diff --git a/ChangeLog.txt b/ChangeLog.txt index 280dff4f..a9018580 100755 --- a/ChangeLog.txt +++ b/ChangeLog.txt @@ -1,6 +1,12 @@ ChangeLog for jsrsasign +X509.getExtCRLDistributionPointsURI small fix + - src/x509.js + - fix X509.getExtCRLDistributionPointsURI. This returns + undefined when no CDP extension as specified in document + even though it is deprecated method. + KEYUTIL.getPEM small fix * Changes from 10.5.13 to 10.5.14 (2022-Mar-28) - src/keyutil.js diff --git a/api/files.html b/api/files.html index f499edc6..ad889029 100644 --- a/api/files.html +++ b/api/files.html @@ -886,7 +886,7 @@

x509-1.1.js

Version:
-
jsrsasign 10.5.12 x509 2.0.14 (2022-Mar-13)
+
jsrsasign 10.5.15 x509 2.0.15 (2022-Apr-06)
diff --git a/api/symbols/src/asn1-1.0.js.html b/api/symbols/src/asn1-1.0.js.html index ae74c0f5..0256dd45 100644 --- a/api/symbols/src/asn1-1.0.js.html +++ b/api/symbols/src/asn1-1.0.js.html @@ -1840,4 +1840,4 @@ 1833 if (params !== undefined) this.setByParam(params); 1834 }; 1835 extendClass(KJUR.asn1.DERTaggedObject, KJUR.asn1.ASN1Object); -1836 +1836 \ No newline at end of file diff --git a/api/symbols/src/asn1cades-1.0.js.html b/api/symbols/src/asn1cades-1.0.js.html index 43ac5474..077a6a84 100644 --- a/api/symbols/src/asn1cades-1.0.js.html +++ b/api/symbols/src/asn1cades-1.0.js.html @@ -950,4 +950,4 @@ 943 return r; 944 }; 945 -946 +946 \ No newline at end of file diff --git a/api/symbols/src/asn1cms-1.0.js.html b/api/symbols/src/asn1cms-1.0.js.html index 857940ef..1569f0ee 100644 --- a/api/symbols/src/asn1cms-1.0.js.html +++ b/api/symbols/src/asn1cms-1.0.js.html @@ -3257,4 +3257,4 @@ 3250 return {array: a, sortflag: false}; 3251 }; 3252 }; -3253 +3253 \ No newline at end of file diff --git a/api/symbols/src/asn1csr-1.0.js.html b/api/symbols/src/asn1csr-1.0.js.html index d265a389..1f86e29a 100644 --- a/api/symbols/src/asn1csr-1.0.js.html +++ b/api/symbols/src/asn1csr-1.0.js.html @@ -488,4 +488,4 @@ 481 }; 482 483 -484 +484 \ No newline at end of file diff --git a/api/symbols/src/asn1hex-1.1.js.html b/api/symbols/src/asn1hex-1.1.js.html index 9a823da2..b7a983d4 100644 --- a/api/symbols/src/asn1hex-1.1.js.html +++ b/api/symbols/src/asn1hex-1.1.js.html @@ -1366,4 +1366,4 @@ 1359 return name; 1360 }; 1361 -1362 +1362 \ No newline at end of file diff --git a/api/symbols/src/asn1ocsp-1.0.js.html b/api/symbols/src/asn1ocsp-1.0.js.html index 307f505e..433d698c 100644 --- a/api/symbols/src/asn1ocsp-1.0.js.html +++ b/api/symbols/src/asn1ocsp-1.0.js.html @@ -2076,4 +2076,4 @@ 2069 }; 2070 }; 2071 -2072 +2072 \ No newline at end of file diff --git a/api/symbols/src/asn1tsp-1.0.js.html b/api/symbols/src/asn1tsp-1.0.js.html index 06d3a775..0095c7e5 100644 --- a/api/symbols/src/asn1tsp-1.0.js.html +++ b/api/symbols/src/asn1tsp-1.0.js.html @@ -1475,4 +1475,4 @@ 1468 } 1469 }; 1470 }; -1471 +1471 \ No newline at end of file diff --git a/api/symbols/src/asn1x509-1.0.js.html b/api/symbols/src/asn1x509-1.0.js.html index b7e73dcd..4fa4e124 100644 --- a/api/symbols/src/asn1x509-1.0.js.html +++ b/api/symbols/src/asn1x509-1.0.js.html @@ -4720,4 +4720,4 @@ 4713 return cert.getPEM(); 4714 }; 4715 -4716 +4716 \ No newline at end of file diff --git a/api/symbols/src/base64x-1.1.js.html b/api/symbols/src/base64x-1.1.js.html index 4536a649..f3b8151a 100644 --- a/api/symbols/src/base64x-1.1.js.html +++ b/api/symbols/src/base64x-1.1.js.html @@ -1754,4 +1754,4 @@ 1747 } 1748 }; 1749 -1750 +1750 \ No newline at end of file diff --git a/api/symbols/src/crypto-1.1.js.html b/api/symbols/src/crypto-1.1.js.html index 7184e7f8..f4f8ceb4 100644 --- a/api/symbols/src/crypto-1.1.js.html +++ b/api/symbols/src/crypto-1.1.js.html @@ -1527,4 +1527,4 @@ 1520 '608648016503040302': 'SHA256withDSA', // 2.16.840.1.101.3.4.3.2 1521 }; 1522 }; -1523 +1523 \ No newline at end of file diff --git a/api/symbols/src/dsa-2.0.js.html b/api/symbols/src/dsa-2.0.js.html index 89a7fc8c..5d7195e2 100644 --- a/api/symbols/src/dsa-2.0.js.html +++ b/api/symbols/src/dsa-2.0.js.html @@ -381,4 +381,4 @@ 374 this.setPublicHex(hP, hQ, hG, hY); 375 }; 376 } -377 +377 \ No newline at end of file diff --git a/api/symbols/src/ecdsa-modified-1.0.js.html b/api/symbols/src/ecdsa-modified-1.0.js.html index 2f5e7d27..04d5b49d 100644 --- a/api/symbols/src/ecdsa-modified-1.0.js.html +++ b/api/symbols/src/ecdsa-modified-1.0.js.html @@ -905,4 +905,4 @@ 898 899 900 -901 +901 \ No newline at end of file diff --git a/api/symbols/src/ecparam-1.0.js.html b/api/symbols/src/ecparam-1.0.js.html index 9ecefea7..b8c31671 100644 --- a/api/symbols/src/ecparam-1.0.js.html +++ b/api/symbols/src/ecparam-1.0.js.html @@ -254,4 +254,4 @@ 247 "011839296a789a3bc0045c8a5fb42c7d1bd998f54449579b446817afbd17273e662c97ee72995ef42640c550b9013fad0761353c7086a272c24088be94769fd16650", // gy 248 ["NIST P-521", "P-521"]); // alias 249 -250 +250 \ No newline at end of file diff --git a/api/symbols/src/jws-3.3.js.html b/api/symbols/src/jws-3.3.js.html index dd002376..1925cf4e 100644 --- a/api/symbols/src/jws-3.3.js.html +++ b/api/symbols/src/jws-3.3.js.html @@ -1096,4 +1096,4 @@ 1089 return year + mon + day + hour + min + sec + "Z"; 1090 }; 1091 -1092 +1092 \ No newline at end of file diff --git a/api/symbols/src/jwsjs-2.0.js.html b/api/symbols/src/jwsjs-2.0.js.html index d1da36b9..a2332aec 100644 --- a/api/symbols/src/jwsjs-2.0.js.html +++ b/api/symbols/src/jwsjs-2.0.js.html @@ -309,4 +309,4 @@ 302 }; 303 }; 304 -305 +305 \ No newline at end of file diff --git a/api/symbols/src/keyutil-1.0.js.html b/api/symbols/src/keyutil-1.0.js.html index 21a8ed1d..ecb8675a 100644 --- a/api/symbols/src/keyutil-1.0.js.html +++ b/api/symbols/src/keyutil-1.0.js.html @@ -1938,4 +1938,4 @@ 1931 KEYUTIL.getJWKFromKey = function(keyObj) { 1932 return KEYUTIL.getJWK(keyObj, true, true, true, true); 1933 } -1934 +1934 \ No newline at end of file diff --git a/api/symbols/src/nodeutil-1.0.js.html b/api/symbols/src/nodeutil-1.0.js.html index d351c94f..0b6f30f3 100644 --- a/api/symbols/src/nodeutil-1.0.js.html +++ b/api/symbols/src/nodeutil-1.0.js.html @@ -183,4 +183,4 @@ 176 console.log(s + JSON.stringify(json, null, " ")); 177 } 178 -179 +179 \ No newline at end of file diff --git a/api/symbols/src/rsapem-1.1.js.html b/api/symbols/src/rsapem-1.1.js.html index 6eb68f53..3a9c10cb 100644 --- a/api/symbols/src/rsapem-1.1.js.html +++ b/api/symbols/src/rsapem-1.1.js.html @@ -190,4 +190,4 @@ 183 hPub = x.getPublicKeyHex(); 184 this.readPKCS8PubKeyHex(hPub); 185 }; -186 +186 \ No newline at end of file diff --git a/api/symbols/src/rsasign-1.2.js.html b/api/symbols/src/rsasign-1.2.js.html index 0df5debc..3aa60c52 100644 --- a/api/symbols/src/rsasign-1.2.js.html +++ b/api/symbols/src/rsasign-1.2.js.html @@ -427,4 +427,4 @@ 420 * @class key of RSA public key algorithm 421 * @description Tom Wu's RSA Key class and extension 422 */ -423 +423 \ No newline at end of file diff --git a/api/symbols/src/x509-1.1.js.html b/api/symbols/src/x509-1.1.js.html index 767af265..85afd20d 100644 --- a/api/symbols/src/x509-1.1.js.html +++ b/api/symbols/src/x509-1.1.js.html @@ -5,7 +5,7 @@ .STRN {color: #393;} .REGX {color: #339;} .line {border-right: 1px dotted #666; color: #666; font-style: normal;} - 
  1 /* x509-2.0.14.js (c) 2012-2022 Kenji Urushima | kjur.github.io/jsrsasign/license
+	
  1 /* x509-2.0.15.js (c) 2012-2022 Kenji Urushima | kjur.github.io/jsrsasign/license
   2  */
   3 /*
   4  * x509.js - X509 class to read subject public key from certificate.
@@ -23,7 +23,7 @@
  16  * @fileOverview
  17  * @name x509-1.1.js
  18  * @author Kenji Urushima kenji.urushima@gmail.com
- 19  * @version jsrsasign 10.5.12 x509 2.0.14 (2022-Mar-13)
+ 19  * @version jsrsasign 10.5.15 x509 2.0.15 (2022-Apr-06)
  20  * @since jsrsasign 1.x.x
  21  * @license <a href="https://kjur.github.io/jsrsasign/license/">MIT License</a>
  22  */
@@ -1519,1690 +1519,1691 @@
 1512      */
 1513     this.getExtCRLDistributionPointsURI = function() {
 1514 	var p = this.getExtCRLDistributionPoints();
-1515 	var a = p.array;
-1516 	var result = [];
-1517 	for (var i = 0; i < a.length; i++) {
-1518 	    try {
-1519 		if (a[i].dpname.full[0].uri != undefined) {
-1520 		    result.push(a[i].dpname.full[0].uri);
-1521 		}
-1522 	    } catch(ex) {}
-1523 	}
-1524 	return result;
-1525     };
-1526 
-1527     /**
-1528      * get AuthorityInfoAccess extension value in the certificate as associative array
-1529      * @name getExtAIAInfo
-1530      * @memberOf X509#
-1531      * @function
-1532      * @return {Object} associative array of AIA extension properties
-1533      * @since jsrsasign 7.2.0 x509 1.1.14
-1534      * @description
-1535      * This method will get authority info access value
-1536      * as associate array which has following properties:
-1537      * <ul>
-1538      * <li>ocsp - array of string for OCSP responder URL</li>
-1539      * <li>caissuer - array of string for caIssuer value (i.e. CA certificates URL)</li>
-1540      * </ul>
-1541      * If there is this in the certificate, it returns undefined;
-1542      * @example
-1543      * x = new X509();
-1544      * x.readCertPEM(sCertPEM); // parseExt() will also be called internally.
-1545      * x.getExtAIAInfo(hCert) → 
-1546      * { ocsp:     ["http://ocsp.foo.com"],
-1547      *   caissuer: ["http://rep.foo.com/aaa.p8m"] }
-1548      */
-1549     this.getExtAIAInfo = function() {
-1550 	var info = this.getExtInfo("authorityInfoAccess");
-1551 	if (info === undefined) return info;
-1552 
-1553 	var result = { ocsp: [], caissuer: [] };
-1554 	var a = _getChildIdx(this.hex, info.vidx);
-1555 	for (var i = 0; i < a.length; i++) {
-1556 	    var hOID = _getVbyList(this.hex, a[i], [0], "06");
-1557 	    var hName = _getVbyList(this.hex, a[i], [1], "86");
-1558 	    if (hOID === "2b06010505073001") {
-1559 		result.ocsp.push(hextoutf8(hName));
-1560 	    }
-1561 	    if (hOID === "2b06010505073002") {
-1562 		result.caissuer.push(hextoutf8(hName));
-1563 	    }
-1564 	}
-1565 
-1566 	return result;
-1567     };
-1568 
-1569     /**
-1570      * get AuthorityInfoAccess extension value as JSON object
-1571      * @name getExtAuthorityInfoAccess
-1572      * @memberOf X509#
-1573      * @function
-1574      * @param {String} hExtV hexadecimal string of extension value (OPTIONAL)
-1575      * @param {Boolean} critical flag (OPTIONAL)
-1576      * @return {Array} JSON object of AuthorityInfoAccess parameters or undefined
-1577      * @since jsrsasign 9.0.0 x509 2.0.0
-1578      * @see KJUR.asn1.x509.AuthorityInfoAccess
-1579      * @description
-1580      * This method parse authorityInfoAccess extension. When arguments are
-1581      * not specified, its extension in X509 object will be parsed.
-1582      * Result of this method can be passed to 
-1583      * {@link KJUR.asn1.x509.AuthorityInfoAccess} constructor.
-1584      * <br>
-1585      * When hExtV and critical specified as arguments, return value
-1586      * will be generated from them.
-1587      * @example
-1588      * x = new X509();
-1589      * x.readCertPEM(sCertPEM); // parseExt() will also be called internally.
-1590      * x.getExtAuthorityInfoAccess() →
-1591      * {
-1592      *   critial: true, // 
-1593      *   array: [{ocsp: http://ocsp.example.com/},
-1594      *           {caissuer: https://repository.example.com/}]
-1595      * }
-1596      *
-1597      * x = new X509();
-1598      * x.getExtAuthorityInfoAccesss("306230...") 
-1599      * x.getExtAuthorityInfoAccesss("306230...", true) 
-1600      */
-1601     this.getExtAuthorityInfoAccess = function(hExtV, critical) {
-1602 	if (hExtV === undefined && critical === undefined) {
-1603 	    var info = this.getExtInfo("authorityInfoAccess");
-1604 	    if (info === undefined) return undefined;
-1605 	    hExtV = _getTLV(this.hex, info.vidx);
-1606 	    critical = info.critical;
-1607 	}
-1608 
-1609 	var result = {extname:"authorityInfoAccess",array:[]};
-1610 	if (critical) result.critical = true;
-1611 
-1612 	var a = _getChildIdx(hExtV, 0);
-1613 	for (var i = 0; i < a.length; i++) {
-1614 	    var hMethod = _getVbyListEx(hExtV, a[i], [0], "06");
-1615 	    var hLoc = _getVbyList(hExtV, a[i], [1], "86");
-1616 	    var sLoc = hextoutf8(hLoc);
-1617 	    if (hMethod == "2b06010505073001") {
-1618 		result.array.push({ocsp: sLoc});
-1619 	    } else if (hMethod == "2b06010505073002") {
-1620 		result.array.push({caissuer: sLoc});
-1621 	    } else {
-1622 		throw new Error("unknown method: " + hMethod);
-1623 	    }
-1624 	}
-1625 
-1626 	return result;
-1627     }
-1628 
-1629     /**
-1630      * get CertificatePolicies extension value as JSON object
-1631      * @name getExtCertificatePolicies
-1632      * @memberOf X509#
-1633      * @function
-1634      * @param {String} hExtV hexadecimal string of extension value (OPTIONAL)
-1635      * @param {Boolean} critical flag (OPTIONAL)
-1636      * @return {Object} JSON object of CertificatePolicies parameters or undefined
-1637      * @since jsrsasign 7.2.0 x509 1.1.14
-1638      * @description
-1639      * This method will get certificate policies value
-1640      * as an array of JSON object which has properties defined
-1641      * in {@link KJUR.asn1.x509.CertificatePolicies}.
-1642      * Result of this method can be passed to 
-1643      * {@link KJUR.asn1.x509.CertificatePolicies} constructor.
-1644      * If there is no this extension in the certificate,
-1645      * it returns undefined.
-1646      * <br>
-1647      * CAUTION: return value of JSON object format have been changed
-1648      * from jsrsasign 9.0.0 without backword compatibility.
-1649      * <br>
-1650      * When hExtV and critical specified as arguments, return value
-1651      * will be generated from them.
-1652      * @example
-1653      * x = new X509();
-1654      * x.readCertPEM(sCertPEM); // parseExt() will also be called internally.
-1655      * x.getExtCertificatePolicies() → 
-1656      * { array: [
-1657      *   { policyoid: "1.2.3.4" }
-1658      *   { policyoid: "1.2.3.5",
-1659      *     array: [
-1660      *       { cps: "https://example.com/" },
-1661      *       { unotice: { exptext: { type: "bmp", str: "sample text" } } }
-1662      *     ] 
-1663      *   }
-1664      * ]}
-1665      */
-1666     this.getExtCertificatePolicies = function(hExtV, critical) {
-1667 	if (hExtV === undefined && critical === undefined) {
-1668 	    var info = this.getExtInfo("certificatePolicies");
-1669 	    if (info === undefined) return undefined;
-1670 	    hExtV = _getTLV(this.hex, info.vidx);
-1671 	    critical = info.critical;
-1672 	}
-1673 	var result = {extname:"certificatePolicies",array:[]};
-1674 	if (critical) result.critical = true;
-1675 
-1676 	var aIdxPI = _getChildIdx(hExtV, 0); // PolicyInformation list index
-1677 	for (var i = 0; i < aIdxPI.length; i++) {
-1678 	    var hPolicyInformation = _getTLV(hExtV, aIdxPI[i]);
-1679 	    var polinfo = this.getPolicyInformation(hPolicyInformation);
-1680 	    result.array.push(polinfo);
-1681 	}
-1682 	return result;
-1683     }
-1684 
-1685     /**
-1686      * get PolicyInformation ASN.1 structure parameter as JSON object
-1687      * @name getPolicyInformation
-1688      * @memberOf X509#
-1689      * @function
-1690      * @param {String} h hexadecimal string of PolicyInformation
-1691      * @return {Object} JSON object of PolicyInformation parameters
-1692      * @since jsrsasign 9.0.0 x509 2.0.0
-1693      * @description
-1694      * This method will get PolicyInformation parameters defined in
-1695      * <a href="https://tools.ietf.org/html/rfc5280#section-4.2.1.4">
-1696      * RFC 5280 4.2.1.4</a>.
-1697      * <pre>
-1698      * PolicyInformation ::= SEQUENCE {
-1699      *      policyIdentifier   CertPolicyId,
-1700      *      policyQualifiers   SEQUENCE SIZE (1..MAX) OF
-1701      *                              PolicyQualifierInfo OPTIONAL }
-1702      * </pre>
-1703      * Result of this method can be passed to
-1704      * {@link KJUR.asn1.x509.PolicyInformation} constructor.
-1705      * @example
-1706      * x = new X509();
-1707      * x.getPolicyInformation("30...") →
-1708      * {
-1709      *     policyoid: "2.16.840.1.114412.2.1",
-1710      *     array: [{cps: "https://www.digicert.com/CPS"}]
-1711      * }
-1712      */
-1713     this.getPolicyInformation = function(h) {
-1714 	var result = {};
-1715 
-1716 	var hPOLICYOID = _getVbyList(h, 0, [0], "06");
-1717 	result.policyoid = _oidname(hPOLICYOID);
-1718 	
-1719 	var idxPQSEQ = _getIdxbyListEx(h, 0, [1], "30");
-1720 	if (idxPQSEQ != -1) {
-1721 	    result.array = [];
-1722 	    var aIdx = _getChildIdx(h, idxPQSEQ);
-1723 	    for (var j = 0; j < aIdx.length; j++) {
-1724 		var hPQI = _getTLV(h, aIdx[j]);
-1725 		var pqinfo = this.getPolicyQualifierInfo(hPQI);
-1726 		result.array.push(pqinfo);
-1727 	    }
-1728 	}
-1729 
-1730 	return result;
-1731     };
-1732 
-1733     /**
-1734      * getOtherName ASN.1 structure parameter as JSON object<br/>
-1735      * @name getOtherName
-1736      * @memberOf X509#
-1737      * @param {String} h hexadecimal string of GeneralName
-1738      * @return {Array} associative array of OtherName
-1739      * @since jsrsasign 10.5.3 x509 2.0.12
-1740      * @see KJUR.asn1.x509.GeneralNames
-1741      * @see KJUR.asn1.x509.GeneralName
-1742      * @see KJUR.asn1.x509.OtherName
-1743      * @see X509#getGeneralName
-1744      * @see ASN1HEX#parse
-1745      *
-1746      * @description
-1747      * This method will get OtherName parameters defined in
-1748      * <a href="https://tools.ietf.org/html/rfc5280#section-4.2.1.6">
-1749      * RFC 5280 4.2.1.6</a>.
-1750      * <pre>
-1751      * OtherName ::= SEQUENCE {
-1752      *    type-id    OBJECT IDENTIFIER,
-1753      *    value      [0] EXPLICIT ANY DEFINED BY type-id }
-1754      * </pre>
-1755      * The value of member "other" is converted by 
-1756      * {@link ASN1HEX#parse}.
-1757      *
-1758      * @example
-1759      * x = new X509();
-1760      * x.getOtherName("30...") →
-1761      * { oid: "1.2.3.4",
-1762      *   other: {utf8str: {str: "aaa"}} }
-1763      */
-1764     this.getOtherName = function(h) {
-1765         var result = {};
-1766 
-1767         var a = _getChildIdx(h, 0);
-1768         var hOID = _getVbyList(h, a[0], [], "06");
-1769         var hValue = _getVbyList(h, a[1], []);
-1770         result.oid = KJUR.asn1.ASN1Util.oidHexToInt(hOID);
-1771         result.obj = _ASN1HEX_parse(hValue);
-1772         return result;
-1773     };
-1774 
-1775     /**
-1776      * get PolicyQualifierInfo ASN.1 structure parameter as JSON object
-1777      * @name getPolicyQualifierInfo
-1778      * @memberOf X509#
-1779      * @function
-1780      * @param {String} h hexadecimal string of PolicyQualifierInfo
-1781      * @return {Object} JSON object of PolicyQualifierInfo parameters
-1782      * @since jsrsasign 9.0.0 x509 2.0.0
-1783      * @see X509#getExtCertificatePolicies
-1784      * @see X509#getPolicyInformation
-1785      * @description
-1786      * This method will get 
-1787      * <a href="https://tools.ietf.org/html/rfc5280#section-4.2.1.4">
-1788      * PolicyQualifierInfo</a> parameters.
-1789      * <pre>
-1790      * PolicyQualifierInfo ::= SEQUENCE {
-1791      *      policyQualifierId  PolicyQualifierId,
-1792      *      qualifier          ANY DEFINED BY policyQualifierId }
-1793      * id-qt          OBJECT IDENTIFIER ::=  { id-pkix 2 }
-1794      * id-qt-cps      OBJECT IDENTIFIER ::=  { id-qt 1 }
-1795      * id-qt-unotice  OBJECT IDENTIFIER ::=  { id-qt 2 }
-1796      * PolicyQualifierId ::= OBJECT IDENTIFIER ( id-qt-cps | id-qt-unotice )
-1797      * Qualifier ::= CHOICE {
-1798      *      cPSuri           CPSuri,
-1799      *      userNotice       UserNotice }
-1800      * CPSuri ::= IA5String
-1801      * </pre>
-1802      * Result of this method can be passed to 
-1803      * {@link KJUR.asn1.x509.PolicyQualifierInfo} constructor.
-1804      * @example
-1805      * x = new X509();
-1806      * x.getPolicyQualifierInfo("30...") 
-1807      * → {unotice: {exptext: {type: 'utf8', str: 'aaa'}}}
-1808      * x.getPolicyQualifierInfo("30...") 
-1809      * → {cps: "https://repository.example.com/"}
-1810      */
-1811     this.getPolicyQualifierInfo = function(h) {
-1812 	var result = {};
-1813 	var hPQOID = _getVbyList(h, 0, [0], "06");
-1814 	if (hPQOID === "2b06010505070201") { // cps
-1815 	    var hCPSURI = _getVbyListEx(h, 0, [1], "16");
-1816 	    result.cps = hextorstr(hCPSURI);
-1817 	} else if (hPQOID === "2b06010505070202") { // unotice
-1818 	    var hUserNotice = _getTLVbyList(h, 0, [1], "30");
-1819 	    result.unotice = this.getUserNotice(hUserNotice);
-1820 	}
-1821 	return result;
-1822     };
-1823 
-1824     /**
-1825      * get UserNotice ASN.1 structure parameter as JSON object
-1826      * @name getUserNotice
-1827      * @memberOf X509#
-1828      * @function
-1829      * @param {String} h hexadecimal string of UserNotice
-1830      * @return {Object} JSON object of UserNotice parameters
-1831      * @since jsrsasign 9.0.0 x509 2.0.0
-1832      * @see X509#getExtCertificatePolicies
-1833      * @see X509#getPolicyInformation
-1834      * @see X509#getPolicyQualifierInfo
-1835      * @description
-1836      * This method will get 
-1837      * <a href="https://tools.ietf.org/html/rfc5280#section-4.2.1.4">
-1838      * UserNotice</a> parameters.
-1839      * <pre>
-1840      * UserNotice ::= SEQUENCE {
-1841      *      noticeRef        NoticeReference OPTIONAL,
-1842      *      explicitText     DisplayText OPTIONAL }
-1843      * </pre>
-1844      * Result of this method can be passed to 
-1845      * {@link KJUR.asn1.x509.NoticeReference} constructor.
-1846      * <br/>
-1847      * NOTE: NoticeReference parsing is currently not supported and
-1848      * it will be ignored.
-1849      * @example
-1850      * x = new X509();
-1851      * x.getUserNotice("30...") → {exptext: {type: 'utf8', str: 'aaa'}}
-1852      */
-1853     this.getUserNotice = function(h) {
-1854 	var result = {};
-1855 	var a = _getChildIdx(h, 0);
-1856 	for (var i = 0; i < a.length; i++) {
-1857 	    var hItem = _getTLV(h, a[i]);
-1858 	    if (hItem.substr(0, 2) != "30") {
-1859 		result.exptext = this.getDisplayText(hItem);
-1860 	    }
-1861 	}
-1862 	return result;
-1863     };
-1864 
-1865     /**
-1866      * get DisplayText ASN.1 structure parameter as JSON object
-1867      * @name getDisplayText
-1868      * @memberOf X509#
-1869      * @function
-1870      * @param {String} h hexadecimal string of DisplayText
-1871      * @return {Object} JSON object of DisplayText parameters
-1872      * @since jsrsasign 9.0.0 x509 2.0.0
-1873      * @see X509#getExtCertificatePolicies
-1874      * @see X509#getPolicyInformation
-1875      * @description
-1876      * This method will get 
-1877      * <a href="https://tools.ietf.org/html/rfc5280#section-4.2.1.4">
-1878      * DisplayText</a> parameters.
-1879      * <pre>
-1880      * DisplayText ::= CHOICE {
-1881      *      ia5String        IA5String      (SIZE (1..200)),
-1882      *      visibleString    VisibleString  (SIZE (1..200)),
-1883      *      bmpString        BMPString      (SIZE (1..200)),
-1884      *      utf8String       UTF8String     (SIZE (1..200)) }     
-1885      * </pre>
-1886      * Result of this method can be passed to 
-1887      * {@link KJUR.asn1.x509.DisplayText} constructor.
-1888      * @example
-1889      * x = new X509();
-1890      * x.getDisplayText("0c03616161") &rarr {type: 'utf8', str: 'aaa'}
-1891      * x.getDisplayText("1e03616161") &rarr {type: 'bmp',  str: 'aaa'}
-1892      */
-1893     this.getDisplayText = function(h) {
-1894 	var _DISPLAYTEXTTAG = {"0c": "utf8", "16": "ia5", "1a": "vis" , "1e": "bmp"};
-1895 	var result = {};
-1896 	result.type = _DISPLAYTEXTTAG[h.substr(0, 2)];
-1897 	result.str = hextorstr(_getV(h, 0));
-1898 	return result;
-1899     };
-1900 
-1901     /**
-1902      * parse cRLNumber CRL extension as JSON object<br/>
-1903      * @name getExtCRLNumber
-1904      * @memberOf X509#
-1905      * @function
-1906      * @param {String} hExtV hexadecimal string of extension value
-1907      * @param {Boolean} critical flag
-1908      * @since jsrsasign 9.1.1 x509 2.0.1
-1909      * @see KJUR.asn1.x509.CRLNumber
-1910      * @see X509#getExtParamArray
-1911      * @description
-1912      * This method parses
-1913      * CRLNumber CRL extension value defined in
-1914      * <a href="https://tools.ietf.org/html/rfc5280#section-5.2.3">
-1915      * RFC 5280 5.2.3</a> as JSON object.
-1916      * <pre>
-1917      * id-ce-cRLNumber OBJECT IDENTIFIER ::= { id-ce 20 }
-1918      * CRLNumber ::= INTEGER (0..MAX)
-1919      * </pre>
-1920      * <br/>
-1921      * Result of this method can be passed to 
-1922      * {@link KJUR.asn1.x509.CRLNumber} constructor.
-1923      * @example
-1924      * crl = X509CRL("-----BEGIN X509 CRL...");
-1925      * ... get hExtV and critical flag ...
-1926      * crl.getExtCRLNumber("02...", false) →
-1927      * {extname: "cRLNumber", num: {hex: "12af"}}
-1928      */
-1929     this.getExtCRLNumber = function(hExtV, critical) {
-1930 	var result = {extname:"cRLNumber"};
-1931 	if (critical) result.critical = true;
-1932 
-1933 	if (hExtV.substr(0, 2) == "02") {
-1934 	    result.num = {hex: _getV(hExtV, 0)};
-1935 	    return result;
-1936 	}
-1937 	throw new Error("hExtV parse error: " + hExtV);
-1938     };
-1939 
-1940     /**
-1941      * parse cRLReason CRL entry extension as JSON object<br/>
-1942      * @name getExtCRLReason
-1943      * @memberOf X509#
-1944      * @function
-1945      * @param {String} hExtV hexadecimal string of extension value
-1946      * @param {Boolean} critical flag
-1947      * @since jsrsasign 9.1.1 x509 2.0.1
-1948      * @see KJUR.asn1.x509.CRLReason
-1949      * @see X509#getExtParamArray
-1950      * @description
-1951      * This method parses
-1952      * CRLReason CRL entry extension value defined in
-1953      * <a href="https://tools.ietf.org/html/rfc5280#section-5.3.1">
-1954      * RFC 5280 5.3.1</a> as JSON object.
-1955      * <pre>
-1956      * id-ce-cRLReasons OBJECT IDENTIFIER ::= { id-ce 21 }
-1957      * -- reasonCode ::= { CRLReason }
-1958      * CRLReason ::= ENUMERATED {
-1959      *      unspecified             (0),
-1960      *      keyCompromise           (1),
-1961      *      cACompromise            (2),
-1962      *      affiliationChanged      (3),
-1963      *      superseded              (4),
-1964      *      cessationOfOperation    (5),
-1965      *      certificateHold         (6),
-1966      *      removeFromCRL           (8),
-1967      *      privilegeWithdrawn      (9),
-1968      *      aACompromise           (10) }
-1969      * </pre>
-1970      * <br/>
-1971      * Result of this method can be passed to 
-1972      * {@link KJUR.asn1.x509.CRLReason} constructor.
-1973      * @example
-1974      * crl = X509CRL("-----BEGIN X509 CRL...");
-1975      * ... get hExtV and critical flag ...
-1976      * crl.getExtCRLReason("02...", false) →
-1977      * {extname: "cRLReason", code: 3}
-1978      */
-1979     this.getExtCRLReason = function(hExtV, critical) {
-1980 	var result = {extname:"cRLReason"};
-1981 	if (critical) result.critical = true;
-1982 
-1983 	if (hExtV.substr(0, 2) == "0a") {
-1984 	    result.code = parseInt(_getV(hExtV, 0), 16);
-1985 	    return result;
-1986 	}
-1987 	throw new Error("hExtV parse error: " + hExtV);
-1988     };
-1989 
-1990     /**
-1991      * parse OCSPNonce OCSP extension as JSON object<br/>
-1992      * @name getExtOcspNonce
-1993      * @memberOf X509#
-1994      * @function
-1995      * @param {String} hExtV hexadecimal string of extension value
-1996      * @param {Boolean} critical flag
-1997      * @return {Array} JSON object of parsed OCSPNonce extension
-1998      * @since jsrsasign 9.1.6 x509 2.0.3
-1999      * @see KJUR.asn1.x509.OCSPNonce
-2000      * @see X509#getExtParamArray
-2001      * @see X509#getExtParam
-2002      * @description
-2003      * This method parses
-2004      * Nonce OCSP extension value defined in
-2005      * <a href="https://tools.ietf.org/html/rfc6960#section-4.4.1">
-2006      * RFC 6960 4.4.1</a> as JSON object.
-2007      * <pre>
-2008      * id-pkix-ocsp           OBJECT IDENTIFIER ::= { id-ad-ocsp }
-2009      * id-pkix-ocsp-nonce     OBJECT IDENTIFIER ::= { id-pkix-ocsp 2 }
-2010      * Nonce ::= OCTET STRING
-2011      * </pre>
-2012      * <br/>
-2013      * Result of this method can be passed to 
-2014      * {@link KJUR.asn1.x509.OCSPNonce} constructor.
-2015      * @example
-2016      * x = new X509();
-2017      * x.getExtOcspNonce(<<extn hex value >>) →
-2018      * { extname: "ocspNonce", hex: "1a2b..." }
-2019      */
-2020     this.getExtOcspNonce = function(hExtV, critical) {
-2021 	var result = {extname:"ocspNonce"};
-2022 	if (critical) result.critical = true;
-2023 
-2024 	var hNonce = _getV(hExtV, 0);
-2025 	result.hex = hNonce;
-2026 
-2027 	return result;
-2028     };
-2029 
-2030     /**
-2031      * parse OCSPNoCheck OCSP extension as JSON object<br/>
-2032      * @name getExtOcspNoCheck
-2033      * @memberOf X509#
-2034      * @function
-2035      * @param {String} hExtV hexadecimal string of extension value
-2036      * @param {Boolean} critical flag
-2037      * @return {Array} JSON object of parsed OCSPNoCheck extension
-2038      * @since jsrsasign 9.1.6 x509 2.0.3
-2039      * @see KJUR.asn1.x509.OCSPNoCheck
-2040      * @see X509#getExtParamArray
-2041      * @see X509#getExtParam
-2042      * @description
-2043      * This method parses
-2044      * OCSPNoCheck extension value defined in
-2045      * <a href="https://tools.ietf.org/html/rfc6960#section-4.2.2.2.1">
-2046      * RFC 6960 4.2.2.2.1</a> as JSON object.
-2047      * <pre>
-2048      * id-pkix-ocsp-nocheck OBJECT IDENTIFIER ::= { id-pkix-ocsp 5 }
-2049      * </pre>
-2050      * <br/>
-2051      * Result of this method can be passed to 
-2052      * {@link KJUR.asn1.x509.OCSPNoCheck} constructor.
-2053      * @example
-2054      * x = new X509();
-2055      * x.getExtOcspNoCheck(<<extn hex value >>) →
-2056      * { extname: "ocspNoCheck" }
-2057      */
-2058     this.getExtOcspNoCheck = function(hExtV, critical) {
-2059 	var result = {extname:"ocspNoCheck"};
-2060 	if (critical) result.critical = true;
-2061 
-2062 	return result;
-2063     };
-2064 
-2065     /**
-2066      * parse AdobeTimeStamp extension as JSON object<br/>
-2067      * @name getExtAdobeTimeStamp
-2068      * @memberOf X509#
-2069      * @function
-2070      * @param {String} hExtV hexadecimal string of extension value
-2071      * @param {Boolean} critical flag
-2072      * @return {Array} JSON object of parsed AdobeTimeStamp extension
-2073      * @since jsrsasign 10.0.1 x509 2.0.5
-2074      * @see KJUR.asn1.x509.AdobeTimeStamp
-2075      * @see X509#getExtParamArray
-2076      * @see X509#getExtParam
-2077      * @description
-2078      * This method parses
-2079      * X.509v3 AdobeTimeStamp private extension value defined in the
-2080      * <a href="https://www.adobe.com/devnet-docs/acrobatetk/tools/DigSigDC/oids.html">
-2081      * Adobe site</a> as JSON object.
-2082      * This extension provides the URL location for time stamp service.
-2083      * <pre>
-2084      * adbe- OBJECT IDENTIFIER ::=  { adbe(1.2.840.113583) acrobat(1) security(1) x509Ext(9) 1 }
-2085      *  ::= SEQUENCE {
-2086      *     version INTEGER  { v1(1) }, -- extension version
-2087      *     location GeneralName (In v1 GeneralName can be only uniformResourceIdentifier)
-2088      *     requiresAuth        boolean (default false), OPTIONAL }
-2089      * </pre>
-2090      * <br/>
-2091      * Result of this method can be passed to 
-2092      * {@link KJUR.asn1.x509.AdobeTimeStamp} constructor.
-2093      * <br/>
-2094      * NOTE: This extesion doesn't seem to have official name. This may be called as "pdfTimeStamp".
-2095      * @example
-2096      * x.getExtAdobeTimeStamp(<<extn hex value >>) →
-2097      * { extname: "adobeTimeStamp", uri: "http://tsa.example.com/" reqauth: true }
-2098      */
-2099     this.getExtAdobeTimeStamp = function(hExtV, critical) {
-2100 	if (hExtV === undefined && critical === undefined) {
-2101 	    var info = this.getExtInfo("adobeTimeStamp");
-2102 	    if (info === undefined) return undefined;
-2103 	    hExtV = _getTLV(this.hex, info.vidx);
-2104 	    critical = info.critical;
-2105 	}
-2106 
-2107 	var result = {extname:"adobeTimeStamp"};
-2108 	if (critical) result.critical = true;
-2109 
-2110 	var a = _getChildIdx(hExtV, 0);
-2111 	if (a.length > 1) {
-2112 	    var hGN = _getTLV(hExtV, a[1])
-2113 	    var gnParam = this.getGeneralName(hGN);
-2114 	    if (gnParam.uri != undefined) {
-2115 		result.uri = gnParam.uri;
-2116 	    }
-2117 	}
-2118 	if (a.length > 2) {
-2119 	    var hBool = _getTLV(hExtV, a[2]);
-2120 	    if (hBool == "0101ff") result.reqauth = true;
-2121 	    if (hBool == "010100") result.reqauth = false;
-2122 	}
-2123 
-2124 	return result;
-2125     };
-2126 
-2127     // ===== BEGIN X500Name related =====================================
-2128     /*
-2129      * convert ASN.1 parsed object to attrTypeAndValue assoc array<br/>
-2130      * @name _convATV
-2131      * @param p associative array of parsed attrTypeAndValue object
-2132      * @return attrTypeAndValue associative array
-2133      * @since jsrsasign 10.5.12 x509 2.0.14
-2134      * @example
-2135      * _convATV({seq: [...]} &rarr: {type:"C",value:"JP",ds:"prn"}
-2136      */
-2137     var _convATV = function(p) {
-2138 	var result = {};
-2139 	try {
-2140 	    var name = p.seq[0].oid;
-2141 	    var oid = KJUR.asn1.x509.OID.name2oid(name);
-2142 	    result.type = KJUR.asn1.x509.OID.oid2atype(oid);
-2143 	    var item1 = p.seq[1];
-2144 	    if (item1.utf8str != undefined) {
-2145 		result.ds = "utf8";
-2146 		result.value = item1.utf8str.str;
-2147 	    } else if (item1.numstr != undefined) {
-2148 		result.ds = "num";
-2149 		result.value = item1.numstr.str;
-2150 	    } else if (item1.telstr != undefined) {
-2151 		result.ds = "tel";
-2152 		result.value = item1.telstr.str;
-2153 	    } else if (item1.prnstr != undefined) {
-2154 		result.ds = "prn";
-2155 		result.value = item1.prnstr.str;
-2156 	    } else if (item1.ia5str != undefined) {
-2157 		result.ds = "ia5";
-2158 		result.value = item1.ia5str.str;
-2159 	    } else if (item1.visstr != undefined) {
-2160 		result.ds = "vis";
-2161 		result.value = item1.visstr.str;
-2162 	    } else if (item1.bmpstr != undefined) {
-2163 		result.ds = "bmp";
-2164 		result.value = item1.bmpstr.str;
-2165 	    } else {
-2166 		throw "error";
-2167 	    }
-2168 	    return result;
-2169 	} catch(ex) {
-2170 	    throw new Erorr("improper ASN.1 parsed AttrTypeAndValue");
-2171 	}
-2172     };
-2173 
-2174     /*
-2175      * convert ASN.1 parsed object to RDN array<br/>
-2176      * @name _convRDN
-2177      * @param p associative array of parsed RDN object
-2178      * @return RDN array
-2179      * @since jsrsasign 10.5.12 x509 2.0.14
-2180      * @example
-2181      * _convRDN({set: [...]} &rarr: [{type:"C",value:"JP",ds:"prn"}]
-2182      */
-2183     var _convRDN = function(p) {
-2184 	try {
-2185 	    return p.set.map(function(pATV){return _convATV(pATV)});
-2186 	} catch(ex) {
-2187 	    throw new Error("improper ASN.1 parsed RDN: " + ex);
-2188 	}
-2189     };
-2190 
-2191     /*
-2192      * convert ASN.1 parsed object to X500Name array<br/>
-2193      * @name _convX500Name
-2194      * @param p associative array of parsed X500Name array object
-2195      * @return RDN array
-2196      * @since jsrsasign 10.5.12 x509 2.0.14
-2197      * @example
-2198      * _convX500Name({seq: [...]} &rarr: [[{type:"C",value:"JP",ds:"prn"}]]
-2199      */
-2200     var _convX500Name = function(p) {
-2201 	try {
-2202 	    return p.seq.map(function(pRDN){return _convRDN(pRDN)});
-2203 	} catch(ex) {
-2204 	    throw new Error("improper ASN.1 parsed X500Name: " + ex);
-2205 	}
-2206     };
-2207 
-2208     this.getX500NameRule = function(aDN) {
-2209 	var isPRNRule = true;
-2210 	var isUTF8Rule = true;
-2211 	var isMixedRule = false;
-2212 	var logfull = "";
-2213 	var logcheck = "";
-2214 	var lasttag = null;
-2215 
-2216 	var a = [];
-2217 	for (var i = 0; i < aDN.length; i++) {
-2218 	    var aRDN = aDN[i];
-2219 	    for (var j = 0; j < aRDN.length; j++) {
-2220 		a.push(aRDN[j]);
-2221 	    }
-2222 	}
-2223 
-2224 	for (var i = 0; i < a.length; i++) {
-2225 	    var item = a[i];
-2226 	    var tag = item.ds;
-2227 	    var value = item.value;
-2228 	    var type = item.type;
-2229 	    logfull += ":" + tag;
-2230 	    
-2231 	    if (tag != "prn" && tag != "utf8" && tag != "ia5") {
-2232 		return "mixed";
-2233 	    }
-2234 	    if (tag == "ia5") {
-2235 		if (type != "CN") {
-2236 		    return "mixed";
-2237 		} else {
-2238 		    if (! KJUR.lang.String.isMail(value)) {
-2239 			return "mixed";
-2240 		    } else {
-2241 			continue;
-2242 		    }
-2243 		}
-2244 	    }
-2245 	    if (type == "C") {
-2246 		if (tag == "prn") {
-2247 		    continue;
-2248 		} else {
-2249 		    return "mixed";
-2250 		}
-2251 	    }
-2252 	    logcheck += ":" + tag;
-2253 	    if (lasttag == null) {
-2254 		lasttag = tag;
-2255 	    } else {
-2256 		if (lasttag !== tag) return "mixed";
-2257 	    }
-2258 	}
-2259 	if (lasttag == null) {
-2260 	    return "prn";
-2261 	} else {
-2262 	    return lasttag;
-2263 	}
-2264     };
-2265 
-2266     /**
-2267      * get AttributeTypeAndValue ASN.1 structure parameter as JSON object<br/>
-2268      * @name getAttrTypeAndValue
-2269      * @memberOf X509#
-2270      * @function
-2271      * @param {String} h hexadecimal string of AttributeTypeAndValue
-2272      * @return {Object} JSON object of AttributeTypeAndValue parameters
-2273      * @since jsrsasign 9.0.0 x509 2.0.0
-2274      * @see X509#getX500Name
-2275      * @see X509#getRDN
-2276      * @description
-2277      * This method will get AttributeTypeAndValue parameters defined in
-2278      * <a href="https://tools.ietf.org/html/rfc5280#section-4.1.2.4">
-2279      * RFC 5280 4.1.2.4</a>.
-2280      * <pre>
-2281      * AttributeTypeAndValue ::= SEQUENCE {
-2282      *   type     AttributeType,
-2283      *   value    AttributeValue }
-2284      * AttributeType ::= OBJECT IDENTIFIER
-2285      * AttributeValue ::= ANY -- DEFINED BY AttributeType
-2286      * </pre>
-2287      * <ul>
-2288      * <li>{String}type - AttributeType name or OID(ex. C,O,CN)</li>
-2289      * <li>{String}value - raw string of ASN.1 value of AttributeValue</li>
-2290      * <li>{String}ds - DirectoryString type of AttributeValue</li>
-2291      * </ul>
-2292      * "ds" has one of following value:
-2293      * <ul>
-2294      * <li>utf8 - (0x0c) UTF8String</li>
-2295      * <li>num  - (0x12) NumericString</li>
-2296      * <li>prn  - (0x13) PrintableString</li>
-2297      * <li>tel  - (0x14) TeletexString</li>
-2298      * <li>ia5  - (0x16) IA5String</li>
-2299      * <li>vis  - (0x1a) VisibleString</li>
-2300      * <li>bmp  - (0x1e) BMPString</li>
-2301      * </ul>
-2302      * @example
-2303      * x = new X509();
-2304      * x.getAttrTypeAndValue("30...") →
-2305      * {type:"CN",value:"john.smith@example.com",ds:"ia5"} or
-2306      * {type:"O",value:"Sample Corp.",ds:"prn"}
-2307      */
-2308     // unv  - (0x1c??) UniversalString ... for future
-2309     this.getAttrTypeAndValue = function(h) {
-2310 	var p = _ASN1HEX_parse(h);
-2311 	return _convATV(p);
-2312     };
-2313 
-2314     /**
-2315      * get RelativeDistinguishedName ASN.1 structure parameter array<br/>
-2316      * @name getRDN
-2317      * @memberOf X509#
-2318      * @function
-2319      * @param {String} h hexadecimal string of RDN
-2320      * @return {Array} array of AttrTypeAndValue parameters
-2321      * @since jsrsasign 9.0.0 x509 2.0.0
-2322      * @see X509#getX500Name
-2323      * @see X509#getRDN
-2324      * @see X509#getAttrTypeAndValue
-2325      * @description
-2326      * This method will get RelativeDistinguishedName parameters defined in
-2327      * <a href="https://tools.ietf.org/html/rfc5280#section-4.1.2.4">
-2328      * RFC 5280 4.1.2.4</a>.
-2329      * <pre>
-2330      * RelativeDistinguishedName ::=
-2331      *   SET SIZE (1..MAX) OF AttributeTypeAndValue
-2332      * </pre>
-2333      * @example
-2334      * x = new X509();
-2335      * x.getRDN("31...") →
-2336      * [{type:"C",value:"US",ds:"prn"}] or
-2337      * [{type:"O",value:"Sample Corp.",ds:"prn"}] or
-2338      * [{type:"CN",value:"john.smith@example.com",ds:"ia5"}]
-2339      */
-2340     this.getRDN = function(h) {
-2341 	var p = _ASN1HEX_parse(h);
-2342 	return _convRDN(p);
-2343     };
-2344 
-2345     /**
-2346      * get X.500 Name ASN.1 structure parameter array<br/>
-2347      * @name getX500NameArray
-2348      * @memberOf X509#
-2349      * @function
-2350      * @param {String} h hexadecimal string of Name
-2351      * @return {Array} array of RDN parameter array
-2352      * @since jsrsasign 10.0.6 x509 2.0.9
-2353      * @see X509#getX500Name
-2354      * @see X509#getRDN
-2355      * @see X509#getAttrTypeAndValue
-2356      * @description
-2357      * This method will get Name parameter defined in
-2358      * <a href="https://tools.ietf.org/html/rfc5280#section-4.1.2.4">
-2359      * RFC 5280 4.1.2.4</a>.
-2360      * <pre>
-2361      * Name ::= CHOICE { -- only one possibility for now --
-2362      *   rdnSequence  RDNSequence }
-2363      * RDNSequence ::= SEQUENCE OF RelativeDistinguishedName
-2364      * </pre>
-2365      * @example
-2366      * x = new X509();
-2367      * x.getX500NameArray("30...") →
-2368      * [[{type:"C",value:"US",ds:"prn"}],
-2369      *  [{type:"O",value:"Sample Corp.",ds:"utf8"}],
-2370      *  [{type:"CN",value:"john.smith@example.com",ds:"ia5"}]]
-2371      */
-2372     this.getX500NameArray = function(h) {
-2373 	var p = _ASN1HEX_parse(h);
-2374 	return _convX500Name(p);
-2375     };
-2376 
-2377     /**
-2378      * get Name ASN.1 structure parameter array<br/>
-2379      * @name getX500Name
-2380      * @memberOf X509#
-2381      * @function
-2382      * @param {String} h hexadecimal string of Name
-2383      * @return {Array} array of RDN parameter array
-2384      * @since jsrsasign 9.0.0 x509 2.0.0
-2385      * @see X509#getX500NameArray
-2386      * @see X509#getRDN
-2387      * @see X509#getAttrTypeAndValue
-2388      * @see KJUR.asn1.x509.X500Name
-2389      * @see KJUR.asn1.x509.GeneralName
-2390      * @see KJUR.asn1.x509.GeneralNames
-2391      * @description
-2392      * This method will get Name parameter defined in
-2393      * <a href="https://tools.ietf.org/html/rfc5280#section-4.1.2.4">
-2394      * RFC 5280 4.1.2.4</a>.
-2395      * <pre>
-2396      * Name ::= CHOICE { -- only one possibility for now --
-2397      *   rdnSequence  RDNSequence }
-2398      * RDNSequence ::= SEQUENCE OF RelativeDistinguishedName
-2399      * </pre>
-2400      * @example
-2401      * x = new X509();
-2402      * x.getX500Name("30...") →
-2403      * { array: [
-2404      *     [{type:"C",value:"US",ds:"prn"}],
-2405      *     [{type:"O",value:"Sample Corp.",ds:"utf8"}],
-2406      *     [{type:"CN",value:"john.smith@example.com",ds:"ia5"}]
-2407      *   ],
-2408      *   str: "/C=US/O=Sample Corp./CN=john.smith@example.com",
-2409      *   hex: "30..."
-2410      * }
-2411      */
-2412     this.getX500Name = function(h) {
-2413 	var a = this.getX500NameArray(h);
-2414 	var s = this.dnarraytostr(a);
-2415 	return { array: a, str: s };
-2416     };
-2417 
-2418     // ===== END X500Name related =====================================
-2419 
-2420     // ===== BEGIN read certificate =====================================
-2421     /**
-2422      * read PEM formatted X.509 certificate from string.<br/>
-2423      * @name readCertPEM
-2424      * @memberOf X509#
-2425      * @function
-2426      * @param {String} sCertPEM string for PEM formatted X.509 certificate
-2427      * @example
-2428      * x = new X509();
-2429      * x.readCertPEM(sCertPEM); // read certificate
-2430      */
-2431     this.readCertPEM = function(sCertPEM) {
-2432         this.readCertHex(_pemtohex(sCertPEM));
-2433     };
-2434 
-2435     /**
-2436      * read a hexadecimal string of X.509 certificate<br/>
-2437      * @name readCertHex
-2438      * @memberOf X509#
-2439      * @function
-2440      * @param {String} sCertHex hexadecimal string of X.509 certificate
-2441      * @since jsrsasign 7.1.4 x509 1.1.13
-2442      * @description
-2443      * NOTE: {@link X509#parseExt} will called internally since jsrsasign 7.2.0.
-2444      * @example
-2445      * x = new X509();
-2446      * x.readCertHex("3082..."); // read certificate
-2447      */
-2448     this.readCertHex = function(sCertHex) {
-2449         this.hex = sCertHex;
-2450 	this.getVersion(); // set version parameter
-2451 
-2452 	try {
-2453 	    _getIdxbyList(this.hex, 0, [0, 7], "a3"); // has [3] v3ext
-2454 	    this.parseExt();
-2455 	} catch(ex) {};
-2456     };
-2457 
-2458     // ===== END read certificate =====================================
-2459 
-2460     /**
-2461      * get JSON object of certificate parameters<br/>
-2462      * @name getParam
-2463      * @memberOf X509#
-2464      * @function
-2465      * @return {Array} JSON object of certificate parameters
-2466      * @since jsrsasign 9.0.0 x509 2.0.0
-2467      * @see KJUR.asn1.x509.X509Util.newCertPEM
-2468      * @description
-2469      * This method returns a JSON object of the certificate
-2470      * parameters. Return value can be passed to
-2471      * {@link KJUR.asn1.x509.X509Util.newCertPEM}.
-2472      * @example
-2473      * x = new X509();
-2474      * x.readCertPEM("-----BEGIN CERTIFICATE...");
-2475      * x.getParam() →
-2476      * {version:3,
-2477      *  serial:{hex:"12ab"},
-2478      *  sigalg:"SHA256withRSA",
-2479      *  issuer: {array:[[{type:'CN',value:'CA1',ds:'prn'}]],str:"/O=CA1"},
-2480      *  notbefore:"160403023700Z",
-2481      *  notafter:"160702023700Z",
-2482      *  subject: {array:[[{type:'CN',value:'Test1',ds:'prn'}]],str:"/CN=Test1"},
-2483      *  sbjpubkey:"-----BEGIN PUBLIC KEY...",
-2484      *  ext:[
-2485      *   {extname:"keyUsage",critical:true,names:["digitalSignature"]},
-2486      *   {extname:"basicConstraints",critical:true},
-2487      *   {extname:"subjectKeyIdentifier",kid:{hex:"f2eb..."}},
-2488      *   {extname:"authorityKeyIdentifier",kid:{hex:"12ab..."}},
-2489      *   {extname:"authorityInfoAccess",array:[{ocsp:"http://ocsp.example.com/"}]},
-2490      *   {extname:"certificatePolicies",array:[{policyoid:"2.23.140.1.2.1"}]}
-2491      *  ],
-2492      *  sighex:"0b76...8"
-2493      * };
-2494      */
-2495     this.getParam = function() {
-2496 	var result = {};
-2497 	result.version = this.getVersion();
-2498 	result.serial = {hex: this.getSerialNumberHex()};
-2499 	result.sigalg = this.getSignatureAlgorithmField();
-2500 	result.issuer = this.getIssuer();
-2501 	result.notbefore = this.getNotBefore();
-2502 	result.notafter = this.getNotAfter();
-2503 	result.subject = this.getSubject();
-2504 	result.sbjpubkey = hextopem(this.getPublicKeyHex(), "PUBLIC KEY");
-2505 	if (this.aExtInfo.length > 0) {
-2506 	    result.ext = this.getExtParamArray();
-2507 	}
-2508 	result.sighex = this.getSignatureValueHex();
-2509 	return result;
-2510     };
-2511 
-2512     /** 
-2513      * get array of certificate extension parameter JSON object<br/>
-2514      * @name getExtParamArray
-2515      * @memberOf X509#
-2516      * @function
-2517      * @param {String} hExtSeq hexadecimal string of SEQUENCE of Extension
-2518      * @return {Array} array of certificate extension parameter JSON object
-2519      * @since jsrsasign 9.0.0 x509 2.0.0
-2520      * @see KJUR.asn1.x509.X509Util.newCertPEM
-2521      * @see X509#getParam
-2522      * @see X509#getExtParam
-2523      * @see X509CRL#getParam
-2524      * @see KJUR.asn1.csr.CSRUtil.getParam
-2525      *
-2526      * @description
-2527      * This method returns an array of certificate extension
-2528      * parameters. 
-2529      * <br/>
-2530      * NOTE: Argument "hExtSeq" have been supported since jsrsasign 9.1.1.
-2531      *
-2532      * @example
-2533      * x = new X509();
-2534      * x.readCertPEM("-----BEGIN CERTIFICATE...");
-2535      * x.getExtParamArray() →
-2536      * [ {extname:"keyUsage",critical:true,names:["digitalSignature"]},
-2537      *   {extname:"basicConstraints",critical:true},
-2538      *   {extname:"subjectKeyIdentifier",kid:{hex:"f2eb..."}},
-2539      *   {extname:"authorityKeyIdentifier",kid:{hex:"12ab..."}},
-2540      *   {extname:"authorityInfoAccess",array:[{ocsp:"http://ocsp.example.com/"}]},
-2541      *   {extname:"certificatePolicies",array:[{policyoid:"2.23.140.1.2.1"}]}]
-2542      */
-2543     this.getExtParamArray = function(hExtSeq) {
-2544 	if (hExtSeq == undefined) {
-2545 	    // for X.509v3 certificate
-2546 	    var idx1 = _getIdxbyListEx(this.hex, 0, [0, "[3]"]);
-2547 	    if (idx1 != -1) {
-2548 		hExtSeq = _getTLVbyListEx(this.hex, 0, [0, "[3]", 0], "30");
-2549 	    }
-2550 	}
-2551 	var result = [];
-2552 	var aIdx = _getChildIdx(hExtSeq, 0);
-2553 
-2554 	for (var i = 0; i < aIdx.length; i++) {
-2555 	    var hExt = _getTLV(hExtSeq, aIdx[i]);
-2556 	    var extParam = this.getExtParam(hExt);
-2557 	    if (extParam != null) result.push(extParam);
-2558 	}
-2559 
-2560 	return result;
-2561     };
-2562 
-2563     /** 
-2564      * get a extension parameter JSON object<br/>
-2565      * @name getExtParam
-2566      * @memberOf X509#
-2567      * @function
-2568      * @param {String} hExt hexadecimal string of Extension
-2569      * @return {Array} Extension parameter JSON object
-2570      * @since jsrsasign 9.1.1 x509 2.0.1
-2571      * @see KJUR.asn1.x509.X509Util.newCertPEM
-2572      * @see X509#getParam
-2573      * @see X509#getExtParamArray
-2574      * @see X509CRL#getParam
-2575      * @see KJUR.asn1.csr.CSRUtil.getParam
-2576      *
-2577      * @description
-2578      * This method returns a extension parameters as JSON object. 
-2579      *
-2580      * @example
-2581      * x = new X509();
-2582      * ...
-2583      * x.getExtParam("30...") →
-2584      * {extname:"keyUsage",critical:true,names:["digitalSignature"]}
-2585      */
-2586     this.getExtParam = function(hExt) {
-2587 	var result = {};
-2588 	var aIdx = _getChildIdx(hExt, 0);
-2589 	var aIdxLen = aIdx.length;
-2590 	if (aIdxLen != 2 && aIdxLen != 3)
-2591 	    throw new Error("wrong number elements in Extension: " + 
-2592 			    aIdxLen + " " + hExt);
-2593 
-2594 	var oid = _hextooidstr(_getVbyList(hExt, 0, [0], "06"));
-2595 
-2596 	var critical = false;
-2597 	if (aIdxLen == 3 && _getTLVbyList(hExt, 0, [1]) == "0101ff")
-2598 	    critical = true;
-2599 
-2600 	var hExtV = _getTLVbyList(hExt, 0, [aIdxLen - 1, 0]);
-2601 
-2602 	var extParam = undefined;
-2603 	if (oid == "2.5.29.14") {
-2604 	    extParam = this.getExtSubjectKeyIdentifier(hExtV, critical);
-2605 	} else if (oid == "2.5.29.15") {
-2606 	    extParam = this.getExtKeyUsage(hExtV, critical);
-2607 	} else if (oid == "2.5.29.17") {
-2608 	    extParam = this.getExtSubjectAltName(hExtV, critical);
-2609 	} else if (oid == "2.5.29.18") {
-2610 	    extParam = this.getExtIssuerAltName(hExtV, critical);
-2611 	} else if (oid == "2.5.29.19") {
-2612 	    extParam = this.getExtBasicConstraints(hExtV, critical);
-2613 	} else if (oid == "2.5.29.31") {
-2614 	    extParam = this.getExtCRLDistributionPoints(hExtV, critical);
-2615 	} else if (oid == "2.5.29.32") {
-2616 	    extParam = this.getExtCertificatePolicies(hExtV, critical);
-2617 	} else if (oid == "2.5.29.35") {
-2618 	    extParam = this.getExtAuthorityKeyIdentifier(hExtV, critical);
-2619 	} else if (oid == "2.5.29.37") {
-2620 	    extParam = this.getExtExtKeyUsage(hExtV, critical);
-2621 	} else if (oid == "1.3.6.1.5.5.7.1.1") {
-2622 	    extParam = this.getExtAuthorityInfoAccess(hExtV, critical);
-2623 	} else if (oid == "2.5.29.20") {
-2624 	    extParam = this.getExtCRLNumber(hExtV, critical);
-2625 	} else if (oid == "2.5.29.21") {
-2626 	    extParam = this.getExtCRLReason(hExtV, critical);
-2627 	} else if (oid == "1.3.6.1.5.5.7.48.1.2") {
-2628 	    extParam = this.getExtOcspNonce(hExtV, critical);
-2629 	} else if (oid == "1.3.6.1.5.5.7.48.1.5") {
-2630 	    extParam = this.getExtOcspNoCheck(hExtV, critical);
-2631 	} else if (oid == "1.2.840.113583.1.1.9.1") {
-2632 	    extParam = this.getExtAdobeTimeStamp(hExtV, critical);
-2633 	}
-2634 	if (extParam != undefined) return extParam;
-2635 
-2636 	var privateParam = { extname: oid, extn: hExtV };
-2637 	if (critical) privateParam.critical = true;
-2638 	return privateParam;
-2639     };
-2640 
-2641     /**
-2642      * find extension parameter in array<br/>
-2643      * @name findExt
-2644      * @memberOf X509#
-2645      * @function
-2646      * @param {Array} aExt array of extension parameters
-2647      * @param {String} extname extension name
-2648      * @return {Array} extension parameter in the array or null
-2649      * @since jsrsasign 10.0.3 x509 2.0.7
-2650      * @see X509#getParam
-2651      *
-2652      * @description
-2653      * This method returns an extension parameter for
-2654      * specified extension name in the array.
-2655      * This method is useful to update extension parameter value.
-2656      * When there is no such extension with the extname,
-2657      * this returns "null".
-2658      *
-2659      * @example
-2660      * // (1) 
-2661      * x = new X509(CERTPEM);
-2662      * params = x.getParam();
-2663      * pSKID = x.findExt(params.ext, "subjectKeyIdentifier");
-2664      * pSKID.kid = "1234abced..."; // skid in the params is updated.
-2665      *   // then params was updated
-2666      *
-2667      * // (2) another example
-2668      * aExt = [
-2669      *   {extname:"keyUsage",critical:true,names:["digitalSignature"]},
-2670      *   {extname:"basicConstraints",critical:true},
-2671      *   {extname:"subjectKeyIdentifier",kid:{hex:"f2eb..."}},
-2672      *   {extname:"authorityKeyIdentifier",kid:{hex:"12ab..."}},
-2673      *   {extname:"authorityInfoAccess",array:[{ocsp:"http://ocsp.example.com/"}]},
-2674      *   {extname:"certificatePolicies",array:[{policyoid:"2.23.140.1.2.1"}]}
-2675      * ];
-2676      * var x = new X509();
-2677      * x.findExt(aExt, "authorityKeyInfoAccess").array[0].ocsp = "http://aaa.com";
-2678      * pKU = x.findExt(aExt, "keyUsage");
-2679      * delete pKU["critical"]; // clear criticla flag
-2680      * pKU.names = ["keyCertSign", "cRLSign"];
-2681      *   // then aExt was updated
-2682      */
-2683     this.findExt = function(aExt, extname) {
-2684 	for (var i = 0; i < aExt.length; i++) {
-2685 	    if (aExt[i].extname == extname) return aExt[i];
-2686 	}
-2687 	return null;
-2688 
-2689     };
-2690 
-2691     /**
-2692      * update CRLDistributionPoints Full URI in parameter<br/>
-2693      * @name updateCDPFullURI
-2694      * @memberOf X509#
-2695      * @function
-2696      * @param {Array} aExt array of extension parameters
-2697      * @param {String} newURI string of new uri
-2698      * @since jsrsasign 10.0.4 x509 2.0.8
-2699      * @see X509#findExt
-2700      * @see KJUR.asn1.x509.CRLDistributionPoints
-2701      *
-2702      * @description
-2703      * This method updates Full URI of CRLDistributionPoints extension
-2704      * in the extension parameter array if it exists.
-2705      *
-2706      * @example
-2707      * aExt = [
-2708      *   {extname:"authorityKeyIdentifier",kid:{hex:"12ab..."}},
-2709      *   {extname:"cRLDistributionPoints",
-2710      *    array:[{dpname:{full:[{uri:"http://example.com/a.crl"}]}}]},
-2711      * ];
-2712      * x = new X509();
-2713      * x.updateCDPFullURI(aExt, "http://crl2.example.new/b.crl");
-2714      */
-2715     this.updateExtCDPFullURI = function(aExt, newURI) {
-2716 	var pExt = this.findExt(aExt, "cRLDistributionPoints");
-2717 	if (pExt == null) return;
-2718 	if (pExt.array == undefined) return;
-2719 	var aDP = pExt.array;
-2720 	for (var i = 0; i < aDP.length; i++) {
-2721 	    if (aDP[i].dpname == undefined) continue;
-2722 	    if (aDP[i].dpname.full == undefined) continue;
-2723 	    var aURI = aDP[i].dpname.full;
-2724 	    for (var j = 0; j < aURI.length; j++) {
-2725 		var pURI = aURI[i];
-2726 		if (pURI.uri == undefined) continue;
-2727 		pURI.uri = newURI;
-2728 	    }
-2729 	}
-2730     };
-2731 
-2732     /**
-2733      * update authorityInfoAccess ocsp in parameter<br/>
-2734      * @name updateAIAOCSP
-2735      * @memberOf X509#
-2736      * @function
-2737      * @param {Array} aExt array of extension parameters
-2738      * @param {String} newURI string of new uri
-2739      * @since jsrsasign 10.0.4 x509 2.0.8
-2740      * @see X509#findExt
-2741      * @see KJUR.asn1.x509.AuthorityInfoAccess
-2742      *
-2743      * @description
-2744      * This method updates "ocsp" accessMethod URI of 
-2745      * AuthorityInfoAccess extension
-2746      * in the extension parameter array if it exists.
-2747      *
-2748      * @example
-2749      * aExt = [
-2750      *   {extname:"authorityKeyIdentifier",kid:{hex:"12ab..."}},
-2751      *   {extname:"authoriyInfoAccess",
-2752      *    array:[
-2753      *      {ocsp: "http://ocsp1.example.com"},
-2754      *      {caissuer: "http://example.com/a.crt"}
-2755      *    ]}
-2756      * ];
-2757      * x = new X509();
-2758      * x.updateAIAOCSP(aExt, "http://ocsp2.example.net");
-2759      */
-2760     this.updateExtAIAOCSP = function(aExt, newURI) {
-2761 	var pExt = this.findExt(aExt, "authorityInfoAccess");
-2762 	if (pExt == null) return;
-2763 	if (pExt.array == undefined) return;
-2764 	var a = pExt.array;
-2765 	for (var i = 0; i < a.length; i++) {
-2766 	    if (a[i].ocsp != undefined) a[i].ocsp = newURI;
-2767 	}
-2768     };
-2769 
-2770     /**
-2771      * update authorityInfoAccess caIssuer in parameter<br/>
-2772      * @name updateAIACAIssuer
-2773      * @memberOf X509#
-2774      * @function
-2775      * @param {Array} aExt array of extension parameters
-2776      * @param {String} newURI string of new uri
-2777      * @since jsrsasign 10.0.4 x509 2.0.8
-2778      * @see X509#findExt
-2779      * @see KJUR.asn1.x509.AuthorityInfoAccess
-2780      *
-2781      * @description
-2782      * This method updates "caIssuer" accessMethod URI of 
-2783      * AuthorityInfoAccess extension
-2784      * in the extension parameter array if it exists.
-2785      *
-2786      * @example
-2787      * aExt = [
-2788      *   {extname:"authorityKeyIdentifier",kid:{hex:"12ab..."}},
-2789      *   {extname:"authoriyInfoAccess",
-2790      *    array:[
-2791      *      {ocsp: "http://ocsp1.example.com"},
-2792      *      {caissuer: "http://example.com/a.crt"}
-2793      *    ]}
-2794      * ];
-2795      * x = new X509();
-2796      * x.updateAIACAIssuer(aExt, "http://example.net/b.crt");
-2797      */
-2798     this.updateExtAIACAIssuer = function(aExt, newURI) {
-2799 	var pExt = this.findExt(aExt, "authorityInfoAccess");
-2800 	if (pExt == null) return;
-2801 	if (pExt.array == undefined) return;
-2802 	var a = pExt.array;
-2803 	for (var i = 0; i < a.length; i++) {
-2804 	    if (a[i].caissuer != undefined) a[i].caissuer = newURI;
-2805 	}
-2806     };
-2807 
-2808     /**
-2809      * convert array for X500 distinguish name to distinguish name string<br/>
-2810      * @name dnarraytostr
-2811      * @memberOf X509#
-2812      * @function
-2813      * @param {Array} aDN array for X500 distinguish name
-2814      * @return {String} distinguish name
-2815      * @since jsrsasign 10.0.6 x509 2.0.8
-2816      * @see X509#getX500Name
-2817      * @see X509#getX500NameArray
-2818      * @see KJUR.asn1.x509.X500Name
-2819      *
-2820      * @description
-2821      * This method converts from an array representation of 
-2822      * X.500 distinguished name to X.500 name string.
-2823      * This supports multi-valued RDN.
-2824      * 
-2825      * @example
-2826      * var x = new X509();
-2827      * x.dnarraytostr(
-2828      *   [[{type:"C",value:"JP",ds:"prn"}],
-2829      *   [{type:"O",value:"T1",ds:"prn"}]]) → "/C=JP/O=T1"
-2830      * x.dnarraytostr(
-2831      *   [[{type:"C",value:"JP",ds:"prn"}],
-2832      *   [{type:"O",value:"T1",ds:"prn"}
-2833      *    {type:"CN",value:"Bob",ds:"prn"}]]) → "/C=JP/O=T1+CN=Bob"
-2834      */
-2835     this.dnarraytostr = function(aDN) {
-2836 	function rdnarraytostr(aRDN) {
-2837 	    return aRDN.map(function(x){return atvtostr(x).replace(/\+/,"\\+");}).join("+");
-2838 	};
-2839 
-2840 	function atvtostr(pATV) {
-2841 	    return pATV.type + "=" + pATV.value;
-2842 	};
-2843 
-2844 	return "/" + aDN.map(function(x){return rdnarraytostr(x).replace(/\//, "\\/");}).join("/");
-2845     };
-2846 
-2847     /**
-2848      * get certificate information as string.<br/>
-2849      * @name getInfo
-2850      * @memberOf X509#
-2851      * @function
-2852      * @return {String} certificate information string
-2853      * @since jsrsasign 5.0.10 x509 1.1.8
-2854      * @example
-2855      * x = new X509();
-2856      * x.readCertPEM(certPEM);
-2857      * console.log(x.getInfo());
-2858      * // this shows as following
-2859      * Basic Fields
-2860      *   serial number: 02ac5c266a0b409b8f0b79f2ae462577
-2861      *   signature algorithm: SHA1withRSA
-2862      *   issuer: /C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert High Assurance EV Root CA
-2863      *   notBefore: 061110000000Z
-2864      *   notAfter: 311110000000Z
-2865      *   subject: /C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert High Assurance EV Root CA
-2866      *   subject public key info:
-2867      *     key algorithm: RSA
-2868      *     n=c6cce573e6fbd4bb...
-2869      *     e=10001
-2870      * X509v3 Extensions:
-2871      *   keyUsage CRITICAL:
-2872      *     digitalSignature,keyCertSign,cRLSign
-2873      *   basicConstraints CRITICAL:
-2874      *     cA=true
-2875      *   subjectKeyIdentifier :
-2876      *     b13ec36903f8bf4701d498261a0802ef63642bc3
-2877      *   authorityKeyIdentifier :
-2878      *     kid=b13ec36903f8bf4701d498261a0802ef63642bc3
-2879      * signature algorithm: SHA1withRSA
-2880      * signature: 1c1a0697dcd79c9f...
-2881      */
-2882     this.getInfo = function() {
-2883 	var _getSubjectAltNameStr = function(params) {
-2884 	    var s = JSON.stringify(params.array).replace(/[\[\]\{\}\"]/g, '');
-2885 	    return s;
-2886 	};
-2887 	var _getCertificatePoliciesStr = function(params) {
-2888 	    var s = "";
-2889 	    var a = params.array;
-2890 	    for (var i = 0; i < a.length; i++) {
-2891 		var pi = a[i];
-2892 		s += "    policy oid: " + pi.policyoid + "\n";
-2893 		if (pi.array === undefined) continue;
-2894 		for (var j = 0; j < pi.array.length; j++) {
-2895 		    var pqi = pi.array[j];
-2896 		    if (pqi.cps !== undefined) {
-2897 			s += "    cps: " + pqi.cps + "\n";
-2898 		    }
-2899 		}
-2900 	    }
-2901 	    return s;
-2902 	};
-2903 	var _getCRLDistributionPointsStr = function(params) {
-2904 	    var s = "";
-2905 	    var a = params.array;
-2906 	    for (var i = 0; i < a.length; i++) {
-2907 		var dp = a[i];
-2908 		try {
-2909 		    if (dp.dpname.full[0].uri !== undefined)
-2910 			s += "    " + dp.dpname.full[0].uri + "\n";
-2911 		} catch(ex) {};
-2912 		try {
-2913 		    if (dp.dname.full[0].dn.hex !== undefined)
-2914 			s += "    " + X509.hex2dn(dp.dpname.full[0].dn.hex) + "\n";
-2915 		} catch(ex) {};
-2916 	    }
-2917 	    return s;
-2918 	}
-2919 	var _getAuthorityInfoAccessStr = function(params) {
-2920 	    var s = "";
-2921 	    var a = params.array;
-2922 	    for (var i = 0; i < a.length; i++) {
-2923 		var ad = a[i];
-2924 
-2925 		if (ad.caissuer !== undefined)
-2926 		    s += "    caissuer: " + ad.caissuer + "\n";
-2927 		if (ad.ocsp !== undefined)
-2928 		    s += "    ocsp: " + ad.ocsp + "\n";
-2929 	    }
-2930 	    return s;
-2931 	};
-2932 	var _X509 = X509;
-2933 	var s, pubkey, aExt;
-2934 	s  = "Basic Fields\n";
-2935         s += "  serial number: " + this.getSerialNumberHex() + "\n";
-2936 	s += "  signature algorithm: " + this.getSignatureAlgorithmField() + "\n";
-2937 	s += "  issuer: " + this.getIssuerString() + "\n";
-2938 	s += "  notBefore: " + this.getNotBefore() + "\n";
-2939 	s += "  notAfter: " + this.getNotAfter() + "\n";
-2940 	s += "  subject: " + this.getSubjectString() + "\n";
-2941 	s += "  subject public key info: " + "\n";
-2942 
-2943 	// subject public key info
-2944 	pubkey = this.getPublicKey();
-2945 	s += "    key algorithm: " + pubkey.type + "\n";
-2946 
-2947 	if (pubkey.type === "RSA") {
-2948 	    s += "    n=" + hextoposhex(pubkey.n.toString(16)).substr(0, 16) + "...\n";
-2949 	    s += "    e=" + hextoposhex(pubkey.e.toString(16)) + "\n";
-2950 	}
-2951 
-2952 	// X.509v3 Extensions
-2953         aExt = this.aExtInfo;
-2954 
-2955 	if (aExt !== undefined && aExt !== null) {
-2956             s += "X509v3 Extensions:\n";
-2957 	    
-2958             for (var i = 0; i < aExt.length; i++) {
-2959 		var info = aExt[i];
-2960 
-2961 		// show extension name and critical flag
-2962 		var extName = KJUR.asn1.x509.OID.oid2name(info["oid"]);
-2963 		if (extName === '') extName = info["oid"];
-2964 
-2965 		var critical = '';
-2966 		if (info["critical"] === true) critical = "CRITICAL";
-2967 
-2968 		s += "  " + extName + " " + critical + ":\n";
-2969 
-2970 		// show extension value if supported
-2971 		if (extName === "basicConstraints") {
-2972 		    var bc = this.getExtBasicConstraints();
-2973 		    if (bc.cA === undefined) {
-2974 			s += "    {}\n";
-2975 		    } else {
-2976 			s += "    cA=true";
-2977 			if (bc.pathLen !== undefined)
-2978 			    s += ", pathLen=" + bc.pathLen;
-2979 			s += "\n";
-2980 		    }
-2981 		} else if (extName === "keyUsage") {
-2982 		    s += "    " + this.getExtKeyUsageString() + "\n";
-2983 		} else if (extName === "subjectKeyIdentifier") {
-2984 		    s += "    " + this.getExtSubjectKeyIdentifier().kid.hex + "\n";
-2985 		} else if (extName === "authorityKeyIdentifier") {
-2986 		    var akid = this.getExtAuthorityKeyIdentifier();
-2987 		    if (akid.kid !== undefined)
-2988 			s += "    kid=" + akid.kid.hex + "\n";
-2989 		} else if (extName === "extKeyUsage") {
-2990 		    var eku = this.getExtExtKeyUsage().array;
-2991 		    s += "    " + eku.join(", ") + "\n";
-2992 		} else if (extName === "subjectAltName") {
-2993 		    var san = _getSubjectAltNameStr(this.getExtSubjectAltName());
-2994 		    s += "    " + san + "\n";
-2995 		} else if (extName === "cRLDistributionPoints") {
-2996 		    var cdp = this.getExtCRLDistributionPoints();
-2997 		    s += _getCRLDistributionPointsStr(cdp);
-2998 		} else if (extName === "authorityInfoAccess") {
-2999 		    var aia = this.getExtAuthorityInfoAccess();
-3000 		    s += _getAuthorityInfoAccessStr(aia);
-3001 		} else if (extName === "certificatePolicies") {
-3002 		    s += _getCertificatePoliciesStr(this.getExtCertificatePolicies());
-3003 		}
-3004 	    }
-3005         }
-3006 
-3007 	s += "signature algorithm: " + this.getSignatureAlgorithmName() + "\n";
-3008 	s += "signature: " + this.getSignatureValueHex().substr(0, 16) + "...\n";
-3009 	return s;
-3010     };
-3011 
-3012     if (typeof params == "string") {
-3013 	if (params.indexOf("-----BEGIN") != -1) {
-3014 	    this.readCertPEM(params);
-3015 	} else if (KJUR.lang.String.isHex(params)) {
-3016 	    this.readCertHex(params);
-3017 	}
-3018     }
-3019 };
-3020 // ----- END of X509 class -----
-3021 
-3022 /**
-3023  * get distinguished name string in OpenSSL online format from hexadecimal string of ASN.1 DER X.500 name<br/>
-3024  * @name hex2dn
-3025  * @memberOf X509
-3026  * @function
-3027  * @param {String} hex hexadecimal string of ASN.1 DER distinguished name
-3028  * @param {Integer} idx index of hexadecimal string (DEFAULT=0)
-3029  * @return {String} OpenSSL online format distinguished name
-3030  * @description
-3031  * This static method converts from a hexadecimal string of 
-3032  * distinguished name (DN)
-3033  * specified by 'hex' and 'idx' to OpenSSL oneline string representation (ex. /C=US/O=a).
-3034  * @example
-3035  * X509.hex2dn("3031310b3...") → /C=US/O=a/CN=b2+OU=b1
-3036  */
-3037 X509.hex2dn = function(hex, idx) {
-3038     if (idx === undefined) idx = 0;
-3039     var x = new X509();
-3040     var hDN = ASN1HEX.getTLV(hex, idx);
-3041     var pDN = x.getX500Name(hex);
-3042     return pDN.str;
-3043 };
-3044 
-3045 /**
-3046  * get relative distinguished name string in OpenSSL online format from hexadecimal string of ASN.1 DER RDN<br/>
-3047  * @name hex2rdn
-3048  * @memberOf X509
-3049  * @function
-3050  * @param {String} hex hexadecimal string of ASN.1 DER concludes relative distinguished name
-3051  * @param {Integer} idx index of hexadecimal string (DEFAULT=0)
-3052  * @return {String} OpenSSL online format relative distinguished name
-3053  * @description
-3054  * This static method converts from a hexadecimal string of 
-3055  * relative distinguished name (RDN)
-3056  * specified by 'hex' and 'idx' to LDAP string representation (ex. O=test+CN=test).<br/>
-3057  * NOTE: Multi-valued RDN is supported since jsnrsasign 6.2.2 x509 1.1.10.
-3058  * @example
-3059  * X509.hex2rdn("310a3008060355040a0c0161") → O=a
-3060  * X509.hex2rdn("31143008060355040a0c01613008060355040a0c0162") → O=a+O=b
-3061  */
-3062 X509.hex2rdn = function(hex, idx) {
-3063     if (idx === undefined) idx = 0;
-3064     if (hex.substr(idx, 2) !== "31") throw new Error("malformed RDN");
-3065 
-3066     var a = new Array();
-3067 
-3068     var aIdx = ASN1HEX.getChildIdx(hex, idx);
-3069     for (var i = 0; i < aIdx.length; i++) {
-3070 	a.push(X509.hex2attrTypeValue(hex, aIdx[i]));
-3071     }
-3072 
-3073     a = a.map(function(s) { return s.replace("+", "\\+"); });
-3074     return a.join("+");
-3075 };
-3076 
-3077 /**
-3078  * get string from hexadecimal string of ASN.1 DER AttributeTypeAndValue<br/>
-3079  * @name hex2attrTypeValue
-3080  * @memberOf X509
-3081  * @function
-3082  * @param {String} hex hexadecimal string of ASN.1 DER concludes AttributeTypeAndValue
-3083  * @param {Integer} idx index of hexadecimal string (DEFAULT=0)
-3084  * @return {String} string representation of AttributeTypeAndValue (ex. C=US)
-3085  * @description
-3086  * This static method converts from a hexadecimal string of AttributeTypeAndValue
-3087  * specified by 'hex' and 'idx' to LDAP string representation (ex. C=US).
-3088  * @example
-3089  * X509.hex2attrTypeValue("3008060355040a0c0161") → O=a
-3090  * X509.hex2attrTypeValue("300806035504060c0161") → C=a
-3091  * X509.hex2attrTypeValue("...3008060355040a0c0161...", 128) → O=a
-3092  */
-3093 X509.hex2attrTypeValue = function(hex, idx) {
-3094     var _ASN1HEX = ASN1HEX;
-3095     var _getV = _ASN1HEX.getV;
-3096 
-3097     if (idx === undefined) idx = 0;
-3098     if (hex.substr(idx, 2) !== "30") 
-3099 	throw new Error("malformed attribute type and value");
-3100 
-3101     var aIdx = _ASN1HEX.getChildIdx(hex, idx);
-3102     if (aIdx.length !== 2 || hex.substr(aIdx[0], 2) !== "06")
-3103 	"malformed attribute type and value";
-3104 
-3105     var oidHex = _getV(hex, aIdx[0]);
-3106     var oidInt = KJUR.asn1.ASN1Util.oidHexToInt(oidHex);
-3107     var atype = KJUR.asn1.x509.OID.oid2atype(oidInt);
-3108 
-3109     var hV = _getV(hex, aIdx[1]);
-3110     var rawV = hextorstr(hV);
-3111 
-3112     return atype + "=" + rawV;
-3113 };
-3114 
-3115 /**
-3116  * get RSA/DSA/ECDSA public key object from X.509 certificate hexadecimal string<br/>
-3117  * @name getPublicKeyFromCertHex
-3118  * @memberOf X509
-3119  * @function
-3120  * @param {String} h hexadecimal string of X.509 certificate for RSA/ECDSA/DSA public key
-3121  * @return returns RSAKey/KJUR.crypto.{ECDSA,DSA} object of public key
-3122  * @since jsrasign 7.1.0 x509 1.1.11
-3123  */
-3124 X509.getPublicKeyFromCertHex = function(h) {
-3125     var x = new X509();
-3126     x.readCertHex(h);
-3127     return x.getPublicKey();
-3128 };
-3129 
-3130 /**
-3131  * get RSA/DSA/ECDSA public key object from PEM certificate string
-3132  * @name getPublicKeyFromCertPEM
-3133  * @memberOf X509
-3134  * @function
-3135  * @param {String} sCertPEM PEM formatted RSA/ECDSA/DSA X.509 certificate
-3136  * @return returns RSAKey/KJUR.crypto.{ECDSA,DSA} object of public key
-3137  * @since x509 1.1.1
-3138  * @description
-3139  * NOTE: DSA is also supported since x509 1.1.2.
-3140  */
-3141 X509.getPublicKeyFromCertPEM = function(sCertPEM) {
-3142     var x = new X509();
-3143     x.readCertPEM(sCertPEM);
-3144     return x.getPublicKey();
-3145 };
-3146 
-3147 /**
-3148  * get public key information from PEM certificate
-3149  * @name getPublicKeyInfoPropOfCertPEM
-3150  * @memberOf X509
-3151  * @function
-3152  * @param {String} sCertPEM string of PEM formatted certificate
-3153  * @return {Hash} hash of information for public key
-3154  * @since x509 1.1.1
-3155  * @description
-3156  * Resulted associative array has following properties:<br/>
-3157  * <ul>
-3158  * <li>algoid - hexadecimal string of OID of asymmetric key algorithm</li>
-3159  * <li>algparam - hexadecimal string of OID of ECC curve name or null</li>
-3160  * <li>keyhex - hexadecimal string of key in the certificate</li>
-3161  * </ul>
-3162  * NOTE: X509v1 certificate is also supported since x509.js 1.1.9.
-3163  */
-3164 X509.getPublicKeyInfoPropOfCertPEM = function(sCertPEM) {
-3165     var _ASN1HEX = ASN1HEX;
-3166     var _getVbyList = _ASN1HEX.getVbyList;
-3167 
-3168     var result = {};
-3169     var x, hSPKI, pubkey;
-3170     result.algparam = null;
-3171 
-3172     x = new X509();
-3173     x.readCertPEM(sCertPEM);
-3174 
-3175     hSPKI = x.getPublicKeyHex();
-3176     result.keyhex = _getVbyList(hSPKI, 0, [1], "03").substr(2);
-3177     result.algoid = _getVbyList(hSPKI, 0, [0, 0], "06");
-3178 
-3179     if (result.algoid === "2a8648ce3d0201") { // ecPublicKey
-3180 	result.algparam = _getVbyList(hSPKI, 0, [0, 1], "06");
-3181     };
-3182 
-3183     return result;
-3184 };
-3185 
-3186 /* ======================================================================
-3187  *   Specific V3 Extensions
-3188  * ====================================================================== */
-3189 
-3190 X509.KEYUSAGE_NAME = [
-3191     "digitalSignature",
-3192     "nonRepudiation",
-3193     "keyEncipherment",
-3194     "dataEncipherment",
-3195     "keyAgreement",
-3196     "keyCertSign",
-3197     "cRLSign",
-3198     "encipherOnly",
-3199     "decipherOnly"
-3200 ];
-3201 

+1515 	if (p == undefined) return p;
+1516 	var a = p.array;
+1517 	var result = [];
+1518 	for (var i = 0; i < a.length; i++) {
+1519 	    try {
+1520 		if (a[i].dpname.full[0].uri != undefined) {
+1521 		    result.push(a[i].dpname.full[0].uri);
+1522 		}
+1523 	    } catch(ex) {}
+1524 	}
+1525 	return result;
+1526     };
+1527 
+1528     /**
+1529      * get AuthorityInfoAccess extension value in the certificate as associative array
+1530      * @name getExtAIAInfo
+1531      * @memberOf X509#
+1532      * @function
+1533      * @return {Object} associative array of AIA extension properties
+1534      * @since jsrsasign 7.2.0 x509 1.1.14
+1535      * @description
+1536      * This method will get authority info access value
+1537      * as associate array which has following properties:
+1538      * <ul>
+1539      * <li>ocsp - array of string for OCSP responder URL</li>
+1540      * <li>caissuer - array of string for caIssuer value (i.e. CA certificates URL)</li>
+1541      * </ul>
+1542      * If there is this in the certificate, it returns undefined;
+1543      * @example
+1544      * x = new X509();
+1545      * x.readCertPEM(sCertPEM); // parseExt() will also be called internally.
+1546      * x.getExtAIAInfo(hCert) → 
+1547      * { ocsp:     ["http://ocsp.foo.com"],
+1548      *   caissuer: ["http://rep.foo.com/aaa.p8m"] }
+1549      */
+1550     this.getExtAIAInfo = function() {
+1551 	var info = this.getExtInfo("authorityInfoAccess");
+1552 	if (info === undefined) return info;
+1553 
+1554 	var result = { ocsp: [], caissuer: [] };
+1555 	var a = _getChildIdx(this.hex, info.vidx);
+1556 	for (var i = 0; i < a.length; i++) {
+1557 	    var hOID = _getVbyList(this.hex, a[i], [0], "06");
+1558 	    var hName = _getVbyList(this.hex, a[i], [1], "86");
+1559 	    if (hOID === "2b06010505073001") {
+1560 		result.ocsp.push(hextoutf8(hName));
+1561 	    }
+1562 	    if (hOID === "2b06010505073002") {
+1563 		result.caissuer.push(hextoutf8(hName));
+1564 	    }
+1565 	}
+1566 
+1567 	return result;
+1568     };
+1569 
+1570     /**
+1571      * get AuthorityInfoAccess extension value as JSON object
+1572      * @name getExtAuthorityInfoAccess
+1573      * @memberOf X509#
+1574      * @function
+1575      * @param {String} hExtV hexadecimal string of extension value (OPTIONAL)
+1576      * @param {Boolean} critical flag (OPTIONAL)
+1577      * @return {Array} JSON object of AuthorityInfoAccess parameters or undefined
+1578      * @since jsrsasign 9.0.0 x509 2.0.0
+1579      * @see KJUR.asn1.x509.AuthorityInfoAccess
+1580      * @description
+1581      * This method parse authorityInfoAccess extension. When arguments are
+1582      * not specified, its extension in X509 object will be parsed.
+1583      * Result of this method can be passed to 
+1584      * {@link KJUR.asn1.x509.AuthorityInfoAccess} constructor.
+1585      * <br>
+1586      * When hExtV and critical specified as arguments, return value
+1587      * will be generated from them.
+1588      * @example
+1589      * x = new X509();
+1590      * x.readCertPEM(sCertPEM); // parseExt() will also be called internally.
+1591      * x.getExtAuthorityInfoAccess() →
+1592      * {
+1593      *   critial: true, // 
+1594      *   array: [{ocsp: http://ocsp.example.com/},
+1595      *           {caissuer: https://repository.example.com/}]
+1596      * }
+1597      *
+1598      * x = new X509();
+1599      * x.getExtAuthorityInfoAccesss("306230...") 
+1600      * x.getExtAuthorityInfoAccesss("306230...", true) 
+1601      */
+1602     this.getExtAuthorityInfoAccess = function(hExtV, critical) {
+1603 	if (hExtV === undefined && critical === undefined) {
+1604 	    var info = this.getExtInfo("authorityInfoAccess");
+1605 	    if (info === undefined) return undefined;
+1606 	    hExtV = _getTLV(this.hex, info.vidx);
+1607 	    critical = info.critical;
+1608 	}
+1609 
+1610 	var result = {extname:"authorityInfoAccess",array:[]};
+1611 	if (critical) result.critical = true;
+1612 
+1613 	var a = _getChildIdx(hExtV, 0);
+1614 	for (var i = 0; i < a.length; i++) {
+1615 	    var hMethod = _getVbyListEx(hExtV, a[i], [0], "06");
+1616 	    var hLoc = _getVbyList(hExtV, a[i], [1], "86");
+1617 	    var sLoc = hextoutf8(hLoc);
+1618 	    if (hMethod == "2b06010505073001") {
+1619 		result.array.push({ocsp: sLoc});
+1620 	    } else if (hMethod == "2b06010505073002") {
+1621 		result.array.push({caissuer: sLoc});
+1622 	    } else {
+1623 		throw new Error("unknown method: " + hMethod);
+1624 	    }
+1625 	}
+1626 
+1627 	return result;
+1628     }
+1629 
+1630     /**
+1631      * get CertificatePolicies extension value as JSON object
+1632      * @name getExtCertificatePolicies
+1633      * @memberOf X509#
+1634      * @function
+1635      * @param {String} hExtV hexadecimal string of extension value (OPTIONAL)
+1636      * @param {Boolean} critical flag (OPTIONAL)
+1637      * @return {Object} JSON object of CertificatePolicies parameters or undefined
+1638      * @since jsrsasign 7.2.0 x509 1.1.14
+1639      * @description
+1640      * This method will get certificate policies value
+1641      * as an array of JSON object which has properties defined
+1642      * in {@link KJUR.asn1.x509.CertificatePolicies}.
+1643      * Result of this method can be passed to 
+1644      * {@link KJUR.asn1.x509.CertificatePolicies} constructor.
+1645      * If there is no this extension in the certificate,
+1646      * it returns undefined.
+1647      * <br>
+1648      * CAUTION: return value of JSON object format have been changed
+1649      * from jsrsasign 9.0.0 without backword compatibility.
+1650      * <br>
+1651      * When hExtV and critical specified as arguments, return value
+1652      * will be generated from them.
+1653      * @example
+1654      * x = new X509();
+1655      * x.readCertPEM(sCertPEM); // parseExt() will also be called internally.
+1656      * x.getExtCertificatePolicies() → 
+1657      * { array: [
+1658      *   { policyoid: "1.2.3.4" }
+1659      *   { policyoid: "1.2.3.5",
+1660      *     array: [
+1661      *       { cps: "https://example.com/" },
+1662      *       { unotice: { exptext: { type: "bmp", str: "sample text" } } }
+1663      *     ] 
+1664      *   }
+1665      * ]}
+1666      */
+1667     this.getExtCertificatePolicies = function(hExtV, critical) {
+1668 	if (hExtV === undefined && critical === undefined) {
+1669 	    var info = this.getExtInfo("certificatePolicies");
+1670 	    if (info === undefined) return undefined;
+1671 	    hExtV = _getTLV(this.hex, info.vidx);
+1672 	    critical = info.critical;
+1673 	}
+1674 	var result = {extname:"certificatePolicies",array:[]};
+1675 	if (critical) result.critical = true;
+1676 
+1677 	var aIdxPI = _getChildIdx(hExtV, 0); // PolicyInformation list index
+1678 	for (var i = 0; i < aIdxPI.length; i++) {
+1679 	    var hPolicyInformation = _getTLV(hExtV, aIdxPI[i]);
+1680 	    var polinfo = this.getPolicyInformation(hPolicyInformation);
+1681 	    result.array.push(polinfo);
+1682 	}
+1683 	return result;
+1684     }
+1685 
+1686     /**
+1687      * get PolicyInformation ASN.1 structure parameter as JSON object
+1688      * @name getPolicyInformation
+1689      * @memberOf X509#
+1690      * @function
+1691      * @param {String} h hexadecimal string of PolicyInformation
+1692      * @return {Object} JSON object of PolicyInformation parameters
+1693      * @since jsrsasign 9.0.0 x509 2.0.0
+1694      * @description
+1695      * This method will get PolicyInformation parameters defined in
+1696      * <a href="https://tools.ietf.org/html/rfc5280#section-4.2.1.4">
+1697      * RFC 5280 4.2.1.4</a>.
+1698      * <pre>
+1699      * PolicyInformation ::= SEQUENCE {
+1700      *      policyIdentifier   CertPolicyId,
+1701      *      policyQualifiers   SEQUENCE SIZE (1..MAX) OF
+1702      *                              PolicyQualifierInfo OPTIONAL }
+1703      * </pre>
+1704      * Result of this method can be passed to
+1705      * {@link KJUR.asn1.x509.PolicyInformation} constructor.
+1706      * @example
+1707      * x = new X509();
+1708      * x.getPolicyInformation("30...") →
+1709      * {
+1710      *     policyoid: "2.16.840.1.114412.2.1",
+1711      *     array: [{cps: "https://www.digicert.com/CPS"}]
+1712      * }
+1713      */
+1714     this.getPolicyInformation = function(h) {
+1715 	var result = {};
+1716 
+1717 	var hPOLICYOID = _getVbyList(h, 0, [0], "06");
+1718 	result.policyoid = _oidname(hPOLICYOID);
+1719 	
+1720 	var idxPQSEQ = _getIdxbyListEx(h, 0, [1], "30");
+1721 	if (idxPQSEQ != -1) {
+1722 	    result.array = [];
+1723 	    var aIdx = _getChildIdx(h, idxPQSEQ);
+1724 	    for (var j = 0; j < aIdx.length; j++) {
+1725 		var hPQI = _getTLV(h, aIdx[j]);
+1726 		var pqinfo = this.getPolicyQualifierInfo(hPQI);
+1727 		result.array.push(pqinfo);
+1728 	    }
+1729 	}
+1730 
+1731 	return result;
+1732     };
+1733 
+1734     /**
+1735      * getOtherName ASN.1 structure parameter as JSON object<br/>
+1736      * @name getOtherName
+1737      * @memberOf X509#
+1738      * @param {String} h hexadecimal string of GeneralName
+1739      * @return {Array} associative array of OtherName
+1740      * @since jsrsasign 10.5.3 x509 2.0.12
+1741      * @see KJUR.asn1.x509.GeneralNames
+1742      * @see KJUR.asn1.x509.GeneralName
+1743      * @see KJUR.asn1.x509.OtherName
+1744      * @see X509#getGeneralName
+1745      * @see ASN1HEX#parse
+1746      *
+1747      * @description
+1748      * This method will get OtherName parameters defined in
+1749      * <a href="https://tools.ietf.org/html/rfc5280#section-4.2.1.6">
+1750      * RFC 5280 4.2.1.6</a>.
+1751      * <pre>
+1752      * OtherName ::= SEQUENCE {
+1753      *    type-id    OBJECT IDENTIFIER,
+1754      *    value      [0] EXPLICIT ANY DEFINED BY type-id }
+1755      * </pre>
+1756      * The value of member "other" is converted by 
+1757      * {@link ASN1HEX#parse}.
+1758      *
+1759      * @example
+1760      * x = new X509();
+1761      * x.getOtherName("30...") →
+1762      * { oid: "1.2.3.4",
+1763      *   other: {utf8str: {str: "aaa"}} }
+1764      */
+1765     this.getOtherName = function(h) {
+1766         var result = {};
+1767 
+1768         var a = _getChildIdx(h, 0);
+1769         var hOID = _getVbyList(h, a[0], [], "06");
+1770         var hValue = _getVbyList(h, a[1], []);
+1771         result.oid = KJUR.asn1.ASN1Util.oidHexToInt(hOID);
+1772         result.obj = _ASN1HEX_parse(hValue);
+1773         return result;
+1774     };
+1775 
+1776     /**
+1777      * get PolicyQualifierInfo ASN.1 structure parameter as JSON object
+1778      * @name getPolicyQualifierInfo
+1779      * @memberOf X509#
+1780      * @function
+1781      * @param {String} h hexadecimal string of PolicyQualifierInfo
+1782      * @return {Object} JSON object of PolicyQualifierInfo parameters
+1783      * @since jsrsasign 9.0.0 x509 2.0.0
+1784      * @see X509#getExtCertificatePolicies
+1785      * @see X509#getPolicyInformation
+1786      * @description
+1787      * This method will get 
+1788      * <a href="https://tools.ietf.org/html/rfc5280#section-4.2.1.4">
+1789      * PolicyQualifierInfo</a> parameters.
+1790      * <pre>
+1791      * PolicyQualifierInfo ::= SEQUENCE {
+1792      *      policyQualifierId  PolicyQualifierId,
+1793      *      qualifier          ANY DEFINED BY policyQualifierId }
+1794      * id-qt          OBJECT IDENTIFIER ::=  { id-pkix 2 }
+1795      * id-qt-cps      OBJECT IDENTIFIER ::=  { id-qt 1 }
+1796      * id-qt-unotice  OBJECT IDENTIFIER ::=  { id-qt 2 }
+1797      * PolicyQualifierId ::= OBJECT IDENTIFIER ( id-qt-cps | id-qt-unotice )
+1798      * Qualifier ::= CHOICE {
+1799      *      cPSuri           CPSuri,
+1800      *      userNotice       UserNotice }
+1801      * CPSuri ::= IA5String
+1802      * </pre>
+1803      * Result of this method can be passed to 
+1804      * {@link KJUR.asn1.x509.PolicyQualifierInfo} constructor.
+1805      * @example
+1806      * x = new X509();
+1807      * x.getPolicyQualifierInfo("30...") 
+1808      * → {unotice: {exptext: {type: 'utf8', str: 'aaa'}}}
+1809      * x.getPolicyQualifierInfo("30...") 
+1810      * → {cps: "https://repository.example.com/"}
+1811      */
+1812     this.getPolicyQualifierInfo = function(h) {
+1813 	var result = {};
+1814 	var hPQOID = _getVbyList(h, 0, [0], "06");
+1815 	if (hPQOID === "2b06010505070201") { // cps
+1816 	    var hCPSURI = _getVbyListEx(h, 0, [1], "16");
+1817 	    result.cps = hextorstr(hCPSURI);
+1818 	} else if (hPQOID === "2b06010505070202") { // unotice
+1819 	    var hUserNotice = _getTLVbyList(h, 0, [1], "30");
+1820 	    result.unotice = this.getUserNotice(hUserNotice);
+1821 	}
+1822 	return result;
+1823     };
+1824 
+1825     /**
+1826      * get UserNotice ASN.1 structure parameter as JSON object
+1827      * @name getUserNotice
+1828      * @memberOf X509#
+1829      * @function
+1830      * @param {String} h hexadecimal string of UserNotice
+1831      * @return {Object} JSON object of UserNotice parameters
+1832      * @since jsrsasign 9.0.0 x509 2.0.0
+1833      * @see X509#getExtCertificatePolicies
+1834      * @see X509#getPolicyInformation
+1835      * @see X509#getPolicyQualifierInfo
+1836      * @description
+1837      * This method will get 
+1838      * <a href="https://tools.ietf.org/html/rfc5280#section-4.2.1.4">
+1839      * UserNotice</a> parameters.
+1840      * <pre>
+1841      * UserNotice ::= SEQUENCE {
+1842      *      noticeRef        NoticeReference OPTIONAL,
+1843      *      explicitText     DisplayText OPTIONAL }
+1844      * </pre>
+1845      * Result of this method can be passed to 
+1846      * {@link KJUR.asn1.x509.NoticeReference} constructor.
+1847      * <br/>
+1848      * NOTE: NoticeReference parsing is currently not supported and
+1849      * it will be ignored.
+1850      * @example
+1851      * x = new X509();
+1852      * x.getUserNotice("30...") → {exptext: {type: 'utf8', str: 'aaa'}}
+1853      */
+1854     this.getUserNotice = function(h) {
+1855 	var result = {};
+1856 	var a = _getChildIdx(h, 0);
+1857 	for (var i = 0; i < a.length; i++) {
+1858 	    var hItem = _getTLV(h, a[i]);
+1859 	    if (hItem.substr(0, 2) != "30") {
+1860 		result.exptext = this.getDisplayText(hItem);
+1861 	    }
+1862 	}
+1863 	return result;
+1864     };
+1865 
+1866     /**
+1867      * get DisplayText ASN.1 structure parameter as JSON object
+1868      * @name getDisplayText
+1869      * @memberOf X509#
+1870      * @function
+1871      * @param {String} h hexadecimal string of DisplayText
+1872      * @return {Object} JSON object of DisplayText parameters
+1873      * @since jsrsasign 9.0.0 x509 2.0.0
+1874      * @see X509#getExtCertificatePolicies
+1875      * @see X509#getPolicyInformation
+1876      * @description
+1877      * This method will get 
+1878      * <a href="https://tools.ietf.org/html/rfc5280#section-4.2.1.4">
+1879      * DisplayText</a> parameters.
+1880      * <pre>
+1881      * DisplayText ::= CHOICE {
+1882      *      ia5String        IA5String      (SIZE (1..200)),
+1883      *      visibleString    VisibleString  (SIZE (1..200)),
+1884      *      bmpString        BMPString      (SIZE (1..200)),
+1885      *      utf8String       UTF8String     (SIZE (1..200)) }     
+1886      * </pre>
+1887      * Result of this method can be passed to 
+1888      * {@link KJUR.asn1.x509.DisplayText} constructor.
+1889      * @example
+1890      * x = new X509();
+1891      * x.getDisplayText("0c03616161") &rarr {type: 'utf8', str: 'aaa'}
+1892      * x.getDisplayText("1e03616161") &rarr {type: 'bmp',  str: 'aaa'}
+1893      */
+1894     this.getDisplayText = function(h) {
+1895 	var _DISPLAYTEXTTAG = {"0c": "utf8", "16": "ia5", "1a": "vis" , "1e": "bmp"};
+1896 	var result = {};
+1897 	result.type = _DISPLAYTEXTTAG[h.substr(0, 2)];
+1898 	result.str = hextorstr(_getV(h, 0));
+1899 	return result;
+1900     };
+1901 
+1902     /**
+1903      * parse cRLNumber CRL extension as JSON object<br/>
+1904      * @name getExtCRLNumber
+1905      * @memberOf X509#
+1906      * @function
+1907      * @param {String} hExtV hexadecimal string of extension value
+1908      * @param {Boolean} critical flag
+1909      * @since jsrsasign 9.1.1 x509 2.0.1
+1910      * @see KJUR.asn1.x509.CRLNumber
+1911      * @see X509#getExtParamArray
+1912      * @description
+1913      * This method parses
+1914      * CRLNumber CRL extension value defined in
+1915      * <a href="https://tools.ietf.org/html/rfc5280#section-5.2.3">
+1916      * RFC 5280 5.2.3</a> as JSON object.
+1917      * <pre>
+1918      * id-ce-cRLNumber OBJECT IDENTIFIER ::= { id-ce 20 }
+1919      * CRLNumber ::= INTEGER (0..MAX)
+1920      * </pre>
+1921      * <br/>
+1922      * Result of this method can be passed to 
+1923      * {@link KJUR.asn1.x509.CRLNumber} constructor.
+1924      * @example
+1925      * crl = X509CRL("-----BEGIN X509 CRL...");
+1926      * ... get hExtV and critical flag ...
+1927      * crl.getExtCRLNumber("02...", false) →
+1928      * {extname: "cRLNumber", num: {hex: "12af"}}
+1929      */
+1930     this.getExtCRLNumber = function(hExtV, critical) {
+1931 	var result = {extname:"cRLNumber"};
+1932 	if (critical) result.critical = true;
+1933 
+1934 	if (hExtV.substr(0, 2) == "02") {
+1935 	    result.num = {hex: _getV(hExtV, 0)};
+1936 	    return result;
+1937 	}
+1938 	throw new Error("hExtV parse error: " + hExtV);
+1939     };
+1940 
+1941     /**
+1942      * parse cRLReason CRL entry extension as JSON object<br/>
+1943      * @name getExtCRLReason
+1944      * @memberOf X509#
+1945      * @function
+1946      * @param {String} hExtV hexadecimal string of extension value
+1947      * @param {Boolean} critical flag
+1948      * @since jsrsasign 9.1.1 x509 2.0.1
+1949      * @see KJUR.asn1.x509.CRLReason
+1950      * @see X509#getExtParamArray
+1951      * @description
+1952      * This method parses
+1953      * CRLReason CRL entry extension value defined in
+1954      * <a href="https://tools.ietf.org/html/rfc5280#section-5.3.1">
+1955      * RFC 5280 5.3.1</a> as JSON object.
+1956      * <pre>
+1957      * id-ce-cRLReasons OBJECT IDENTIFIER ::= { id-ce 21 }
+1958      * -- reasonCode ::= { CRLReason }
+1959      * CRLReason ::= ENUMERATED {
+1960      *      unspecified             (0),
+1961      *      keyCompromise           (1),
+1962      *      cACompromise            (2),
+1963      *      affiliationChanged      (3),
+1964      *      superseded              (4),
+1965      *      cessationOfOperation    (5),
+1966      *      certificateHold         (6),
+1967      *      removeFromCRL           (8),
+1968      *      privilegeWithdrawn      (9),
+1969      *      aACompromise           (10) }
+1970      * </pre>
+1971      * <br/>
+1972      * Result of this method can be passed to 
+1973      * {@link KJUR.asn1.x509.CRLReason} constructor.
+1974      * @example
+1975      * crl = X509CRL("-----BEGIN X509 CRL...");
+1976      * ... get hExtV and critical flag ...
+1977      * crl.getExtCRLReason("02...", false) →
+1978      * {extname: "cRLReason", code: 3}
+1979      */
+1980     this.getExtCRLReason = function(hExtV, critical) {
+1981 	var result = {extname:"cRLReason"};
+1982 	if (critical) result.critical = true;
+1983 
+1984 	if (hExtV.substr(0, 2) == "0a") {
+1985 	    result.code = parseInt(_getV(hExtV, 0), 16);
+1986 	    return result;
+1987 	}
+1988 	throw new Error("hExtV parse error: " + hExtV);
+1989     };
+1990 
+1991     /**
+1992      * parse OCSPNonce OCSP extension as JSON object<br/>
+1993      * @name getExtOcspNonce
+1994      * @memberOf X509#
+1995      * @function
+1996      * @param {String} hExtV hexadecimal string of extension value
+1997      * @param {Boolean} critical flag
+1998      * @return {Array} JSON object of parsed OCSPNonce extension
+1999      * @since jsrsasign 9.1.6 x509 2.0.3
+2000      * @see KJUR.asn1.x509.OCSPNonce
+2001      * @see X509#getExtParamArray
+2002      * @see X509#getExtParam
+2003      * @description
+2004      * This method parses
+2005      * Nonce OCSP extension value defined in
+2006      * <a href="https://tools.ietf.org/html/rfc6960#section-4.4.1">
+2007      * RFC 6960 4.4.1</a> as JSON object.
+2008      * <pre>
+2009      * id-pkix-ocsp           OBJECT IDENTIFIER ::= { id-ad-ocsp }
+2010      * id-pkix-ocsp-nonce     OBJECT IDENTIFIER ::= { id-pkix-ocsp 2 }
+2011      * Nonce ::= OCTET STRING
+2012      * </pre>
+2013      * <br/>
+2014      * Result of this method can be passed to 
+2015      * {@link KJUR.asn1.x509.OCSPNonce} constructor.
+2016      * @example
+2017      * x = new X509();
+2018      * x.getExtOcspNonce(<<extn hex value >>) →
+2019      * { extname: "ocspNonce", hex: "1a2b..." }
+2020      */
+2021     this.getExtOcspNonce = function(hExtV, critical) {
+2022 	var result = {extname:"ocspNonce"};
+2023 	if (critical) result.critical = true;
+2024 
+2025 	var hNonce = _getV(hExtV, 0);
+2026 	result.hex = hNonce;
+2027 
+2028 	return result;
+2029     };
+2030 
+2031     /**
+2032      * parse OCSPNoCheck OCSP extension as JSON object<br/>
+2033      * @name getExtOcspNoCheck
+2034      * @memberOf X509#
+2035      * @function
+2036      * @param {String} hExtV hexadecimal string of extension value
+2037      * @param {Boolean} critical flag
+2038      * @return {Array} JSON object of parsed OCSPNoCheck extension
+2039      * @since jsrsasign 9.1.6 x509 2.0.3
+2040      * @see KJUR.asn1.x509.OCSPNoCheck
+2041      * @see X509#getExtParamArray
+2042      * @see X509#getExtParam
+2043      * @description
+2044      * This method parses
+2045      * OCSPNoCheck extension value defined in
+2046      * <a href="https://tools.ietf.org/html/rfc6960#section-4.2.2.2.1">
+2047      * RFC 6960 4.2.2.2.1</a> as JSON object.
+2048      * <pre>
+2049      * id-pkix-ocsp-nocheck OBJECT IDENTIFIER ::= { id-pkix-ocsp 5 }
+2050      * </pre>
+2051      * <br/>
+2052      * Result of this method can be passed to 
+2053      * {@link KJUR.asn1.x509.OCSPNoCheck} constructor.
+2054      * @example
+2055      * x = new X509();
+2056      * x.getExtOcspNoCheck(<<extn hex value >>) →
+2057      * { extname: "ocspNoCheck" }
+2058      */
+2059     this.getExtOcspNoCheck = function(hExtV, critical) {
+2060 	var result = {extname:"ocspNoCheck"};
+2061 	if (critical) result.critical = true;
+2062 
+2063 	return result;
+2064     };
+2065 
+2066     /**
+2067      * parse AdobeTimeStamp extension as JSON object<br/>
+2068      * @name getExtAdobeTimeStamp
+2069      * @memberOf X509#
+2070      * @function
+2071      * @param {String} hExtV hexadecimal string of extension value
+2072      * @param {Boolean} critical flag
+2073      * @return {Array} JSON object of parsed AdobeTimeStamp extension
+2074      * @since jsrsasign 10.0.1 x509 2.0.5
+2075      * @see KJUR.asn1.x509.AdobeTimeStamp
+2076      * @see X509#getExtParamArray
+2077      * @see X509#getExtParam
+2078      * @description
+2079      * This method parses
+2080      * X.509v3 AdobeTimeStamp private extension value defined in the
+2081      * <a href="https://www.adobe.com/devnet-docs/acrobatetk/tools/DigSigDC/oids.html">
+2082      * Adobe site</a> as JSON object.
+2083      * This extension provides the URL location for time stamp service.
+2084      * <pre>
+2085      * adbe- OBJECT IDENTIFIER ::=  { adbe(1.2.840.113583) acrobat(1) security(1) x509Ext(9) 1 }
+2086      *  ::= SEQUENCE {
+2087      *     version INTEGER  { v1(1) }, -- extension version
+2088      *     location GeneralName (In v1 GeneralName can be only uniformResourceIdentifier)
+2089      *     requiresAuth        boolean (default false), OPTIONAL }
+2090      * </pre>
+2091      * <br/>
+2092      * Result of this method can be passed to 
+2093      * {@link KJUR.asn1.x509.AdobeTimeStamp} constructor.
+2094      * <br/>
+2095      * NOTE: This extesion doesn't seem to have official name. This may be called as "pdfTimeStamp".
+2096      * @example
+2097      * x.getExtAdobeTimeStamp(<<extn hex value >>) →
+2098      * { extname: "adobeTimeStamp", uri: "http://tsa.example.com/" reqauth: true }
+2099      */
+2100     this.getExtAdobeTimeStamp = function(hExtV, critical) {
+2101 	if (hExtV === undefined && critical === undefined) {
+2102 	    var info = this.getExtInfo("adobeTimeStamp");
+2103 	    if (info === undefined) return undefined;
+2104 	    hExtV = _getTLV(this.hex, info.vidx);
+2105 	    critical = info.critical;
+2106 	}
+2107 
+2108 	var result = {extname:"adobeTimeStamp"};
+2109 	if (critical) result.critical = true;
+2110 
+2111 	var a = _getChildIdx(hExtV, 0);
+2112 	if (a.length > 1) {
+2113 	    var hGN = _getTLV(hExtV, a[1])
+2114 	    var gnParam = this.getGeneralName(hGN);
+2115 	    if (gnParam.uri != undefined) {
+2116 		result.uri = gnParam.uri;
+2117 	    }
+2118 	}
+2119 	if (a.length > 2) {
+2120 	    var hBool = _getTLV(hExtV, a[2]);
+2121 	    if (hBool == "0101ff") result.reqauth = true;
+2122 	    if (hBool == "010100") result.reqauth = false;
+2123 	}
+2124 
+2125 	return result;
+2126     };
+2127 
+2128     // ===== BEGIN X500Name related =====================================
+2129     /*
+2130      * convert ASN.1 parsed object to attrTypeAndValue assoc array<br/>
+2131      * @name _convATV
+2132      * @param p associative array of parsed attrTypeAndValue object
+2133      * @return attrTypeAndValue associative array
+2134      * @since jsrsasign 10.5.12 x509 2.0.14
+2135      * @example
+2136      * _convATV({seq: [...]} &rarr: {type:"C",value:"JP",ds:"prn"}
+2137      */
+2138     var _convATV = function(p) {
+2139 	var result = {};
+2140 	try {
+2141 	    var name = p.seq[0].oid;
+2142 	    var oid = KJUR.asn1.x509.OID.name2oid(name);
+2143 	    result.type = KJUR.asn1.x509.OID.oid2atype(oid);
+2144 	    var item1 = p.seq[1];
+2145 	    if (item1.utf8str != undefined) {
+2146 		result.ds = "utf8";
+2147 		result.value = item1.utf8str.str;
+2148 	    } else if (item1.numstr != undefined) {
+2149 		result.ds = "num";
+2150 		result.value = item1.numstr.str;
+2151 	    } else if (item1.telstr != undefined) {
+2152 		result.ds = "tel";
+2153 		result.value = item1.telstr.str;
+2154 	    } else if (item1.prnstr != undefined) {
+2155 		result.ds = "prn";
+2156 		result.value = item1.prnstr.str;
+2157 	    } else if (item1.ia5str != undefined) {
+2158 		result.ds = "ia5";
+2159 		result.value = item1.ia5str.str;
+2160 	    } else if (item1.visstr != undefined) {
+2161 		result.ds = "vis";
+2162 		result.value = item1.visstr.str;
+2163 	    } else if (item1.bmpstr != undefined) {
+2164 		result.ds = "bmp";
+2165 		result.value = item1.bmpstr.str;
+2166 	    } else {
+2167 		throw "error";
+2168 	    }
+2169 	    return result;
+2170 	} catch(ex) {
+2171 	    throw new Erorr("improper ASN.1 parsed AttrTypeAndValue");
+2172 	}
+2173     };
+2174 
+2175     /*
+2176      * convert ASN.1 parsed object to RDN array<br/>
+2177      * @name _convRDN
+2178      * @param p associative array of parsed RDN object
+2179      * @return RDN array
+2180      * @since jsrsasign 10.5.12 x509 2.0.14
+2181      * @example
+2182      * _convRDN({set: [...]} &rarr: [{type:"C",value:"JP",ds:"prn"}]
+2183      */
+2184     var _convRDN = function(p) {
+2185 	try {
+2186 	    return p.set.map(function(pATV){return _convATV(pATV)});
+2187 	} catch(ex) {
+2188 	    throw new Error("improper ASN.1 parsed RDN: " + ex);
+2189 	}
+2190     };
+2191 
+2192     /*
+2193      * convert ASN.1 parsed object to X500Name array<br/>
+2194      * @name _convX500Name
+2195      * @param p associative array of parsed X500Name array object
+2196      * @return RDN array
+2197      * @since jsrsasign 10.5.12 x509 2.0.14
+2198      * @example
+2199      * _convX500Name({seq: [...]} &rarr: [[{type:"C",value:"JP",ds:"prn"}]]
+2200      */
+2201     var _convX500Name = function(p) {
+2202 	try {
+2203 	    return p.seq.map(function(pRDN){return _convRDN(pRDN)});
+2204 	} catch(ex) {
+2205 	    throw new Error("improper ASN.1 parsed X500Name: " + ex);
+2206 	}
+2207     };
+2208 
+2209     this.getX500NameRule = function(aDN) {
+2210 	var isPRNRule = true;
+2211 	var isUTF8Rule = true;
+2212 	var isMixedRule = false;
+2213 	var logfull = "";
+2214 	var logcheck = "";
+2215 	var lasttag = null;
+2216 
+2217 	var a = [];
+2218 	for (var i = 0; i < aDN.length; i++) {
+2219 	    var aRDN = aDN[i];
+2220 	    for (var j = 0; j < aRDN.length; j++) {
+2221 		a.push(aRDN[j]);
+2222 	    }
+2223 	}
+2224 
+2225 	for (var i = 0; i < a.length; i++) {
+2226 	    var item = a[i];
+2227 	    var tag = item.ds;
+2228 	    var value = item.value;
+2229 	    var type = item.type;
+2230 	    logfull += ":" + tag;
+2231 	    
+2232 	    if (tag != "prn" && tag != "utf8" && tag != "ia5") {
+2233 		return "mixed";
+2234 	    }
+2235 	    if (tag == "ia5") {
+2236 		if (type != "CN") {
+2237 		    return "mixed";
+2238 		} else {
+2239 		    if (! KJUR.lang.String.isMail(value)) {
+2240 			return "mixed";
+2241 		    } else {
+2242 			continue;
+2243 		    }
+2244 		}
+2245 	    }
+2246 	    if (type == "C") {
+2247 		if (tag == "prn") {
+2248 		    continue;
+2249 		} else {
+2250 		    return "mixed";
+2251 		}
+2252 	    }
+2253 	    logcheck += ":" + tag;
+2254 	    if (lasttag == null) {
+2255 		lasttag = tag;
+2256 	    } else {
+2257 		if (lasttag !== tag) return "mixed";
+2258 	    }
+2259 	}
+2260 	if (lasttag == null) {
+2261 	    return "prn";
+2262 	} else {
+2263 	    return lasttag;
+2264 	}
+2265     };
+2266 
+2267     /**
+2268      * get AttributeTypeAndValue ASN.1 structure parameter as JSON object<br/>
+2269      * @name getAttrTypeAndValue
+2270      * @memberOf X509#
+2271      * @function
+2272      * @param {String} h hexadecimal string of AttributeTypeAndValue
+2273      * @return {Object} JSON object of AttributeTypeAndValue parameters
+2274      * @since jsrsasign 9.0.0 x509 2.0.0
+2275      * @see X509#getX500Name
+2276      * @see X509#getRDN
+2277      * @description
+2278      * This method will get AttributeTypeAndValue parameters defined in
+2279      * <a href="https://tools.ietf.org/html/rfc5280#section-4.1.2.4">
+2280      * RFC 5280 4.1.2.4</a>.
+2281      * <pre>
+2282      * AttributeTypeAndValue ::= SEQUENCE {
+2283      *   type     AttributeType,
+2284      *   value    AttributeValue }
+2285      * AttributeType ::= OBJECT IDENTIFIER
+2286      * AttributeValue ::= ANY -- DEFINED BY AttributeType
+2287      * </pre>
+2288      * <ul>
+2289      * <li>{String}type - AttributeType name or OID(ex. C,O,CN)</li>
+2290      * <li>{String}value - raw string of ASN.1 value of AttributeValue</li>
+2291      * <li>{String}ds - DirectoryString type of AttributeValue</li>
+2292      * </ul>
+2293      * "ds" has one of following value:
+2294      * <ul>
+2295      * <li>utf8 - (0x0c) UTF8String</li>
+2296      * <li>num  - (0x12) NumericString</li>
+2297      * <li>prn  - (0x13) PrintableString</li>
+2298      * <li>tel  - (0x14) TeletexString</li>
+2299      * <li>ia5  - (0x16) IA5String</li>
+2300      * <li>vis  - (0x1a) VisibleString</li>
+2301      * <li>bmp  - (0x1e) BMPString</li>
+2302      * </ul>
+2303      * @example
+2304      * x = new X509();
+2305      * x.getAttrTypeAndValue("30...") →
+2306      * {type:"CN",value:"john.smith@example.com",ds:"ia5"} or
+2307      * {type:"O",value:"Sample Corp.",ds:"prn"}
+2308      */
+2309     // unv  - (0x1c??) UniversalString ... for future
+2310     this.getAttrTypeAndValue = function(h) {
+2311 	var p = _ASN1HEX_parse(h);
+2312 	return _convATV(p);
+2313     };
+2314 
+2315     /**
+2316      * get RelativeDistinguishedName ASN.1 structure parameter array<br/>
+2317      * @name getRDN
+2318      * @memberOf X509#
+2319      * @function
+2320      * @param {String} h hexadecimal string of RDN
+2321      * @return {Array} array of AttrTypeAndValue parameters
+2322      * @since jsrsasign 9.0.0 x509 2.0.0
+2323      * @see X509#getX500Name
+2324      * @see X509#getRDN
+2325      * @see X509#getAttrTypeAndValue
+2326      * @description
+2327      * This method will get RelativeDistinguishedName parameters defined in
+2328      * <a href="https://tools.ietf.org/html/rfc5280#section-4.1.2.4">
+2329      * RFC 5280 4.1.2.4</a>.
+2330      * <pre>
+2331      * RelativeDistinguishedName ::=
+2332      *   SET SIZE (1..MAX) OF AttributeTypeAndValue
+2333      * </pre>
+2334      * @example
+2335      * x = new X509();
+2336      * x.getRDN("31...") →
+2337      * [{type:"C",value:"US",ds:"prn"}] or
+2338      * [{type:"O",value:"Sample Corp.",ds:"prn"}] or
+2339      * [{type:"CN",value:"john.smith@example.com",ds:"ia5"}]
+2340      */
+2341     this.getRDN = function(h) {
+2342 	var p = _ASN1HEX_parse(h);
+2343 	return _convRDN(p);
+2344     };
+2345 
+2346     /**
+2347      * get X.500 Name ASN.1 structure parameter array<br/>
+2348      * @name getX500NameArray
+2349      * @memberOf X509#
+2350      * @function
+2351      * @param {String} h hexadecimal string of Name
+2352      * @return {Array} array of RDN parameter array
+2353      * @since jsrsasign 10.0.6 x509 2.0.9
+2354      * @see X509#getX500Name
+2355      * @see X509#getRDN
+2356      * @see X509#getAttrTypeAndValue
+2357      * @description
+2358      * This method will get Name parameter defined in
+2359      * <a href="https://tools.ietf.org/html/rfc5280#section-4.1.2.4">
+2360      * RFC 5280 4.1.2.4</a>.
+2361      * <pre>
+2362      * Name ::= CHOICE { -- only one possibility for now --
+2363      *   rdnSequence  RDNSequence }
+2364      * RDNSequence ::= SEQUENCE OF RelativeDistinguishedName
+2365      * </pre>
+2366      * @example
+2367      * x = new X509();
+2368      * x.getX500NameArray("30...") →
+2369      * [[{type:"C",value:"US",ds:"prn"}],
+2370      *  [{type:"O",value:"Sample Corp.",ds:"utf8"}],
+2371      *  [{type:"CN",value:"john.smith@example.com",ds:"ia5"}]]
+2372      */
+2373     this.getX500NameArray = function(h) {
+2374 	var p = _ASN1HEX_parse(h);
+2375 	return _convX500Name(p);
+2376     };
+2377 
+2378     /**
+2379      * get Name ASN.1 structure parameter array<br/>
+2380      * @name getX500Name
+2381      * @memberOf X509#
+2382      * @function
+2383      * @param {String} h hexadecimal string of Name
+2384      * @return {Array} array of RDN parameter array
+2385      * @since jsrsasign 9.0.0 x509 2.0.0
+2386      * @see X509#getX500NameArray
+2387      * @see X509#getRDN
+2388      * @see X509#getAttrTypeAndValue
+2389      * @see KJUR.asn1.x509.X500Name
+2390      * @see KJUR.asn1.x509.GeneralName
+2391      * @see KJUR.asn1.x509.GeneralNames
+2392      * @description
+2393      * This method will get Name parameter defined in
+2394      * <a href="https://tools.ietf.org/html/rfc5280#section-4.1.2.4">
+2395      * RFC 5280 4.1.2.4</a>.
+2396      * <pre>
+2397      * Name ::= CHOICE { -- only one possibility for now --
+2398      *   rdnSequence  RDNSequence }
+2399      * RDNSequence ::= SEQUENCE OF RelativeDistinguishedName
+2400      * </pre>
+2401      * @example
+2402      * x = new X509();
+2403      * x.getX500Name("30...") →
+2404      * { array: [
+2405      *     [{type:"C",value:"US",ds:"prn"}],
+2406      *     [{type:"O",value:"Sample Corp.",ds:"utf8"}],
+2407      *     [{type:"CN",value:"john.smith@example.com",ds:"ia5"}]
+2408      *   ],
+2409      *   str: "/C=US/O=Sample Corp./CN=john.smith@example.com",
+2410      *   hex: "30..."
+2411      * }
+2412      */
+2413     this.getX500Name = function(h) {
+2414 	var a = this.getX500NameArray(h);
+2415 	var s = this.dnarraytostr(a);
+2416 	return { array: a, str: s };
+2417     };
+2418 
+2419     // ===== END X500Name related =====================================
+2420 
+2421     // ===== BEGIN read certificate =====================================
+2422     /**
+2423      * read PEM formatted X.509 certificate from string.<br/>
+2424      * @name readCertPEM
+2425      * @memberOf X509#
+2426      * @function
+2427      * @param {String} sCertPEM string for PEM formatted X.509 certificate
+2428      * @example
+2429      * x = new X509();
+2430      * x.readCertPEM(sCertPEM); // read certificate
+2431      */
+2432     this.readCertPEM = function(sCertPEM) {
+2433         this.readCertHex(_pemtohex(sCertPEM));
+2434     };
+2435 
+2436     /**
+2437      * read a hexadecimal string of X.509 certificate<br/>
+2438      * @name readCertHex
+2439      * @memberOf X509#
+2440      * @function
+2441      * @param {String} sCertHex hexadecimal string of X.509 certificate
+2442      * @since jsrsasign 7.1.4 x509 1.1.13
+2443      * @description
+2444      * NOTE: {@link X509#parseExt} will called internally since jsrsasign 7.2.0.
+2445      * @example
+2446      * x = new X509();
+2447      * x.readCertHex("3082..."); // read certificate
+2448      */
+2449     this.readCertHex = function(sCertHex) {
+2450         this.hex = sCertHex;
+2451 	this.getVersion(); // set version parameter
+2452 
+2453 	try {
+2454 	    _getIdxbyList(this.hex, 0, [0, 7], "a3"); // has [3] v3ext
+2455 	    this.parseExt();
+2456 	} catch(ex) {};
+2457     };
+2458 
+2459     // ===== END read certificate =====================================
+2460 
+2461     /**
+2462      * get JSON object of certificate parameters<br/>
+2463      * @name getParam
+2464      * @memberOf X509#
+2465      * @function
+2466      * @return {Array} JSON object of certificate parameters
+2467      * @since jsrsasign 9.0.0 x509 2.0.0
+2468      * @see KJUR.asn1.x509.X509Util.newCertPEM
+2469      * @description
+2470      * This method returns a JSON object of the certificate
+2471      * parameters. Return value can be passed to
+2472      * {@link KJUR.asn1.x509.X509Util.newCertPEM}.
+2473      * @example
+2474      * x = new X509();
+2475      * x.readCertPEM("-----BEGIN CERTIFICATE...");
+2476      * x.getParam() →
+2477      * {version:3,
+2478      *  serial:{hex:"12ab"},
+2479      *  sigalg:"SHA256withRSA",
+2480      *  issuer: {array:[[{type:'CN',value:'CA1',ds:'prn'}]],str:"/O=CA1"},
+2481      *  notbefore:"160403023700Z",
+2482      *  notafter:"160702023700Z",
+2483      *  subject: {array:[[{type:'CN',value:'Test1',ds:'prn'}]],str:"/CN=Test1"},
+2484      *  sbjpubkey:"-----BEGIN PUBLIC KEY...",
+2485      *  ext:[
+2486      *   {extname:"keyUsage",critical:true,names:["digitalSignature"]},
+2487      *   {extname:"basicConstraints",critical:true},
+2488      *   {extname:"subjectKeyIdentifier",kid:{hex:"f2eb..."}},
+2489      *   {extname:"authorityKeyIdentifier",kid:{hex:"12ab..."}},
+2490      *   {extname:"authorityInfoAccess",array:[{ocsp:"http://ocsp.example.com/"}]},
+2491      *   {extname:"certificatePolicies",array:[{policyoid:"2.23.140.1.2.1"}]}
+2492      *  ],
+2493      *  sighex:"0b76...8"
+2494      * };
+2495      */
+2496     this.getParam = function() {
+2497 	var result = {};
+2498 	result.version = this.getVersion();
+2499 	result.serial = {hex: this.getSerialNumberHex()};
+2500 	result.sigalg = this.getSignatureAlgorithmField();
+2501 	result.issuer = this.getIssuer();
+2502 	result.notbefore = this.getNotBefore();
+2503 	result.notafter = this.getNotAfter();
+2504 	result.subject = this.getSubject();
+2505 	result.sbjpubkey = hextopem(this.getPublicKeyHex(), "PUBLIC KEY");
+2506 	if (this.aExtInfo.length > 0) {
+2507 	    result.ext = this.getExtParamArray();
+2508 	}
+2509 	result.sighex = this.getSignatureValueHex();
+2510 	return result;
+2511     };
+2512 
+2513     /** 
+2514      * get array of certificate extension parameter JSON object<br/>
+2515      * @name getExtParamArray
+2516      * @memberOf X509#
+2517      * @function
+2518      * @param {String} hExtSeq hexadecimal string of SEQUENCE of Extension
+2519      * @return {Array} array of certificate extension parameter JSON object
+2520      * @since jsrsasign 9.0.0 x509 2.0.0
+2521      * @see KJUR.asn1.x509.X509Util.newCertPEM
+2522      * @see X509#getParam
+2523      * @see X509#getExtParam
+2524      * @see X509CRL#getParam
+2525      * @see KJUR.asn1.csr.CSRUtil.getParam
+2526      *
+2527      * @description
+2528      * This method returns an array of certificate extension
+2529      * parameters. 
+2530      * <br/>
+2531      * NOTE: Argument "hExtSeq" have been supported since jsrsasign 9.1.1.
+2532      *
+2533      * @example
+2534      * x = new X509();
+2535      * x.readCertPEM("-----BEGIN CERTIFICATE...");
+2536      * x.getExtParamArray() →
+2537      * [ {extname:"keyUsage",critical:true,names:["digitalSignature"]},
+2538      *   {extname:"basicConstraints",critical:true},
+2539      *   {extname:"subjectKeyIdentifier",kid:{hex:"f2eb..."}},
+2540      *   {extname:"authorityKeyIdentifier",kid:{hex:"12ab..."}},
+2541      *   {extname:"authorityInfoAccess",array:[{ocsp:"http://ocsp.example.com/"}]},
+2542      *   {extname:"certificatePolicies",array:[{policyoid:"2.23.140.1.2.1"}]}]
+2543      */
+2544     this.getExtParamArray = function(hExtSeq) {
+2545 	if (hExtSeq == undefined) {
+2546 	    // for X.509v3 certificate
+2547 	    var idx1 = _getIdxbyListEx(this.hex, 0, [0, "[3]"]);
+2548 	    if (idx1 != -1) {
+2549 		hExtSeq = _getTLVbyListEx(this.hex, 0, [0, "[3]", 0], "30");
+2550 	    }
+2551 	}
+2552 	var result = [];
+2553 	var aIdx = _getChildIdx(hExtSeq, 0);
+2554 
+2555 	for (var i = 0; i < aIdx.length; i++) {
+2556 	    var hExt = _getTLV(hExtSeq, aIdx[i]);
+2557 	    var extParam = this.getExtParam(hExt);
+2558 	    if (extParam != null) result.push(extParam);
+2559 	}
+2560 
+2561 	return result;
+2562     };
+2563 
+2564     /** 
+2565      * get a extension parameter JSON object<br/>
+2566      * @name getExtParam
+2567      * @memberOf X509#
+2568      * @function
+2569      * @param {String} hExt hexadecimal string of Extension
+2570      * @return {Array} Extension parameter JSON object
+2571      * @since jsrsasign 9.1.1 x509 2.0.1
+2572      * @see KJUR.asn1.x509.X509Util.newCertPEM
+2573      * @see X509#getParam
+2574      * @see X509#getExtParamArray
+2575      * @see X509CRL#getParam
+2576      * @see KJUR.asn1.csr.CSRUtil.getParam
+2577      *
+2578      * @description
+2579      * This method returns a extension parameters as JSON object. 
+2580      *
+2581      * @example
+2582      * x = new X509();
+2583      * ...
+2584      * x.getExtParam("30...") →
+2585      * {extname:"keyUsage",critical:true,names:["digitalSignature"]}
+2586      */
+2587     this.getExtParam = function(hExt) {
+2588 	var result = {};
+2589 	var aIdx = _getChildIdx(hExt, 0);
+2590 	var aIdxLen = aIdx.length;
+2591 	if (aIdxLen != 2 && aIdxLen != 3)
+2592 	    throw new Error("wrong number elements in Extension: " + 
+2593 			    aIdxLen + " " + hExt);
+2594 
+2595 	var oid = _hextooidstr(_getVbyList(hExt, 0, [0], "06"));
+2596 
+2597 	var critical = false;
+2598 	if (aIdxLen == 3 && _getTLVbyList(hExt, 0, [1]) == "0101ff")
+2599 	    critical = true;
+2600 
+2601 	var hExtV = _getTLVbyList(hExt, 0, [aIdxLen - 1, 0]);
+2602 
+2603 	var extParam = undefined;
+2604 	if (oid == "2.5.29.14") {
+2605 	    extParam = this.getExtSubjectKeyIdentifier(hExtV, critical);
+2606 	} else if (oid == "2.5.29.15") {
+2607 	    extParam = this.getExtKeyUsage(hExtV, critical);
+2608 	} else if (oid == "2.5.29.17") {
+2609 	    extParam = this.getExtSubjectAltName(hExtV, critical);
+2610 	} else if (oid == "2.5.29.18") {
+2611 	    extParam = this.getExtIssuerAltName(hExtV, critical);
+2612 	} else if (oid == "2.5.29.19") {
+2613 	    extParam = this.getExtBasicConstraints(hExtV, critical);
+2614 	} else if (oid == "2.5.29.31") {
+2615 	    extParam = this.getExtCRLDistributionPoints(hExtV, critical);
+2616 	} else if (oid == "2.5.29.32") {
+2617 	    extParam = this.getExtCertificatePolicies(hExtV, critical);
+2618 	} else if (oid == "2.5.29.35") {
+2619 	    extParam = this.getExtAuthorityKeyIdentifier(hExtV, critical);
+2620 	} else if (oid == "2.5.29.37") {
+2621 	    extParam = this.getExtExtKeyUsage(hExtV, critical);
+2622 	} else if (oid == "1.3.6.1.5.5.7.1.1") {
+2623 	    extParam = this.getExtAuthorityInfoAccess(hExtV, critical);
+2624 	} else if (oid == "2.5.29.20") {
+2625 	    extParam = this.getExtCRLNumber(hExtV, critical);
+2626 	} else if (oid == "2.5.29.21") {
+2627 	    extParam = this.getExtCRLReason(hExtV, critical);
+2628 	} else if (oid == "1.3.6.1.5.5.7.48.1.2") {
+2629 	    extParam = this.getExtOcspNonce(hExtV, critical);
+2630 	} else if (oid == "1.3.6.1.5.5.7.48.1.5") {
+2631 	    extParam = this.getExtOcspNoCheck(hExtV, critical);
+2632 	} else if (oid == "1.2.840.113583.1.1.9.1") {
+2633 	    extParam = this.getExtAdobeTimeStamp(hExtV, critical);
+2634 	}
+2635 	if (extParam != undefined) return extParam;
+2636 
+2637 	var privateParam = { extname: oid, extn: hExtV };
+2638 	if (critical) privateParam.critical = true;
+2639 	return privateParam;
+2640     };
+2641 
+2642     /**
+2643      * find extension parameter in array<br/>
+2644      * @name findExt
+2645      * @memberOf X509#
+2646      * @function
+2647      * @param {Array} aExt array of extension parameters
+2648      * @param {String} extname extension name
+2649      * @return {Array} extension parameter in the array or null
+2650      * @since jsrsasign 10.0.3 x509 2.0.7
+2651      * @see X509#getParam
+2652      *
+2653      * @description
+2654      * This method returns an extension parameter for
+2655      * specified extension name in the array.
+2656      * This method is useful to update extension parameter value.
+2657      * When there is no such extension with the extname,
+2658      * this returns "null".
+2659      *
+2660      * @example
+2661      * // (1) 
+2662      * x = new X509(CERTPEM);
+2663      * params = x.getParam();
+2664      * pSKID = x.findExt(params.ext, "subjectKeyIdentifier");
+2665      * pSKID.kid = "1234abced..."; // skid in the params is updated.
+2666      *   // then params was updated
+2667      *
+2668      * // (2) another example
+2669      * aExt = [
+2670      *   {extname:"keyUsage",critical:true,names:["digitalSignature"]},
+2671      *   {extname:"basicConstraints",critical:true},
+2672      *   {extname:"subjectKeyIdentifier",kid:{hex:"f2eb..."}},
+2673      *   {extname:"authorityKeyIdentifier",kid:{hex:"12ab..."}},
+2674      *   {extname:"authorityInfoAccess",array:[{ocsp:"http://ocsp.example.com/"}]},
+2675      *   {extname:"certificatePolicies",array:[{policyoid:"2.23.140.1.2.1"}]}
+2676      * ];
+2677      * var x = new X509();
+2678      * x.findExt(aExt, "authorityKeyInfoAccess").array[0].ocsp = "http://aaa.com";
+2679      * pKU = x.findExt(aExt, "keyUsage");
+2680      * delete pKU["critical"]; // clear criticla flag
+2681      * pKU.names = ["keyCertSign", "cRLSign"];
+2682      *   // then aExt was updated
+2683      */
+2684     this.findExt = function(aExt, extname) {
+2685 	for (var i = 0; i < aExt.length; i++) {
+2686 	    if (aExt[i].extname == extname) return aExt[i];
+2687 	}
+2688 	return null;
+2689 
+2690     };
+2691 
+2692     /**
+2693      * update CRLDistributionPoints Full URI in parameter<br/>
+2694      * @name updateCDPFullURI
+2695      * @memberOf X509#
+2696      * @function
+2697      * @param {Array} aExt array of extension parameters
+2698      * @param {String} newURI string of new uri
+2699      * @since jsrsasign 10.0.4 x509 2.0.8
+2700      * @see X509#findExt
+2701      * @see KJUR.asn1.x509.CRLDistributionPoints
+2702      *
+2703      * @description
+2704      * This method updates Full URI of CRLDistributionPoints extension
+2705      * in the extension parameter array if it exists.
+2706      *
+2707      * @example
+2708      * aExt = [
+2709      *   {extname:"authorityKeyIdentifier",kid:{hex:"12ab..."}},
+2710      *   {extname:"cRLDistributionPoints",
+2711      *    array:[{dpname:{full:[{uri:"http://example.com/a.crl"}]}}]},
+2712      * ];
+2713      * x = new X509();
+2714      * x.updateCDPFullURI(aExt, "http://crl2.example.new/b.crl");
+2715      */
+2716     this.updateExtCDPFullURI = function(aExt, newURI) {
+2717 	var pExt = this.findExt(aExt, "cRLDistributionPoints");
+2718 	if (pExt == null) return;
+2719 	if (pExt.array == undefined) return;
+2720 	var aDP = pExt.array;
+2721 	for (var i = 0; i < aDP.length; i++) {
+2722 	    if (aDP[i].dpname == undefined) continue;
+2723 	    if (aDP[i].dpname.full == undefined) continue;
+2724 	    var aURI = aDP[i].dpname.full;
+2725 	    for (var j = 0; j < aURI.length; j++) {
+2726 		var pURI = aURI[i];
+2727 		if (pURI.uri == undefined) continue;
+2728 		pURI.uri = newURI;
+2729 	    }
+2730 	}
+2731     };
+2732 
+2733     /**
+2734      * update authorityInfoAccess ocsp in parameter<br/>
+2735      * @name updateAIAOCSP
+2736      * @memberOf X509#
+2737      * @function
+2738      * @param {Array} aExt array of extension parameters
+2739      * @param {String} newURI string of new uri
+2740      * @since jsrsasign 10.0.4 x509 2.0.8
+2741      * @see X509#findExt
+2742      * @see KJUR.asn1.x509.AuthorityInfoAccess
+2743      *
+2744      * @description
+2745      * This method updates "ocsp" accessMethod URI of 
+2746      * AuthorityInfoAccess extension
+2747      * in the extension parameter array if it exists.
+2748      *
+2749      * @example
+2750      * aExt = [
+2751      *   {extname:"authorityKeyIdentifier",kid:{hex:"12ab..."}},
+2752      *   {extname:"authoriyInfoAccess",
+2753      *    array:[
+2754      *      {ocsp: "http://ocsp1.example.com"},
+2755      *      {caissuer: "http://example.com/a.crt"}
+2756      *    ]}
+2757      * ];
+2758      * x = new X509();
+2759      * x.updateAIAOCSP(aExt, "http://ocsp2.example.net");
+2760      */
+2761     this.updateExtAIAOCSP = function(aExt, newURI) {
+2762 	var pExt = this.findExt(aExt, "authorityInfoAccess");
+2763 	if (pExt == null) return;
+2764 	if (pExt.array == undefined) return;
+2765 	var a = pExt.array;
+2766 	for (var i = 0; i < a.length; i++) {
+2767 	    if (a[i].ocsp != undefined) a[i].ocsp = newURI;
+2768 	}
+2769     };
+2770 
+2771     /**
+2772      * update authorityInfoAccess caIssuer in parameter<br/>
+2773      * @name updateAIACAIssuer
+2774      * @memberOf X509#
+2775      * @function
+2776      * @param {Array} aExt array of extension parameters
+2777      * @param {String} newURI string of new uri
+2778      * @since jsrsasign 10.0.4 x509 2.0.8
+2779      * @see X509#findExt
+2780      * @see KJUR.asn1.x509.AuthorityInfoAccess
+2781      *
+2782      * @description
+2783      * This method updates "caIssuer" accessMethod URI of 
+2784      * AuthorityInfoAccess extension
+2785      * in the extension parameter array if it exists.
+2786      *
+2787      * @example
+2788      * aExt = [
+2789      *   {extname:"authorityKeyIdentifier",kid:{hex:"12ab..."}},
+2790      *   {extname:"authoriyInfoAccess",
+2791      *    array:[
+2792      *      {ocsp: "http://ocsp1.example.com"},
+2793      *      {caissuer: "http://example.com/a.crt"}
+2794      *    ]}
+2795      * ];
+2796      * x = new X509();
+2797      * x.updateAIACAIssuer(aExt, "http://example.net/b.crt");
+2798      */
+2799     this.updateExtAIACAIssuer = function(aExt, newURI) {
+2800 	var pExt = this.findExt(aExt, "authorityInfoAccess");
+2801 	if (pExt == null) return;
+2802 	if (pExt.array == undefined) return;
+2803 	var a = pExt.array;
+2804 	for (var i = 0; i < a.length; i++) {
+2805 	    if (a[i].caissuer != undefined) a[i].caissuer = newURI;
+2806 	}
+2807     };
+2808 
+2809     /**
+2810      * convert array for X500 distinguish name to distinguish name string<br/>
+2811      * @name dnarraytostr
+2812      * @memberOf X509#
+2813      * @function
+2814      * @param {Array} aDN array for X500 distinguish name
+2815      * @return {String} distinguish name
+2816      * @since jsrsasign 10.0.6 x509 2.0.8
+2817      * @see X509#getX500Name
+2818      * @see X509#getX500NameArray
+2819      * @see KJUR.asn1.x509.X500Name
+2820      *
+2821      * @description
+2822      * This method converts from an array representation of 
+2823      * X.500 distinguished name to X.500 name string.
+2824      * This supports multi-valued RDN.
+2825      * 
+2826      * @example
+2827      * var x = new X509();
+2828      * x.dnarraytostr(
+2829      *   [[{type:"C",value:"JP",ds:"prn"}],
+2830      *   [{type:"O",value:"T1",ds:"prn"}]]) → "/C=JP/O=T1"
+2831      * x.dnarraytostr(
+2832      *   [[{type:"C",value:"JP",ds:"prn"}],
+2833      *   [{type:"O",value:"T1",ds:"prn"}
+2834      *    {type:"CN",value:"Bob",ds:"prn"}]]) → "/C=JP/O=T1+CN=Bob"
+2835      */
+2836     this.dnarraytostr = function(aDN) {
+2837 	function rdnarraytostr(aRDN) {
+2838 	    return aRDN.map(function(x){return atvtostr(x).replace(/\+/,"\\+");}).join("+");
+2839 	};
+2840 
+2841 	function atvtostr(pATV) {
+2842 	    return pATV.type + "=" + pATV.value;
+2843 	};
+2844 
+2845 	return "/" + aDN.map(function(x){return rdnarraytostr(x).replace(/\//, "\\/");}).join("/");
+2846     };
+2847 
+2848     /**
+2849      * get certificate information as string.<br/>
+2850      * @name getInfo
+2851      * @memberOf X509#
+2852      * @function
+2853      * @return {String} certificate information string
+2854      * @since jsrsasign 5.0.10 x509 1.1.8
+2855      * @example
+2856      * x = new X509();
+2857      * x.readCertPEM(certPEM);
+2858      * console.log(x.getInfo());
+2859      * // this shows as following
+2860      * Basic Fields
+2861      *   serial number: 02ac5c266a0b409b8f0b79f2ae462577
+2862      *   signature algorithm: SHA1withRSA
+2863      *   issuer: /C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert High Assurance EV Root CA
+2864      *   notBefore: 061110000000Z
+2865      *   notAfter: 311110000000Z
+2866      *   subject: /C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert High Assurance EV Root CA
+2867      *   subject public key info:
+2868      *     key algorithm: RSA
+2869      *     n=c6cce573e6fbd4bb...
+2870      *     e=10001
+2871      * X509v3 Extensions:
+2872      *   keyUsage CRITICAL:
+2873      *     digitalSignature,keyCertSign,cRLSign
+2874      *   basicConstraints CRITICAL:
+2875      *     cA=true
+2876      *   subjectKeyIdentifier :
+2877      *     b13ec36903f8bf4701d498261a0802ef63642bc3
+2878      *   authorityKeyIdentifier :
+2879      *     kid=b13ec36903f8bf4701d498261a0802ef63642bc3
+2880      * signature algorithm: SHA1withRSA
+2881      * signature: 1c1a0697dcd79c9f...
+2882      */
+2883     this.getInfo = function() {
+2884 	var _getSubjectAltNameStr = function(params) {
+2885 	    var s = JSON.stringify(params.array).replace(/[\[\]\{\}\"]/g, '');
+2886 	    return s;
+2887 	};
+2888 	var _getCertificatePoliciesStr = function(params) {
+2889 	    var s = "";
+2890 	    var a = params.array;
+2891 	    for (var i = 0; i < a.length; i++) {
+2892 		var pi = a[i];
+2893 		s += "    policy oid: " + pi.policyoid + "\n";
+2894 		if (pi.array === undefined) continue;
+2895 		for (var j = 0; j < pi.array.length; j++) {
+2896 		    var pqi = pi.array[j];
+2897 		    if (pqi.cps !== undefined) {
+2898 			s += "    cps: " + pqi.cps + "\n";
+2899 		    }
+2900 		}
+2901 	    }
+2902 	    return s;
+2903 	};
+2904 	var _getCRLDistributionPointsStr = function(params) {
+2905 	    var s = "";
+2906 	    var a = params.array;
+2907 	    for (var i = 0; i < a.length; i++) {
+2908 		var dp = a[i];
+2909 		try {
+2910 		    if (dp.dpname.full[0].uri !== undefined)
+2911 			s += "    " + dp.dpname.full[0].uri + "\n";
+2912 		} catch(ex) {};
+2913 		try {
+2914 		    if (dp.dname.full[0].dn.hex !== undefined)
+2915 			s += "    " + X509.hex2dn(dp.dpname.full[0].dn.hex) + "\n";
+2916 		} catch(ex) {};
+2917 	    }
+2918 	    return s;
+2919 	}
+2920 	var _getAuthorityInfoAccessStr = function(params) {
+2921 	    var s = "";
+2922 	    var a = params.array;
+2923 	    for (var i = 0; i < a.length; i++) {
+2924 		var ad = a[i];
+2925 
+2926 		if (ad.caissuer !== undefined)
+2927 		    s += "    caissuer: " + ad.caissuer + "\n";
+2928 		if (ad.ocsp !== undefined)
+2929 		    s += "    ocsp: " + ad.ocsp + "\n";
+2930 	    }
+2931 	    return s;
+2932 	};
+2933 	var _X509 = X509;
+2934 	var s, pubkey, aExt;
+2935 	s  = "Basic Fields\n";
+2936         s += "  serial number: " + this.getSerialNumberHex() + "\n";
+2937 	s += "  signature algorithm: " + this.getSignatureAlgorithmField() + "\n";
+2938 	s += "  issuer: " + this.getIssuerString() + "\n";
+2939 	s += "  notBefore: " + this.getNotBefore() + "\n";
+2940 	s += "  notAfter: " + this.getNotAfter() + "\n";
+2941 	s += "  subject: " + this.getSubjectString() + "\n";
+2942 	s += "  subject public key info: " + "\n";
+2943 
+2944 	// subject public key info
+2945 	pubkey = this.getPublicKey();
+2946 	s += "    key algorithm: " + pubkey.type + "\n";
+2947 
+2948 	if (pubkey.type === "RSA") {
+2949 	    s += "    n=" + hextoposhex(pubkey.n.toString(16)).substr(0, 16) + "...\n";
+2950 	    s += "    e=" + hextoposhex(pubkey.e.toString(16)) + "\n";
+2951 	}
+2952 
+2953 	// X.509v3 Extensions
+2954         aExt = this.aExtInfo;
+2955 
+2956 	if (aExt !== undefined && aExt !== null) {
+2957             s += "X509v3 Extensions:\n";
+2958 	    
+2959             for (var i = 0; i < aExt.length; i++) {
+2960 		var info = aExt[i];
+2961 
+2962 		// show extension name and critical flag
+2963 		var extName = KJUR.asn1.x509.OID.oid2name(info["oid"]);
+2964 		if (extName === '') extName = info["oid"];
+2965 
+2966 		var critical = '';
+2967 		if (info["critical"] === true) critical = "CRITICAL";
+2968 
+2969 		s += "  " + extName + " " + critical + ":\n";
+2970 
+2971 		// show extension value if supported
+2972 		if (extName === "basicConstraints") {
+2973 		    var bc = this.getExtBasicConstraints();
+2974 		    if (bc.cA === undefined) {
+2975 			s += "    {}\n";
+2976 		    } else {
+2977 			s += "    cA=true";
+2978 			if (bc.pathLen !== undefined)
+2979 			    s += ", pathLen=" + bc.pathLen;
+2980 			s += "\n";
+2981 		    }
+2982 		} else if (extName === "keyUsage") {
+2983 		    s += "    " + this.getExtKeyUsageString() + "\n";
+2984 		} else if (extName === "subjectKeyIdentifier") {
+2985 		    s += "    " + this.getExtSubjectKeyIdentifier().kid.hex + "\n";
+2986 		} else if (extName === "authorityKeyIdentifier") {
+2987 		    var akid = this.getExtAuthorityKeyIdentifier();
+2988 		    if (akid.kid !== undefined)
+2989 			s += "    kid=" + akid.kid.hex + "\n";
+2990 		} else if (extName === "extKeyUsage") {
+2991 		    var eku = this.getExtExtKeyUsage().array;
+2992 		    s += "    " + eku.join(", ") + "\n";
+2993 		} else if (extName === "subjectAltName") {
+2994 		    var san = _getSubjectAltNameStr(this.getExtSubjectAltName());
+2995 		    s += "    " + san + "\n";
+2996 		} else if (extName === "cRLDistributionPoints") {
+2997 		    var cdp = this.getExtCRLDistributionPoints();
+2998 		    s += _getCRLDistributionPointsStr(cdp);
+2999 		} else if (extName === "authorityInfoAccess") {
+3000 		    var aia = this.getExtAuthorityInfoAccess();
+3001 		    s += _getAuthorityInfoAccessStr(aia);
+3002 		} else if (extName === "certificatePolicies") {
+3003 		    s += _getCertificatePoliciesStr(this.getExtCertificatePolicies());
+3004 		}
+3005 	    }
+3006         }
+3007 
+3008 	s += "signature algorithm: " + this.getSignatureAlgorithmName() + "\n";
+3009 	s += "signature: " + this.getSignatureValueHex().substr(0, 16) + "...\n";
+3010 	return s;
+3011     };
+3012 
+3013     if (typeof params == "string") {
+3014 	if (params.indexOf("-----BEGIN") != -1) {
+3015 	    this.readCertPEM(params);
+3016 	} else if (KJUR.lang.String.isHex(params)) {
+3017 	    this.readCertHex(params);
+3018 	}
+3019     }
+3020 };
+3021 // ----- END of X509 class -----
+3022 
+3023 /**
+3024  * get distinguished name string in OpenSSL online format from hexadecimal string of ASN.1 DER X.500 name<br/>
+3025  * @name hex2dn
+3026  * @memberOf X509
+3027  * @function
+3028  * @param {String} hex hexadecimal string of ASN.1 DER distinguished name
+3029  * @param {Integer} idx index of hexadecimal string (DEFAULT=0)
+3030  * @return {String} OpenSSL online format distinguished name
+3031  * @description
+3032  * This static method converts from a hexadecimal string of 
+3033  * distinguished name (DN)
+3034  * specified by 'hex' and 'idx' to OpenSSL oneline string representation (ex. /C=US/O=a).
+3035  * @example
+3036  * X509.hex2dn("3031310b3...") → /C=US/O=a/CN=b2+OU=b1
+3037  */
+3038 X509.hex2dn = function(hex, idx) {
+3039     if (idx === undefined) idx = 0;
+3040     var x = new X509();
+3041     var hDN = ASN1HEX.getTLV(hex, idx);
+3042     var pDN = x.getX500Name(hex);
+3043     return pDN.str;
+3044 };
+3045 
+3046 /**
+3047  * get relative distinguished name string in OpenSSL online format from hexadecimal string of ASN.1 DER RDN<br/>
+3048  * @name hex2rdn
+3049  * @memberOf X509
+3050  * @function
+3051  * @param {String} hex hexadecimal string of ASN.1 DER concludes relative distinguished name
+3052  * @param {Integer} idx index of hexadecimal string (DEFAULT=0)
+3053  * @return {String} OpenSSL online format relative distinguished name
+3054  * @description
+3055  * This static method converts from a hexadecimal string of 
+3056  * relative distinguished name (RDN)
+3057  * specified by 'hex' and 'idx' to LDAP string representation (ex. O=test+CN=test).<br/>
+3058  * NOTE: Multi-valued RDN is supported since jsnrsasign 6.2.2 x509 1.1.10.
+3059  * @example
+3060  * X509.hex2rdn("310a3008060355040a0c0161") → O=a
+3061  * X509.hex2rdn("31143008060355040a0c01613008060355040a0c0162") → O=a+O=b
+3062  */
+3063 X509.hex2rdn = function(hex, idx) {
+3064     if (idx === undefined) idx = 0;
+3065     if (hex.substr(idx, 2) !== "31") throw new Error("malformed RDN");
+3066 
+3067     var a = new Array();
+3068 
+3069     var aIdx = ASN1HEX.getChildIdx(hex, idx);
+3070     for (var i = 0; i < aIdx.length; i++) {
+3071 	a.push(X509.hex2attrTypeValue(hex, aIdx[i]));
+3072     }
+3073 
+3074     a = a.map(function(s) { return s.replace("+", "\\+"); });
+3075     return a.join("+");
+3076 };
+3077 
+3078 /**
+3079  * get string from hexadecimal string of ASN.1 DER AttributeTypeAndValue<br/>
+3080  * @name hex2attrTypeValue
+3081  * @memberOf X509
+3082  * @function
+3083  * @param {String} hex hexadecimal string of ASN.1 DER concludes AttributeTypeAndValue
+3084  * @param {Integer} idx index of hexadecimal string (DEFAULT=0)
+3085  * @return {String} string representation of AttributeTypeAndValue (ex. C=US)
+3086  * @description
+3087  * This static method converts from a hexadecimal string of AttributeTypeAndValue
+3088  * specified by 'hex' and 'idx' to LDAP string representation (ex. C=US).
+3089  * @example
+3090  * X509.hex2attrTypeValue("3008060355040a0c0161") → O=a
+3091  * X509.hex2attrTypeValue("300806035504060c0161") → C=a
+3092  * X509.hex2attrTypeValue("...3008060355040a0c0161...", 128) → O=a
+3093  */
+3094 X509.hex2attrTypeValue = function(hex, idx) {
+3095     var _ASN1HEX = ASN1HEX;
+3096     var _getV = _ASN1HEX.getV;
+3097 
+3098     if (idx === undefined) idx = 0;
+3099     if (hex.substr(idx, 2) !== "30") 
+3100 	throw new Error("malformed attribute type and value");
+3101 
+3102     var aIdx = _ASN1HEX.getChildIdx(hex, idx);
+3103     if (aIdx.length !== 2 || hex.substr(aIdx[0], 2) !== "06")
+3104 	"malformed attribute type and value";
+3105 
+3106     var oidHex = _getV(hex, aIdx[0]);
+3107     var oidInt = KJUR.asn1.ASN1Util.oidHexToInt(oidHex);
+3108     var atype = KJUR.asn1.x509.OID.oid2atype(oidInt);
+3109 
+3110     var hV = _getV(hex, aIdx[1]);
+3111     var rawV = hextorstr(hV);
+3112 
+3113     return atype + "=" + rawV;
+3114 };
+3115 
+3116 /**
+3117  * get RSA/DSA/ECDSA public key object from X.509 certificate hexadecimal string<br/>
+3118  * @name getPublicKeyFromCertHex
+3119  * @memberOf X509
+3120  * @function
+3121  * @param {String} h hexadecimal string of X.509 certificate for RSA/ECDSA/DSA public key
+3122  * @return returns RSAKey/KJUR.crypto.{ECDSA,DSA} object of public key
+3123  * @since jsrasign 7.1.0 x509 1.1.11
+3124  */
+3125 X509.getPublicKeyFromCertHex = function(h) {
+3126     var x = new X509();
+3127     x.readCertHex(h);
+3128     return x.getPublicKey();
+3129 };
+3130 
+3131 /**
+3132  * get RSA/DSA/ECDSA public key object from PEM certificate string
+3133  * @name getPublicKeyFromCertPEM
+3134  * @memberOf X509
+3135  * @function
+3136  * @param {String} sCertPEM PEM formatted RSA/ECDSA/DSA X.509 certificate
+3137  * @return returns RSAKey/KJUR.crypto.{ECDSA,DSA} object of public key
+3138  * @since x509 1.1.1
+3139  * @description
+3140  * NOTE: DSA is also supported since x509 1.1.2.
+3141  */
+3142 X509.getPublicKeyFromCertPEM = function(sCertPEM) {
+3143     var x = new X509();
+3144     x.readCertPEM(sCertPEM);
+3145     return x.getPublicKey();
+3146 };
+3147 
+3148 /**
+3149  * get public key information from PEM certificate
+3150  * @name getPublicKeyInfoPropOfCertPEM
+3151  * @memberOf X509
+3152  * @function
+3153  * @param {String} sCertPEM string of PEM formatted certificate
+3154  * @return {Hash} hash of information for public key
+3155  * @since x509 1.1.1
+3156  * @description
+3157  * Resulted associative array has following properties:<br/>
+3158  * <ul>
+3159  * <li>algoid - hexadecimal string of OID of asymmetric key algorithm</li>
+3160  * <li>algparam - hexadecimal string of OID of ECC curve name or null</li>
+3161  * <li>keyhex - hexadecimal string of key in the certificate</li>
+3162  * </ul>
+3163  * NOTE: X509v1 certificate is also supported since x509.js 1.1.9.
+3164  */
+3165 X509.getPublicKeyInfoPropOfCertPEM = function(sCertPEM) {
+3166     var _ASN1HEX = ASN1HEX;
+3167     var _getVbyList = _ASN1HEX.getVbyList;
+3168 
+3169     var result = {};
+3170     var x, hSPKI, pubkey;
+3171     result.algparam = null;
+3172 
+3173     x = new X509();
+3174     x.readCertPEM(sCertPEM);
+3175 
+3176     hSPKI = x.getPublicKeyHex();
+3177     result.keyhex = _getVbyList(hSPKI, 0, [1], "03").substr(2);
+3178     result.algoid = _getVbyList(hSPKI, 0, [0, 0], "06");
+3179 
+3180     if (result.algoid === "2a8648ce3d0201") { // ecPublicKey
+3181 	result.algparam = _getVbyList(hSPKI, 0, [0, 1], "06");
+3182     };
+3183 
+3184     return result;
+3185 };
+3186 
+3187 /* ======================================================================
+3188  *   Specific V3 Extensions
+3189  * ====================================================================== */
+3190 
+3191 X509.KEYUSAGE_NAME = [
+3192     "digitalSignature",
+3193     "nonRepudiation",
+3194     "keyEncipherment",
+3195     "dataEncipherment",
+3196     "keyAgreement",
+3197     "keyCertSign",
+3198     "cRLSign",
+3199     "encipherOnly",
+3200     "decipherOnly"
+3201 ];
+3202
\ No newline at end of file diff --git a/api/symbols/src/x509crl.js.html b/api/symbols/src/x509crl.js.html index 390ab5ac..3b6c7d4f 100644 --- a/api/symbols/src/x509crl.js.html +++ b/api/symbols/src/x509crl.js.html @@ -514,4 +514,4 @@ 507 this._setPos(); 508 } 509 }; -510 +510 \ No newline at end of file diff --git a/bower.json b/bower.json index a12f9463..b853a7cc 100644 --- a/bower.json +++ b/bower.json @@ -1,6 +1,6 @@ { "name": "kjur-jsrsasign", - "version": "10.5.14", + "version": "10.5.15", "main": "jsrsasign-all-min.js", "description": "The 'jsrsasign' (RSA-Sign JavaScript Library) is an opensource free cryptography library supporting RSA/RSAPSS/ECDSA/DSA signing/validation, ASN.1, PKCS#1/5/8 private/public key, X.509 certificate, CRL, OCSP, CMS SignedData, TimeStamp, CAdES, JWS and JWT in pure JavaScript.", "license": "MIT", diff --git a/jsrsasign-all-min.js b/jsrsasign-all-min.js index 834e9d97..2cee381b 100644 --- a/jsrsasign-all-min.js +++ b/jsrsasign-all-min.js @@ -1,5 +1,5 @@ /* - * jsrsasign(all) 10.5.14 (2022-03-28) (c) 2010-2021 Kenji Urushima | kjur.github.io/jsrsasign/license + * jsrsasign(all) 10.5.15 (2022-04-06) (c) 2010-2021 Kenji Urushima | kjur.github.io/jsrsasign/license */ /*! CryptoJS v3.1.2 core-fix.js @@ -233,7 +233,7 @@ if(typeof KJUR=="undefined"||!KJUR){KJUR={}}if(typeof KJUR.crypto=="undefined"|| var KEYUTIL=function(){var d=function(p,r,q){return k(CryptoJS.AES,p,r,q)};var e=function(p,r,q){return k(CryptoJS.TripleDES,p,r,q)};var a=function(p,r,q){return k(CryptoJS.DES,p,r,q)};var k=function(s,x,u,q){var r=CryptoJS.enc.Hex.parse(x);var w=CryptoJS.enc.Hex.parse(u);var p=CryptoJS.enc.Hex.parse(q);var t={};t.key=w;t.iv=p;t.ciphertext=r;var v=s.decrypt(t,w,{iv:p});return CryptoJS.enc.Hex.stringify(v)};var l=function(p,r,q){return g(CryptoJS.AES,p,r,q)};var o=function(p,r,q){return g(CryptoJS.TripleDES,p,r,q)};var f=function(p,r,q){return g(CryptoJS.DES,p,r,q)};var g=function(t,y,v,q){var s=CryptoJS.enc.Hex.parse(y);var x=CryptoJS.enc.Hex.parse(v);var p=CryptoJS.enc.Hex.parse(q);var w=t.encrypt(s,x,{iv:p});var r=CryptoJS.enc.Hex.parse(w.toString());var u=CryptoJS.enc.Base64.stringify(r);return u};var i={"AES-256-CBC":{proc:d,eproc:l,keylen:32,ivlen:16},"AES-192-CBC":{proc:d,eproc:l,keylen:24,ivlen:16},"AES-128-CBC":{proc:d,eproc:l,keylen:16,ivlen:16},"DES-EDE3-CBC":{proc:e,eproc:o,keylen:24,ivlen:8},"DES-CBC":{proc:a,eproc:f,keylen:8,ivlen:8}};var c=function(p){return i[p]["proc"]};var m=function(p){var r=CryptoJS.lib.WordArray.random(p);var q=CryptoJS.enc.Hex.stringify(r);return q};var n=function(v){var w={};var q=v.match(new RegExp("DEK-Info: ([^,]+),([0-9A-Fa-f]+)","m"));if(q){w.cipher=q[1];w.ivsalt=q[2]}var p=v.match(new RegExp("-----BEGIN ([A-Z]+) PRIVATE KEY-----"));if(p){w.type=p[1]}var u=-1;var x=0;if(v.indexOf("\r\n\r\n")!=-1){u=v.indexOf("\r\n\r\n");x=2}if(v.indexOf("\n\n")!=-1){u=v.indexOf("\n\n");x=1}var t=v.indexOf("-----END");if(u!=-1&&t!=-1){var r=v.substring(u+x*2,t-x);r=r.replace(/\s+/g,"");w.data=r}return w};var j=function(q,y,p){var v=p.substring(0,16);var t=CryptoJS.enc.Hex.parse(v);var r=CryptoJS.enc.Utf8.parse(y);var u=i[q]["keylen"]+i[q]["ivlen"];var x="";var w=null;for(;;){var s=CryptoJS.algo.MD5.create();if(w!=null){s.update(w)}s.update(r);s.update(t);w=s.finalize();x=x+CryptoJS.enc.Hex.stringify(w);if(x.length>=u*2){break}}var z={};z.keyhex=x.substr(0,i[q]["keylen"]*2);z.ivhex=x.substr(i[q]["keylen"]*2,i[q]["ivlen"]*2);return z};var b=function(p,v,r,w){var s=CryptoJS.enc.Base64.parse(p);var q=CryptoJS.enc.Hex.stringify(s);var u=i[v]["proc"];var t=u(q,r,w);return t};var h=function(p,s,q,u){var r=i[s]["eproc"];var t=r(p,q,u);return t};return{version:"1.0.0",parsePKCS5PEM:function(p){return n(p)},getKeyAndUnusedIvByPasscodeAndIvsalt:function(q,p,r){return j(q,p,r)},decryptKeyB64:function(p,r,q,s){return b(p,r,q,s)},getDecryptedKeyHex:function(y,x){var q=n(y);var t=q.type;var r=q.cipher;var p=q.ivsalt;var s=q.data;var w=j(r,x,p);var v=w.keyhex;var u=b(s,r,v,p);return u},getEncryptedPKCS5PEMFromPrvKeyHex:function(x,s,A,t,r){var p="";if(typeof t=="undefined"||t==null){t="AES-256-CBC"}if(typeof i[t]=="undefined"){throw new Error("KEYUTIL unsupported algorithm: "+t)}if(typeof r=="undefined"||r==null){var v=i[t]["ivlen"];var u=m(v);r=u.toUpperCase()}var z=j(t,A,r);var y=z.keyhex;var w=h(s,t,y,r);var q=w.replace(/(.{64})/g,"$1\r\n");var p="-----BEGIN "+x+" PRIVATE KEY-----\r\n";p+="Proc-Type: 4,ENCRYPTED\r\n";p+="DEK-Info: "+t+","+r+"\r\n";p+="\r\n";p+=q;p+="\r\n-----END "+x+" PRIVATE KEY-----\r\n";return p},parseHexOfEncryptedPKCS8:function(y){var B=ASN1HEX;var z=B.getChildIdx;var w=B.getV;var t={};var r=z(y,0);if(r.length!=2){throw new Error("malformed format: SEQUENCE(0).items != 2: "+r.length)}t.ciphertext=w(y,r[1]);var A=z(y,r[0]);if(A.length!=2){throw new Error("malformed format: SEQUENCE(0.0).items != 2: "+A.length)}if(w(y,A[0])!="2a864886f70d01050d"){throw new Error("this only supports pkcs5PBES2")}var p=z(y,A[1]);if(A.length!=2){throw new Error("malformed format: SEQUENCE(0.0.1).items != 2: "+p.length)}var q=z(y,p[1]);if(q.length!=2){throw new Error("malformed format: SEQUENCE(0.0.1.1).items != 2: "+q.length)}if(w(y,q[0])!="2a864886f70d0307"){throw"this only supports TripleDES"}t.encryptionSchemeAlg="TripleDES";t.encryptionSchemeIV=w(y,q[1]);var s=z(y,p[0]);if(s.length!=2){throw new Error("malformed format: SEQUENCE(0.0.1.0).items != 2: "+s.length)}if(w(y,s[0])!="2a864886f70d01050c"){throw new Error("this only supports pkcs5PBKDF2")}var x=z(y,s[1]);if(x.length<2){throw new Error("malformed format: SEQUENCE(0.0.1.0.1).items < 2: "+x.length)}t.pbkdf2Salt=w(y,x[0]);var u=w(y,x[1]);try{t.pbkdf2Iter=parseInt(u,16)}catch(v){throw new Error("malformed format pbkdf2Iter: "+u)}return t},getPBKDF2KeyHexFromParam:function(u,p){var t=CryptoJS.enc.Hex.parse(u.pbkdf2Salt);var q=u.pbkdf2Iter;var s=CryptoJS.PBKDF2(p,t,{keySize:192/32,iterations:q});var r=CryptoJS.enc.Hex.stringify(s);return r},_getPlainPKCS8HexFromEncryptedPKCS8PEM:function(x,y){var r=pemtohex(x,"ENCRYPTED PRIVATE KEY");var p=this.parseHexOfEncryptedPKCS8(r);var u=KEYUTIL.getPBKDF2KeyHexFromParam(p,y);var v={};v.ciphertext=CryptoJS.enc.Hex.parse(p.ciphertext);var t=CryptoJS.enc.Hex.parse(u);var s=CryptoJS.enc.Hex.parse(p.encryptionSchemeIV);var w=CryptoJS.TripleDES.decrypt(v,t,{iv:s});var q=CryptoJS.enc.Hex.stringify(w);return q},getKeyFromEncryptedPKCS8PEM:function(s,q){var p=this._getPlainPKCS8HexFromEncryptedPKCS8PEM(s,q);var r=this.getKeyFromPlainPrivatePKCS8Hex(p);return r},parsePlainPrivatePKCS8Hex:function(s){var v=ASN1HEX;var u=v.getChildIdx;var t=v.getV;var q={};q.algparam=null;if(s.substr(0,2)!="30"){throw new Error("malformed plain PKCS8 private key(code:001)")}var r=u(s,0);if(r.length<3){throw new Error("malformed plain PKCS8 private key(code:002)")}if(s.substr(r[1],2)!="30"){throw new Error("malformed PKCS8 private key(code:003)")}var p=u(s,r[1]);if(p.length!=2){throw new Error("malformed PKCS8 private key(code:004)")}if(s.substr(p[0],2)!="06"){throw new Error("malformed PKCS8 private key(code:005)")}q.algoid=t(s,p[0]);if(s.substr(p[1],2)=="06"){q.algparam=t(s,p[1])}if(s.substr(r[2],2)!="04"){throw new Error("malformed PKCS8 private key(code:006)")}q.keyidx=v.getVidx(s,r[2]);return q},getKeyFromPlainPrivatePKCS8PEM:function(q){var p=pemtohex(q,"PRIVATE KEY");var r=this.getKeyFromPlainPrivatePKCS8Hex(p);return r},getKeyFromPlainPrivatePKCS8Hex:function(p){var q=this.parsePlainPrivatePKCS8Hex(p);var r;if(q.algoid=="2a864886f70d010101"){r=new RSAKey()}else{if(q.algoid=="2a8648ce380401"){r=new KJUR.crypto.DSA()}else{if(q.algoid=="2a8648ce3d0201"){r=new KJUR.crypto.ECDSA()}else{throw new Error("unsupported private key algorithm")}}}r.readPKCS8PrvKeyHex(p);return r},_getKeyFromPublicPKCS8Hex:function(q){var p;var r=ASN1HEX.getVbyList(q,0,[0,0],"06");if(r==="2a864886f70d010101"){p=new RSAKey()}else{if(r==="2a8648ce380401"){p=new KJUR.crypto.DSA()}else{if(r==="2a8648ce3d0201"){p=new KJUR.crypto.ECDSA()}else{throw new Error("unsupported PKCS#8 public key hex")}}}p.readPKCS8PubKeyHex(q);return p},parsePublicRawRSAKeyHex:function(r){var u=ASN1HEX;var t=u.getChildIdx;var s=u.getV;var p={};if(r.substr(0,2)!="30"){throw new Error("malformed RSA key(code:001)")}var q=t(r,0);if(q.length!=2){throw new Error("malformed RSA key(code:002)")}if(r.substr(q[0],2)!="02"){throw new Error("malformed RSA key(code:003)")}p.n=s(r,q[0]);if(r.substr(q[1],2)!="02"){throw new Error("malformed RSA key(code:004)")}p.e=s(r,q[1]);return p},parsePublicPKCS8Hex:function(t){var v=ASN1HEX;var u=v.getChildIdx;var s=v.getV;var q={};q.algparam=null;var r=u(t,0);if(r.length!=2){throw new Error("outer DERSequence shall have 2 elements: "+r.length)}var w=r[0];if(t.substr(w,2)!="30"){throw new Error("malformed PKCS8 public key(code:001)")}var p=u(t,w);if(p.length!=2){throw new Error("malformed PKCS8 public key(code:002)")}if(t.substr(p[0],2)!="06"){throw new Error("malformed PKCS8 public key(code:003)")}q.algoid=s(t,p[0]);if(t.substr(p[1],2)=="06"){q.algparam=s(t,p[1])}else{if(t.substr(p[1],2)=="30"){q.algparam={};q.algparam.p=v.getVbyList(t,p[1],[0],"02");q.algparam.q=v.getVbyList(t,p[1],[1],"02");q.algparam.g=v.getVbyList(t,p[1],[2],"02")}}if(t.substr(r[1],2)!="03"){throw new Error("malformed PKCS8 public key(code:004)")}q.key=s(t,r[1]).substr(2);return q},}}();KEYUTIL.getKey=function(l,k,n){var G=ASN1HEX,L=G.getChildIdx,v=G.getV,d=G.getVbyList,c=KJUR.crypto,i=c.ECDSA,C=c.DSA,w=RSAKey,M=pemtohex,F=KEYUTIL;if(typeof w!="undefined"&&l instanceof w){return l}if(typeof i!="undefined"&&l instanceof i){return l}if(typeof C!="undefined"&&l instanceof C){return l}if(l.curve!==undefined&&l.xy!==undefined&&l.d===undefined){return new i({pub:l.xy,curve:l.curve})}if(l.curve!==undefined&&l.d!==undefined){return new i({prv:l.d,curve:l.curve})}if(l.kty===undefined&&l.n!==undefined&&l.e!==undefined&&l.d===undefined){var P=new w();P.setPublic(l.n,l.e);return P}if(l.kty===undefined&&l.n!==undefined&&l.e!==undefined&&l.d!==undefined&&l.p!==undefined&&l.q!==undefined&&l.dp!==undefined&&l.dq!==undefined&&l.co!==undefined&&l.qi===undefined){var P=new w();P.setPrivateEx(l.n,l.e,l.d,l.p,l.q,l.dp,l.dq,l.co);return P}if(l.kty===undefined&&l.n!==undefined&&l.e!==undefined&&l.d!==undefined&&l.p===undefined){var P=new w();P.setPrivate(l.n,l.e,l.d);return P}if(l.p!==undefined&&l.q!==undefined&&l.g!==undefined&&l.y!==undefined&&l.x===undefined){var P=new C();P.setPublic(l.p,l.q,l.g,l.y);return P}if(l.p!==undefined&&l.q!==undefined&&l.g!==undefined&&l.y!==undefined&&l.x!==undefined){var P=new C();P.setPrivate(l.p,l.q,l.g,l.y,l.x);return P}if(l.kty==="RSA"&&l.n!==undefined&&l.e!==undefined&&l.d===undefined){var P=new w();P.setPublic(b64utohex(l.n),b64utohex(l.e));return P}if(l.kty==="RSA"&&l.n!==undefined&&l.e!==undefined&&l.d!==undefined&&l.p!==undefined&&l.q!==undefined&&l.dp!==undefined&&l.dq!==undefined&&l.qi!==undefined){var P=new w();P.setPrivateEx(b64utohex(l.n),b64utohex(l.e),b64utohex(l.d),b64utohex(l.p),b64utohex(l.q),b64utohex(l.dp),b64utohex(l.dq),b64utohex(l.qi));return P}if(l.kty==="RSA"&&l.n!==undefined&&l.e!==undefined&&l.d!==undefined){var P=new w();P.setPrivate(b64utohex(l.n),b64utohex(l.e),b64utohex(l.d));return P}if(l.kty==="EC"&&l.crv!==undefined&&l.x!==undefined&&l.y!==undefined&&l.d===undefined){var j=new i({curve:l.crv});var t=j.ecparams.keycharlen;var B=("0000000000"+b64utohex(l.x)).slice(-t);var z=("0000000000"+b64utohex(l.y)).slice(-t);var u="04"+B+z;j.setPublicKeyHex(u);return j}if(l.kty==="EC"&&l.crv!==undefined&&l.x!==undefined&&l.y!==undefined&&l.d!==undefined){var j=new i({curve:l.crv});var t=j.ecparams.keycharlen;var B=("0000000000"+b64utohex(l.x)).slice(-t);var z=("0000000000"+b64utohex(l.y)).slice(-t);var u="04"+B+z;var b=("0000000000"+b64utohex(l.d)).slice(-t);j.setPublicKeyHex(u);j.setPrivateKeyHex(b);return j}if(n==="pkcs5prv"){var J=l,G=ASN1HEX,N,P;N=L(J,0);if(N.length===9){P=new w();P.readPKCS5PrvKeyHex(J)}else{if(N.length===6){P=new C();P.readPKCS5PrvKeyHex(J)}else{if(N.length>2&&J.substr(N[1],2)==="04"){P=new i();P.readPKCS5PrvKeyHex(J)}else{throw new Error("unsupported PKCS#1/5 hexadecimal key")}}}return P}if(n==="pkcs8prv"){var P=F.getKeyFromPlainPrivatePKCS8Hex(l);return P}if(n==="pkcs8pub"){return F._getKeyFromPublicPKCS8Hex(l)}if(n==="x509pub"){return X509.getPublicKeyFromCertHex(l)}if(l.indexOf("-END CERTIFICATE-",0)!=-1||l.indexOf("-END X509 CERTIFICATE-",0)!=-1||l.indexOf("-END TRUSTED CERTIFICATE-",0)!=-1){return X509.getPublicKeyFromCertPEM(l)}if(l.indexOf("-END PUBLIC KEY-")!=-1){var O=pemtohex(l,"PUBLIC KEY");return F._getKeyFromPublicPKCS8Hex(O)}if(l.indexOf("-END RSA PRIVATE KEY-")!=-1&&l.indexOf("4,ENCRYPTED")==-1){var m=M(l,"RSA PRIVATE KEY");return F.getKey(m,null,"pkcs5prv")}if(l.indexOf("-END DSA PRIVATE KEY-")!=-1&&l.indexOf("4,ENCRYPTED")==-1){var I=M(l,"DSA PRIVATE KEY");var E=d(I,0,[1],"02");var D=d(I,0,[2],"02");var K=d(I,0,[3],"02");var r=d(I,0,[4],"02");var s=d(I,0,[5],"02");var P=new C();P.setPrivate(new BigInteger(E,16),new BigInteger(D,16),new BigInteger(K,16),new BigInteger(r,16),new BigInteger(s,16));return P}if(l.indexOf("-END EC PRIVATE KEY-")!=-1&&l.indexOf("4,ENCRYPTED")==-1){var m=M(l,"EC PRIVATE KEY");return F.getKey(m,null,"pkcs5prv")}if(l.indexOf("-END PRIVATE KEY-")!=-1){return F.getKeyFromPlainPrivatePKCS8PEM(l)}if(l.indexOf("-END RSA PRIVATE KEY-")!=-1&&l.indexOf("4,ENCRYPTED")!=-1){var o=F.getDecryptedKeyHex(l,k);var H=new RSAKey();H.readPKCS5PrvKeyHex(o);return H}if(l.indexOf("-END EC PRIVATE KEY-")!=-1&&l.indexOf("4,ENCRYPTED")!=-1){var I=F.getDecryptedKeyHex(l,k);var P=d(I,0,[1],"04");var f=d(I,0,[2,0],"06");var A=d(I,0,[3,0],"03").substr(2);var e="";if(KJUR.crypto.OID.oidhex2name[f]!==undefined){e=KJUR.crypto.OID.oidhex2name[f]}else{throw new Error("undefined OID(hex) in KJUR.crypto.OID: "+f)}var j=new i({curve:e});j.setPublicKeyHex(A);j.setPrivateKeyHex(P);j.isPublic=false;return j}if(l.indexOf("-END DSA PRIVATE KEY-")!=-1&&l.indexOf("4,ENCRYPTED")!=-1){var I=F.getDecryptedKeyHex(l,k);var E=d(I,0,[1],"02");var D=d(I,0,[2],"02");var K=d(I,0,[3],"02");var r=d(I,0,[4],"02");var s=d(I,0,[5],"02");var P=new C();P.setPrivate(new BigInteger(E,16),new BigInteger(D,16),new BigInteger(K,16),new BigInteger(r,16),new BigInteger(s,16));return P}if(l.indexOf("-END ENCRYPTED PRIVATE KEY-")!=-1){return F.getKeyFromEncryptedPKCS8PEM(l,k)}throw new Error("not supported argument")};KEYUTIL.generateKeypair=function(a,c){if(a=="RSA"){var b=c;var h=new RSAKey();h.generate(b,"10001");h.isPrivate=true;h.isPublic=true;var f=new RSAKey();var e=h.n.toString(16);var i=h.e.toString(16);f.setPublic(e,i);f.isPrivate=false;f.isPublic=true;var k={};k.prvKeyObj=h;k.pubKeyObj=f;return k}else{if(a=="EC"){var d=c;var g=new KJUR.crypto.ECDSA({curve:d});var j=g.generateKeyPairHex();var h=new KJUR.crypto.ECDSA({curve:d});h.setPublicKeyHex(j.ecpubhex);h.setPrivateKeyHex(j.ecprvhex);h.isPrivate=true;h.isPublic=false;var f=new KJUR.crypto.ECDSA({curve:d});f.setPublicKeyHex(j.ecpubhex);f.isPrivate=false;f.isPublic=true;var k={};k.prvKeyObj=h;k.pubKeyObj=f;return k}else{throw new Error("unknown algorithm: "+a)}}};KEYUTIL.getPEM=function(b,D,y,m,q,j){var F=KJUR,k=F.asn1,z=k.DERObjectIdentifier,f=k.DERInteger,l=k.ASN1Util.newObject,a=k.x509,C=a.SubjectPublicKeyInfo,e=F.crypto,u=e.DSA,r=e.ECDSA,n=RSAKey;function A(s){var H=l({seq:[{"int":0},{"int":{bigint:s.n}},{"int":s.e},{"int":{bigint:s.d}},{"int":{bigint:s.p}},{"int":{bigint:s.q}},{"int":{bigint:s.dmp1}},{"int":{bigint:s.dmq1}},{"int":{bigint:s.coeff}}]});return H}function B(H){var s=l({seq:[{"int":1},{octstr:{hex:H.prvKeyHex}},{tag:["a0",true,{oid:{name:H.curveName}}]},{tag:["a1",true,{bitstr:{hex:"00"+H.pubKeyHex}}]}]});return s}function x(s){var H=l({seq:[{"int":0},{"int":{bigint:s.p}},{"int":{bigint:s.q}},{"int":{bigint:s.g}},{"int":{bigint:s.y}},{"int":{bigint:s.x}}]});return H}if(((n!==undefined&&b instanceof n)||(u!==undefined&&b instanceof u)||(r!==undefined&&b instanceof r))&&b.isPublic==true&&(D===undefined||D=="PKCS8PUB")){var E=new C(b);var w=E.getEncodedHex();return hextopem(w,"PUBLIC KEY")}if(D=="PKCS1PRV"&&n!==undefined&&b instanceof n&&(y===undefined||y==null)&&b.isPrivate==true){var E=A(b);var w=E.getEncodedHex();return hextopem(w,"RSA PRIVATE KEY")}if(D=="PKCS1PRV"&&r!==undefined&&b instanceof r&&(y===undefined||y==null)&&b.isPrivate==true){var i=new z({name:b.curveName});var v=i.getEncodedHex();var h=B(b);var t=h.getEncodedHex();var p="";p+=hextopem(v,"EC PARAMETERS");p+=hextopem(t,"EC PRIVATE KEY");return p}if(D=="PKCS1PRV"&&u!==undefined&&b instanceof u&&(y===undefined||y==null)&&b.isPrivate==true){var E=x(b);var w=E.getEncodedHex();return hextopem(w,"DSA PRIVATE KEY")}if(D=="PKCS5PRV"&&n!==undefined&&b instanceof n&&(y!==undefined&&y!=null)&&b.isPrivate==true){var E=A(b);var w=E.getEncodedHex();if(m===undefined){m="DES-EDE3-CBC"}return this.getEncryptedPKCS5PEMFromPrvKeyHex("RSA",w,y,m,j)}if(D=="PKCS5PRV"&&r!==undefined&&b instanceof r&&(y!==undefined&&y!=null)&&b.isPrivate==true){var E=B(b);var w=E.getEncodedHex();if(m===undefined){m="DES-EDE3-CBC"}return this.getEncryptedPKCS5PEMFromPrvKeyHex("EC",w,y,m,j)}if(D=="PKCS5PRV"&&u!==undefined&&b instanceof u&&(y!==undefined&&y!=null)&&b.isPrivate==true){var E=x(b);var w=E.getEncodedHex();if(m===undefined){m="DES-EDE3-CBC"}return this.getEncryptedPKCS5PEMFromPrvKeyHex("DSA",w,y,m,j)}var o=function(H,s){var J=c(H,s);var I=new l({seq:[{seq:[{oid:{name:"pkcs5PBES2"}},{seq:[{seq:[{oid:{name:"pkcs5PBKDF2"}},{seq:[{octstr:{hex:J.pbkdf2Salt}},{"int":J.pbkdf2Iter}]}]},{seq:[{oid:{name:"des-EDE3-CBC"}},{octstr:{hex:J.encryptionSchemeIV}}]}]}]},{octstr:{hex:J.ciphertext}}]});return I.getEncodedHex()};var c=function(O,P){var I=100;var N=CryptoJS.lib.WordArray.random(8);var M="DES-EDE3-CBC";var s=CryptoJS.lib.WordArray.random(8);var J=CryptoJS.PBKDF2(P,N,{keySize:192/32,iterations:I});var K=CryptoJS.enc.Hex.parse(O);var L=CryptoJS.TripleDES.encrypt(K,J,{iv:s})+"";var H={};H.ciphertext=L;H.pbkdf2Salt=CryptoJS.enc.Hex.stringify(N);H.pbkdf2Iter=I;H.encryptionSchemeAlg=M;H.encryptionSchemeIV=CryptoJS.enc.Hex.stringify(s);return H};if(D=="PKCS8PRV"&&n!=undefined&&b instanceof n&&b.isPrivate==true){var g=A(b);var d=g.getEncodedHex();var E=l({seq:[{"int":0},{seq:[{oid:{name:"rsaEncryption"}},{"null":true}]},{octstr:{hex:d}}]});var w=E.getEncodedHex();if(y===undefined||y==null){return hextopem(w,"PRIVATE KEY")}else{var t=o(w,y);return hextopem(t,"ENCRYPTED PRIVATE KEY")}}if(D=="PKCS8PRV"&&r!==undefined&&b instanceof r&&b.isPrivate==true){var G={seq:[{"int":1},{octstr:{hex:b.prvKeyHex}}]};if(typeof b.pubKeyHex=="string"){G.seq.push({tag:["a1",true,{bitstr:{hex:"00"+b.pubKeyHex}}]})}var g=new l(G);var d=g.getEncodedHex();var E=l({seq:[{"int":0},{seq:[{oid:{name:"ecPublicKey"}},{oid:{name:b.curveName}}]},{octstr:{hex:d}}]});var w=E.getEncodedHex();if(y===undefined||y==null){return hextopem(w,"PRIVATE KEY")}else{var t=o(w,y);return hextopem(t,"ENCRYPTED PRIVATE KEY")}}if(D=="PKCS8PRV"&&u!==undefined&&b instanceof u&&b.isPrivate==true){var g=new f({bigint:b.x});var d=g.getEncodedHex();var E=l({seq:[{"int":0},{seq:[{oid:{name:"dsa"}},{seq:[{"int":{bigint:b.p}},{"int":{bigint:b.q}},{"int":{bigint:b.g}}]}]},{octstr:{hex:d}}]});var w=E.getEncodedHex();if(y===undefined||y==null){return hextopem(w,"PRIVATE KEY")}else{var t=o(w,y);return hextopem(t,"ENCRYPTED PRIVATE KEY")}}throw new Error("unsupported object nor format")};KEYUTIL.getKeyFromCSRPEM=function(b){var a=pemtohex(b,"CERTIFICATE REQUEST");var c=KEYUTIL.getKeyFromCSRHex(a);return c};KEYUTIL.getKeyFromCSRHex=function(a){var c=KEYUTIL.parseCSRHex(a);var b=KEYUTIL.getKey(c.p8pubkeyhex,null,"pkcs8pub");return b};KEYUTIL.parseCSRHex=function(d){var i=ASN1HEX;var f=i.getChildIdx;var c=i.getTLV;var b={};var g=d;if(g.substr(0,2)!="30"){throw new Error("malformed CSR(code:001)")}var e=f(g,0);if(e.length<1){throw new Error("malformed CSR(code:002)")}if(g.substr(e[0],2)!="30"){throw new Error("malformed CSR(code:003)")}var a=f(g,e[0]);if(a.length<3){throw new Error("malformed CSR(code:004)")}b.p8pubkeyhex=c(g,a[2]);return b};KEYUTIL.getKeyID=function(f){var c=KEYUTIL;var e=ASN1HEX;if(typeof f==="string"&&f.indexOf("BEGIN ")!=-1){f=c.getKey(f)}var d=pemtohex(c.getPEM(f));var b=e.getIdxbyList(d,0,[1]);var a=e.getV(d,b).substring(2);return KJUR.crypto.Util.hashHex(a,"sha1")};KEYUTIL.getJWK=function(d,h,g,b,f){var i;var k={};var e;var c=KJUR.crypto.Util.hashHex;if(typeof d=="string"){i=KEYUTIL.getKey(d);if(d.indexOf("CERTIFICATE")!=-1){e=pemtohex(d)}}else{if(typeof d=="object"){if(d instanceof X509){i=d.getPublicKey();e=d.hex}else{i=d}}else{throw new Error("unsupported keyinfo type")}}if(i instanceof RSAKey&&i.isPrivate){k.kty="RSA";k.n=hextob64u(i.n.toString(16));k.e=hextob64u(i.e.toString(16));k.d=hextob64u(i.d.toString(16));k.p=hextob64u(i.p.toString(16));k.q=hextob64u(i.q.toString(16));k.dp=hextob64u(i.dmp1.toString(16));k.dq=hextob64u(i.dmq1.toString(16));k.qi=hextob64u(i.coeff.toString(16))}else{if(i instanceof RSAKey&&i.isPublic){k.kty="RSA";k.n=hextob64u(i.n.toString(16));k.e=hextob64u(i.e.toString(16))}else{if(i instanceof KJUR.crypto.ECDSA&&i.isPrivate){var a=i.getShortNISTPCurveName();if(a!=="P-256"&&a!=="P-384"&&a!=="P-521"){throw new Error("unsupported curve name for JWT: "+a)}var j=i.getPublicKeyXYHex();k.kty="EC";k.crv=a;k.x=hextob64u(j.x);k.y=hextob64u(j.y);k.d=hextob64u(i.prvKeyHex)}else{if(i instanceof KJUR.crypto.ECDSA&&i.isPublic){var a=i.getShortNISTPCurveName();if(a!=="P-256"&&a!=="P-384"&&a!=="P-521"){throw new Error("unsupported curve name for JWT: "+a)}var j=i.getPublicKeyXYHex();k.kty="EC";k.crv=a;k.x=hextob64u(j.x);k.y=hextob64u(j.y)}}}}if(k.kty==undefined){throw new Error("unsupported keyinfo")}if((!i.isPrivate)&&h!=true){k.kid=KJUR.jws.JWS.getJWKthumbprint(k)}if(e!=undefined&&g!=true){k.x5c=[hex2b64(e)]}if(e!=undefined&&b!=true){k.x5t=b64tob64u(hex2b64(c(e,"sha1")))}if(e!=undefined&&f!=true){k["x5t#S256"]=b64tob64u(hex2b64(c(e,"sha256")))}return k};KEYUTIL.getJWKFromKey=function(a){return KEYUTIL.getJWK(a,true,true,true,true)}; RSAKey.getPosArrayOfChildrenFromHex=function(a){return ASN1HEX.getChildIdx(a,0)};RSAKey.getHexValueArrayOfChildrenFromHex=function(f){var n=ASN1HEX;var i=n.getV;var k=RSAKey.getPosArrayOfChildrenFromHex(f);var e=i(f,k[0]);var j=i(f,k[1]);var b=i(f,k[2]);var c=i(f,k[3]);var h=i(f,k[4]);var g=i(f,k[5]);var m=i(f,k[6]);var l=i(f,k[7]);var d=i(f,k[8]);var k=new Array();k.push(e,j,b,c,h,g,m,l,d);return k};RSAKey.prototype.readPrivateKeyFromPEMString=function(d){var c=pemtohex(d);var b=RSAKey.getHexValueArrayOfChildrenFromHex(c);this.setPrivateEx(b[1],b[2],b[3],b[4],b[5],b[6],b[7],b[8])};RSAKey.prototype.readPKCS5PrvKeyHex=function(c){var b=RSAKey.getHexValueArrayOfChildrenFromHex(c);this.setPrivateEx(b[1],b[2],b[3],b[4],b[5],b[6],b[7],b[8])};RSAKey.prototype.readPKCS8PrvKeyHex=function(e){var c,i,k,b,a,f,d,j;var m=ASN1HEX;var l=m.getVbyListEx;if(m.isASN1HEX(e)===false){throw new Error("not ASN.1 hex string")}try{c=l(e,0,[2,0,1],"02");i=l(e,0,[2,0,2],"02");k=l(e,0,[2,0,3],"02");b=l(e,0,[2,0,4],"02");a=l(e,0,[2,0,5],"02");f=l(e,0,[2,0,6],"02");d=l(e,0,[2,0,7],"02");j=l(e,0,[2,0,8],"02")}catch(g){throw new Error("malformed PKCS#8 plain RSA private key")}this.setPrivateEx(c,i,k,b,a,f,d,j)};RSAKey.prototype.readPKCS5PubKeyHex=function(c){var e=ASN1HEX;var b=e.getV;if(e.isASN1HEX(c)===false){throw new Error("keyHex is not ASN.1 hex string")}var a=e.getChildIdx(c,0);if(a.length!==2||c.substr(a[0],2)!=="02"||c.substr(a[1],2)!=="02"){throw new Error("wrong hex for PKCS#5 public key")}var f=b(c,a[0]);var d=b(c,a[1]);this.setPublic(f,d)};RSAKey.prototype.readPKCS8PubKeyHex=function(b){var c=ASN1HEX;if(c.isASN1HEX(b)===false){throw new Error("not ASN.1 hex string")}if(c.getTLVbyListEx(b,0,[0,0])!=="06092a864886f70d010101"){throw new Error("not PKCS8 RSA public key")}var a=c.getTLVbyListEx(b,0,[1,0]);this.readPKCS5PubKeyHex(a)};RSAKey.prototype.readCertPubKeyHex=function(b,d){var a,c;a=new X509();a.readCertHex(b);c=a.getPublicKeyHex();this.readPKCS8PubKeyHex(c)}; var _RE_HEXDECONLY=new RegExp("[^0-9a-f]","gi");function _rsasign_getHexPaddedDigestInfoForString(d,e,a){var b=function(f){return KJUR.crypto.Util.hashString(f,a)};var c=b(d);return KJUR.crypto.Util.getPaddedDigestInfoHex(c,a,e)}function _zeroPaddingOfSignature(e,d){var c="";var a=d/4-e.length;for(var b=0;b>24,(d&16711680)>>16,(d&65280)>>8,d&255]))));d+=1}return b}RSAKey.prototype.signPSS=function(e,a,d){var c=function(f){return KJUR.crypto.Util.hashHex(f,a)};var b=c(rstrtohex(e));if(d===undefined){d=-1}return this.signWithMessageHashPSS(b,a,d)};RSAKey.prototype.signWithMessageHashPSS=function(l,a,k){var b=hextorstr(l);var g=b.length;var m=this.n.bitLength()-1;var c=Math.ceil(m/8);var d;var o=function(i){return KJUR.crypto.Util.hashHex(i,a)};if(k===-1||k===undefined){k=g}else{if(k===-2){k=c-g-2}else{if(k<-2){throw new Error("invalid salt length")}}}if(c<(g+k+2)){throw new Error("data too long")}var f="";if(k>0){f=new Array(k);new SecureRandom().nextBytes(f);f=String.fromCharCode.apply(String,f)}var n=hextorstr(o(rstrtohex("\x00\x00\x00\x00\x00\x00\x00\x00"+b+f)));var j=[];for(d=0;d>(8*c-m))&255;q[0]&=~p;for(d=0;dk){return false}var j=this.doPublic(b);var i=j.toString(16);if(i.length+3!=k/4){return false}var e=i.replace(/^1f+00/,"");var g=_rsasign_getAlgNameAndHashFromHexDisgestInfo(e);if(g.length==0){return false}var d=g[0];var h=g[1];var a=function(m){return KJUR.crypto.Util.hashString(m,d)};var c=a(f);return(h==c)};RSAKey.prototype.verifyWithMessageHash=function(e,a){if(a.length!=Math.ceil(this.n.bitLength()/4)){return false}var b=parseBigInt(a,16);if(b.bitLength()>this.n.bitLength()){return 0}var h=this.doPublic(b);var g=h.toString(16).replace(/^1f+00/,"");var c=_rsasign_getAlgNameAndHashFromHexDisgestInfo(g);if(c.length==0){return false}var d=c[0];var f=c[1];return(f==e)};RSAKey.prototype.verifyPSS=function(c,b,a,f){var e=function(g){return KJUR.crypto.Util.hashHex(g,a)};var d=e(rstrtohex(c));if(f===undefined){f=-1}return this.verifyWithMessageHashPSS(d,b,a,f)};RSAKey.prototype.verifyWithMessageHashPSS=function(f,s,l,c){if(s.length!=Math.ceil(this.n.bitLength()/4)){return false}var k=new BigInteger(s,16);var r=function(i){return KJUR.crypto.Util.hashHex(i,l)};var j=hextorstr(f);var h=j.length;var g=this.n.bitLength()-1;var m=Math.ceil(g/8);var q;if(c===-1||c===undefined){c=h}else{if(c===-2){c=m-h-2}else{if(c<-2){throw new Error("invalid salt length")}}}if(m<(h+c+2)){throw new Error("data too long")}var a=this.doPublic(k).toByteArray();for(q=0;q>(8*m-g))&255;if((d.charCodeAt(0)&p)!==0){throw new Error("bits beyond keysize not zero")}var n=pss_mgf1_str(e,d.length,r);var o=[];for(q=0;q1){var F=b(B,A[1]);var z=this.getGeneralName(F);if(z.uri!=undefined){y.uri=z.uri}}if(A.length>2){var C=b(B,A[2]);if(C=="0101ff"){y.reqauth=true}if(C=="010100"){y.reqauth=false}}return y};var e=function(D){var y={};try{var A=D.seq[0].oid;var C=KJUR.asn1.x509.OID.name2oid(A);y.type=KJUR.asn1.x509.OID.oid2atype(C);var z=D.seq[1];if(z.utf8str!=undefined){y.ds="utf8";y.value=z.utf8str.str}else{if(z.numstr!=undefined){y.ds="num";y.value=z.numstr.str}else{if(z.telstr!=undefined){y.ds="tel";y.value=z.telstr.str}else{if(z.prnstr!=undefined){y.ds="prn";y.value=z.prnstr.str}else{if(z.ia5str!=undefined){y.ds="ia5";y.value=z.ia5str.str}else{if(z.visstr!=undefined){y.ds="vis";y.value=z.visstr.str}else{if(z.bmpstr!=undefined){y.ds="bmp";y.value=z.bmpstr.str}else{throw"error"}}}}}}}return y}catch(B){throw new Erorr("improper ASN.1 parsed AttrTypeAndValue")}};var i=function(z){try{return z.set.map(function(A){return e(A)})}catch(y){throw new Error("improper ASN.1 parsed RDN: "+y)}};var h=function(z){try{return z.seq.map(function(A){return i(A)})}catch(y){throw new Error("improper ASN.1 parsed X500Name: "+y)}};this.getX500NameRule=function(y){var F=true;var J=true;var I=false;var z="";var C="";var L=null;var G=[];for(var B=0;B0){y.ext=this.getExtParamArray()}y.sighex=this.getSignatureValueHex();return y};this.getExtParamArray=function(z){if(z==undefined){var B=f(this.hex,0,[0,"[3]"]);if(B!=-1){z=p(this.hex,0,[0,"[3]",0],"30")}}var y=[];var A=r(z,0);for(var C=0;C1){var F=b(B,A[1]);var z=this.getGeneralName(F);if(z.uri!=undefined){y.uri=z.uri}}if(A.length>2){var C=b(B,A[2]);if(C=="0101ff"){y.reqauth=true}if(C=="010100"){y.reqauth=false}}return y};var e=function(D){var y={};try{var A=D.seq[0].oid;var C=KJUR.asn1.x509.OID.name2oid(A);y.type=KJUR.asn1.x509.OID.oid2atype(C);var z=D.seq[1];if(z.utf8str!=undefined){y.ds="utf8";y.value=z.utf8str.str}else{if(z.numstr!=undefined){y.ds="num";y.value=z.numstr.str}else{if(z.telstr!=undefined){y.ds="tel";y.value=z.telstr.str}else{if(z.prnstr!=undefined){y.ds="prn";y.value=z.prnstr.str}else{if(z.ia5str!=undefined){y.ds="ia5";y.value=z.ia5str.str}else{if(z.visstr!=undefined){y.ds="vis";y.value=z.visstr.str}else{if(z.bmpstr!=undefined){y.ds="bmp";y.value=z.bmpstr.str}else{throw"error"}}}}}}}return y}catch(B){throw new Erorr("improper ASN.1 parsed AttrTypeAndValue")}};var i=function(z){try{return z.set.map(function(A){return e(A)})}catch(y){throw new Error("improper ASN.1 parsed RDN: "+y)}};var h=function(z){try{return z.seq.map(function(A){return i(A)})}catch(y){throw new Error("improper ASN.1 parsed X500Name: "+y)}};this.getX500NameRule=function(y){var F=true;var J=true;var I=false;var z="";var C="";var L=null;var G=[];for(var B=0;B0){y.ext=this.getExtParamArray()}y.sighex=this.getSignatureValueHex();return y};this.getExtParamArray=function(z){if(z==undefined){var B=f(this.hex,0,[0,"[3]"]);if(B!=-1){z=p(this.hex,0,[0,"[3]",0],"30")}}var y=[];var A=r(z,0);for(var C=0;C0){var b=":"+n.join(":")+":";if(b.indexOf(":"+k+":")==-1){throw"algorithm '"+k+"' not accepted in the list"}}if(k!="none"&&B===null){throw"key shall be specified to verify."}if(typeof B=="string"&&B.indexOf("-----BEGIN ")!=-1){B=KEYUTIL.getKey(B)}if(z=="RS"||z=="PS"){if(!(B instanceof m)){throw"key shall be a RSAKey obj for RS* and PS* algs"}}if(z=="ES"){if(!(B instanceof p)){throw"key shall be a ECDSA obj for ES* algs"}}if(k=="none"){}var u=null;if(t.jwsalg2sigalg[l.alg]===undefined){throw"unsupported alg name: "+k}else{u=t.jwsalg2sigalg[k]}if(u=="none"){throw"not supported"}else{if(u.substr(0,4)=="Hmac"){var o=null;if(B===undefined){throw"hexadecimal key shall be specified for HMAC"}var j=new s({alg:u,pass:B});j.updateString(c);o=j.doFinal();return A==o}else{if(u.indexOf("withECDSA")!=-1){var h=null;try{h=p.concatSigToASN1Sig(A)}catch(v){return false}var g=new d({alg:u});g.init(B);g.updateString(c);return g.verify(h)}else{var g=new d({alg:u});g.init(B);g.updateString(c);return g.verify(A)}}}};KJUR.jws.JWS.parse=function(g){var c=g.split(".");var b={};var f,e,d;if(c.length!=2&&c.length!=3){throw"malformed sJWS: wrong number of '.' splitted elements"}f=c[0];e=c[1];if(c.length==3){d=c[2]}b.headerObj=KJUR.jws.JWS.readSafeJSONString(b64utoutf8(f));b.payloadObj=KJUR.jws.JWS.readSafeJSONString(b64utoutf8(e));b.headerPP=JSON.stringify(b.headerObj,null," ");if(b.payloadObj==null){b.payloadPP=b64utoutf8(e)}else{b.payloadPP=JSON.stringify(b.payloadObj,null," ")}if(d!==undefined){b.sigHex=b64utohex(d)}return b};KJUR.jws.JWS.verifyJWT=function(e,l,r){var d=KJUR,j=d.jws,o=j.JWS,n=o.readSafeJSONString,p=o.inArray,f=o.includedArray;var k=e.split(".");var c=k[0];var i=k[1];var q=c+"."+i;var m=b64utohex(k[2]);var h=n(b64utoutf8(c));var g=n(b64utoutf8(i));if(h.alg===undefined){return false}if(r.alg===undefined){throw"acceptField.alg shall be specified"}if(!p(h.alg,r.alg)){return false}if(g.iss!==undefined&&typeof r.iss==="object"){if(!p(g.iss,r.iss)){return false}}if(g.sub!==undefined&&typeof r.sub==="object"){if(!p(g.sub,r.sub)){return false}}if(g.aud!==undefined&&typeof r.aud==="object"){if(typeof g.aud=="string"){if(!p(g.aud,r.aud)){return false}}else{if(typeof g.aud=="object"){if(!f(g.aud,r.aud)){return false}}}}var b=j.IntDate.getNow();if(r.verifyAt!==undefined&&typeof r.verifyAt==="number"){b=r.verifyAt}if(r.gracePeriod===undefined||typeof r.gracePeriod!=="number"){r.gracePeriod=0}if(g.exp!==undefined&&typeof g.exp=="number"){if(g.exp+r.gracePeriodl){this.aHeader.pop()}if(this.aSignature.length>l){this.aSignature.pop()}throw"addSignature failed: "+i}};this.verifyAll=function(h){if(this.aHeader.length!==h.length||this.aSignature.length!==h.length){return false}for(var g=0;g0){this.aHeader=g.headers}else{throw"malformed header"}if(typeof g.payload==="string"){this.sPayload=g.payload}else{throw"malformed signatures"}if(g.signatures.length>0){this.aSignature=g.signatures}else{throw"malformed signatures"}}catch(e){throw"malformed JWS-JS JSON object: "+e}}};this.getJSON=function(){return{headers:this.aHeader,payload:this.sPayload,signatures:this.aSignature}};this.isEmpty=function(){if(this.aHeader.length==0){return 1}return 0}}; diff --git a/jsrsasign-jwths-min.js b/jsrsasign-jwths-min.js index d0c24405..e6da0a4f 100644 --- a/jsrsasign-jwths-min.js +++ b/jsrsasign-jwths-min.js @@ -1,5 +1,5 @@ /* - * jsrsasign(jwths) 10.5.13 (2022-03-18) (c) 2010-2021 Kenji Urushima | kjur.github.io/jsrsasign/license + * jsrsasign(jwths) 10.5.15 (2022-04-06) (c) 2010-2021 Kenji Urushima | kjur.github.io/jsrsasign/license */ /*! CryptoJS v3.1.2 core-fix.js diff --git a/jsrsasign-rsa-min.js b/jsrsasign-rsa-min.js index 7033a155..fb58672a 100644 --- a/jsrsasign-rsa-min.js +++ b/jsrsasign-rsa-min.js @@ -1,5 +1,5 @@ /* - * jsrsasign(rsa) 10.5.13 (2022-03-18) (c) 2010-2021 Kenji Urushima | kjur.github.io/jsrsasign/license + * jsrsasign(rsa) 10.5.15 (2022-04-06) (c) 2010-2021 Kenji Urushima | kjur.github.io/jsrsasign/license */ /*! CryptoJS v3.1.2 core-fix.js diff --git a/min/x509-1.1.min.js b/min/x509-1.1.min.js index 21853512..c1388d44 100644 --- a/min/x509-1.1.min.js +++ b/min/x509-1.1.min.js @@ -1 +1 @@ -function X509(u){var n=ASN1HEX,r=n.getChildIdx,k=n.getV,x=n.dump,j=n.parse,b=n.getTLV,c=n.getVbyList,o=n.getVbyListEx,a=n.getTLVbyList,p=n.getTLVbyListEx,l=n.getIdxbyList,f=n.getIdxbyListEx,m=n.getVidx,w=n.getInt,t=n.oidname,q=n.hextooidstr,d=X509,v=pemtohex,g;try{g=KJUR.asn1.x509.AlgorithmIdentifier.PSSNAME2ASN1TLV}catch(s){}this.HEX2STAG={"0c":"utf8","13":"prn","16":"ia5","1a":"vis","1e":"bmp"};this.hex=null;this.version=0;this.foffset=0;this.aExtInfo=null;this.getVersion=function(){if(this.hex===null||this.version!==0){return this.version}var z=a(this.hex,0,[0,0]);if(z.substr(0,2)=="a0"){var A=a(z,0,[0]);var y=w(A,0);if(y<0||21){var F=b(B,A[1]);var z=this.getGeneralName(F);if(z.uri!=undefined){y.uri=z.uri}}if(A.length>2){var C=b(B,A[2]);if(C=="0101ff"){y.reqauth=true}if(C=="010100"){y.reqauth=false}}return y};var e=function(D){var y={};try{var A=D.seq[0].oid;var C=KJUR.asn1.x509.OID.name2oid(A);y.type=KJUR.asn1.x509.OID.oid2atype(C);var z=D.seq[1];if(z.utf8str!=undefined){y.ds="utf8";y.value=z.utf8str.str}else{if(z.numstr!=undefined){y.ds="num";y.value=z.numstr.str}else{if(z.telstr!=undefined){y.ds="tel";y.value=z.telstr.str}else{if(z.prnstr!=undefined){y.ds="prn";y.value=z.prnstr.str}else{if(z.ia5str!=undefined){y.ds="ia5";y.value=z.ia5str.str}else{if(z.visstr!=undefined){y.ds="vis";y.value=z.visstr.str}else{if(z.bmpstr!=undefined){y.ds="bmp";y.value=z.bmpstr.str}else{throw"error"}}}}}}}return y}catch(B){throw new Erorr("improper ASN.1 parsed AttrTypeAndValue")}};var i=function(z){try{return z.set.map(function(A){return e(A)})}catch(y){throw new Error("improper ASN.1 parsed RDN: "+y)}};var h=function(z){try{return z.seq.map(function(A){return i(A)})}catch(y){throw new Error("improper ASN.1 parsed X500Name: "+y)}};this.getX500NameRule=function(y){var F=true;var J=true;var I=false;var z="";var C="";var L=null;var G=[];for(var B=0;B0){y.ext=this.getExtParamArray()}y.sighex=this.getSignatureValueHex();return y};this.getExtParamArray=function(z){if(z==undefined){var B=f(this.hex,0,[0,"[3]"]);if(B!=-1){z=p(this.hex,0,[0,"[3]",0],"30")}}var y=[];var A=r(z,0);for(var C=0;C1){var F=b(B,A[1]);var z=this.getGeneralName(F);if(z.uri!=undefined){y.uri=z.uri}}if(A.length>2){var C=b(B,A[2]);if(C=="0101ff"){y.reqauth=true}if(C=="010100"){y.reqauth=false}}return y};var e=function(D){var y={};try{var A=D.seq[0].oid;var C=KJUR.asn1.x509.OID.name2oid(A);y.type=KJUR.asn1.x509.OID.oid2atype(C);var z=D.seq[1];if(z.utf8str!=undefined){y.ds="utf8";y.value=z.utf8str.str}else{if(z.numstr!=undefined){y.ds="num";y.value=z.numstr.str}else{if(z.telstr!=undefined){y.ds="tel";y.value=z.telstr.str}else{if(z.prnstr!=undefined){y.ds="prn";y.value=z.prnstr.str}else{if(z.ia5str!=undefined){y.ds="ia5";y.value=z.ia5str.str}else{if(z.visstr!=undefined){y.ds="vis";y.value=z.visstr.str}else{if(z.bmpstr!=undefined){y.ds="bmp";y.value=z.bmpstr.str}else{throw"error"}}}}}}}return y}catch(B){throw new Erorr("improper ASN.1 parsed AttrTypeAndValue")}};var i=function(z){try{return z.set.map(function(A){return e(A)})}catch(y){throw new Error("improper ASN.1 parsed RDN: "+y)}};var h=function(z){try{return z.seq.map(function(A){return i(A)})}catch(y){throw new Error("improper ASN.1 parsed X500Name: "+y)}};this.getX500NameRule=function(y){var F=true;var J=true;var I=false;var z="";var C="";var L=null;var G=[];for(var B=0;B0){y.ext=this.getExtParamArray()}y.sighex=this.getSignatureValueHex();return y};this.getExtParamArray=function(z){if(z==undefined){var B=f(this.hex,0,[0,"[3]"]);if(B!=-1){z=p(this.hex,0,[0,"[3]",0],"30")}}var y=[];var A=r(z,0);for(var C=0;C=u*2){break}}var z={};z.keyhex=x.substr(0,i[q]["keylen"]*2);z.ivhex=x.substr(i[q]["keylen"]*2,i[q]["ivlen"]*2);return z};var b=function(p,v,r,w){var s=CryptoJS.enc.Base64.parse(p);var q=CryptoJS.enc.Hex.stringify(s);var u=i[v]["proc"];var t=u(q,r,w);return t};var h=function(p,s,q,u){var r=i[s]["eproc"];var t=r(p,q,u);return t};return{version:"1.0.0",parsePKCS5PEM:function(p){return n(p)},getKeyAndUnusedIvByPasscodeAndIvsalt:function(q,p,r){return j(q,p,r)},decryptKeyB64:function(p,r,q,s){return b(p,r,q,s)},getDecryptedKeyHex:function(y,x){var q=n(y);var t=q.type;var r=q.cipher;var p=q.ivsalt;var s=q.data;var w=j(r,x,p);var v=w.keyhex;var u=b(s,r,v,p);return u},getEncryptedPKCS5PEMFromPrvKeyHex:function(x,s,A,t,r){var p="";if(typeof t=="undefined"||t==null){t="AES-256-CBC"}if(typeof i[t]=="undefined"){throw new Error("KEYUTIL unsupported algorithm: "+t)}if(typeof r=="undefined"||r==null){var v=i[t]["ivlen"];var u=m(v);r=u.toUpperCase()}var z=j(t,A,r);var y=z.keyhex;var w=h(s,t,y,r);var q=w.replace(/(.{64})/g,"$1\r\n");var p="-----BEGIN "+x+" PRIVATE KEY-----\r\n";p+="Proc-Type: 4,ENCRYPTED\r\n";p+="DEK-Info: "+t+","+r+"\r\n";p+="\r\n";p+=q;p+="\r\n-----END "+x+" PRIVATE KEY-----\r\n";return p},parseHexOfEncryptedPKCS8:function(y){var B=ASN1HEX;var z=B.getChildIdx;var w=B.getV;var t={};var r=z(y,0);if(r.length!=2){throw new Error("malformed format: SEQUENCE(0).items != 2: "+r.length)}t.ciphertext=w(y,r[1]);var A=z(y,r[0]);if(A.length!=2){throw new Error("malformed format: SEQUENCE(0.0).items != 2: "+A.length)}if(w(y,A[0])!="2a864886f70d01050d"){throw new Error("this only supports pkcs5PBES2")}var p=z(y,A[1]);if(A.length!=2){throw new Error("malformed format: SEQUENCE(0.0.1).items != 2: "+p.length)}var q=z(y,p[1]);if(q.length!=2){throw new Error("malformed format: SEQUENCE(0.0.1.1).items != 2: "+q.length)}if(w(y,q[0])!="2a864886f70d0307"){throw"this only supports TripleDES"}t.encryptionSchemeAlg="TripleDES";t.encryptionSchemeIV=w(y,q[1]);var s=z(y,p[0]);if(s.length!=2){throw new Error("malformed format: SEQUENCE(0.0.1.0).items != 2: "+s.length)}if(w(y,s[0])!="2a864886f70d01050c"){throw new Error("this only supports pkcs5PBKDF2")}var x=z(y,s[1]);if(x.length<2){throw new Error("malformed format: SEQUENCE(0.0.1.0.1).items < 2: "+x.length)}t.pbkdf2Salt=w(y,x[0]);var u=w(y,x[1]);try{t.pbkdf2Iter=parseInt(u,16)}catch(v){throw new Error("malformed format pbkdf2Iter: "+u)}return t},getPBKDF2KeyHexFromParam:function(u,p){var t=CryptoJS.enc.Hex.parse(u.pbkdf2Salt);var q=u.pbkdf2Iter;var s=CryptoJS.PBKDF2(p,t,{keySize:192/32,iterations:q});var r=CryptoJS.enc.Hex.stringify(s);return r},_getPlainPKCS8HexFromEncryptedPKCS8PEM:function(x,y){var r=pemtohex(x,"ENCRYPTED PRIVATE KEY");var p=this.parseHexOfEncryptedPKCS8(r);var u=KEYUTIL.getPBKDF2KeyHexFromParam(p,y);var v={};v.ciphertext=CryptoJS.enc.Hex.parse(p.ciphertext);var t=CryptoJS.enc.Hex.parse(u);var s=CryptoJS.enc.Hex.parse(p.encryptionSchemeIV);var w=CryptoJS.TripleDES.decrypt(v,t,{iv:s});var q=CryptoJS.enc.Hex.stringify(w);return q},getKeyFromEncryptedPKCS8PEM:function(s,q){var p=this._getPlainPKCS8HexFromEncryptedPKCS8PEM(s,q);var r=this.getKeyFromPlainPrivatePKCS8Hex(p);return r},parsePlainPrivatePKCS8Hex:function(s){var v=ASN1HEX;var u=v.getChildIdx;var t=v.getV;var q={};q.algparam=null;if(s.substr(0,2)!="30"){throw new Error("malformed plain PKCS8 private key(code:001)")}var r=u(s,0);if(r.length<3){throw new Error("malformed plain PKCS8 private key(code:002)")}if(s.substr(r[1],2)!="30"){throw new Error("malformed PKCS8 private key(code:003)")}var p=u(s,r[1]);if(p.length!=2){throw new Error("malformed PKCS8 private key(code:004)")}if(s.substr(p[0],2)!="06"){throw new Error("malformed PKCS8 private key(code:005)")}q.algoid=t(s,p[0]);if(s.substr(p[1],2)=="06"){q.algparam=t(s,p[1])}if(s.substr(r[2],2)!="04"){throw new Error("malformed PKCS8 private key(code:006)")}q.keyidx=v.getVidx(s,r[2]);return q},getKeyFromPlainPrivatePKCS8PEM:function(q){var p=pemtohex(q,"PRIVATE KEY");var r=this.getKeyFromPlainPrivatePKCS8Hex(p);return r},getKeyFromPlainPrivatePKCS8Hex:function(p){var q=this.parsePlainPrivatePKCS8Hex(p);var r;if(q.algoid=="2a864886f70d010101"){r=new RSAKey()}else{if(q.algoid=="2a8648ce380401"){r=new KJUR.crypto.DSA()}else{if(q.algoid=="2a8648ce3d0201"){r=new KJUR.crypto.ECDSA()}else{throw new Error("unsupported private key algorithm")}}}r.readPKCS8PrvKeyHex(p);return r},_getKeyFromPublicPKCS8Hex:function(q){var p;var r=ASN1HEX.getVbyList(q,0,[0,0],"06");if(r==="2a864886f70d010101"){p=new RSAKey()}else{if(r==="2a8648ce380401"){p=new KJUR.crypto.DSA()}else{if(r==="2a8648ce3d0201"){p=new KJUR.crypto.ECDSA()}else{throw new Error("unsupported PKCS#8 public key hex")}}}p.readPKCS8PubKeyHex(q);return p},parsePublicRawRSAKeyHex:function(r){var u=ASN1HEX;var t=u.getChildIdx;var s=u.getV;var p={};if(r.substr(0,2)!="30"){throw new Error("malformed RSA key(code:001)")}var q=t(r,0);if(q.length!=2){throw new Error("malformed RSA key(code:002)")}if(r.substr(q[0],2)!="02"){throw new Error("malformed RSA key(code:003)")}p.n=s(r,q[0]);if(r.substr(q[1],2)!="02"){throw new Error("malformed RSA key(code:004)")}p.e=s(r,q[1]);return p},parsePublicPKCS8Hex:function(t){var v=ASN1HEX;var u=v.getChildIdx;var s=v.getV;var q={};q.algparam=null;var r=u(t,0);if(r.length!=2){throw new Error("outer DERSequence shall have 2 elements: "+r.length)}var w=r[0];if(t.substr(w,2)!="30"){throw new Error("malformed PKCS8 public key(code:001)")}var p=u(t,w);if(p.length!=2){throw new Error("malformed PKCS8 public key(code:002)")}if(t.substr(p[0],2)!="06"){throw new Error("malformed PKCS8 public key(code:003)")}q.algoid=s(t,p[0]);if(t.substr(p[1],2)=="06"){q.algparam=s(t,p[1])}else{if(t.substr(p[1],2)=="30"){q.algparam={};q.algparam.p=v.getVbyList(t,p[1],[0],"02");q.algparam.q=v.getVbyList(t,p[1],[1],"02");q.algparam.g=v.getVbyList(t,p[1],[2],"02")}}if(t.substr(r[1],2)!="03"){throw new Error("malformed PKCS8 public key(code:004)")}q.key=s(t,r[1]).substr(2);return q},}}();KEYUTIL.getKey=function(l,k,n){var G=ASN1HEX,L=G.getChildIdx,v=G.getV,d=G.getVbyList,c=KJUR.crypto,i=c.ECDSA,C=c.DSA,w=RSAKey,M=pemtohex,F=KEYUTIL;if(typeof w!="undefined"&&l instanceof w){return l}if(typeof i!="undefined"&&l instanceof i){return l}if(typeof C!="undefined"&&l instanceof C){return l}if(l.curve!==undefined&&l.xy!==undefined&&l.d===undefined){return new i({pub:l.xy,curve:l.curve})}if(l.curve!==undefined&&l.d!==undefined){return new i({prv:l.d,curve:l.curve})}if(l.kty===undefined&&l.n!==undefined&&l.e!==undefined&&l.d===undefined){var P=new w();P.setPublic(l.n,l.e);return P}if(l.kty===undefined&&l.n!==undefined&&l.e!==undefined&&l.d!==undefined&&l.p!==undefined&&l.q!==undefined&&l.dp!==undefined&&l.dq!==undefined&&l.co!==undefined&&l.qi===undefined){var P=new w();P.setPrivateEx(l.n,l.e,l.d,l.p,l.q,l.dp,l.dq,l.co);return P}if(l.kty===undefined&&l.n!==undefined&&l.e!==undefined&&l.d!==undefined&&l.p===undefined){var P=new w();P.setPrivate(l.n,l.e,l.d);return P}if(l.p!==undefined&&l.q!==undefined&&l.g!==undefined&&l.y!==undefined&&l.x===undefined){var P=new C();P.setPublic(l.p,l.q,l.g,l.y);return P}if(l.p!==undefined&&l.q!==undefined&&l.g!==undefined&&l.y!==undefined&&l.x!==undefined){var P=new C();P.setPrivate(l.p,l.q,l.g,l.y,l.x);return P}if(l.kty==="RSA"&&l.n!==undefined&&l.e!==undefined&&l.d===undefined){var P=new w();P.setPublic(b64utohex(l.n),b64utohex(l.e));return P}if(l.kty==="RSA"&&l.n!==undefined&&l.e!==undefined&&l.d!==undefined&&l.p!==undefined&&l.q!==undefined&&l.dp!==undefined&&l.dq!==undefined&&l.qi!==undefined){var P=new w();P.setPrivateEx(b64utohex(l.n),b64utohex(l.e),b64utohex(l.d),b64utohex(l.p),b64utohex(l.q),b64utohex(l.dp),b64utohex(l.dq),b64utohex(l.qi));return P}if(l.kty==="RSA"&&l.n!==undefined&&l.e!==undefined&&l.d!==undefined){var P=new w();P.setPrivate(b64utohex(l.n),b64utohex(l.e),b64utohex(l.d));return P}if(l.kty==="EC"&&l.crv!==undefined&&l.x!==undefined&&l.y!==undefined&&l.d===undefined){var j=new i({curve:l.crv});var t=j.ecparams.keycharlen;var B=("0000000000"+b64utohex(l.x)).slice(-t);var z=("0000000000"+b64utohex(l.y)).slice(-t);var u="04"+B+z;j.setPublicKeyHex(u);return j}if(l.kty==="EC"&&l.crv!==undefined&&l.x!==undefined&&l.y!==undefined&&l.d!==undefined){var j=new i({curve:l.crv});var t=j.ecparams.keycharlen;var B=("0000000000"+b64utohex(l.x)).slice(-t);var z=("0000000000"+b64utohex(l.y)).slice(-t);var u="04"+B+z;var b=("0000000000"+b64utohex(l.d)).slice(-t);j.setPublicKeyHex(u);j.setPrivateKeyHex(b);return j}if(n==="pkcs5prv"){var J=l,G=ASN1HEX,N,P;N=L(J,0);if(N.length===9){P=new w();P.readPKCS5PrvKeyHex(J)}else{if(N.length===6){P=new C();P.readPKCS5PrvKeyHex(J)}else{if(N.length>2&&J.substr(N[1],2)==="04"){P=new i();P.readPKCS5PrvKeyHex(J)}else{throw new Error("unsupported PKCS#1/5 hexadecimal key")}}}return P}if(n==="pkcs8prv"){var P=F.getKeyFromPlainPrivatePKCS8Hex(l);return P}if(n==="pkcs8pub"){return F._getKeyFromPublicPKCS8Hex(l)}if(n==="x509pub"){return X509.getPublicKeyFromCertHex(l)}if(l.indexOf("-END CERTIFICATE-",0)!=-1||l.indexOf("-END X509 CERTIFICATE-",0)!=-1||l.indexOf("-END TRUSTED CERTIFICATE-",0)!=-1){return X509.getPublicKeyFromCertPEM(l)}if(l.indexOf("-END PUBLIC KEY-")!=-1){var O=pemtohex(l,"PUBLIC KEY");return F._getKeyFromPublicPKCS8Hex(O)}if(l.indexOf("-END RSA PRIVATE KEY-")!=-1&&l.indexOf("4,ENCRYPTED")==-1){var m=M(l,"RSA PRIVATE KEY");return F.getKey(m,null,"pkcs5prv")}if(l.indexOf("-END DSA PRIVATE KEY-")!=-1&&l.indexOf("4,ENCRYPTED")==-1){var I=M(l,"DSA PRIVATE KEY");var E=d(I,0,[1],"02");var D=d(I,0,[2],"02");var K=d(I,0,[3],"02");var r=d(I,0,[4],"02");var s=d(I,0,[5],"02");var P=new C();P.setPrivate(new BigInteger(E,16),new BigInteger(D,16),new BigInteger(K,16),new BigInteger(r,16),new BigInteger(s,16));return P}if(l.indexOf("-END EC PRIVATE KEY-")!=-1&&l.indexOf("4,ENCRYPTED")==-1){var m=M(l,"EC PRIVATE KEY");return F.getKey(m,null,"pkcs5prv")}if(l.indexOf("-END PRIVATE KEY-")!=-1){return F.getKeyFromPlainPrivatePKCS8PEM(l)}if(l.indexOf("-END RSA PRIVATE KEY-")!=-1&&l.indexOf("4,ENCRYPTED")!=-1){var o=F.getDecryptedKeyHex(l,k);var H=new RSAKey();H.readPKCS5PrvKeyHex(o);return H}if(l.indexOf("-END EC PRIVATE KEY-")!=-1&&l.indexOf("4,ENCRYPTED")!=-1){var I=F.getDecryptedKeyHex(l,k);var P=d(I,0,[1],"04");var f=d(I,0,[2,0],"06");var A=d(I,0,[3,0],"03").substr(2);var e="";if(KJUR.crypto.OID.oidhex2name[f]!==undefined){e=KJUR.crypto.OID.oidhex2name[f]}else{throw new Error("undefined OID(hex) in KJUR.crypto.OID: "+f)}var j=new i({curve:e});j.setPublicKeyHex(A);j.setPrivateKeyHex(P);j.isPublic=false;return j}if(l.indexOf("-END DSA PRIVATE KEY-")!=-1&&l.indexOf("4,ENCRYPTED")!=-1){var I=F.getDecryptedKeyHex(l,k);var E=d(I,0,[1],"02");var D=d(I,0,[2],"02");var K=d(I,0,[3],"02");var r=d(I,0,[4],"02");var s=d(I,0,[5],"02");var P=new C();P.setPrivate(new BigInteger(E,16),new BigInteger(D,16),new BigInteger(K,16),new BigInteger(r,16),new BigInteger(s,16));return P}if(l.indexOf("-END ENCRYPTED PRIVATE KEY-")!=-1){return F.getKeyFromEncryptedPKCS8PEM(l,k)}throw new Error("not supported argument")};KEYUTIL.generateKeypair=function(a,c){if(a=="RSA"){var b=c;var h=new RSAKey();h.generate(b,"10001");h.isPrivate=true;h.isPublic=true;var f=new RSAKey();var e=h.n.toString(16);var i=h.e.toString(16);f.setPublic(e,i);f.isPrivate=false;f.isPublic=true;var k={};k.prvKeyObj=h;k.pubKeyObj=f;return k}else{if(a=="EC"){var d=c;var g=new KJUR.crypto.ECDSA({curve:d});var j=g.generateKeyPairHex();var h=new KJUR.crypto.ECDSA({curve:d});h.setPublicKeyHex(j.ecpubhex);h.setPrivateKeyHex(j.ecprvhex);h.isPrivate=true;h.isPublic=false;var f=new KJUR.crypto.ECDSA({curve:d});f.setPublicKeyHex(j.ecpubhex);f.isPrivate=false;f.isPublic=true;var k={};k.prvKeyObj=h;k.pubKeyObj=f;return k}else{throw new Error("unknown algorithm: "+a)}}};KEYUTIL.getPEM=function(b,D,y,m,q,j){var F=KJUR,k=F.asn1,z=k.DERObjectIdentifier,f=k.DERInteger,l=k.ASN1Util.newObject,a=k.x509,C=a.SubjectPublicKeyInfo,e=F.crypto,u=e.DSA,r=e.ECDSA,n=RSAKey;function A(s){var H=l({seq:[{"int":0},{"int":{bigint:s.n}},{"int":s.e},{"int":{bigint:s.d}},{"int":{bigint:s.p}},{"int":{bigint:s.q}},{"int":{bigint:s.dmp1}},{"int":{bigint:s.dmq1}},{"int":{bigint:s.coeff}}]});return H}function B(H){var s=l({seq:[{"int":1},{octstr:{hex:H.prvKeyHex}},{tag:["a0",true,{oid:{name:H.curveName}}]},{tag:["a1",true,{bitstr:{hex:"00"+H.pubKeyHex}}]}]});return s}function x(s){var H=l({seq:[{"int":0},{"int":{bigint:s.p}},{"int":{bigint:s.q}},{"int":{bigint:s.g}},{"int":{bigint:s.y}},{"int":{bigint:s.x}}]});return H}if(((n!==undefined&&b instanceof n)||(u!==undefined&&b instanceof u)||(r!==undefined&&b instanceof r))&&b.isPublic==true&&(D===undefined||D=="PKCS8PUB")){var E=new C(b);var w=E.getEncodedHex();return hextopem(w,"PUBLIC KEY")}if(D=="PKCS1PRV"&&n!==undefined&&b instanceof n&&(y===undefined||y==null)&&b.isPrivate==true){var E=A(b);var w=E.getEncodedHex();return hextopem(w,"RSA PRIVATE KEY")}if(D=="PKCS1PRV"&&r!==undefined&&b instanceof r&&(y===undefined||y==null)&&b.isPrivate==true){var i=new z({name:b.curveName});var v=i.getEncodedHex();var h=B(b);var t=h.getEncodedHex();var p="";p+=hextopem(v,"EC PARAMETERS");p+=hextopem(t,"EC PRIVATE KEY");return p}if(D=="PKCS1PRV"&&u!==undefined&&b instanceof u&&(y===undefined||y==null)&&b.isPrivate==true){var E=x(b);var w=E.getEncodedHex();return hextopem(w,"DSA PRIVATE KEY")}if(D=="PKCS5PRV"&&n!==undefined&&b instanceof n&&(y!==undefined&&y!=null)&&b.isPrivate==true){var E=A(b);var w=E.getEncodedHex();if(m===undefined){m="DES-EDE3-CBC"}return this.getEncryptedPKCS5PEMFromPrvKeyHex("RSA",w,y,m,j)}if(D=="PKCS5PRV"&&r!==undefined&&b instanceof r&&(y!==undefined&&y!=null)&&b.isPrivate==true){var E=B(b);var w=E.getEncodedHex();if(m===undefined){m="DES-EDE3-CBC"}return this.getEncryptedPKCS5PEMFromPrvKeyHex("EC",w,y,m,j)}if(D=="PKCS5PRV"&&u!==undefined&&b instanceof u&&(y!==undefined&&y!=null)&&b.isPrivate==true){var E=x(b);var w=E.getEncodedHex();if(m===undefined){m="DES-EDE3-CBC"}return this.getEncryptedPKCS5PEMFromPrvKeyHex("DSA",w,y,m,j)}var o=function(H,s){var J=c(H,s);var I=new l({seq:[{seq:[{oid:{name:"pkcs5PBES2"}},{seq:[{seq:[{oid:{name:"pkcs5PBKDF2"}},{seq:[{octstr:{hex:J.pbkdf2Salt}},{"int":J.pbkdf2Iter}]}]},{seq:[{oid:{name:"des-EDE3-CBC"}},{octstr:{hex:J.encryptionSchemeIV}}]}]}]},{octstr:{hex:J.ciphertext}}]});return I.getEncodedHex()};var c=function(O,P){var I=100;var N=CryptoJS.lib.WordArray.random(8);var M="DES-EDE3-CBC";var s=CryptoJS.lib.WordArray.random(8);var J=CryptoJS.PBKDF2(P,N,{keySize:192/32,iterations:I});var K=CryptoJS.enc.Hex.parse(O);var L=CryptoJS.TripleDES.encrypt(K,J,{iv:s})+"";var H={};H.ciphertext=L;H.pbkdf2Salt=CryptoJS.enc.Hex.stringify(N);H.pbkdf2Iter=I;H.encryptionSchemeAlg=M;H.encryptionSchemeIV=CryptoJS.enc.Hex.stringify(s);return H};if(D=="PKCS8PRV"&&n!=undefined&&b instanceof n&&b.isPrivate==true){var g=A(b);var d=g.getEncodedHex();var E=l({seq:[{"int":0},{seq:[{oid:{name:"rsaEncryption"}},{"null":true}]},{octstr:{hex:d}}]});var w=E.getEncodedHex();if(y===undefined||y==null){return hextopem(w,"PRIVATE KEY")}else{var t=o(w,y);return hextopem(t,"ENCRYPTED PRIVATE KEY")}}if(D=="PKCS8PRV"&&r!==undefined&&b instanceof r&&b.isPrivate==true){var G={seq:[{"int":1},{octstr:{hex:b.prvKeyHex}}]};if(typeof b.pubKeyHex=="string"){G.seq.push({tag:["a1",true,{bitstr:{hex:"00"+b.pubKeyHex}}]})}var g=new l(G);var d=g.getEncodedHex();var E=l({seq:[{"int":0},{seq:[{oid:{name:"ecPublicKey"}},{oid:{name:b.curveName}}]},{octstr:{hex:d}}]});var w=E.getEncodedHex();if(y===undefined||y==null){return hextopem(w,"PRIVATE KEY")}else{var t=o(w,y);return hextopem(t,"ENCRYPTED PRIVATE KEY")}}if(D=="PKCS8PRV"&&u!==undefined&&b instanceof u&&b.isPrivate==true){var g=new f({bigint:b.x});var d=g.getEncodedHex();var E=l({seq:[{"int":0},{seq:[{oid:{name:"dsa"}},{seq:[{"int":{bigint:b.p}},{"int":{bigint:b.q}},{"int":{bigint:b.g}}]}]},{octstr:{hex:d}}]});var w=E.getEncodedHex();if(y===undefined||y==null){return hextopem(w,"PRIVATE KEY")}else{var t=o(w,y);return hextopem(t,"ENCRYPTED PRIVATE KEY")}}throw new Error("unsupported object nor format")};KEYUTIL.getKeyFromCSRPEM=function(b){var a=pemtohex(b,"CERTIFICATE REQUEST");var c=KEYUTIL.getKeyFromCSRHex(a);return c};KEYUTIL.getKeyFromCSRHex=function(a){var c=KEYUTIL.parseCSRHex(a);var b=KEYUTIL.getKey(c.p8pubkeyhex,null,"pkcs8pub");return b};KEYUTIL.parseCSRHex=function(d){var i=ASN1HEX;var f=i.getChildIdx;var c=i.getTLV;var b={};var g=d;if(g.substr(0,2)!="30"){throw new Error("malformed CSR(code:001)")}var e=f(g,0);if(e.length<1){throw new Error("malformed CSR(code:002)")}if(g.substr(e[0],2)!="30"){throw new Error("malformed CSR(code:003)")}var a=f(g,e[0]);if(a.length<3){throw new Error("malformed CSR(code:004)")}b.p8pubkeyhex=c(g,a[2]);return b};KEYUTIL.getKeyID=function(f){var c=KEYUTIL;var e=ASN1HEX;if(typeof f==="string"&&f.indexOf("BEGIN ")!=-1){f=c.getKey(f)}var d=pemtohex(c.getPEM(f));var b=e.getIdxbyList(d,0,[1]);var a=e.getV(d,b).substring(2);return KJUR.crypto.Util.hashHex(a,"sha1")};KEYUTIL.getJWK=function(d,h,g,b,f){var i;var k={};var e;var c=KJUR.crypto.Util.hashHex;if(typeof d=="string"){i=KEYUTIL.getKey(d);if(d.indexOf("CERTIFICATE")!=-1){e=pemtohex(d)}}else{if(typeof d=="object"){if(d instanceof X509){i=d.getPublicKey();e=d.hex}else{i=d}}else{throw new Error("unsupported keyinfo type")}}if(i instanceof RSAKey&&i.isPrivate){k.kty="RSA";k.n=hextob64u(i.n.toString(16));k.e=hextob64u(i.e.toString(16));k.d=hextob64u(i.d.toString(16));k.p=hextob64u(i.p.toString(16));k.q=hextob64u(i.q.toString(16));k.dp=hextob64u(i.dmp1.toString(16));k.dq=hextob64u(i.dmq1.toString(16));k.qi=hextob64u(i.coeff.toString(16))}else{if(i instanceof RSAKey&&i.isPublic){k.kty="RSA";k.n=hextob64u(i.n.toString(16));k.e=hextob64u(i.e.toString(16))}else{if(i instanceof KJUR.crypto.ECDSA&&i.isPrivate){var a=i.getShortNISTPCurveName();if(a!=="P-256"&&a!=="P-384"&&a!=="P-521"){throw new Error("unsupported curve name for JWT: "+a)}var j=i.getPublicKeyXYHex();k.kty="EC";k.crv=a;k.x=hextob64u(j.x);k.y=hextob64u(j.y);k.d=hextob64u(i.prvKeyHex)}else{if(i instanceof KJUR.crypto.ECDSA&&i.isPublic){var a=i.getShortNISTPCurveName();if(a!=="P-256"&&a!=="P-384"&&a!=="P-521"){throw new Error("unsupported curve name for JWT: "+a)}var j=i.getPublicKeyXYHex();k.kty="EC";k.crv=a;k.x=hextob64u(j.x);k.y=hextob64u(j.y)}}}}if(k.kty==undefined){throw new Error("unsupported keyinfo")}if((!i.isPrivate)&&h!=true){k.kid=KJUR.jws.JWS.getJWKthumbprint(k)}if(e!=undefined&&g!=true){k.x5c=[hex2b64(e)]}if(e!=undefined&&b!=true){k.x5t=b64tob64u(hex2b64(c(e,"sha1")))}if(e!=undefined&&f!=true){k["x5t#S256"]=b64tob64u(hex2b64(c(e,"sha256")))}return k};KEYUTIL.getJWKFromKey=function(a){return KEYUTIL.getJWK(a,true,true,true,true)}; RSAKey.getPosArrayOfChildrenFromHex=function(a){return ASN1HEX.getChildIdx(a,0)};RSAKey.getHexValueArrayOfChildrenFromHex=function(f){var n=ASN1HEX;var i=n.getV;var k=RSAKey.getPosArrayOfChildrenFromHex(f);var e=i(f,k[0]);var j=i(f,k[1]);var b=i(f,k[2]);var c=i(f,k[3]);var h=i(f,k[4]);var g=i(f,k[5]);var m=i(f,k[6]);var l=i(f,k[7]);var d=i(f,k[8]);var k=new Array();k.push(e,j,b,c,h,g,m,l,d);return k};RSAKey.prototype.readPrivateKeyFromPEMString=function(d){var c=pemtohex(d);var b=RSAKey.getHexValueArrayOfChildrenFromHex(c);this.setPrivateEx(b[1],b[2],b[3],b[4],b[5],b[6],b[7],b[8])};RSAKey.prototype.readPKCS5PrvKeyHex=function(c){var b=RSAKey.getHexValueArrayOfChildrenFromHex(c);this.setPrivateEx(b[1],b[2],b[3],b[4],b[5],b[6],b[7],b[8])};RSAKey.prototype.readPKCS8PrvKeyHex=function(e){var c,i,k,b,a,f,d,j;var m=ASN1HEX;var l=m.getVbyListEx;if(m.isASN1HEX(e)===false){throw new Error("not ASN.1 hex string")}try{c=l(e,0,[2,0,1],"02");i=l(e,0,[2,0,2],"02");k=l(e,0,[2,0,3],"02");b=l(e,0,[2,0,4],"02");a=l(e,0,[2,0,5],"02");f=l(e,0,[2,0,6],"02");d=l(e,0,[2,0,7],"02");j=l(e,0,[2,0,8],"02")}catch(g){throw new Error("malformed PKCS#8 plain RSA private key")}this.setPrivateEx(c,i,k,b,a,f,d,j)};RSAKey.prototype.readPKCS5PubKeyHex=function(c){var e=ASN1HEX;var b=e.getV;if(e.isASN1HEX(c)===false){throw new Error("keyHex is not ASN.1 hex string")}var a=e.getChildIdx(c,0);if(a.length!==2||c.substr(a[0],2)!=="02"||c.substr(a[1],2)!=="02"){throw new Error("wrong hex for PKCS#5 public key")}var f=b(c,a[0]);var d=b(c,a[1]);this.setPublic(f,d)};RSAKey.prototype.readPKCS8PubKeyHex=function(b){var c=ASN1HEX;if(c.isASN1HEX(b)===false){throw new Error("not ASN.1 hex string")}if(c.getTLVbyListEx(b,0,[0,0])!=="06092a864886f70d010101"){throw new Error("not PKCS8 RSA public key")}var a=c.getTLVbyListEx(b,0,[1,0]);this.readPKCS5PubKeyHex(a)};RSAKey.prototype.readCertPubKeyHex=function(b,d){var a,c;a=new X509();a.readCertHex(b);c=a.getPublicKeyHex();this.readPKCS8PubKeyHex(c)}; var _RE_HEXDECONLY=new RegExp("[^0-9a-f]","gi");function _rsasign_getHexPaddedDigestInfoForString(d,e,a){var b=function(f){return KJUR.crypto.Util.hashString(f,a)};var c=b(d);return KJUR.crypto.Util.getPaddedDigestInfoHex(c,a,e)}function _zeroPaddingOfSignature(e,d){var c="";var a=d/4-e.length;for(var b=0;b>24,(d&16711680)>>16,(d&65280)>>8,d&255]))));d+=1}return b}RSAKey.prototype.signPSS=function(e,a,d){var c=function(f){return KJUR.crypto.Util.hashHex(f,a)};var b=c(rstrtohex(e));if(d===undefined){d=-1}return this.signWithMessageHashPSS(b,a,d)};RSAKey.prototype.signWithMessageHashPSS=function(l,a,k){var b=hextorstr(l);var g=b.length;var m=this.n.bitLength()-1;var c=Math.ceil(m/8);var d;var o=function(i){return KJUR.crypto.Util.hashHex(i,a)};if(k===-1||k===undefined){k=g}else{if(k===-2){k=c-g-2}else{if(k<-2){throw new Error("invalid salt length")}}}if(c<(g+k+2)){throw new Error("data too long")}var f="";if(k>0){f=new Array(k);new SecureRandom().nextBytes(f);f=String.fromCharCode.apply(String,f)}var n=hextorstr(o(rstrtohex("\x00\x00\x00\x00\x00\x00\x00\x00"+b+f)));var j=[];for(d=0;d>(8*c-m))&255;q[0]&=~p;for(d=0;dk){return false}var j=this.doPublic(b);var i=j.toString(16);if(i.length+3!=k/4){return false}var e=i.replace(/^1f+00/,"");var g=_rsasign_getAlgNameAndHashFromHexDisgestInfo(e);if(g.length==0){return false}var d=g[0];var h=g[1];var a=function(m){return KJUR.crypto.Util.hashString(m,d)};var c=a(f);return(h==c)};RSAKey.prototype.verifyWithMessageHash=function(e,a){if(a.length!=Math.ceil(this.n.bitLength()/4)){return false}var b=parseBigInt(a,16);if(b.bitLength()>this.n.bitLength()){return 0}var h=this.doPublic(b);var g=h.toString(16).replace(/^1f+00/,"");var c=_rsasign_getAlgNameAndHashFromHexDisgestInfo(g);if(c.length==0){return false}var d=c[0];var f=c[1];return(f==e)};RSAKey.prototype.verifyPSS=function(c,b,a,f){var e=function(g){return KJUR.crypto.Util.hashHex(g,a)};var d=e(rstrtohex(c));if(f===undefined){f=-1}return this.verifyWithMessageHashPSS(d,b,a,f)};RSAKey.prototype.verifyWithMessageHashPSS=function(f,s,l,c){if(s.length!=Math.ceil(this.n.bitLength()/4)){return false}var k=new BigInteger(s,16);var r=function(i){return KJUR.crypto.Util.hashHex(i,l)};var j=hextorstr(f);var h=j.length;var g=this.n.bitLength()-1;var m=Math.ceil(g/8);var q;if(c===-1||c===undefined){c=h}else{if(c===-2){c=m-h-2}else{if(c<-2){throw new Error("invalid salt length")}}}if(m<(h+c+2)){throw new Error("data too long")}var a=this.doPublic(k).toByteArray();for(q=0;q>(8*m-g))&255;if((d.charCodeAt(0)&p)!==0){throw new Error("bits beyond keysize not zero")}var n=pss_mgf1_str(e,d.length,r);var o=[];for(q=0;q1){var F=b(B,A[1]);var z=this.getGeneralName(F);if(z.uri!=undefined){y.uri=z.uri}}if(A.length>2){var C=b(B,A[2]);if(C=="0101ff"){y.reqauth=true}if(C=="010100"){y.reqauth=false}}return y};var e=function(D){var y={};try{var A=D.seq[0].oid;var C=KJUR.asn1.x509.OID.name2oid(A);y.type=KJUR.asn1.x509.OID.oid2atype(C);var z=D.seq[1];if(z.utf8str!=undefined){y.ds="utf8";y.value=z.utf8str.str}else{if(z.numstr!=undefined){y.ds="num";y.value=z.numstr.str}else{if(z.telstr!=undefined){y.ds="tel";y.value=z.telstr.str}else{if(z.prnstr!=undefined){y.ds="prn";y.value=z.prnstr.str}else{if(z.ia5str!=undefined){y.ds="ia5";y.value=z.ia5str.str}else{if(z.visstr!=undefined){y.ds="vis";y.value=z.visstr.str}else{if(z.bmpstr!=undefined){y.ds="bmp";y.value=z.bmpstr.str}else{throw"error"}}}}}}}return y}catch(B){throw new Erorr("improper ASN.1 parsed AttrTypeAndValue")}};var i=function(z){try{return z.set.map(function(A){return e(A)})}catch(y){throw new Error("improper ASN.1 parsed RDN: "+y)}};var h=function(z){try{return z.seq.map(function(A){return i(A)})}catch(y){throw new Error("improper ASN.1 parsed X500Name: "+y)}};this.getX500NameRule=function(y){var F=true;var J=true;var I=false;var z="";var C="";var L=null;var G=[];for(var B=0;B0){y.ext=this.getExtParamArray()}y.sighex=this.getSignatureValueHex();return y};this.getExtParamArray=function(z){if(z==undefined){var B=f(this.hex,0,[0,"[3]"]);if(B!=-1){z=p(this.hex,0,[0,"[3]",0],"30")}}var y=[];var A=r(z,0);for(var C=0;C1){var F=b(B,A[1]);var z=this.getGeneralName(F);if(z.uri!=undefined){y.uri=z.uri}}if(A.length>2){var C=b(B,A[2]);if(C=="0101ff"){y.reqauth=true}if(C=="010100"){y.reqauth=false}}return y};var e=function(D){var y={};try{var A=D.seq[0].oid;var C=KJUR.asn1.x509.OID.name2oid(A);y.type=KJUR.asn1.x509.OID.oid2atype(C);var z=D.seq[1];if(z.utf8str!=undefined){y.ds="utf8";y.value=z.utf8str.str}else{if(z.numstr!=undefined){y.ds="num";y.value=z.numstr.str}else{if(z.telstr!=undefined){y.ds="tel";y.value=z.telstr.str}else{if(z.prnstr!=undefined){y.ds="prn";y.value=z.prnstr.str}else{if(z.ia5str!=undefined){y.ds="ia5";y.value=z.ia5str.str}else{if(z.visstr!=undefined){y.ds="vis";y.value=z.visstr.str}else{if(z.bmpstr!=undefined){y.ds="bmp";y.value=z.bmpstr.str}else{throw"error"}}}}}}}return y}catch(B){throw new Erorr("improper ASN.1 parsed AttrTypeAndValue")}};var i=function(z){try{return z.set.map(function(A){return e(A)})}catch(y){throw new Error("improper ASN.1 parsed RDN: "+y)}};var h=function(z){try{return z.seq.map(function(A){return i(A)})}catch(y){throw new Error("improper ASN.1 parsed X500Name: "+y)}};this.getX500NameRule=function(y){var F=true;var J=true;var I=false;var z="";var C="";var L=null;var G=[];for(var B=0;B0){y.ext=this.getExtParamArray()}y.sighex=this.getSignatureValueHex();return y};this.getExtParamArray=function(z){if(z==undefined){var B=f(this.hex,0,[0,"[3]"]);if(B!=-1){z=p(this.hex,0,[0,"[3]",0],"30")}}var y=[];var A=r(z,0);for(var C=0;C0){var b=":"+n.join(":")+":";if(b.indexOf(":"+k+":")==-1){throw"algorithm '"+k+"' not accepted in the list"}}if(k!="none"&&B===null){throw"key shall be specified to verify."}if(typeof B=="string"&&B.indexOf("-----BEGIN ")!=-1){B=KEYUTIL.getKey(B)}if(z=="RS"||z=="PS"){if(!(B instanceof m)){throw"key shall be a RSAKey obj for RS* and PS* algs"}}if(z=="ES"){if(!(B instanceof p)){throw"key shall be a ECDSA obj for ES* algs"}}if(k=="none"){}var u=null;if(t.jwsalg2sigalg[l.alg]===undefined){throw"unsupported alg name: "+k}else{u=t.jwsalg2sigalg[k]}if(u=="none"){throw"not supported"}else{if(u.substr(0,4)=="Hmac"){var o=null;if(B===undefined){throw"hexadecimal key shall be specified for HMAC"}var j=new s({alg:u,pass:B});j.updateString(c);o=j.doFinal();return A==o}else{if(u.indexOf("withECDSA")!=-1){var h=null;try{h=p.concatSigToASN1Sig(A)}catch(v){return false}var g=new d({alg:u});g.init(B);g.updateString(c);return g.verify(h)}else{var g=new d({alg:u});g.init(B);g.updateString(c);return g.verify(A)}}}};KJUR.jws.JWS.parse=function(g){var c=g.split(".");var b={};var f,e,d;if(c.length!=2&&c.length!=3){throw"malformed sJWS: wrong number of '.' splitted elements"}f=c[0];e=c[1];if(c.length==3){d=c[2]}b.headerObj=KJUR.jws.JWS.readSafeJSONString(b64utoutf8(f));b.payloadObj=KJUR.jws.JWS.readSafeJSONString(b64utoutf8(e));b.headerPP=JSON.stringify(b.headerObj,null," ");if(b.payloadObj==null){b.payloadPP=b64utoutf8(e)}else{b.payloadPP=JSON.stringify(b.payloadObj,null," ")}if(d!==undefined){b.sigHex=b64utohex(d)}return b};KJUR.jws.JWS.verifyJWT=function(e,l,r){var d=KJUR,j=d.jws,o=j.JWS,n=o.readSafeJSONString,p=o.inArray,f=o.includedArray;var k=e.split(".");var c=k[0];var i=k[1];var q=c+"."+i;var m=b64utohex(k[2]);var h=n(b64utoutf8(c));var g=n(b64utoutf8(i));if(h.alg===undefined){return false}if(r.alg===undefined){throw"acceptField.alg shall be specified"}if(!p(h.alg,r.alg)){return false}if(g.iss!==undefined&&typeof r.iss==="object"){if(!p(g.iss,r.iss)){return false}}if(g.sub!==undefined&&typeof r.sub==="object"){if(!p(g.sub,r.sub)){return false}}if(g.aud!==undefined&&typeof r.aud==="object"){if(typeof g.aud=="string"){if(!p(g.aud,r.aud)){return false}}else{if(typeof g.aud=="object"){if(!f(g.aud,r.aud)){return false}}}}var b=j.IntDate.getNow();if(r.verifyAt!==undefined&&typeof r.verifyAt==="number"){b=r.verifyAt}if(r.gracePeriod===undefined||typeof r.gracePeriod!=="number"){r.gracePeriod=0}if(g.exp!==undefined&&typeof g.exp=="number"){if(g.exp+r.gracePeriodl){this.aHeader.pop()}if(this.aSignature.length>l){this.aSignature.pop()}throw"addSignature failed: "+i}};this.verifyAll=function(h){if(this.aHeader.length!==h.length||this.aSignature.length!==h.length){return false}for(var g=0;g0){this.aHeader=g.headers}else{throw"malformed header"}if(typeof g.payload==="string"){this.sPayload=g.payload}else{throw"malformed signatures"}if(g.signatures.length>0){this.aSignature=g.signatures}else{throw"malformed signatures"}}catch(e){throw"malformed JWS-JS JSON object: "+e}}};this.getJSON=function(){return{headers:this.aHeader,payload:this.sPayload,signatures:this.aSignature}};this.isEmpty=function(){if(this.aHeader.length==0){return 1}return 0}}; diff --git a/npm/lib/jsrsasign-jwths-min.js b/npm/lib/jsrsasign-jwths-min.js index d0c24405..e6da0a4f 100644 --- a/npm/lib/jsrsasign-jwths-min.js +++ b/npm/lib/jsrsasign-jwths-min.js @@ -1,5 +1,5 @@ /* - * jsrsasign(jwths) 10.5.13 (2022-03-18) (c) 2010-2021 Kenji Urushima | kjur.github.io/jsrsasign/license + * jsrsasign(jwths) 10.5.15 (2022-04-06) (c) 2010-2021 Kenji Urushima | kjur.github.io/jsrsasign/license */ /*! CryptoJS v3.1.2 core-fix.js diff --git a/npm/lib/jsrsasign-rsa-min.js b/npm/lib/jsrsasign-rsa-min.js index 7033a155..fb58672a 100644 --- a/npm/lib/jsrsasign-rsa-min.js +++ b/npm/lib/jsrsasign-rsa-min.js @@ -1,5 +1,5 @@ /* - * jsrsasign(rsa) 10.5.13 (2022-03-18) (c) 2010-2021 Kenji Urushima | kjur.github.io/jsrsasign/license + * jsrsasign(rsa) 10.5.15 (2022-04-06) (c) 2010-2021 Kenji Urushima | kjur.github.io/jsrsasign/license */ /*! CryptoJS v3.1.2 core-fix.js diff --git a/npm/lib/jsrsasign.js b/npm/lib/jsrsasign.js index e2dc1b13..67a9f964 100755 --- a/npm/lib/jsrsasign.js +++ b/npm/lib/jsrsasign.js @@ -4,7 +4,7 @@ navigator.userAgent = false; var window = {}; /* - * jsrsasign(all) 10.5.13 (2022-03-18) (c) 2010-2021 Kenji Urushima | kjur.github.io/jsrsasign/license + * jsrsasign(all) 10.5.15 (2022-04-06) (c) 2010-2021 Kenji Urushima | kjur.github.io/jsrsasign/license */ /*! CryptoJS v3.1.2 core-fix.js @@ -235,10 +235,10 @@ if(typeof KJUR=="undefined"||!KJUR){KJUR={}}if(typeof KJUR.crypto=="undefined"|| if(typeof KJUR=="undefined"||!KJUR){KJUR={}}if(typeof KJUR.crypto=="undefined"||!KJUR.crypto){KJUR.crypto={}}KJUR.crypto.ECDSA=function(e){var g="secp256r1";var p=null;var b=null;var i=null;var j=Error,f=BigInteger,h=ECPointFp,m=KJUR.crypto.ECDSA,c=KJUR.crypto.ECParameterDB,d=m.getName,q=ASN1HEX,n=q.getVbyListEx,k=q.isASN1HEX;var a=new SecureRandom();var o=null;this.type="EC";this.isPrivate=false;this.isPublic=false;function l(x,t,w,s){var r=Math.max(t.bitLength(),s.bitLength());var y=x.add2D(w);var v=x.curve.getInfinity();for(var u=r-1;u>=0;--u){v=v.twice2D();v.z=f.ONE;if(t.testBit(u)){if(s.testBit(u)){v=v.add2D(y)}else{v=v.add2D(x)}}else{if(s.testBit(u)){v=v.add2D(w)}}}return v}this.getBigRandom=function(r){return new f(r.bitLength(),a).mod(r.subtract(f.ONE)).add(f.ONE)};this.setNamedCurve=function(r){this.ecparams=c.getByName(r);this.prvKeyHex=null;this.pubKeyHex=null;this.curveName=r};this.setPrivateKeyHex=function(r){this.isPrivate=true;this.prvKeyHex=r};this.setPublicKeyHex=function(r){this.isPublic=true;this.pubKeyHex=r};this.getPublicKeyXYHex=function(){var t=this.pubKeyHex;if(t.substr(0,2)!=="04"){throw"this method supports uncompressed format(04) only"}var s=this.ecparams.keycharlen;if(t.length!==2+s*2){throw"malformed public key hex length"}var r={};r.x=t.substr(2,s);r.y=t.substr(2+s);return r};this.getShortNISTPCurveName=function(){var r=this.curveName;if(r==="secp256r1"||r==="NIST P-256"||r==="P-256"||r==="prime256v1"){return"P-256"}if(r==="secp384r1"||r==="NIST P-384"||r==="P-384"){return"P-384"}if(r==="secp521r1"||r==="NIST P-521"||r==="P-521"){return"P-521"}return null};this.generateKeyPairHex=function(){var s=this.ecparams.n;var u=this.getBigRandom(s);var r=this.ecparams.keycharlen;var t=("0000000000"+u.toString(16)).slice(-r);this.setPrivateKeyHex(t);var v=this.generatePublicKeyHex();return{ecprvhex:t,ecpubhex:v}};this.generatePublicKeyHex=function(){var u=new f(this.prvKeyHex,16);var w=this.ecparams.G.multiply(u);var t=w.getX().toBigInteger();var s=w.getY().toBigInteger();var r=this.ecparams.keycharlen;var y=("0000000000"+t.toString(16)).slice(-r);var v=("0000000000"+s.toString(16)).slice(-r);var x="04"+y+v;this.setPublicKeyHex(x);return x};this.signWithMessageHash=function(r){return this.signHex(r,this.prvKeyHex)};this.signHex=function(x,u){var A=new f(u,16);var v=this.ecparams.n;var z=new f(x.substring(0,this.ecparams.keycharlen),16);do{var w=this.getBigRandom(v);var B=this.ecparams.G;var y=B.multiply(w);var t=y.getX().toBigInteger().mod(v)}while(t.compareTo(f.ZERO)<=0);var C=w.modInverse(v).multiply(z.add(A.multiply(t))).mod(v);return m.biRSSigToASN1Sig(t,C)};this.sign=function(w,B){var z=B;var u=this.ecparams.n;var y=f.fromByteArrayUnsigned(w);do{var v=this.getBigRandom(u);var A=this.ecparams.G;var x=A.multiply(v);var t=x.getX().toBigInteger().mod(u)}while(t.compareTo(BigInteger.ZERO)<=0);var C=v.modInverse(u).multiply(y.add(z.multiply(t))).mod(u);return this.serializeSig(t,C)};this.verifyWithMessageHash=function(s,r){return this.verifyHex(s,r,this.pubKeyHex)};this.verifyHex=function(v,y,u){try{var t,B;var w=m.parseSigHex(y);t=w.r;B=w.s;var x=h.decodeFromHex(this.ecparams.curve,u);var z=new f(v.substring(0,this.ecparams.keycharlen),16);return this.verifyRaw(z,t,B,x)}catch(A){return false}};this.verify=function(z,A,u){var w,t;if(Bitcoin.Util.isArray(A)){var y=this.parseSig(A);w=y.r;t=y.s}else{if("object"===typeof A&&A.r&&A.s){w=A.r;t=A.s}else{throw"Invalid value for signature"}}var v;if(u instanceof ECPointFp){v=u}else{if(Bitcoin.Util.isArray(u)){v=h.decodeFrom(this.ecparams.curve,u)}else{throw"Invalid format for pubkey value, must be byte array or ECPointFp"}}var x=f.fromByteArrayUnsigned(z);return this.verifyRaw(x,w,t,v)};this.verifyRaw=function(z,t,E,y){var x=this.ecparams.n;var D=this.ecparams.G;if(t.compareTo(f.ONE)<0||t.compareTo(x)>=0){return false}if(E.compareTo(f.ONE)<0||E.compareTo(x)>=0){return false}var A=E.modInverse(x);var w=z.multiply(A).mod(x);var u=t.multiply(A).mod(x);var B=D.multiply(w).add(y.multiply(u));var C=B.getX().toBigInteger().mod(x);return C.equals(t)};this.serializeSig=function(v,u){var w=v.toByteArraySigned();var t=u.toByteArraySigned();var x=[];x.push(2);x.push(w.length);x=x.concat(w);x.push(2);x.push(t.length);x=x.concat(t);x.unshift(x.length);x.unshift(48);return x};this.parseSig=function(y){var x;if(y[0]!=48){throw new Error("Signature not a valid DERSequence")}x=2;if(y[x]!=2){throw new Error("First element in signature must be a DERInteger")}var w=y.slice(x+2,x+2+y[x+1]);x+=2+y[x+1];if(y[x]!=2){throw new Error("Second element in signature must be a DERInteger")}var t=y.slice(x+2,x+2+y[x+1]);x+=2+y[x+1];var v=f.fromByteArrayUnsigned(w);var u=f.fromByteArrayUnsigned(t);return{r:v,s:u}};this.parseSigCompact=function(w){if(w.length!==65){throw"Signature has the wrong length"}var t=w[0]-27;if(t<0||t>7){throw"Invalid signature type"}var x=this.ecparams.n;var v=f.fromByteArrayUnsigned(w.slice(1,33)).mod(x);var u=f.fromByteArrayUnsigned(w.slice(33,65)).mod(x);return{r:v,s:u,i:t}};this.readPKCS5PrvKeyHex=function(u){if(k(u)===false){throw new Error("not ASN.1 hex string")}var r,t,v;try{r=n(u,0,["[0]",0],"06");t=n(u,0,[1],"04");try{v=n(u,0,["[1]",0],"03")}catch(s){}}catch(s){throw new Error("malformed PKCS#1/5 plain ECC private key")}this.curveName=d(r);if(this.curveName===undefined){throw"unsupported curve name"}this.setNamedCurve(this.curveName);this.setPublicKeyHex(v);this.setPrivateKeyHex(t);this.isPublic=false};this.readPKCS8PrvKeyHex=function(v){if(k(v)===false){throw new j("not ASN.1 hex string")}var t,r,u,w;try{t=n(v,0,[1,0],"06");r=n(v,0,[1,1],"06");u=n(v,0,[2,0,1],"04");try{w=n(v,0,[2,0,"[1]",0],"03")}catch(s){}}catch(s){throw new j("malformed PKCS#8 plain ECC private key")}this.curveName=d(r);if(this.curveName===undefined){throw new j("unsupported curve name")}this.setNamedCurve(this.curveName);this.setPublicKeyHex(w);this.setPrivateKeyHex(u);this.isPublic=false};this.readPKCS8PubKeyHex=function(u){if(k(u)===false){throw new j("not ASN.1 hex string")}var t,r,v;try{t=n(u,0,[0,0],"06");r=n(u,0,[0,1],"06");v=n(u,0,[1],"03")}catch(s){throw new j("malformed PKCS#8 ECC public key")}this.curveName=d(r);if(this.curveName===null){throw new j("unsupported curve name")}this.setNamedCurve(this.curveName);this.setPublicKeyHex(v)};this.readCertPubKeyHex=function(t,v){if(k(t)===false){throw new j("not ASN.1 hex string")}var r,u;try{r=n(t,0,[0,5,0,1],"06");u=n(t,0,[0,5,1],"03")}catch(s){throw new j("malformed X.509 certificate ECC public key")}this.curveName=d(r);if(this.curveName===null){throw new j("unsupported curve name")}this.setNamedCurve(this.curveName);this.setPublicKeyHex(u)};if(e!==undefined){if(e.curve!==undefined){this.curveName=e.curve}}if(this.curveName===undefined){this.curveName=g}this.setNamedCurve(this.curveName);if(e!==undefined){if(e.prv!==undefined){this.setPrivateKeyHex(e.prv)}if(e.pub!==undefined){this.setPublicKeyHex(e.pub)}}};KJUR.crypto.ECDSA.parseSigHex=function(a){var b=KJUR.crypto.ECDSA.parseSigHexInHexRS(a);var d=new BigInteger(b.r,16);var c=new BigInteger(b.s,16);return{r:d,s:c}};KJUR.crypto.ECDSA.parseSigHexInHexRS=function(f){var j=ASN1HEX,i=j.getChildIdx,g=j.getV;j.checkStrictDER(f,0);if(f.substr(0,2)!="30"){throw new Error("signature is not a ASN.1 sequence")}var h=i(f,0);if(h.length!=2){throw new Error("signature shall have two elements")}var e=h[0];var d=h[1];if(f.substr(e,2)!="02"){throw new Error("1st item not ASN.1 integer")}if(f.substr(d,2)!="02"){throw new Error("2nd item not ASN.1 integer")}var c=g(f,e);var b=g(f,d);return{r:c,s:b}};KJUR.crypto.ECDSA.asn1SigToConcatSig=function(d){var e=KJUR.crypto.ECDSA.parseSigHexInHexRS(d);var b=e.r;var a=e.s;if(b.length>=130&&b.length<=134){if(b.length%2!=0){throw Error("unknown ECDSA sig r length error")}if(a.length%2!=0){throw Error("unknown ECDSA sig s length error")}if(b.substr(0,2)=="00"){b=b.substr(2)}if(a.substr(0,2)=="00"){a=a.substr(2)}var c=Math.max(b.length,a.length);b=("000000"+b).slice(-c);a=("000000"+a).slice(-c);return b+a}if(b.substr(0,2)=="00"&&(b.length%32)==2){b=b.substr(2)}if(a.substr(0,2)=="00"&&(a.length%32)==2){a=a.substr(2)}if((b.length%32)==30){b="00"+b}if((a.length%32)==30){a="00"+a}if(b.length%32!=0){throw Error("unknown ECDSA sig r length error")}if(a.length%32!=0){throw Error("unknown ECDSA sig s length error")}return b+a};KJUR.crypto.ECDSA.concatSigToASN1Sig=function(a){if(a.length%4!=0){throw Error("unknown ECDSA concatinated r-s sig length error")}var c=a.substr(0,a.length/2);var b=a.substr(a.length/2);return KJUR.crypto.ECDSA.hexRSSigToASN1Sig(c,b)};KJUR.crypto.ECDSA.hexRSSigToASN1Sig=function(b,a){var d=new BigInteger(b,16);var c=new BigInteger(a,16);return KJUR.crypto.ECDSA.biRSSigToASN1Sig(d,c)};KJUR.crypto.ECDSA.biRSSigToASN1Sig=function(f,d){var c=KJUR.asn1;var b=new c.DERInteger({bigint:f});var a=new c.DERInteger({bigint:d});var e=new c.DERSequence({array:[b,a]});return e.getEncodedHex()};KJUR.crypto.ECDSA.getName=function(a){if(a==="2b8104001f"){return"secp192k1"}if(a==="2a8648ce3d030107"){return"secp256r1"}if(a==="2b8104000a"){return"secp256k1"}if(a==="2b81040021"){return"secp224r1"}if(a==="2b81040022"){return"secp384r1"}if(a==="2b81040023"){return"secp521r1"}if("|secp256r1|NIST P-256|P-256|prime256v1|".indexOf(a)!==-1){return"secp256r1"}if("|secp256k1|".indexOf(a)!==-1){return"secp256k1"}if("|secp224r1|NIST P-224|P-224|".indexOf(a)!==-1){return"secp224r1"}if("|secp384r1|NIST P-384|P-384|".indexOf(a)!==-1){return"secp384r1"}if("|secp521r1|NIST P-521|P-521|".indexOf(a)!==-1){return"secp521r1"}return null}; if(typeof KJUR=="undefined"||!KJUR){KJUR={}}if(typeof KJUR.crypto=="undefined"||!KJUR.crypto){KJUR.crypto={}}KJUR.crypto.ECParameterDB=new function(){var b={};var c={};function a(d){return new BigInteger(d,16)}this.getByName=function(e){var d=e;if(typeof c[d]!="undefined"){d=c[e]}if(typeof b[d]!="undefined"){return b[d]}throw"unregistered EC curve name: "+d};this.regist=function(A,l,o,g,m,e,j,f,k,u,d,x){b[A]={};var s=a(o);var z=a(g);var y=a(m);var t=a(e);var w=a(j);var r=new ECCurveFp(s,z,y);var q=r.decodePointHex("04"+f+k);b[A]["name"]=A;b[A]["keylen"]=l;b[A]["keycharlen"]=Math.ceil(l/8)*2;b[A]["curve"]=r;b[A]["G"]=q;b[A]["n"]=t;b[A]["h"]=w;b[A]["oid"]=d;b[A]["info"]=x;for(var v=0;v1){l=new BigInteger(n,16)}else{l=null}m=new BigInteger(o,16);this.setPrivate(h,f,j,l,m)};this.setPublic=function(i,h,f,j){this.isPublic=true;this.p=i;this.q=h;this.g=f;this.y=j;this.x=null};this.setPublicHex=function(k,j,i,l){var g,f,m,h;g=new BigInteger(k,16);f=new BigInteger(j,16);m=new BigInteger(i,16);h=new BigInteger(l,16);this.setPublic(g,f,m,h)};this.signWithMessageHash=function(j){var i=this.p;var h=this.q;var m=this.g;var o=this.y;var t=this.x;var l=KJUR.crypto.Util.getRandomBigIntegerMinToMax(BigInteger.ONE.add(BigInteger.ONE),h.subtract(BigInteger.ONE));var u=j.substr(0,h.bitLength()/4);var n=new BigInteger(u,16);var f=(m.modPow(l,i)).mod(h);var w=(l.modInverse(h).multiply(n.add(t.multiply(f)))).mod(h);var v=KJUR.asn1.ASN1Util.jsonToASN1HEX({seq:[{"int":{bigint:f}},{"int":{bigint:w}}]});return v};this.verifyWithMessageHash=function(m,l){var j=this.p;var h=this.q;var o=this.g;var u=this.y;var n=this.parseASN1Signature(l);var f=n[0];var C=n[1];var B=m.substr(0,h.bitLength()/4);var t=new BigInteger(B,16);if(BigInteger.ZERO.compareTo(f)>0||f.compareTo(h)>0){throw"invalid DSA signature"}if(BigInteger.ZERO.compareTo(C)>=0||C.compareTo(h)>0){throw"invalid DSA signature"}var x=C.modInverse(h);var k=t.multiply(x).mod(h);var i=f.multiply(x).mod(h);var A=o.modPow(k,j).multiply(u.modPow(i,j)).mod(j).mod(h);return A.compareTo(f)==0};this.parseASN1Signature=function(f){try{var i=new c(d(f,0,[0],"02"),16);var h=new c(d(f,0,[1],"02"),16);return[i,h]}catch(g){throw new Error("malformed ASN.1 DSA signature")}};this.readPKCS5PrvKeyHex=function(j){var k,i,g,l,m;if(a(j)===false){throw new Error("not ASN.1 hex string")}try{k=d(j,0,[1],"02");i=d(j,0,[2],"02");g=d(j,0,[3],"02");l=d(j,0,[4],"02");m=d(j,0,[5],"02")}catch(f){throw new Error("malformed PKCS#1/5 plain DSA private key")}this.setPrivateHex(k,i,g,l,m)};this.readPKCS8PrvKeyHex=function(j){var k,i,g,l;if(a(j)===false){throw new Error("not ASN.1 hex string")}try{k=d(j,0,[1,1,0],"02");i=d(j,0,[1,1,1],"02");g=d(j,0,[1,1,2],"02");l=d(j,0,[2,0],"02")}catch(f){throw new Error("malformed PKCS#8 plain DSA private key")}this.setPrivateHex(k,i,g,null,l)};this.readPKCS8PubKeyHex=function(j){var k,i,g,l;if(a(j)===false){throw new Error("not ASN.1 hex string")}try{k=d(j,0,[0,1,0],"02");i=d(j,0,[0,1,1],"02");g=d(j,0,[0,1,2],"02");l=d(j,0,[1,0],"02")}catch(f){throw new Error("malformed PKCS#8 DSA public key")}this.setPublicHex(k,i,g,l)};this.readCertPubKeyHex=function(j,m){var k,i,g,l;if(a(j)===false){throw new Error("not ASN.1 hex string")}try{k=d(j,0,[0,5,0,1,0],"02");i=d(j,0,[0,5,0,1,1],"02");g=d(j,0,[0,5,0,1,2],"02");l=d(j,0,[0,5,1,0],"02")}catch(f){throw new Error("malformed X.509 certificate DSA public key")}this.setPublicHex(k,i,g,l)}}; -var KEYUTIL=function(){var d=function(p,r,q){return k(CryptoJS.AES,p,r,q)};var e=function(p,r,q){return k(CryptoJS.TripleDES,p,r,q)};var a=function(p,r,q){return k(CryptoJS.DES,p,r,q)};var k=function(s,x,u,q){var r=CryptoJS.enc.Hex.parse(x);var w=CryptoJS.enc.Hex.parse(u);var p=CryptoJS.enc.Hex.parse(q);var t={};t.key=w;t.iv=p;t.ciphertext=r;var v=s.decrypt(t,w,{iv:p});return CryptoJS.enc.Hex.stringify(v)};var l=function(p,r,q){return g(CryptoJS.AES,p,r,q)};var o=function(p,r,q){return g(CryptoJS.TripleDES,p,r,q)};var f=function(p,r,q){return g(CryptoJS.DES,p,r,q)};var g=function(t,y,v,q){var s=CryptoJS.enc.Hex.parse(y);var x=CryptoJS.enc.Hex.parse(v);var p=CryptoJS.enc.Hex.parse(q);var w=t.encrypt(s,x,{iv:p});var r=CryptoJS.enc.Hex.parse(w.toString());var u=CryptoJS.enc.Base64.stringify(r);return u};var i={"AES-256-CBC":{proc:d,eproc:l,keylen:32,ivlen:16},"AES-192-CBC":{proc:d,eproc:l,keylen:24,ivlen:16},"AES-128-CBC":{proc:d,eproc:l,keylen:16,ivlen:16},"DES-EDE3-CBC":{proc:e,eproc:o,keylen:24,ivlen:8},"DES-CBC":{proc:a,eproc:f,keylen:8,ivlen:8}};var c=function(p){return i[p]["proc"]};var m=function(p){var r=CryptoJS.lib.WordArray.random(p);var q=CryptoJS.enc.Hex.stringify(r);return q};var n=function(v){var w={};var q=v.match(new RegExp("DEK-Info: ([^,]+),([0-9A-Fa-f]+)","m"));if(q){w.cipher=q[1];w.ivsalt=q[2]}var p=v.match(new RegExp("-----BEGIN ([A-Z]+) PRIVATE KEY-----"));if(p){w.type=p[1]}var u=-1;var x=0;if(v.indexOf("\r\n\r\n")!=-1){u=v.indexOf("\r\n\r\n");x=2}if(v.indexOf("\n\n")!=-1){u=v.indexOf("\n\n");x=1}var t=v.indexOf("-----END");if(u!=-1&&t!=-1){var r=v.substring(u+x*2,t-x);r=r.replace(/\s+/g,"");w.data=r}return w};var j=function(q,y,p){var v=p.substring(0,16);var t=CryptoJS.enc.Hex.parse(v);var r=CryptoJS.enc.Utf8.parse(y);var u=i[q]["keylen"]+i[q]["ivlen"];var x="";var w=null;for(;;){var s=CryptoJS.algo.MD5.create();if(w!=null){s.update(w)}s.update(r);s.update(t);w=s.finalize();x=x+CryptoJS.enc.Hex.stringify(w);if(x.length>=u*2){break}}var z={};z.keyhex=x.substr(0,i[q]["keylen"]*2);z.ivhex=x.substr(i[q]["keylen"]*2,i[q]["ivlen"]*2);return z};var b=function(p,v,r,w){var s=CryptoJS.enc.Base64.parse(p);var q=CryptoJS.enc.Hex.stringify(s);var u=i[v]["proc"];var t=u(q,r,w);return t};var h=function(p,s,q,u){var r=i[s]["eproc"];var t=r(p,q,u);return t};return{version:"1.0.0",parsePKCS5PEM:function(p){return n(p)},getKeyAndUnusedIvByPasscodeAndIvsalt:function(q,p,r){return j(q,p,r)},decryptKeyB64:function(p,r,q,s){return b(p,r,q,s)},getDecryptedKeyHex:function(y,x){var q=n(y);var t=q.type;var r=q.cipher;var p=q.ivsalt;var s=q.data;var w=j(r,x,p);var v=w.keyhex;var u=b(s,r,v,p);return u},getEncryptedPKCS5PEMFromPrvKeyHex:function(x,s,A,t,r){var p="";if(typeof t=="undefined"||t==null){t="AES-256-CBC"}if(typeof i[t]=="undefined"){throw new Error("KEYUTIL unsupported algorithm: "+t)}if(typeof r=="undefined"||r==null){var v=i[t]["ivlen"];var u=m(v);r=u.toUpperCase()}var z=j(t,A,r);var y=z.keyhex;var w=h(s,t,y,r);var q=w.replace(/(.{64})/g,"$1\r\n");var p="-----BEGIN "+x+" PRIVATE KEY-----\r\n";p+="Proc-Type: 4,ENCRYPTED\r\n";p+="DEK-Info: "+t+","+r+"\r\n";p+="\r\n";p+=q;p+="\r\n-----END "+x+" PRIVATE KEY-----\r\n";return p},parseHexOfEncryptedPKCS8:function(y){var B=ASN1HEX;var z=B.getChildIdx;var w=B.getV;var t={};var r=z(y,0);if(r.length!=2){throw new Error("malformed format: SEQUENCE(0).items != 2: "+r.length)}t.ciphertext=w(y,r[1]);var A=z(y,r[0]);if(A.length!=2){throw new Error("malformed format: SEQUENCE(0.0).items != 2: "+A.length)}if(w(y,A[0])!="2a864886f70d01050d"){throw new Error("this only supports pkcs5PBES2")}var p=z(y,A[1]);if(A.length!=2){throw new Error("malformed format: SEQUENCE(0.0.1).items != 2: "+p.length)}var q=z(y,p[1]);if(q.length!=2){throw new Error("malformed format: SEQUENCE(0.0.1.1).items != 2: "+q.length)}if(w(y,q[0])!="2a864886f70d0307"){throw"this only supports TripleDES"}t.encryptionSchemeAlg="TripleDES";t.encryptionSchemeIV=w(y,q[1]);var s=z(y,p[0]);if(s.length!=2){throw new Error("malformed format: SEQUENCE(0.0.1.0).items != 2: "+s.length)}if(w(y,s[0])!="2a864886f70d01050c"){throw new Error("this only supports pkcs5PBKDF2")}var x=z(y,s[1]);if(x.length<2){throw new Error("malformed format: SEQUENCE(0.0.1.0.1).items < 2: "+x.length)}t.pbkdf2Salt=w(y,x[0]);var u=w(y,x[1]);try{t.pbkdf2Iter=parseInt(u,16)}catch(v){throw new Error("malformed format pbkdf2Iter: "+u)}return t},getPBKDF2KeyHexFromParam:function(u,p){var t=CryptoJS.enc.Hex.parse(u.pbkdf2Salt);var q=u.pbkdf2Iter;var s=CryptoJS.PBKDF2(p,t,{keySize:192/32,iterations:q});var r=CryptoJS.enc.Hex.stringify(s);return r},_getPlainPKCS8HexFromEncryptedPKCS8PEM:function(x,y){var r=pemtohex(x,"ENCRYPTED PRIVATE KEY");var p=this.parseHexOfEncryptedPKCS8(r);var u=KEYUTIL.getPBKDF2KeyHexFromParam(p,y);var v={};v.ciphertext=CryptoJS.enc.Hex.parse(p.ciphertext);var t=CryptoJS.enc.Hex.parse(u);var s=CryptoJS.enc.Hex.parse(p.encryptionSchemeIV);var w=CryptoJS.TripleDES.decrypt(v,t,{iv:s});var q=CryptoJS.enc.Hex.stringify(w);return q},getKeyFromEncryptedPKCS8PEM:function(s,q){var p=this._getPlainPKCS8HexFromEncryptedPKCS8PEM(s,q);var r=this.getKeyFromPlainPrivatePKCS8Hex(p);return r},parsePlainPrivatePKCS8Hex:function(s){var v=ASN1HEX;var u=v.getChildIdx;var t=v.getV;var q={};q.algparam=null;if(s.substr(0,2)!="30"){throw new Error("malformed plain PKCS8 private key(code:001)")}var r=u(s,0);if(r.length<3){throw new Error("malformed plain PKCS8 private key(code:002)")}if(s.substr(r[1],2)!="30"){throw new Error("malformed PKCS8 private key(code:003)")}var p=u(s,r[1]);if(p.length!=2){throw new Error("malformed PKCS8 private key(code:004)")}if(s.substr(p[0],2)!="06"){throw new Error("malformed PKCS8 private key(code:005)")}q.algoid=t(s,p[0]);if(s.substr(p[1],2)=="06"){q.algparam=t(s,p[1])}if(s.substr(r[2],2)!="04"){throw new Error("malformed PKCS8 private key(code:006)")}q.keyidx=v.getVidx(s,r[2]);return q},getKeyFromPlainPrivatePKCS8PEM:function(q){var p=pemtohex(q,"PRIVATE KEY");var r=this.getKeyFromPlainPrivatePKCS8Hex(p);return r},getKeyFromPlainPrivatePKCS8Hex:function(p){var q=this.parsePlainPrivatePKCS8Hex(p);var r;if(q.algoid=="2a864886f70d010101"){r=new RSAKey()}else{if(q.algoid=="2a8648ce380401"){r=new KJUR.crypto.DSA()}else{if(q.algoid=="2a8648ce3d0201"){r=new KJUR.crypto.ECDSA()}else{throw new Error("unsupported private key algorithm")}}}r.readPKCS8PrvKeyHex(p);return r},_getKeyFromPublicPKCS8Hex:function(q){var p;var r=ASN1HEX.getVbyList(q,0,[0,0],"06");if(r==="2a864886f70d010101"){p=new RSAKey()}else{if(r==="2a8648ce380401"){p=new KJUR.crypto.DSA()}else{if(r==="2a8648ce3d0201"){p=new KJUR.crypto.ECDSA()}else{throw new Error("unsupported PKCS#8 public key hex")}}}p.readPKCS8PubKeyHex(q);return p},parsePublicRawRSAKeyHex:function(r){var u=ASN1HEX;var t=u.getChildIdx;var s=u.getV;var p={};if(r.substr(0,2)!="30"){throw new Error("malformed RSA key(code:001)")}var q=t(r,0);if(q.length!=2){throw new Error("malformed RSA key(code:002)")}if(r.substr(q[0],2)!="02"){throw new Error("malformed RSA key(code:003)")}p.n=s(r,q[0]);if(r.substr(q[1],2)!="02"){throw new Error("malformed RSA key(code:004)")}p.e=s(r,q[1]);return p},parsePublicPKCS8Hex:function(t){var v=ASN1HEX;var u=v.getChildIdx;var s=v.getV;var q={};q.algparam=null;var r=u(t,0);if(r.length!=2){throw new Error("outer DERSequence shall have 2 elements: "+r.length)}var w=r[0];if(t.substr(w,2)!="30"){throw new Error("malformed PKCS8 public key(code:001)")}var p=u(t,w);if(p.length!=2){throw new Error("malformed PKCS8 public key(code:002)")}if(t.substr(p[0],2)!="06"){throw new Error("malformed PKCS8 public key(code:003)")}q.algoid=s(t,p[0]);if(t.substr(p[1],2)=="06"){q.algparam=s(t,p[1])}else{if(t.substr(p[1],2)=="30"){q.algparam={};q.algparam.p=v.getVbyList(t,p[1],[0],"02");q.algparam.q=v.getVbyList(t,p[1],[1],"02");q.algparam.g=v.getVbyList(t,p[1],[2],"02")}}if(t.substr(r[1],2)!="03"){throw new Error("malformed PKCS8 public key(code:004)")}q.key=s(t,r[1]).substr(2);return q},}}();KEYUTIL.getKey=function(l,k,n){var G=ASN1HEX,L=G.getChildIdx,v=G.getV,d=G.getVbyList,c=KJUR.crypto,i=c.ECDSA,C=c.DSA,w=RSAKey,M=pemtohex,F=KEYUTIL;if(typeof w!="undefined"&&l instanceof w){return l}if(typeof i!="undefined"&&l instanceof i){return l}if(typeof C!="undefined"&&l instanceof C){return l}if(l.curve!==undefined&&l.xy!==undefined&&l.d===undefined){return new i({pub:l.xy,curve:l.curve})}if(l.curve!==undefined&&l.d!==undefined){return new i({prv:l.d,curve:l.curve})}if(l.kty===undefined&&l.n!==undefined&&l.e!==undefined&&l.d===undefined){var P=new w();P.setPublic(l.n,l.e);return P}if(l.kty===undefined&&l.n!==undefined&&l.e!==undefined&&l.d!==undefined&&l.p!==undefined&&l.q!==undefined&&l.dp!==undefined&&l.dq!==undefined&&l.co!==undefined&&l.qi===undefined){var P=new w();P.setPrivateEx(l.n,l.e,l.d,l.p,l.q,l.dp,l.dq,l.co);return P}if(l.kty===undefined&&l.n!==undefined&&l.e!==undefined&&l.d!==undefined&&l.p===undefined){var P=new w();P.setPrivate(l.n,l.e,l.d);return P}if(l.p!==undefined&&l.q!==undefined&&l.g!==undefined&&l.y!==undefined&&l.x===undefined){var P=new C();P.setPublic(l.p,l.q,l.g,l.y);return P}if(l.p!==undefined&&l.q!==undefined&&l.g!==undefined&&l.y!==undefined&&l.x!==undefined){var P=new C();P.setPrivate(l.p,l.q,l.g,l.y,l.x);return P}if(l.kty==="RSA"&&l.n!==undefined&&l.e!==undefined&&l.d===undefined){var P=new w();P.setPublic(b64utohex(l.n),b64utohex(l.e));return P}if(l.kty==="RSA"&&l.n!==undefined&&l.e!==undefined&&l.d!==undefined&&l.p!==undefined&&l.q!==undefined&&l.dp!==undefined&&l.dq!==undefined&&l.qi!==undefined){var P=new w();P.setPrivateEx(b64utohex(l.n),b64utohex(l.e),b64utohex(l.d),b64utohex(l.p),b64utohex(l.q),b64utohex(l.dp),b64utohex(l.dq),b64utohex(l.qi));return P}if(l.kty==="RSA"&&l.n!==undefined&&l.e!==undefined&&l.d!==undefined){var P=new w();P.setPrivate(b64utohex(l.n),b64utohex(l.e),b64utohex(l.d));return P}if(l.kty==="EC"&&l.crv!==undefined&&l.x!==undefined&&l.y!==undefined&&l.d===undefined){var j=new i({curve:l.crv});var t=j.ecparams.keycharlen;var B=("0000000000"+b64utohex(l.x)).slice(-t);var z=("0000000000"+b64utohex(l.y)).slice(-t);var u="04"+B+z;j.setPublicKeyHex(u);return j}if(l.kty==="EC"&&l.crv!==undefined&&l.x!==undefined&&l.y!==undefined&&l.d!==undefined){var j=new i({curve:l.crv});var t=j.ecparams.keycharlen;var B=("0000000000"+b64utohex(l.x)).slice(-t);var z=("0000000000"+b64utohex(l.y)).slice(-t);var u="04"+B+z;var b=("0000000000"+b64utohex(l.d)).slice(-t);j.setPublicKeyHex(u);j.setPrivateKeyHex(b);return j}if(n==="pkcs5prv"){var J=l,G=ASN1HEX,N,P;N=L(J,0);if(N.length===9){P=new w();P.readPKCS5PrvKeyHex(J)}else{if(N.length===6){P=new C();P.readPKCS5PrvKeyHex(J)}else{if(N.length>2&&J.substr(N[1],2)==="04"){P=new i();P.readPKCS5PrvKeyHex(J)}else{throw new Error("unsupported PKCS#1/5 hexadecimal key")}}}return P}if(n==="pkcs8prv"){var P=F.getKeyFromPlainPrivatePKCS8Hex(l);return P}if(n==="pkcs8pub"){return F._getKeyFromPublicPKCS8Hex(l)}if(n==="x509pub"){return X509.getPublicKeyFromCertHex(l)}if(l.indexOf("-END CERTIFICATE-",0)!=-1||l.indexOf("-END X509 CERTIFICATE-",0)!=-1||l.indexOf("-END TRUSTED CERTIFICATE-",0)!=-1){return X509.getPublicKeyFromCertPEM(l)}if(l.indexOf("-END PUBLIC KEY-")!=-1){var O=pemtohex(l,"PUBLIC KEY");return F._getKeyFromPublicPKCS8Hex(O)}if(l.indexOf("-END RSA PRIVATE KEY-")!=-1&&l.indexOf("4,ENCRYPTED")==-1){var m=M(l,"RSA PRIVATE KEY");return F.getKey(m,null,"pkcs5prv")}if(l.indexOf("-END DSA PRIVATE KEY-")!=-1&&l.indexOf("4,ENCRYPTED")==-1){var I=M(l,"DSA PRIVATE KEY");var E=d(I,0,[1],"02");var D=d(I,0,[2],"02");var K=d(I,0,[3],"02");var r=d(I,0,[4],"02");var s=d(I,0,[5],"02");var P=new C();P.setPrivate(new BigInteger(E,16),new BigInteger(D,16),new BigInteger(K,16),new BigInteger(r,16),new BigInteger(s,16));return P}if(l.indexOf("-END EC PRIVATE KEY-")!=-1&&l.indexOf("4,ENCRYPTED")==-1){var m=M(l,"EC PRIVATE KEY");return F.getKey(m,null,"pkcs5prv")}if(l.indexOf("-END PRIVATE KEY-")!=-1){return F.getKeyFromPlainPrivatePKCS8PEM(l)}if(l.indexOf("-END RSA PRIVATE KEY-")!=-1&&l.indexOf("4,ENCRYPTED")!=-1){var o=F.getDecryptedKeyHex(l,k);var H=new RSAKey();H.readPKCS5PrvKeyHex(o);return H}if(l.indexOf("-END EC PRIVATE KEY-")!=-1&&l.indexOf("4,ENCRYPTED")!=-1){var I=F.getDecryptedKeyHex(l,k);var P=d(I,0,[1],"04");var f=d(I,0,[2,0],"06");var A=d(I,0,[3,0],"03").substr(2);var e="";if(KJUR.crypto.OID.oidhex2name[f]!==undefined){e=KJUR.crypto.OID.oidhex2name[f]}else{throw new Error("undefined OID(hex) in KJUR.crypto.OID: "+f)}var j=new i({curve:e});j.setPublicKeyHex(A);j.setPrivateKeyHex(P);j.isPublic=false;return j}if(l.indexOf("-END DSA PRIVATE KEY-")!=-1&&l.indexOf("4,ENCRYPTED")!=-1){var I=F.getDecryptedKeyHex(l,k);var E=d(I,0,[1],"02");var D=d(I,0,[2],"02");var K=d(I,0,[3],"02");var r=d(I,0,[4],"02");var s=d(I,0,[5],"02");var P=new C();P.setPrivate(new BigInteger(E,16),new BigInteger(D,16),new BigInteger(K,16),new BigInteger(r,16),new BigInteger(s,16));return P}if(l.indexOf("-END ENCRYPTED PRIVATE KEY-")!=-1){return F.getKeyFromEncryptedPKCS8PEM(l,k)}throw new Error("not supported argument")};KEYUTIL.generateKeypair=function(a,c){if(a=="RSA"){var b=c;var h=new RSAKey();h.generate(b,"10001");h.isPrivate=true;h.isPublic=true;var f=new RSAKey();var e=h.n.toString(16);var i=h.e.toString(16);f.setPublic(e,i);f.isPrivate=false;f.isPublic=true;var k={};k.prvKeyObj=h;k.pubKeyObj=f;return k}else{if(a=="EC"){var d=c;var g=new KJUR.crypto.ECDSA({curve:d});var j=g.generateKeyPairHex();var h=new KJUR.crypto.ECDSA({curve:d});h.setPublicKeyHex(j.ecpubhex);h.setPrivateKeyHex(j.ecprvhex);h.isPrivate=true;h.isPublic=false;var f=new KJUR.crypto.ECDSA({curve:d});f.setPublicKeyHex(j.ecpubhex);f.isPrivate=false;f.isPublic=true;var k={};k.prvKeyObj=h;k.pubKeyObj=f;return k}else{throw new Error("unknown algorithm: "+a)}}};KEYUTIL.getPEM=function(b,D,y,m,q,j){var F=KJUR,k=F.asn1,z=k.DERObjectIdentifier,f=k.DERInteger,l=k.ASN1Util.newObject,a=k.x509,C=a.SubjectPublicKeyInfo,e=F.crypto,u=e.DSA,r=e.ECDSA,n=RSAKey;function A(s){var G=l({seq:[{"int":0},{"int":{bigint:s.n}},{"int":s.e},{"int":{bigint:s.d}},{"int":{bigint:s.p}},{"int":{bigint:s.q}},{"int":{bigint:s.dmp1}},{"int":{bigint:s.dmq1}},{"int":{bigint:s.coeff}}]});return G}function B(G){var s=l({seq:[{"int":1},{octstr:{hex:G.prvKeyHex}},{tag:["a0",true,{oid:{name:G.curveName}}]},{tag:["a1",true,{bitstr:{hex:"00"+G.pubKeyHex}}]}]});return s}function x(s){var G=l({seq:[{"int":0},{"int":{bigint:s.p}},{"int":{bigint:s.q}},{"int":{bigint:s.g}},{"int":{bigint:s.y}},{"int":{bigint:s.x}}]});return G}if(((n!==undefined&&b instanceof n)||(u!==undefined&&b instanceof u)||(r!==undefined&&b instanceof r))&&b.isPublic==true&&(D===undefined||D=="PKCS8PUB")){var E=new C(b);var w=E.getEncodedHex();return hextopem(w,"PUBLIC KEY")}if(D=="PKCS1PRV"&&n!==undefined&&b instanceof n&&(y===undefined||y==null)&&b.isPrivate==true){var E=A(b);var w=E.getEncodedHex();return hextopem(w,"RSA PRIVATE KEY")}if(D=="PKCS1PRV"&&r!==undefined&&b instanceof r&&(y===undefined||y==null)&&b.isPrivate==true){var i=new z({name:b.curveName});var v=i.getEncodedHex();var h=B(b);var t=h.getEncodedHex();var p="";p+=hextopem(v,"EC PARAMETERS");p+=hextopem(t,"EC PRIVATE KEY");return p}if(D=="PKCS1PRV"&&u!==undefined&&b instanceof u&&(y===undefined||y==null)&&b.isPrivate==true){var E=x(b);var w=E.getEncodedHex();return hextopem(w,"DSA PRIVATE KEY")}if(D=="PKCS5PRV"&&n!==undefined&&b instanceof n&&(y!==undefined&&y!=null)&&b.isPrivate==true){var E=A(b);var w=E.getEncodedHex();if(m===undefined){m="DES-EDE3-CBC"}return this.getEncryptedPKCS5PEMFromPrvKeyHex("RSA",w,y,m,j)}if(D=="PKCS5PRV"&&r!==undefined&&b instanceof r&&(y!==undefined&&y!=null)&&b.isPrivate==true){var E=B(b);var w=E.getEncodedHex();if(m===undefined){m="DES-EDE3-CBC"}return this.getEncryptedPKCS5PEMFromPrvKeyHex("EC",w,y,m,j)}if(D=="PKCS5PRV"&&u!==undefined&&b instanceof u&&(y!==undefined&&y!=null)&&b.isPrivate==true){var E=x(b);var w=E.getEncodedHex();if(m===undefined){m="DES-EDE3-CBC"}return this.getEncryptedPKCS5PEMFromPrvKeyHex("DSA",w,y,m,j)}var o=function(G,s){var I=c(G,s);var H=new l({seq:[{seq:[{oid:{name:"pkcs5PBES2"}},{seq:[{seq:[{oid:{name:"pkcs5PBKDF2"}},{seq:[{octstr:{hex:I.pbkdf2Salt}},{"int":I.pbkdf2Iter}]}]},{seq:[{oid:{name:"des-EDE3-CBC"}},{octstr:{hex:I.encryptionSchemeIV}}]}]}]},{octstr:{hex:I.ciphertext}}]});return H.getEncodedHex()};var c=function(N,O){var H=100;var M=CryptoJS.lib.WordArray.random(8);var L="DES-EDE3-CBC";var s=CryptoJS.lib.WordArray.random(8);var I=CryptoJS.PBKDF2(O,M,{keySize:192/32,iterations:H});var J=CryptoJS.enc.Hex.parse(N);var K=CryptoJS.TripleDES.encrypt(J,I,{iv:s})+"";var G={};G.ciphertext=K;G.pbkdf2Salt=CryptoJS.enc.Hex.stringify(M);G.pbkdf2Iter=H;G.encryptionSchemeAlg=L;G.encryptionSchemeIV=CryptoJS.enc.Hex.stringify(s);return G};if(D=="PKCS8PRV"&&n!=undefined&&b instanceof n&&b.isPrivate==true){var g=A(b);var d=g.getEncodedHex();var E=l({seq:[{"int":0},{seq:[{oid:{name:"rsaEncryption"}},{"null":true}]},{octstr:{hex:d}}]});var w=E.getEncodedHex();if(y===undefined||y==null){return hextopem(w,"PRIVATE KEY")}else{var t=o(w,y);return hextopem(t,"ENCRYPTED PRIVATE KEY")}}if(D=="PKCS8PRV"&&r!==undefined&&b instanceof r&&b.isPrivate==true){var g=new l({seq:[{"int":1},{octstr:{hex:b.prvKeyHex}},{tag:["a1",true,{bitstr:{hex:"00"+b.pubKeyHex}}]}]});var d=g.getEncodedHex();var E=l({seq:[{"int":0},{seq:[{oid:{name:"ecPublicKey"}},{oid:{name:b.curveName}}]},{octstr:{hex:d}}]});var w=E.getEncodedHex();if(y===undefined||y==null){return hextopem(w,"PRIVATE KEY")}else{var t=o(w,y);return hextopem(t,"ENCRYPTED PRIVATE KEY")}}if(D=="PKCS8PRV"&&u!==undefined&&b instanceof u&&b.isPrivate==true){var g=new f({bigint:b.x});var d=g.getEncodedHex();var E=l({seq:[{"int":0},{seq:[{oid:{name:"dsa"}},{seq:[{"int":{bigint:b.p}},{"int":{bigint:b.q}},{"int":{bigint:b.g}}]}]},{octstr:{hex:d}}]});var w=E.getEncodedHex();if(y===undefined||y==null){return hextopem(w,"PRIVATE KEY")}else{var t=o(w,y);return hextopem(t,"ENCRYPTED PRIVATE KEY")}}throw new Error("unsupported object nor format")};KEYUTIL.getKeyFromCSRPEM=function(b){var a=pemtohex(b,"CERTIFICATE REQUEST");var c=KEYUTIL.getKeyFromCSRHex(a);return c};KEYUTIL.getKeyFromCSRHex=function(a){var c=KEYUTIL.parseCSRHex(a);var b=KEYUTIL.getKey(c.p8pubkeyhex,null,"pkcs8pub");return b};KEYUTIL.parseCSRHex=function(d){var i=ASN1HEX;var f=i.getChildIdx;var c=i.getTLV;var b={};var g=d;if(g.substr(0,2)!="30"){throw new Error("malformed CSR(code:001)")}var e=f(g,0);if(e.length<1){throw new Error("malformed CSR(code:002)")}if(g.substr(e[0],2)!="30"){throw new Error("malformed CSR(code:003)")}var a=f(g,e[0]);if(a.length<3){throw new Error("malformed CSR(code:004)")}b.p8pubkeyhex=c(g,a[2]);return b};KEYUTIL.getKeyID=function(f){var c=KEYUTIL;var e=ASN1HEX;if(typeof f==="string"&&f.indexOf("BEGIN ")!=-1){f=c.getKey(f)}var d=pemtohex(c.getPEM(f));var b=e.getIdxbyList(d,0,[1]);var a=e.getV(d,b).substring(2);return KJUR.crypto.Util.hashHex(a,"sha1")};KEYUTIL.getJWK=function(d,h,g,b,f){var i;var k={};var e;var c=KJUR.crypto.Util.hashHex;if(typeof d=="string"){i=KEYUTIL.getKey(d);if(d.indexOf("CERTIFICATE")!=-1){e=pemtohex(d)}}else{if(typeof d=="object"){if(d instanceof X509){i=d.getPublicKey();e=d.hex}else{i=d}}else{throw new Error("unsupported keyinfo type")}}if(i instanceof RSAKey&&i.isPrivate){k.kty="RSA";k.n=hextob64u(i.n.toString(16));k.e=hextob64u(i.e.toString(16));k.d=hextob64u(i.d.toString(16));k.p=hextob64u(i.p.toString(16));k.q=hextob64u(i.q.toString(16));k.dp=hextob64u(i.dmp1.toString(16));k.dq=hextob64u(i.dmq1.toString(16));k.qi=hextob64u(i.coeff.toString(16))}else{if(i instanceof RSAKey&&i.isPublic){k.kty="RSA";k.n=hextob64u(i.n.toString(16));k.e=hextob64u(i.e.toString(16))}else{if(i instanceof KJUR.crypto.ECDSA&&i.isPrivate){var a=i.getShortNISTPCurveName();if(a!=="P-256"&&a!=="P-384"&&a!=="P-521"){throw new Error("unsupported curve name for JWT: "+a)}var j=i.getPublicKeyXYHex();k.kty="EC";k.crv=a;k.x=hextob64u(j.x);k.y=hextob64u(j.y);k.d=hextob64u(i.prvKeyHex)}else{if(i instanceof KJUR.crypto.ECDSA&&i.isPublic){var a=i.getShortNISTPCurveName();if(a!=="P-256"&&a!=="P-384"&&a!=="P-521"){throw new Error("unsupported curve name for JWT: "+a)}var j=i.getPublicKeyXYHex();k.kty="EC";k.crv=a;k.x=hextob64u(j.x);k.y=hextob64u(j.y)}}}}if(k.kty==undefined){throw new Error("unsupported keyinfo")}if((!i.isPrivate)&&h!=true){k.kid=KJUR.jws.JWS.getJWKthumbprint(k)}if(e!=undefined&&g!=true){k.x5c=[hex2b64(e)]}if(e!=undefined&&b!=true){k.x5t=b64tob64u(hex2b64(c(e,"sha1")))}if(e!=undefined&&f!=true){k["x5t#S256"]=b64tob64u(hex2b64(c(e,"sha256")))}return k};KEYUTIL.getJWKFromKey=function(a){return KEYUTIL.getJWK(a,true,true,true,true)}; +var KEYUTIL=function(){var d=function(p,r,q){return k(CryptoJS.AES,p,r,q)};var e=function(p,r,q){return k(CryptoJS.TripleDES,p,r,q)};var a=function(p,r,q){return k(CryptoJS.DES,p,r,q)};var k=function(s,x,u,q){var r=CryptoJS.enc.Hex.parse(x);var w=CryptoJS.enc.Hex.parse(u);var p=CryptoJS.enc.Hex.parse(q);var t={};t.key=w;t.iv=p;t.ciphertext=r;var v=s.decrypt(t,w,{iv:p});return CryptoJS.enc.Hex.stringify(v)};var l=function(p,r,q){return g(CryptoJS.AES,p,r,q)};var o=function(p,r,q){return g(CryptoJS.TripleDES,p,r,q)};var f=function(p,r,q){return g(CryptoJS.DES,p,r,q)};var g=function(t,y,v,q){var s=CryptoJS.enc.Hex.parse(y);var x=CryptoJS.enc.Hex.parse(v);var p=CryptoJS.enc.Hex.parse(q);var w=t.encrypt(s,x,{iv:p});var r=CryptoJS.enc.Hex.parse(w.toString());var u=CryptoJS.enc.Base64.stringify(r);return u};var i={"AES-256-CBC":{proc:d,eproc:l,keylen:32,ivlen:16},"AES-192-CBC":{proc:d,eproc:l,keylen:24,ivlen:16},"AES-128-CBC":{proc:d,eproc:l,keylen:16,ivlen:16},"DES-EDE3-CBC":{proc:e,eproc:o,keylen:24,ivlen:8},"DES-CBC":{proc:a,eproc:f,keylen:8,ivlen:8}};var c=function(p){return i[p]["proc"]};var m=function(p){var r=CryptoJS.lib.WordArray.random(p);var q=CryptoJS.enc.Hex.stringify(r);return q};var n=function(v){var w={};var q=v.match(new RegExp("DEK-Info: ([^,]+),([0-9A-Fa-f]+)","m"));if(q){w.cipher=q[1];w.ivsalt=q[2]}var p=v.match(new RegExp("-----BEGIN ([A-Z]+) PRIVATE KEY-----"));if(p){w.type=p[1]}var u=-1;var x=0;if(v.indexOf("\r\n\r\n")!=-1){u=v.indexOf("\r\n\r\n");x=2}if(v.indexOf("\n\n")!=-1){u=v.indexOf("\n\n");x=1}var t=v.indexOf("-----END");if(u!=-1&&t!=-1){var r=v.substring(u+x*2,t-x);r=r.replace(/\s+/g,"");w.data=r}return w};var j=function(q,y,p){var v=p.substring(0,16);var t=CryptoJS.enc.Hex.parse(v);var r=CryptoJS.enc.Utf8.parse(y);var u=i[q]["keylen"]+i[q]["ivlen"];var x="";var w=null;for(;;){var s=CryptoJS.algo.MD5.create();if(w!=null){s.update(w)}s.update(r);s.update(t);w=s.finalize();x=x+CryptoJS.enc.Hex.stringify(w);if(x.length>=u*2){break}}var z={};z.keyhex=x.substr(0,i[q]["keylen"]*2);z.ivhex=x.substr(i[q]["keylen"]*2,i[q]["ivlen"]*2);return z};var b=function(p,v,r,w){var s=CryptoJS.enc.Base64.parse(p);var q=CryptoJS.enc.Hex.stringify(s);var u=i[v]["proc"];var t=u(q,r,w);return t};var h=function(p,s,q,u){var r=i[s]["eproc"];var t=r(p,q,u);return t};return{version:"1.0.0",parsePKCS5PEM:function(p){return n(p)},getKeyAndUnusedIvByPasscodeAndIvsalt:function(q,p,r){return j(q,p,r)},decryptKeyB64:function(p,r,q,s){return b(p,r,q,s)},getDecryptedKeyHex:function(y,x){var q=n(y);var t=q.type;var r=q.cipher;var p=q.ivsalt;var s=q.data;var w=j(r,x,p);var v=w.keyhex;var u=b(s,r,v,p);return u},getEncryptedPKCS5PEMFromPrvKeyHex:function(x,s,A,t,r){var p="";if(typeof t=="undefined"||t==null){t="AES-256-CBC"}if(typeof i[t]=="undefined"){throw new Error("KEYUTIL unsupported algorithm: "+t)}if(typeof r=="undefined"||r==null){var v=i[t]["ivlen"];var u=m(v);r=u.toUpperCase()}var z=j(t,A,r);var y=z.keyhex;var w=h(s,t,y,r);var q=w.replace(/(.{64})/g,"$1\r\n");var p="-----BEGIN "+x+" PRIVATE KEY-----\r\n";p+="Proc-Type: 4,ENCRYPTED\r\n";p+="DEK-Info: "+t+","+r+"\r\n";p+="\r\n";p+=q;p+="\r\n-----END "+x+" PRIVATE KEY-----\r\n";return p},parseHexOfEncryptedPKCS8:function(y){var B=ASN1HEX;var z=B.getChildIdx;var w=B.getV;var t={};var r=z(y,0);if(r.length!=2){throw new Error("malformed format: SEQUENCE(0).items != 2: "+r.length)}t.ciphertext=w(y,r[1]);var A=z(y,r[0]);if(A.length!=2){throw new Error("malformed format: SEQUENCE(0.0).items != 2: "+A.length)}if(w(y,A[0])!="2a864886f70d01050d"){throw new Error("this only supports pkcs5PBES2")}var p=z(y,A[1]);if(A.length!=2){throw new Error("malformed format: SEQUENCE(0.0.1).items != 2: "+p.length)}var q=z(y,p[1]);if(q.length!=2){throw new Error("malformed format: SEQUENCE(0.0.1.1).items != 2: "+q.length)}if(w(y,q[0])!="2a864886f70d0307"){throw"this only supports TripleDES"}t.encryptionSchemeAlg="TripleDES";t.encryptionSchemeIV=w(y,q[1]);var s=z(y,p[0]);if(s.length!=2){throw new Error("malformed format: SEQUENCE(0.0.1.0).items != 2: "+s.length)}if(w(y,s[0])!="2a864886f70d01050c"){throw new Error("this only supports pkcs5PBKDF2")}var x=z(y,s[1]);if(x.length<2){throw new Error("malformed format: SEQUENCE(0.0.1.0.1).items < 2: "+x.length)}t.pbkdf2Salt=w(y,x[0]);var u=w(y,x[1]);try{t.pbkdf2Iter=parseInt(u,16)}catch(v){throw new Error("malformed format pbkdf2Iter: "+u)}return t},getPBKDF2KeyHexFromParam:function(u,p){var t=CryptoJS.enc.Hex.parse(u.pbkdf2Salt);var q=u.pbkdf2Iter;var s=CryptoJS.PBKDF2(p,t,{keySize:192/32,iterations:q});var r=CryptoJS.enc.Hex.stringify(s);return r},_getPlainPKCS8HexFromEncryptedPKCS8PEM:function(x,y){var r=pemtohex(x,"ENCRYPTED PRIVATE KEY");var p=this.parseHexOfEncryptedPKCS8(r);var u=KEYUTIL.getPBKDF2KeyHexFromParam(p,y);var v={};v.ciphertext=CryptoJS.enc.Hex.parse(p.ciphertext);var t=CryptoJS.enc.Hex.parse(u);var s=CryptoJS.enc.Hex.parse(p.encryptionSchemeIV);var w=CryptoJS.TripleDES.decrypt(v,t,{iv:s});var q=CryptoJS.enc.Hex.stringify(w);return q},getKeyFromEncryptedPKCS8PEM:function(s,q){var p=this._getPlainPKCS8HexFromEncryptedPKCS8PEM(s,q);var r=this.getKeyFromPlainPrivatePKCS8Hex(p);return r},parsePlainPrivatePKCS8Hex:function(s){var v=ASN1HEX;var u=v.getChildIdx;var t=v.getV;var q={};q.algparam=null;if(s.substr(0,2)!="30"){throw new Error("malformed plain PKCS8 private key(code:001)")}var r=u(s,0);if(r.length<3){throw new Error("malformed plain PKCS8 private key(code:002)")}if(s.substr(r[1],2)!="30"){throw new Error("malformed PKCS8 private key(code:003)")}var p=u(s,r[1]);if(p.length!=2){throw new Error("malformed PKCS8 private key(code:004)")}if(s.substr(p[0],2)!="06"){throw new Error("malformed PKCS8 private key(code:005)")}q.algoid=t(s,p[0]);if(s.substr(p[1],2)=="06"){q.algparam=t(s,p[1])}if(s.substr(r[2],2)!="04"){throw new Error("malformed PKCS8 private key(code:006)")}q.keyidx=v.getVidx(s,r[2]);return q},getKeyFromPlainPrivatePKCS8PEM:function(q){var p=pemtohex(q,"PRIVATE KEY");var r=this.getKeyFromPlainPrivatePKCS8Hex(p);return r},getKeyFromPlainPrivatePKCS8Hex:function(p){var q=this.parsePlainPrivatePKCS8Hex(p);var r;if(q.algoid=="2a864886f70d010101"){r=new RSAKey()}else{if(q.algoid=="2a8648ce380401"){r=new KJUR.crypto.DSA()}else{if(q.algoid=="2a8648ce3d0201"){r=new KJUR.crypto.ECDSA()}else{throw new Error("unsupported private key algorithm")}}}r.readPKCS8PrvKeyHex(p);return r},_getKeyFromPublicPKCS8Hex:function(q){var p;var r=ASN1HEX.getVbyList(q,0,[0,0],"06");if(r==="2a864886f70d010101"){p=new RSAKey()}else{if(r==="2a8648ce380401"){p=new KJUR.crypto.DSA()}else{if(r==="2a8648ce3d0201"){p=new KJUR.crypto.ECDSA()}else{throw new Error("unsupported PKCS#8 public key hex")}}}p.readPKCS8PubKeyHex(q);return p},parsePublicRawRSAKeyHex:function(r){var u=ASN1HEX;var t=u.getChildIdx;var s=u.getV;var p={};if(r.substr(0,2)!="30"){throw new Error("malformed RSA key(code:001)")}var q=t(r,0);if(q.length!=2){throw new Error("malformed RSA key(code:002)")}if(r.substr(q[0],2)!="02"){throw new Error("malformed RSA key(code:003)")}p.n=s(r,q[0]);if(r.substr(q[1],2)!="02"){throw new Error("malformed RSA key(code:004)")}p.e=s(r,q[1]);return p},parsePublicPKCS8Hex:function(t){var v=ASN1HEX;var u=v.getChildIdx;var s=v.getV;var q={};q.algparam=null;var r=u(t,0);if(r.length!=2){throw new Error("outer DERSequence shall have 2 elements: "+r.length)}var w=r[0];if(t.substr(w,2)!="30"){throw new Error("malformed PKCS8 public key(code:001)")}var p=u(t,w);if(p.length!=2){throw new Error("malformed PKCS8 public key(code:002)")}if(t.substr(p[0],2)!="06"){throw new Error("malformed PKCS8 public key(code:003)")}q.algoid=s(t,p[0]);if(t.substr(p[1],2)=="06"){q.algparam=s(t,p[1])}else{if(t.substr(p[1],2)=="30"){q.algparam={};q.algparam.p=v.getVbyList(t,p[1],[0],"02");q.algparam.q=v.getVbyList(t,p[1],[1],"02");q.algparam.g=v.getVbyList(t,p[1],[2],"02")}}if(t.substr(r[1],2)!="03"){throw new Error("malformed PKCS8 public key(code:004)")}q.key=s(t,r[1]).substr(2);return q},}}();KEYUTIL.getKey=function(l,k,n){var G=ASN1HEX,L=G.getChildIdx,v=G.getV,d=G.getVbyList,c=KJUR.crypto,i=c.ECDSA,C=c.DSA,w=RSAKey,M=pemtohex,F=KEYUTIL;if(typeof w!="undefined"&&l instanceof w){return l}if(typeof i!="undefined"&&l instanceof i){return l}if(typeof C!="undefined"&&l instanceof C){return l}if(l.curve!==undefined&&l.xy!==undefined&&l.d===undefined){return new i({pub:l.xy,curve:l.curve})}if(l.curve!==undefined&&l.d!==undefined){return new i({prv:l.d,curve:l.curve})}if(l.kty===undefined&&l.n!==undefined&&l.e!==undefined&&l.d===undefined){var P=new w();P.setPublic(l.n,l.e);return P}if(l.kty===undefined&&l.n!==undefined&&l.e!==undefined&&l.d!==undefined&&l.p!==undefined&&l.q!==undefined&&l.dp!==undefined&&l.dq!==undefined&&l.co!==undefined&&l.qi===undefined){var P=new w();P.setPrivateEx(l.n,l.e,l.d,l.p,l.q,l.dp,l.dq,l.co);return P}if(l.kty===undefined&&l.n!==undefined&&l.e!==undefined&&l.d!==undefined&&l.p===undefined){var P=new w();P.setPrivate(l.n,l.e,l.d);return P}if(l.p!==undefined&&l.q!==undefined&&l.g!==undefined&&l.y!==undefined&&l.x===undefined){var P=new C();P.setPublic(l.p,l.q,l.g,l.y);return P}if(l.p!==undefined&&l.q!==undefined&&l.g!==undefined&&l.y!==undefined&&l.x!==undefined){var P=new C();P.setPrivate(l.p,l.q,l.g,l.y,l.x);return P}if(l.kty==="RSA"&&l.n!==undefined&&l.e!==undefined&&l.d===undefined){var P=new w();P.setPublic(b64utohex(l.n),b64utohex(l.e));return P}if(l.kty==="RSA"&&l.n!==undefined&&l.e!==undefined&&l.d!==undefined&&l.p!==undefined&&l.q!==undefined&&l.dp!==undefined&&l.dq!==undefined&&l.qi!==undefined){var P=new w();P.setPrivateEx(b64utohex(l.n),b64utohex(l.e),b64utohex(l.d),b64utohex(l.p),b64utohex(l.q),b64utohex(l.dp),b64utohex(l.dq),b64utohex(l.qi));return P}if(l.kty==="RSA"&&l.n!==undefined&&l.e!==undefined&&l.d!==undefined){var P=new w();P.setPrivate(b64utohex(l.n),b64utohex(l.e),b64utohex(l.d));return P}if(l.kty==="EC"&&l.crv!==undefined&&l.x!==undefined&&l.y!==undefined&&l.d===undefined){var j=new i({curve:l.crv});var t=j.ecparams.keycharlen;var B=("0000000000"+b64utohex(l.x)).slice(-t);var z=("0000000000"+b64utohex(l.y)).slice(-t);var u="04"+B+z;j.setPublicKeyHex(u);return j}if(l.kty==="EC"&&l.crv!==undefined&&l.x!==undefined&&l.y!==undefined&&l.d!==undefined){var j=new i({curve:l.crv});var t=j.ecparams.keycharlen;var B=("0000000000"+b64utohex(l.x)).slice(-t);var z=("0000000000"+b64utohex(l.y)).slice(-t);var u="04"+B+z;var b=("0000000000"+b64utohex(l.d)).slice(-t);j.setPublicKeyHex(u);j.setPrivateKeyHex(b);return j}if(n==="pkcs5prv"){var J=l,G=ASN1HEX,N,P;N=L(J,0);if(N.length===9){P=new w();P.readPKCS5PrvKeyHex(J)}else{if(N.length===6){P=new C();P.readPKCS5PrvKeyHex(J)}else{if(N.length>2&&J.substr(N[1],2)==="04"){P=new i();P.readPKCS5PrvKeyHex(J)}else{throw new Error("unsupported PKCS#1/5 hexadecimal key")}}}return P}if(n==="pkcs8prv"){var P=F.getKeyFromPlainPrivatePKCS8Hex(l);return P}if(n==="pkcs8pub"){return F._getKeyFromPublicPKCS8Hex(l)}if(n==="x509pub"){return X509.getPublicKeyFromCertHex(l)}if(l.indexOf("-END CERTIFICATE-",0)!=-1||l.indexOf("-END X509 CERTIFICATE-",0)!=-1||l.indexOf("-END TRUSTED CERTIFICATE-",0)!=-1){return X509.getPublicKeyFromCertPEM(l)}if(l.indexOf("-END PUBLIC KEY-")!=-1){var O=pemtohex(l,"PUBLIC KEY");return F._getKeyFromPublicPKCS8Hex(O)}if(l.indexOf("-END RSA PRIVATE KEY-")!=-1&&l.indexOf("4,ENCRYPTED")==-1){var m=M(l,"RSA PRIVATE KEY");return F.getKey(m,null,"pkcs5prv")}if(l.indexOf("-END DSA PRIVATE KEY-")!=-1&&l.indexOf("4,ENCRYPTED")==-1){var I=M(l,"DSA PRIVATE KEY");var E=d(I,0,[1],"02");var D=d(I,0,[2],"02");var K=d(I,0,[3],"02");var r=d(I,0,[4],"02");var s=d(I,0,[5],"02");var P=new C();P.setPrivate(new BigInteger(E,16),new BigInteger(D,16),new BigInteger(K,16),new BigInteger(r,16),new BigInteger(s,16));return P}if(l.indexOf("-END EC PRIVATE KEY-")!=-1&&l.indexOf("4,ENCRYPTED")==-1){var m=M(l,"EC PRIVATE KEY");return F.getKey(m,null,"pkcs5prv")}if(l.indexOf("-END PRIVATE KEY-")!=-1){return F.getKeyFromPlainPrivatePKCS8PEM(l)}if(l.indexOf("-END RSA PRIVATE KEY-")!=-1&&l.indexOf("4,ENCRYPTED")!=-1){var o=F.getDecryptedKeyHex(l,k);var H=new RSAKey();H.readPKCS5PrvKeyHex(o);return H}if(l.indexOf("-END EC PRIVATE KEY-")!=-1&&l.indexOf("4,ENCRYPTED")!=-1){var I=F.getDecryptedKeyHex(l,k);var P=d(I,0,[1],"04");var f=d(I,0,[2,0],"06");var A=d(I,0,[3,0],"03").substr(2);var e="";if(KJUR.crypto.OID.oidhex2name[f]!==undefined){e=KJUR.crypto.OID.oidhex2name[f]}else{throw new Error("undefined OID(hex) in KJUR.crypto.OID: "+f)}var j=new i({curve:e});j.setPublicKeyHex(A);j.setPrivateKeyHex(P);j.isPublic=false;return j}if(l.indexOf("-END DSA PRIVATE KEY-")!=-1&&l.indexOf("4,ENCRYPTED")!=-1){var I=F.getDecryptedKeyHex(l,k);var E=d(I,0,[1],"02");var D=d(I,0,[2],"02");var K=d(I,0,[3],"02");var r=d(I,0,[4],"02");var s=d(I,0,[5],"02");var P=new C();P.setPrivate(new BigInteger(E,16),new BigInteger(D,16),new BigInteger(K,16),new BigInteger(r,16),new BigInteger(s,16));return P}if(l.indexOf("-END ENCRYPTED PRIVATE KEY-")!=-1){return F.getKeyFromEncryptedPKCS8PEM(l,k)}throw new Error("not supported argument")};KEYUTIL.generateKeypair=function(a,c){if(a=="RSA"){var b=c;var h=new RSAKey();h.generate(b,"10001");h.isPrivate=true;h.isPublic=true;var f=new RSAKey();var e=h.n.toString(16);var i=h.e.toString(16);f.setPublic(e,i);f.isPrivate=false;f.isPublic=true;var k={};k.prvKeyObj=h;k.pubKeyObj=f;return k}else{if(a=="EC"){var d=c;var g=new KJUR.crypto.ECDSA({curve:d});var j=g.generateKeyPairHex();var h=new KJUR.crypto.ECDSA({curve:d});h.setPublicKeyHex(j.ecpubhex);h.setPrivateKeyHex(j.ecprvhex);h.isPrivate=true;h.isPublic=false;var f=new KJUR.crypto.ECDSA({curve:d});f.setPublicKeyHex(j.ecpubhex);f.isPrivate=false;f.isPublic=true;var k={};k.prvKeyObj=h;k.pubKeyObj=f;return k}else{throw new Error("unknown algorithm: "+a)}}};KEYUTIL.getPEM=function(b,D,y,m,q,j){var F=KJUR,k=F.asn1,z=k.DERObjectIdentifier,f=k.DERInteger,l=k.ASN1Util.newObject,a=k.x509,C=a.SubjectPublicKeyInfo,e=F.crypto,u=e.DSA,r=e.ECDSA,n=RSAKey;function A(s){var H=l({seq:[{"int":0},{"int":{bigint:s.n}},{"int":s.e},{"int":{bigint:s.d}},{"int":{bigint:s.p}},{"int":{bigint:s.q}},{"int":{bigint:s.dmp1}},{"int":{bigint:s.dmq1}},{"int":{bigint:s.coeff}}]});return H}function B(H){var s=l({seq:[{"int":1},{octstr:{hex:H.prvKeyHex}},{tag:["a0",true,{oid:{name:H.curveName}}]},{tag:["a1",true,{bitstr:{hex:"00"+H.pubKeyHex}}]}]});return s}function x(s){var H=l({seq:[{"int":0},{"int":{bigint:s.p}},{"int":{bigint:s.q}},{"int":{bigint:s.g}},{"int":{bigint:s.y}},{"int":{bigint:s.x}}]});return H}if(((n!==undefined&&b instanceof n)||(u!==undefined&&b instanceof u)||(r!==undefined&&b instanceof r))&&b.isPublic==true&&(D===undefined||D=="PKCS8PUB")){var E=new C(b);var w=E.getEncodedHex();return hextopem(w,"PUBLIC KEY")}if(D=="PKCS1PRV"&&n!==undefined&&b instanceof n&&(y===undefined||y==null)&&b.isPrivate==true){var E=A(b);var w=E.getEncodedHex();return hextopem(w,"RSA PRIVATE KEY")}if(D=="PKCS1PRV"&&r!==undefined&&b instanceof r&&(y===undefined||y==null)&&b.isPrivate==true){var i=new z({name:b.curveName});var v=i.getEncodedHex();var h=B(b);var t=h.getEncodedHex();var p="";p+=hextopem(v,"EC PARAMETERS");p+=hextopem(t,"EC PRIVATE KEY");return p}if(D=="PKCS1PRV"&&u!==undefined&&b instanceof u&&(y===undefined||y==null)&&b.isPrivate==true){var E=x(b);var w=E.getEncodedHex();return hextopem(w,"DSA PRIVATE KEY")}if(D=="PKCS5PRV"&&n!==undefined&&b instanceof n&&(y!==undefined&&y!=null)&&b.isPrivate==true){var E=A(b);var w=E.getEncodedHex();if(m===undefined){m="DES-EDE3-CBC"}return this.getEncryptedPKCS5PEMFromPrvKeyHex("RSA",w,y,m,j)}if(D=="PKCS5PRV"&&r!==undefined&&b instanceof r&&(y!==undefined&&y!=null)&&b.isPrivate==true){var E=B(b);var w=E.getEncodedHex();if(m===undefined){m="DES-EDE3-CBC"}return this.getEncryptedPKCS5PEMFromPrvKeyHex("EC",w,y,m,j)}if(D=="PKCS5PRV"&&u!==undefined&&b instanceof u&&(y!==undefined&&y!=null)&&b.isPrivate==true){var E=x(b);var w=E.getEncodedHex();if(m===undefined){m="DES-EDE3-CBC"}return this.getEncryptedPKCS5PEMFromPrvKeyHex("DSA",w,y,m,j)}var o=function(H,s){var J=c(H,s);var I=new l({seq:[{seq:[{oid:{name:"pkcs5PBES2"}},{seq:[{seq:[{oid:{name:"pkcs5PBKDF2"}},{seq:[{octstr:{hex:J.pbkdf2Salt}},{"int":J.pbkdf2Iter}]}]},{seq:[{oid:{name:"des-EDE3-CBC"}},{octstr:{hex:J.encryptionSchemeIV}}]}]}]},{octstr:{hex:J.ciphertext}}]});return I.getEncodedHex()};var c=function(O,P){var I=100;var N=CryptoJS.lib.WordArray.random(8);var M="DES-EDE3-CBC";var s=CryptoJS.lib.WordArray.random(8);var J=CryptoJS.PBKDF2(P,N,{keySize:192/32,iterations:I});var K=CryptoJS.enc.Hex.parse(O);var L=CryptoJS.TripleDES.encrypt(K,J,{iv:s})+"";var H={};H.ciphertext=L;H.pbkdf2Salt=CryptoJS.enc.Hex.stringify(N);H.pbkdf2Iter=I;H.encryptionSchemeAlg=M;H.encryptionSchemeIV=CryptoJS.enc.Hex.stringify(s);return H};if(D=="PKCS8PRV"&&n!=undefined&&b instanceof n&&b.isPrivate==true){var g=A(b);var d=g.getEncodedHex();var E=l({seq:[{"int":0},{seq:[{oid:{name:"rsaEncryption"}},{"null":true}]},{octstr:{hex:d}}]});var w=E.getEncodedHex();if(y===undefined||y==null){return hextopem(w,"PRIVATE KEY")}else{var t=o(w,y);return hextopem(t,"ENCRYPTED PRIVATE KEY")}}if(D=="PKCS8PRV"&&r!==undefined&&b instanceof r&&b.isPrivate==true){var G={seq:[{"int":1},{octstr:{hex:b.prvKeyHex}}]};if(typeof b.pubKeyHex=="string"){G.seq.push({tag:["a1",true,{bitstr:{hex:"00"+b.pubKeyHex}}]})}var g=new l(G);var d=g.getEncodedHex();var E=l({seq:[{"int":0},{seq:[{oid:{name:"ecPublicKey"}},{oid:{name:b.curveName}}]},{octstr:{hex:d}}]});var w=E.getEncodedHex();if(y===undefined||y==null){return hextopem(w,"PRIVATE KEY")}else{var t=o(w,y);return hextopem(t,"ENCRYPTED PRIVATE KEY")}}if(D=="PKCS8PRV"&&u!==undefined&&b instanceof u&&b.isPrivate==true){var g=new f({bigint:b.x});var d=g.getEncodedHex();var E=l({seq:[{"int":0},{seq:[{oid:{name:"dsa"}},{seq:[{"int":{bigint:b.p}},{"int":{bigint:b.q}},{"int":{bigint:b.g}}]}]},{octstr:{hex:d}}]});var w=E.getEncodedHex();if(y===undefined||y==null){return hextopem(w,"PRIVATE KEY")}else{var t=o(w,y);return hextopem(t,"ENCRYPTED PRIVATE KEY")}}throw new Error("unsupported object nor format")};KEYUTIL.getKeyFromCSRPEM=function(b){var a=pemtohex(b,"CERTIFICATE REQUEST");var c=KEYUTIL.getKeyFromCSRHex(a);return c};KEYUTIL.getKeyFromCSRHex=function(a){var c=KEYUTIL.parseCSRHex(a);var b=KEYUTIL.getKey(c.p8pubkeyhex,null,"pkcs8pub");return b};KEYUTIL.parseCSRHex=function(d){var i=ASN1HEX;var f=i.getChildIdx;var c=i.getTLV;var b={};var g=d;if(g.substr(0,2)!="30"){throw new Error("malformed CSR(code:001)")}var e=f(g,0);if(e.length<1){throw new Error("malformed CSR(code:002)")}if(g.substr(e[0],2)!="30"){throw new Error("malformed CSR(code:003)")}var a=f(g,e[0]);if(a.length<3){throw new Error("malformed CSR(code:004)")}b.p8pubkeyhex=c(g,a[2]);return b};KEYUTIL.getKeyID=function(f){var c=KEYUTIL;var e=ASN1HEX;if(typeof f==="string"&&f.indexOf("BEGIN ")!=-1){f=c.getKey(f)}var d=pemtohex(c.getPEM(f));var b=e.getIdxbyList(d,0,[1]);var a=e.getV(d,b).substring(2);return KJUR.crypto.Util.hashHex(a,"sha1")};KEYUTIL.getJWK=function(d,h,g,b,f){var i;var k={};var e;var c=KJUR.crypto.Util.hashHex;if(typeof d=="string"){i=KEYUTIL.getKey(d);if(d.indexOf("CERTIFICATE")!=-1){e=pemtohex(d)}}else{if(typeof d=="object"){if(d instanceof X509){i=d.getPublicKey();e=d.hex}else{i=d}}else{throw new Error("unsupported keyinfo type")}}if(i instanceof RSAKey&&i.isPrivate){k.kty="RSA";k.n=hextob64u(i.n.toString(16));k.e=hextob64u(i.e.toString(16));k.d=hextob64u(i.d.toString(16));k.p=hextob64u(i.p.toString(16));k.q=hextob64u(i.q.toString(16));k.dp=hextob64u(i.dmp1.toString(16));k.dq=hextob64u(i.dmq1.toString(16));k.qi=hextob64u(i.coeff.toString(16))}else{if(i instanceof RSAKey&&i.isPublic){k.kty="RSA";k.n=hextob64u(i.n.toString(16));k.e=hextob64u(i.e.toString(16))}else{if(i instanceof KJUR.crypto.ECDSA&&i.isPrivate){var a=i.getShortNISTPCurveName();if(a!=="P-256"&&a!=="P-384"&&a!=="P-521"){throw new Error("unsupported curve name for JWT: "+a)}var j=i.getPublicKeyXYHex();k.kty="EC";k.crv=a;k.x=hextob64u(j.x);k.y=hextob64u(j.y);k.d=hextob64u(i.prvKeyHex)}else{if(i instanceof KJUR.crypto.ECDSA&&i.isPublic){var a=i.getShortNISTPCurveName();if(a!=="P-256"&&a!=="P-384"&&a!=="P-521"){throw new Error("unsupported curve name for JWT: "+a)}var j=i.getPublicKeyXYHex();k.kty="EC";k.crv=a;k.x=hextob64u(j.x);k.y=hextob64u(j.y)}}}}if(k.kty==undefined){throw new Error("unsupported keyinfo")}if((!i.isPrivate)&&h!=true){k.kid=KJUR.jws.JWS.getJWKthumbprint(k)}if(e!=undefined&&g!=true){k.x5c=[hex2b64(e)]}if(e!=undefined&&b!=true){k.x5t=b64tob64u(hex2b64(c(e,"sha1")))}if(e!=undefined&&f!=true){k["x5t#S256"]=b64tob64u(hex2b64(c(e,"sha256")))}return k};KEYUTIL.getJWKFromKey=function(a){return KEYUTIL.getJWK(a,true,true,true,true)}; RSAKey.getPosArrayOfChildrenFromHex=function(a){return ASN1HEX.getChildIdx(a,0)};RSAKey.getHexValueArrayOfChildrenFromHex=function(f){var n=ASN1HEX;var i=n.getV;var k=RSAKey.getPosArrayOfChildrenFromHex(f);var e=i(f,k[0]);var j=i(f,k[1]);var b=i(f,k[2]);var c=i(f,k[3]);var h=i(f,k[4]);var g=i(f,k[5]);var m=i(f,k[6]);var l=i(f,k[7]);var d=i(f,k[8]);var k=new Array();k.push(e,j,b,c,h,g,m,l,d);return k};RSAKey.prototype.readPrivateKeyFromPEMString=function(d){var c=pemtohex(d);var b=RSAKey.getHexValueArrayOfChildrenFromHex(c);this.setPrivateEx(b[1],b[2],b[3],b[4],b[5],b[6],b[7],b[8])};RSAKey.prototype.readPKCS5PrvKeyHex=function(c){var b=RSAKey.getHexValueArrayOfChildrenFromHex(c);this.setPrivateEx(b[1],b[2],b[3],b[4],b[5],b[6],b[7],b[8])};RSAKey.prototype.readPKCS8PrvKeyHex=function(e){var c,i,k,b,a,f,d,j;var m=ASN1HEX;var l=m.getVbyListEx;if(m.isASN1HEX(e)===false){throw new Error("not ASN.1 hex string")}try{c=l(e,0,[2,0,1],"02");i=l(e,0,[2,0,2],"02");k=l(e,0,[2,0,3],"02");b=l(e,0,[2,0,4],"02");a=l(e,0,[2,0,5],"02");f=l(e,0,[2,0,6],"02");d=l(e,0,[2,0,7],"02");j=l(e,0,[2,0,8],"02")}catch(g){throw new Error("malformed PKCS#8 plain RSA private key")}this.setPrivateEx(c,i,k,b,a,f,d,j)};RSAKey.prototype.readPKCS5PubKeyHex=function(c){var e=ASN1HEX;var b=e.getV;if(e.isASN1HEX(c)===false){throw new Error("keyHex is not ASN.1 hex string")}var a=e.getChildIdx(c,0);if(a.length!==2||c.substr(a[0],2)!=="02"||c.substr(a[1],2)!=="02"){throw new Error("wrong hex for PKCS#5 public key")}var f=b(c,a[0]);var d=b(c,a[1]);this.setPublic(f,d)};RSAKey.prototype.readPKCS8PubKeyHex=function(b){var c=ASN1HEX;if(c.isASN1HEX(b)===false){throw new Error("not ASN.1 hex string")}if(c.getTLVbyListEx(b,0,[0,0])!=="06092a864886f70d010101"){throw new Error("not PKCS8 RSA public key")}var a=c.getTLVbyListEx(b,0,[1,0]);this.readPKCS5PubKeyHex(a)};RSAKey.prototype.readCertPubKeyHex=function(b,d){var a,c;a=new X509();a.readCertHex(b);c=a.getPublicKeyHex();this.readPKCS8PubKeyHex(c)}; var _RE_HEXDECONLY=new RegExp("[^0-9a-f]","gi");function _rsasign_getHexPaddedDigestInfoForString(d,e,a){var b=function(f){return KJUR.crypto.Util.hashString(f,a)};var c=b(d);return KJUR.crypto.Util.getPaddedDigestInfoHex(c,a,e)}function _zeroPaddingOfSignature(e,d){var c="";var a=d/4-e.length;for(var b=0;b>24,(d&16711680)>>16,(d&65280)>>8,d&255]))));d+=1}return b}RSAKey.prototype.signPSS=function(e,a,d){var c=function(f){return KJUR.crypto.Util.hashHex(f,a)};var b=c(rstrtohex(e));if(d===undefined){d=-1}return this.signWithMessageHashPSS(b,a,d)};RSAKey.prototype.signWithMessageHashPSS=function(l,a,k){var b=hextorstr(l);var g=b.length;var m=this.n.bitLength()-1;var c=Math.ceil(m/8);var d;var o=function(i){return KJUR.crypto.Util.hashHex(i,a)};if(k===-1||k===undefined){k=g}else{if(k===-2){k=c-g-2}else{if(k<-2){throw new Error("invalid salt length")}}}if(c<(g+k+2)){throw new Error("data too long")}var f="";if(k>0){f=new Array(k);new SecureRandom().nextBytes(f);f=String.fromCharCode.apply(String,f)}var n=hextorstr(o(rstrtohex("\x00\x00\x00\x00\x00\x00\x00\x00"+b+f)));var j=[];for(d=0;d>(8*c-m))&255;q[0]&=~p;for(d=0;dk){return false}var j=this.doPublic(b);var i=j.toString(16);if(i.length+3!=k/4){return false}var e=i.replace(/^1f+00/,"");var g=_rsasign_getAlgNameAndHashFromHexDisgestInfo(e);if(g.length==0){return false}var d=g[0];var h=g[1];var a=function(m){return KJUR.crypto.Util.hashString(m,d)};var c=a(f);return(h==c)};RSAKey.prototype.verifyWithMessageHash=function(e,a){if(a.length!=Math.ceil(this.n.bitLength()/4)){return false}var b=parseBigInt(a,16);if(b.bitLength()>this.n.bitLength()){return 0}var h=this.doPublic(b);var g=h.toString(16).replace(/^1f+00/,"");var c=_rsasign_getAlgNameAndHashFromHexDisgestInfo(g);if(c.length==0){return false}var d=c[0];var f=c[1];return(f==e)};RSAKey.prototype.verifyPSS=function(c,b,a,f){var e=function(g){return KJUR.crypto.Util.hashHex(g,a)};var d=e(rstrtohex(c));if(f===undefined){f=-1}return this.verifyWithMessageHashPSS(d,b,a,f)};RSAKey.prototype.verifyWithMessageHashPSS=function(f,s,l,c){if(s.length!=Math.ceil(this.n.bitLength()/4)){return false}var k=new BigInteger(s,16);var r=function(i){return KJUR.crypto.Util.hashHex(i,l)};var j=hextorstr(f);var h=j.length;var g=this.n.bitLength()-1;var m=Math.ceil(g/8);var q;if(c===-1||c===undefined){c=h}else{if(c===-2){c=m-h-2}else{if(c<-2){throw new Error("invalid salt length")}}}if(m<(h+c+2)){throw new Error("data too long")}var a=this.doPublic(k).toByteArray();for(q=0;q>(8*m-g))&255;if((d.charCodeAt(0)&p)!==0){throw new Error("bits beyond keysize not zero")}var n=pss_mgf1_str(e,d.length,r);var o=[];for(q=0;q1){var F=b(B,A[1]);var z=this.getGeneralName(F);if(z.uri!=undefined){y.uri=z.uri}}if(A.length>2){var C=b(B,A[2]);if(C=="0101ff"){y.reqauth=true}if(C=="010100"){y.reqauth=false}}return y};var e=function(D){var y={};try{var A=D.seq[0].oid;var C=KJUR.asn1.x509.OID.name2oid(A);y.type=KJUR.asn1.x509.OID.oid2atype(C);var z=D.seq[1];if(z.utf8str!=undefined){y.ds="utf8";y.value=z.utf8str.str}else{if(z.numstr!=undefined){y.ds="num";y.value=z.numstr.str}else{if(z.telstr!=undefined){y.ds="tel";y.value=z.telstr.str}else{if(z.prnstr!=undefined){y.ds="prn";y.value=z.prnstr.str}else{if(z.ia5str!=undefined){y.ds="ia5";y.value=z.ia5str.str}else{if(z.visstr!=undefined){y.ds="vis";y.value=z.visstr.str}else{if(z.bmpstr!=undefined){y.ds="bmp";y.value=z.bmpstr.str}else{throw"error"}}}}}}}return y}catch(B){throw new Erorr("improper ASN.1 parsed AttrTypeAndValue")}};var i=function(z){try{return z.set.map(function(A){return e(A)})}catch(y){throw new Error("improper ASN.1 parsed RDN: "+y)}};var h=function(z){try{return z.seq.map(function(A){return i(A)})}catch(y){throw new Error("improper ASN.1 parsed X500Name: "+y)}};this.getX500NameRule=function(y){var F=true;var J=true;var I=false;var z="";var C="";var L=null;var G=[];for(var B=0;B0){y.ext=this.getExtParamArray()}y.sighex=this.getSignatureValueHex();return y};this.getExtParamArray=function(z){if(z==undefined){var B=f(this.hex,0,[0,"[3]"]);if(B!=-1){z=p(this.hex,0,[0,"[3]",0],"30")}}var y=[];var A=r(z,0);for(var C=0;C1){var F=b(B,A[1]);var z=this.getGeneralName(F);if(z.uri!=undefined){y.uri=z.uri}}if(A.length>2){var C=b(B,A[2]);if(C=="0101ff"){y.reqauth=true}if(C=="010100"){y.reqauth=false}}return y};var e=function(D){var y={};try{var A=D.seq[0].oid;var C=KJUR.asn1.x509.OID.name2oid(A);y.type=KJUR.asn1.x509.OID.oid2atype(C);var z=D.seq[1];if(z.utf8str!=undefined){y.ds="utf8";y.value=z.utf8str.str}else{if(z.numstr!=undefined){y.ds="num";y.value=z.numstr.str}else{if(z.telstr!=undefined){y.ds="tel";y.value=z.telstr.str}else{if(z.prnstr!=undefined){y.ds="prn";y.value=z.prnstr.str}else{if(z.ia5str!=undefined){y.ds="ia5";y.value=z.ia5str.str}else{if(z.visstr!=undefined){y.ds="vis";y.value=z.visstr.str}else{if(z.bmpstr!=undefined){y.ds="bmp";y.value=z.bmpstr.str}else{throw"error"}}}}}}}return y}catch(B){throw new Erorr("improper ASN.1 parsed AttrTypeAndValue")}};var i=function(z){try{return z.set.map(function(A){return e(A)})}catch(y){throw new Error("improper ASN.1 parsed RDN: "+y)}};var h=function(z){try{return z.seq.map(function(A){return i(A)})}catch(y){throw new Error("improper ASN.1 parsed X500Name: "+y)}};this.getX500NameRule=function(y){var F=true;var J=true;var I=false;var z="";var C="";var L=null;var G=[];for(var B=0;B0){y.ext=this.getExtParamArray()}y.sighex=this.getSignatureValueHex();return y};this.getExtParamArray=function(z){if(z==undefined){var B=f(this.hex,0,[0,"[3]"]);if(B!=-1){z=p(this.hex,0,[0,"[3]",0],"30")}}var y=[];var A=r(z,0);for(var C=0;C0){var b=":"+n.join(":")+":";if(b.indexOf(":"+k+":")==-1){throw"algorithm '"+k+"' not accepted in the list"}}if(k!="none"&&B===null){throw"key shall be specified to verify."}if(typeof B=="string"&&B.indexOf("-----BEGIN ")!=-1){B=KEYUTIL.getKey(B)}if(z=="RS"||z=="PS"){if(!(B instanceof m)){throw"key shall be a RSAKey obj for RS* and PS* algs"}}if(z=="ES"){if(!(B instanceof p)){throw"key shall be a ECDSA obj for ES* algs"}}if(k=="none"){}var u=null;if(t.jwsalg2sigalg[l.alg]===undefined){throw"unsupported alg name: "+k}else{u=t.jwsalg2sigalg[k]}if(u=="none"){throw"not supported"}else{if(u.substr(0,4)=="Hmac"){var o=null;if(B===undefined){throw"hexadecimal key shall be specified for HMAC"}var j=new s({alg:u,pass:B});j.updateString(c);o=j.doFinal();return A==o}else{if(u.indexOf("withECDSA")!=-1){var h=null;try{h=p.concatSigToASN1Sig(A)}catch(v){return false}var g=new d({alg:u});g.init(B);g.updateString(c);return g.verify(h)}else{var g=new d({alg:u});g.init(B);g.updateString(c);return g.verify(A)}}}};KJUR.jws.JWS.parse=function(g){var c=g.split(".");var b={};var f,e,d;if(c.length!=2&&c.length!=3){throw"malformed sJWS: wrong number of '.' splitted elements"}f=c[0];e=c[1];if(c.length==3){d=c[2]}b.headerObj=KJUR.jws.JWS.readSafeJSONString(b64utoutf8(f));b.payloadObj=KJUR.jws.JWS.readSafeJSONString(b64utoutf8(e));b.headerPP=JSON.stringify(b.headerObj,null," ");if(b.payloadObj==null){b.payloadPP=b64utoutf8(e)}else{b.payloadPP=JSON.stringify(b.payloadObj,null," ")}if(d!==undefined){b.sigHex=b64utohex(d)}return b};KJUR.jws.JWS.verifyJWT=function(e,l,r){var d=KJUR,j=d.jws,o=j.JWS,n=o.readSafeJSONString,p=o.inArray,f=o.includedArray;var k=e.split(".");var c=k[0];var i=k[1];var q=c+"."+i;var m=b64utohex(k[2]);var h=n(b64utoutf8(c));var g=n(b64utoutf8(i));if(h.alg===undefined){return false}if(r.alg===undefined){throw"acceptField.alg shall be specified"}if(!p(h.alg,r.alg)){return false}if(g.iss!==undefined&&typeof r.iss==="object"){if(!p(g.iss,r.iss)){return false}}if(g.sub!==undefined&&typeof r.sub==="object"){if(!p(g.sub,r.sub)){return false}}if(g.aud!==undefined&&typeof r.aud==="object"){if(typeof g.aud=="string"){if(!p(g.aud,r.aud)){return false}}else{if(typeof g.aud=="object"){if(!f(g.aud,r.aud)){return false}}}}var b=j.IntDate.getNow();if(r.verifyAt!==undefined&&typeof r.verifyAt==="number"){b=r.verifyAt}if(r.gracePeriod===undefined||typeof r.gracePeriod!=="number"){r.gracePeriod=0}if(g.exp!==undefined&&typeof g.exp=="number"){if(g.exp+r.gracePeriodl){this.aHeader.pop()}if(this.aSignature.length>l){this.aSignature.pop()}throw"addSignature failed: "+i}};this.verifyAll=function(h){if(this.aHeader.length!==h.length||this.aSignature.length!==h.length){return false}for(var g=0;g0){this.aHeader=g.headers}else{throw"malformed header"}if(typeof g.payload==="string"){this.sPayload=g.payload}else{throw"malformed signatures"}if(g.signatures.length>0){this.aSignature=g.signatures}else{throw"malformed signatures"}}catch(e){throw"malformed JWS-JS JSON object: "+e}}};this.getJSON=function(){return{headers:this.aHeader,payload:this.sPayload,signatures:this.aSignature}};this.isEmpty=function(){if(this.aHeader.length==0){return 1}return 0}}; diff --git a/npm/package.json b/npm/package.json index d2774903..ac9ccad7 100755 --- a/npm/package.json +++ b/npm/package.json @@ -1,6 +1,6 @@ { "name": "jsrsasign", - "version": "10.5.14", + "version": "10.5.15", "description": "opensource free pure JavaScript cryptographic library supports RSA/RSAPSS/ECDSA/DSA signing/validation, ASN.1, PKCS#1/5/8 private/public key, X.509 certificate, CRL, OCSP, CMS SignedData, TimeStamp and CAdES and JSON Web Signature(JWS)/Token(JWT)/Key(JWK).", "main": "lib/jsrsasign.js", "scripts": { diff --git a/src/x509-1.1.js b/src/x509-1.1.js index 277593b2..c108e87f 100644 --- a/src/x509-1.1.js +++ b/src/x509-1.1.js @@ -1,4 +1,4 @@ -/* x509-2.0.14.js (c) 2012-2022 Kenji Urushima | kjur.github.io/jsrsasign/license +/* x509-2.0.15.js (c) 2012-2022 Kenji Urushima | kjur.github.io/jsrsasign/license */ /* * x509.js - X509 class to read subject public key from certificate. @@ -16,7 +16,7 @@ * @fileOverview * @name x509-1.1.js * @author Kenji Urushima kenji.urushima@gmail.com - * @version jsrsasign 10.5.12 x509 2.0.14 (2022-Mar-13) + * @version jsrsasign 10.5.15 x509 2.0.15 (2022-Apr-06) * @since jsrsasign 1.x.x * @license MIT License */ @@ -1512,6 +1512,7 @@ function X509(params) { */ this.getExtCRLDistributionPointsURI = function() { var p = this.getExtCRLDistributionPoints(); + if (p == undefined) return p; var a = p.array; var result = []; for (var i = 0; i < a.length; i++) {