| /** |
| * Javascript implementation of Abstract Syntax Notation Number One. |
| * |
| * @author Dave Longley |
| * |
| * Copyright (c) 2010-2014 Digital Bazaar, Inc. |
| * |
| * An API for storing data using the Abstract Syntax Notation Number One |
| * format using DER (Distinguished Encoding Rules) encoding. This encoding is |
| * commonly used to store data for PKI, i.e. X.509 Certificates, and this |
| * implementation exists for that purpose. |
| * |
| * Abstract Syntax Notation Number One (ASN.1) is used to define the abstract |
| * syntax of information without restricting the way the information is encoded |
| * for transmission. It provides a standard that allows for open systems |
| * communication. ASN.1 defines the syntax of information data and a number of |
| * simple data types as well as a notation for describing them and specifying |
| * values for them. |
| * |
| * The RSA algorithm creates public and private keys that are often stored in |
| * X.509 or PKCS#X formats -- which use ASN.1 (encoded in DER format). This |
| * class provides the most basic functionality required to store and load DSA |
| * keys that are encoded according to ASN.1. |
| * |
| * The most common binary encodings for ASN.1 are BER (Basic Encoding Rules) |
| * and DER (Distinguished Encoding Rules). DER is just a subset of BER that |
| * has stricter requirements for how data must be encoded. |
| * |
| * Each ASN.1 structure has a tag (a byte identifying the ASN.1 structure type) |
| * and a byte array for the value of this ASN1 structure which may be data or a |
| * list of ASN.1 structures. |
| * |
| * Each ASN.1 structure using BER is (Tag-Length-Value): |
| * |
| * | byte 0 | bytes X | bytes Y | |
| * |--------|---------|---------- |
| * | tag | length | value | |
| * |
| * ASN.1 allows for tags to be of "High-tag-number form" which allows a tag to |
| * be two or more octets, but that is not supported by this class. A tag is |
| * only 1 byte. Bits 1-5 give the tag number (ie the data type within a |
| * particular 'class'), 6 indicates whether or not the ASN.1 value is |
| * constructed from other ASN.1 values, and bits 7 and 8 give the 'class'. If |
| * bits 7 and 8 are both zero, the class is UNIVERSAL. If only bit 7 is set, |
| * then the class is APPLICATION. If only bit 8 is set, then the class is |
| * CONTEXT_SPECIFIC. If both bits 7 and 8 are set, then the class is PRIVATE. |
| * The tag numbers for the data types for the class UNIVERSAL are listed below: |
| * |
| * UNIVERSAL 0 Reserved for use by the encoding rules |
| * UNIVERSAL 1 Boolean type |
| * UNIVERSAL 2 Integer type |
| * UNIVERSAL 3 Bitstring type |
| * UNIVERSAL 4 Octetstring type |
| * UNIVERSAL 5 Null type |
| * UNIVERSAL 6 Object identifier type |
| * UNIVERSAL 7 Object descriptor type |
| * UNIVERSAL 8 External type and Instance-of type |
| * UNIVERSAL 9 Real type |
| * UNIVERSAL 10 Enumerated type |
| * UNIVERSAL 11 Embedded-pdv type |
| * UNIVERSAL 12 UTF8String type |
| * UNIVERSAL 13 Relative object identifier type |
| * UNIVERSAL 14-15 Reserved for future editions |
| * UNIVERSAL 16 Sequence and Sequence-of types |
| * UNIVERSAL 17 Set and Set-of types |
| * UNIVERSAL 18-22, 25-30 Character string types |
| * UNIVERSAL 23-24 Time types |
| * |
| * The length of an ASN.1 structure is specified after the tag identifier. |
| * There is a definite form and an indefinite form. The indefinite form may |
| * be used if the encoding is constructed and not all immediately available. |
| * The indefinite form is encoded using a length byte with only the 8th bit |
| * set. The end of the constructed object is marked using end-of-contents |
| * octets (two zero bytes). |
| * |
| * The definite form looks like this: |
| * |
| * The length may take up 1 or more bytes, it depends on the length of the |
| * value of the ASN.1 structure. DER encoding requires that if the ASN.1 |
| * structure has a value that has a length greater than 127, more than 1 byte |
| * will be used to store its length, otherwise just one byte will be used. |
| * This is strict. |
| * |
| * In the case that the length of the ASN.1 value is less than 127, 1 octet |
| * (byte) is used to store the "short form" length. The 8th bit has a value of |
| * 0 indicating the length is "short form" and not "long form" and bits 7-1 |
| * give the length of the data. (The 8th bit is the left-most, most significant |
| * bit: also known as big endian or network format). |
| * |
| * In the case that the length of the ASN.1 value is greater than 127, 2 to |
| * 127 octets (bytes) are used to store the "long form" length. The first |
| * byte's 8th bit is set to 1 to indicate the length is "long form." Bits 7-1 |
| * give the number of additional octets. All following octets are in base 256 |
| * with the most significant digit first (typical big-endian binary unsigned |
| * integer storage). So, for instance, if the length of a value was 257, the |
| * first byte would be set to: |
| * |
| * 10000010 = 130 = 0x82. |
| * |
| * This indicates there are 2 octets (base 256) for the length. The second and |
| * third bytes (the octets just mentioned) would store the length in base 256: |
| * |
| * octet 2: 00000001 = 1 * 256^1 = 256 |
| * octet 3: 00000001 = 1 * 256^0 = 1 |
| * total = 257 |
| * |
| * The algorithm for converting a js integer value of 257 to base-256 is: |
| * |
| * var value = 257; |
| * var bytes = []; |
| * bytes[0] = (value >>> 8) & 0xFF; // most significant byte first |
| * bytes[1] = value & 0xFF; // least significant byte last |
| * |
| * On the ASN.1 UNIVERSAL Object Identifier (OID) type: |
| * |
| * An OID can be written like: "value1.value2.value3...valueN" |
| * |
| * The DER encoding rules: |
| * |
| * The first byte has the value 40 * value1 + value2. |
| * The following bytes, if any, encode the remaining values. Each value is |
| * encoded in base 128, most significant digit first (big endian), with as |
| * few digits as possible, and the most significant bit of each byte set |
| * to 1 except the last in each value's encoding. For example: Given the |
| * OID "1.2.840.113549", its DER encoding is (remember each byte except the |
| * last one in each encoding is OR'd with 0x80): |
| * |
| * byte 1: 40 * 1 + 2 = 42 = 0x2A. |
| * bytes 2-3: 128 * 6 + 72 = 840 = 6 72 = 6 72 = 0x0648 = 0x8648 |
| * bytes 4-6: 16384 * 6 + 128 * 119 + 13 = 6 119 13 = 0x06770D = 0x86F70D |
| * |
| * The final value is: 0x2A864886F70D. |
| * The full OID (including ASN.1 tag and length of 6 bytes) is: |
| * 0x06062A864886F70D |
| */ |
| (function() { |
| /* ########## Begin module implementation ########## */ |
| function initModule(forge) { |
| |
| /* ASN.1 API */ |
| var asn1 = forge.asn1 = forge.asn1 || {}; |
| |
| /** |
| * ASN.1 classes. |
| */ |
| asn1.Class = { |
| UNIVERSAL: 0x00, |
| APPLICATION: 0x40, |
| CONTEXT_SPECIFIC: 0x80, |
| PRIVATE: 0xC0 |
| }; |
| |
| /** |
| * ASN.1 types. Not all types are supported by this implementation, only |
| * those necessary to implement a simple PKI are implemented. |
| */ |
| asn1.Type = { |
| NONE: 0, |
| BOOLEAN: 1, |
| INTEGER: 2, |
| BITSTRING: 3, |
| OCTETSTRING: 4, |
| NULL: 5, |
| OID: 6, |
| ODESC: 7, |
| EXTERNAL: 8, |
| REAL: 9, |
| ENUMERATED: 10, |
| EMBEDDED: 11, |
| UTF8: 12, |
| ROID: 13, |
| SEQUENCE: 16, |
| SET: 17, |
| PRINTABLESTRING: 19, |
| IA5STRING: 22, |
| UTCTIME: 23, |
| GENERALIZEDTIME: 24, |
| BMPSTRING: 30 |
| }; |
| |
| /** |
| * Creates a new asn1 object. |
| * |
| * @param tagClass the tag class for the object. |
| * @param type the data type (tag number) for the object. |
| * @param constructed true if the asn1 object is in constructed form. |
| * @param value the value for the object, if it is not constructed. |
| * |
| * @return the asn1 object. |
| */ |
| asn1.create = function(tagClass, type, constructed, value) { |
| /* An asn1 object has a tagClass, a type, a constructed flag, and a |
| value. The value's type depends on the constructed flag. If |
| constructed, it will contain a list of other asn1 objects. If not, |
| it will contain the ASN.1 value as an array of bytes formatted |
| according to the ASN.1 data type. */ |
| |
| // remove undefined values |
| if(forge.util.isArray(value)) { |
| var tmp = []; |
| for(var i = 0; i < value.length; ++i) { |
| if(value[i] !== undefined) { |
| tmp.push(value[i]); |
| } |
| } |
| value = tmp; |
| } |
| |
| return { |
| tagClass: tagClass, |
| type: type, |
| constructed: constructed, |
| composed: constructed || forge.util.isArray(value), |
| value: value |
| }; |
| }; |
| |
| /** |
| * Gets the length of an ASN.1 value. |
| * |
| * In case the length is not specified, undefined is returned. |
| * |
| * @param b the ASN.1 byte buffer. |
| * |
| * @return the length of the ASN.1 value. |
| */ |
| var _getValueLength = function(b) { |
| var b2 = b.getByte(); |
| if(b2 === 0x80) { |
| return undefined; |
| } |
| |
| // see if the length is "short form" or "long form" (bit 8 set) |
| var length; |
| var longForm = b2 & 0x80; |
| if(!longForm) { |
| // length is just the first byte |
| length = b2; |
| } else { |
| // the number of bytes the length is specified in bits 7 through 1 |
| // and each length byte is in big-endian base-256 |
| length = b.getInt((b2 & 0x7F) << 3); |
| } |
| return length; |
| }; |
| |
| /** |
| * Parses an asn1 object from a byte buffer in DER format. |
| * |
| * @param bytes the byte buffer to parse from. |
| * @param strict true to be strict when checking value lengths, false to |
| * allow truncated values (default: true). |
| * |
| * @return the parsed asn1 object. |
| */ |
| asn1.fromDer = function(bytes, strict) { |
| if(strict === undefined) { |
| strict = true; |
| } |
| |
| // wrap in buffer if needed |
| if(typeof bytes === 'string') { |
| bytes = forge.util.createBuffer(bytes); |
| } |
| |
| // minimum length for ASN.1 DER structure is 2 |
| if(bytes.length() < 2) { |
| var error = new Error('Too few bytes to parse DER.'); |
| error.bytes = bytes.length(); |
| throw error; |
| } |
| |
| // get the first byte |
| var b1 = bytes.getByte(); |
| |
| // get the tag class |
| var tagClass = (b1 & 0xC0); |
| |
| // get the type (bits 1-5) |
| var type = b1 & 0x1F; |
| |
| // get the value length |
| var length = _getValueLength(bytes); |
| |
| // ensure there are enough bytes to get the value |
| if(bytes.length() < length) { |
| if(strict) { |
| var error = new Error('Too few bytes to read ASN.1 value.'); |
| error.detail = bytes.length() + ' < ' + length; |
| throw error; |
| } |
| // Note: be lenient with truncated values |
| length = bytes.length(); |
| } |
| |
| // prepare to get value |
| var value; |
| |
| // constructed flag is bit 6 (32 = 0x20) of the first byte |
| var constructed = ((b1 & 0x20) === 0x20); |
| |
| // determine if the value is composed of other ASN.1 objects (if its |
| // constructed it will be and if its a BITSTRING it may be) |
| var composed = constructed; |
| if(!composed && tagClass === asn1.Class.UNIVERSAL && |
| type === asn1.Type.BITSTRING && length > 1) { |
| /* The first octet gives the number of bits by which the length of the |
| bit string is less than the next multiple of eight (this is called |
| the "number of unused bits"). |
| |
| The second and following octets give the value of the bit string |
| converted to an octet string. */ |
| // if there are no unused bits, maybe the bitstring holds ASN.1 objs |
| var read = bytes.read; |
| var unused = bytes.getByte(); |
| if(unused === 0) { |
| // if the first byte indicates UNIVERSAL or CONTEXT_SPECIFIC, |
| // and the length is valid, assume we've got an ASN.1 object |
| b1 = bytes.getByte(); |
| var tc = (b1 & 0xC0); |
| if(tc === asn1.Class.UNIVERSAL || tc === asn1.Class.CONTEXT_SPECIFIC) { |
| try { |
| var len = _getValueLength(bytes); |
| composed = (len === length - (bytes.read - read)); |
| if(composed) { |
| // adjust read/length to account for unused bits byte |
| ++read; |
| --length; |
| } |
| } catch(ex) {} |
| } |
| } |
| // restore read pointer |
| bytes.read = read; |
| } |
| |
| if(composed) { |
| // parse child asn1 objects from the value |
| value = []; |
| if(length === undefined) { |
| // asn1 object of indefinite length, read until end tag |
| for(;;) { |
| if(bytes.bytes(2) === String.fromCharCode(0, 0)) { |
| bytes.getBytes(2); |
| break; |
| } |
| value.push(asn1.fromDer(bytes, strict)); |
| } |
| } else { |
| // parsing asn1 object of definite length |
| var start = bytes.length(); |
| while(length > 0) { |
| value.push(asn1.fromDer(bytes, strict)); |
| length -= start - bytes.length(); |
| start = bytes.length(); |
| } |
| } |
| } else { |
| // asn1 not composed, get raw value |
| // TODO: do DER to OID conversion and vice-versa in .toDer? |
| |
| if(length === undefined) { |
| if(strict) { |
| throw new Error('Non-constructed ASN.1 object of indefinite length.'); |
| } |
| // be lenient and use remaining bytes |
| length = bytes.length(); |
| } |
| |
| if(type === asn1.Type.BMPSTRING) { |
| value = ''; |
| for(var i = 0; i < length; i += 2) { |
| value += String.fromCharCode(bytes.getInt16()); |
| } |
| } else { |
| value = bytes.getBytes(length); |
| } |
| } |
| |
| // create and return asn1 object |
| return asn1.create(tagClass, type, constructed, value); |
| }; |
| |
| /** |
| * Converts the given asn1 object to a buffer of bytes in DER format. |
| * |
| * @param asn1 the asn1 object to convert to bytes. |
| * |
| * @return the buffer of bytes. |
| */ |
| asn1.toDer = function(obj) { |
| var bytes = forge.util.createBuffer(); |
| |
| // build the first byte |
| var b1 = obj.tagClass | obj.type; |
| |
| // for storing the ASN.1 value |
| var value = forge.util.createBuffer(); |
| |
| // if composed, use each child asn1 object's DER bytes as value |
| if(obj.composed) { |
| // turn on 6th bit (0x20 = 32) to indicate asn1 is constructed |
| // from other asn1 objects |
| if(obj.constructed) { |
| b1 |= 0x20; |
| } else { |
| // type is a bit string, add unused bits of 0x00 |
| value.putByte(0x00); |
| } |
| |
| // add all of the child DER bytes together |
| for(var i = 0; i < obj.value.length; ++i) { |
| if(obj.value[i] !== undefined) { |
| value.putBuffer(asn1.toDer(obj.value[i])); |
| } |
| } |
| } else { |
| // use asn1.value directly |
| if(obj.type === asn1.Type.BMPSTRING) { |
| for(var i = 0; i < obj.value.length; ++i) { |
| value.putInt16(obj.value.charCodeAt(i)); |
| } |
| } else { |
| value.putBytes(obj.value); |
| } |
| } |
| |
| // add tag byte |
| bytes.putByte(b1); |
| |
| // use "short form" encoding |
| if(value.length() <= 127) { |
| // one byte describes the length |
| // bit 8 = 0 and bits 7-1 = length |
| bytes.putByte(value.length() & 0x7F); |
| } else { |
| // use "long form" encoding |
| // 2 to 127 bytes describe the length |
| // first byte: bit 8 = 1 and bits 7-1 = # of additional bytes |
| // other bytes: length in base 256, big-endian |
| var len = value.length(); |
| var lenBytes = ''; |
| do { |
| lenBytes += String.fromCharCode(len & 0xFF); |
| len = len >>> 8; |
| } while(len > 0); |
| |
| // set first byte to # bytes used to store the length and turn on |
| // bit 8 to indicate long-form length is used |
| bytes.putByte(lenBytes.length | 0x80); |
| |
| // concatenate length bytes in reverse since they were generated |
| // little endian and we need big endian |
| for(var i = lenBytes.length - 1; i >= 0; --i) { |
| bytes.putByte(lenBytes.charCodeAt(i)); |
| } |
| } |
| |
| // concatenate value bytes |
| bytes.putBuffer(value); |
| return bytes; |
| }; |
| |
| /** |
| * Converts an OID dot-separated string to a byte buffer. The byte buffer |
| * contains only the DER-encoded value, not any tag or length bytes. |
| * |
| * @param oid the OID dot-separated string. |
| * |
| * @return the byte buffer. |
| */ |
| asn1.oidToDer = function(oid) { |
| // split OID into individual values |
| var values = oid.split('.'); |
| var bytes = forge.util.createBuffer(); |
| |
| // first byte is 40 * value1 + value2 |
| bytes.putByte(40 * parseInt(values[0], 10) + parseInt(values[1], 10)); |
| // other bytes are each value in base 128 with 8th bit set except for |
| // the last byte for each value |
| var last, valueBytes, value, b; |
| for(var i = 2; i < values.length; ++i) { |
| // produce value bytes in reverse because we don't know how many |
| // bytes it will take to store the value |
| last = true; |
| valueBytes = []; |
| value = parseInt(values[i], 10); |
| do { |
| b = value & 0x7F; |
| value = value >>> 7; |
| // if value is not last, then turn on 8th bit |
| if(!last) { |
| b |= 0x80; |
| } |
| valueBytes.push(b); |
| last = false; |
| } while(value > 0); |
| |
| // add value bytes in reverse (needs to be in big endian) |
| for(var n = valueBytes.length - 1; n >= 0; --n) { |
| bytes.putByte(valueBytes[n]); |
| } |
| } |
| |
| return bytes; |
| }; |
| |
| /** |
| * Converts a DER-encoded byte buffer to an OID dot-separated string. The |
| * byte buffer should contain only the DER-encoded value, not any tag or |
| * length bytes. |
| * |
| * @param bytes the byte buffer. |
| * |
| * @return the OID dot-separated string. |
| */ |
| asn1.derToOid = function(bytes) { |
| var oid; |
| |
| // wrap in buffer if needed |
| if(typeof bytes === 'string') { |
| bytes = forge.util.createBuffer(bytes); |
| } |
| |
| // first byte is 40 * value1 + value2 |
| var b = bytes.getByte(); |
| oid = Math.floor(b / 40) + '.' + (b % 40); |
| |
| // other bytes are each value in base 128 with 8th bit set except for |
| // the last byte for each value |
| var value = 0; |
| while(bytes.length() > 0) { |
| b = bytes.getByte(); |
| value = value << 7; |
| // not the last byte for the value |
| if(b & 0x80) { |
| value += b & 0x7F; |
| } else { |
| // last byte |
| oid += '.' + (value + b); |
| value = 0; |
| } |
| } |
| |
| return oid; |
| }; |
| |
| /** |
| * Converts a UTCTime value to a date. |
| * |
| * Note: GeneralizedTime has 4 digits for the year and is used for X.509 |
| * dates passed 2049. Parsing that structure hasn't been implemented yet. |
| * |
| * @param utc the UTCTime value to convert. |
| * |
| * @return the date. |
| */ |
| asn1.utcTimeToDate = function(utc) { |
| /* The following formats can be used: |
| |
| YYMMDDhhmmZ |
| YYMMDDhhmm+hh'mm' |
| YYMMDDhhmm-hh'mm' |
| YYMMDDhhmmssZ |
| YYMMDDhhmmss+hh'mm' |
| YYMMDDhhmmss-hh'mm' |
| |
| Where: |
| |
| YY is the least significant two digits of the year |
| MM is the month (01 to 12) |
| DD is the day (01 to 31) |
| hh is the hour (00 to 23) |
| mm are the minutes (00 to 59) |
| ss are the seconds (00 to 59) |
| Z indicates that local time is GMT, + indicates that local time is |
| later than GMT, and - indicates that local time is earlier than GMT |
| hh' is the absolute value of the offset from GMT in hours |
| mm' is the absolute value of the offset from GMT in minutes */ |
| var date = new Date(); |
| |
| // if YY >= 50 use 19xx, if YY < 50 use 20xx |
| var year = parseInt(utc.substr(0, 2), 10); |
| year = (year >= 50) ? 1900 + year : 2000 + year; |
| var MM = parseInt(utc.substr(2, 2), 10) - 1; // use 0-11 for month |
| var DD = parseInt(utc.substr(4, 2), 10); |
| var hh = parseInt(utc.substr(6, 2), 10); |
| var mm = parseInt(utc.substr(8, 2), 10); |
| var ss = 0; |
| |
| // not just YYMMDDhhmmZ |
| if(utc.length > 11) { |
| // get character after minutes |
| var c = utc.charAt(10); |
| var end = 10; |
| |
| // see if seconds are present |
| if(c !== '+' && c !== '-') { |
| // get seconds |
| ss = parseInt(utc.substr(10, 2), 10); |
| end += 2; |
| } |
| } |
| |
| // update date |
| date.setUTCFullYear(year, MM, DD); |
| date.setUTCHours(hh, mm, ss, 0); |
| |
| if(end) { |
| // get +/- after end of time |
| c = utc.charAt(end); |
| if(c === '+' || c === '-') { |
| // get hours+minutes offset |
| var hhoffset = parseInt(utc.substr(end + 1, 2), 10); |
| var mmoffset = parseInt(utc.substr(end + 4, 2), 10); |
| |
| // calculate offset in milliseconds |
| var offset = hhoffset * 60 + mmoffset; |
| offset *= 60000; |
| |
| // apply offset |
| if(c === '+') { |
| date.setTime(+date - offset); |
| } else { |
| date.setTime(+date + offset); |
| } |
| } |
| } |
| |
| return date; |
| }; |
| |
| /** |
| * Converts a GeneralizedTime value to a date. |
| * |
| * @param gentime the GeneralizedTime value to convert. |
| * |
| * @return the date. |
| */ |
| asn1.generalizedTimeToDate = function(gentime) { |
| /* The following formats can be used: |
| |
| YYYYMMDDHHMMSS |
| YYYYMMDDHHMMSS.fff |
| YYYYMMDDHHMMSSZ |
| YYYYMMDDHHMMSS.fffZ |
| YYYYMMDDHHMMSS+hh'mm' |
| YYYYMMDDHHMMSS.fff+hh'mm' |
| YYYYMMDDHHMMSS-hh'mm' |
| YYYYMMDDHHMMSS.fff-hh'mm' |
| |
| Where: |
| |
| YYYY is the year |
| MM is the month (01 to 12) |
| DD is the day (01 to 31) |
| hh is the hour (00 to 23) |
| mm are the minutes (00 to 59) |
| ss are the seconds (00 to 59) |
| .fff is the second fraction, accurate to three decimal places |
| Z indicates that local time is GMT, + indicates that local time is |
| later than GMT, and - indicates that local time is earlier than GMT |
| hh' is the absolute value of the offset from GMT in hours |
| mm' is the absolute value of the offset from GMT in minutes */ |
| var date = new Date(); |
| |
| var YYYY = parseInt(gentime.substr(0, 4), 10); |
| var MM = parseInt(gentime.substr(4, 2), 10) - 1; // use 0-11 for month |
| var DD = parseInt(gentime.substr(6, 2), 10); |
| var hh = parseInt(gentime.substr(8, 2), 10); |
| var mm = parseInt(gentime.substr(10, 2), 10); |
| var ss = parseInt(gentime.substr(12, 2), 10); |
| var fff = 0; |
| var offset = 0; |
| var isUTC = false; |
| |
| if(gentime.charAt(gentime.length - 1) === 'Z') { |
| isUTC = true; |
| } |
| |
| var end = gentime.length - 5, c = gentime.charAt(end); |
| if(c === '+' || c === '-') { |
| // get hours+minutes offset |
| var hhoffset = parseInt(gentime.substr(end + 1, 2), 10); |
| var mmoffset = parseInt(gentime.substr(end + 4, 2), 10); |
| |
| // calculate offset in milliseconds |
| offset = hhoffset * 60 + mmoffset; |
| offset *= 60000; |
| |
| // apply offset |
| if(c === '+') { |
| offset *= -1; |
| } |
| |
| isUTC = true; |
| } |
| |
| // check for second fraction |
| if(gentime.charAt(14) === '.') { |
| fff = parseFloat(gentime.substr(14), 10) * 1000; |
| } |
| |
| if(isUTC) { |
| date.setUTCFullYear(YYYY, MM, DD); |
| date.setUTCHours(hh, mm, ss, fff); |
| |
| // apply offset |
| date.setTime(+date + offset); |
| } else { |
| date.setFullYear(YYYY, MM, DD); |
| date.setHours(hh, mm, ss, fff); |
| } |
| |
| return date; |
| }; |
| |
| |
| /** |
| * Converts a date to a UTCTime value. |
| * |
| * Note: GeneralizedTime has 4 digits for the year and is used for X.509 |
| * dates passed 2049. Converting to a GeneralizedTime hasn't been |
| * implemented yet. |
| * |
| * @param date the date to convert. |
| * |
| * @return the UTCTime value. |
| */ |
| asn1.dateToUtcTime = function(date) { |
| var rval = ''; |
| |
| // create format YYMMDDhhmmssZ |
| var format = []; |
| format.push(('' + date.getUTCFullYear()).substr(2)); |
| format.push('' + (date.getUTCMonth() + 1)); |
| format.push('' + date.getUTCDate()); |
| format.push('' + date.getUTCHours()); |
| format.push('' + date.getUTCMinutes()); |
| format.push('' + date.getUTCSeconds()); |
| |
| // ensure 2 digits are used for each format entry |
| for(var i = 0; i < format.length; ++i) { |
| if(format[i].length < 2) { |
| rval += '0'; |
| } |
| rval += format[i]; |
| } |
| rval += 'Z'; |
| |
| return rval; |
| }; |
| |
| /** |
| * Converts a javascript integer to a DER-encoded byte buffer to be used |
| * as the value for an INTEGER type. |
| * |
| * @param x the integer. |
| * |
| * @return the byte buffer. |
| */ |
| asn1.integerToDer = function(x) { |
| var rval = forge.util.createBuffer(); |
| if(x >= -0x80 && x < 0x80) { |
| return rval.putSignedInt(x, 8); |
| } |
| if(x >= -0x8000 && x < 0x8000) { |
| return rval.putSignedInt(x, 16); |
| } |
| if(x >= -0x800000 && x < 0x800000) { |
| return rval.putSignedInt(x, 24); |
| } |
| if(x >= -0x80000000 && x < 0x80000000) { |
| return rval.putSignedInt(x, 32); |
| } |
| var error = new Error('Integer too large; max is 32-bits.'); |
| error.integer = x; |
| throw error; |
| }; |
| |
| /** |
| * Converts a DER-encoded byte buffer to a javascript integer. This is |
| * typically used to decode the value of an INTEGER type. |
| * |
| * @param bytes the byte buffer. |
| * |
| * @return the integer. |
| */ |
| asn1.derToInteger = function(bytes) { |
| // wrap in buffer if needed |
| if(typeof bytes === 'string') { |
| bytes = forge.util.createBuffer(bytes); |
| } |
| |
| var n = bytes.length() * 8; |
| if(n > 32) { |
| throw new Error('Integer too large; max is 32-bits.'); |
| } |
| return bytes.getSignedInt(n); |
| }; |
| |
| /** |
| * Validates the that given ASN.1 object is at least a super set of the |
| * given ASN.1 structure. Only tag classes and types are checked. An |
| * optional map may also be provided to capture ASN.1 values while the |
| * structure is checked. |
| * |
| * To capture an ASN.1 value, set an object in the validator's 'capture' |
| * parameter to the key to use in the capture map. To capture the full |
| * ASN.1 object, specify 'captureAsn1'. |
| * |
| * Objects in the validator may set a field 'optional' to true to indicate |
| * that it isn't necessary to pass validation. |
| * |
| * @param obj the ASN.1 object to validate. |
| * @param v the ASN.1 structure validator. |
| * @param capture an optional map to capture values in. |
| * @param errors an optional array for storing validation errors. |
| * |
| * @return true on success, false on failure. |
| */ |
| asn1.validate = function(obj, v, capture, errors) { |
| var rval = false; |
| |
| // ensure tag class and type are the same if specified |
| if((obj.tagClass === v.tagClass || typeof(v.tagClass) === 'undefined') && |
| (obj.type === v.type || typeof(v.type) === 'undefined')) { |
| // ensure constructed flag is the same if specified |
| if(obj.constructed === v.constructed || |
| typeof(v.constructed) === 'undefined') { |
| rval = true; |
| |
| // handle sub values |
| if(v.value && forge.util.isArray(v.value)) { |
| var j = 0; |
| for(var i = 0; rval && i < v.value.length; ++i) { |
| rval = v.value[i].optional || false; |
| if(obj.value[j]) { |
| rval = asn1.validate(obj.value[j], v.value[i], capture, errors); |
| if(rval) { |
| ++j; |
| } else if(v.value[i].optional) { |
| rval = true; |
| } |
| } |
| if(!rval && errors) { |
| errors.push( |
| '[' + v.name + '] ' + |
| 'Tag class "' + v.tagClass + '", type "' + |
| v.type + '" expected value length "' + |
| v.value.length + '", got "' + |
| obj.value.length + '"'); |
| } |
| } |
| } |
| |
| if(rval && capture) { |
| if(v.capture) { |
| capture[v.capture] = obj.value; |
| } |
| if(v.captureAsn1) { |
| capture[v.captureAsn1] = obj; |
| } |
| } |
| } else if(errors) { |
| errors.push( |
| '[' + v.name + '] ' + |
| 'Expected constructed "' + v.constructed + '", got "' + |
| obj.constructed + '"'); |
| } |
| } else if(errors) { |
| if(obj.tagClass !== v.tagClass) { |
| errors.push( |
| '[' + v.name + '] ' + |
| 'Expected tag class "' + v.tagClass + '", got "' + |
| obj.tagClass + '"'); |
| } |
| if(obj.type !== v.type) { |
| errors.push( |
| '[' + v.name + '] ' + |
| 'Expected type "' + v.type + '", got "' + obj.type + '"'); |
| } |
| } |
| return rval; |
| }; |
| |
| // regex for testing for non-latin characters |
| var _nonLatinRegex = /[^\\u0000-\\u00ff]/; |
| |
| /** |
| * Pretty prints an ASN.1 object to a string. |
| * |
| * @param obj the object to write out. |
| * @param level the level in the tree. |
| * @param indentation the indentation to use. |
| * |
| * @return the string. |
| */ |
| asn1.prettyPrint = function(obj, level, indentation) { |
| var rval = ''; |
| |
| // set default level and indentation |
| level = level || 0; |
| indentation = indentation || 2; |
| |
| // start new line for deep levels |
| if(level > 0) { |
| rval += '\n'; |
| } |
| |
| // create indent |
| var indent = ''; |
| for(var i = 0; i < level * indentation; ++i) { |
| indent += ' '; |
| } |
| |
| // print class:type |
| rval += indent + 'Tag: '; |
| switch(obj.tagClass) { |
| case asn1.Class.UNIVERSAL: |
| rval += 'Universal:'; |
| break; |
| case asn1.Class.APPLICATION: |
| rval += 'Application:'; |
| break; |
| case asn1.Class.CONTEXT_SPECIFIC: |
| rval += 'Context-Specific:'; |
| break; |
| case asn1.Class.PRIVATE: |
| rval += 'Private:'; |
| break; |
| } |
| |
| if(obj.tagClass === asn1.Class.UNIVERSAL) { |
| rval += obj.type; |
| |
| // known types |
| switch(obj.type) { |
| case asn1.Type.NONE: |
| rval += ' (None)'; |
| break; |
| case asn1.Type.BOOLEAN: |
| rval += ' (Boolean)'; |
| break; |
| case asn1.Type.BITSTRING: |
| rval += ' (Bit string)'; |
| break; |
| case asn1.Type.INTEGER: |
| rval += ' (Integer)'; |
| break; |
| case asn1.Type.OCTETSTRING: |
| rval += ' (Octet string)'; |
| break; |
| case asn1.Type.NULL: |
| rval += ' (Null)'; |
| break; |
| case asn1.Type.OID: |
| rval += ' (Object Identifier)'; |
| break; |
| case asn1.Type.ODESC: |
| rval += ' (Object Descriptor)'; |
| break; |
| case asn1.Type.EXTERNAL: |
| rval += ' (External or Instance of)'; |
| break; |
| case asn1.Type.REAL: |
| rval += ' (Real)'; |
| break; |
| case asn1.Type.ENUMERATED: |
| rval += ' (Enumerated)'; |
| break; |
| case asn1.Type.EMBEDDED: |
| rval += ' (Embedded PDV)'; |
| break; |
| case asn1.Type.UTF8: |
| rval += ' (UTF8)'; |
| break; |
| case asn1.Type.ROID: |
| rval += ' (Relative Object Identifier)'; |
| break; |
| case asn1.Type.SEQUENCE: |
| rval += ' (Sequence)'; |
| break; |
| case asn1.Type.SET: |
| rval += ' (Set)'; |
| break; |
| case asn1.Type.PRINTABLESTRING: |
| rval += ' (Printable String)'; |
| break; |
| case asn1.Type.IA5String: |
| rval += ' (IA5String (ASCII))'; |
| break; |
| case asn1.Type.UTCTIME: |
| rval += ' (UTC time)'; |
| break; |
| case asn1.Type.GENERALIZEDTIME: |
| rval += ' (Generalized time)'; |
| break; |
| case asn1.Type.BMPSTRING: |
| rval += ' (BMP String)'; |
| break; |
| } |
| } else { |
| rval += obj.type; |
| } |
| |
| rval += '\n'; |
| rval += indent + 'Constructed: ' + obj.constructed + '\n'; |
| |
| if(obj.composed) { |
| var subvalues = 0; |
| var sub = ''; |
| for(var i = 0; i < obj.value.length; ++i) { |
| if(obj.value[i] !== undefined) { |
| subvalues += 1; |
| sub += asn1.prettyPrint(obj.value[i], level + 1, indentation); |
| if((i + 1) < obj.value.length) { |
| sub += ','; |
| } |
| } |
| } |
| rval += indent + 'Sub values: ' + subvalues + sub; |
| } else { |
| rval += indent + 'Value: '; |
| if(obj.type === asn1.Type.OID) { |
| var oid = asn1.derToOid(obj.value); |
| rval += oid; |
| if(forge.pki && forge.pki.oids) { |
| if(oid in forge.pki.oids) { |
| rval += ' (' + forge.pki.oids[oid] + ') '; |
| } |
| } |
| } |
| if(obj.type === asn1.Type.INTEGER) { |
| try { |
| rval += asn1.derToInteger(obj.value); |
| } catch(ex) { |
| rval += '0x' + forge.util.bytesToHex(obj.value); |
| } |
| } else if(obj.type === asn1.Type.OCTETSTRING) { |
| if(!_nonLatinRegex.test(obj.value)) { |
| rval += '(' + obj.value + ') '; |
| } |
| rval += '0x' + forge.util.bytesToHex(obj.value); |
| } else if(obj.type === asn1.Type.UTF8) { |
| rval += forge.util.decodeUtf8(obj.value); |
| } else if(obj.type === asn1.Type.PRINTABLESTRING || |
| obj.type === asn1.Type.IA5String) { |
| rval += obj.value; |
| } else if(_nonLatinRegex.test(obj.value)) { |
| rval += '0x' + forge.util.bytesToHex(obj.value); |
| } else if(obj.value.length === 0) { |
| rval += '[null]'; |
| } else { |
| rval += obj.value; |
| } |
| } |
| |
| return rval; |
| }; |
| |
| } // end module implementation |
| |
| /* ########## Begin module wrapper ########## */ |
| var name = 'asn1'; |
| if(typeof define !== 'function') { |
| // NodeJS -> AMD |
| if(typeof module === 'object' && module.exports) { |
| var nodeJS = true; |
| define = function(ids, factory) { |
| factory(require, module); |
| }; |
| } else { |
| // <script> |
| if(typeof forge === 'undefined') { |
| forge = {}; |
| } |
| return initModule(forge); |
| } |
| } |
| // AMD |
| var deps; |
| var defineFunc = function(require, module) { |
| module.exports = function(forge) { |
| var mods = deps.map(function(dep) { |
| return require(dep); |
| }).concat(initModule); |
| // handle circular dependencies |
| forge = forge || {}; |
| forge.defined = forge.defined || {}; |
| if(forge.defined[name]) { |
| return forge[name]; |
| } |
| forge.defined[name] = true; |
| for(var i = 0; i < mods.length; ++i) { |
| mods[i](forge); |
| } |
| return forge[name]; |
| }; |
| }; |
| var tmpDefine = define; |
| define = function(ids, factory) { |
| deps = (typeof ids === 'string') ? factory.slice(2) : ids.slice(2); |
| if(nodeJS) { |
| delete define; |
| return tmpDefine.apply(null, Array.prototype.slice.call(arguments, 0)); |
| } |
| define = tmpDefine; |
| return define.apply(null, Array.prototype.slice.call(arguments, 0)); |
| }; |
| define(['require', 'module', './util', './oids'], function() { |
| defineFunc.apply(null, Array.prototype.slice.call(arguments, 0)); |
| }); |
| })(); |