forked from mqxerror/jsrsasign
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathasn1cades-1.0.js
executable file
·775 lines (714 loc) · 25.3 KB
/
asn1cades-1.0.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
/*! asn1cades-1.0.0.js (c) 2013-2014 Kenji Urushima | kjur.github.com/jsrsasign/license
*/
/*
* asn1cades.js - ASN.1 DER encoder classes for RFC 5126 CAdES long term signature
*
* Copyright (c) 2014 Kenji Urushima ([email protected])
*
* This software is licensed under the terms of the MIT License.
* http://kjur.github.com/jsrsasign/license
*
* The above copyright and license notice shall be
* included in all copies or substantial portions of the Software.
*/
/**
* @fileOverview
* @name asn1cades-1.0.js
* @author Kenji Urushima [email protected]
* @version 1.0.0 (2014-May-28)
* @since jsrsasign 4.7.0
* @license <a href="http://kjur.github.io/jsrsasign/license/">MIT License</a>
*/
/**
* kjur's class library name space
* // already documented in asn1-1.0.js
* @name KJUR
* @namespace kjur's class library name space
*/
if (typeof KJUR == "undefined" || !KJUR) KJUR = {};
/**
* kjur's ASN.1 class library name space
* // already documented in asn1-1.0.js
* @name KJUR.asn1
* @namespace
*/
if (typeof KJUR.asn1 == "undefined" || !KJUR.asn1) KJUR.asn1 = {};
/**
* kjur's ASN.1 class for RFC 5126 CAdES long term signature
* <p>
* This name space provides
* <a href="https://tools.ietf.org/html/rfc5126">RFC 5126
* CAdES(CMS Advanced Electronic Signature)</a> generator.
*
* <h4>SUPPORTED FORMATS</h4>
* Following CAdES formats is supported by this library.
* <ul>
* <li>CAdES-BES - CAdES Basic Electronic Signature</li>
* <li>CAdES-EPES - CAdES Explicit Policy-based Electronic Signature</li>
* <li>CAdES-T - Electronic Signature with Time</li>
* </ul>
* </p>
*
* <h4>PROVIDED ATTRIBUTE CLASSES</h4>
* <ul>
* <li>{@link KJUR.asn1.cades.SignaturePolicyIdentifier} - for CAdES-EPES</li>
* <li>{@link KJUR.asn1.cades.SignatureTimeStamp} - for CAdES-T</li>
* <li>{@link KJUR.asn1.cades.CompleteCertificateRefs} - for CAdES-C(for future use)</li>
* </ul>
* NOTE: Currntly CAdES-C is not supported since parser can't
* handle unsigned attribute.
*
* <h4>OTHER CLASSES</h4>
* <ul>
* <li>{@link KJUR.asn1.cades.OtherHashAlgAndValue}</li>
* <li>{@link KJUR.asn1.cades.OtherHash}</li>
* <li>{@link KJUR.asn1.cades.OtherCertID}</li>
* <li>{@link KJUR.asn1.cades.CAdESUtil} - utilities for CAdES</li>
* </ul>
*
* <h4>GENERATE CAdES-BES</h4>
* To generate CAdES-BES, {@link KJUR.asn.cades} namespace
* classes are not required and already {@link KJUR.asn.cms} namespace
* provides attributes for CAdES-BES.
* Create {@link KJUR.asn1.cms.SignedData} with following
* mandatory attribute in CAdES-BES:
* <ul>
* <li>{@link KJUR.asn1.cms.ContentType}</li>
* <li>{@link KJUR.asn1.cms.MessageDigest}</li>
* <li>{@link KJUR.asn1.cms.SigningCertificate} or </li>
* <li>{@link KJUR.asn1.cms.SigningCertificateV2}</li>
* </ul>
* CMSUtil.newSignedData method is very useful to generate CAdES-BES.
* <pre>
* sd = KJUR.asn1.cms.CMSUtil.newSignedData({
* content: {str: "aaa"},
* certs: [certPEM],
* signerInfos: [{
* hashAlg: 'sha256',
* sAttr: {SigningCertificateV2: {array: [certPEM]}},
* signerCert: certPEM,
* sigAlg: 'SHA256withRSA',
* signerPrvKey: pkcs8PrvKeyPEM
* }]
* });
* signedDataHex = sd.getContentInfoEncodedHex();
* </pre>
* NOTE: ContentType and MessageDigest signed attributes
* are automatically added by default.
*
* <h4>GENERATE CAdES-BES with multiple signers</h4>
* If you need signature by multiple signers, you can
* specify one or more items in 'signerInfos' property as below.
* <pre>
* sd = KJUR.asn1.cms.CMSUtil.newSignedData({
* content: {str: "aaa"},
* certs: [certPEM1, certPEM2],
* signerInfos: [{
* hashAlg: 'sha256',
* sAttr: {SigningCertificateV2: {array: [certPEM1]}},
* signerCert: certPEM1,
* sigAlg: 'SHA256withRSA',
* signerPrvKey: pkcs8PrvKeyPEM1
* },{
* hashAlg: 'sha1',
* sAttr: {SigningCertificateV2: {array: [certPEM2]}},
* signerCert: certPEM2,
* sigAlg: 'SHA1withRSA',
* signerPrvKey: pkcs8PrvKeyPEM2
* }]
* });
* signedDataHex = sd.getContentInfoEncodedHex();
* </pre>
*
* <h4>GENERATE CAdES-EPES</h4>
* When you need a CAdES-EPES signature,
* you just need to add 'SignaturePolicyIdentifier'
* attribute as below.
* <pre>
* sd = KJUR.asn1.cms.CMSUtil.newSignedData({
* content: {str: "aaa"},
* certs: [certPEM],
* signerInfos: [{
* hashAlg: 'sha256',
* sAttr: {
* SigningCertificateV2: {array: [certPEM]},
* SignaturePolicyIdentifier: {
* oid: '1.2.3.4.5',
* hash: {alg: 'sha1', hash: 'b1b2b3b4b...'}
* },
* },
* signerCert: certPEM,
* sigAlg: 'SHA256withRSA',
* signerPrvKey: pkcs8PrvKeyPEM
* }]
* });
* signedDataHex = sd.getContentInfoEncodedHex();
* </pre>
*
* <h4>GENERATE CAdES-T</h4>
* After a signed CAdES-BES or CAdES-EPES signature have been generated,
* you can generate CAdES-T by adding SigningTimeStamp unsigned attribute.
* <pre>
* beshex = "30..."; // hex of CAdES-BES or EPES data
* info = KJUR.asn1.cades.CAdESUtil.parseSignedDataForAddingUnsigned(beshex);
* // You can refer a hexadecimal string of signature value
* // in the first signerInfo in the CAdES-BES/EPES with a variable:
* // 'info.si[0].sigval'. You need to get RFC 3161 TimeStampToken
* // from a trusted time stamp authority. Otherwise you can also
* // get it by 'KJUR.asn1.tsp' module. We suppose that we could
* // get proper time stamp.
* tsthex0 = "30..."; // hex of TimeStampToken for signerInfo[0] sigval
* si0 = info.obj.signerInfoList[0];
* si0.addUnsigned(new KJUR.asn1.cades.SignatureTimeStamp({tst: tsthex0});
* esthex = info.obj.getContentInfoEncodedHex(); // CAdES-T
* </pre>
* </p>
*
* <h4>SAMPLE CODES</h4>
* <ul>
* <li><a href="../../tool_cades.html">demo program for CAdES-BES/EPES/T generation</a></li>
* <li><a href="../../test/qunit-do-asn1cades.html">Unit test code for KJUR.asn1.cades package</a></li>
* <li><a href="../../test/qunit-do-asn1tsp.html">Unit test code for KJUR.asn1.tsp package (See SimpleTSAAdaptor test)</a></li>
* <li><a href="../../test/qunit-do-asn1cms.html">Unit test code for KJUR.asn1.cms package (See newSignedData test)</a></li>
* </ul>
*
* @name KJUR.asn1.cades
* @namespace
*/
if (typeof KJUR.asn1.cades == "undefined" || !KJUR.asn1.cades) KJUR.asn1.cades = {};
/**
* class for RFC 5126 CAdES SignaturePolicyIdentifier attribute
* @name KJUR.asn1.cades.SignaturePolicyIdentifier
* @class class for RFC 5126 CAdES SignaturePolicyIdentifier attribute
* @param {Array} params associative array of parameters
* @extends KJUR.asn1.cms.Attribute
* @since jsrsasign 4.7.0 asn1cades 1.0.0
* @description
* <pre>
* SignaturePolicyIdentifier ::= CHOICE {
* signaturePolicyId SignaturePolicyId,
* signaturePolicyImplied SignaturePolicyImplied } -- not used
*
* SignaturePolicyImplied ::= NULL
* SignaturePolicyId ::= SEQUENCE {
* sigPolicyId SigPolicyId,
* sigPolicyHash SigPolicyHash,
* sigPolicyQualifiers SEQUENCE SIZE (1..MAX) OF
* SigPolicyQualifierInfo OPTIONAL }
* SigPolicyId ::= OBJECT IDENTIFIER
* SigPolicyHash ::= OtherHashAlgAndValue
* </pre>
* @example
* var o = new KJUR.asn1.cades.SignaturePolicyIdentifier({
* oid: '1.2.3.4.5',
* hash: {alg: 'sha1', hash: 'a1a2a3a4...'}
* });
*/
/*
* id-aa-ets-sigPolicyId OBJECT IDENTIFIER ::= { iso(1)
* member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs9(9)
* smime(16) id-aa(2) 15 }
*
* signature-policy-identifier attribute values have ASN.1 type
* SignaturePolicyIdentifier:
*
* SigPolicyQualifierInfo ::= SEQUENCE {
* sigPolicyQualifierId SigPolicyQualifierId,
* sigQualifier ANY DEFINED BY sigPolicyQualifierId }
*
* sigpolicyQualifierIds defined in the present document:
* SigPolicyQualifierId ::= OBJECT IDENTIFIER
* id-spq-ets-uri OBJECT IDENTIFIER ::= { iso(1)
* member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs9(9)
* smime(16) id-spq(5) 1 }
*
* SPuri ::= IA5String
*
* id-spq-ets-unotice OBJECT IDENTIFIER ::= { iso(1)
* member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs9(9)
* smime(16) id-spq(5) 2 }
*
* SPUserNotice ::= SEQUENCE {
* noticeRef NoticeReference OPTIONAL,
* explicitText DisplayText OPTIONAL}
*
* NoticeReference ::= SEQUENCE {
* organization DisplayText,
* noticeNumbers SEQUENCE OF INTEGER }
*
* DisplayText ::= CHOICE {
* visibleString VisibleString (SIZE (1..200)),
* bmpString BMPString (SIZE (1..200)),
* utf8String UTF8String (SIZE (1..200)) }
*/
KJUR.asn1.cades.SignaturePolicyIdentifier = function(params) {
KJUR.asn1.cades.SignaturePolicyIdentifier.superclass.constructor.call(this);
this.attrTypeOid = "1.2.840.113549.1.9.16.2.15";
var nA = KJUR.asn1;
var nC = KJUR.asn1.cades;
if (typeof params != "undefined") {
if (typeof params.oid == "string" &&
typeof params.hash == "object") {
var dOid = new nA.DERObjectIdentifier({oid: params.oid});
var dHash = new nC.OtherHashAlgAndValue(params.hash);
var seq = new nA.DERSequence({array: [dOid, dHash]});
this.valueList = [seq];
}
}
};
YAHOO.lang.extend(KJUR.asn1.cades.SignaturePolicyIdentifier,
KJUR.asn1.cms.Attribute);
/**
* class for OtherHashAlgAndValue ASN.1 object
* @name KJUR.asn1.cades.OtherHashAlgAndValue
* @class class for OtherHashAlgAndValue ASN.1 object
* @param {Array} params associative array of parameters
* @extends KJUR.asn1.ASN1Object
* @since jsrsasign 4.7.0 asn1cades 1.0.0
* @description
* <pre>
* OtherHashAlgAndValue ::= SEQUENCE {
* hashAlgorithm AlgorithmIdentifier,
* hashValue OtherHashValue }
* OtherHashValue ::= OCTET STRING
* </pre>
*/
KJUR.asn1.cades.OtherHashAlgAndValue = function(params) {
KJUR.asn1.cades.OtherHashAlgAndValue.superclass.constructor.call(this);
var nA = KJUR.asn1;
var nX = KJUR.asn1.x509;
this.dAlg = null;
this.dHash = null;
this.getEncodedHex = function() {
var seq = new nA.DERSequence({array: [this.dAlg, this.dHash]});
this.hTLV = seq.getEncodedHex();
return this.hTLV;
};
if (typeof params != "undefined") {
if (typeof params.alg == "string" &&
typeof params.hash == "string") {
this.dAlg = new nX.AlgorithmIdentifier({name: params.alg});
this.dHash = new nA.DEROctetString({hex: params.hash});
}
}
};
YAHOO.lang.extend(KJUR.asn1.cades.OtherHashAlgAndValue, KJUR.asn1.ASN1Object);
/**
* class for RFC 5126 CAdES SignatureTimeStamp attribute
* @name KJUR.asn1.cades.SignatureTimeStamp
* @class class for RFC 5126 CAdES SignatureTimeStamp attribute
* @param {Array} params associative array of parameters
* @extends KJUR.asn1.cms.Attribute
* @since jsrsasign 4.7.0 asn1cades 1.0.0
* @description
* <pre>
* id-aa-signatureTimeStampToken OBJECT IDENTIFIER ::=
* 1.2.840.113549.1.9.16.2.14
* SignatureTimeStampToken ::= TimeStampToken
* </pre>
*/
KJUR.asn1.cades.SignatureTimeStamp = function(params) {
KJUR.asn1.cades.SignatureTimeStamp.superclass.constructor.call(this);
this.attrTypeOid = "1.2.840.113549.1.9.16.2.14";
this.tstHex = null;
var nA = KJUR.asn1;
if (typeof params != "undefined") {
if (typeof params.res != "undefined") {
if (typeof params.res == "string" &&
params.res.match(/^[0-9A-Fa-f]+$/)) {
} else if (params.res instanceof KJUR.asn1.ASN1Object) {
} else {
throw "res param shall be ASN1Object or hex string";
}
}
if (typeof params.tst != "undefined") {
if (typeof params.tst == "string" &&
params.tst.match(/^[0-9A-Fa-f]+$/)) {
var d = new nA.ASN1Object();
this.tstHex = params.tst;
d.hTLV = this.tstHex;
d.getEncodedHex();
this.valueList = [d];
} else if (params.tst instanceof KJUR.asn1.ASN1Object) {
} else {
throw "tst param shall be ASN1Object or hex string";
}
}
}
};
YAHOO.lang.extend(KJUR.asn1.cades.SignatureTimeStamp,
KJUR.asn1.cms.Attribute);
/**
* class for RFC 5126 CAdES CompleteCertificateRefs attribute
* @name KJUR.asn1.cades.CompleteCertificateRefs
* @class class for RFC 5126 CAdES CompleteCertificateRefs attribute
* @param {Array} params associative array of parameters
* @extends KJUR.asn1.cms.Attribute
* @since jsrsasign 4.7.0 asn1cades 1.0.0
* @description
* <pre>
* id-aa-ets-certificateRefs OBJECT IDENTIFIER =
* 1.2.840.113549.1.9.16.2.21
* CompleteCertificateRefs ::= SEQUENCE OF OtherCertID
* </pre>
* @example
* o = new KJUR.asn1.cades.CompleteCertificateRefs([certPEM1,certPEM2]);
*/
KJUR.asn1.cades.CompleteCertificateRefs = function(params) {
KJUR.asn1.cades.CompleteCertificateRefs.superclass.constructor.call(this);
this.attrTypeOid = "1.2.840.113549.1.9.16.2.21";
var nA = KJUR.asn1;
var nD = KJUR.asn1.cades;
/**
* set value by array
* @name setByArray
* @memberOf KJUR.asn1.cades.CompleteCertificateRefs
* @function
* @param {Array} a array of {@link KJUR.asn1.cades.OtherCertID} argument
* @return unspecified
* @description
*/
this.setByArray = function(a) {
this.valueList = [];
for (var i = 0; i < a.length; i++) {
var o = new nD.OtherCertID(a[i]);
this.valueList.push(o);
}
};
if (typeof params != "undefined") {
if (typeof params == "object" &&
typeof params.length == "number") {
this.setByArray(params);
}
}
};
YAHOO.lang.extend(KJUR.asn1.cades.CompleteCertificateRefs,
KJUR.asn1.cms.Attribute);
/**
* class for OtherCertID ASN.1 object
* @name KJUR.asn1.cades.OtherCertID
* @class class for OtherCertID ASN.1 object
* @param {Array} params associative array of parameters
* @extends KJUR.asn1.ASN1Object
* @since jsrsasign 4.7.0 asn1cades 1.0.0
* @description
* <pre>
* OtherCertID ::= SEQUENCE {
* otherCertHash OtherHash,
* issuerSerial IssuerSerial OPTIONAL }
* </pre>
* @example
* o = new KJUR.asn1.cades.OtherCertID(certPEM);
* o = new KJUR.asn1.cades.OtherCertID({cert:certPEM, hasis: false});
*/
KJUR.asn1.cades.OtherCertID = function(params) {
KJUR.asn1.cades.OtherCertID.superclass.constructor.call(this);
var nA = KJUR.asn1;
var nC = KJUR.asn1.cms;
var nD = KJUR.asn1.cades;
this.hasIssuerSerial = true;
this.dOtherCertHash = null;
this.dIssuerSerial = null;
/**
* set value by PEM string of certificate
* @name setByCertPEM
* @memberOf KJUR.asn1.cades.OtherCertID
* @function
* @param {String} certPEM PEM string of certificate
* @return unspecified
* @description
* This method will set value by a PEM string of a certificate.
* This will add IssuerAndSerialNumber by default
* which depends on hasIssuerSerial flag.
*/
this.setByCertPEM = function(certPEM) {
this.dOtherCertHash = new nD.OtherHash(certPEM);
if (this.hasIssuerSerial)
this.dIssuerSerial = new nC.IssuerAndSerialNumber(certPEM);
};
this.getEncodedHex = function() {
if (this.hTLV != null) return this.hTLV;
if (this.dOtherCertHash == null)
throw "otherCertHash not set";
var a = [this.dOtherCertHash];
if (this.dIssuerSerial != null)
a.push(this.dIssuerSerial);
var seq = new nA.DERSequence({array: a});
this.hTLV = seq.getEncodedHex();
return this.hTLV;
};
if (typeof params != "undefined") {
if (typeof params == "string" &&
params.indexOf("-----BEGIN ") != -1) {
this.setByCertPEM(params);
}
if (typeof params == "object") {
if (params.hasis === false)
this.hasIssuerSerial = false;
if (typeof params.cert == "string")
this.setByCertPEM(params.cert);
}
}
};
YAHOO.lang.extend(KJUR.asn1.cades.OtherCertID, KJUR.asn1.ASN1Object);
/**
* class for OtherHash ASN.1 object
* @name KJUR.asn1.cades.OtherHash
* @class class for OtherHash ASN.1 object
* @param {Array} params associative array of parameters
* @extends KJUR.asn1.ASN1Object
* @since jsrsasign 4.7.0 asn1cades 1.0.0
* @description
* <pre>
* OtherHash ::= CHOICE {
* sha1Hash OtherHashValue, -- This contains a SHA-1 hash
* otherHash OtherHashAlgAndValue}
* OtherHashValue ::= OCTET STRING
* </pre>
* @example
* o = new KJUR.asn1.cades.OtherHash("1234");
* o = new KJUR.asn1.cades.OtherHash(certPEMStr); // default alg=sha256
* o = new KJUR.asn1.cades.OtherHash({alg: 'sha256', hash: '1234'});
* o = new KJUR.asn1.cades.OtherHash({alg: 'sha256', cert: certPEM});
* o = new KJUR.asn1.cades.OtherHash({cert: certPEM});
*/
KJUR.asn1.cades.OtherHash = function(params) {
KJUR.asn1.cades.OtherHash.superclass.constructor.call(this);
var nA = KJUR.asn1;
var nD = KJUR.asn1.cades;
this.alg = 'sha256';
this.dOtherHash = null;
/**
* set value by PEM string of certificate
* @name setByCertPEM
* @memberOf KJUR.asn1.cades.OtherHash
* @function
* @param {String} certPEM PEM string of certificate
* @return unspecified
* @description
* This method will set value by a PEM string of a certificate.
* An algorithm used to hash certificate data will
* be defined by 'alg' property and 'sha256' is default.
*/
this.setByCertPEM = function(certPEM) {
if (certPEM.indexOf("-----BEGIN ") == -1)
throw "certPEM not to seem PEM format";
var hex = X509.pemToHex(certPEM);
var hash = KJUR.crypto.Util.hashHex(hex, this.alg);
this.dOtherHash =
new nD.OtherHashAlgAndValue({alg: this.alg, hash: hash});
};
this.getEncodedHex = function() {
if (this.dOtherHash == null)
throw "OtherHash not set";
return this.dOtherHash.getEncodedHex();
};
if (typeof params != "undefined") {
if (typeof params == "string") {
if (params.indexOf("-----BEGIN ") != -1) {
this.setByCertPEM(params);
} else if (params.match(/^[0-9A-Fa-f]+$/)) {
this.dOtherHash = new nA.DEROctetString({hex: params});
} else {
throw "unsupported string value for params";
}
} else if (typeof params == "object") {
if (typeof params.cert == "string") {
if (typeof params.alg == "string")
this.alg = params.alg;
this.setByCertPEM(params.cert);
} else {
this.dOtherHash = new nD.OtherHashAlgAndValue(params);
}
}
}
};
YAHOO.lang.extend(KJUR.asn1.cades.OtherHash, KJUR.asn1.ASN1Object);
// == BEGIN UTILITIES =====================================================
/**
* CAdES utiliteis class
* @name KJUR.asn1.cades.CAdESUtil
* @class CAdES utilities class
* @since jsrsasign 4.7.0 asn1cades 1.0.0
*/
KJUR.asn1.cades.CAdESUtil = new function() {
};
/*
*
*/
KJUR.asn1.cades.CAdESUtil.addSigTS = function(dCMS, siIdx, sigTSHex) {
};
/**
* parse CMS SignedData to add unsigned attributes
* @name parseSignedDataForAddingUnsigned
* @memberOf KJUR.asn1.cades.CAdESUtil
* @function
* @param {String} hex hexadecimal string of ContentInfo of CMS SignedData
* @return {Object} associative array of parsed data
* @description
* This method will parse a hexadecimal string of
* ContentInfo with CMS SignedData to add a attribute
* to unsigned attributes field in a signerInfo field.
* Parsed result will be an associative array which has
* following properties:
* <ul>
* <li>version - hex of CMSVersion ASN.1 TLV</li>
* <li>algs - hex of DigestAlgorithms ASN.1 TLV</li>
* <li>encapcontent - hex of EncapContentInfo ASN.1 TLV</li>
* <li>certs - hex of Certificates ASN.1 TLV</li>
* <li>revs - hex of RevocationInfoChoices ASN.1 TLV</li>
* <li>si[] - array of SignerInfo properties</li>
* <li>obj - parsed KJUR.asn1.cms.SignedData object</li>
* </ul>
* @example
* info = KJUR.asn1.cades.CAdESUtil.parseSignedDataForAddingUnsigned(beshex);
* sd = info.obj;
*/
KJUR.asn1.cades.CAdESUtil.parseSignedDataForAddingUnsigned = function(hex) {
var nA = KJUR.asn1;
var nC = KJUR.asn1.cms;
var nU = KJUR.asn1.cades.CAdESUtil;
var r = {};
// 1. not oid signed-data then error
if (ASN1HEX.getDecendantHexTLVByNthList(hex, 0, [0]) !=
"06092a864886f70d010702")
throw "hex is not CMS SignedData";
var iSD = ASN1HEX.getDecendantIndexByNthList(hex, 0, [1, 0]);
var aSDChildIdx = ASN1HEX.getPosArrayOfChildren_AtObj(hex, iSD);
if (aSDChildIdx.length < 4)
throw "num of SignedData elem shall be 4 at least";
// 2. HEXs of SignedData children
// 2.1. SignedData.CMSVersion
var iVersion = aSDChildIdx.shift();
r.version = ASN1HEX.getHexOfTLV_AtObj(hex, iVersion);
// 2.2. SignedData.DigestAlgorithms
var iAlgs = aSDChildIdx.shift();
r.algs = ASN1HEX.getHexOfTLV_AtObj(hex, iAlgs);
// 2.3. SignedData.EncapContentInfo
var iEncapContent = aSDChildIdx.shift();
r.encapcontent = ASN1HEX.getHexOfTLV_AtObj(hex, iEncapContent);
// 2.4. [0]Certs
r.certs = null;
r.revs = null;
r.si = [];
var iNext = aSDChildIdx.shift();
if (hex.substr(iNext, 2) == "a0") {
r.certs = ASN1HEX.getHexOfTLV_AtObj(hex, iNext);
iNext = aSDChildIdx.shift();
}
// 2.5. [1]Revs
if (hex.substr(iNext, 2) == "a1") {
r.revs = ASN1HEX.getHexOfTLV_AtObj(hex, iNext);
iNext = aSDChildIdx.shift();
}
// 2.6. SignerInfos
var iSignerInfos = iNext;
if (hex.substr(iSignerInfos, 2) != "31")
throw "Can't find signerInfos";
var aSIIndex = ASN1HEX.getPosArrayOfChildren_AtObj(hex, iSignerInfos);
//alert(aSIIndex.join("-"));
for (var i = 0; i < aSIIndex.length; i++) {
var iSI = aSIIndex[i];
var pSI = nU.parseSignerInfoForAddingUnsigned(hex, iSI, i);
r.si[i] = pSI;
}
// x. obj(SignedData)
var tmp = null;
r.obj = new nC.SignedData();
tmp = new nA.ASN1Object();
tmp.hTLV = r.version;
r.obj.dCMSVersion = tmp;
tmp = new nA.ASN1Object();
tmp.hTLV = r.algs;
r.obj.dDigestAlgs = tmp;
tmp = new nA.ASN1Object();
tmp.hTLV = r.encapcontent;
r.obj.dEncapContentInfo = tmp;
tmp = new nA.ASN1Object();
tmp.hTLV = r.certs;
r.obj.dCerts = tmp;
r.obj.signerInfoList = [];
for (var i = 0; i < r.si.length; i++) {
r.obj.signerInfoList.push(r.si[i].obj);
}
return r;
};
/**
* parse SignerInfo to add unsigned attributes
* @name parseSignerInfoForAddingUnsigned
* @memberOf KJUR.asn1.cades.CAdESUtil
* @function
* @param {String} hex hexadecimal string of SignerInfo
* @return {Object} associative array of parsed data
* @description
* This method will parse a hexadecimal string of
* SignerInfo to add a attribute
* to unsigned attributes field in a signerInfo field.
* Parsed result will be an associative array which has
* following properties:
* <ul>
* <li>version - hex TLV of version</li>
* <li>si - hex TLV of SignerIdentifier</li>
* <li>digalg - hex TLV of DigestAlgorithm</li>
* <li>sattrs - hex TLV of SignedAttributes</li>
* <li>sigalg - hex TLV of SignatureAlgorithm</li>
* <li>sig - hex TLV of signature</li>
* <li>sigval = hex V of signature</li>
* <li>obj - parsed KJUR.asn1.cms.SignerInfo object</li>
* </ul>
* NOTE: Parsing of unsigned attributes will be provided in the
* future version. That's way this version provides support
* for CAdES-T and not for CAdES-C.
*/
KJUR.asn1.cades.CAdESUtil.parseSignerInfoForAddingUnsigned =
function(hex, iSI, nth) {
var nA = KJUR.asn1;
var nC = KJUR.asn1.cms;
var r = {};
var aSIChildIdx = ASN1HEX.getPosArrayOfChildren_AtObj(hex, iSI);
//alert(aSIChildIdx.join("="));
if (aSIChildIdx.length != 6)
throw "not supported items for SignerInfo (!=6)";
// 1. SignerInfo.CMSVersion
var iVersion = aSIChildIdx.shift();
r.version = ASN1HEX.getHexOfTLV_AtObj(hex, iVersion);
// 2. SignerIdentifier(IssuerAndSerialNumber)
var iIdentifier = aSIChildIdx.shift();
r.si = ASN1HEX.getHexOfTLV_AtObj(hex, iIdentifier);
// 3. DigestAlgorithm
var iDigestAlg = aSIChildIdx.shift();
r.digalg = ASN1HEX.getHexOfTLV_AtObj(hex, iDigestAlg);
// 4. SignedAttrs
var iSignedAttrs = aSIChildIdx.shift();
r.sattrs = ASN1HEX.getHexOfTLV_AtObj(hex, iSignedAttrs);
// 5. SigAlg
var iSigAlg = aSIChildIdx.shift();
r.sigalg = ASN1HEX.getHexOfTLV_AtObj(hex, iSigAlg);
// 6. Signature
var iSig = aSIChildIdx.shift();
r.sig = ASN1HEX.getHexOfTLV_AtObj(hex, iSig);
r.sigval = ASN1HEX.getHexOfV_AtObj(hex, iSig);
// 7. obj(SignerInfo)
var tmp = null;
r.obj = new nC.SignerInfo();
tmp = new nA.ASN1Object();
tmp.hTLV = r.version;
r.obj.dCMSVersion = tmp;
tmp = new nA.ASN1Object();
tmp.hTLV = r.si;
r.obj.dSignerIdentifier = tmp;
tmp = new nA.ASN1Object();
tmp.hTLV = r.digalg;
r.obj.dDigestAlgorithm = tmp;
tmp = new nA.ASN1Object();
tmp.hTLV = r.sattrs;
r.obj.dSignedAttrs = tmp;
tmp = new nA.ASN1Object();
tmp.hTLV = r.sigalg;
r.obj.dSigAlg = tmp;
tmp = new nA.ASN1Object();
tmp.hTLV = r.sig;
r.obj.dSig = tmp;
r.obj.dUnsignedAttrs = new nC.AttributeList();
return r;
};