unknown algorithm: "+a)}}};KEYUTIL.getPEM=function(b,D,y,m,q,j){var F=KJUR,k=F.asn1,z=k.DERObjectIdentifier,f=k.DERInteger,l=k.ASN1Util.newObject,a=k.x509,C=a.SubjectPublicKeyInfo,e=F.crypto,u=e.DSA,r=e.ECDSA,n=RSAKey;function A(s){var H=l({seq:[{"int":0},{"int":{bigint:s.n}},{"int":s.e},{"int":{bigint:s.d}},{"int":{bigint:s.p}},{"int":{bigint:s.q}},{"int":{bigint:s.dmp1}},{"int":{bigint:s.dmq1}},{"int":{bigint:s.coeff}}]});return H}function B(H){var s=l({seq:[{"int":1},{octstr:{hex:H.prvKeyHex}},{tag:["a0",true,{oid:{name:H.curveName}}]},{tag:["a1",true,{bitstr:{hex:"00"+H.pubKeyHex}}]}]});return s}function x(s){var H=l({seq:[{"int":0},{"int":{bigint:s.p}},{"int":{bigint:s.q}},{"int":{bigint:s.g}},{"int":{bigint:s.y}},{"int":{bigint:s.x}}]});return H}if(((n!==undefined&&b instanceof n)||(u!==undefined&&b instanceof u)||(r!==undefined&&b instanceof r))&&b.isPublic==true&&(D===undefined||D=="PKCS8PUB")){var E=new C(b);var w=E.tohex();return hextopem(w,"PUBLIC KEY")}if(D=="PKCS1PRV"&&n!==undefined&&b instanceof n&&(y===undefined||y==null)&&b.isPrivate==true){var E=A(b);var w=E.tohex();return hextopem(w,"RSA PRIVATE KEY")}if(D=="PKCS1PRV"&&r!==undefined&&b instanceof r&&(y===undefined||y==null)&&b.isPrivate==true){var i=new z({name:b.curveName});var v=i.tohex();var h=B(b);var t=h.tohex();var p="";p+=hextopem(v,"EC PARAMETERS");p+=hextopem(t,"EC PRIVATE KEY");return p}if(D=="PKCS1PRV"&&u!==undefined&&b instanceof u&&(y===undefined||y==null)&&b.isPrivate==true){var E=x(b);var w=E.tohex();return hextopem(w,"DSA PRIVATE KEY")}if(D=="PKCS5PRV"&&n!==undefined&&b instanceof n&&(y!==undefined&&y!=null)&&b.isPrivate==true){var E=A(b);var w=E.tohex();if(m===undefined){m="DES-EDE3-CBC"}return this.getEncryptedPKCS5PEMFromPrvKeyHex("RSA",w,y,m,j)}if(D=="PKCS5PRV"&&r!==undefined&&b instanceof r&&(y!==undefined&&y!=null)&&b.isPrivate==true){var E=B(b);var w=E.tohex();if(m===undefined){m="DES-EDE3-CBC"}return this.getEncryptedPKCS5PEMFromPrvKeyHex("EC",w,y,m,j)}if(D=="PKCS5PRV"&&u!==undefined&&b instanceof u&&(y!==undefined&&y!=null)&&b.isPrivate==true){var E=x(b);var w=E.tohex();if(m===undefined){m="DES-EDE3-CBC"}return this.getEncryptedPKCS5PEMFromPrvKeyHex("DSA",w,y,m,j)}var o=function(H,s){var J=c(H,s);var I=new l({seq:[{seq:[{oid:{name:"pkcs5PBES2"}},{seq:[{seq:[{oid:{name:"pkcs5PBKDF2"}},{seq:[{octstr:{hex:J.pbkdf2Salt}},{"int":J.pbkdf2Iter}]}]},{seq:[{oid:{name:"des-EDE3-CBC"}},{octstr:{hex:J.encryptionSchemeIV}}]}]}]},{octstr:{hex:J.ciphertext}}]});return I.tohex()};var c=function(O,P){var I=100;var N=CryptoJS.lib.WordArray.random(8);var M="DES-EDE3-CBC";var s=CryptoJS.lib.WordArray.random(8);var J=CryptoJS.PBKDF2(P,N,{keySize:192/32,iterations:I});var K=CryptoJS.enc.Hex.parse(O);var L=CryptoJS.TripleDES.encrypt(K,J,{iv:s})+"";var H={};H.ciphertext=L;H.pbkdf2Salt=CryptoJS.enc.Hex.stringify(N);H.pbkdf2Iter=I;H.encryptionSchemeAlg=M;H.encryptionSchemeIV=CryptoJS.enc.Hex.stringify(s);return H};if(D=="PKCS8PRV"&&n!=undefined&&b instanceof n&&b.isPrivate==true){var g=A(b);var d=g.tohex();var E=l({seq:[{"int":0},{seq:[{oid:{name:"rsaEncryption"}},{"null":true}]},{octstr:{hex:d}}]});var w=E.tohex();if(y===undefined||y==null){return hextopem(w,"PRIVATE KEY")}else{var t=o(w,y);return hextopem(t,"ENCRYPTED PRIVATE KEY")}}if(D=="PKCS8PRV"&&r!==undefined&&b instanceof r&&b.isPrivate==true){var G={seq:[{"int":1},{octstr:{hex:b.prvKeyHex}}]};if(typeof b.pubKeyHex=="string"){G.seq.push({tag:["a1",true,{bitstr:{hex:"00"+b.pubKeyHex}}]})}var g=new l(G);var d=g.tohex();var E=l({seq:[{"int":0},{seq:[{oid:{name:"ecPublicKey"}},{oid:{name:b.curveName}}]},{octstr:{hex:d}}]});var w=E.tohex();if(y===undefined||y==null){return hextopem(w,"PRIVATE KEY")}else{var t=o(w,y);return hextopem(t,"ENCRYPTED PRIVATE KEY")}}if(D=="PKCS8PRV"&&u!==undefined&&b instanceof u&&b.isPrivate==true){var g=new f({bigint:b.x});var d=g.tohex();var E=l({seq:[{"int":0},{seq:[{oid:{name:"dsa"}},{seq:[{"int":{bigint:b.p}},{"int":{bigint:b.q}},{"int":{bigint:b.g}}]}]},{octstr:{hex:d}}]});var w=E.tohex();if(y===undefined||y==null){return hextopem(w,"PRIVATE KEY")}else{var t=o(w,y);return hextopem(t,"ENCRYPTED PRIVATE KEY")}}throw new Error("unsupported object nor format")};KEYUTIL.getKeyFromCSRPEM=function(b){var a=pemtohex(b,"CERTIFICATE REQUEST");var c=KEYUTIL.getKeyFromCSRHex(a);return c};KEYUTIL.getKeyFromCSRHex=function(a){var c=KEYUTIL.parseCSRHex(a);var b=KEYUTIL.getKey(c.p8pubkeyhex,null,"pkcs8pub");return b};KEYUTIL.parseCSRHex=function(d){var i=ASN1HEX;var f=i.getChildIdx;var c=i.getTLV;var b={};var g=d;if(g.substr(0,2)!="30"){throw new Error("malformed CSR(code:001)")}var e=f(g,0);if(e.length<1){throw new Error("malformed CSR(code:002)")}if(g.substr(e[0],2)!="30"){throw new Error("malformed CSR(code:003)")}var a=f(g,e[0]);if(a.length<3){throw new Error("malformed CSR(code:004)")}b.p8pubkeyhex=c(g,a[2]);return b};KEYUTIL.getKeyID=function(f){var c=KEYUTIL;var e=ASN1HEX;if(typeof f==="string"&&f.indexOf("BEGIN ")!=-1){f=c.getKey(f)}var d=pemtohex(c.getPEM(f));var b=e.getIdxbyList(d,0,[1]);var a=e.getV(d,b).substring(2);return KJUR.crypto.Util.hashHex(a,"sha1")};KEYUTIL.getJWK=function(d,h,g,b,f){var i;var k={};var e;var c=KJUR.crypto.Util.hashHex;if(typeof d=="string"){i=KEYUTIL.getKey(d);if(d.indexOf("CERTIFICATE")!=-1){e=pemtohex(d)}}else{if(typeof d=="object"){if(d instanceof X509){i=d.getPublicKey();e=d.hex}else{i=d}}else{throw new Error("unsupported keyinfo type")}}if(i instanceof RSAKey&&i.isPrivate){k.kty="RSA";k.n=hextob64u(i.n.toString(16));k.e=hextob64u(i.e.toString(16));k.d=hextob64u(i.d.toString(16));k.p=hextob64u(i.p.toString(16));k.q=hextob64u(i.q.toString(16));k.dp=hextob64u(i.dmp1.toString(16));k.dq=hextob64u(i.dmq1.toString(16));k.qi=hextob64u(i.coeff.toString(16))}else{if(i instanceof RSAKey&&i.isPublic){k.kty="RSA";k.n=hextob64u(i.n.toString(16));k.e=hextob64u(i.e.toString(16))}else{if(i instanceof KJUR.crypto.ECDSA&&i.isPrivate){var a=i.getShortNISTPCurveName();if(a!=="P-256"&&a!=="P-384"&&a!=="P-521"){throw new Error("unsupported curve name for JWT: "+a)}var j=i.getPublicKeyXYHex();k.kty="EC";k.crv=a;k.x=hextob64u(j.x);k.y=hextob64u(j.y);k.d=hextob64u(i.prvKeyHex)}else{if(i instanceof KJUR.crypto.ECDSA&&i.isPublic){var a=i.getShortNISTPCurveName();if(a!=="P-256"&&a!=="P-384"&&a!=="P-521"){throw new Error("unsupported curve name for JWT: "+a)}var j=i.getPublicKeyXYHex();k.kty="EC";k.crv=a;k.x=hextob64u(j.x);k.y=hextob64u(j.y)}}}}if(k.kty==undefined){throw new Error("unsupported keyinfo")}if((!i.isPrivate)&&h!=true){k.kid=KJUR.jws.JWS.getJWKthumbprint(k)}if(e!=undefined&&g!=true){k.x5c=[hex2b64(e)]}if(e!=undefined&&b!=true){k.x5t=b64tob64u(hex2b64(c(e,"sha1")))}if(e!=undefined&&f!=true){k["x5t#S256"]=b64tob64u(hex2b64(c(e,"sha256")))}return k};KEYUTIL.getJWKFromKey=function(a){return KEYUTIL.getJWK(a,true,true,true,true)}; RSAKey.getPosArrayOfChildrenFromHex=function(a){return ASN1HEX.getChildIdx(a,0)};RSAKey.getHexValueArrayOfChildrenFromHex=function(f){var n=ASN1HEX;var i=n.getV;var k=RSAKey.getPosArrayOfChildrenFromHex(f);var e=i(f,k[0]);var j=i(f,k[1]);var b=i(f,k[2]);var c=i(f,k[3]);var h=i(f,k[4]);var g=i(f,k[5]);var m=i(f,k[6]);var l=i(f,k[7]);var d=i(f,k[8]);var k=new Array();k.push(e,j,b,c,h,g,m,l,d);return k};RSAKey.prototype.readPrivateKeyFromPEMString=function(d){var c=pemtohex(d);var b=RSAKey.getHexValueArrayOfChildrenFromHex(c);this.setPrivateEx(b[1],b[2],b[3],b[4],b[5],b[6],b[7],b[8])};RSAKey.prototype.readPKCS5PrvKeyHex=function(c){var b=RSAKey.getHexValueArrayOfChildrenFromHex(c);this.setPrivateEx(b[1],b[2],b[3],b[4],b[5],b[6],b[7],b[8])};RSAKey.prototype.readPKCS8PrvKeyHex=function(e){var c,i,k,b,a,f,d,j;var m=ASN1HEX;var l=m.getVbyListEx;if(m.isASN1HEX(e)===false){throw new Error("not ASN.1 hex string")}try{c=l(e,0,[2,0,1],"02");i=l(e,0,[2,0,2],"02");k=l(e,0,[2,0,3],"02");b=l(e,0,[2,0,4],"02");a=l(e,0,[2,0,5],"02");f=l(e,0,[2,0,6],"02");d=l(e,0,[2,0,7],"02");j=l(e,0,[2,0,8],"02")}catch(g){throw new Error("malformed PKCS#8 plain RSA private key")}this.setPrivateEx(c,i,k,b,a,f,d,j)};RSAKey.prototype.readPKCS5PubKeyHex=function(c){var e=ASN1HEX;var b=e.getV;if(e.isASN1HEX(c)===false){throw new Error("keyHex is not ASN.1 hex string")}var a=e.getChildIdx(c,0);if(a.length!==2||c.substr(a[0],2)!=="02"||c.substr(a[1],2)!=="02"){throw new Error("wrong hex for PKCS#5 public key")}var f=b(c,a[0]);var d=b(c,a[1]);this.setPublic(f,d)};RSAKey.prototype.readPKCS8PubKeyHex=function(b){var c=ASN1HEX;if(c.isASN1HEX(b)===false){throw new Error("not ASN.1 hex string")}if(c.getTLVbyListEx(b,0,[0,0])!=="06092a864886f70d010101"){throw new Error("not PKCS8 RSA public key")}var a=c.getTLVbyListEx(b,0,[1,0]);this.readPKCS5PubKeyHex(a)};RSAKey.prototype.readCertPubKeyHex=function(b,d){var a,c;a=new X509();a.readCertHex(b);c=a.getPublicKeyHex();this.readPKCS8PubKeyHex(c)}; var _RE_HEXDECONLY=new RegExp("[^0-9a-f]","gi");function _rsasign_getHexPaddedDigestInfoForString(d,e,a){var b=function(f){return KJUR.crypto.Util.hashString(f,a)};var c=b(d);return KJUR.crypto.Util.getPaddedDigestInfoHex(c,a,e)}function _zeroPaddingOfSignature(e,d){var c="";var a=d/4-e.length;for(var b=0;b>24,(d&16711680)>>16,(d&65280)>>8,d&255]))));d+=1}return b}RSAKey.prototype.signPSS=function(e,a,d){var c=function(f){return KJUR.crypto.Util.hashHex(f,a)};var b=c(rstrtohex(e));if(d===undefined){d=-1}return this.signWithMessageHashPSS(b,a,d)};RSAKey.prototype.signWithMessageHashPSS=function(l,a,k){var b=hextorstr(l);var g=b.length;var m=this.n.bitLength()-1;var c=Math.ceil(m/8);var d;var o=function(i){return KJUR.crypto.Util.hashHex(i,a)};if(k===-1||k===undefined){k=g}else{if(k===-2){k=c-g-2}else{if(k<-2){throw new Error("invalid salt length")}}}if(c<(g+k+2)){throw new Error("data too long")}var f="";if(k>0){f=new Array(k);new SecureRandom().nextBytes(f);f=String.fromCharCode.apply(String,f)}var n=hextorstr(o(rstrtohex("\x00\x00\x00\x00\x00\x00\x00\x00"+b+f)));var j=[];for(d=0;d>(8*c-m))&255;q[0]&=~p;for(d=0;dk){return false}var j=this.doPublic(b);var i=j.toString(16);if(i.length+3!=k/4){return false}var e=i.replace(/^1f+00/,"");var g=_rsasign_getAlgNameAndHashFromHexDisgestInfo(e);if(g.length==0){return false}var d=g[0];var h=g[1];var a=function(m){return KJUR.crypto.Util.hashString(m,d)};var c=a(f);return(h==c)};RSAKey.prototype.verifyWithMessageHash=function(e,a){if(a.length!=Math.ceil(this.n.bitLength()/4)){return false}var b=parseBigInt(a,16);if(b.bitLength()>this.n.bitLength()){return 0}var h=this.doPublic(b);var g=h.toString(16).replace(/^1f+00/,"");var c=_rsasign_getAlgNameAndHashFromHexDisgestInfo(g);if(c.length==0){return false}var d=c[0];var f=c[1];return(f==e)};RSAKey.prototype.verifyPSS=function(c,b,a,f){var e=function(g){return KJUR.crypto.Util.hashHex(g,a)};var d=e(rstrtohex(c));if(f===undefined){f=-1}return this.verifyWithMessageHashPSS(d,b,a,f)};RSAKey.prototype.verifyWithMessageHashPSS=function(f,s,l,c){if(s.length!=Math.ceil(this.n.bitLength()/4)){return false}var k=new BigInteger(s,16);var r=function(i){return KJUR.crypto.Util.hashHex(i,l)};var j=hextorstr(f);var h=j.length;var g=this.n.bitLength()-1;var m=Math.ceil(g/8);var q;if(c===-1||c===undefined){c=h}else{if(c===-2){c=m-h-2}else{if(c<-2){throw new Error("invalid salt length")}}}if(m<(h+c+2)){throw new Error("data too long")}var a=this.doPublic(k).toByteArray();for(q=0;q>(8*m-g))&255;if((d.charCodeAt(0)&p)!==0){throw new Error("bits beyond keysize not zero")}var n=pss_mgf1_str(e,d.length,r);var o=[];for(q=0;q0){return z}return undefined}catch(B){return undefined}};this._asn1ToNoticeRef=function(F){try{var A={};var B=aryval(F,"seq");for(var D=0;D0){return A}return undefined}catch(C){return undefined}};this._asn1ToNoticeNum=function(E){try{var A=aryval(E,"seq");var z=[];for(var C=0;C1){var G=b(C,B[1]);var A=this.getGeneralName(G);if(A.uri!=undefined){z.uri=A.uri}}if(B.length>2){var D=b(C,B[2]);if(D=="0101ff"){z.reqauth=true}if(D=="010100"){z.reqauth=false}}return z};var e=function(E){var z={};try{var B=E.seq[0].oid;var D=KJUR.asn1.x509.OID.name2oid(B);z.type=KJUR.asn1.x509.OID.oid2atype(D);var A=E.seq[1];if(A.utf8str!=undefined){z.ds="utf8";z.value=A.utf8str.str}else{if(A.numstr!=undefined){z.ds="num";z.value=A.numstr.str}else{if(A.telstr!=undefined){z.ds="tel";z.value=A.telstr.str}else{if(A.prnstr!=undefined){z.ds="prn";z.value=A.prnstr.str}else{if(A.ia5str!=undefined){z.ds="ia5";z.value=A.ia5str.str}else{if(A.visstr!=undefined){z.ds="vis";z.value=A.visstr.str}else{if(A.bmpstr!=undefined){z.ds="bmp";z.value=A.bmpstr.str}else{throw"error"}}}}}}}return z}catch(C){throw new Erorr("improper ASN.1 parsed AttrTypeAndValue")}};var i=function(A){try{return A.set.map(function(B){return e(B)})}catch(z){throw new Error("improper ASN.1 parsed RDN: "+z)}};var h=function(A){try{return A.seq.map(function(B){return i(B)})}catch(z){throw new Error("improper ASN.1 parsed X500Name: "+z)}};this.getX500NameRule=function(z){var G=true;var K=true;var J=false;var A="";var D="";var M=null;var H=[];for(var C=0;C0){z.ext=this.getExtParamArray()}z.sighex=this.getSignatureValueHex();if(A.tbshex==true){z.tbshex=a(this.hex,0,[0])}if(A.nodnarray==true){delete z.issuer.array;delete z.subject.array}return z};this.getExtParamArray=function(A){if(A==undefined){var C=f(this.hex,0,[0,"[3]"]);if(C!=-1){A=q(this.hex,0,[0,"[3]",0],"30")}}var z=[];var B=s(A,0);for(var D=0;D0){return z}return undefined}catch(B){return undefined}};this._asn1ToNoticeRef=function(F){try{var A={};var B=aryval(F,"seq");for(var D=0;D0){return A}return undefined}catch(C){return undefined}};this._asn1ToNoticeNum=function(E){try{var A=aryval(E,"seq");var z=[];for(var C=0;C1){var G=b(C,B[1]);var A=this.getGeneralName(G);if(A.uri!=undefined){z.uri=A.uri}}if(B.length>2){var D=b(C,B[2]);if(D=="0101ff"){z.reqauth=true}if(D=="010100"){z.reqauth=false}}return z};this.getExtSubjectDirectoryAttributes=function(H,G){if(H===undefined&&G===undefined){var B=this.getExtInfo("subjectDirectoryAttributes");if(B===undefined){return undefined}H=b(this.hex,B.vidx);G=B.critical}var I={extname:"subjectDirectoryAttributes"};if(G){I.critical=true}try{var z=j(H);for(var D=0;D0){z.ext=this.getExtParamArray()}z.sighex=this.getSignatureValueHex();if(A.tbshex==true){z.tbshex=a(this.hex,0,[0])}if(A.nodnarray==true){delete z.issuer.array;delete z.subject.array}return z};this.getExtParamArray=function(A){if(A==undefined){var C=f(this.hex,0,[0,"[3]"]);if(C!=-1){A=q(this.hex,0,[0,"[3]",0],"30")}}var z=[];var B=s(A,0);for(var D=0;D0){var b=":"+n.join(":")+":";if(b.indexOf(":"+k+":")==-1){throw"algorithm '"+k+"' not accepted in the list"}}if(k!="none"&&B===null){throw"key shall be specified to verify."}if(typeof B=="string"&&B.indexOf("-----BEGIN ")!=-1){B=KEYUTIL.getKey(B)}if(z=="RS"||z=="PS"){if(!(B instanceof m)){throw"key shall be a RSAKey obj for RS* and PS* algs"}}if(z=="ES"){if(!(B instanceof p)){throw"key shall be a ECDSA obj for ES* algs"}}if(k=="none"){}var u=null;if(t.jwsalg2sigalg[l.alg]===undefined){throw"unsupported alg name: "+k}else{u=t.jwsalg2sigalg[k]}if(u=="none"){throw"not supported"}else{if(u.substr(0,4)=="Hmac"){var o=null;if(B===undefined){throw"hexadecimal key shall be specified for HMAC"}var j=new s({alg:u,pass:B});j.updateString(c);o=j.doFinal();return A==o}else{if(u.indexOf("withECDSA")!=-1){var h=null;try{h=p.concatSigToASN1Sig(A)}catch(v){return false}var g=new d({alg:u});g.init(B);g.updateString(c);return g.verify(h)}else{var g=new d({alg:u});g.init(B);g.updateString(c);return g.verify(A)}}}};KJUR.jws.JWS.parse=function(g){var c=g.split(".");var b={};var f,e,d;if(c.length!=2&&c.length!=3){throw"malformed sJWS: wrong number of '.' splitted elements"}f=c[0];e=c[1];if(c.length==3){d=c[2]}b.headerObj=KJUR.jws.JWS.readSafeJSONString(b64utoutf8(f));b.payloadObj=KJUR.jws.JWS.readSafeJSONString(b64utoutf8(e));b.headerPP=JSON.stringify(b.headerObj,null," ");if(b.payloadObj==null){b.payloadPP=b64utoutf8(e)}else{b.payloadPP=JSON.stringify(b.payloadObj,null," ")}if(d!==undefined){b.sigHex=b64utohex(d)}return b};KJUR.jws.JWS.verifyJWT=function(e,l,r){var d=KJUR,j=d.jws,o=j.JWS,n=o.readSafeJSONString,p=o.inArray,f=o.includedArray;if(!isBase64URLDot(e)){return false}var k=e.split(".");if(k.length!=3){return false}var c=k[0];var i=k[1];var q=c+"."+i;var m=b64utohex(k[2]);var h=n(b64utoutf8(c));var g=n(b64utoutf8(i));if(h.alg===undefined){return false}if(r.alg===undefined){throw"acceptField.alg shall be specified"}if(!p(h.alg,r.alg)){return false}if(g.iss!==undefined&&typeof r.iss==="object"){if(!p(g.iss,r.iss)){return false}}if(g.sub!==undefined&&typeof r.sub==="object"){if(!p(g.sub,r.sub)){return false}}if(g.aud!==undefined&&typeof r.aud==="object"){if(typeof g.aud=="string"){if(!p(g.aud,r.aud)){return false}}else{if(typeof g.aud=="object"){if(!f(g.aud,r.aud)){return false}}}}var b=j.IntDate.getNow();if(r.verifyAt!==undefined&&typeof r.verifyAt==="number"){b=r.verifyAt}if(r.gracePeriod===undefined||typeof r.gracePeriod!=="number"){r.gracePeriod=0}if(g.exp!==undefined&&typeof g.exp=="number"){if(g.exp+r.gracePeriodl){this.aHeader.pop()}if(this.aSignature.length>l){this.aSignature.pop()}throw"addSignature failed: "+i}};this.verifyAll=function(h){if(this.aHeader.length!==h.length||this.aSignature.length!==h.length){return false}for(var g=0;g0){this.aHeader=g.headers}else{throw"malformed header"}if(typeof g.payload==="string"){this.sPayload=g.payload}else{throw"malformed signatures"}if(g.signatures.length>0){this.aSignature=g.signatures}else{throw"malformed signatures"}}catch(e){throw"malformed JWS-JS JSON object: "+e}}};this.getJSON=function(){return{headers:this.aHeader,payload:this.sPayload,signatures:this.aSignature}};this.isEmpty=function(){if(this.aHeader.length==0){return 1}return 0}}; diff --git a/npm/lib/jsrsasign-jwths-min.js b/npm/lib/jsrsasign-jwths-min.js index 1893645c..e9100723 100644 --- a/npm/lib/jsrsasign-jwths-min.js +++ b/npm/lib/jsrsasign-jwths-min.js @@ -1,8 +1,8 @@ /* - * jsrsasign(jwths) 10.8.3 (2023-04-20) (c) 2010-2023 Kenji Urushima | kjur.github.io/jsrsasign/license + * jsrsasign(jwths) 10.8.4 (2023-04-26) (c) 2010-2023 Kenji Urushima | kjur.github.io/jsrsasign/license */ -var VERSION = "10.8.3"; -var VERSION_FULL = "jsrsasign(jwths) 10.8.3 (2023-04-20) (c) 2010-2023 Kenji Urushima | kjur.github.io/jsrsasign/license"; +var VERSION = "10.8.4"; +var VERSION_FULL = "jsrsasign(jwths) 10.8.4 (2023-04-26) (c) 2010-2023 Kenji Urushima | kjur.github.io/jsrsasign/license"; /*! CryptoJS v3.1.2 core-fix.js * code.google.com/p/crypto-js @@ -113,6 +113,6 @@ var rng_state;var rng_pool;var rng_pptr;function rng_seed_int(a){rng_pool[rng_pp /*! Mike Samuel (c) 2009 | code.google.com/p/json-sans-eval */ var jsonParse=(function(){var e="(?:-?\\b(?:0|[1-9][0-9]*)(?:\\.[0-9]+)?(?:[eE][+-]?[0-9]+)?\\b)";var j='(?:[^\\0-\\x08\\x0a-\\x1f"\\\\]|\\\\(?:["/\\\\bfnrt]|u[0-9A-Fa-f]{4}))';var i='(?:"'+j+'*")';var d=new RegExp("(?:false|true|null|[\\{\\}\\[\\]]|"+e+"|"+i+")","g");var k=new RegExp("\\\\(?:([^u])|u(.{4}))","g");var g={'"':'"',"/":"/","\\":"\\",b:"\b",f:"\f",n:"\n",r:"\r",t:"\t"};function h(l,m,n){return m?g[m]:String.fromCharCode(parseInt(n,16))}var c=new String("");var a="\\";var f={"{":Object,"[":Array};var b=Object.hasOwnProperty;return function(u,q){var p=u.match(d);var x;var v=p[0];var l=false;if("{"===v){x={}}else{if("["===v){x=[]}else{x=[];l=true}}var t;var r=[x];for(var o=1-l,m=p.length;o=0;){delete D[n[A]]}}}return q.call(C,B,D)};x=s({"":x},"")}return x}})(); -var KJUR;if(typeof KJUR=="undefined"||!KJUR){KJUR={}}if(typeof KJUR.lang=="undefined"||!KJUR.lang){KJUR.lang={}}KJUR.lang.String=function(){};function Base64x(){}function stoBA(d){var b=new Array();for(var c=0;c>6);var i=128|(a&63);return hextoutf8(j.toString(16)+i.toString(16))}var j=224|((h&240)>>4);var i=128|((h&15)<<2)|((a&192)>>6);var g=128|(a&63);return hextoutf8(j.toString(16)+i.toString(16)+g.toString(16))}var c=d.match(/.{4}/g);var b=c.map(e);return b.join("")}function encodeURIComponentAll(a){var d=encodeURIComponent(a);var b="";for(var c=0;c"7"){return"00"+a}return a}function intarystrtohex(b){b=b.replace(/^\s*\[\s*/,"");b=b.replace(/\s*\]\s*$/,"");b=b.replace(/\s*/g,"");try{var c=b.split(/,/).map(function(g,e,h){var f=parseInt(g);if(f<0||255a.length){d=a.length}for(var b=0;b0){o=o+"."+k.join(".")}return o}catch(j){return null}}var strpad=function(c,b,a){if(a==undefined){a="0"}if(c.length>=b){return c}return new Array(b-c.length+1).join(a)+c};function bitstrtoint(e){if(e.length%2!=0){return -1}e=e.toLowerCase();if(e.match(/^[0-9a-f]+$/)==null){return -1}try{var a=e.substr(0,2);if(a=="00"){return parseInt(e.substr(2),16)}var b=parseInt(a,16);if(b>7){return -1}var g=e.substr(2);var d=parseInt(g,16).toString(2);if(d=="0"){d="00000000"}d=d.slice(0,0-b);var f=parseInt(d,2);if(f==NaN){return -1}return f}catch(c){return -1}}function inttobitstr(e){if(typeof e!="number"){return null}if(e<0){return null}var c=Number(e).toString(2);var b=8-c.length%8;if(b==8){b=0}c=c+strpad("",b,"0");var d=parseInt(c,2).toString(16);if(d.length%2==1){d="0"+d}var a="0"+b;return a+d}function bitstrtobinstr(g){if(typeof g!="string"){return null}if(g.length%2!=0){return null}if(!g.match(/^[0-9a-f]+$/)){return null}try{var c=parseInt(g.substr(0,2),16);if(c<0||7=0;a--){c+=b[a]}return c}function aryval(e,c,d){if(typeof e!="object"){return undefined}var c=String(c).split(".");for(var b=0;b>6);var i=128|(a&63);return hextoutf8(j.toString(16)+i.toString(16))}var j=224|((h&240)>>4);var i=128|((h&15)<<2)|((a&192)>>6);var g=128|(a&63);return hextoutf8(j.toString(16)+i.toString(16)+g.toString(16))}var c=d.match(/.{4}/g);var b=c.map(e);return b.join("")}function encodeURIComponentAll(a){var d=encodeURIComponent(a);var b="";for(var c=0;c"7"){return"00"+a}return a}function intarystrtohex(b){b=b.replace(/^\s*\[\s*/,"");b=b.replace(/\s*\]\s*$/,"");b=b.replace(/\s*/g,"");try{var c=b.split(/,/).map(function(g,e,h){var f=parseInt(g);if(f<0||255a.length){d=a.length}for(var b=0;b0){o=o+"."+k.join(".")}return o}catch(j){return null}}var strpad=function(c,b,a){if(a==undefined){a="0"}if(c.length>=b){return c}return new Array(b-c.length+1).join(a)+c};function bitstrtoint(e){if(e.length%2!=0){return -1}e=e.toLowerCase();if(e.match(/^[0-9a-f]+$/)==null){return -1}try{var a=e.substr(0,2);if(a=="00"){return parseInt(e.substr(2),16)}var b=parseInt(a,16);if(b>7){return -1}var g=e.substr(2);var d=parseInt(g,16).toString(2);if(d=="0"){d="00000000"}d=d.slice(0,0-b);var f=parseInt(d,2);if(f==NaN){return -1}return f}catch(c){return -1}}function inttobitstr(e){if(typeof e!="number"){return null}if(e<0){return null}var c=Number(e).toString(2);var b=8-c.length%8;if(b==8){b=0}c=c+strpad("",b,"0");var d=parseInt(c,2).toString(16);if(d.length%2==1){d="0"+d}var a="0"+b;return a+d}function bitstrtobinstr(g){if(typeof g!="string"){return null}if(g.length%2!=0){return null}if(!g.match(/^[0-9a-f]+$/)){return null}try{var c=parseInt(g.substr(0,2),16);if(c<0||7=0;a--){c+=b[a]}return c}function aryval(e,c,d){if(typeof e!="object"){return undefined}var c=String(c).split(".");for(var b=0;bd){throw"key is too short for SigAlg: keylen="+j+","+a}var b="0001";var k="00"+c;var g="";var l=d-b.length-k.length;for(var f=0;f0){var b=":"+n.join(":")+":";if(b.indexOf(":"+k+":")==-1){throw"algorithm '"+k+"' not accepted in the list"}}if(k!="none"&&B===null){throw"key shall be specified to verify."}if(typeof B=="string"&&B.indexOf("-----BEGIN ")!=-1){B=KEYUTIL.getKey(B)}if(z=="RS"||z=="PS"){if(!(B instanceof m)){throw"key shall be a RSAKey obj for RS* and PS* algs"}}if(z=="ES"){if(!(B instanceof p)){throw"key shall be a ECDSA obj for ES* algs"}}if(k=="none"){}var u=null;if(t.jwsalg2sigalg[l.alg]===undefined){throw"unsupported alg name: "+k}else{u=t.jwsalg2sigalg[k]}if(u=="none"){throw"not supported"}else{if(u.substr(0,4)=="Hmac"){var o=null;if(B===undefined){throw"hexadecimal key shall be specified for HMAC"}var j=new s({alg:u,pass:B});j.updateString(c);o=j.doFinal();return A==o}else{if(u.indexOf("withECDSA")!=-1){var h=null;try{h=p.concatSigToASN1Sig(A)}catch(v){return false}var g=new d({alg:u});g.init(B);g.updateString(c);return g.verify(h)}else{var g=new d({alg:u});g.init(B);g.updateString(c);return g.verify(A)}}}};KJUR.jws.JWS.parse=function(g){var c=g.split(".");var b={};var f,e,d;if(c.length!=2&&c.length!=3){throw"malformed sJWS: wrong number of '.' splitted elements"}f=c[0];e=c[1];if(c.length==3){d=c[2]}b.headerObj=KJUR.jws.JWS.readSafeJSONString(b64utoutf8(f));b.payloadObj=KJUR.jws.JWS.readSafeJSONString(b64utoutf8(e));b.headerPP=JSON.stringify(b.headerObj,null," ");if(b.payloadObj==null){b.payloadPP=b64utoutf8(e)}else{b.payloadPP=JSON.stringify(b.payloadObj,null," ")}if(d!==undefined){b.sigHex=b64utohex(d)}return b};KJUR.jws.JWS.verifyJWT=function(e,l,r){var d=KJUR,j=d.jws,o=j.JWS,n=o.readSafeJSONString,p=o.inArray,f=o.includedArray;if(!isBase64URLDot(e)){return false}var k=e.split(".");if(k.length!=3){return false}var c=k[0];var i=k[1];var q=c+"."+i;var m=b64utohex(k[2]);var h=n(b64utoutf8(c));var g=n(b64utoutf8(i));if(h.alg===undefined){return false}if(r.alg===undefined){throw"acceptField.alg shall be specified"}if(!p(h.alg,r.alg)){return false}if(g.iss!==undefined&&typeof r.iss==="object"){if(!p(g.iss,r.iss)){return false}}if(g.sub!==undefined&&typeof r.sub==="object"){if(!p(g.sub,r.sub)){return false}}if(g.aud!==undefined&&typeof r.aud==="object"){if(typeof g.aud=="string"){if(!p(g.aud,r.aud)){return false}}else{if(typeof g.aud=="object"){if(!f(g.aud,r.aud)){return false}}}}var b=j.IntDate.getNow();if(r.verifyAt!==undefined&&typeof r.verifyAt==="number"){b=r.verifyAt}if(r.gracePeriod===undefined||typeof r.gracePeriod!=="number"){r.gracePeriod=0}if(g.exp!==undefined&&typeof g.exp=="number"){if(g.exp+r.gracePeriod=a.length){return null}}var e="";while(++f191)&&(h<224)){e+=String.fromCharCode(((h&31)<<6)|(a[f+1]&63));++f}else{e+=String.fromCharCode(((h&15)<<12)|((a[f+1]&63)<<6)|(a[f+2]&63));f+=2}}}return e}function oaep_mgf1_str(c,a,e){var b="",d=0;while(b.length>24,(d&16711680)>>16,(d&65280)>>8,d&255]));d+=1}return b}function oaep_unpad(o,b,g,p){var e=KJUR.crypto.MessageDigest;var r=KJUR.crypto.Util;var c=null;if(!g){g="sha1"}if(typeof g==="string"){c=e.getCanonicalAlgName(g);p=e.getHashLength(c);g=function(d){return hextorstr(r.hashHex(rstrtohex(d),c))}}o=o.toByteArray();var h;for(h=0;h0&&a.length>0){this.n=parseBigInt(c,16);this.e=parseInt(a,16);this.d=parseBigInt(b,16)}else{throw"Invalid RSA private key"}}}function RSASetPrivateEx(g,d,e,c,b,a,h,f){this.isPrivate=true;this.isPublic=false;if(g==null){throw"RSASetPrivateEx N == null"}if(d==null){throw"RSASetPrivateEx E == null"}if(g.length==0){throw"RSASetPrivateEx N.length == 0"}if(d.length==0){throw"RSASetPrivateEx E.length == 0"}if(g!=null&&d!=null&&g.length>0&&d.length>0){this.n=parseBigInt(g,16);this.e=parseInt(d,16);this.d=parseBigInt(e,16);this.p=parseBigInt(c,16);this.q=parseBigInt(b,16);this.dmp1=parseBigInt(a,16);this.dmq1=parseBigInt(h,16);this.coeff=parseBigInt(f,16)}else{throw"Invalid RSA private key in RSASetPrivateEx"}}function RSAGenerate(b,l){var a=new SecureRandom();var g=b>>1;this.e=parseInt(l,16);var c=new BigInteger(l,16);var d=(b/2)-100;var k=BigInteger.ONE.shiftLeft(d);for(;;){for(;;){this.p=new BigInteger(b-g,1,a);if(this.p.subtract(BigInteger.ONE).gcd(c).compareTo(BigInteger.ONE)==0&&this.p.isProbablePrime(10)){break}}for(;;){this.q=new BigInteger(g,1,a);if(this.q.subtract(BigInteger.ONE).gcd(c).compareTo(BigInteger.ONE)==0&&this.q.isProbablePrime(10)){break}}if(this.p.compareTo(this.q)<=0){var j=this.p;this.p=this.q;this.q=j}var h=this.q.subtract(this.p).abs();if(h.bitLength()>3)}function RSADecryptOAEP(e,d,b){if(e.length!=Math.ceil(this.n.bitLength()/4)){throw new Error("wrong ctext length")}var f=parseBigInt(e,16);var a=this.doPrivate(f);if(a==null){return null}return oaep_unpad(a,(this.n.bitLength()+7)>>3,d,b)}RSAKey.prototype.doPrivate=RSADoPrivate;RSAKey.prototype.setPrivate=RSASetPrivate;RSAKey.prototype.setPrivateEx=RSASetPrivateEx;RSAKey.prototype.generate=RSAGenerate;RSAKey.prototype.decrypt=RSADecrypt;RSAKey.prototype.decryptOAEP=RSADecryptOAEP; if(typeof KJUR=="undefined"||!KJUR){KJUR={}}if(typeof KJUR.asn1=="undefined"||!KJUR.asn1){KJUR.asn1={}}KJUR.asn1.ASN1Util=new function(){this.integerToByteHex=function(a){var b=a.toString(16);if((b.length%2)==1){b="0"+b}return b};this.bigIntToMinTwosComplementsHex=function(j){var f=j.toString(16);if(f.substr(0,1)!="-"){if(f.length%2==1){f="0"+f}else{if(!f.match(/^[0-7]/)){f="00"+f}}}else{var a=f.substr(1);var e=a.length;if(e%2==1){e+=1}else{if(!f.match(/^[0-7]/)){e+=2}}var g="";for(var d=0;d15){throw new Error("ASN.1 length too long to represent by 8x: n = "+j.toString(16))}var g=128+h;return g.toString(16)+i}};this.tohex=function(){if(this.hTLV==null||this.isModified){this.hV=this.getFreshValueHex();this.hL=this.getLengthHexFromValue();this.hTLV=this.hT+this.hL+this.hV;this.isModified=false}return this.hTLV};this.getEncodedHex=function(){return this.tohex()};this.getValueHex=function(){this.tohex();return this.hV};this.getFreshValueHex=function(){return""};this.setByParam=function(g){this.params=g};if(e!=undefined){if(e.tlv!=undefined){this.hTLV=e.tlv;this.isModified=false}}};KJUR.asn1.DERAbstractString=function(c){KJUR.asn1.DERAbstractString.superclass.constructor.call(this);var b=null;var a=null;this.getString=function(){return this.s};this.setString=function(d){this.hTLV=null;this.isModified=true;this.s=d;this.hV=utf8tohex(this.s).toLowerCase()};this.setStringHex=function(d){this.hTLV=null;this.isModified=true;this.s=null;this.hV=d};this.getFreshValueHex=function(){return this.hV};if(typeof c!="undefined"){if(typeof c=="string"){this.setString(c)}else{if(typeof c.str!="undefined"){this.setString(c.str)}else{if(typeof c.hex!="undefined"){this.setStringHex(c.hex)}}}}};extendClass(KJUR.asn1.DERAbstractString,KJUR.asn1.ASN1Object);KJUR.asn1.DERAbstractTime=function(c){KJUR.asn1.DERAbstractTime.superclass.constructor.call(this);var b=null;var a=null;this.localDateToUTC=function(g){var e=g.getTime()+(g.getTimezoneOffset()*60000);var f=new Date(e);return f};this.formatDate=function(m,o,e){var g=this.zeroPadding;var n=this.localDateToUTC(m);var p=String(n.getFullYear());if(o=="utc"){p=p.substr(2,2)}var l=g(String(n.getMonth()+1),2);var q=g(String(n.getDate()),2);var h=g(String(n.getHours()),2);var i=g(String(n.getMinutes()),2);var j=g(String(n.getSeconds()),2);var r=p+l+q+h+i+j;if(e===true){var f=n.getMilliseconds();if(f!=0){var k=g(String(f),3);k=k.replace(/[0]+$/,"");r=r+"."+k}}return r+"Z"};this.zeroPadding=function(e,d){if(e.length>=d){return e}return new Array(d-e.length+1).join("0")+e};this.setByParam=function(d){this.hV=null;this.hTLV=null;this.params=d};this.getString=function(){return undefined};this.setString=function(d){this.hTLV=null;this.isModified=true;if(this.params==undefined){this.params={}}this.params.str=d};this.setByDate=function(d){this.hTLV=null;this.isModified=true;if(this.params==undefined){this.params={}}this.params.date=d};this.setByDateValue=function(h,j,e,d,f,g){var i=new Date(Date.UTC(h,j-1,e,d,f,g,0));this.setByDate(i)};this.getFreshValueHex=function(){return this.hV}};extendClass(KJUR.asn1.DERAbstractTime,KJUR.asn1.ASN1Object);KJUR.asn1.DERAbstractStructured=function(b){KJUR.asn1.DERAbstractString.superclass.constructor.call(this);var a=null;this.setByASN1ObjectArray=function(c){this.hTLV=null;this.isModified=true;this.asn1Array=c};this.appendASN1Object=function(c){this.hTLV=null;this.isModified=true;this.asn1Array.push(c)};this.asn1Array=new Array();if(typeof b!="undefined"){if(typeof b.array!="undefined"){this.asn1Array=b.array}}};extendClass(KJUR.asn1.DERAbstractStructured,KJUR.asn1.ASN1Object);KJUR.asn1.DERBoolean=function(a){KJUR.asn1.DERBoolean.superclass.constructor.call(this);this.hT="01";if(a==false){this.hTLV="010100"}else{this.hTLV="0101ff"}};extendClass(KJUR.asn1.DERBoolean,KJUR.asn1.ASN1Object);KJUR.asn1.DERInteger=function(b){KJUR.asn1.DERInteger.superclass.constructor.call(this);this.hT="02";this.params=null;var a=KJUR.asn1.ASN1Util.bigIntToMinTwosComplementsHex;this.setByBigInteger=function(c){this.isModified=true;this.params={bigint:c}};this.setByInteger=function(c){this.isModified=true;this.params=c};this.setValueHex=function(c){this.isModified=true;this.params={hex:c}};this.getFreshValueHex=function(){var d=this.params;var c=null;if(d==null){throw new Error("value not set")}if(typeof d=="object"&&d.hex!=undefined){this.hV=d.hex;return this.hV}if(typeof d=="number"){c=new BigInteger(String(d),10)}else{if(d["int"]!=undefined){c=new BigInteger(String(d["int"]),10)}else{if(d.bigint!=undefined){c=d.bigint}else{throw new Error("wrong parameter")}}}this.hV=a(c);return this.hV};if(b!=undefined){this.params=b}};extendClass(KJUR.asn1.DERInteger,KJUR.asn1.ASN1Object);KJUR.asn1.DERBitString=function(b){if(b!==undefined&&typeof b.obj!=="undefined"){var a=KJUR.asn1.ASN1Util.newObject(b.obj);b.hex="00"+a.tohex()}KJUR.asn1.DERBitString.superclass.constructor.call(this);this.hT="03";this.setHexValueIncludingUnusedBits=function(c){this.hTLV=null;this.isModified=true;this.hV=c};this.setUnusedBitsAndHexValue=function(c,e){if(c<0||7=f){break}}return j};ASN1HEX.getNthChildIdx=function(d,b,e){var c=ASN1HEX.getChildIdx(d,b);return c[e]};ASN1HEX.getIdxbyList=function(e,d,c,i){var g=ASN1HEX;var f,b;if(c.length==0){if(i!==undefined){if(e.substr(d,2)!==i){return -1}}return d}f=c.shift();b=g.getChildIdx(e,d);if(f>=b.length){return -1}return g.getIdxbyList(e,b[f],c,i)};ASN1HEX.getIdxbyListEx=function(f,k,b,g){var m=ASN1HEX;var d,l;if(b.length==0){if(g!==undefined){if(f.substr(k,2)!==g){return -1}}return k}d=b.shift();l=m.getChildIdx(f,k);var j=0;for(var e=0;e=d.length){return null}return e.getTLV(d,a)};ASN1HEX.getTLVbyListEx=function(d,c,b,f){var e=ASN1HEX;var a=e.getIdxbyListEx(d,c,b,f);if(a==-1){return null}return e.getTLV(d,a)};ASN1HEX.getVbyList=function(e,c,b,g,i){var f=ASN1HEX;var a,d;a=f.getIdxbyList(e,c,b,g);if(a==-1){return null}if(a>=e.length){return null}d=f.getV(e,a);if(i===true){d=d.substr(2)}return d};ASN1HEX.getVbyListEx=function(b,e,a,d,f){var j=ASN1HEX;var g,c,i;g=j.getIdxbyListEx(b,e,a,d);if(g==-1){return null}i=j.getV(b,g);if(b.substr(g,2)=="03"&&f!==false){i=i.substr(2)}return i};ASN1HEX.getInt=function(e,b,f){if(f==undefined){f=-1}try{var c=e.substr(b,2);if(c!="02"&&c!="03"){return f}var a=ASN1HEX.getV(e,b);if(c=="02"){return parseInt(a,16)}else{return bitstrtoint(a)}}catch(d){return f}};ASN1HEX.getOID=function(c,a,d){if(d==undefined){d=null}try{if(c.substr(a,2)!="06"){return d}var e=ASN1HEX.getV(c,a);return hextooid(e)}catch(b){return d}};ASN1HEX.getOIDName=function(d,a,f){if(f==undefined){f=null}try{var e=ASN1HEX.getOID(d,a,f);if(e==f){return f}var b=KJUR.asn1.x509.OID.oid2name(e);if(b==""){return e}return b}catch(c){return f}};ASN1HEX.getString=function(d,b,e){if(e==undefined){e=null}try{var a=ASN1HEX.getV(d,b);return hextorstr(a)}catch(c){return e}};ASN1HEX.hextooidstr=function(e){var h=function(b,a){if(b.length>=a){return b}return new Array(a-b.length+1).join("0")+b};var l=[];var o=e.substr(0,2);var f=parseInt(o,16);l[0]=new String(Math.floor(f/40));l[1]=new String(f%40);var m=e.substr(2);var k=[];for(var g=0;g0){n=n+"."+j.join(".")}return n};ASN1HEX.dump=function(t,c,l,g){var p=ASN1HEX;var j=p.getV;var y=p.dump;var w=p.getChildIdx;var e=t;if(t instanceof KJUR.asn1.ASN1Object){e=t.tohex()}var q=function(A,i){if(A.length<=i*2){return A}else{var v=A.substr(0,i)+"..(total "+A.length/2+"bytes).."+A.substr(A.length-i,i);return v}};if(c===undefined){c={ommit_long_octet:32}}if(l===undefined){l=0}if(g===undefined){g=""}var x=c.ommit_long_octet;var z=e.substr(l,2);if(z=="01"){var h=j(e,l);if(h=="00"){return g+"BOOLEAN FALSE\n"}else{return g+"BOOLEAN TRUE\n"}}if(z=="02"){var h=j(e,l);return g+"INTEGER "+q(h,x)+"\n"}if(z=="03"){var h=j(e,l);if(p.isASN1HEX(h.substr(2))){var k=g+"BITSTRING, encapsulates\n";k=k+y(h.substr(2),c,0,g+" ");return k}else{return g+"BITSTRING "+q(h,x)+"\n"}}if(z=="04"){var h=j(e,l);if(p.isASN1HEX(h)){var k=g+"OCTETSTRING, encapsulates\n";k=k+y(h,c,0,g+" ");return k}else{return g+"OCTETSTRING "+q(h,x)+"\n"}}if(z=="05"){return g+"NULL\n"}if(z=="06"){var m=j(e,l);var b=KJUR.asn1.ASN1Util.oidHexToInt(m);var o=KJUR.asn1.x509.OID.oid2name(b);var a=b.replace(/\./g," ");if(o!=""){return g+"ObjectIdentifier "+o+" ("+a+")\n"}else{return g+"ObjectIdentifier ("+a+")\n"}}if(z=="0a"){return g+"ENUMERATED "+parseInt(j(e,l))+"\n"}if(z=="0c"){return g+"UTF8String '"+hextoutf8(j(e,l))+"'\n"}if(z=="13"){return g+"PrintableString '"+hextoutf8(j(e,l))+"'\n"}if(z=="14"){return g+"TeletexString '"+hextoutf8(j(e,l))+"'\n"}if(z=="16"){return g+"IA5String '"+hextoutf8(j(e,l))+"'\n"}if(z=="17"){return g+"UTCTime "+hextoutf8(j(e,l))+"\n"}if(z=="18"){return g+"GeneralizedTime "+hextoutf8(j(e,l))+"\n"}if(z=="1a"){return g+"VisualString '"+hextoutf8(j(e,l))+"'\n"}if(z=="1e"){return g+"BMPString '"+ucs2hextoutf8(j(e,l))+"'\n"}if(z=="30"){if(e.substr(l,4)=="3000"){return g+"SEQUENCE {}\n"}var k=g+"SEQUENCE\n";var d=w(e,l);var f=c;if((d.length==2||d.length==3)&&e.substr(d[0],2)=="06"&&e.substr(d[d.length-1],2)=="04"){var o=p.oidname(j(e,d[0]));var r=JSON.parse(JSON.stringify(c));r.x509ExtName=o;f=r}for(var u=0;u4){return{"enum":{hex:p}}}else{return{"enum":parseInt(p,16)}}}else{if(C=="30"||C=="31"){j[c[C]]=u(x);return j}else{if(C=="14"){var o=q(p);j[c[C]]={str:o};return j}else{if(C=="1e"){var o=n(p);j[c[C]]={str:o};return j}else{if(":0c:12:13:16:17:18:1a:".indexOf(C)!=-1){var o=k(p);j[c[C]]={str:o};return j}else{if(C.match(/^8[0-9]$/)){var o=k(p);if(o==null|o==""){return{tag:{tag:C,explicit:false,hex:p}}}else{if(o.match(/[\x00-\x1F\x7F-\x9F]/)!=null||o.match(/[\u0000-\u001F\u0080–\u009F]/)!=null){return{tag:{tag:C,explicit:false,hex:p}}}else{return{tag:{tag:C,explicit:false,str:o}}}}}else{if(C.match(/^a[0-9]$/)){try{if(!a(p)){throw new Error("not encap")}return{tag:{tag:C,explicit:true,obj:f(p)}}}catch(z){return{tag:{tag:C,explicit:true,hex:p}}}}else{var A=new KJUR.asn1.ASN1Object();A.hV=p;var w=A.getLengthHexFromValue();return{asn1:{tlv:C+w+p}}}}}}}}}}}}}}}};ASN1HEX.isContextTag=function(c,b){c=c.toLowerCase();var f,e;try{f=parseInt(c,16)}catch(d){return -1}if(b===undefined){if((f&192)==128){return true}else{return false}}try{var a=b.match(/^\[[0-9]+\]$/);if(a==null){return false}e=parseInt(b.substr(1,b.length-1),10);if(e>31){return false}if(((f&192)==128)&&((f&31)==e)){return true}return false}catch(d){return false}};ASN1HEX.isASN1HEX=function(e){var d=ASN1HEX;if(e.length%2==1){return false}var c=d.getVblen(e,0);var b=e.substr(0,2);var f=d.getL(e,0);var a=e.length-b.length-f.length;if(a==c*2){return true}return false};ASN1HEX.checkStrictDER=function(g,o,d,c,r){var s=ASN1HEX;if(d===undefined){if(typeof g!="string"){throw new Error("not hex string")}g=g.toLowerCase();if(!KJUR.lang.String.isHex(g)){throw new Error("not hex string")}d=g.length;c=g.length/2;if(c<128){r=1}else{r=Math.ceil(c.toString(16))+1}}var k=s.getL(g,o);if(k.length>r*2){throw new Error("L of TLV too long: idx="+o)}var n=s.getVblen(g,o);if(n>c){throw new Error("value of L too long than hex: idx="+o)}var q=s.getTLV(g,o);var f=q.length-2-s.getL(g,o).length;if(f!==(n*2)){throw new Error("V string length and L's value not the same:"+f+"/"+(n*2))}if(o===0){if(g.length!=q.length){throw new Error("total length and TLV length unmatch:"+g.length+"!="+q.length)}}var b=g.substr(o,2);if(b==="02"){var a=s.getVidx(g,o);if(g.substr(a,2)=="00"&&g.charCodeAt(a+2)<56){throw new Error("not least zeros for DER INTEGER")}}if(parseInt(b,16)&32){var p=s.getVblen(g,o);var m=0;var l=s.getChildIdx(g,o);for(var e=0;e>6);var i=128|(a&63);return hextoutf8(j.toString(16)+i.toString(16))}var j=224|((h&240)>>4);var i=128|((h&15)<<2)|((a&192)>>6);var g=128|(a&63);return hextoutf8(j.toString(16)+i.toString(16)+g.toString(16))}var c=d.match(/.{4}/g);var b=c.map(e);return b.join("")}function encodeURIComponentAll(a){var d=encodeURIComponent(a);var b="";for(var c=0;c"7"){return"00"+a}return a}function intarystrtohex(b){b=b.replace(/^\s*\[\s*/,"");b=b.replace(/\s*\]\s*$/,"");b=b.replace(/\s*/g,"");try{var c=b.split(/,/).map(function(g,e,h){var f=parseInt(g);if(f<0||255a.length){d=a.length}for(var b=0;b0){o=o+"."+k.join(".")}return o}catch(j){return null}}var strpad=function(c,b,a){if(a==undefined){a="0"}if(c.length>=b){return c}return new Array(b-c.length+1).join(a)+c};function bitstrtoint(e){if(e.length%2!=0){return -1}e=e.toLowerCase();if(e.match(/^[0-9a-f]+$/)==null){return -1}try{var a=e.substr(0,2);if(a=="00"){return parseInt(e.substr(2),16)}var b=parseInt(a,16);if(b>7){return -1}var g=e.substr(2);var d=parseInt(g,16).toString(2);if(d=="0"){d="00000000"}d=d.slice(0,0-b);var f=parseInt(d,2);if(f==NaN){return -1}return f}catch(c){return -1}}function inttobitstr(e){if(typeof e!="number"){return null}if(e<0){return null}var c=Number(e).toString(2);var b=8-c.length%8;if(b==8){b=0}c=c+strpad("",b,"0");var d=parseInt(c,2).toString(16);if(d.length%2==1){d="0"+d}var a="0"+b;return a+d}function bitstrtobinstr(g){if(typeof g!="string"){return null}if(g.length%2!=0){return null}if(!g.match(/^[0-9a-f]+$/)){return null}try{var c=parseInt(g.substr(0,2),16);if(c<0||7=0;a--){c+=b[a]}return c}function aryval(e,c,d){if(typeof e!="object"){return undefined}var c=String(c).split(".");for(var b=0;b>6);var i=128|(a&63);return hextoutf8(j.toString(16)+i.toString(16))}var j=224|((h&240)>>4);var i=128|((h&15)<<2)|((a&192)>>6);var g=128|(a&63);return hextoutf8(j.toString(16)+i.toString(16)+g.toString(16))}var c=d.match(/.{4}/g);var b=c.map(e);return b.join("")}function encodeURIComponentAll(a){var d=encodeURIComponent(a);var b="";for(var c=0;c"7"){return"00"+a}return a}function intarystrtohex(b){b=b.replace(/^\s*\[\s*/,"");b=b.replace(/\s*\]\s*$/,"");b=b.replace(/\s*/g,"");try{var c=b.split(/,/).map(function(g,e,h){var f=parseInt(g);if(f<0||255a.length){d=a.length}for(var b=0;b0){o=o+"."+k.join(".")}return o}catch(j){return null}}var strpad=function(c,b,a){if(a==undefined){a="0"}if(c.length>=b){return c}return new Array(b-c.length+1).join(a)+c};function bitstrtoint(e){if(e.length%2!=0){return -1}e=e.toLowerCase();if(e.match(/^[0-9a-f]+$/)==null){return -1}try{var a=e.substr(0,2);if(a=="00"){return parseInt(e.substr(2),16)}var b=parseInt(a,16);if(b>7){return -1}var g=e.substr(2);var d=parseInt(g,16).toString(2);if(d=="0"){d="00000000"}d=d.slice(0,0-b);var f=parseInt(d,2);if(f==NaN){return -1}return f}catch(c){return -1}}function inttobitstr(e){if(typeof e!="number"){return null}if(e<0){return null}var c=Number(e).toString(2);var b=8-c.length%8;if(b==8){b=0}c=c+strpad("",b,"0");var d=parseInt(c,2).toString(16);if(d.length%2==1){d="0"+d}var a="0"+b;return a+d}function bitstrtobinstr(g){if(typeof g!="string"){return null}if(g.length%2!=0){return null}if(!g.match(/^[0-9a-f]+$/)){return null}try{var c=parseInt(g.substr(0,2),16);if(c<0||7=0;a--){c+=b[a]}return c}function aryval(e,c,d){if(typeof e!="object"){return undefined}var c=String(c).split(".");for(var b=0;bd){throw"key is too short for SigAlg: keylen="+j+","+a}var b="0001";var k="00"+c;var g="";var l=d-b.length-k.length;for(var f=0;f>24,(d&16711680)>>16,(d&65280)>>8,d&255]))));d+=1}return b}RSAKey.prototype.signPSS=function(e,a,d){var c=function(f){return KJUR.crypto.Util.hashHex(f,a)};var b=c(rstrtohex(e));if(d===undefined){d=-1}return this.signWithMessageHashPSS(b,a,d)};RSAKey.prototype.signWithMessageHashPSS=function(l,a,k){var b=hextorstr(l);var g=b.length;var m=this.n.bitLength()-1;var c=Math.ceil(m/8);var d;var o=function(i){return KJUR.crypto.Util.hashHex(i,a)};if(k===-1||k===undefined){k=g}else{if(k===-2){k=c-g-2}else{if(k<-2){throw new Error("invalid salt length")}}}if(c<(g+k+2)){throw new Error("data too long")}var f="";if(k>0){f=new Array(k);new SecureRandom().nextBytes(f);f=String.fromCharCode.apply(String,f)}var n=hextorstr(o(rstrtohex("\x00\x00\x00\x00\x00\x00\x00\x00"+b+f)));var j=[];for(d=0;d>(8*c-m))&255;q[0]&=~p;for(d=0;dk){return false}var j=this.doPublic(b);var i=j.toString(16);if(i.length+3!=k/4){return false}var e=i.replace(/^1f+00/,"");var g=_rsasign_getAlgNameAndHashFromHexDisgestInfo(e);if(g.length==0){return false}var d=g[0];var h=g[1];var a=function(m){return KJUR.crypto.Util.hashString(m,d)};var c=a(f);return(h==c)};RSAKey.prototype.verifyWithMessageHash=function(e,a){if(a.length!=Math.ceil(this.n.bitLength()/4)){return false}var b=parseBigInt(a,16);if(b.bitLength()>this.n.bitLength()){return 0}var h=this.doPublic(b);var g=h.toString(16).replace(/^1f+00/,"");var c=_rsasign_getAlgNameAndHashFromHexDisgestInfo(g);if(c.length==0){return false}var d=c[0];var f=c[1];return(f==e)};RSAKey.prototype.verifyPSS=function(c,b,a,f){var e=function(g){return KJUR.crypto.Util.hashHex(g,a)};var d=e(rstrtohex(c));if(f===undefined){f=-1}return this.verifyWithMessageHashPSS(d,b,a,f)};RSAKey.prototype.verifyWithMessageHashPSS=function(f,s,l,c){if(s.length!=Math.ceil(this.n.bitLength()/4)){return false}var k=new BigInteger(s,16);var r=function(i){return KJUR.crypto.Util.hashHex(i,l)};var j=hextorstr(f);var h=j.length;var g=this.n.bitLength()-1;var m=Math.ceil(g/8);var q;if(c===-1||c===undefined){c=h}else{if(c===-2){c=m-h-2}else{if(c<-2){throw new Error("invalid salt length")}}}if(m<(h+c+2)){throw new Error("data too long")}var a=this.doPublic(k).toByteArray();for(q=0;q>(8*m-g))&255;if((d.charCodeAt(0)&p)!==0){throw new Error("bits beyond keysize not zero")}var n=pss_mgf1_str(e,d.length,r);var o=[];for(q=0;q=0;){delete D[n[A]]}}}return q.call(C,B,D)};x=s({"":x},"")}return x}})(); if(typeof KJUR=="undefined"||!KJUR){KJUR={}}if(typeof KJUR.asn1=="undefined"||!KJUR.asn1){KJUR.asn1={}}KJUR.asn1.ASN1Util=new function(){this.integerToByteHex=function(a){var b=a.toString(16);if((b.length%2)==1){b="0"+b}return b};this.bigIntToMinTwosComplementsHex=function(j){var f=j.toString(16);if(f.substr(0,1)!="-"){if(f.length%2==1){f="0"+f}else{if(!f.match(/^[0-7]/)){f="00"+f}}}else{var a=f.substr(1);var e=a.length;if(e%2==1){e+=1}else{if(!f.match(/^[0-7]/)){e+=2}}var g="";for(var d=0;d15){throw new Error("ASN.1 length too long to represent by 8x: n = "+j.toString(16))}var g=128+h;return g.toString(16)+i}};this.tohex=function(){if(this.hTLV==null||this.isModified){this.hV=this.getFreshValueHex();this.hL=this.getLengthHexFromValue();this.hTLV=this.hT+this.hL+this.hV;this.isModified=false}return this.hTLV};this.getEncodedHex=function(){return this.tohex()};this.getValueHex=function(){this.tohex();return this.hV};this.getFreshValueHex=function(){return""};this.setByParam=function(g){this.params=g};if(e!=undefined){if(e.tlv!=undefined){this.hTLV=e.tlv;this.isModified=false}}};KJUR.asn1.DERAbstractString=function(c){KJUR.asn1.DERAbstractString.superclass.constructor.call(this);var b=null;var a=null;this.getString=function(){return this.s};this.setString=function(d){this.hTLV=null;this.isModified=true;this.s=d;this.hV=utf8tohex(this.s).toLowerCase()};this.setStringHex=function(d){this.hTLV=null;this.isModified=true;this.s=null;this.hV=d};this.getFreshValueHex=function(){return this.hV};if(typeof c!="undefined"){if(typeof c=="string"){this.setString(c)}else{if(typeof c.str!="undefined"){this.setString(c.str)}else{if(typeof c.hex!="undefined"){this.setStringHex(c.hex)}}}}};extendClass(KJUR.asn1.DERAbstractString,KJUR.asn1.ASN1Object);KJUR.asn1.DERAbstractTime=function(c){KJUR.asn1.DERAbstractTime.superclass.constructor.call(this);var b=null;var a=null;this.localDateToUTC=function(g){var e=g.getTime()+(g.getTimezoneOffset()*60000);var f=new Date(e);return f};this.formatDate=function(m,o,e){var g=this.zeroPadding;var n=this.localDateToUTC(m);var p=String(n.getFullYear());if(o=="utc"){p=p.substr(2,2)}var l=g(String(n.getMonth()+1),2);var q=g(String(n.getDate()),2);var h=g(String(n.getHours()),2);var i=g(String(n.getMinutes()),2);var j=g(String(n.getSeconds()),2);var r=p+l+q+h+i+j;if(e===true){var f=n.getMilliseconds();if(f!=0){var k=g(String(f),3);k=k.replace(/[0]+$/,"");r=r+"."+k}}return r+"Z"};this.zeroPadding=function(e,d){if(e.length>=d){return e}return new Array(d-e.length+1).join("0")+e};this.setByParam=function(d){this.hV=null;this.hTLV=null;this.params=d};this.getString=function(){return undefined};this.setString=function(d){this.hTLV=null;this.isModified=true;if(this.params==undefined){this.params={}}this.params.str=d};this.setByDate=function(d){this.hTLV=null;this.isModified=true;if(this.params==undefined){this.params={}}this.params.date=d};this.setByDateValue=function(h,j,e,d,f,g){var i=new Date(Date.UTC(h,j-1,e,d,f,g,0));this.setByDate(i)};this.getFreshValueHex=function(){return this.hV}};extendClass(KJUR.asn1.DERAbstractTime,KJUR.asn1.ASN1Object);KJUR.asn1.DERAbstractStructured=function(b){KJUR.asn1.DERAbstractString.superclass.constructor.call(this);var a=null;this.setByASN1ObjectArray=function(c){this.hTLV=null;this.isModified=true;this.asn1Array=c};this.appendASN1Object=function(c){this.hTLV=null;this.isModified=true;this.asn1Array.push(c)};this.asn1Array=new Array();if(typeof b!="undefined"){if(typeof b.array!="undefined"){this.asn1Array=b.array}}};extendClass(KJUR.asn1.DERAbstractStructured,KJUR.asn1.ASN1Object);KJUR.asn1.DERBoolean=function(a){KJUR.asn1.DERBoolean.superclass.constructor.call(this);this.hT="01";if(a==false){this.hTLV="010100"}else{this.hTLV="0101ff"}};extendClass(KJUR.asn1.DERBoolean,KJUR.asn1.ASN1Object);KJUR.asn1.DERInteger=function(b){KJUR.asn1.DERInteger.superclass.constructor.call(this);this.hT="02";this.params=null;var a=KJUR.asn1.ASN1Util.bigIntToMinTwosComplementsHex;this.setByBigInteger=function(c){this.isModified=true;this.params={bigint:c}};this.setByInteger=function(c){this.isModified=true;this.params=c};this.setValueHex=function(c){this.isModified=true;this.params={hex:c}};this.getFreshValueHex=function(){var d=this.params;var c=null;if(d==null){throw new Error("value not set")}if(typeof d=="object"&&d.hex!=undefined){this.hV=d.hex;return this.hV}if(typeof d=="number"){c=new BigInteger(String(d),10)}else{if(d["int"]!=undefined){c=new BigInteger(String(d["int"]),10)}else{if(d.bigint!=undefined){c=d.bigint}else{throw new Error("wrong parameter")}}}this.hV=a(c);return this.hV};if(b!=undefined){this.params=b}};extendClass(KJUR.asn1.DERInteger,KJUR.asn1.ASN1Object);KJUR.asn1.DERBitString=function(b){if(b!==undefined&&typeof b.obj!=="undefined"){var a=KJUR.asn1.ASN1Util.newObject(b.obj);b.hex="00"+a.tohex()}KJUR.asn1.DERBitString.superclass.constructor.call(this);this.hT="03";this.setHexValueIncludingUnusedBits=function(c){this.hTLV=null;this.isModified=true;this.hV=c};this.setUnusedBitsAndHexValue=function(c,e){if(c<0||7=f){break}}return j};ASN1HEX.getNthChildIdx=function(d,b,e){var c=ASN1HEX.getChildIdx(d,b);return c[e]};ASN1HEX.getIdxbyList=function(e,d,c,i){var g=ASN1HEX;var f,b;if(c.length==0){if(i!==undefined){if(e.substr(d,2)!==i){return -1}}return d}f=c.shift();b=g.getChildIdx(e,d);if(f>=b.length){return -1}return g.getIdxbyList(e,b[f],c,i)};ASN1HEX.getIdxbyListEx=function(f,k,b,g){var m=ASN1HEX;var d,l;if(b.length==0){if(g!==undefined){if(f.substr(k,2)!==g){return -1}}return k}d=b.shift();l=m.getChildIdx(f,k);var j=0;for(var e=0;e=d.length){return null}return e.getTLV(d,a)};ASN1HEX.getTLVbyListEx=function(d,c,b,f){var e=ASN1HEX;var a=e.getIdxbyListEx(d,c,b,f);if(a==-1){return null}return e.getTLV(d,a)};ASN1HEX.getVbyList=function(e,c,b,g,i){var f=ASN1HEX;var a,d;a=f.getIdxbyList(e,c,b,g);if(a==-1){return null}if(a>=e.length){return null}d=f.getV(e,a);if(i===true){d=d.substr(2)}return d};ASN1HEX.getVbyListEx=function(b,e,a,d,f){var j=ASN1HEX;var g,c,i;g=j.getIdxbyListEx(b,e,a,d);if(g==-1){return null}i=j.getV(b,g);if(b.substr(g,2)=="03"&&f!==false){i=i.substr(2)}return i};ASN1HEX.getInt=function(e,b,f){if(f==undefined){f=-1}try{var c=e.substr(b,2);if(c!="02"&&c!="03"){return f}var a=ASN1HEX.getV(e,b);if(c=="02"){return parseInt(a,16)}else{return bitstrtoint(a)}}catch(d){return f}};ASN1HEX.getOID=function(c,a,d){if(d==undefined){d=null}try{if(c.substr(a,2)!="06"){return d}var e=ASN1HEX.getV(c,a);return hextooid(e)}catch(b){return d}};ASN1HEX.getOIDName=function(d,a,f){if(f==undefined){f=null}try{var e=ASN1HEX.getOID(d,a,f);if(e==f){return f}var b=KJUR.asn1.x509.OID.oid2name(e);if(b==""){return e}return b}catch(c){return f}};ASN1HEX.getString=function(d,b,e){if(e==undefined){e=null}try{var a=ASN1HEX.getV(d,b);return hextorstr(a)}catch(c){return e}};ASN1HEX.hextooidstr=function(e){var h=function(b,a){if(b.length>=a){return b}return new Array(a-b.length+1).join("0")+b};var l=[];var o=e.substr(0,2);var f=parseInt(o,16);l[0]=new String(Math.floor(f/40));l[1]=new String(f%40);var m=e.substr(2);var k=[];for(var g=0;g0){n=n+"."+j.join(".")}return n};ASN1HEX.dump=function(t,c,l,g){var p=ASN1HEX;var j=p.getV;var y=p.dump;var w=p.getChildIdx;var e=t;if(t instanceof KJUR.asn1.ASN1Object){e=t.tohex()}var q=function(A,i){if(A.length<=i*2){return A}else{var v=A.substr(0,i)+"..(total "+A.length/2+"bytes).."+A.substr(A.length-i,i);return v}};if(c===undefined){c={ommit_long_octet:32}}if(l===undefined){l=0}if(g===undefined){g=""}var x=c.ommit_long_octet;var z=e.substr(l,2);if(z=="01"){var h=j(e,l);if(h=="00"){return g+"BOOLEAN FALSE\n"}else{return g+"BOOLEAN TRUE\n"}}if(z=="02"){var h=j(e,l);return g+"INTEGER "+q(h,x)+"\n"}if(z=="03"){var h=j(e,l);if(p.isASN1HEX(h.substr(2))){var k=g+"BITSTRING, encapsulates\n";k=k+y(h.substr(2),c,0,g+" ");return k}else{return g+"BITSTRING "+q(h,x)+"\n"}}if(z=="04"){var h=j(e,l);if(p.isASN1HEX(h)){var k=g+"OCTETSTRING, encapsulates\n";k=k+y(h,c,0,g+" ");return k}else{return g+"OCTETSTRING "+q(h,x)+"\n"}}if(z=="05"){return g+"NULL\n"}if(z=="06"){var m=j(e,l);var b=KJUR.asn1.ASN1Util.oidHexToInt(m);var o=KJUR.asn1.x509.OID.oid2name(b);var a=b.replace(/\./g," ");if(o!=""){return g+"ObjectIdentifier "+o+" ("+a+")\n"}else{return g+"ObjectIdentifier ("+a+")\n"}}if(z=="0a"){return g+"ENUMERATED "+parseInt(j(e,l))+"\n"}if(z=="0c"){return g+"UTF8String '"+hextoutf8(j(e,l))+"'\n"}if(z=="13"){return g+"PrintableString '"+hextoutf8(j(e,l))+"'\n"}if(z=="14"){return g+"TeletexString '"+hextoutf8(j(e,l))+"'\n"}if(z=="16"){return g+"IA5String '"+hextoutf8(j(e,l))+"'\n"}if(z=="17"){return g+"UTCTime "+hextoutf8(j(e,l))+"\n"}if(z=="18"){return g+"GeneralizedTime "+hextoutf8(j(e,l))+"\n"}if(z=="1a"){return g+"VisualString '"+hextoutf8(j(e,l))+"'\n"}if(z=="1e"){return g+"BMPString '"+ucs2hextoutf8(j(e,l))+"'\n"}if(z=="30"){if(e.substr(l,4)=="3000"){return g+"SEQUENCE {}\n"}var k=g+"SEQUENCE\n";var d=w(e,l);var f=c;if((d.length==2||d.length==3)&&e.substr(d[0],2)=="06"&&e.substr(d[d.length-1],2)=="04"){var o=p.oidname(j(e,d[0]));var r=JSON.parse(JSON.stringify(c));r.x509ExtName=o;f=r}for(var u=0;u4){return{"enum":{hex:p}}}else{return{"enum":parseInt(p,16)}}}else{if(C=="30"||C=="31"){j[c[C]]=u(x);return j}else{if(C=="14"){var o=q(p);j[c[C]]={str:o};return j}else{if(C=="1e"){var o=n(p);j[c[C]]={str:o};return j}else{if(":0c:12:13:16:17:18:1a:".indexOf(C)!=-1){var o=k(p);j[c[C]]={str:o};return j}else{if(C.match(/^8[0-9]$/)){var o=k(p);if(o==null|o==""){return{tag:{tag:C,explicit:false,hex:p}}}else{if(o.match(/[\x00-\x1F\x7F-\x9F]/)!=null||o.match(/[\u0000-\u001F\u0080–\u009F]/)!=null){return{tag:{tag:C,explicit:false,hex:p}}}else{return{tag:{tag:C,explicit:false,str:o}}}}}else{if(C.match(/^a[0-9]$/)){try{if(!a(p)){throw new Error("not encap")}return{tag:{tag:C,explicit:true,obj:f(p)}}}catch(z){return{tag:{tag:C,explicit:true,hex:p}}}}else{var A=new KJUR.asn1.ASN1Object();A.hV=p;var w=A.getLengthHexFromValue();return{asn1:{tlv:C+w+p}}}}}}}}}}}}}}}};ASN1HEX.isContextTag=function(c,b){c=c.toLowerCase();var f,e;try{f=parseInt(c,16)}catch(d){return -1}if(b===undefined){if((f&192)==128){return true}else{return false}}try{var a=b.match(/^\[[0-9]+\]$/);if(a==null){return false}e=parseInt(b.substr(1,b.length-1),10);if(e>31){return false}if(((f&192)==128)&&((f&31)==e)){return true}return false}catch(d){return false}};ASN1HEX.isASN1HEX=function(e){var d=ASN1HEX;if(e.length%2==1){return false}var c=d.getVblen(e,0);var b=e.substr(0,2);var f=d.getL(e,0);var a=e.length-b.length-f.length;if(a==c*2){return true}return false};ASN1HEX.checkStrictDER=function(g,o,d,c,r){var s=ASN1HEX;if(d===undefined){if(typeof g!="string"){throw new Error("not hex string")}g=g.toLowerCase();if(!KJUR.lang.String.isHex(g)){throw new Error("not hex string")}d=g.length;c=g.length/2;if(c<128){r=1}else{r=Math.ceil(c.toString(16))+1}}var k=s.getL(g,o);if(k.length>r*2){throw new Error("L of TLV too long: idx="+o)}var n=s.getVblen(g,o);if(n>c){throw new Error("value of L too long than hex: idx="+o)}var q=s.getTLV(g,o);var f=q.length-2-s.getL(g,o).length;if(f!==(n*2)){throw new Error("V string length and L's value not the same:"+f+"/"+(n*2))}if(o===0){if(g.length!=q.length){throw new Error("total length and TLV length unmatch:"+g.length+"!="+q.length)}}var b=g.substr(o,2);if(b==="02"){var a=s.getVidx(g,o);if(g.substr(a,2)=="00"&&g.charCodeAt(a+2)<56){throw new Error("not least zeros for DER INTEGER")}}if(parseInt(b,16)&32){var p=s.getVblen(g,o);var m=0;var l=s.getChildIdx(g,o);for(var e=0;e0){n.push(new c({tag:"a3",obj:new j(q.ext)}))}var o=new KJUR.asn1.DERSequence({array:n});return o.tohex()};this.getEncodedHex=function(){return this.tohex()};if(f!==undefined){this.setByParam(f)}};extendClass(KJUR.asn1.x509.TBSCertificate,KJUR.asn1.ASN1Object);KJUR.asn1.x509.Extensions=function(d){KJUR.asn1.x509.Extensions.superclass.constructor.call(this);var c=KJUR,b=c.asn1,a=b.DERSequence,e=b.x509;this.aParam=[];this.setByParam=function(f){this.aParam=f};this.tohex=function(){var f=[];for(var h=0;h-1){i.push(new f({"int":this.pathLen}))}var h=new b({array:i});this.asn1ExtnValue=h;return this.asn1ExtnValue.tohex()};this.oid="2.5.29.19";this.cA=false;this.pathLen=-1;if(g!==undefined){if(g.cA!==undefined){this.cA=g.cA}if(g.pathLen!==undefined){this.pathLen=g.pathLen}}};extendClass(KJUR.asn1.x509.BasicConstraints,KJUR.asn1.x509.Extension);KJUR.asn1.x509.CRLDistributionPoints=function(d){KJUR.asn1.x509.CRLDistributionPoints.superclass.constructor.call(this,d);var b=KJUR,a=b.asn1,c=a.x509;this.getExtnValueHex=function(){return this.asn1ExtnValue.tohex()};this.setByDPArray=function(e){var f=[];for(var g=0;g0){f.push(new b({array:j}))}}var g=new b({array:f});return g.tohex()};this.getEncodedHex=function(){return this.tohex()};if(d!==undefined){this.params=d}};extendClass(KJUR.asn1.x509.PolicyInformation,KJUR.asn1.ASN1Object);KJUR.asn1.x509.PolicyQualifierInfo=function(e){KJUR.asn1.x509.PolicyQualifierInfo.superclass.constructor.call(this,e);var c=KJUR.asn1,b=c.DERSequence,d=c.DERIA5String,f=c.DERObjectIdentifier,a=c.x509.UserNotice;this.params=null;this.tohex=function(){if(this.params.cps!==undefined){var g=new b({array:[new f({oid:"1.3.6.1.5.5.7.2.1"}),new d({str:this.params.cps})]});return g.tohex()}if(this.params.unotice!=undefined){var g=new b({array:[new f({oid:"1.3.6.1.5.5.7.2.2"}),new a(this.params.unotice)]});return g.tohex()}};this.getEncodedHex=function(){return this.tohex()};if(e!==undefined){this.params=e}};extendClass(KJUR.asn1.x509.PolicyQualifierInfo,KJUR.asn1.ASN1Object);KJUR.asn1.x509.UserNotice=function(e){KJUR.asn1.x509.UserNotice.superclass.constructor.call(this,e);var a=KJUR.asn1.DERSequence,d=KJUR.asn1.DERInteger,c=KJUR.asn1.x509.DisplayText,b=KJUR.asn1.x509.NoticeReference;this.params=null;this.tohex=function(){var f=[];if(this.params.noticeref!==undefined){f.push(new b(this.params.noticeref))}if(this.params.exptext!==undefined){f.push(new c(this.params.exptext))}var g=new a({array:f});return g.tohex()};this.getEncodedHex=function(){return this.tohex()};if(e!==undefined){this.params=e}};extendClass(KJUR.asn1.x509.UserNotice,KJUR.asn1.ASN1Object);KJUR.asn1.x509.NoticeReference=function(d){KJUR.asn1.x509.NoticeReference.superclass.constructor.call(this,d);var a=KJUR.asn1.DERSequence,c=KJUR.asn1.DERInteger,b=KJUR.asn1.x509.DisplayText;this.params=null;this.tohex=function(){var f=[];if(this.params.org!==undefined){f.push(new b(this.params.org))}if(this.params.noticenum!==undefined){var h=[];var e=this.params.noticenum;for(var j=0;j0){for(var g=0;g0;f++){var h=c.shift();if(e===true){var d=b.pop();var j=(d+","+h).replace(/\\,/g,",");b.push(j);e=false}else{b.push(h)}if(h.substr(-1,1)==="\\"){e=true}}b=b.map(function(a){return a.replace("/","\\/")});b.reverse();return"/"+b.join("/")};KJUR.asn1.x509.X500Name.ldapToOneline=function(a){return KJUR.asn1.x509.X500Name.ldapToCompat(a)};KJUR.asn1.x509.RDN=function(b){KJUR.asn1.x509.RDN.superclass.constructor.call(this);this.asn1Array=[];this.paramArray=[];this.sRule="utf8";var a=KJUR.asn1.x509.AttributeTypeAndValue;this.setByParam=function(c){if(c.rule!==undefined){this.sRule=c.rule}if(c.str!==undefined){this.addByMultiValuedString(c.str)}if(c.array!==undefined){this.paramArray=c.array}};this.addByString=function(c){this.asn1Array.push(new KJUR.asn1.x509.AttributeTypeAndValue({str:c,rule:this.sRule}))};this.addByMultiValuedString=function(e){var c=KJUR.asn1.x509.RDN.parseString(e);for(var d=0;d0){for(var d=0;d0;g++){var k=j.shift();if(h===true){var f=c.pop();var d=(f+"+"+k).replace(/\\\+/g,"+");c.push(d);h=false}else{c.push(k)}if(k.substr(-1,1)==="\\"){h=true}}var l=false;var b=[];for(var g=0;c.length>0;g++){var k=c.shift();if(l===true){var e=b.pop();if(k.match(/"$/)){var d=(e+"+"+k).replace(/^([^=]+)="(.*)"$/,"$1=$2");b.push(d);l=false}else{b.push(e+"+"+k)}}else{b.push(k)}if(k.match(/^[^=]+="/)){l=true}}return b};KJUR.asn1.x509.AttributeTypeAndValue=function(c){KJUR.asn1.x509.AttributeTypeAndValue.superclass.constructor.call(this);this.sRule="utf8";this.sType=null;this.sValue=null;this.dsType=null;var a=KJUR,g=a.asn1,d=g.DERSequence,l=g.DERUTF8String,i=g.DERPrintableString,h=g.DERTeletexString,b=g.DERIA5String,e=g.DERVisibleString,k=g.DERBMPString,f=a.lang.String.isMail,j=a.lang.String.isPrintable;this.setByParam=function(o){if(o.rule!==undefined){this.sRule=o.rule}if(o.ds!==undefined){this.dsType=o.ds}if(o.value===undefined&&o.str!==undefined){var n=o.str;var m=n.match(/^([^=]+)=(.+)$/);if(m){this.sType=m[1];this.sValue=m[2]}else{throw new Error("malformed attrTypeAndValueStr: "+attrTypeAndValueStr)}}else{this.sType=o.type;this.sValue=o.value}};this.setByString=function(n,o){if(o!==undefined){this.sRule=o}var m=n.match(/^([^=]+)=(.+)$/);if(m){this.setByAttrTypeAndValueStr(m[1],m[2])}else{throw new Error("malformed attrTypeAndValueStr: "+attrTypeAndValueStr)}};this._getDsType=function(){var o=this.sType;var n=this.sValue;var m=this.sRule;if(m==="prn"){if(o=="CN"&&f(n)){return"ia5"}if(j(n)){return"prn"}return"utf8"}else{if(m==="utf8"){if(o=="CN"&&f(n)){return"ia5"}if(o=="C"){return"prn"}return"utf8"}}return"utf8"};this.setByAttrTypeAndValueStr=function(o,n,m){if(m!==undefined){this.sRule=m}this.sType=o;this.sValue=n};this.getValueObj=function(n,m){if(n=="utf8"){return new l({str:m})}if(n=="prn"){return new i({str:m})}if(n=="tel"){return new h({str:m})}if(n=="ia5"){return new b({str:m})}if(n=="vis"){return new e({str:m})}if(n=="bmp"){return new k({str:m})}throw new Error("unsupported directory string type: type="+n+" value="+m)};this.tohex=function(){if(this.dsType==null){this.dsType=this._getDsType()}var n=KJUR.asn1.x509.OID.atype2obj(this.sType);var m=this.getValueObj(this.dsType,this.sValue);var p=new d({array:[n,m]});this.TLV=p.tohex();return this.TLV};this.getEncodedHex=function(){return this.tohex()};if(c!==undefined){this.setByParam(c)}};extendClass(KJUR.asn1.x509.AttributeTypeAndValue,KJUR.asn1.ASN1Object);KJUR.asn1.x509.SubjectPublicKeyInfo=function(f){KJUR.asn1.x509.SubjectPublicKeyInfo.superclass.constructor.call(this);var l=null,k=null,a=KJUR,j=a.asn1,i=j.DERInteger,b=j.DERBitString,m=j.DERObjectIdentifier,e=j.DERSequence,h=j.ASN1Util.newObject,d=j.x509,o=d.AlgorithmIdentifier,g=a.crypto,n=g.ECDSA,c=g.DSA;this.getASN1Object=function(){if(this.asn1AlgId==null||this.asn1SubjPKey==null){throw"algId and/or subjPubKey not set"}var p=new e({array:[this.asn1AlgId,this.asn1SubjPKey]});return p};this.tohex=function(){var p=this.getASN1Object();this.hTLV=p.tohex();return this.hTLV};this.getEncodedHex=function(){return this.tohex()};this.setPubKey=function(q){try{if(q instanceof RSAKey){var u=h({seq:[{"int":{bigint:q.n}},{"int":{"int":q.e}}]});var s=u.tohex();this.asn1AlgId=new o({name:"rsaEncryption"});this.asn1SubjPKey=new b({hex:"00"+s})}}catch(p){}try{if(q instanceof KJUR.crypto.ECDSA){var r=new m({name:q.curveName});this.asn1AlgId=new o({name:"ecPublicKey",asn1params:r});this.asn1SubjPKey=new b({hex:"00"+q.pubKeyHex})}}catch(p){}try{if(q instanceof KJUR.crypto.DSA){var r=new h({seq:[{"int":{bigint:q.p}},{"int":{bigint:q.q}},{"int":{bigint:q.g}}]});this.asn1AlgId=new o({name:"dsa",asn1params:r});var t=new i({bigint:q.y});this.asn1SubjPKey=new b({hex:"00"+t.tohex()})}}catch(p){}};if(f!==undefined){this.setPubKey(f)}};extendClass(KJUR.asn1.x509.SubjectPublicKeyInfo,KJUR.asn1.ASN1Object);KJUR.asn1.x509.Time=function(f){KJUR.asn1.x509.Time.superclass.constructor.call(this);var e=null,a=null,d=KJUR,c=d.asn1,b=c.DERUTCTime,g=c.DERGeneralizedTime;this.params=null;this.type=null;this.setTimeParams=function(h){this.timeParams=h};this.setByParam=function(h){this.params=h};this.getType=function(h){if(h.match(/^[0-9]{12}Z$/)){return"utc"}if(h.match(/^[0-9]{14}Z$/)){return"gen"}if(h.match(/^[0-9]{12}\.[0-9]+Z$/)){return"utc"}if(h.match(/^[0-9]{14}\.[0-9]+Z$/)){return"gen"}return null};this.tohex=function(){var i=this.params;var h=null;if(typeof i=="string"){i={str:i}}if(i!=null&&i.str&&(i.type==null||i.type==undefined)){i.type=this.getType(i.str)}if(i!=null&&i.str){if(i.type=="utc"){h=new b(i.str)}if(i.type=="gen"){h=new g(i.str)}}else{if(this.type=="gen"){h=new g()}else{h=new b()}}if(h==null){throw new Error("wrong setting for Time")}this.TLV=h.tohex();return this.TLV};this.getEncodedHex=function(){return this.tohex()};if(f!=undefined){this.setByParam(f)}};KJUR.asn1.x509.Time_bak=function(f){KJUR.asn1.x509.Time_bak.superclass.constructor.call(this);var e=null,a=null,d=KJUR,c=d.asn1,b=c.DERUTCTime,g=c.DERGeneralizedTime;this.setTimeParams=function(h){this.timeParams=h};this.tohex=function(){var h=null;if(this.timeParams!=null){if(this.type=="utc"){h=new b(this.timeParams)}else{h=new g(this.timeParams)}}else{if(this.type=="utc"){h=new b()}else{h=new g()}}this.TLV=h.tohex();return this.TLV};this.getEncodedHex=function(){return this.tohex()};this.type="utc";if(f!==undefined){if(f.type!==undefined){this.type=f.type}else{if(f.str!==undefined){if(f.str.match(/^[0-9]{12}Z$/)){this.type="utc"}if(f.str.match(/^[0-9]{14}Z$/)){this.type="gen"}}}this.timeParams=f}};extendClass(KJUR.asn1.x509.Time,KJUR.asn1.ASN1Object);KJUR.asn1.x509.AlgorithmIdentifier=function(e){KJUR.asn1.x509.AlgorithmIdentifier.superclass.constructor.call(this);this.nameAlg=null;this.asn1Alg=null;this.asn1Params=null;this.paramEmpty=false;var b=KJUR,a=b.asn1,c=a.x509.AlgorithmIdentifier.PSSNAME2ASN1TLV;this.tohex=function(){if(this.nameAlg===null&&this.asn1Alg===null){throw new Error("algorithm not specified")}if(this.nameAlg!==null){var f=null;for(var h in c){if(h===this.nameAlg){f=c[h]}}if(f!==null){this.hTLV=f;return this.hTLV}}if(this.nameAlg!==null&&this.asn1Alg===null){this.asn1Alg=a.x509.OID.name2obj(this.nameAlg)}var g=[this.asn1Alg];if(this.asn1Params!==null){g.push(this.asn1Params)}var i=new a.DERSequence({array:g});this.hTLV=i.tohex();return this.hTLV};this.getEncodedHex=function(){return this.tohex()};if(e!==undefined){if(e.name!==undefined){this.nameAlg=e.name}if(e.asn1params!==undefined){this.asn1Params=e.asn1params}if(e.paramempty!==undefined){this.paramEmpty=e.paramempty}}if(this.asn1Params===null&&this.paramEmpty===false&&this.nameAlg!==null){if(this.nameAlg.name!==undefined){this.nameAlg=this.nameAlg.name}var d=this.nameAlg.toLowerCase();if(d.substr(-7,7)!=="withdsa"&&d.substr(-9,9)!=="withecdsa"){this.asn1Params=new a.DERNull()}}};extendClass(KJUR.asn1.x509.AlgorithmIdentifier,KJUR.asn1.ASN1Object);KJUR.asn1.x509.AlgorithmIdentifier.PSSNAME2ASN1TLV={SHAwithRSAandMGF1:"300d06092a864886f70d01010a3000",SHA256withRSAandMGF1:"303d06092a864886f70d01010a3030a00d300b0609608648016503040201a11a301806092a864886f70d010108300b0609608648016503040201a203020120",SHA384withRSAandMGF1:"303d06092a864886f70d01010a3030a00d300b0609608648016503040202a11a301806092a864886f70d010108300b0609608648016503040202a203020130",SHA512withRSAandMGF1:"303d06092a864886f70d01010a3030a00d300b0609608648016503040203a11a301806092a864886f70d010108300b0609608648016503040203a203020140"};KJUR.asn1.x509.GeneralName=function(f){KJUR.asn1.x509.GeneralName.superclass.constructor.call(this);var l={rfc822:"81",dns:"82",dn:"a4",uri:"86",ip:"87",otherName:"a0"},b=KJUR,h=b.asn1,d=h.x509,a=d.X500Name,g=d.OtherName,e=h.DERIA5String,i=h.DERPrintableString,k=h.DEROctetString,c=h.DERTaggedObject,m=h.ASN1Object,j=Error;this.params=null;this.setByParam=function(n){this.params=n};this.tohex=function(){var p=this.params;var A,y,q;var y=false;if(p.other!==undefined){A="a0",q=new g(p.other)}else{if(p.rfc822!==undefined){A="81";q=new e({str:p.rfc822})}else{if(p.dns!==undefined){A="82";q=new e({str:p.dns})}else{if(p.dn!==undefined){A="a4";y=true;if(typeof p.dn==="string"){q=new a({str:p.dn})}else{if(p.dn instanceof KJUR.asn1.x509.X500Name){q=p.dn}else{q=new a(p.dn)}}}else{if(p.ldapdn!==undefined){A="a4";y=true;q=new a({ldapstr:p.ldapdn})}else{if(p.certissuer!==undefined||p.certsubj!==undefined){A="a4";y=true;var n,o;var z=null;if(p.certsubj!==undefined){n=false;o=p.certsubj}else{n=true;o=p.certissuer}if(o.match(/^[0-9A-Fa-f]+$/)){z==o}if(o.indexOf("-----BEGIN ")!=-1){z=pemtohex(o)}if(z==null){throw new Error("certsubj/certissuer not cert")}var w=new X509();w.hex=z;var s;if(n){s=w.getIssuerHex()}else{s=w.getSubjectHex()}q=new m();q.hTLV=s}else{if(p.uri!==undefined){A="86";q=new e({str:p.uri})}else{if(p.ip!==undefined){A="87";var v;var t=p.ip;try{if(t.match(/^[0-9a-f]+$/)){var r=t.length;if(r==8||r==16||r==32||r==64){v=t}else{throw"err"}}else{v=iptohex(t)}}catch(u){throw new j("malformed IP address: "+p.ip+":"+u.message)}q=new k({hex:v})}else{throw new j("improper params")}}}}}}}}var B=new c({tag:A,explicit:y,obj:q});return B.tohex()};this.getEncodedHex=function(){return this.tohex()};if(f!==undefined){this.setByParam(f)}};extendClass(KJUR.asn1.x509.GeneralName,KJUR.asn1.ASN1Object);KJUR.asn1.x509.GeneralNames=function(d){KJUR.asn1.x509.GeneralNames.superclass.constructor.call(this);var a=null,c=KJUR,b=c.asn1;this.setByParamArray=function(g){for(var e=0;e0){n.push(new c({tag:"a3",obj:new j(q.ext)}))}var o=new KJUR.asn1.DERSequence({array:n});return o.tohex()};this.getEncodedHex=function(){return this.tohex()};if(f!==undefined){this.setByParam(f)}};extendClass(KJUR.asn1.x509.TBSCertificate,KJUR.asn1.ASN1Object);KJUR.asn1.x509.Extensions=function(d){KJUR.asn1.x509.Extensions.superclass.constructor.call(this);var c=KJUR,b=c.asn1,a=b.DERSequence,e=b.x509;this.aParam=[];this.setByParam=function(f){this.aParam=f};this.tohex=function(){var f=[];for(var h=0;h-1){i.push(new f({"int":this.pathLen}))}var h=new b({array:i});this.asn1ExtnValue=h;return this.asn1ExtnValue.tohex()};this.oid="2.5.29.19";this.cA=false;this.pathLen=-1;if(g!==undefined){if(g.cA!==undefined){this.cA=g.cA}if(g.pathLen!==undefined){this.pathLen=g.pathLen}}};extendClass(KJUR.asn1.x509.BasicConstraints,KJUR.asn1.x509.Extension);KJUR.asn1.x509.CRLDistributionPoints=function(d){KJUR.asn1.x509.CRLDistributionPoints.superclass.constructor.call(this,d);var b=KJUR,a=b.asn1,c=a.x509;this.getExtnValueHex=function(){return this.asn1ExtnValue.tohex()};this.setByDPArray=function(e){var f=[];for(var g=0;g0){f.push(new b({array:j}))}}var g=new b({array:f});return g.tohex()};this.getEncodedHex=function(){return this.tohex()};if(d!==undefined){this.params=d}};extendClass(KJUR.asn1.x509.PolicyInformation,KJUR.asn1.ASN1Object);KJUR.asn1.x509.PolicyQualifierInfo=function(e){KJUR.asn1.x509.PolicyQualifierInfo.superclass.constructor.call(this,e);var c=KJUR.asn1,b=c.DERSequence,d=c.DERIA5String,f=c.DERObjectIdentifier,a=c.x509.UserNotice;this.params=null;this.tohex=function(){if(this.params.cps!==undefined){var g=new b({array:[new f({oid:"1.3.6.1.5.5.7.2.1"}),new d({str:this.params.cps})]});return g.tohex()}if(this.params.unotice!=undefined){var g=new b({array:[new f({oid:"1.3.6.1.5.5.7.2.2"}),new a(this.params.unotice)]});return g.tohex()}};this.getEncodedHex=function(){return this.tohex()};if(e!==undefined){this.params=e}};extendClass(KJUR.asn1.x509.PolicyQualifierInfo,KJUR.asn1.ASN1Object);KJUR.asn1.x509.UserNotice=function(e){KJUR.asn1.x509.UserNotice.superclass.constructor.call(this,e);var a=KJUR.asn1.DERSequence,d=KJUR.asn1.DERInteger,c=KJUR.asn1.x509.DisplayText,b=KJUR.asn1.x509.NoticeReference;this.params=null;this.tohex=function(){var f=[];if(this.params.noticeref!==undefined){f.push(new b(this.params.noticeref))}if(this.params.exptext!==undefined){f.push(new c(this.params.exptext))}var g=new a({array:f});return g.tohex()};this.getEncodedHex=function(){return this.tohex()};if(e!==undefined){this.params=e}};extendClass(KJUR.asn1.x509.UserNotice,KJUR.asn1.ASN1Object);KJUR.asn1.x509.NoticeReference=function(d){KJUR.asn1.x509.NoticeReference.superclass.constructor.call(this,d);var a=KJUR.asn1.DERSequence,c=KJUR.asn1.DERInteger,b=KJUR.asn1.x509.DisplayText;this.params=null;this.tohex=function(){var f=[];if(this.params.org!==undefined){f.push(new b(this.params.org))}if(this.params.noticenum!==undefined){var h=[];var e=this.params.noticenum;for(var j=0;j0){for(var g=0;g0;f++){var h=c.shift();if(e===true){var d=b.pop();var j=(d+","+h).replace(/\\,/g,",");b.push(j);e=false}else{b.push(h)}if(h.substr(-1,1)==="\\"){e=true}}b=b.map(function(a){return a.replace("/","\\/")});b.reverse();return"/"+b.join("/")};KJUR.asn1.x509.X500Name.ldapToOneline=function(a){return KJUR.asn1.x509.X500Name.ldapToCompat(a)};KJUR.asn1.x509.RDN=function(b){KJUR.asn1.x509.RDN.superclass.constructor.call(this);this.asn1Array=[];this.paramArray=[];this.sRule="utf8";var a=KJUR.asn1.x509.AttributeTypeAndValue;this.setByParam=function(c){if(c.rule!==undefined){this.sRule=c.rule}if(c.str!==undefined){this.addByMultiValuedString(c.str)}if(c.array!==undefined){this.paramArray=c.array}};this.addByString=function(c){this.asn1Array.push(new KJUR.asn1.x509.AttributeTypeAndValue({str:c,rule:this.sRule}))};this.addByMultiValuedString=function(e){var c=KJUR.asn1.x509.RDN.parseString(e);for(var d=0;d0){for(var d=0;d0;g++){var k=j.shift();if(h===true){var f=c.pop();var d=(f+"+"+k).replace(/\\\+/g,"+");c.push(d);h=false}else{c.push(k)}if(k.substr(-1,1)==="\\"){h=true}}var l=false;var b=[];for(var g=0;c.length>0;g++){var k=c.shift();if(l===true){var e=b.pop();if(k.match(/"$/)){var d=(e+"+"+k).replace(/^([^=]+)="(.*)"$/,"$1=$2");b.push(d);l=false}else{b.push(e+"+"+k)}}else{b.push(k)}if(k.match(/^[^=]+="/)){l=true}}return b};KJUR.asn1.x509.AttributeTypeAndValue=function(c){KJUR.asn1.x509.AttributeTypeAndValue.superclass.constructor.call(this);this.sRule="utf8";this.sType=null;this.sValue=null;this.dsType=null;var a=KJUR,g=a.asn1,d=g.DERSequence,l=g.DERUTF8String,i=g.DERPrintableString,h=g.DERTeletexString,b=g.DERIA5String,e=g.DERVisibleString,k=g.DERBMPString,f=a.lang.String.isMail,j=a.lang.String.isPrintable;this.setByParam=function(o){if(o.rule!==undefined){this.sRule=o.rule}if(o.ds!==undefined){this.dsType=o.ds}if(o.value===undefined&&o.str!==undefined){var n=o.str;var m=n.match(/^([^=]+)=(.+)$/);if(m){this.sType=m[1];this.sValue=m[2]}else{throw new Error("malformed attrTypeAndValueStr: "+attrTypeAndValueStr)}}else{this.sType=o.type;this.sValue=o.value}};this.setByString=function(n,o){if(o!==undefined){this.sRule=o}var m=n.match(/^([^=]+)=(.+)$/);if(m){this.setByAttrTypeAndValueStr(m[1],m[2])}else{throw new Error("malformed attrTypeAndValueStr: "+attrTypeAndValueStr)}};this._getDsType=function(){var o=this.sType;var n=this.sValue;var m=this.sRule;if(m==="prn"){if(o=="CN"&&f(n)){return"ia5"}if(j(n)){return"prn"}return"utf8"}else{if(m==="utf8"){if(o=="CN"&&f(n)){return"ia5"}if(o=="C"){return"prn"}return"utf8"}}return"utf8"};this.setByAttrTypeAndValueStr=function(o,n,m){if(m!==undefined){this.sRule=m}this.sType=o;this.sValue=n};this.getValueObj=function(n,m){if(n=="utf8"){return new l({str:m})}if(n=="prn"){return new i({str:m})}if(n=="tel"){return new h({str:m})}if(n=="ia5"){return new b({str:m})}if(n=="vis"){return new e({str:m})}if(n=="bmp"){return new k({str:m})}throw new Error("unsupported directory string type: type="+n+" value="+m)};this.tohex=function(){if(this.dsType==null){this.dsType=this._getDsType()}var n=KJUR.asn1.x509.OID.atype2obj(this.sType);var m=this.getValueObj(this.dsType,this.sValue);var p=new d({array:[n,m]});this.TLV=p.tohex();return this.TLV};this.getEncodedHex=function(){return this.tohex()};if(c!==undefined){this.setByParam(c)}};extendClass(KJUR.asn1.x509.AttributeTypeAndValue,KJUR.asn1.ASN1Object);KJUR.asn1.x509.SubjectPublicKeyInfo=function(f){KJUR.asn1.x509.SubjectPublicKeyInfo.superclass.constructor.call(this);var l=null,k=null,a=KJUR,j=a.asn1,i=j.DERInteger,b=j.DERBitString,m=j.DERObjectIdentifier,e=j.DERSequence,h=j.ASN1Util.newObject,d=j.x509,o=d.AlgorithmIdentifier,g=a.crypto,n=g.ECDSA,c=g.DSA;this.getASN1Object=function(){if(this.asn1AlgId==null||this.asn1SubjPKey==null){throw"algId and/or subjPubKey not set"}var p=new e({array:[this.asn1AlgId,this.asn1SubjPKey]});return p};this.tohex=function(){var p=this.getASN1Object();this.hTLV=p.tohex();return this.hTLV};this.getEncodedHex=function(){return this.tohex()};this.setPubKey=function(q){try{if(q instanceof RSAKey){var u=h({seq:[{"int":{bigint:q.n}},{"int":{"int":q.e}}]});var s=u.tohex();this.asn1AlgId=new o({name:"rsaEncryption"});this.asn1SubjPKey=new b({hex:"00"+s})}}catch(p){}try{if(q instanceof KJUR.crypto.ECDSA){var r=new m({name:q.curveName});this.asn1AlgId=new o({name:"ecPublicKey",asn1params:r});this.asn1SubjPKey=new b({hex:"00"+q.pubKeyHex})}}catch(p){}try{if(q instanceof KJUR.crypto.DSA){var r=new h({seq:[{"int":{bigint:q.p}},{"int":{bigint:q.q}},{"int":{bigint:q.g}}]});this.asn1AlgId=new o({name:"dsa",asn1params:r});var t=new i({bigint:q.y});this.asn1SubjPKey=new b({hex:"00"+t.tohex()})}}catch(p){}};if(f!==undefined){this.setPubKey(f)}};extendClass(KJUR.asn1.x509.SubjectPublicKeyInfo,KJUR.asn1.ASN1Object);KJUR.asn1.x509.Time=function(f){KJUR.asn1.x509.Time.superclass.constructor.call(this);var e=null,a=null,d=KJUR,c=d.asn1,b=c.DERUTCTime,g=c.DERGeneralizedTime;this.params=null;this.type=null;this.setTimeParams=function(h){this.timeParams=h};this.setByParam=function(h){this.params=h};this.getType=function(h){if(h.match(/^[0-9]{12}Z$/)){return"utc"}if(h.match(/^[0-9]{14}Z$/)){return"gen"}if(h.match(/^[0-9]{12}\.[0-9]+Z$/)){return"utc"}if(h.match(/^[0-9]{14}\.[0-9]+Z$/)){return"gen"}return null};this.tohex=function(){var i=this.params;var h=null;if(typeof i=="string"){i={str:i}}if(i!=null&&i.str&&(i.type==null||i.type==undefined)){i.type=this.getType(i.str)}if(i!=null&&i.str){if(i.type=="utc"){h=new b(i.str)}if(i.type=="gen"){h=new g(i.str)}}else{if(this.type=="gen"){h=new g()}else{h=new b()}}if(h==null){throw new Error("wrong setting for Time")}this.TLV=h.tohex();return this.TLV};this.getEncodedHex=function(){return this.tohex()};if(f!=undefined){this.setByParam(f)}};KJUR.asn1.x509.Time_bak=function(f){KJUR.asn1.x509.Time_bak.superclass.constructor.call(this);var e=null,a=null,d=KJUR,c=d.asn1,b=c.DERUTCTime,g=c.DERGeneralizedTime;this.setTimeParams=function(h){this.timeParams=h};this.tohex=function(){var h=null;if(this.timeParams!=null){if(this.type=="utc"){h=new b(this.timeParams)}else{h=new g(this.timeParams)}}else{if(this.type=="utc"){h=new b()}else{h=new g()}}this.TLV=h.tohex();return this.TLV};this.getEncodedHex=function(){return this.tohex()};this.type="utc";if(f!==undefined){if(f.type!==undefined){this.type=f.type}else{if(f.str!==undefined){if(f.str.match(/^[0-9]{12}Z$/)){this.type="utc"}if(f.str.match(/^[0-9]{14}Z$/)){this.type="gen"}}}this.timeParams=f}};extendClass(KJUR.asn1.x509.Time,KJUR.asn1.ASN1Object);KJUR.asn1.x509.AlgorithmIdentifier=function(e){KJUR.asn1.x509.AlgorithmIdentifier.superclass.constructor.call(this);this.nameAlg=null;this.asn1Alg=null;this.asn1Params=null;this.paramEmpty=false;var b=KJUR,a=b.asn1,c=a.x509.AlgorithmIdentifier.PSSNAME2ASN1TLV;this.tohex=function(){if(this.nameAlg===null&&this.asn1Alg===null){throw new Error("algorithm not specified")}if(this.nameAlg!==null){var f=null;for(var h in c){if(h===this.nameAlg){f=c[h]}}if(f!==null){this.hTLV=f;return this.hTLV}}if(this.nameAlg!==null&&this.asn1Alg===null){this.asn1Alg=a.x509.OID.name2obj(this.nameAlg)}var g=[this.asn1Alg];if(this.asn1Params!==null){g.push(this.asn1Params)}var i=new a.DERSequence({array:g});this.hTLV=i.tohex();return this.hTLV};this.getEncodedHex=function(){return this.tohex()};if(e!==undefined){if(e.name!==undefined){this.nameAlg=e.name}if(e.asn1params!==undefined){this.asn1Params=e.asn1params}if(e.paramempty!==undefined){this.paramEmpty=e.paramempty}}if(this.asn1Params===null&&this.paramEmpty===false&&this.nameAlg!==null){if(this.nameAlg.name!==undefined){this.nameAlg=this.nameAlg.name}var d=this.nameAlg.toLowerCase();if(d.substr(-7,7)!=="withdsa"&&d.substr(-9,9)!=="withecdsa"){this.asn1Params=new a.DERNull()}}};extendClass(KJUR.asn1.x509.AlgorithmIdentifier,KJUR.asn1.ASN1Object);KJUR.asn1.x509.AlgorithmIdentifier.PSSNAME2ASN1TLV={SHAwithRSAandMGF1:"300d06092a864886f70d01010a3000",SHA256withRSAandMGF1:"303d06092a864886f70d01010a3030a00d300b0609608648016503040201a11a301806092a864886f70d010108300b0609608648016503040201a203020120",SHA384withRSAandMGF1:"303d06092a864886f70d01010a3030a00d300b0609608648016503040202a11a301806092a864886f70d010108300b0609608648016503040202a203020130",SHA512withRSAandMGF1:"303d06092a864886f70d01010a3030a00d300b0609608648016503040203a11a301806092a864886f70d010108300b0609608648016503040203a203020140"};KJUR.asn1.x509.GeneralName=function(f){KJUR.asn1.x509.GeneralName.superclass.constructor.call(this);var l={rfc822:"81",dns:"82",dn:"a4",uri:"86",ip:"87",otherName:"a0"},b=KJUR,h=b.asn1,d=h.x509,a=d.X500Name,g=d.OtherName,e=h.DERIA5String,i=h.DERPrintableString,k=h.DEROctetString,c=h.DERTaggedObject,m=h.ASN1Object,j=Error;this.params=null;this.setByParam=function(n){this.params=n};this.tohex=function(){var p=this.params;var A,y,q;var y=false;if(p.other!==undefined){A="a0",q=new g(p.other)}else{if(p.rfc822!==undefined){A="81";q=new e({str:p.rfc822})}else{if(p.dns!==undefined){A="82";q=new e({str:p.dns})}else{if(p.dn!==undefined){A="a4";y=true;if(typeof p.dn==="string"){q=new a({str:p.dn})}else{if(p.dn instanceof KJUR.asn1.x509.X500Name){q=p.dn}else{q=new a(p.dn)}}}else{if(p.ldapdn!==undefined){A="a4";y=true;q=new a({ldapstr:p.ldapdn})}else{if(p.certissuer!==undefined||p.certsubj!==undefined){A="a4";y=true;var n,o;var z=null;if(p.certsubj!==undefined){n=false;o=p.certsubj}else{n=true;o=p.certissuer}if(o.match(/^[0-9A-Fa-f]+$/)){z==o}if(o.indexOf("-----BEGIN ")!=-1){z=pemtohex(o)}if(z==null){throw new Error("certsubj/certissuer not cert")}var w=new X509();w.hex=z;var s;if(n){s=w.getIssuerHex()}else{s=w.getSubjectHex()}q=new m();q.hTLV=s}else{if(p.uri!==undefined){A="86";q=new e({str:p.uri})}else{if(p.ip!==undefined){A="87";var v;var t=p.ip;try{if(t.match(/^[0-9a-f]+$/)){var r=t.length;if(r==8||r==16||r==32||r==64){v=t}else{throw"err"}}else{v=iptohex(t)}}catch(u){throw new j("malformed IP address: "+p.ip+":"+u.message)}q=new k({hex:v})}else{throw new j("improper params")}}}}}}}}var B=new c({tag:A,explicit:y,obj:q});return B.tohex()};this.getEncodedHex=function(){return this.tohex()};if(f!==undefined){this.setByParam(f)}};extendClass(KJUR.asn1.x509.GeneralName,KJUR.asn1.ASN1Object);KJUR.asn1.x509.GeneralNames=function(d){KJUR.asn1.x509.GeneralNames.superclass.constructor.call(this);var a=null,c=KJUR,b=c.asn1;this.setByParamArray=function(g){for(var e=0;e0){var m=b(n.valhex,q[0]);var p=j(m,0);var t=[];for(var o=0;o1){var r=b(n.valhex,q[1]);n.polhex=r}delete n.valhex};this.setSignaturePolicyIdentifier=function(s){var q=j(s.valhex,0);if(q.length>0){var r=l.getOID(s.valhex,q[0]);s.oid=r}if(q.length>1){var m=new a();var t=j(s.valhex,q[1]);var p=b(s.valhex,t[0]);var o=m.getAlgorithmIdentifierName(p);s.alg=o;var n=i(s.valhex,t[1]);s.hash=n}delete s.valhex};this.setSigningCertificateV2=function(o){var s=j(o.valhex,0);if(s.length>0){var n=b(o.valhex,s[0]);var r=j(n,0);var u=[];for(var q=0;q1){var t=b(o.valhex,s[1]);o.polhex=t}delete o.valhex};this.getESSCertID=function(o){var p={};var n=j(o,0);if(n.length>0){var q=i(o,n[0]);p.hash=q}if(n.length>1){var m=b(o,n[1]);var r=this.getIssuerSerial(m);if(r.serial!=undefined){p.serial=r.serial}if(r.issuer!=undefined){p.issuer=r.issuer}}return p};this.getESSCertIDv2=function(q){var s={};var p=j(q,0);if(p.length<1||3r+1){var m=b(q,p[r+1]);var t=this.getIssuerSerial(m);s.issuer=t.issuer;s.serial=t.serial}return s};this.getIssuerSerial=function(q){var r={};var n=j(q,0);var m=b(q,n[0]);var p=h.getGeneralNames(m);var o=p[0].dn;r.issuer=o;var s=i(q,n[1]);r.serial={hex:s};return r};this.getCertificateSet=function(p){var n=j(p,0);var m=[];for(var o=0;o=0;j--){l+=k[j]}return l}else{if(typeof n=="string"&&a[n]!=undefined){return namearraytobinstr([n],a)}else{if(typeof n=="object"&&n.length!=undefined){return namearraytobinstr(n,a)}else{throw new f("wrong params")}}}return};this.tohex=function(){var j=this.params;var i=this.getBinValue();return(new g({bin:i})).tohex()};this.getEncodedHex=function(){return this.tohex()};if(h!=undefined){this.setByParam(h)}};extendClass(KJUR.asn1.tsp.PKIFailureInfo,KJUR.asn1.ASN1Object);KJUR.asn1.tsp.AbstractTSAAdapter=function(a){this.getTSTHex=function(c,b){throw"not implemented yet"}};KJUR.asn1.tsp.SimpleTSAAdapter=function(e){var d=KJUR,c=d.asn1,a=c.tsp,b=d.crypto.Util.hashHex;a.SimpleTSAAdapter.superclass.constructor.call(this);this.params=null;this.serial=0;this.getTSTHex=function(g,f){var i=b(g,f);this.params.econtent.content.messageImprint={alg:f,hash:i};this.params.econtent.content.serial={"int":this.serial++};var h=Math.floor(Math.random()*1000000000);this.params.econtent.content.nonce={"int":h};var j=new a.TimeStampToken(this.params);return j.getContentInfoEncodedHex()};if(e!==undefined){this.params=e}};extendClass(KJUR.asn1.tsp.SimpleTSAAdapter,KJUR.asn1.tsp.AbstractTSAAdapter);KJUR.asn1.tsp.FixedTSAAdapter=function(e){var d=KJUR,c=d.asn1,a=c.tsp,b=d.crypto.Util.hashHex;a.FixedTSAAdapter.superclass.constructor.call(this);this.params=null;this.getTSTHex=function(g,f){var h=b(g,f);this.params.econtent.content.messageImprint={alg:f,hash:h};var i=new a.TimeStampToken(this.params);return i.getContentInfoEncodedHex()};if(e!==undefined){this.params=e}};extendClass(KJUR.asn1.tsp.FixedTSAAdapter,KJUR.asn1.tsp.AbstractTSAAdapter);KJUR.asn1.tsp.TSPUtil=new function(){};KJUR.asn1.tsp.TSPUtil.newTimeStampToken=function(a){return new KJUR.asn1.tsp.TimeStampToken(a)};KJUR.asn1.tsp.TSPUtil.parseTimeStampReq=function(a){var b=new KJUR.asn1.tsp.TSPParser();return b.getTimeStampReq(a)};KJUR.asn1.tsp.TSPUtil.parseMessageImprint=function(a){var b=new KJUR.asn1.tsp.TSPParser();return b.getMessageImprint(a)};KJUR.asn1.tsp.TSPParser=function(){var e=Error,a=X509,f=new a(),k=ASN1HEX,g=k.getV,b=k.getTLV,d=k.getIdxbyList,c=k.getTLVbyListEx,i=k.getChildIdx;var j=["granted","grantedWithMods","rejection","waiting","revocationWarning","revocationNotification"];var h={0:"badAlg",2:"badRequest",5:"badDataFormat",14:"timeNotAvailable",15:"unacceptedPolicy",16:"unacceptedExtension",17:"addInfoNotAvailable",25:"systemFailure"};this.getResponse=function(n){var l=i(n,0);if(l.length==1){return this.getPKIStatusInfo(b(n,l[0]))}else{if(l.length>1){var o=this.getPKIStatusInfo(b(n,l[0]));var m=b(n,l[1]);var p=this.getToken(m);p.statusinfo=o;return p}}};this.getToken=function(m){var l=new KJUR.asn1.cms.CMSParser;var n=l.getCMSSignedData(m);this.setTSTInfo(n);return n};this.setTSTInfo=function(l){var o=l.econtent;if(o.type=="tstinfo"){var n=o.content.hex;var m=this.getTSTInfo(n);o.content=m}};this.getTSTInfo=function(r){var x={};var s=i(r,0);var p=g(r,s[1]);x.policy=hextooid(p);var o=b(r,s[2]);x.messageImprint=this.getMessageImprint(o);var u=g(r,s[3]);x.serial={hex:u};var y=g(r,s[4]);x.genTime={str:hextoutf8(y)};var q=0;if(s.length>5&&r.substr(s[5],2)=="30"){var v=b(r,s[5]);x.accuracy=this.getAccuracy(v);q++}if(s.length>5+q&&r.substr(s[5+q],2)=="01"){var z=g(r,s[5+q]);if(z=="ff"){x.ordering=true}q++}if(s.length>5+q&&r.substr(s[5+q],2)=="02"){var n=g(r,s[5+q]);x.nonce={hex:n};q++}if(s.length>5+q&&r.substr(s[5+q],2)=="a0"){var m=b(r,s[5+q]);m="30"+m.substr(2);pGeneralNames=f.getGeneralNames(m);var t=pGeneralNames[0].dn;x.tsa=t;q++}if(s.length>5+q&&r.substr(s[5+q],2)=="a1"){var l=b(r,s[5+q]);l="30"+l.substr(2);var w=f.getExtParamArray(l);x.ext=w;q++}return x};this.getAccuracy=function(q){var r={};var o=i(q,0);for(var p=0;p1&&o.substr(r[1],2)=="30"){var m=b(o,r[1]);t.statusstr=this.getPKIFreeText(m);n++}if(r.length>n&&o.substr(r[1+n],2)=="03"){var q=b(o,r[1+n]);t.failinfo=this.getPKIFailureInfo(q)}return t};this.getPKIFreeText=function(n){var o=[];var l=i(n,0);for(var m=0;m>6);var i=128|(a&63);return hextoutf8(j.toString(16)+i.toString(16))}var j=224|((h&240)>>4);var i=128|((h&15)<<2)|((a&192)>>6);var g=128|(a&63);return hextoutf8(j.toString(16)+i.toString(16)+g.toString(16))}var c=d.match(/.{4}/g);var b=c.map(e);return b.join("")}function encodeURIComponentAll(a){var d=encodeURIComponent(a);var b="";for(var c=0;c"7"){return"00"+a}return a}function intarystrtohex(b){b=b.replace(/^\s*\[\s*/,"");b=b.replace(/\s*\]\s*$/,"");b=b.replace(/\s*/g,"");try{var c=b.split(/,/).map(function(g,e,h){var f=parseInt(g);if(f<0||255a.length){d=a.length}for(var b=0;b0){o=o+"."+k.join(".")}return o}catch(j){return null}}var strpad=function(c,b,a){if(a==undefined){a="0"}if(c.length>=b){return c}return new Array(b-c.length+1).join(a)+c};function bitstrtoint(e){if(e.length%2!=0){return -1}e=e.toLowerCase();if(e.match(/^[0-9a-f]+$/)==null){return -1}try{var a=e.substr(0,2);if(a=="00"){return parseInt(e.substr(2),16)}var b=parseInt(a,16);if(b>7){return -1}var g=e.substr(2);var d=parseInt(g,16).toString(2);if(d=="0"){d="00000000"}d=d.slice(0,0-b);var f=parseInt(d,2);if(f==NaN){return -1}return f}catch(c){return -1}}function inttobitstr(e){if(typeof e!="number"){return null}if(e<0){return null}var c=Number(e).toString(2);var b=8-c.length%8;if(b==8){b=0}c=c+strpad("",b,"0");var d=parseInt(c,2).toString(16);if(d.length%2==1){d="0"+d}var a="0"+b;return a+d}function bitstrtobinstr(g){if(typeof g!="string"){return null}if(g.length%2!=0){return null}if(!g.match(/^[0-9a-f]+$/)){return null}try{var c=parseInt(g.substr(0,2),16);if(c<0||7=0;a--){c+=b[a]}return c}function aryval(e,c,d){if(typeof e!="object"){return undefined}var c=String(c).split(".");for(var b=0;b>6);var i=128|(a&63);return hextoutf8(j.toString(16)+i.toString(16))}var j=224|((h&240)>>4);var i=128|((h&15)<<2)|((a&192)>>6);var g=128|(a&63);return hextoutf8(j.toString(16)+i.toString(16)+g.toString(16))}var c=d.match(/.{4}/g);var b=c.map(e);return b.join("")}function encodeURIComponentAll(a){var d=encodeURIComponent(a);var b="";for(var c=0;c"7"){return"00"+a}return a}function intarystrtohex(b){b=b.replace(/^\s*\[\s*/,"");b=b.replace(/\s*\]\s*$/,"");b=b.replace(/\s*/g,"");try{var c=b.split(/,/).map(function(g,e,h){var f=parseInt(g);if(f<0||255a.length){d=a.length}for(var b=0;b0){o=o+"."+k.join(".")}return o}catch(j){return null}}var strpad=function(c,b,a){if(a==undefined){a="0"}if(c.length>=b){return c}return new Array(b-c.length+1).join(a)+c};function bitstrtoint(e){if(e.length%2!=0){return -1}e=e.toLowerCase();if(e.match(/^[0-9a-f]+$/)==null){return -1}try{var a=e.substr(0,2);if(a=="00"){return parseInt(e.substr(2),16)}var b=parseInt(a,16);if(b>7){return -1}var g=e.substr(2);var d=parseInt(g,16).toString(2);if(d=="0"){d="00000000"}d=d.slice(0,0-b);var f=parseInt(d,2);if(f==NaN){return -1}return f}catch(c){return -1}}function inttobitstr(e){if(typeof e!="number"){return null}if(e<0){return null}var c=Number(e).toString(2);var b=8-c.length%8;if(b==8){b=0}c=c+strpad("",b,"0");var d=parseInt(c,2).toString(16);if(d.length%2==1){d="0"+d}var a="0"+b;return a+d}function bitstrtobinstr(g){if(typeof g!="string"){return null}if(g.length%2!=0){return null}if(!g.match(/^[0-9a-f]+$/)){return null}try{var c=parseInt(g.substr(0,2),16);if(c<0||7=0;a--){c+=b[a]}return c}function aryval(e,c,d){if(typeof e!="object"){return undefined}var c=String(c).split(".");for(var b=0;bd){throw"key is too short for SigAlg: keylen="+j+","+a}var b="0001";var k="00"+c;var g="";var l=d-b.length-k.length;for(var f=0;f=0;--u){v=v.twice2D();v.z=f.ONE;if(t.testBit(u)){if(s.testBit(u)){v=v.add2D(y)}else{v=v.add2D(x)}}else{if(s.testBit(u)){v=v.add2D(w)}}}return v}this.getBigRandom=function(r){return new f(r.bitLength(),a).mod(r.subtract(f.ONE)).add(f.ONE)};this.setNamedCurve=function(r){this.ecparams=c.getByName(r);this.prvKeyHex=null;this.pubKeyHex=null;this.curveName=r};this.setPrivateKeyHex=function(r){this.isPrivate=true;this.prvKeyHex=r};this.setPublicKeyHex=function(r){this.isPublic=true;this.pubKeyHex=r};this.getPublicKeyXYHex=function(){var t=this.pubKeyHex;if(t.substr(0,2)!=="04"){throw"this method supports uncompressed format(04) only"}var s=this.ecparams.keycharlen;if(t.length!==2+s*2){throw"malformed public key hex length"}var r={};r.x=t.substr(2,s);r.y=t.substr(2+s);return r};this.getShortNISTPCurveName=function(){var r=this.curveName;if(r==="secp256r1"||r==="NIST P-256"||r==="P-256"||r==="prime256v1"){return"P-256"}if(r==="secp384r1"||r==="NIST P-384"||r==="P-384"){return"P-384"}if(r==="secp521r1"||r==="NIST P-521"||r==="P-521"){return"P-521"}return null};this.generateKeyPairHex=function(){var s=this.ecparams.n;var u=this.getBigRandom(s);var r=this.ecparams.keycharlen;var t=("0000000000"+u.toString(16)).slice(-r);this.setPrivateKeyHex(t);var v=this.generatePublicKeyHex();return{ecprvhex:t,ecpubhex:v}};this.generatePublicKeyHex=function(){var u=new f(this.prvKeyHex,16);var w=this.ecparams.G.multiply(u);var t=w.getX().toBigInteger();var s=w.getY().toBigInteger();var r=this.ecparams.keycharlen;var y=("0000000000"+t.toString(16)).slice(-r);var v=("0000000000"+s.toString(16)).slice(-r);var x="04"+y+v;this.setPublicKeyHex(x);return x};this.signWithMessageHash=function(r){return this.signHex(r,this.prvKeyHex)};this.signHex=function(x,u){var A=new f(u,16);var v=this.ecparams.n;var z=new f(x.substring(0,this.ecparams.keycharlen),16);do{var w=this.getBigRandom(v);var B=this.ecparams.G;var y=B.multiply(w);var t=y.getX().toBigInteger().mod(v)}while(t.compareTo(f.ZERO)<=0);var C=w.modInverse(v).multiply(z.add(A.multiply(t))).mod(v);return m.biRSSigToASN1Sig(t,C)};this.sign=function(w,B){var z=B;var u=this.ecparams.n;var y=f.fromByteArrayUnsigned(w);do{var v=this.getBigRandom(u);var A=this.ecparams.G;var x=A.multiply(v);var t=x.getX().toBigInteger().mod(u)}while(t.compareTo(BigInteger.ZERO)<=0);var C=v.modInverse(u).multiply(y.add(z.multiply(t))).mod(u);return this.serializeSig(t,C)};this.verifyWithMessageHash=function(s,r){return this.verifyHex(s,r,this.pubKeyHex)};this.verifyHex=function(v,y,u){try{var t,B;var w=m.parseSigHex(y);t=w.r;B=w.s;var x=h.decodeFromHex(this.ecparams.curve,u);var z=new f(v.substring(0,this.ecparams.keycharlen),16);return this.verifyRaw(z,t,B,x)}catch(A){return false}};this.verify=function(z,A,u){var w,t;if(Bitcoin.Util.isArray(A)){var y=this.parseSig(A);w=y.r;t=y.s}else{if("object"===typeof A&&A.r&&A.s){w=A.r;t=A.s}else{throw"Invalid value for signature"}}var v;if(u instanceof ECPointFp){v=u}else{if(Bitcoin.Util.isArray(u)){v=h.decodeFrom(this.ecparams.curve,u)}else{throw"Invalid format for pubkey value, must be byte array or ECPointFp"}}var x=f.fromByteArrayUnsigned(z);return this.verifyRaw(x,w,t,v)};this.verifyRaw=function(z,t,E,y){var x=this.ecparams.n;var D=this.ecparams.G;if(t.compareTo(f.ONE)<0||t.compareTo(x)>=0){return false}if(E.compareTo(f.ONE)<0||E.compareTo(x)>=0){return false}var A=E.modInverse(x);var w=z.multiply(A).mod(x);var u=t.multiply(A).mod(x);var B=D.multiply(w).add(y.multiply(u));var C=B.getX().toBigInteger().mod(x);return C.equals(t)};this.serializeSig=function(v,u){var w=v.toByteArraySigned();var t=u.toByteArraySigned();var x=[];x.push(2);x.push(w.length);x=x.concat(w);x.push(2);x.push(t.length);x=x.concat(t);x.unshift(x.length);x.unshift(48);return x};this.parseSig=function(y){var x;if(y[0]!=48){throw new Error("Signature not a valid DERSequence")}x=2;if(y[x]!=2){throw new Error("First element in signature must be a DERInteger")}var w=y.slice(x+2,x+2+y[x+1]);x+=2+y[x+1];if(y[x]!=2){throw new Error("Second element in signature must be a DERInteger")}var t=y.slice(x+2,x+2+y[x+1]);x+=2+y[x+1];var v=f.fromByteArrayUnsigned(w);var u=f.fromByteArrayUnsigned(t);return{r:v,s:u}};this.parseSigCompact=function(w){if(w.length!==65){throw"Signature has the wrong length"}var t=w[0]-27;if(t<0||t>7){throw"Invalid signature type"}var x=this.ecparams.n;var v=f.fromByteArrayUnsigned(w.slice(1,33)).mod(x);var u=f.fromByteArrayUnsigned(w.slice(33,65)).mod(x);return{r:v,s:u,i:t}};this.readPKCS5PrvKeyHex=function(u){if(k(u)===false){throw new Error("not ASN.1 hex string")}var r,t,v;try{r=n(u,0,["[0]",0],"06");t=n(u,0,[1],"04");try{v=n(u,0,["[1]",0],"03")}catch(s){}}catch(s){throw new Error("malformed PKCS#1/5 plain ECC private key")}this.curveName=d(r);if(this.curveName===undefined){throw"unsupported curve name"}this.setNamedCurve(this.curveName);this.setPublicKeyHex(v);this.setPrivateKeyHex(t);this.isPublic=false};this.readPKCS8PrvKeyHex=function(v){if(k(v)===false){throw new j("not ASN.1 hex string")}var t,r,u,w;try{t=n(v,0,[1,0],"06");r=n(v,0,[1,1],"06");u=n(v,0,[2,0,1],"04");try{w=n(v,0,[2,0,"[1]",0],"03")}catch(s){}}catch(s){throw new j("malformed PKCS#8 plain ECC private key")}this.curveName=d(r);if(this.curveName===undefined){throw new j("unsupported curve name")}this.setNamedCurve(this.curveName);this.setPublicKeyHex(w);this.setPrivateKeyHex(u);this.isPublic=false};this.readPKCS8PubKeyHex=function(u){if(k(u)===false){throw new j("not ASN.1 hex string")}var t,r,v;try{t=n(u,0,[0,0],"06");r=n(u,0,[0,1],"06");v=n(u,0,[1],"03")}catch(s){throw new j("malformed PKCS#8 ECC public key")}this.curveName=d(r);if(this.curveName===null){throw new j("unsupported curve name")}this.setNamedCurve(this.curveName);this.setPublicKeyHex(v)};this.readCertPubKeyHex=function(t,v){if(k(t)===false){throw new j("not ASN.1 hex string")}var r,u;try{r=n(t,0,[0,5,0,1],"06");u=n(t,0,[0,5,1],"03")}catch(s){throw new j("malformed X.509 certificate ECC public key")}this.curveName=d(r);if(this.curveName===null){throw new j("unsupported curve name")}this.setNamedCurve(this.curveName);this.setPublicKeyHex(u)};if(e!==undefined){if(e.curve!==undefined){this.curveName=e.curve}}if(this.curveName===undefined){this.curveName=g}this.setNamedCurve(this.curveName);if(e!==undefined){if(e.prv!==undefined){this.setPrivateKeyHex(e.prv)}if(e.pub!==undefined){this.setPublicKeyHex(e.pub)}}};KJUR.crypto.ECDSA.parseSigHex=function(a){var b=KJUR.crypto.ECDSA.parseSigHexInHexRS(a);var d=new BigInteger(b.r,16);var c=new BigInteger(b.s,16);return{r:d,s:c}};KJUR.crypto.ECDSA.parseSigHexInHexRS=function(f){var j=ASN1HEX,i=j.getChildIdx,g=j.getV;j.checkStrictDER(f,0);if(f.substr(0,2)!="30"){throw new Error("signature is not a ASN.1 sequence")}var h=i(f,0);if(h.length!=2){throw new Error("signature shall have two elements")}var e=h[0];var d=h[1];if(f.substr(e,2)!="02"){throw new Error("1st item not ASN.1 integer")}if(f.substr(d,2)!="02"){throw new Error("2nd item not ASN.1 integer")}var c=g(f,e);var b=g(f,d);return{r:c,s:b}};KJUR.crypto.ECDSA.asn1SigToConcatSig=function(d){var e=KJUR.crypto.ECDSA.parseSigHexInHexRS(d);var b=e.r;var a=e.s;if(b.length>=130&&b.length<=134){if(b.length%2!=0){throw Error("unknown ECDSA sig r length error")}if(a.length%2!=0){throw Error("unknown ECDSA sig s length error")}if(b.substr(0,2)=="00"){b=b.substr(2)}if(a.substr(0,2)=="00"){a=a.substr(2)}var c=Math.max(b.length,a.length);b=("000000"+b).slice(-c);a=("000000"+a).slice(-c);return b+a}if(b.substr(0,2)=="00"&&(b.length%32)==2){b=b.substr(2)}if(a.substr(0,2)=="00"&&(a.length%32)==2){a=a.substr(2)}if((b.length%32)==30){b="00"+b}if((a.length%32)==30){a="00"+a}if(b.length%32!=0){throw Error("unknown ECDSA sig r length error")}if(a.length%32!=0){throw Error("unknown ECDSA sig s length error")}return b+a};KJUR.crypto.ECDSA.concatSigToASN1Sig=function(a){if(a.length%4!=0){throw Error("unknown ECDSA concatinated r-s sig length error")}var c=a.substr(0,a.length/2);var b=a.substr(a.length/2);return KJUR.crypto.ECDSA.hexRSSigToASN1Sig(c,b)};KJUR.crypto.ECDSA.hexRSSigToASN1Sig=function(b,a){var d=new BigInteger(b,16);var c=new BigInteger(a,16);return KJUR.crypto.ECDSA.biRSSigToASN1Sig(d,c)};KJUR.crypto.ECDSA.biRSSigToASN1Sig=function(f,d){var c=KJUR.asn1;var b=new c.DERInteger({bigint:f});var a=new c.DERInteger({bigint:d});var e=new c.DERSequence({array:[b,a]});return e.tohex()};KJUR.crypto.ECDSA.getName=function(a){if(a==="2b8104001f"){return"secp192k1"}if(a==="2a8648ce3d030107"){return"secp256r1"}if(a==="2b8104000a"){return"secp256k1"}if(a==="2b81040021"){return"secp224r1"}if(a==="2b81040022"){return"secp384r1"}if(a==="2b81040023"){return"secp521r1"}if("|secp256r1|NIST P-256|P-256|prime256v1|".indexOf(a)!==-1){return"secp256r1"}if("|secp256k1|".indexOf(a)!==-1){return"secp256k1"}if("|secp224r1|NIST P-224|P-224|".indexOf(a)!==-1){return"secp224r1"}if("|secp384r1|NIST P-384|P-384|".indexOf(a)!==-1){return"secp384r1"}if("|secp521r1|NIST P-521|P-521|".indexOf(a)!==-1){return"secp521r1"}return null}; if(typeof KJUR=="undefined"||!KJUR){KJUR={}}if(typeof KJUR.crypto=="undefined"||!KJUR.crypto){KJUR.crypto={}}KJUR.crypto.ECParameterDB=new function(){var b={};var c={};function a(d){return new BigInteger(d,16)}this.getByName=function(e){var d=e;if(typeof c[d]!="undefined"){d=c[e]}if(typeof b[d]!="undefined"){return b[d]}throw"unregistered EC curve name: "+d};this.regist=function(A,l,o,g,m,e,j,f,k,u,d,x){b[A]={};var s=a(o);var z=a(g);var y=a(m);var t=a(e);var w=a(j);var r=new ECCurveFp(s,z,y);var q=r.decodePointHex("04"+f+k);b[A]["name"]=A;b[A]["keylen"]=l;b[A]["keycharlen"]=Math.ceil(l/8)*2;b[A]["curve"]=r;b[A]["G"]=q;b[A]["n"]=t;b[A]["h"]=w;b[A]["oid"]=d;b[A]["info"]=x;for(var v=0;v=u*2){break}}var z={};z.keyhex=x.substr(0,i[q]["keylen"]*2);z.ivhex=x.substr(i[q]["keylen"]*2,i[q]["ivlen"]*2);return z};var b=function(p,v,r,w){var s=CryptoJS.enc.Base64.parse(p);var q=CryptoJS.enc.Hex.stringify(s);var u=i[v]["proc"];var t=u(q,r,w);return t};var h=function(p,s,q,u){var r=i[s]["eproc"];var t=r(p,q,u);return t};return{version:"1.0.0",parsePKCS5PEM:function(p){return n(p)},getKeyAndUnusedIvByPasscodeAndIvsalt:function(q,p,r){return j(q,p,r)},decryptKeyB64:function(p,r,q,s){return b(p,r,q,s)},getDecryptedKeyHex:function(y,x){var q=n(y);var t=q.type;var r=q.cipher;var p=q.ivsalt;var s=q.data;var w=j(r,x,p);var v=w.keyhex;var u=b(s,r,v,p);return u},getEncryptedPKCS5PEMFromPrvKeyHex:function(x,s,A,t,r){var p="";if(typeof t=="undefined"||t==null){t="AES-256-CBC"}if(typeof i[t]=="undefined"){throw new Error("KEYUTIL unsupported algorithm: "+t)}if(typeof r=="undefined"||r==null){var v=i[t]["ivlen"];var u=m(v);r=u.toUpperCase()}var z=j(t,A,r);var y=z.keyhex;var w=h(s,t,y,r);var q=w.replace(/(.{64})/g,"$1\r\n");var p="-----BEGIN "+x+" PRIVATE KEY-----\r\n";p+="Proc-Type: 4,ENCRYPTED\r\n";p+="DEK-Info: "+t+","+r+"\r\n";p+="\r\n";p+=q;p+="\r\n-----END "+x+" PRIVATE KEY-----\r\n";return p},parseHexOfEncryptedPKCS8:function(y){var B=ASN1HEX;var z=B.getChildIdx;var w=B.getV;var t={};var r=z(y,0);if(r.length!=2){throw new Error("malformed format: SEQUENCE(0).items != 2: "+r.length)}t.ciphertext=w(y,r[1]);var A=z(y,r[0]);if(A.length!=2){throw new Error("malformed format: SEQUENCE(0.0).items != 2: "+A.length)}if(w(y,A[0])!="2a864886f70d01050d"){throw new Error("this only supports pkcs5PBES2")}var p=z(y,A[1]);if(A.length!=2){throw new Error("malformed format: SEQUENCE(0.0.1).items != 2: "+p.length)}var q=z(y,p[1]);if(q.length!=2){throw new Error("malformed format: SEQUENCE(0.0.1.1).items != 2: "+q.length)}if(w(y,q[0])!="2a864886f70d0307"){throw"this only supports TripleDES"}t.encryptionSchemeAlg="TripleDES";t.encryptionSchemeIV=w(y,q[1]);var s=z(y,p[0]);if(s.length!=2){throw new Error("malformed format: SEQUENCE(0.0.1.0).items != 2: "+s.length)}if(w(y,s[0])!="2a864886f70d01050c"){throw new Error("this only supports pkcs5PBKDF2")}var x=z(y,s[1]);if(x.length<2){throw new Error("malformed format: SEQUENCE(0.0.1.0.1).items < 2: "+x.length)}t.pbkdf2Salt=w(y,x[0]);var u=w(y,x[1]);try{t.pbkdf2Iter=parseInt(u,16)}catch(v){throw new Error("malformed format pbkdf2Iter: "+u)}return t},getPBKDF2KeyHexFromParam:function(u,p){var t=CryptoJS.enc.Hex.parse(u.pbkdf2Salt);var q=u.pbkdf2Iter;var s=CryptoJS.PBKDF2(p,t,{keySize:192/32,iterations:q});var r=CryptoJS.enc.Hex.stringify(s);return r},_getPlainPKCS8HexFromEncryptedPKCS8PEM:function(x,y){var r=pemtohex(x,"ENCRYPTED PRIVATE KEY");var p=this.parseHexOfEncryptedPKCS8(r);var u=KEYUTIL.getPBKDF2KeyHexFromParam(p,y);var v={};v.ciphertext=CryptoJS.enc.Hex.parse(p.ciphertext);var t=CryptoJS.enc.Hex.parse(u);var s=CryptoJS.enc.Hex.parse(p.encryptionSchemeIV);var w=CryptoJS.TripleDES.decrypt(v,t,{iv:s});var q=CryptoJS.enc.Hex.stringify(w);return q},getKeyFromEncryptedPKCS8PEM:function(s,q){var p=this._getPlainPKCS8HexFromEncryptedPKCS8PEM(s,q);var r=this.getKeyFromPlainPrivatePKCS8Hex(p);return r},parsePlainPrivatePKCS8Hex:function(s){var v=ASN1HEX;var u=v.getChildIdx;var t=v.getV;var q={};q.algparam=null;if(s.substr(0,2)!="30"){throw new Error("malformed plain PKCS8 private key(code:001)")}var r=u(s,0);if(r.length<3){throw new Error("malformed plain PKCS8 private key(code:002)")}if(s.substr(r[1],2)!="30"){throw new Error("malformed PKCS8 private key(code:003)")}var p=u(s,r[1]);if(p.length!=2){throw new Error("malformed PKCS8 private key(code:004)")}if(s.substr(p[0],2)!="06"){throw new Error("malformed PKCS8 private key(code:005)")}q.algoid=t(s,p[0]);if(s.substr(p[1],2)=="06"){q.algparam=t(s,p[1])}if(s.substr(r[2],2)!="04"){throw new Error("malformed PKCS8 private key(code:006)")}q.keyidx=v.getVidx(s,r[2]);return q},getKeyFromPlainPrivatePKCS8PEM:function(q){var p=pemtohex(q,"PRIVATE KEY");var r=this.getKeyFromPlainPrivatePKCS8Hex(p);return r},getKeyFromPlainPrivatePKCS8Hex:function(p){var q=this.parsePlainPrivatePKCS8Hex(p);var r;if(q.algoid=="2a864886f70d010101"){r=new RSAKey()}else{if(q.algoid=="2a8648ce380401"){r=new KJUR.crypto.DSA()}else{if(q.algoid=="2a8648ce3d0201"){r=new KJUR.crypto.ECDSA()}else{throw new Error("unsupported private key algorithm")}}}r.readPKCS8PrvKeyHex(p);return r},_getKeyFromPublicPKCS8Hex:function(q){var p;var r=ASN1HEX.getVbyList(q,0,[0,0],"06");if(r==="2a864886f70d010101"){p=new RSAKey()}else{if(r==="2a8648ce380401"){p=new KJUR.crypto.DSA()}else{if(r==="2a8648ce3d0201"){p=new KJUR.crypto.ECDSA()}else{throw new Error("unsupported PKCS#8 public key hex")}}}p.readPKCS8PubKeyHex(q);return p},parsePublicRawRSAKeyHex:function(r){var u=ASN1HEX;var t=u.getChildIdx;var s=u.getV;var p={};if(r.substr(0,2)!="30"){throw new Error("malformed RSA key(code:001)")}var q=t(r,0);if(q.length!=2){throw new Error("malformed RSA key(code:002)")}if(r.substr(q[0],2)!="02"){throw new Error("malformed RSA key(code:003)")}p.n=s(r,q[0]);if(r.substr(q[1],2)!="02"){throw new Error("malformed RSA key(code:004)")}p.e=s(r,q[1]);return p},parsePublicPKCS8Hex:function(t){var v=ASN1HEX;var u=v.getChildIdx;var s=v.getV;var q={};q.algparam=null;var r=u(t,0);if(r.length!=2){throw new Error("outer DERSequence shall have 2 elements: "+r.length)}var w=r[0];if(t.substr(w,2)!="30"){throw new Error("malformed PKCS8 public key(code:001)")}var p=u(t,w);if(p.length!=2){throw new Error("malformed PKCS8 public key(code:002)")}if(t.substr(p[0],2)!="06"){throw new Error("malformed PKCS8 public key(code:003)")}q.algoid=s(t,p[0]);if(t.substr(p[1],2)=="06"){q.algparam=s(t,p[1])}else{if(t.substr(p[1],2)=="30"){q.algparam={};q.algparam.p=v.getVbyList(t,p[1],[0],"02");q.algparam.q=v.getVbyList(t,p[1],[1],"02");q.algparam.g=v.getVbyList(t,p[1],[2],"02")}}if(t.substr(r[1],2)!="03"){throw new Error("malformed PKCS8 public key(code:004)")}q.key=s(t,r[1]).substr(2);return q},}}();KEYUTIL.getKey=function(l,k,n){var G=ASN1HEX,L=G.getChildIdx,v=G.getV,d=G.getVbyList,c=KJUR.crypto,i=c.ECDSA,C=c.DSA,w=RSAKey,M=pemtohex,F=KEYUTIL;if(typeof w!="undefined"&&l instanceof w){return l}if(typeof i!="undefined"&&l instanceof i){return l}if(typeof C!="undefined"&&l instanceof C){return l}if(l.curve!==undefined&&l.xy!==undefined&&l.d===undefined){return new i({pub:l.xy,curve:l.curve})}if(l.curve!==undefined&&l.d!==undefined){return new i({prv:l.d,curve:l.curve})}if(l.kty===undefined&&l.n!==undefined&&l.e!==undefined&&l.d===undefined){var P=new w();P.setPublic(l.n,l.e);return P}if(l.kty===undefined&&l.n!==undefined&&l.e!==undefined&&l.d!==undefined&&l.p!==undefined&&l.q!==undefined&&l.dp!==undefined&&l.dq!==undefined&&l.co!==undefined&&l.qi===undefined){var P=new w();P.setPrivateEx(l.n,l.e,l.d,l.p,l.q,l.dp,l.dq,l.co);return P}if(l.kty===undefined&&l.n!==undefined&&l.e!==undefined&&l.d!==undefined&&l.p===undefined){var P=new w();P.setPrivate(l.n,l.e,l.d);return P}if(l.p!==undefined&&l.q!==undefined&&l.g!==undefined&&l.y!==undefined&&l.x===undefined){var P=new C();P.setPublic(l.p,l.q,l.g,l.y);return P}if(l.p!==undefined&&l.q!==undefined&&l.g!==undefined&&l.y!==undefined&&l.x!==undefined){var P=new C();P.setPrivate(l.p,l.q,l.g,l.y,l.x);return P}if(l.kty==="RSA"&&l.n!==undefined&&l.e!==undefined&&l.d===undefined){var P=new w();P.setPublic(b64utohex(l.n),b64utohex(l.e));return P}if(l.kty==="RSA"&&l.n!==undefined&&l.e!==undefined&&l.d!==undefined&&l.p!==undefined&&l.q!==undefined&&l.dp!==undefined&&l.dq!==undefined&&l.qi!==undefined){var P=new w();P.setPrivateEx(b64utohex(l.n),b64utohex(l.e),b64utohex(l.d),b64utohex(l.p),b64utohex(l.q),b64utohex(l.dp),b64utohex(l.dq),b64utohex(l.qi));return P}if(l.kty==="RSA"&&l.n!==undefined&&l.e!==undefined&&l.d!==undefined){var P=new w();P.setPrivate(b64utohex(l.n),b64utohex(l.e),b64utohex(l.d));return P}if(l.kty==="EC"&&l.crv!==undefined&&l.x!==undefined&&l.y!==undefined&&l.d===undefined){var j=new i({curve:l.crv});var t=j.ecparams.keycharlen;var B=("0000000000"+b64utohex(l.x)).slice(-t);var z=("0000000000"+b64utohex(l.y)).slice(-t);var u="04"+B+z;j.setPublicKeyHex(u);return j}if(l.kty==="EC"&&l.crv!==undefined&&l.x!==undefined&&l.y!==undefined&&l.d!==undefined){var j=new i({curve:l.crv});var t=j.ecparams.keycharlen;var B=("0000000000"+b64utohex(l.x)).slice(-t);var z=("0000000000"+b64utohex(l.y)).slice(-t);var u="04"+B+z;var b=("0000000000"+b64utohex(l.d)).slice(-t);j.setPublicKeyHex(u);j.setPrivateKeyHex(b);return j}if(n==="pkcs5prv"){var J=l,G=ASN1HEX,N,P;N=L(J,0);if(N.length===9){P=new w();P.readPKCS5PrvKeyHex(J)}else{if(N.length===6){P=new C();P.readPKCS5PrvKeyHex(J)}else{if(N.length>2&&J.substr(N[1],2)==="04"){P=new i();P.readPKCS5PrvKeyHex(J)}else{throw new Error("unsupported PKCS#1/5 hexadecimal key")}}}return P}if(n==="pkcs8prv"){var P=F.getKeyFromPlainPrivatePKCS8Hex(l);return P}if(n==="pkcs8pub"){return F._getKeyFromPublicPKCS8Hex(l)}if(n==="x509pub"){return X509.getPublicKeyFromCertHex(l)}if(l.indexOf("-END CERTIFICATE-",0)!=-1||l.indexOf("-END X509 CERTIFICATE-",0)!=-1||l.indexOf("-END TRUSTED CERTIFICATE-",0)!=-1){return X509.getPublicKeyFromCertPEM(l)}if(l.indexOf("-END PUBLIC KEY-")!=-1){var O=pemtohex(l,"PUBLIC KEY");return F._getKeyFromPublicPKCS8Hex(O)}if(l.indexOf("-END RSA PRIVATE KEY-")!=-1&&l.indexOf("4,ENCRYPTED")==-1){var m=M(l,"RSA PRIVATE KEY");return F.getKey(m,null,"pkcs5prv")}if(l.indexOf("-END DSA PRIVATE KEY-")!=-1&&l.indexOf("4,ENCRYPTED")==-1){var I=M(l,"DSA PRIVATE KEY");var E=d(I,0,[1],"02");var D=d(I,0,[2],"02");var K=d(I,0,[3],"02");var r=d(I,0,[4],"02");var s=d(I,0,[5],"02");var P=new C();P.setPrivate(new BigInteger(E,16),new BigInteger(D,16),new BigInteger(K,16),new BigInteger(r,16),new BigInteger(s,16));return P}if(l.indexOf("-END EC PRIVATE KEY-")!=-1&&l.indexOf("4,ENCRYPTED")==-1){var m=M(l,"EC PRIVATE KEY");return F.getKey(m,null,"pkcs5prv")}if(l.indexOf("-END PRIVATE KEY-")!=-1){return F.getKeyFromPlainPrivatePKCS8PEM(l)}if(l.indexOf("-END RSA PRIVATE KEY-")!=-1&&l.indexOf("4,ENCRYPTED")!=-1){var o=F.getDecryptedKeyHex(l,k);var H=new RSAKey();H.readPKCS5PrvKeyHex(o);return H}if(l.indexOf("-END EC PRIVATE KEY-")!=-1&&l.indexOf("4,ENCRYPTED")!=-1){var I=F.getDecryptedKeyHex(l,k);var P=d(I,0,[1],"04");var f=d(I,0,[2,0],"06");var A=d(I,0,[3,0],"03").substr(2);var e="";if(KJUR.crypto.OID.oidhex2name[f]!==undefined){e=KJUR.crypto.OID.oidhex2name[f]}else{throw new Error("undefined OID(hex) in KJUR.crypto.OID: "+f)}var j=new i({curve:e});j.setPublicKeyHex(A);j.setPrivateKeyHex(P);j.isPublic=false;return j}if(l.indexOf("-END DSA PRIVATE KEY-")!=-1&&l.indexOf("4,ENCRYPTED")!=-1){var I=F.getDecryptedKeyHex(l,k);var E=d(I,0,[1],"02");var D=d(I,0,[2],"02");var K=d(I,0,[3],"02");var r=d(I,0,[4],"02");var s=d(I,0,[5],"02");var P=new C();P.setPrivate(new BigInteger(E,16),new BigInteger(D,16),new BigInteger(K,16),new BigInteger(r,16),new BigInteger(s,16));return P}if(l.indexOf("-END ENCRYPTED PRIVATE KEY-")!=-1){return F.getKeyFromEncryptedPKCS8PEM(l,k)}throw new Error("not supported argument")};KEYUTIL.generateKeypair=function(a,c){if(a=="RSA"){var b=c;var h=new RSAKey();h.generate(b,"10001");h.isPrivate=true;h.isPublic=true;var f=new RSAKey();var e=h.n.toString(16);var i=h.e.toString(16);f.setPublic(e,i);f.isPrivate=false;f.isPublic=true;var k={};k.prvKeyObj=h;k.pubKeyObj=f;return k}else{if(a=="EC"){var d=c;var g=new KJUR.crypto.ECDSA({curve:d});var j=g.generateKeyPairHex();var h=new KJUR.crypto.ECDSA({curve:d});h.setPublicKeyHex(j.ecpubhex);h.setPrivateKeyHex(j.ecprvhex);h.isPrivate=true;h.isPublic=false;var f=new KJUR.crypto.ECDSA({curve:d});f.setPublicKeyHex(j.ecpubhex);f.isPrivate=false;f.isPublic=true;var k={};k.prvKeyObj=h;k.pubKeyObj=f;return k}else{throw new Error("unknown algorithm: "+a)}}};KEYUTIL.getPEM=function(b,D,y,m,q,j){var F=KJUR,k=F.asn1,z=k.DERObjectIdentifier,f=k.DERInteger,l=k.ASN1Util.newObject,a=k.x509,C=a.SubjectPublicKeyInfo,e=F.crypto,u=e.DSA,r=e.ECDSA,n=RSAKey;function A(s){var H=l({seq:[{"int":0},{"int":{bigint:s.n}},{"int":s.e},{"int":{bigint:s.d}},{"int":{bigint:s.p}},{"int":{bigint:s.q}},{"int":{bigint:s.dmp1}},{"int":{bigint:s.dmq1}},{"int":{bigint:s.coeff}}]});return H}function B(H){var s=l({seq:[{"int":1},{octstr:{hex:H.prvKeyHex}},{tag:["a0",true,{oid:{name:H.curveName}}]},{tag:["a1",true,{bitstr:{hex:"00"+H.pubKeyHex}}]}]});return s}function x(s){var H=l({seq:[{"int":0},{"int":{bigint:s.p}},{"int":{bigint:s.q}},{"int":{bigint:s.g}},{"int":{bigint:s.y}},{"int":{bigint:s.x}}]});return H}if(((n!==undefined&&b instanceof n)||(u!==undefined&&b instanceof u)||(r!==undefined&&b instanceof r))&&b.isPublic==true&&(D===undefined||D=="PKCS8PUB")){var E=new C(b);var w=E.tohex();return hextopem(w,"PUBLIC KEY")}if(D=="PKCS1PRV"&&n!==undefined&&b instanceof n&&(y===undefined||y==null)&&b.isPrivate==true){var E=A(b);var w=E.tohex();return hextopem(w,"RSA PRIVATE KEY")}if(D=="PKCS1PRV"&&r!==undefined&&b instanceof r&&(y===undefined||y==null)&&b.isPrivate==true){var i=new z({name:b.curveName});var v=i.tohex();var h=B(b);var t=h.tohex();var p="";p+=hextopem(v,"EC PARAMETERS");p+=hextopem(t,"EC PRIVATE KEY");return p}if(D=="PKCS1PRV"&&u!==undefined&&b instanceof u&&(y===undefined||y==null)&&b.isPrivate==true){var E=x(b);var w=E.tohex();return hextopem(w,"DSA PRIVATE KEY")}if(D=="PKCS5PRV"&&n!==undefined&&b instanceof n&&(y!==undefined&&y!=null)&&b.isPrivate==true){var E=A(b);var w=E.tohex();if(m===undefined){m="DES-EDE3-CBC"}return this.getEncryptedPKCS5PEMFromPrvKeyHex("RSA",w,y,m,j)}if(D=="PKCS5PRV"&&r!==undefined&&b instanceof r&&(y!==undefined&&y!=null)&&b.isPrivate==true){var E=B(b);var w=E.tohex();if(m===undefined){m="DES-EDE3-CBC"}return this.getEncryptedPKCS5PEMFromPrvKeyHex("EC",w,y,m,j)}if(D=="PKCS5PRV"&&u!==undefined&&b instanceof u&&(y!==undefined&&y!=null)&&b.isPrivate==true){var E=x(b);var w=E.tohex();if(m===undefined){m="DES-EDE3-CBC"}return this.getEncryptedPKCS5PEMFromPrvKeyHex("DSA",w,y,m,j)}var o=function(H,s){var J=c(H,s);var I=new l({seq:[{seq:[{oid:{name:"pkcs5PBES2"}},{seq:[{seq:[{oid:{name:"pkcs5PBKDF2"}},{seq:[{octstr:{hex:J.pbkdf2Salt}},{"int":J.pbkdf2Iter}]}]},{seq:[{oid:{name:"des-EDE3-CBC"}},{octstr:{hex:J.encryptionSchemeIV}}]}]}]},{octstr:{hex:J.ciphertext}}]});return I.tohex()};var c=function(O,P){var I=100;var N=CryptoJS.lib.WordArray.random(8);var M="DES-EDE3-CBC";var s=CryptoJS.lib.WordArray.random(8);var J=CryptoJS.PBKDF2(P,N,{keySize:192/32,iterations:I});var K=CryptoJS.enc.Hex.parse(O);var L=CryptoJS.TripleDES.encrypt(K,J,{iv:s})+"";var H={};H.ciphertext=L;H.pbkdf2Salt=CryptoJS.enc.Hex.stringify(N);H.pbkdf2Iter=I;H.encryptionSchemeAlg=M;H.encryptionSchemeIV=CryptoJS.enc.Hex.stringify(s);return H};if(D=="PKCS8PRV"&&n!=undefined&&b instanceof n&&b.isPrivate==true){var g=A(b);var d=g.tohex();var E=l({seq:[{"int":0},{seq:[{oid:{name:"rsaEncryption"}},{"null":true}]},{octstr:{hex:d}}]});var w=E.tohex();if(y===undefined||y==null){return hextopem(w,"PRIVATE KEY")}else{var t=o(w,y);return hextopem(t,"ENCRYPTED PRIVATE KEY")}}if(D=="PKCS8PRV"&&r!==undefined&&b instanceof r&&b.isPrivate==true){var G={seq:[{"int":1},{octstr:{hex:b.prvKeyHex}}]};if(typeof b.pubKeyHex=="string"){G.seq.push({tag:["a1",true,{bitstr:{hex:"00"+b.pubKeyHex}}]})}var g=new l(G);var d=g.tohex();var E=l({seq:[{"int":0},{seq:[{oid:{name:"ecPublicKey"}},{oid:{name:b.curveName}}]},{octstr:{hex:d}}]});var w=E.tohex();if(y===undefined||y==null){return hextopem(w,"PRIVATE KEY")}else{var t=o(w,y);return hextopem(t,"ENCRYPTED PRIVATE KEY")}}if(D=="PKCS8PRV"&&u!==undefined&&b instanceof u&&b.isPrivate==true){var g=new f({bigint:b.x});var d=g.tohex();var E=l({seq:[{"int":0},{seq:[{oid:{name:"dsa"}},{seq:[{"int":{bigint:b.p}},{"int":{bigint:b.q}},{"int":{bigint:b.g}}]}]},{octstr:{hex:d}}]});var w=E.tohex();if(y===undefined||y==null){return hextopem(w,"PRIVATE KEY")}else{var t=o(w,y);return hextopem(t,"ENCRYPTED PRIVATE KEY")}}throw new Error("unsupported object nor format")};KEYUTIL.getKeyFromCSRPEM=function(b){var a=pemtohex(b,"CERTIFICATE REQUEST");var c=KEYUTIL.getKeyFromCSRHex(a);return c};KEYUTIL.getKeyFromCSRHex=function(a){var c=KEYUTIL.parseCSRHex(a);var b=KEYUTIL.getKey(c.p8pubkeyhex,null,"pkcs8pub");return b};KEYUTIL.parseCSRHex=function(d){var i=ASN1HEX;var f=i.getChildIdx;var c=i.getTLV;var b={};var g=d;if(g.substr(0,2)!="30"){throw new Error("malformed CSR(code:001)")}var e=f(g,0);if(e.length<1){throw new Error("malformed CSR(code:002)")}if(g.substr(e[0],2)!="30"){throw new Error("malformed CSR(code:003)")}var a=f(g,e[0]);if(a.length<3){throw new Error("malformed CSR(code:004)")}b.p8pubkeyhex=c(g,a[2]);return b};KEYUTIL.getKeyID=function(f){var c=KEYUTIL;var e=ASN1HEX;if(typeof f==="string"&&f.indexOf("BEGIN ")!=-1){f=c.getKey(f)}var d=pemtohex(c.getPEM(f));var b=e.getIdxbyList(d,0,[1]);var a=e.getV(d,b).substring(2);return KJUR.crypto.Util.hashHex(a,"sha1")};KEYUTIL.getJWK=function(d,h,g,b,f){var i;var k={};var e;var c=KJUR.crypto.Util.hashHex;if(typeof d=="string"){i=KEYUTIL.getKey(d);if(d.indexOf("CERTIFICATE")!=-1){e=pemtohex(d)}}else{if(typeof d=="object"){if(d instanceof X509){i=d.getPublicKey();e=d.hex}else{i=d}}else{throw new Error("unsupported keyinfo type")}}if(i instanceof RSAKey&&i.isPrivate){k.kty="RSA";k.n=hextob64u(i.n.toString(16));k.e=hextob64u(i.e.toString(16));k.d=hextob64u(i.d.toString(16));k.p=hextob64u(i.p.toString(16));k.q=hextob64u(i.q.toString(16));k.dp=hextob64u(i.dmp1.toString(16));k.dq=hextob64u(i.dmq1.toString(16));k.qi=hextob64u(i.coeff.toString(16))}else{if(i instanceof RSAKey&&i.isPublic){k.kty="RSA";k.n=hextob64u(i.n.toString(16));k.e=hextob64u(i.e.toString(16))}else{if(i instanceof KJUR.crypto.ECDSA&&i.isPrivate){var a=i.getShortNISTPCurveName();if(a!=="P-256"&&a!=="P-384"&&a!=="P-521"){throw new Error("unsupported curve name for JWT: "+a)}var j=i.getPublicKeyXYHex();k.kty="EC";k.crv=a;k.x=hextob64u(j.x);k.y=hextob64u(j.y);k.d=hextob64u(i.prvKeyHex)}else{if(i instanceof KJUR.crypto.ECDSA&&i.isPublic){var a=i.getShortNISTPCurveName();if(a!=="P-256"&&a!=="P-384"&&a!=="P-521"){throw new Error("unsupported curve name for JWT: "+a)}var j=i.getPublicKeyXYHex();k.kty="EC";k.crv=a;k.x=hextob64u(j.x);k.y=hextob64u(j.y)}}}}if(k.kty==undefined){throw new Error("unsupported keyinfo")}if((!i.isPrivate)&&h!=true){k.kid=KJUR.jws.JWS.getJWKthumbprint(k)}if(e!=undefined&&g!=true){k.x5c=[hex2b64(e)]}if(e!=undefined&&b!=true){k.x5t=b64tob64u(hex2b64(c(e,"sha1")))}if(e!=undefined&&f!=true){k["x5t#S256"]=b64tob64u(hex2b64(c(e,"sha256")))}return k};KEYUTIL.getJWKFromKey=function(a){return KEYUTIL.getJWK(a,true,true,true,true)}; RSAKey.getPosArrayOfChildrenFromHex=function(a){return ASN1HEX.getChildIdx(a,0)};RSAKey.getHexValueArrayOfChildrenFromHex=function(f){var n=ASN1HEX;var i=n.getV;var k=RSAKey.getPosArrayOfChildrenFromHex(f);var e=i(f,k[0]);var j=i(f,k[1]);var b=i(f,k[2]);var c=i(f,k[3]);var h=i(f,k[4]);var g=i(f,k[5]);var m=i(f,k[6]);var l=i(f,k[7]);var d=i(f,k[8]);var k=new Array();k.push(e,j,b,c,h,g,m,l,d);return k};RSAKey.prototype.readPrivateKeyFromPEMString=function(d){var c=pemtohex(d);var b=RSAKey.getHexValueArrayOfChildrenFromHex(c);this.setPrivateEx(b[1],b[2],b[3],b[4],b[5],b[6],b[7],b[8])};RSAKey.prototype.readPKCS5PrvKeyHex=function(c){var b=RSAKey.getHexValueArrayOfChildrenFromHex(c);this.setPrivateEx(b[1],b[2],b[3],b[4],b[5],b[6],b[7],b[8])};RSAKey.prototype.readPKCS8PrvKeyHex=function(e){var c,i,k,b,a,f,d,j;var m=ASN1HEX;var l=m.getVbyListEx;if(m.isASN1HEX(e)===false){throw new Error("not ASN.1 hex string")}try{c=l(e,0,[2,0,1],"02");i=l(e,0,[2,0,2],"02");k=l(e,0,[2,0,3],"02");b=l(e,0,[2,0,4],"02");a=l(e,0,[2,0,5],"02");f=l(e,0,[2,0,6],"02");d=l(e,0,[2,0,7],"02");j=l(e,0,[2,0,8],"02")}catch(g){throw new Error("malformed PKCS#8 plain RSA private key")}this.setPrivateEx(c,i,k,b,a,f,d,j)};RSAKey.prototype.readPKCS5PubKeyHex=function(c){var e=ASN1HEX;var b=e.getV;if(e.isASN1HEX(c)===false){throw new Error("keyHex is not ASN.1 hex string")}var a=e.getChildIdx(c,0);if(a.length!==2||c.substr(a[0],2)!=="02"||c.substr(a[1],2)!=="02"){throw new Error("wrong hex for PKCS#5 public key")}var f=b(c,a[0]);var d=b(c,a[1]);this.setPublic(f,d)};RSAKey.prototype.readPKCS8PubKeyHex=function(b){var c=ASN1HEX;if(c.isASN1HEX(b)===false){throw new Error("not ASN.1 hex string")}if(c.getTLVbyListEx(b,0,[0,0])!=="06092a864886f70d010101"){throw new Error("not PKCS8 RSA public key")}var a=c.getTLVbyListEx(b,0,[1,0]);this.readPKCS5PubKeyHex(a)};RSAKey.prototype.readCertPubKeyHex=function(b,d){var a,c;a=new X509();a.readCertHex(b);c=a.getPublicKeyHex();this.readPKCS8PubKeyHex(c)}; var _RE_HEXDECONLY=new RegExp("[^0-9a-f]","gi");function _rsasign_getHexPaddedDigestInfoForString(d,e,a){var b=function(f){return KJUR.crypto.Util.hashString(f,a)};var c=b(d);return KJUR.crypto.Util.getPaddedDigestInfoHex(c,a,e)}function _zeroPaddingOfSignature(e,d){var c="";var a=d/4-e.length;for(var b=0;b>24,(d&16711680)>>16,(d&65280)>>8,d&255]))));d+=1}return b}RSAKey.prototype.signPSS=function(e,a,d){var c=function(f){return KJUR.crypto.Util.hashHex(f,a)};var b=c(rstrtohex(e));if(d===undefined){d=-1}return this.signWithMessageHashPSS(b,a,d)};RSAKey.prototype.signWithMessageHashPSS=function(l,a,k){var b=hextorstr(l);var g=b.length;var m=this.n.bitLength()-1;var c=Math.ceil(m/8);var d;var o=function(i){return KJUR.crypto.Util.hashHex(i,a)};if(k===-1||k===undefined){k=g}else{if(k===-2){k=c-g-2}else{if(k<-2){throw new Error("invalid salt length")}}}if(c<(g+k+2)){throw new Error("data too long")}var f="";if(k>0){f=new Array(k);new SecureRandom().nextBytes(f);f=String.fromCharCode.apply(String,f)}var n=hextorstr(o(rstrtohex("\x00\x00\x00\x00\x00\x00\x00\x00"+b+f)));var j=[];for(d=0;d>(8*c-m))&255;q[0]&=~p;for(d=0;dk){return false}var j=this.doPublic(b);var i=j.toString(16);if(i.length+3!=k/4){return false}var e=i.replace(/^1f+00/,"");var g=_rsasign_getAlgNameAndHashFromHexDisgestInfo(e);if(g.length==0){return false}var d=g[0];var h=g[1];var a=function(m){return KJUR.crypto.Util.hashString(m,d)};var c=a(f);return(h==c)};RSAKey.prototype.verifyWithMessageHash=function(e,a){if(a.length!=Math.ceil(this.n.bitLength()/4)){return false}var b=parseBigInt(a,16);if(b.bitLength()>this.n.bitLength()){return 0}var h=this.doPublic(b);var g=h.toString(16).replace(/^1f+00/,"");var c=_rsasign_getAlgNameAndHashFromHexDisgestInfo(g);if(c.length==0){return false}var d=c[0];var f=c[1];return(f==e)};RSAKey.prototype.verifyPSS=function(c,b,a,f){var e=function(g){return KJUR.crypto.Util.hashHex(g,a)};var d=e(rstrtohex(c));if(f===undefined){f=-1}return this.verifyWithMessageHashPSS(d,b,a,f)};RSAKey.prototype.verifyWithMessageHashPSS=function(f,s,l,c){if(s.length!=Math.ceil(this.n.bitLength()/4)){return false}var k=new BigInteger(s,16);var r=function(i){return KJUR.crypto.Util.hashHex(i,l)};var j=hextorstr(f);var h=j.length;var g=this.n.bitLength()-1;var m=Math.ceil(g/8);var q;if(c===-1||c===undefined){c=h}else{if(c===-2){c=m-h-2}else{if(c<-2){throw new Error("invalid salt length")}}}if(m<(h+c+2)){throw new Error("data too long")}var a=this.doPublic(k).toByteArray();for(q=0;q>(8*m-g))&255;if((d.charCodeAt(0)&p)!==0){throw new Error("bits beyond keysize not zero")}var n=pss_mgf1_str(e,d.length,r);var o=[];for(q=0;q0){return z}return undefined}catch(B){return undefined}};this._asn1ToNoticeRef=function(F){try{var A={};var B=aryval(F,"seq");for(var D=0;D0){return A}return undefined}catch(C){return undefined}};this._asn1ToNoticeNum=function(E){try{var A=aryval(E,"seq");var z=[];for(var C=0;C1){var G=b(C,B[1]);var A=this.getGeneralName(G);if(A.uri!=undefined){z.uri=A.uri}}if(B.length>2){var D=b(C,B[2]);if(D=="0101ff"){z.reqauth=true}if(D=="010100"){z.reqauth=false}}return z};var e=function(E){var z={};try{var B=E.seq[0].oid;var D=KJUR.asn1.x509.OID.name2oid(B);z.type=KJUR.asn1.x509.OID.oid2atype(D);var A=E.seq[1];if(A.utf8str!=undefined){z.ds="utf8";z.value=A.utf8str.str}else{if(A.numstr!=undefined){z.ds="num";z.value=A.numstr.str}else{if(A.telstr!=undefined){z.ds="tel";z.value=A.telstr.str}else{if(A.prnstr!=undefined){z.ds="prn";z.value=A.prnstr.str}else{if(A.ia5str!=undefined){z.ds="ia5";z.value=A.ia5str.str}else{if(A.visstr!=undefined){z.ds="vis";z.value=A.visstr.str}else{if(A.bmpstr!=undefined){z.ds="bmp";z.value=A.bmpstr.str}else{throw"error"}}}}}}}return z}catch(C){throw new Erorr("improper ASN.1 parsed AttrTypeAndValue")}};var i=function(A){try{return A.set.map(function(B){return e(B)})}catch(z){throw new Error("improper ASN.1 parsed RDN: "+z)}};var h=function(A){try{return A.seq.map(function(B){return i(B)})}catch(z){throw new Error("improper ASN.1 parsed X500Name: "+z)}};this.getX500NameRule=function(z){var G=true;var K=true;var J=false;var A="";var D="";var M=null;var H=[];for(var C=0;C0){z.ext=this.getExtParamArray()}z.sighex=this.getSignatureValueHex();if(A.tbshex==true){z.tbshex=a(this.hex,0,[0])}if(A.nodnarray==true){delete z.issuer.array;delete z.subject.array}return z};this.getExtParamArray=function(A){if(A==undefined){var C=f(this.hex,0,[0,"[3]"]);if(C!=-1){A=q(this.hex,0,[0,"[3]",0],"30")}}var z=[];var B=s(A,0);for(var D=0;D0){return z}return undefined}catch(B){return undefined}};this._asn1ToNoticeRef=function(F){try{var A={};var B=aryval(F,"seq");for(var D=0;D0){return A}return undefined}catch(C){return undefined}};this._asn1ToNoticeNum=function(E){try{var A=aryval(E,"seq");var z=[];for(var C=0;C1){var G=b(C,B[1]);var A=this.getGeneralName(G);if(A.uri!=undefined){z.uri=A.uri}}if(B.length>2){var D=b(C,B[2]);if(D=="0101ff"){z.reqauth=true}if(D=="010100"){z.reqauth=false}}return z};this.getExtSubjectDirectoryAttributes=function(H,G){if(H===undefined&&G===undefined){var B=this.getExtInfo("subjectDirectoryAttributes");if(B===undefined){return undefined}H=b(this.hex,B.vidx);G=B.critical}var I={extname:"subjectDirectoryAttributes"};if(G){I.critical=true}try{var z=j(H);for(var D=0;D0){z.ext=this.getExtParamArray()}z.sighex=this.getSignatureValueHex();if(A.tbshex==true){z.tbshex=a(this.hex,0,[0])}if(A.nodnarray==true){delete z.issuer.array;delete z.subject.array}return z};this.getExtParamArray=function(A){if(A==undefined){var C=f(this.hex,0,[0,"[3]"]);if(C!=-1){A=q(this.hex,0,[0,"[3]",0],"30")}}var z=[];var B=s(A,0);for(var D=0;D0){var b=":"+n.join(":")+":";if(b.indexOf(":"+k+":")==-1){throw"algorithm '"+k+"' not accepted in the list"}}if(k!="none"&&B===null){throw"key shall be specified to verify."}if(typeof B=="string"&&B.indexOf("-----BEGIN ")!=-1){B=KEYUTIL.getKey(B)}if(z=="RS"||z=="PS"){if(!(B instanceof m)){throw"key shall be a RSAKey obj for RS* and PS* algs"}}if(z=="ES"){if(!(B instanceof p)){throw"key shall be a ECDSA obj for ES* algs"}}if(k=="none"){}var u=null;if(t.jwsalg2sigalg[l.alg]===undefined){throw"unsupported alg name: "+k}else{u=t.jwsalg2sigalg[k]}if(u=="none"){throw"not supported"}else{if(u.substr(0,4)=="Hmac"){var o=null;if(B===undefined){throw"hexadecimal key shall be specified for HMAC"}var j=new s({alg:u,pass:B});j.updateString(c);o=j.doFinal();return A==o}else{if(u.indexOf("withECDSA")!=-1){var h=null;try{h=p.concatSigToASN1Sig(A)}catch(v){return false}var g=new d({alg:u});g.init(B);g.updateString(c);return g.verify(h)}else{var g=new d({alg:u});g.init(B);g.updateString(c);return g.verify(A)}}}};KJUR.jws.JWS.parse=function(g){var c=g.split(".");var b={};var f,e,d;if(c.length!=2&&c.length!=3){throw"malformed sJWS: wrong number of '.' splitted elements"}f=c[0];e=c[1];if(c.length==3){d=c[2]}b.headerObj=KJUR.jws.JWS.readSafeJSONString(b64utoutf8(f));b.payloadObj=KJUR.jws.JWS.readSafeJSONString(b64utoutf8(e));b.headerPP=JSON.stringify(b.headerObj,null," ");if(b.payloadObj==null){b.payloadPP=b64utoutf8(e)}else{b.payloadPP=JSON.stringify(b.payloadObj,null," ")}if(d!==undefined){b.sigHex=b64utohex(d)}return b};KJUR.jws.JWS.verifyJWT=function(e,l,r){var d=KJUR,j=d.jws,o=j.JWS,n=o.readSafeJSONString,p=o.inArray,f=o.includedArray;if(!isBase64URLDot(e)){return false}var k=e.split(".");if(k.length!=3){return false}var c=k[0];var i=k[1];var q=c+"."+i;var m=b64utohex(k[2]);var h=n(b64utoutf8(c));var g=n(b64utoutf8(i));if(h.alg===undefined){return false}if(r.alg===undefined){throw"acceptField.alg shall be specified"}if(!p(h.alg,r.alg)){return false}if(g.iss!==undefined&&typeof r.iss==="object"){if(!p(g.iss,r.iss)){return false}}if(g.sub!==undefined&&typeof r.sub==="object"){if(!p(g.sub,r.sub)){return false}}if(g.aud!==undefined&&typeof r.aud==="object"){if(typeof g.aud=="string"){if(!p(g.aud,r.aud)){return false}}else{if(typeof g.aud=="object"){if(!f(g.aud,r.aud)){return false}}}}var b=j.IntDate.getNow();if(r.verifyAt!==undefined&&typeof r.verifyAt==="number"){b=r.verifyAt}if(r.gracePeriod===undefined||typeof r.gracePeriod!=="number"){r.gracePeriod=0}if(g.exp!==undefined&&typeof g.exp=="number"){if(g.exp+r.gracePeriodl){this.aHeader.pop()}if(this.aSignature.length>l){this.aSignature.pop()}throw"addSignature failed: "+i}};this.verifyAll=function(h){if(this.aHeader.length!==h.length||this.aSignature.length!==h.length){return false}for(var g=0;g0){this.aHeader=g.headers}else{throw"malformed header"}if(typeof g.payload==="string"){this.sPayload=g.payload}else{throw"malformed signatures"}if(g.signatures.length>0){this.aSignature=g.signatures}else{throw"malformed signatures"}}catch(e){throw"malformed JWS-JS JSON object: "+e}}};this.getJSON=function(){return{headers:this.aHeader,payload:this.sPayload,signatures:this.aSignature}};this.isEmpty=function(){if(this.aHeader.length==0){return 1}return 0}}; diff --git a/npm/package.json b/npm/package.json index d18b6230..02363dde 100755 --- a/npm/package.json +++ b/npm/package.json @@ -1,6 +1,6 @@ { "name": "jsrsasign", - "version": "10.8.3", + "version": "10.8.4", "description": "opensource free pure JavaScript cryptographic library supports RSA/RSAPSS/ECDSA/DSA signing/validation, ASN.1, PKCS#1/5/8 private/public key, X.509 certificate, CRL, OCSP, CMS SignedData, TimeStamp and CAdES and JSON Web Signature(JWS)/Token(JWT)/Key(JWK).", "main": "lib/jsrsasign.js", "scripts": { diff --git a/src/asn1x509-1.0.js b/src/asn1x509-1.0.js index 447e7f25..c0769985 100644 --- a/src/asn1x509-1.0.js +++ b/src/asn1x509-1.0.js @@ -1,9 +1,9 @@ -/* asn1x509-2.1.19.js (c) 2013-2022 Kenji Urushima | kjur.github.io/jsrsasign/license +/* asn1x509-2.1.20.js (c) 2013-2022 Kenji Urushima | kjur.github.io/jsrsasign/license */ /* * asn1x509.js - ASN.1 DER encoder classes for X.509 certificate * - * Copyright (c) 2013-2022 Kenji Urushima (kenji.urushima@gmail.com) + * Copyright (c) 2013-2023 Kenji Urushima (kenji.urushima@gmail.com) * * This software is licensed under the terms of the MIT License. * https://kjur.github.io/jsrsasign/license @@ -16,7 +16,7 @@ * @fileOverview * @name asn1x509-1.0.js * @author Kenji Urushima kenji.urushima@gmail.com - * @version jsrsasign 10.8.3 asn1x509 2.1.19 (2023-Apr-20) + * @version jsrsasign 10.8.4 asn1x509 2.1.20 (2023-Apr-26) * @since jsrsasign 2.1 * @license MIT License */ @@ -2269,6 +2269,8 @@ extendClass(KJUR.asn1.x509.IssuerAltName, KJUR.asn1.x509.Extension); * @param {Array} params associative array of parameters * @extends KJUR.asn1.x509.Extension * @since jsrsasign 10.1.9 asn1x509 2.1.7 + * @see + * * @description * This class provides X.509v3 SubjectDirectoryAttributes extension * defined in @@ -2282,6 +2284,16 @@ extendClass(KJUR.asn1.x509.IssuerAltName, KJUR.asn1.x509.Extension); * AttributeType ::= OBJECT IDENTIFIER * AttributeValue ::= ANY DEFINED BY AttributeType * + * Value of member "array" is an array which as following associative arrays as elements: + *
    + *
  • attr: OID name or value of attribute type (ex. "gender" or "1.2.3.4")
    • + *
  • str: attribute value of pre defined types (See example for registered attribute types)
    • + *
  • array: array of ASN.1 parameters as attribute value (See {@link KJUR.asn1.ASN1Util#newObject})
    • + *
+ *
+ * NOTE: From jsrsasign 10.8.4, member "array in array" supported for an arbitrary + * attribute value. + * * @example * e1 = new KJUR.asn1.x509.SubjectDirectoryAttributes({ * extname: "subjectDirectoryAttributes", @@ -2290,7 +2302,8 @@ extendClass(KJUR.asn1.x509.IssuerAltName, KJUR.asn1.x509.Extension); * { attr: "placeOfBirth", str: "Tokyo" }, * { attr: "gender", str: "F" }, * { attr: "countryOfCitizenship", str: "JP" }, - * { attr: "countryOfResidence", str: "JP" } + * { attr: "countryOfResidence", str: "JP" }, + * { attr: "1.2.3.4.5", array: [{prnstr: {str: "aaa"}}] } * ] * }); */ @@ -2308,12 +2321,13 @@ KJUR.asn1.x509.SubjectDirectoryAttributes = function(params) { for (var i = 0; i < this.params.array.length; i++) { var pAttr = this.params.array[i]; - var newparam = { - "seq": [ - {"oid": "1.2.3.4"}, - {"set": [{"utf8str": "DE"}]} - ] - }; + if (pAttr.attr != undefined && pAttr.array != undefined) { + var pObj = {"seq": [{"oid": pAttr.attr}, {"set": pAttr.array}]}; + a.push(_newObject(pObj)); + continue; + } + + var newparam = {"seq": [{"oid": "1.2.3.4"}, {"set": [{"utf8str": "DE"}]}]}; if (pAttr.attr == "dateOfBirth") { newparam.seq[0].oid = _name2oid(pAttr.attr); diff --git a/src/base64x-1.1.js b/src/base64x-1.1.js index 3c866dec..30902425 100644 --- a/src/base64x-1.1.js +++ b/src/base64x-1.1.js @@ -1,4 +1,4 @@ -/* base64x-1.1.32 (c) 2012-2023 Kenji Urushima | kjur.github.io/jsrsasign/license +/* base64x-1.1.33 (c) 2012-2023 Kenji Urushima | kjur.github.io/jsrsasign/license */ /* * base64x.js - Base64url and supplementary functions for Tom Wu's base64.js library @@ -16,7 +16,7 @@ * @fileOverview * @name base64x-1.1.js * @author Kenji Urushima kenji.urushima@gmail.com - * @version jsrsasign 10.8.0 base64x 1.1.32 (2023-Apr-08) + * @version jsrsasign 10.8.4 base64x 1.1.33 (2023-Apr-26) * @since jsrsasign 2.1 * @license MIT License */ @@ -533,7 +533,9 @@ function hextob64nl(s) { * 7890 */ function foldnl(s, n) { - return s.replace(new RegExp('(.{' + n + '})', 'g'), "$1\r\n"); + s = s.replace(new RegExp('(.{' + n + '})', 'g'), "$1\r\n"); + s = s.replace(/\s+$/, ''); + return s; } /** diff --git a/src/x509-1.1.js b/src/x509-1.1.js index e03e8787..748c464c 100644 --- a/src/x509-1.1.js +++ b/src/x509-1.1.js @@ -1,4 +1,4 @@ -/* x509-2.1.3.js (c) 2012-2023 Kenji Urushima | kjur.github.io/jsrsasign/license +/* x509-2.1.4.js (c) 2012-2023 Kenji Urushima | kjur.github.io/jsrsasign/license */ /* * x509.js - X509 class to read subject public key from certificate. @@ -16,7 +16,7 @@ * @fileOverview * @name x509-1.1.js * @author Kenji Urushima kenji.urushima@gmail.com - * @version jsrsasign 10.8.0 x509 2.1.3 (2023-Apr-08) + * @version jsrsasign 10.8.4 x509 2.1.4 (2023-Apr-26) * @since jsrsasign 1.x.x * @license MIT License */ @@ -2548,6 +2548,70 @@ function X509(params) { return result; }; + /** + * parse SubjectDirectoryAttributes extension as JSON object
+ * @name getExtSubjectDirectoryAttributes + * @memberOf X509# + * @function + * @param {String} hExtV hexadecimal string of extension value + * @param {Boolean} critical flag + * @return {Array} JSON object of parsed SubjectDirectoryAttributes extension + * @since jsrsasign 10.8.4 x509 2.1.4 + * @see KJUR.asn1.x509.SubjectDirectoryAttributes + * @see X509#getExtParamArray + * @see X509#getExtParam + * + * @description + * This method parses + * SubjectDirectoryAttributes extension value defined in the + * defined in + * RFC 3739 Qualified Certificate Profile section 3.3.2 as JSON object. + * 
+     * SubjectDirectoryAttributes ::= Attributes
+     * Attributes ::= SEQUENCE SIZE (1..MAX) OF Attribute
+     * Attribute ::= SEQUENCE {
+     *   type AttributeType 
+     *   values SET OF AttributeValue }
+     * AttributeType ::= OBJECT IDENTIFIER
+     * AttributeValue ::= ANY DEFINED BY AttributeType
+     *
+ *
+ * Result of this method can be passed to + * {@link KJUR.asn1.x509.SubjectDirectoryAttributes} constructor. + * + * @example + * x.getExtSubjectDirectoryAttributes(<>) → + * { "extname": "SubjectDirectoryAttributes", + * "array": [ + * { "attr": "gender", "array": [{"prnstr": {"str": "female"}}] }, + * { "attr": "1.2.3.4.5", "array": [{"prnstr": {"str": "aaa"}}, {"utf8str": {"str": "bbb"}}] } + * ] } + */ + this.getExtSubjectDirectoryAttributes = function(hExtV, critical) { + if (hExtV === undefined && critical === undefined) { + var info = this.getExtInfo("subjectDirectoryAttributes"); + if (info === undefined) return undefined; + hExtV = _getTLV(this.hex, info.vidx); + critical = info.critical; + } + + var result = { extname: "subjectDirectoryAttributes" }; + if (critical) result.critical = true; + try { + var pASN1 = _ASN1HEX_parse(hExtV); + for (var i = 0; i < pASN1.seq.length; i++) { + var aASN1Attribute = pASN1.seq[i]; + var attrType = aryval(aASN1Attribute, "0.oid"); + var attrValue = aryval(aASN1Attribute, "1.set"); + return { attr: attrType, array: attrValue }; + } + result.array = aValue; + return result; + } catch(ex) { + throw new Error("malformed subjectDirectoryAttributes extension value"); + } + } + // ===== BEGIN X500Name related ===================================== /* * convert ASN.1 parsed object to attrTypeAndValue assoc array
@@ -3114,6 +3178,8 @@ function X509(params) { extParam = this.getExtCRLNumber(hExtV, critical); } else if (oid == "2.5.29.21") { extParam = this.getExtCRLReason(hExtV, critical); + } else if (oid == "2.5.29.9") { + extParam = this.getExtSubjectDirectoryAttributes(hExtV, critical); } else if (oid == "1.3.6.1.5.5.7.48.1.2") { extParam = this.getExtOcspNonce(hExtV, critical); } else if (oid == "1.3.6.1.5.5.7.48.1.5") { @@ -3125,7 +3191,11 @@ function X509(params) { } if (extParam != undefined) return extParam; + // for private or unsupported extension var privateParam = { extname: oid, extn: hExtV }; + try { + privateParam.extn = _ASN1HEX_parse(hExtV); + } catch(ex) {} if (critical) privateParam.critical = true; return privateParam; }; diff --git a/test/qunit-do-asn1x509.html b/test/qunit-do-asn1x509.html index 813b6d50..1df570b6 100755 --- a/test/qunit-do-asn1x509.html +++ b/test/qunit-do-asn1x509.html @@ -1411,9 +1411,10 @@ }); test("SubjectDirectoryAttributes test", function() { +var pIn, hExpect; var _SDA = KJUR.asn1.x509.SubjectDirectoryAttributes; -var hExpect = "30720603551d09046b3069301d06082b060105050709013111180f31393730313233313233303030305a301306082b0601050507090231070c05546f6b796f300f06082b060105050709033103130146301006082b06010505070904310413024a50301006082b06010505070905310413024a50"; -var param = { +hExpect = "30720603551d09046b3069301d06082b060105050709013111180f31393730313233313233303030305a301306082b0601050507090231070c05546f6b796f300f06082b060105050709033103130146301006082b06010505070904310413024a50301006082b06010505070905310413024a50"; +pIn = { extname: "subjectDirectoryAttributes", array: [ { attr: "dateOfBirth", str: "19701231230000Z" }, @@ -1423,11 +1424,26 @@ { attr: "countryOfResidence", str: "JP" } ] }; -equal((new _SDA(param)).getEncodedHex(), hExpect, "hex"); +equal((new _SDA(pIn)).tohex(), hExpect, "str hex"); equal( -ASN1HEX.dump((new _SDA(param)).getEncodedHex()), +ASN1HEX.dump((new _SDA(pIn)).tohex()), ASN1HEX.dump(hExpect), -"dump"); +"str dump"); + +hExpect = "302e0603551d0904273025300d06042a03040531051303616161301406082b060105050709033108130666656d616c65"; +pIn = { + extname: "subjectDirectoryAttributes", + array: [ + { attr: "1.2.3.4.5", array: [{prnstr: "aaa"}] }, + { attr: "gender", array: [{prnstr: "female"}] }, + ] +}; +equal((new _SDA(pIn)).tohex(), hExpect, "array hex"); +equal( +ASN1HEX.dump((new _SDA(pIn)).tohex()), +ASN1HEX.dump(hExpect), +"array dump"); + }); test("OID class test", function() { diff --git a/test/qunit-do-base64x.html b/test/qunit-do-base64x.html index 262702f8..a1ba657b 100755 --- a/test/qunit-do-base64x.html +++ b/test/qunit-do-base64x.html @@ -248,6 +248,7 @@ test("foldnl", function() { equal(foldnl("1234567890", 4), "1234\r\n5678\r\n90", "10 chars 4 cols"); +equal(foldnl("12345678", 4), "1234\r\n5678", "8 chars 4 cols"); equal(foldnl("1234567890", 3), "123\r\n456\r\n789\r\n0", "10 chars 3 cols"); }); diff --git a/test/qunit-do-x509-ext.html b/test/qunit-do-x509-ext.html index 0deb8e21..cfe41176 100755 --- a/test/qunit-do-x509-ext.html +++ b/test/qunit-do-x509-ext.html @@ -996,6 +996,21 @@ equal(r == undefined, true, "no basicConstraints returns undefined"); }); +test("getExtSubjectDirectoryAttributes", function() { +var hIn, pExpect; +var x = new X509(); +hIn = "3025300d06042a03040531051303616161301406082b060105050709033108130666656d616c65"; +pExpect = { + extname: "subjectDirectoryAttributes", + array: [ + { attr: "1.2.3.4.5", array: [{prnstr: {str: "aaa"}}] }, + { attr: "gender", array: [{prnstr: {str: "female"}}] } + ] +}; +deepEqual(x.getExtSubjectDirectoryAttributes(hIn), pExpect, "hoge"); + +}); + test("parseExt(CSR) test (csrcertbot1)", function() { var x = new X509(); x.parseExt(csrcertbot1); @@ -1147,6 +1162,18 @@ }; deepEqual(x.getX500Name(hIn), pExpect, "BMP(ICS2) non ascii)") +hIn = "3064310f300d06035504040c0659616d616461310f300d060355042a0c0648616e616b6f3116301406035504030c0d59414d4144412048616e616b6f3128302606092a864886f70d010901161968616e616b6f2e79616d616461406578616d706c652e636f6d"; +pExpect = { + array: [ + [{type: "SN", value: "Yamada", ds: "utf8"}], + [{type: "GN", value: "Hanako", ds: "utf8"}], + [{type: "CN", value: "YAMADA Hanako", ds: "utf8"}], + [{type: "E", value: "hanako.yamada@example.com", ds: "ia5"}] + ], + str: "/SN=Yamada/GN=Hanako/CN=YAMADA Hanako/E=hanako.yamada@example.com" +}; +deepEqual(x.getX500Name(hIn), pExpect, "CABF SMIME BR sample"); + }); test("getRDN test", function() { @@ -1283,6 +1310,17 @@ }); +test("getExtParam - unknown private extension", function() { +var x = new X509(); +var hIn, pExpect; +hIn = "301506092a8308868f4c01010504080c06e69db1e4baac"; +pExpect = { + extname: "1.2.392.100300.1.1.5", + extn: { utf8str: { str: "東京" } } +}; +deepEqual(x.getExtParam(hIn), pExpect, "unknown extension 1.2.392.100300.1.1.5={prn 東京}"); +}); + test("X509.registExtParser", function() { var x = new X509(); function _f1(oid, critical, hExtV) { @@ -1294,19 +1332,24 @@ return undefined; } } + X509.registExtParser("1.2.392.100300.1.1.2", _f1); var pExp = { extname: "1.2.392.100300.1.1.2", value: "東京" }; -deepEqual(x.getExtParam("301506092a8308868f4c01010204080c06e69db1e4baac"), pExp, "success case"); +deepEqual(x.getExtParam("301506092a8308868f4c01010204080c06e69db1e4baac"), pExp, "success case (=utf8)"); + var pExp2 = { extname: "1.2.392.100300.1.1.2", - extn: "1306e69db1e4baac" + extn: { prnstr: { str: "東京" } } }; -deepEqual(x.getExtParam("301506092a8308868f4c01010204081306e69db1e4baac"), pExp2, "fail case"); +deepEqual(x.getExtParam("301506092a8308868f4c01010204081306e69db1e4baac"), pExp2, "fail case (=prnstr)"); + }); + + }); diff --git a/test/qunit-do-x509-param.html b/test/qunit-do-x509-param.html index 51db232f..c4d6754b 100755 --- a/test/qunit-do-x509-param.html +++ b/test/qunit-do-x509-param.html @@ -725,7 +725,25 @@ ], sighex: "1b04c691eba9c2d992abc11aba5bc6fc7c21bff817b4135a5f448aff5afc608ac4617c79ce77cb4dc843dfd91a49ac15200456fb46620cb7db0191d433ad1c55" }; -deepEqual(pIn, pExpected, JSON.stringify(pExpected)); +var pExpected2 = { + version: 3, + serial: {hex: "05"}, + sigalg: "SHA256withRSA", + issuer: {str: "/C=US/O=a"}, + notbefore: '130504235959Z', + notafter: '140504235959Z', + subject: {str: "/C=US/O=b"}, + sbjpubkey: "-----BEGIN PUBLIC KEY-----\r\nMFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAOhmTdK0BSkSFWjzs5vJemLnujwJur3E\r\n8NzY35DreQubtkWitw4xEnR7TTxBtRQkiVEV/viPedQ+rlsaTjUY/VkCAwEAAQ==\r\n-----END PUBLIC KEY-----\r\n", + ext: [ + {extname: "policyMappings", critical: true, array: [["anyPolicy", "1.2.3"]]}, + {extname: "policyConstraints", critical: true, reqexp: 1}, + {extname: "inhibitAnyPolicy", critical: true, skip: 1} + ], + sighex: "1b04c691eba9c2d992abc11aba5bc6fc7c21bff817b4135a5f448aff5afc608ac4617c79ce77cb4dc843dfd91a49ac15200456fb46620cb7db0191d433ad1c55" +}; +//deepEqual(pIn, pExpected, JSON.stringify(pExpected)); +//deepEqual(pIn, pExpected, "hogeho"); +equal(JSON.stringify(pIn, null, 2), JSON.stringify(pExpected, null, 2), "hogeho2"); }); test("findParam test", function() {