(function(){function r(b){var g=b.jsustoolkitErrCode=b.jsustoolkitErrCode||{},e=b.x509Certificate=b.x509Certificate||{},d=null,p=null,f=b.asn1,q={name:"CertificateListInfo",tagClass:f.Class.UNIVERSAL,type:f.Type.SEQUENCE,constructed:!0,value:[{name:"CertificateListInfo.tbsCertList",tagClass:f.Class.UNIVERSAL,type:f.Type.SEQUENCE,constructed:!0,captureAsn1:"TBSCertList"},{name:"CertificateListInfo.signatureAlgorithm",tagClass:f.Class.UNIVERSAL,type:f.Type.SEQUENCE,constructed:!0,value:[{name:"CertificateListInfo.algorithm",tagClass:f.Class.UNIVERSAL,type:f.Type.OID,constructed:!1,capture:"signatureOid"},{name:"CertificateListInfo.parameters",tagClass:f.Class.UNIVERSAL,optional:!0,captureAsn1:"signatureParams"}]},{name:"CertificateListInfo.signatureValue",tagClass:f.Class.UNIVERSAL,type:f.Type.BITSTRING,constructed:!1,capture:"signature"}]},r={name:"tbsCertList",tagClass:f.Class.UNIVERSAL,type:f.Type.SEQUENCE,constructed:!0,captureAsn1:"tbsCertListInfo",value:[{name:"tbsCertListInfo.version",tagClass:f.Class.UNIVERSAL,type:f.Type.INTEGER,constructed:!1,optional:!0,capture:"certListVersion"},{name:"tbsCertListInfo.signature",tagClass:f.Class.UNIVERSAL,type:f.Type.SEQUENCE,constructed:!0,value:[{name:"tbsCertListInfo.signature.algorithm",tagClass:f.Class.UNIVERSAL,type:f.Type.OID,constructed:!1,capture:"certListInfoSignatureOid"},{name:"tbsCertListInfo.signature.parameters",tagClass:f.Class.UNIVERSAL,optional:!0,captureAsn1:"certListInfoSignatureParams"}]},{name:"tbsCertListInfo.issuer",tagClass:f.Class.UNIVERSAL,type:f.Type.SEQUENCE,constructed:!0,captureAsn1:"certListIssuer"},{name:"tbsCertListInfo.thisUpdate",tagClass:f.Class.UNIVERSAL,type:f.Type.UTCTIME,constructed:!1,capture:"thisUpdate"},{name:"tbsCertListInfo.nextUpdate",tagClass:f.Class.UNIVERSAL,type:f.Type.UTCTIME,constructed:!1,optional:!0,capture:"nextUpdate"},{name:"tbsCertListInfo.revokedCertificaates",tagClass:f.Class.UNIVERSAL,type:f.Type.SEQUENCE,constructed:!0,optional:!0,captureAsn1:"revokedCertificaates"},{name:"tbsCertListInfo.extensions",tagClass:f.Class.CONTEXT_SPECIFIC,type:0,constructed:!0,optional:!0,captureAsn1:"certListInfoExtensions"}]},t="unspecified keyCompromise caCompromise affiliationChanged superseded cessationOfOperation certificateHold removeFromCRL".split(" ");e.parser=function(a,c){if(null==a||"undefined"==typeof a)throw{code:"112050",message:g["112050"]};if("PEM"==c)d=b.pki.certificateFromPem(a);else if("Base64"==c)d=b.pki.certificateFromBase64(a);else if("ASN1"==c)d=b.pki.certificateFromAsn1(a);else throw{code:"112051",message:g["112051"]};p=new e.certUtil;return d};e.getVersion=function(){return d.version+1};e.getSerialNumber=function(){return d.serialNumber};e.getSignAlgo=function(){return b.pki.oids[d.signatureOid]};e.getSignHashAlgo=function(){return e.getSignAlgo().substring(0,e.getSignAlgo().indexOf("with"))};e.getIssuerName=function(){return p.getDN(d.issuer)};e.getNotBefore=function(){return d.validity.notBefore};e.getNotAfter=function(){return d.validity.notAfter};e.getSubjectName=function(){return p.getDN(d.subject)};e.getSignature=function(){return b.util.bytesToHex(d.signature)};e.getPublickeyAlgo=function(){var a=b.pki.oids[d.publicKeyOid];null==a&&(a=d.publicKeyOid);return a};e.getPublickey=function(){return d.publicKeyOid==b.pki.oids.RSAEncryption?b.asn1.toDer(d.rsaPublicKey).toHex():b.asn1.toDer(d.publicKey.value[0]).toHex()};e.getAuthorityInfoAccess=function(){if(null==d.getExtension("authorityInfoAccess"))return"";var a=b.asn1.fromDer(d.getExtension("authorityInfoAccess").value).value[0];return"AccessMethod ="+b.pki.oids[b.asn1.derToOid(a.value[0].value)]+"("+b.asn1.derToOid(a.value[0].value)+")\nAlternativeName = "+a.value[1].value};e.getAuthorityKeyIdentifier=function(){if(null==d.getExtension("authorityKeyIdentifier"))return"";var a=b.asn1.fromDer(d.getExtension("authorityKeyIdentifier").value);return a.value[2]?"KeyID ="+b.util.bytesToHex(a.value[0].value)+"\nCertificate SerialNumber="+b.util.bytesToHex(a.value[2].value)+"\n":"KeyID ="+b.util.bytesToHex(a.value[0].value)+"\n"};e.getSubjectKeyIdentifier=function(){return null==d.getExtension("subjectKeyIdentifier")?"":b.util.bytesToHex(b.asn1.fromDer(d.getExtension("subjectKeyIdentifier").value).value)};e.getKeyUsage=function(){var a=d.getExtension("keyUsage"),c="";null!==a&&(a.digitalSignature&&(c+="digitalSignature,"),a.nonRepudiation&&(c+="nonRepudiation,"),a.keyEncipherment&&(c+="keyEncipherment,"),a.dataEncipherment&&(c+="dataEncipherment,"),a.keyAgreement&&(c+="keyAgreement,"),a.keyCertSign&&(c+="keyCertSign,"),a.cRLSign&&(c+="cRLSign,"),a.encipherOnly&&(c+="encipherOnly,"),a.decipherOnly&&(c+="decipherOnly,"),c=c.substring(0,c.length-1));return c};e.getCertificatePoliciesOid=function(){if(null==d.getExtension("certificatePolicies"))return"";var a=b.asn1.fromDer(d.getExtension("certificatePolicies").value),c=a.value[0];a.value[1]&&(c=a.value[1]);return b.asn1.derToOid(c.value[0].value)};e.getCertificatePoliciesCPS=function(){if(null!=d.getExtension("certificatePolicies")){var a=b.asn1.fromDer(d.getExtension("certificatePolicies").value),c=a.value[0].value[1];a.value[1]&&(c=a.value[1].value[1]);if(null==c)return"";for(a=0;ae.getNotAfter())d.verify=!1,d.revocationDate=e.getNotAfter(),d.reason="Certificate has expired.",d.errCode=-1;else{var m={};l={};var h=[];c=f.fromDer(c);if(!f.validate(c,q,m,h))throw{code:"112052",message:g["112052"]};if(!f.validate(m.TBSCertList,r,l,h))throw{code:"112053",message:g["112053"]};if(!f.fromDer(l.certListInfoExtensions.value[0].value[0].value[1].value).value[0].value==f.fromDer(a.getExtension("subjectKeyIdentifier").value).value)throw{code:"112054",message:g["112054"]};c=b.util.createBuffer(m.signature);++c.read;c=c.getBytes();var k=m.TBSCertList;h=f.derToOid(m.signatureOid);m=c;if(null==a||"undefined"==typeof a)throw{code:"112053",message:g["112053"]};if(null==k||"undefined"==typeof k)throw{code:"112054",message:g["112054"]};if(null==h||"undefined"==typeof h)throw{code:"112055",message:g["112055"]};if(null==m||"undefined"==typeof m)throw{code:"112056",message:g["112056"]};var p=!1;c=null;if(a.signatureOid in b.pki.oids)switch(b.pki.oids[a.signatureOid]){case "sha1WithRSAEncryption":c=b.md.sha1.create();break;case "md5WithRSAEncryption":c=b.md.md5.create();break;case "sha256WithRSAEncryption":c=b.md.sha256.create();break;case "RSASSA-PSS":c=b.md.sha256.create()}else throw{code:"112057",message:g["112057"]};k=f.toDer(k);c.update(k.getBytes());if(null!==c){k=void 0;h=b.pki.oids[h];switch(h){case "sha1WithRSAEncryption":case "sha256WithRSAEncryption":k=void 0;break;case "RSASSA-PSS":h=oids[child.signatureParameters.mgf.hash.algorithmOid];if(void 0===h||void 0===b.md[h])throw{code:"112028",message:g["112028"]+"(oid:"+child.signatureParameters.mgf.hash.algorithmOid+")"};k=oids[child.signatureParameters.mgf.algorithmOid];if(void 0===k||void 0===b.mgf[k])throw{code:"112029",message:g["112029"]+"(oid:"+child.signatureParameters.mgf.algorithmOid+")"};k=b.mgf[k].create(b.md[h].create());h=oids[child.signatureParameters.hash.algorithmOid];if(void 0===h||void 0===b.md[h])throw{code:"112030",message:g["112030"]+"(oid:"+child.signatureParameters.hash.algorithmOid+")"};k=b.pss.create(b.md[h].create(),k,child.signatureParameters.saltLength)}p=a.publicKey.verify(c.digest().getBytes(),m,k)}if(p){a="";try{a=f.fromDer(l.certListInfoExtensions.value[0].value[2].value[2].value).value[0].value[0].value[0].value}catch(u){a=f.fromDer(l.certListInfoExtensions.value[0].value[1].value[2].value).value[0].value[0].value[0].value}if(e.getcRLDistributionPoints()==a)if(l.revokedCertificaates){for(a=0;a