Home Explore Help
Register Sign In
ETEC
/
ebid
2
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Tree: 8a51d8d62e
Branches Tags
ebid
/
web
/
CrossCert
/
CC_WSTD_home
/
jsustoolkit
/
toolkit
/
x509Certificate.js

x509Certificate.js 11 KB
History Raw

1 
  1. (function(){function r(b){var g=b.jsustoolkitErrCode=b.jsustoolkitErrCode||{},e=b.x509Certificate=b.x509Certificate||{},d=null,p=null,f=b.asn1,q={name:"CertificateListInfo",tagClass:f.Class.UNIVERSAL,type:f.Type.SEQUENCE,constructed:!0,value:[{name:"CertificateListInfo.tbsCertList",tagClass:f.Class.UNIVERSAL,type:f.Type.SEQUENCE,constructed:!0,captureAsn1:"TBSCertList"},{name:"CertificateListInfo.signatureAlgorithm",tagClass:f.Class.UNIVERSAL,type:f.Type.SEQUENCE,constructed:!0,value:[{name:"CertificateListInfo.algorithm",tagClass:f.Class.UNIVERSAL,type:f.Type.OID,constructed:!1,capture:"signatureOid"},{name:"CertificateListInfo.parameters",tagClass:f.Class.UNIVERSAL,optional:!0,captureAsn1:"signatureParams"}]},{name:"CertificateListInfo.signatureValue",tagClass:f.Class.UNIVERSAL,type:f.Type.BITSTRING,constructed:!1,capture:"signature"}]},r={name:"tbsCertList",tagClass:f.Class.UNIVERSAL,type:f.Type.SEQUENCE,constructed:!0,captureAsn1:"tbsCertListInfo",value:[{name:"tbsCertListInfo.version",tagClass:f.Class.UNIVERSAL,type:f.Type.INTEGER,constructed:!1,optional:!0,capture:"certListVersion"},{name:"tbsCertListInfo.signature",tagClass:f.Class.UNIVERSAL,type:f.Type.SEQUENCE,constructed:!0,value:[{name:"tbsCertListInfo.signature.algorithm",tagClass:f.Class.UNIVERSAL,type:f.Type.OID,constructed:!1,capture:"certListInfoSignatureOid"},{name:"tbsCertListInfo.signature.parameters",tagClass:f.Class.UNIVERSAL,optional:!0,captureAsn1:"certListInfoSignatureParams"}]},{name:"tbsCertListInfo.issuer",tagClass:f.Class.UNIVERSAL,type:f.Type.SEQUENCE,constructed:!0,captureAsn1:"certListIssuer"},{name:"tbsCertListInfo.thisUpdate",tagClass:f.Class.UNIVERSAL,type:f.Type.UTCTIME,constructed:!1,capture:"thisUpdate"},{name:"tbsCertListInfo.nextUpdate",tagClass:f.Class.UNIVERSAL,type:f.Type.UTCTIME,constructed:!1,optional:!0,capture:"nextUpdate"},{name:"tbsCertListInfo.revokedCertificaates",tagClass:f.Class.UNIVERSAL,type:f.Type.SEQUENCE,constructed:!0,optional:!0,captureAsn1:"revokedCertificaates"},{name:"tbsCertListInfo.extensions",tagClass:f.Class.CONTEXT_SPECIFIC,type:0,constructed:!0,optional:!0,captureAsn1:"certListInfoExtensions"}]},t="unspecified keyCompromise caCompromise affiliationChanged superseded cessationOfOperation certificateHold removeFromCRL".split(" ");e.parser=function(a,c){if(null==a||"undefined"==typeof a)throw{code:"112050",message:g["112050"]};if("PEM"==c)d=b.pki.certificateFromPem(a);else if("Base64"==c)d=b.pki.certificateFromBase64(a);else if("ASN1"==c)d=b.pki.certificateFromAsn1(a);else throw{code:"112051",message:g["112051"]};p=new e.certUtil;return d};e.getVersion=function(){return d.version+1};e.getSerialNumber=function(){return d.serialNumber};e.getSignAlgo=function(){return b.pki.oids[d.signatureOid]};e.getSignHashAlgo=function(){return e.getSignAlgo().substring(0,e.getSignAlgo().indexOf("with"))};e.getIssuerName=function(){return p.getDN(d.issuer)};e.getNotBefore=function(){return d.validity.notBefore};e.getNotAfter=function(){return d.validity.notAfter};e.getSubjectName=function(){return p.getDN(d.subject)};e.getSignature=function(){return b.util.bytesToHex(d.signature)};e.getPublickeyAlgo=function(){var a=b.pki.oids[d.publicKeyOid];null==a&&(a=d.publicKeyOid);return a};e.getPublickey=function(){return d.publicKeyOid==b.pki.oids.RSAEncryption?b.asn1.toDer(d.rsaPublicKey).toHex():b.asn1.toDer(d.publicKey.value[0]).toHex()};e.getAuthorityInfoAccess=function(){if(null==d.getExtension("authorityInfoAccess"))return"";var a=b.asn1.fromDer(d.getExtension("authorityInfoAccess").value).value[0];return"AccessMethod ="+b.pki.oids[b.asn1.derToOid(a.value[0].value)]+"("+b.asn1.derToOid(a.value[0].value)+")\nAlternativeName = "+a.value[1].value};e.getAuthorityKeyIdentifier=function(){if(null==d.getExtension("authorityKeyIdentifier"))return"";var a=b.asn1.fromDer(d.getExtension("authorityKeyIdentifier").value);return a.value[2]?"KeyID ="+b.util.bytesToHex(a.value[0].value)+"\nCertificate SerialNumber="+b.util.bytesToHex(a.value[2].value)+"\n":"KeyID ="+b.util.bytesToHex(a.value[0].value)+"\n"};e.getSubjectKeyIdentifier=function(){return null==d.getExtension("subjectKeyIdentifier")?"":b.util.bytesToHex(b.asn1.fromDer(d.getExtension("subjectKeyIdentifier").value).value)};e.getKeyUsage=function(){var a=d.getExtension("keyUsage"),c="";null!==a&&(a.digitalSignature&&(c+="digitalSignature,"),a.nonRepudiation&&(c+="nonRepudiation,"),a.keyEncipherment&&(c+="keyEncipherment,"),a.dataEncipherment&&(c+="dataEncipherment,"),a.keyAgreement&&(c+="keyAgreement,"),a.keyCertSign&&(c+="keyCertSign,"),a.cRLSign&&(c+="cRLSign,"),a.encipherOnly&&(c+="encipherOnly,"),a.decipherOnly&&(c+="decipherOnly,"),c=c.substring(0,c.length-1));return c};e.getCertificatePoliciesOid=function(){if(null==d.getExtension("certificatePolicies"))return"";var a=b.asn1.fromDer(d.getExtension("certificatePolicies").value),c=a.value[0];a.value[1]&&(c=a.value[1]);return b.asn1.derToOid(c.value[0].value)};e.getCertificatePoliciesCPS=function(){if(null!=d.getExtension("certificatePolicies")){var a=b.asn1.fromDer(d.getExtension("certificatePolicies").value),c=a.value[0].value[1];a.value[1]&&(c=a.value[1].value[1]);if(null==c)return"";for(a=0;a<c.value.length;a++)if("cps"==b.pki.oids[b.asn1.derToOid(c.value[a].value[0].value)])return c.value[a].value[1].value}return""};e.getCertificatePoliciesUserNotice=function(){if(null!=d.getExtension("certificatePolicies")){var a=b.asn1.fromDer(d.getExtension("certificatePolicies").value),c=a.value[0].value[1];a.value[1]&&(c=a.value[1].value[1]);if(null==c)return"";for(a=0;a<c.value.length;a++)if("unotice"==b.pki.oids[b.asn1.derToOid(c.value[a].value[0].value)])return c.value[a].value[1].value[0].value}return""};e.getSubjectAltName=function(){if(null==d.getExtension("subjectAltName"))return"";for(var a=b.asn1.fromDer(d.getExtension("subjectAltName").value),c="",n=0;n<a.value.length;n++)1==a.value[n].type?c+="RFC822Name = "+a.value[n].value:0==a.value[n].type&&(c+="Other Name: "+b.asn1.derToOid(a.value[n].value[0].value)+"="+b.asn1.toDer(a.value[n].value[1].value[0]).toHex()),n!=a.value.length-1&&(c+="\n");return c};e.getcRLDistributionPoints=function(){if(null==d.getExtension("cRLDistributionPoints"))return"";var a=b.asn1.fromDer(d.getExtension("cRLDistributionPoints").value);return a.value[1]?a.value[1].value[0].value[0].value[0].value:a.value[0].value[0].value[0].value[0].value};e.crlDownload=function(a,c){var b=null;if(window.XMLHttpRequest)b=new window.XMLHttpRequest;else try{b=new ActiveXObject("Msxml2.XMLHTTP")}catch(l){try{b=new ActiveXObject("Microsoft.XMLHTTP")}catch(m){b=null}}b.open("POST",a+"/LdapProxy.do",!1);b.setRequestHeader("Content-Type","application/x-www-form-urlencoded");b.setRequestHeader("Cache-Control","no-cache, must-revalidate");b.setRequestHeader("Pragma","no-cache");b.withCredentials=!0;b.send("ldapurl="+c);if(200==b.status){a=b.responseText;if(""==a||null==a)return null;c="";try{c=JSON.parse(a)}catch(l){c=a}return c}return null};e.verifyCRL=function(a,c){var d={verify:!1},l=new Date;if(l<e.getNotBefore()||l>e.getNotAfter())d.verify=!1,d.revocationDate=e.getNotAfter(),d.reason="Certificate has expired.",d.errCode=-1;else{var m={};l={};var h=[];c=f.fromDer(c);if(!f.validate(c,q,m,h))throw{code:"112052",message:g["112052"]};if(!f.validate(m.TBSCertList,r,l,h))throw{code:"112053",message:g["112053"]};if(!f.fromDer(l.certListInfoExtensions.value[0].value[0].value[1].value).value[0].value==f.fromDer(a.getExtension("subjectKeyIdentifier").value).value)throw{code:"112054",message:g["112054"]};c=b.util.createBuffer(m.signature);++c.read;c=c.getBytes();var k=m.TBSCertList;h=f.derToOid(m.signatureOid);m=c;if(null==a||"undefined"==typeof a)throw{code:"112053",message:g["112053"]};if(null==k||"undefined"==typeof k)throw{code:"112054",message:g["112054"]};if(null==h||"undefined"==typeof h)throw{code:"112055",message:g["112055"]};if(null==m||"undefined"==typeof m)throw{code:"112056",message:g["112056"]};var p=!1;c=null;if(a.signatureOid in b.pki.oids)switch(b.pki.oids[a.signatureOid]){case "sha1WithRSAEncryption":c=b.md.sha1.create();break;case "md5WithRSAEncryption":c=b.md.md5.create();break;case "sha256WithRSAEncryption":c=b.md.sha256.create();break;case "RSASSA-PSS":c=b.md.sha256.create()}else throw{code:"112057",message:g["112057"]};k=f.toDer(k);c.update(k.getBytes());if(null!==c){k=void 0;h=b.pki.oids[h];switch(h){case "sha1WithRSAEncryption":case "sha256WithRSAEncryption":k=void 0;break;case "RSASSA-PSS":h=oids[child.signatureParameters.mgf.hash.algorithmOid];if(void 0===h||void 0===b.md[h])throw{code:"112028",message:g["112028"]+"(oid:"+child.signatureParameters.mgf.hash.algorithmOid+")"};k=oids[child.signatureParameters.mgf.algorithmOid];if(void 0===k||void 0===b.mgf[k])throw{code:"112029",message:g["112029"]+"(oid:"+child.signatureParameters.mgf.algorithmOid+")"};k=b.mgf[k].create(b.md[h].create());h=oids[child.signatureParameters.hash.algorithmOid];if(void 0===h||void 0===b.md[h])throw{code:"112030",message:g["112030"]+"(oid:"+child.signatureParameters.hash.algorithmOid+")"};k=b.pss.create(b.md[h].create(),k,child.signatureParameters.saltLength)}p=a.publicKey.verify(c.digest().getBytes(),m,k)}if(p){a="";try{a=f.fromDer(l.certListInfoExtensions.value[0].value[2].value[2].value).value[0].value[0].value[0].value}catch(u){a=f.fromDer(l.certListInfoExtensions.value[0].value[1].value[2].value).value[0].value[0].value[0].value}if(e.getcRLDistributionPoints()==a)if(l.revokedCertificaates){for(a=0;a<l.revokedCertificaates.value.length;a++)if(e.getSerialNumber()==b.util.bytesToHex(l.revokedCertificaates.value[a].value[0].value)){d.verify=!1;d.errCode=-2;d.revocationDate=f.utcTimeToDate(l.revokedCertificaates.value[a].value[1].value);d.reason=t[f.fromDer(l.revokedCertificaates.value[a].value[2].value[0].value[1].value).value.charCodeAt(0)];break}"undefined"==typeof d.revocationDate&&(d.verify=!0)}else d.verify=!0;else d.verify=!1,d.errCode=-3,d.reason="IssuingDistributionPoint is not CRLDP path."}else d.errCode=-4,d.verify=!1,d.reason="CRL signature verify failed."}return d};e.certUtil=function(){};e.certUtil.prototype.getDN=function(a){for(var c="",d=0;d<a.attributes.length;d++)c=c+a.attributes[a.attributes.length-(d+1)].shortName+"="+b.util.createBuffer(a.attributes[a.attributes.length-(d+1)].value).toString(),d!=a.attributes.length-1&&(c+=",");return c}}var t=["./pki","./oids","./jsustoolkitErrCode"],q=null;"function"!==typeof define&&("object"===typeof module&&module.exports?q=function(b,g){g(require,module)}:(crosscert=window.crosscert=window.crosscert||{},r(crosscert)));(q||"function"===typeof define)&&(q||define)(["require","module"].concat(t),function(b,g){g.exports=function(e){var d=t.map(function(d){return b(d)}).concat(r);e=e||{};e.defined=e.defined||{};if(e.defined.x509Certificate)return e.x509Certificate;e.defined.x509Certificate=!0;for(var g=0;g<d.length;++g)d[g](e);return e.x509Certificate}})})();
    2.