Home Explore Help
Register Sign In
ETEC
/
ebid
2
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Tree: 8a51d8d62e
Branches Tags
ebid
/
web
/
CrossCert
/
CC_WSTD_home
/
jsustoolkit
/
toolkit
/
pki.js

pki.js 33 KB
History Raw

1 
  1. (function(){function v(g){"undefined"===typeof BigInteger&&(BigInteger=g.jsbn.BigInteger);var a=g.asn1,m=g.jsustoolkitErrCode=g.jsustoolkitErrCode||{},e=g.pki=g.pki||{},l=e.oids,w=g.pkcs8=g.pkcs8||{},y=g.x509Certificate=g.x509Certificate||{},n={};n.cn=l.commonName;n.commonName="cn";n.c=l.countryName;n.countryName="c";n.l=l.localityName;n.localityName="l";n.s=l.stateOrProvinceName;n.stateOrProvinceName="s";n.o=l.organizationName;n.organizationName="o";n.ou=l.organizationalUnitName;n.organizationalUnitName="ou";n.e=l.emailAddress;n.emailAddress="e";n.street=l.street;n.street="street";n.serialNumber=l.serialName;n.serialName="serialNumber";n.dnQualifier=l.dnQualifier;n.dnQualifier="dnQualifier";n.dc=l.domailComponent;n.domailComponent="dc";var v={name:"SubjectPublicKeyInfo",tagClass:a.Class.UNIVERSAL,type:a.Type.SEQUENCE,constructed:!0,captureAsn1:"subjectPublicKeyInfo",value:[{name:"SubjectPublicKeyInfo.AlgorithmIdentifier",tagClass:a.Class.UNIVERSAL,type:a.Type.SEQUENCE,constructed:!0,value:[{name:"AlgorithmIdentifier.algorithm",tagClass:a.Class.UNIVERSAL,type:a.Type.OID,constructed:!1,capture:"publicKeyOid"}]},{name:"SubjectPublicKeyInfo.subjectPublicKey",tagClass:a.Class.UNIVERSAL,type:a.Type.BITSTRING,constructed:!1,capture:"rsaPublicKey"}]},x={name:"RSAPublicKey",tagClass:a.Class.UNIVERSAL,type:a.Type.SEQUENCE,constructed:!0,value:[{name:"RSAPublicKey.modulus",tagClass:a.Class.UNIVERSAL,type:a.Type.INTEGER,constructed:!1,capture:"publicKeyModulus"},{name:"RSAPublicKey.exponent",tagClass:a.Class.UNIVERSAL,type:a.Type.INTEGER,constructed:!1,capture:"publicKeyExponent"}]},G={name:"Certificate",tagClass:a.Class.UNIVERSAL,type:a.Type.SEQUENCE,constructed:!0,value:[{name:"Certificate.TBSCertificate",tagClass:a.Class.UNIVERSAL,type:a.Type.SEQUENCE,constructed:!0,captureAsn1:"tbsCertificate",value:[{name:"Certificate.TBSCertificate.version",tagClass:a.Class.CONTEXT_SPECIFIC,type:0,constructed:!0,optional:!0,value:[{name:"Certificate.TBSCertificate.version.integer",tagClass:a.Class.UNIVERSAL,type:a.Type.INTEGER,constructed:!1,capture:"certVersion"}]},{name:"Certificate.TBSCertificate.serialNumber",tagClass:a.Class.UNIVERSAL,type:a.Type.INTEGER,constructed:!1,capture:"certSerialNumber"},{name:"Certificate.TBSCertificate.signature",tagClass:a.Class.UNIVERSAL,type:a.Type.SEQUENCE,constructed:!0,value:[{name:"Certificate.TBSCertificate.signature.algorithm",tagClass:a.Class.UNIVERSAL,type:a.Type.OID,constructed:!1,capture:"certinfoSignatureOid"},{name:"Certificate.TBSCertificate.signature.parameters",tagClass:a.Class.UNIVERSAL,optional:!0,captureAsn1:"certinfoSignatureParams"}]},{name:"Certificate.TBSCertificate.issuer",tagClass:a.Class.UNIVERSAL,type:a.Type.SEQUENCE,constructed:!0,captureAsn1:"certIssuer"},{name:"Certificate.TBSCertificate.validity",tagClass:a.Class.UNIVERSAL,type:a.Type.SEQUENCE,constructed:!0,value:[{name:"Certificate.TBSCertificate.validity.notBefore (utc)",tagClass:a.Class.UNIVERSAL,type:a.Type.UTCTIME,constructed:!1,optional:!0,capture:"certValidity1UTCTime"},{name:"Certificate.TBSCertificate.validity.notBefore (generalized)",tagClass:a.Class.UNIVERSAL,type:a.Type.GENERALIZEDTIME,constructed:!1,optional:!0,capture:"certValidity2GeneralizedTime"},{name:"Certificate.TBSCertificate.validity.notAfter (utc)",tagClass:a.Class.UNIVERSAL,type:a.Type.UTCTIME,constructed:!1,optional:!0,capture:"certValidity3UTCTime"},{name:"Certificate.TBSCertificate.validity.notAfter (generalized)",tagClass:a.Class.UNIVERSAL,type:a.Type.GENERALIZEDTIME,constructed:!1,optional:!0,capture:"certValidity4GeneralizedTime"}]},{name:"Certificate.TBSCertificate.subject",tagClass:a.Class.UNIVERSAL,type:a.Type.SEQUENCE,constructed:!0,captureAsn1:"certSubject"},v,{name:"Certificate.TBSCertificate.issuerUniqueID",tagClass:a.Class.CONTEXT_SPECIFIC,type:1,constructed:!0,optional:!0,value:[{name:"Certificate.TBSCertificate.issuerUniqueID.id",tagClass:a.Class.UNIVERSAL,type:a.Type.BITSTRING,constructed:!1,capture:"certIssuerUniqueId"}]},{name:"Certificate.TBSCertificate.subjectUniqueID",tagClass:a.Class.CONTEXT_SPECIFIC,type:2,constructed:!0,optional:!0,value:[{name:"Certificate.TBSCertificate.subjectUniqueID.id",tagClass:a.Class.UNIVERSAL,type:a.Type.BITSTRING,constructed:!1,capture:"certSubjectUniqueId"}]},{name:"Certificate.TBSCertificate.extensions",tagClass:a.Class.CONTEXT_SPECIFIC,type:3,constructed:!0,captureAsn1:"certExtensions",optional:!0}]},{name:"Certificate.signatureAlgorithm",tagClass:a.Class.UNIVERSAL,type:a.Type.SEQUENCE,constructed:!0,value:[{name:"Certificate.signatureAlgorithm.algorithm",tagClass:a.Class.UNIVERSAL,type:a.Type.OID,constructed:!1,capture:"certSignatureOid"},{name:"Certificate.TBSCertificate.signature.parameters",tagClass:a.Class.UNIVERSAL,optional:!0,captureAsn1:"certSignatureParams"}]},{name:"Certificate.signatureValue",tagClass:a.Class.UNIVERSAL,type:a.Type.BITSTRING,constructed:!1,capture:"certSignature"}]},H={name:"RSAPrivateKey",tagClass:a.Class.UNIVERSAL,type:a.Type.SEQUENCE,constructed:!0,value:[{name:"RSAPrivateKey.version",tagClass:a.Class.UNIVERSAL,type:a.Type.INTEGER,constructed:!1,capture:"privateKeyVersion"},{name:"RSAPrivateKey.modulus",tagClass:a.Class.UNIVERSAL,type:a.Type.INTEGER,constructed:!1,capture:"privateKeyModulus"},{name:"RSAPrivateKey.publicExponent",tagClass:a.Class.UNIVERSAL,type:a.Type.INTEGER,constructed:!1,capture:"privateKeyPublicExponent"},{name:"RSAPrivateKey.privateExponent",tagClass:a.Class.UNIVERSAL,type:a.Type.INTEGER,constructed:!1,capture:"privateKeyPrivateExponent"},{name:"RSAPrivateKey.prime1",tagClass:a.Class.UNIVERSAL,type:a.Type.INTEGER,constructed:!1,capture:"privateKeyPrime1"},{name:"RSAPrivateKey.prime2",tagClass:a.Class.UNIVERSAL,type:a.Type.INTEGER,constructed:!1,capture:"privateKeyPrime2"},{name:"RSAPrivateKey.exponent1",tagClass:a.Class.UNIVERSAL,type:a.Type.INTEGER,constructed:!1,capture:"privateKeyExponent1"},{name:"RSAPrivateKey.exponent2",tagClass:a.Class.UNIVERSAL,type:a.Type.INTEGER,constructed:!1,capture:"privateKeyExponent2"},{name:"RSAPrivateKey.coefficient",tagClass:a.Class.UNIVERSAL,type:a.Type.INTEGER,constructed:!1,capture:"privateKeyCoefficient"}]},I={name:"rsapss",tagClass:a.Class.UNIVERSAL,type:a.Type.SEQUENCE,constructed:!0,value:[{name:"rsapss.hashAlgorithm",tagClass:a.Class.CONTEXT_SPECIFIC,type:0,constructed:!0,value:[{name:"rsapss.hashAlgorithm.AlgorithmIdentifier",tagClass:a.Class.UNIVERSAL,type:a.Class.SEQUENCE,constructed:!0,optional:!0,value:[{name:"rsapss.hashAlgorithm.AlgorithmIdentifier.algorithm",tagClass:a.Class.UNIVERSAL,type:a.Type.OID,constructed:!1,capture:"hashOid"}]}]},{name:"rsapss.maskGenAlgorithm",tagClass:a.Class.CONTEXT_SPECIFIC,type:1,constructed:!0,value:[{name:"rsapss.maskGenAlgorithm.AlgorithmIdentifier",tagClass:a.Class.UNIVERSAL,type:a.Class.SEQUENCE,constructed:!0,optional:!0,value:[{name:"rsapss.maskGenAlgorithm.AlgorithmIdentifier.algorithm",tagClass:a.Class.UNIVERSAL,type:a.Type.OID,constructed:!1,capture:"maskGenOid"},{name:"rsapss.maskGenAlgorithm.AlgorithmIdentifier.params",tagClass:a.Class.UNIVERSAL,type:a.Type.SEQUENCE,constructed:!0,value:[{name:"rsapss.maskGenAlgorithm.AlgorithmIdentifier.params.algorithm",tagClass:a.Class.UNIVERSAL,type:a.Type.OID,constructed:!1,capture:"maskGenHashOid"}]}]}]},{name:"rsapss.saltLength",tagClass:a.Class.CONTEXT_SPECIFIC,type:2,optional:!0,value:[{name:"rsapss.saltLength.saltLength",tagClass:a.Class.UNIVERSAL,type:a.Class.INTEGER,constructed:!1,capture:"saltLength"}]},{name:"rsapss.trailerField",tagClass:a.Class.CONTEXT_SPECIFIC,type:3,optional:!0,value:[{name:"rsapss.trailer.trailer",tagClass:a.Class.UNIVERSAL,type:a.Class.INTEGER,constructed:!1,capture:"trailer"}]}]};e.RDNAttributesAsArray=function(b,d){if(null==b||"undefined"==typeof b)throw{code:"112001",message:m["112001"]};for(var f=[],c,e,h,k=0;k<b.value.length;++k){c=b.value[k];for(var g=0;g<c.value.length;++g)h={},e=c.value[g],h.type=a.derToOid(e.value[0].value),h.value=e.value[1].value,h.valueTagClass=e.value[1].type,h.type in l&&(h.name=l[h.type],h.name in n&&(h.shortName=n[h.name])),d&&(d.update(h.type),d.update(h.value)),f.push(h)}return f};var C=function(a,d){d.constructor==String&&(d={shortName:d});for(var b=null,c,e=0;null===b&&e<a.attributes.length;++e)c=a.attributes[e],d.type&&d.type===c.type?b=c:d.name&&d.name===c.name?b=c:d.shortName&&d.shortName===c.shortName&&(b=c);return b},J=/-----BEGIN [^-]+-----([A-Za-z0-9+/=\s]+)-----END [^-]+-----/;e.pemToDer=function(a){if(null==a||"undefined"==typeof a)throw{code:"112002",message:m["112002"]};if(a=J.exec(a))a=g.util.createBuffer(g.util.decode64(a[1]));else throw"Invalid PEM format";return a};e.base64ToDer=function(a){if(null==a||"undefined"==typeof a)throw{code:"112003",message:m["112003"]};return g.util.createBuffer(g.util.decode64(a))};var z=function(b,d){b=e.pemToDer(b);b=a.fromDer(b);return d(b)},A=function(b,d){b=e.base64ToDer(b);b=a.fromDer(b);return d(b)},r=function(a){a=g.util.bytesToHex(g.util.hexToBytes(a.toString(16)));"8"<=a[0]&&(a="00"+a);return g.util.hexToBytes(a)},D=function(b,d,f){var c={};if(b!==l["RSASSA-PSS"])return c;f&&(c={hash:{algorithmOid:l.sha1},mgf:{algorithmOid:l.mgf1,hash:{algorithmOid:l.sha1}},saltLength:20});b={};f=[];if(!a.validate(d,I,b,f))throw{code:"112004",message:m["112004"]+"("+f+")"};void 0!==b.hashOid&&(c.hash=c.hash||{},c.hash.algorithmOid=a.derToOid(b.hashOid));void 0!==b.maskGenOid&&(c.mgf=c.mgf||{},c.mgf.algorithmOid=a.derToOid(b.maskGenOid),c.mgf.hash=c.mgf.hash||{},c.mgf.hash.algorithmOid=a.derToOid(b.maskGenHashOid));void 0!==b.saltLength&&(c.saltLength=b.saltLength.charCodeAt(0));return c};e.certificateFromPem=function(a,d){if(null==a||"undefined"==typeof a)throw{code:"112005",message:m["112005"]};return z(a,function(a){return e.certificateFromAsn1(a,d)})};e.certificateFromBase64=function(a,d){if(null==a||"undefined"==typeof a)throw{code:"112006",message:m["112006"]};return A(a,function(a){return e.certificateFromAsn1(a,d)})};e.certificateToPem=function(b,d){if(null==b||"undefined"==typeof b)throw{code:"112007",message:m["112007"]};b=a.toDer(e.certificateToAsn1(b));b=g.util.encode64(b.getBytes(),d||64);return"-----BEGIN CERTIFICATE-----\r\n"+b+"\r\n-----END CERTIFICATE-----"};e.certificateToBase64=function(b){if(null==b||"undefined"==typeof b)throw{code:"112008",message:m["112008"]};b=a.toDer(e.certificateToAsn1(b));return g.util.encode64(b.getBytes())};e.publicKeyFromPem=function(a){if(null==a||"undefined"==typeof a)throw{code:"112009",message:m["112009"]};return z(a,e.publicKeyFromAsn1)};e.publicKeyToPem=function(b,d){if(null==b||"undefined"==typeof b)throw{code:"112010",message:m["112010"]};b=a.toDer(e.publicKeyToAsn1(b));b=g.util.encode64(b.getBytes(),d||64);return"-----BEGIN PUBLIC KEY-----\r\n"+b+"\r\n-----END PUBLIC KEY-----"};e.privateKeyFromPem=function(a){if(null==a||"undefined"==typeof a)throw{code:"112011",message:m["112011"]};return z(a,e.privateKeyFromAsn1)};e.privateKeyToPem=function(b,d){if(null==b||"undefined"==typeof b)throw{code:"112012",message:m["112012"]};b=a.toDer(e.privateKeyToAsn1(b));b=g.util.encode64(b.getBytes(),d||64);return"-----BEGIN RSA PRIVATE KEY-----\r\n"+b+"\r\n-----END RSA PRIVATE KEY-----"};e.publicKeyFromBase64=function(a){if(null==a||"undefined"==typeof a)throw{code:"112013",message:m["112013"]};return A(a,e.publicKeyFromAsn1)};e.publicKeyToBase64=function(b){if(null==b||"undefined"==typeof b)throw{code:"112014",message:m["112014"]};b=a.toDer(e.publicKeyToAsn1(b));return g.util.encode64(b.getBytes())};e.privateKeyFromBase64=function(a){if(null==a||"undefined"==typeof a)throw{code:"112015",message:m["112013"]};return A(a,e.privateKeyFromAsn1)};e.privateKeyToBase64=function(b){if(null==b||"undefined"==typeof b)throw{code:"112016",message:m["112016"]};b=a.toDer(e.privateKeyToAsn1(b));return g.util.encode64(b.getBytes())};e.createCertificate=function(){var b={version:2,serialNumber:"00",signatureOid:null,signature:null,siginfo:{}};b.siginfo.algorithmOid=null;b.validity={};b.validity.notBefore=new Date;b.validity.notAfter=new Date;b.issuer={};b.issuer.getField=function(a){return C(b.issuer,a)};b.issuer.addField=function(a){d([a]);b.issuer.attributes.push(a)};b.issuer.attributes=[];b.issuer.hash=null;b.subject={};b.subject.getField=function(a){return C(b.subject,a)};b.subject.addField=function(a){d([a]);b.subject.attributes.push(a)};b.subject.attributes=[];b.subject.hash=null;b.extensions=[];b.publicKey=null;b.md=null;var d=function(a){for(var b,f=0;f<a.length;++f){b=a[f];"undefined"===typeof b.name&&(b.type&&b.type in e.oids?b.name=e.oids[b.type]:b.shortName&&b.shortName in n&&(b.name=e.oids[n[b.shortName]]));if("undefined"===typeof b.type)if(b.name&&b.name in e.oids)b.type=e.oids[b.name];else throw{code:"112017",message:m["112017"]+"("+b+")"};"undefined"===typeof b.shortName&&b.name&&b.name in n&&(b.shortName=n[b.name]);if("undefined"===typeof b.value)throw{code:"112018",message:m["112018"]+"("+b+")"};}};b.setSubject=function(a,c){if(null==a||"undefined"==typeof a)throw{code:"112019",message:m["112019"]};d(a);b.subject.attributes=a;delete b.subject.uniqueId;c&&(b.subject.uniqueId=c);b.subject.hash=null};b.setIssuer=function(a,c){if(null==a||"undefined"==typeof a)throw{code:"112020",message:m["112020"]};d(a);b.issuer.attributes=a;delete b.issuer.uniqueId;c&&(b.issuer.uniqueId=c);b.issuer.hash=null};b.setExtensions=function(f){if(null==f||"undefined"==typeof f)throw{code:"112021",message:m["112021"]};for(var c,d=0;d<f.length;++d){c=f[d];"undefined"===typeof c.name&&c.id&&c.id in e.oids&&(c.name=e.oids[c.id]);if("undefined"===typeof c.id)if(c.name&&c.name in e.oids)c.id=e.oids[c.name];else throw{code:"112022",message:m["112022"]+"("+c.name+")"};if("undefined"===typeof c.value){if("keyUsage"===c.name){var h=0,k=0,l=0;c.digitalSignature&&(k|=128,h=7);c.nonRepudiation&&(k|=64,h=6);c.keyEncipherment&&(k|=32,h=5);c.dataEncipherment&&(k|=16,h=4);c.keyAgreement&&(k|=8,h=3);c.keyCertSign&&(k|=4,h=2);c.cRLSign&&(k|=2,h=1);c.encipherOnly&&(k|=1,h=0);c.decipherOnly&&(l|=128,h=7);h=String.fromCharCode(h);0!==l?h+=String.fromCharCode(k)+String.fromCharCode(l):0!==k&&(h+=String.fromCharCode(k));c.value=a.create(a.Class.UNIVERSAL,a.Type.BITSTRING,!1,h)}else if("basicConstraints"===c.name)c.value=a.create(a.Class.UNIVERSAL,a.Type.SEQUENCE,!0,[]),c.cA&&c.value.value.push(a.create(a.Class.UNIVERSAL,a.Type.BOOLEAN,!1,String.fromCharCode(255))),c.pathLenConstraint&&(h=c.pathLenConstraint,k=g.util.createBuffer(),k.putInt(h,h.toString(2).length),c.value.value.push(a.create(a.Class.UNIVERSAL,a.Type.INTEGER,!1,k.getBytes())));else if("subjectAltName"===c.name||"issuerAltName"===c.name)for(c.value=a.create(a.Class.UNIVERSAL,a.Type.SEQUENCE,!0,[]),l=0;l<c.altNames.length;++l)k=c.altNames[l],h=k.value,8===k.type&&(h=a.oidToDer(h)),c.value.value.push(a.create(a.Class.CONTEXT_SPECIFIC,k.type,!1,h));if("undefined"===typeof c.value)throw{code:"112023",message:m["112023"]};}}b.extensions=f};b.getExtension=function(a){if(null==a||"undefined"==typeof a)throw{code:"112024",message:m["112024"]};a.constructor==String&&(a={name:a});for(var c=null,d,f=0;null===c&&f<b.extensions.length;++f)d=b.extensions[f],a.id&&d.id===a.id?c=d:a.name&&d.name===a.name&&(c=d);return c};b.sign=function(d){if(null==d||"undefined"==typeof d)throw{code:"112025",message:m["112025"]};b.signatureOid=l.sha1WithRSAEncryption;b.siginfo.algorithmOid=l.sha1WithRSAEncryption;b.md=g.md.sha1.create();b.tbsCertificate=e.getTBSCertificate(b);var c=a.toDer(b.tbsCertificate);b.md.update(c.getBytes());b.signature=d.sign(b.md)};b.verify=function(d){if(null==d||"undefined"==typeof d)throw{code:"112026",message:m["112026"]};var c=!1,f=d.md;if(null===f){if(b.signatureOid in l)switch(l[b.signatureOid]){case "sha1WithRSAEncryption":f=g.md.sha1.create();break;case "kcdsaWithSHA1":b.md=g.md.sha1.create();break;case "md5WithRSAEncryption":f=g.md.md5.create();break;case "sha256WithRSAEncryption":f=g.md.sha256.create();break;case "RSASSA-PSS":f=g.md.sha256.create()}if(null===f)throw{code:"112027",message:m["112027"]+"("+b.signatureOid+")"};var h=d.tbsCertificate||e.getTBSCertificate(d);h=a.toDer(h);f.update(h.getBytes())}if(null!==f){c=void 0;switch(d.signatureOid){case l.sha1WithRSAEncryption:c=void 0;break;case l["RSASSA-PSS"]:c=l[d.signatureParameters.mgf.hash.algorithmOid];if(void 0===c||void 0===g.md[c])throw{code:"112028",message:m["112028"]+"(oid:"+d.signatureParameters.mgf.hash.algorithmOid+")"};h=l[d.signatureParameters.mgf.algorithmOid];if(void 0===h||void 0===g.mgf[h])throw{code:"112029",message:m["112029"]+"(oid:"+d.signatureParameters.mgf.algorithmOid+")"};h=g.mgf[h].create(g.md[c].create());c=l[d.signatureParameters.hash.algorithmOid];if(void 0===c||void 0===g.md[c])throw{code:"112030",message:m["112030"]+"(oid:"+d.signatureParameters.hash.algorithmOid+")"};c=g.pss.create(g.md[c].create(),h,d.signatureParameters.saltLength)}c=b.publicKey.verify(f.digest().getBytes(),d.signature,c)}return c};b.isIssuer=function(a){if(null==a||"undefined"==typeof a)throw{code:"112031",message:m["112031"]};var c=!1,d=b.issuer;a=a.subject;if(d.hash&&a.hash)c=d.hash===a.hash;else if(d.attributes.length===a.attributes.length){c=!0;for(var f,e,g=0;c&&g<d.attributes.length;++g)if(f=d.attributes[g],e=a.attributes[g],f.type!==e.type||f.value!==e.value)c=!1}return c};return b};e.certificateFromAsn1=function(b,d){if(null==b||"undefined"==typeof b)throw{code:"112032",message:m["112032"]};var f={},c=[];if(!a.validate(b,G,f,c))throw{code:"112033",message:m["112033"]+c};b=a.derToOid(f.publicKeyOid);c=e.createCertificate();c.version=f.certVersion?f.certVersion.charCodeAt(0):0;var t=g.util.createBuffer(f.certSerialNumber);c.serialNumber=t.toHex();c.signatureOid=g.asn1.derToOid(f.certSignatureOid);c.signatureParameters=D(c.signatureOid,f.certSignatureParams,!0);c.siginfo.algorithmOid=g.asn1.derToOid(f.certinfoSignatureOid);c.siginfo.parameters=D(c.siginfo.algorithmOid,f.certinfoSignatureParams,!1);t=g.util.createBuffer(f.certSignature);++t.read;c.signature=t.getBytes();t=[];void 0!==f.certValidity1UTCTime&&t.push(a.utcTimeToDate(f.certValidity1UTCTime));void 0!==f.certValidity2GeneralizedTime&&t.push(a.generalizedTimeToDate(f.certValidity2GeneralizedTime));void 0!==f.certValidity3UTCTime&&t.push(a.utcTimeToDate(f.certValidity3UTCTime));void 0!==f.certValidity4GeneralizedTime&&t.push(a.generalizedTimeToDate(f.certValidity4GeneralizedTime));if(2<t.length)throw{code:"112035",message:m["112035"]};if(2>t.length)throw{code:"112036",message:m["112036"]};c.validity.notBefore=t[0];c.validity.notAfter=t[1];c.publicKeyOid=g.asn1.derToOid(f.publicKeyOid);c.tbsCertificate=f.tbsCertificate;if(d){c.md=null;if(c.signatureOid in l)switch(b=l[c.signatureOid],b){case "sha1WithRSAEncryption":c.md=g.md.sha1.create();break;case "kcdsaWithSHA1":c.md=g.md.sha1.create();break;case "md5WithRSAEncryption":c.md=g.md.md5.create();break;case "sha256WithRSAEncryption":c.md=g.md.sha256.create();break;case "RSASSA-PSS":c.md=g.md.sha256.create()}if(null===c.md)throw{code:"112037",message:m["112037"]+"(signatureOid:"+c.signatureOid+")"};d=a.toDer(c.tbsCertificate);c.md.update(d.getBytes())}d=g.md.sha1.create();c.issuer.attributes=e.RDNAttributesAsArray(f.certIssuer,d);f.certIssuerUniqueId&&(c.issuer.uniqueId=f.certIssuerUniqueId);c.issuer.hash=d.digest().toHex();d=g.md.sha1.create();c.subject.attributes=e.RDNAttributesAsArray(f.certSubject,d);f.certSubjectUniqueId&&(c.subject.uniqueId=f.certSubjectUniqueId);c.subject.hash=d.digest().toHex();if(f.certExtensions){d=f.certExtensions;t=[];for(var h,k,n,B=0;B<d.value.length;++B){n=d.value[B];for(var p=0;p<n.value.length;++p){k=n.value[p];h={};h.id=a.derToOid(k.value[0].value);h.critical=!1;k.value[1].type===a.Type.BOOLEAN?(h.critical=0!==k.value[1].value.charCodeAt(0),h.value=k.value[2].value):h.value=k.value[1].value;if(h.id in l)if(h.name=l[h.id],"keyUsage"===h.name){k=a.fromDer(h.value);var q=0,r=0;1<k.value.length&&(q=k.value.charCodeAt(1),r=2<k.value.length?k.value.charCodeAt(2):0);h.digitalSignature=128==(q&128);h.nonRepudiation=64==(q&64);h.keyEncipherment=32==(q&32);h.dataEncipherment=16==(q&16);h.keyAgreement=8==(q&8);h.keyCertSign=4==(q&4);h.cRLSign=2==(q&2);h.encipherOnly=1==(q&1);h.decipherOnly=128==(r&128)}else if("basicConstraints"===h.name)k=a.fromDer(h.value),h.cA=0<k.value.length?0!==k.value[0].value.charCodeAt(0):!1,1<k.value.length&&(k=g.util.createBuffer(k.value[1].value),h.pathLenConstraint=k.getInt(k.length()<<3));else if("subjectAltName"===h.name||"issuerAltName"===h.name)for(h.altNames=[],k=a.fromDer(h.value),r=0;r<k.value.length;++r){q=k.value[r];var u={type:q.type,value:q.value};h.altNames.push(u);switch(q.type){case 8:u.oid=a.derToOid(q.value)}}t.push(h)}}c.extensions=t}else c.extensions=[];b==e.oids.RSAEncryption?(c.publicKey=e.publicKeyFromAsn1(f.subjectPublicKeyInfo),c.rsaPublicKey=e.rsaPublicKeyToAsn1(c.publicKey)):c.publicKey=f.subjectPublicKeyInfo.value[1];return c};_dnToAsn1=function(b){var d=a.create(a.Class.UNIVERSAL,a.Type.SEQUENCE,!0,[]);b=b.attributes;for(var f=0;f<b.length;++f){var c=b[f];var e=c.value,h=a.Type.PRINTABLESTRING;"valueTagClass"in c&&(h=c.valueTagClass);c=a.create(a.Class.UNIVERSAL,a.Type.SET,!0,[a.create(a.Class.UNIVERSAL,a.Type.SEQUENCE,!0,[a.create(a.Class.UNIVERSAL,a.Type.OID,!1,a.oidToDer(c.type).getBytes()),a.create(a.Class.UNIVERSAL,h,!1,e)])]);d.value.push(c)}return d};_extensionsToAsn1=function(b){var d=a.create(a.Class.CONTEXT_SPECIFIC,3,!0,[]),f=a.create(a.Class.UNIVERSAL,a.Type.SEQUENCE,!0,[]);d.value.push(f);for(var c,e,h=0;h<b.length;++h){c=b[h];e=a.create(a.Class.UNIVERSAL,a.Type.SEQUENCE,!0,[]);f.value.push(e);e.value.push(a.create(a.Class.UNIVERSAL,a.Type.OID,!1,a.oidToDer(c.id).getBytes()));c.critical&&e.value.push(a.create(a.Class.UNIVERSAL,a.Type.BOOLEAN,!1,String.fromCharCode(255)));var g=c.value;c.value.constructor!=String&&(g=a.toDer(g).getBytes());e.value.push(a.create(a.Class.UNIVERSAL,a.Type.OCTETSTRING,!1,g))}return d};var E=function(b,d){switch(b){case l["RSASSA-PSS"]:return b=[],void 0!==d.hash.algorithmOid&&b.push(a.create(a.Class.CONTEXT_SPECIFIC,0,!0,[a.create(a.Class.UNIVERSAL,a.Type.SEQUENCE,!0,[a.create(a.Class.UNIVERSAL,a.Type.OID,!1,a.oidToDer(d.hash.algorithmOid).getBytes()),a.create(a.Class.UNIVERSAL,a.Type.NULL,!1,"")])])),void 0!==d.mgf.algorithmOid&&b.push(a.create(a.Class.CONTEXT_SPECIFIC,1,!0,[a.create(a.Class.UNIVERSAL,a.Type.SEQUENCE,!0,[a.create(a.Class.UNIVERSAL,a.Type.OID,!1,a.oidToDer(d.mgf.algorithmOid).getBytes()),a.create(a.Class.UNIVERSAL,a.Type.SEQUENCE,!0,[a.create(a.Class.UNIVERSAL,a.Type.OID,!1,a.oidToDer(d.mgf.hash.algorithmOid).getBytes()),a.create(a.Class.UNIVERSAL,a.Type.NULL,!1,"")])])])),void 0!==d.saltLength&&b.push(a.create(a.Class.CONTEXT_SPECIFIC,2,!0,[a.create(a.Class.UNIVERSAL,a.Type.INTEGER,!1,String.fromCharCode(d.saltLength))])),a.create(a.Class.UNIVERSAL,a.Type.SEQUENCE,!0,b);default:return a.create(a.Class.UNIVERSAL,a.Type.NULL,!1,"")}};e.getTBSCertificate=function(b){var d=a.create(a.Class.UNIVERSAL,a.Type.SEQUENCE,!0,[a.create(a.Class.CONTEXT_SPECIFIC,0,!0,[a.create(a.Class.UNIVERSAL,a.Type.INTEGER,!1,String.fromCharCode(b.version))]),a.create(a.Class.UNIVERSAL,a.Type.INTEGER,!1,g.util.hexToBytes(b.serialNumber)),a.create(a.Class.UNIVERSAL,a.Type.SEQUENCE,!0,[a.create(a.Class.UNIVERSAL,a.Type.OID,!1,a.oidToDer(b.siginfo.algorithmOid).getBytes()),E(b.siginfo.algorithmOid,b.siginfo.parameters)]),_dnToAsn1(b.issuer),a.create(a.Class.UNIVERSAL,a.Type.SEQUENCE,!0,[a.create(a.Class.UNIVERSAL,a.Type.UTCTIME,!1,a.dateToUtcTime(b.validity.notBefore)),a.create(a.Class.UNIVERSAL,a.Type.UTCTIME,!1,a.dateToUtcTime(b.validity.notAfter))]),_dnToAsn1(b.subject),e.publicKeyToAsn1(b.publicKey)]);b.issuer.uniqueId&&d.value.push(a.create(a.Class.CONTEXT_SPECIFIC,1,!0,[a.create(a.Class.UNIVERSAL,a.Type.BITSTRING,!1,String.fromCharCode(0)+b.issuer.uniqueId)]));b.subject.uniqueId&&d.value.push(a.create(a.Class.CONTEXT_SPECIFIC,2,!0,[a.create(a.Class.UNIVERSAL,a.Type.BITSTRING,!1,String.fromCharCode(0)+b.subject.uniqueId)]));0<b.extensions.length&&d.value.push(_extensionsToAsn1(b.extensions));return d};e.distinguishedNameToAsn1=function(a){if(null==a||"undefined"==typeof a)throw{code:"112038",message:m["112038"]};return _dnToAsn1(a)};e.certificateToAsn1=function(b){if(null==b||"undefined"==typeof b)throw{code:"112039",message:m["112039"]};var d=b.tbsCertificate||e.getTBSCertificate(b);return a.create(a.Class.UNIVERSAL,a.Type.SEQUENCE,!0,[d,a.create(a.Class.UNIVERSAL,a.Type.SEQUENCE,!0,[a.create(a.Class.UNIVERSAL,a.Type.OID,!1,a.oidToDer(b.signatureOid).getBytes()),E(b.signatureOid,b.signatureParameters)]),a.create(a.Class.UNIVERSAL,a.Type.BITSTRING,!1,String.fromCharCode(0)+b.signature)])};e.createCaStore=function(b){var d={certs:{},getIssuer:function(b){if(null==b||"undefined"==typeof b)throw{code:"112040",message:m["112040"]};var c=null;new y.certUtil;if(b.issuer.hash in d.certs){c=d.certs[b.issuer.hash];b=g.asn1.fromDer(b.getExtension("authorityKeyIdentifier").value);var f=g.asn1.fromDer(c.getExtension("subjectKeyIdentifier").value).value;if(b.value[0].value!=f)return null;if(b.value[1]){f=g.util.bytesToHex(a.toDer(b.value[1].value[0].value[0]).getBytes());var k=g.util.bytesToHex(a.toDer(e.distinguishedNameToAsn1(c.issuer)).getBytes());if(f!=k)return null}if(b.value[2]&&g.util.bytesToHex(b.value[2].value)!=c.serialNumber)return null}return c},addCertificate:function(a){if(null==a||"undefined"==typeof a)throw{code:"112041",message:m["112041"]};a.constructor==String&&(a=g.pki.certificateFromPem(a));if(a.subject.hash in d.certs){var b=d.certs[a.subject.hash];b.constructor!=Array&&(b=[b]);b.push(a)}else d.certs[a.subject.hash]=a}};if(b)for(var f=0;f<b.length;++f)d.addCertificate(b[f]);return d};e.certificateError={bad_certificate:"crosscert.pki.BadCertificate",unsupported_certificate:"crosscert.pki.UnsupportedCertificate",certificate_revoked:"crosscert.pki.CertificateRevoked",certificate_expired:"crosscert.pki.CertificateExpired",certificate_unknown:"crosscert.pki.CertificateUnknown",unknown_ca:"crosscert.pki.UnknownCertificateAuthority"};_verifyValidity=function(a,d){new y.certUtil;return a<d.validity.notBefore||a>d.validity.notAfter?!1:!0};e.verifyCertificateChain=function(a,d,f){var b=new Date,m=!1,h=new y.certUtil;if(_verifyValidity(b,d)){var k=[],l=a.getIssuer(d);if(null===l)error={message:"no parent issuer, so certificate not trusted.",error:e.certificateError.unknown_ca},f(!1,k.length,error.message);else{for(k.push(d);l.issuer.hash!=l.subject.hash;){var n=l;if(_verifyValidity(b,n)){l=a.getIssuer(n);if(null===l){error={message:"no parent issuer, so certificate not trusted.",error:e.certificateError.unknown_ca};break}k.push(n)}else error={message:"Certificate is not valid yet or has expired.",error:e.certificateError.certificate_expired,notBefore:d.validity.notBefore,notAfter:d.validity.notAfter,now:b},f(!1,k.length,error.message)}_verifyValidity(b,l)?k.push(l):(error={message:"Certificate is not valid yet or has expired.",error:e.certificateError.certificate_expired,notBefore:d.validity.notBefore,notAfter:d.validity.notAfter,now:b},f(!1,k.length,error.message));a=[];d=!0;for(b=k.length-1;0<=b;b--){l=k[b];n=l.getExtension("basicConstraints");if(b!=k.length-1&&0!=b){var p=l.getExtension("nameConstraints");if(null!=p){var q=h.getDN(k[b-1].subject);if(null!=p.permittedSubtrees){var r=!0;for(b=0;b<p.permittedSubtrees.length;b++){var u=p.permittedSubtrees.value[b];0>q.indexOf(u)&&(r=!1)}1!=r&&(error={message:"Certificate nameConstraints verify : fail!(permittedSubtrees)",error:e.certificateError.bad_certificate},f(!1,k.length,error.message))}if(null!=p.excludedSubtrees){r=!1;for(b=0;b<p.excludedSubtrees.length;b++)u=p.excludedSubtrees.value[b],-1<q.indexOf(u)&&(r=!0);1==r&&(error={message:"Certificate nameConstraints verify : fail!(excludedSubtrees)",error:e.certificateError.bad_certificate},f(!1,k.length,error.message))}}}p=l.getExtension("keyUsage");null!=p&&(q="",p.digitalSignature&&(q+="digitalSignature,"),p.nonRepudiation&&(q+="nonRepudiation,"),p.keyEncipherment&&(q+="keyEncipherment,"),p.dataEncipherment&&(q+="dataEncipherment,"),p.keyAgreement&&(q+="keyAgreement,"),null!=n&&p.keyCertSign&&(q+="keyCertSign,"),null!=n&&p.cRLSign&&(q+="cRLSign,"),p.encipherOnly&&(q+="encipherOnly,"),p.decipherOnly&&(q+="decipherOnly,"),q=q.substring(0,q.length-1),""==q&&f(!1,k.length,"\ud655\uc7a5\ud0a4 \uc0ac\uc6a9 \ubaa9\uc801  \uac80\uc99d : false"));if(b!=k.length-1&&d){n=l.getExtension("certificatePolicies");p={valid_policy:"any-policy",qualifier_set:"empty",criticality_indicator:!1,expected_policy_set:"any-policy",node:[]};if(null==n){d=!1;continue}if(null!=n&&null!=p){q=g.asn1.fromDer(n.value);if(q.value[1])p.valid_policy=g.asn1.derToOid(q.value[1].value[0].value),p.qualifier_set=q.v,alue[1].value[1].value;else{p.valid_policy=g.asn1.derToOid(q.value[0].value[0].value);try{p.qualifier_set=q.value[0].value[1].value}catch(F){}}p.criticality_indicator=n.critical;"2.5.29.32.0"==p.valid_policy?(p.expected_policy_set=p.valid_policy,a.push(p)):0<a.length&&"2.5.29.32.0"==a[a.length-1].expected_policy_set?(p.expected_policy_set=p.valid_policy,a[a.length-1].node.push(p)):(p.expected_policy_set=p.valid_policy,a.push(p))}else a=null;null==a&&f(!1,k.length,"\uc720\ud6a8\ud55c \uc815\ucc45 \ud2b8\ub9ac\uac00 null\uc784. \uac80\uc99d \uc2e4\ud328")}if(b==k.length-1)try{m=l.verify(l)}catch(F){error={message:"Certificate signature is invalid.",error:e.certificateError.bad_certificate},f(!1,k.length,error.message)}else try{m=k[b+1].verify(l)}catch(F){error={message:"Certificate signature is invalid.",error:e.certificateError.bad_certificate},f(!1,k.length,error.message)}}f(m,k.length,k)}}else error={message:"Certificate is not valid yet or has expired.",error:e.certificateError.certificate_expired,notBefore:d.validity.notBefore,notAfter:d.validity.notAfter,now:b},f(!1,0,error.message)};e.publicKeyFromAsn1=function(b){var d={},f=[];if(!a.validate(b,v,d,f))throw{code:"112042",message:m["112042"],errors:f};return a.derToOid(d.publicKeyOid)==e.oids.RSAEncryption?(b=g.util.createBuffer(d.rsaPublicKey),b.getByte(),e.rsaPublicKeyFromAsn1(a.fromDer(b))):a.create(a.Class.UNIVERSAL,a.Type.BITSTRING,!1,String.fromCharCode(0)+d.subjectPublicKeyInfo.value[1].value)};e.publicKeyToAsn1=function(b){if(null==b||"undefined"==typeof b)throw{code:"112045",message:m["112045"]};return a.create(a.Class.UNIVERSAL,a.Type.SEQUENCE,!0,[a.create(a.Class.UNIVERSAL,a.Type.SEQUENCE,!0,[a.create(a.Class.UNIVERSAL,a.Type.OID,!1,a.oidToDer(e.oids.RSAEncryption).getBytes()),a.create(a.Class.UNIVERSAL,a.Type.NULL,!1,"")]),a.create(a.Class.UNIVERSAL,a.Type.BITSTRING,!1,[a.create(a.Class.UNIVERSAL,a.Type.SEQUENCE,!0,[a.create(a.Class.UNIVERSAL,a.Type.INTEGER,!1,r(b.n)),a.create(a.Class.UNIVERSAL,a.Type.INTEGER,!1,r(b.e))])])])};e.rsaPublicKeyFromAsn1=function(b){var d={},f=[];if(!a.validate(b,x,d,f))throw{code:"112044",message:m["112044"],errors:f};b=g.util.createBuffer(d.publicKeyModulus).toHex();d=g.util.createBuffer(d.publicKeyExponent).toHex();return e.setRsaPublicKey(new BigInteger(b,16),new BigInteger(d,16))};e.rsaPublicKeyToAsn1=function(b){if(null==b||"undefined"==typeof b)throw{code:"112046",message:m["112046"]};return a.create(a.Class.UNIVERSAL,a.Type.SEQUENCE,!0,[a.create(a.Class.UNIVERSAL,a.Type.INTEGER,!1,r(b.n)),a.create(a.Class.UNIVERSAL,a.Type.INTEGER,!1,r(b.e))])};e.privateKeyFromAsn1=function(b){if(null==b||"undefined"==typeof b)throw{code:"112047",message:m["112047"]};var d={},f=[];a.validate(b,w.privateKeyValidator,d,f)&&(b=a.fromDer(g.util.createBuffer(d.privateKey)));d={};f=[];if(!a.validate(b,H,d,f))throw{code:"112048",message:m["112048"],errors:f};b=g.util.createBuffer(d.privateKeyModulus).toHex();f=g.util.createBuffer(d.privateKeyPublicExponent).toHex();var c=g.util.createBuffer(d.privateKeyPrivateExponent).toHex();var l=g.util.createBuffer(d.privateKeyPrime1).toHex();var h=g.util.createBuffer(d.privateKeyPrime2).toHex();var k=g.util.createBuffer(d.privateKeyExponent1).toHex();var n=g.util.createBuffer(d.privateKeyExponent2).toHex();d=g.util.createBuffer(d.privateKeyCoefficient).toHex();return e.setRsaPrivateKey(new BigInteger(b,16),new BigInteger(f,16),new BigInteger(c,16),new BigInteger(l,16),new BigInteger(h,16),new BigInteger(k,16),new BigInteger(n,16),new BigInteger(d,16))};e.privateKeyToAsn1=function(b){if(null==b||"undefined"==typeof b)throw{code:"112049",message:m["112049"]};return a.create(a.Class.UNIVERSAL,a.Type.SEQUENCE,!0,[a.create(a.Class.UNIVERSAL,a.Type.INTEGER,!1,String.fromCharCode(0)),a.create(a.Class.UNIVERSAL,a.Type.INTEGER,!1,r(b.n)),a.create(a.Class.UNIVERSAL,a.Type.INTEGER,!1,r(b.e)),a.create(a.Class.UNIVERSAL,a.Type.INTEGER,!1,r(b.d)),a.create(a.Class.UNIVERSAL,a.Type.INTEGER,!1,r(b.p)),a.create(a.Class.UNIVERSAL,a.Type.INTEGER,!1,r(b.q)),a.create(a.Class.UNIVERSAL,a.Type.INTEGER,!1,r(b.dP)),a.create(a.Class.UNIVERSAL,a.Type.INTEGER,!1,r(b.dQ)),a.create(a.Class.UNIVERSAL,a.Type.INTEGER,!1,r(b.qInv))])};e.setRsaPublicKey=e.rsa.setPublicKey;e.setRsaPrivateKey=e.rsa.setPrivateKey}var x="./aes ./asn1 ./jsbn ./md ./oids ./random ./rsa ./util ./jsustoolkitErrCode".split(" "),w=null;"function"!==typeof define&&("object"===typeof module&&module.exports?w=function(g,a){a(require,module)}:(crosscert=window.crosscert=window.crosscert||{},v(crosscert)));(w||"function"===typeof define)&&(w||define)(["require","module"].concat(x),function(g,a){a.exports=function(a){var e=x.map(function(a){return g(a)}).concat(v);a=a||{};a.defined=a.defined||{};if(a.defined.pki)return a.pki;a.defined.pki=!0;for(var l=0;l<e.length;++l)e[l](a);return a.pki}})})();
    2.