├── LICENSE ├── README.md ├── asn1.js ├── certs.js ├── common.js ├── index.html ├── x509_schema.js └── x509_simpl.js /LICENSE: -------------------------------------------------------------------------------- 1 | The MIT License (MIT) 2 | 3 | Copyright (c) 2015 Info Tech, Inc. 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in 13 | all copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN 21 | THE SOFTWARE. 22 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | X.509 Certificate Creation Sample 2 | ================================= 3 | 4 | This web page with associated JavaScript allows a user to 5 | create a self-signed X.509 certificate. 6 | 7 | This example is provided to illustrate how to use the W3C 8 | [Web Cryptography API](http://www.w3.org/TR/WebCryptoAPI/ "API Draft") 9 | and [PKIjs](https://pkijs.org/ "PKIjs Home Page") libraries. 10 | 11 | Using this example requires a web browser that implements a compatible version 12 | of the Web Cryptography API. 13 | When the example was created, current versions of Google Chrome, 14 | Firefox, and Opera browsers could run the example. 15 | 16 | **This is not intended to be a production tool.** Rather, it may 17 | be helpful to developers who intend to create their own tools using 18 | the Web Cryptography API. 19 | 20 | Copyright (c) 2015 Info Tech, Inc. 21 | Provided under the MIT license. 22 | See LICENSE file for details. 23 | -------------------------------------------------------------------------------- /certs.js: -------------------------------------------------------------------------------- 1 | // X.509 Self-signed Certificate with Web Cryptography API and PKIjs 2 | // 3 | // Copyright (c) 2015 Info Tech, Inc. 4 | // Provided under the MIT license. 5 | // See LICENSE file for details. 6 | 7 | document.addEventListener("DOMContentLoaded", function() { 8 | "use strict"; 9 | 10 | // Fix Apple prefix if needed 11 | if (window.crypto && !window.crypto.subtle && window.crypto.webkitSubtle) { 12 | window.crypto.subtle = window.crypto.webkitSubtle; // Won't work if subtle already exists 13 | } 14 | 15 | // Check that web crypto is even available 16 | if (!window.crypto || !window.crypto.subtle) { 17 | alert("Your browser does not support the Web Cryptography API! This page will not work."); 18 | return; 19 | } 20 | 21 | document.getElementById("create-certificate").addEventListener("click", createCertificate); 22 | 23 | function createCertificate() { 24 | var keyPair; 25 | 26 | var commonName = document.getElementById("common-name").value; 27 | var organization = document.getElementById("organization").value; 28 | var organizationUnit = document.getElementById("organization-unit").value; 29 | var countryCode = document.getElementById("country-code").value; 30 | 31 | if (!commonName) {alert("You must enter a name for the certificate."); return;} 32 | if (countryCode.length !== 2) {alert("Country codes must be two characters long."); return;} 33 | countryCode = countryCode.toUpperCase(); 34 | 35 | window.crypto.subtle.generateKey( 36 | { 37 | name: "RSASSA-PKCS1-v1_5", 38 | modulusLength: 2048, 39 | publicExponent: new Uint8Array([1, 0, 1]), // 24 bit representation of 65537 40 | hash: {name: "SHA-256"} 41 | }, 42 | true, // Must extract private key to create PEM files later 43 | ["sign", "verify"] 44 | ). 45 | then(function(newKeyPair) { 46 | keyPair = newKeyPair; 47 | return keyPair; 48 | }) . 49 | then(function(keyPair) { 50 | return buildCertificateObject(commonName, organization, organizationUnit, countryCode, keyPair); 51 | }) . 52 | then(function(cert) { 53 | var pemCert = convertBinaryToPem(cert.toSchema(true).toBER(false), "CERTIFICATE"); 54 | var pemUrl = "data:application/octet-stream;charset=UTF-8;base64," + btoa(pemCert); 55 | document.getElementById("pem-certificate").textContent = pemCert; 56 | document.getElementById("certificate-download").setAttribute("href", pemUrl); 57 | 58 | window.crypto.subtle.exportKey('spki', keyPair.publicKey). 59 | then(function(spki) { 60 | var pemPublicKey = convertBinaryToPem(spki, "PUBLIC KEY"); 61 | var pemUrl = "data:application/octet-stream;charset=UTF-8;base64," + btoa(pemPublicKey); 62 | document.getElementById("pem-public-key").textContent = pemPublicKey; 63 | document.getElementById("public-key-download").setAttribute("href", pemUrl); 64 | }); 65 | 66 | window.crypto.subtle.exportKey('pkcs8', keyPair.privateKey). 67 | then(function(pkcs8) { 68 | var pemPrivateKey = convertBinaryToPem(pkcs8, "PRIVATE KEY"); 69 | var pemUrl = "data:application/octet-stream;charset=UTF-8;base64," + btoa(pemPrivateKey); 70 | document.getElementById("pem-private-key").textContent = pemPrivateKey; 71 | document.getElementById("private-key-download").setAttribute("href", pemUrl); 72 | }); 73 | }). 74 | catch(function(err) { 75 | alert("Error creating certificate: " + err.message); 76 | }); 77 | } 78 | 79 | 80 | // Returns a Promise yielding the certificate object 81 | function buildCertificateObject(commonName, organization, organizationUnit, countryCode, keyPair) { 82 | var cert = new org.pkijs.simpl.CERT(); 83 | 84 | setSerialNumber(cert, Date.now()); 85 | setSubject(cert, countryCode, organization, organizationUnit, commonName); 86 | setIssuer(cert, countryCode, organization, organizationUnit, commonName); 87 | setValidityPeriod(cert, new Date(), 730); // Good from today for 730 days 88 | setEmptyExtensions(cert); 89 | setCABit(cert, false); 90 | setKeyUsage(cert, true, true, false, false, false, true, true); // digitalSignature, nonRepudiation, keyCertSign, cRLSign 91 | setSignatureAlgorithm(cert, "1.2.840.113549.1.1.11"); // RSA with SHA-256 92 | 93 | return setPublicKey(cert, keyPair.publicKey). 94 | then(function() {return signCert(cert, "1.2.840.113549.1.1.11", keyPair.privateKey)}). 95 | then(function() {return cert}); 96 | 97 | 98 | // Helper functions 99 | 100 | function setSerialNumber(cert, serialNumber) { 101 | cert.serialNumber = new org.pkijs.asn1.INTEGER({value: serialNumber});; 102 | } 103 | 104 | function setSubject(cert, countryCode, organization, organizationUnit, commonName) { 105 | setEntity(cert.subject, countryCode, organization, organizationUnit, commonName); 106 | } 107 | 108 | function setIssuer(cert, countryCode, organization, organizationUnit, commonName) { 109 | setEntity(cert.issuer, countryCode, organization, organizationUnit, commonName); 110 | } 111 | 112 | function setEntity(entity, countryCode, organization, organizationUnit, commonName) { 113 | if (countryCode) { 114 | entity.types_and_values.push(new org.pkijs.simpl.ATTR_TYPE_AND_VALUE({ 115 | type: "2.5.4.6", //countryCode 116 | value: new org.pkijs.asn1.PRINTABLESTRING({value: countryCode}) 117 | })); 118 | } 119 | 120 | if (organization) { 121 | entity.types_and_values.push(new org.pkijs.simpl.ATTR_TYPE_AND_VALUE({ 122 | type: "2.5.4.10", //Organization 123 | value: new org.pkijs.asn1.PRINTABLESTRING({value: organization}) 124 | })); 125 | } 126 | 127 | if (organizationUnit) { 128 | entity.types_and_values.push(new org.pkijs.simpl.ATTR_TYPE_AND_VALUE({ 129 | type: "2.5.4.11", //Organization Unit 130 | value: new org.pkijs.asn1.PRINTABLESTRING({value: organizationUnit}) 131 | })); 132 | } 133 | 134 | if (commonName) { 135 | entity.types_and_values.push(new org.pkijs.simpl.ATTR_TYPE_AND_VALUE({ 136 | type: "2.5.4.3", //commonName 137 | value: new org.pkijs.asn1.PRINTABLESTRING({value: commonName}) 138 | })); 139 | } 140 | } 141 | 142 | function setValidityPeriod(cert, startDate, durationInDays) { 143 | // Normalize to midnight 144 | var start = new Date(startDate); 145 | start.setHours(0); 146 | start.setMinutes(0); 147 | start.setSeconds(0); 148 | var end = new Date(start.getTime() + durationInDays * 24 * 60 * 60 * 1000); 149 | 150 | cert.notBefore.value = start; 151 | cert.notAfter.value = end; 152 | } 153 | 154 | function setEmptyExtensions(cert) { 155 | cert.extensions = new Array(); 156 | } 157 | 158 | function setCABit(cert, isCA) { 159 | var basicConstraints = new org.pkijs.simpl.x509.BasicConstraints({ 160 | cA: isCA, 161 | pathLenConstraint: 3 162 | }); 163 | 164 | cert.extensions.push(new org.pkijs.simpl.EXTENSION({ 165 | extnID: "2.5.29.19", 166 | critical: false, 167 | extnValue: basicConstraints.toSchema().toBER(false), 168 | parsedValue: basicConstraints 169 | })); 170 | } 171 | 172 | function setKeyUsage(cert, digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment, keyAgreement, keyCertSign, cRLSign) { 173 | var keyUsageBits = new ArrayBuffer(1); 174 | var keyUsageBytes = new Uint8Array(keyUsageBits); 175 | 176 | keyUsageBytes[0] = 0; 177 | if (digitalSignature) {keyUsageBytes[0] |= 0x80;} 178 | if (nonRepudiation) {keyUsageBytes[0] |= 0x40;} 179 | if (keyEncipherment) {keyUsageBytes[0] |= 0x20;} 180 | if (dataEncipherment) {keyUsageBytes[0] |= 0x10;} 181 | if (keyAgreement) {keyUsageBytes[0] |= 0x08;} 182 | if (keyCertSign) {keyUsageBytes[0] |= 0x04;} 183 | if (cRLSign) {keyUsageBytes[0] |= 0x02;} 184 | 185 | var keyUsage = new org.pkijs.asn1.BITSTRING({value_hex: keyUsageBits}); 186 | cert.extensions.push(new org.pkijs.simpl.EXTENSION({ 187 | extnID: "2.5.29.15", 188 | critical: false, 189 | extnValue: keyUsage.toBER(false), 190 | parsedValue: keyUsage 191 | })); 192 | } 193 | 194 | function setSignatureAlgorithm(cert, oid) { 195 | cert.signatureAlgorithm.algorithm_id = oid; // In tbsCert 196 | } 197 | 198 | function setPublicKey(cert, publicKey) { 199 | return cert.subjectPublicKeyInfo.importKey(publicKey); 200 | } 201 | 202 | function signCert(cert, oid, privateKey) { 203 | cert.signature.algorithm_id = oid; // In actual signature 204 | return cert.sign(privateKey); 205 | } 206 | } 207 | 208 | 209 | // General helper functions 210 | 211 | function arrayBufferToBase64String(arrayBuffer) { 212 | var byteArray = new Uint8Array(arrayBuffer) 213 | var byteString = ''; 214 | 215 | for (var i=0; i. 6 | * 7 | * Redistribution and use in source and binary forms, with or without modification, 8 | * are permitted provided that the following conditions are met: 9 | * 10 | * 1. Redistributions of source code must retain the above copyright notice, 11 | * this list of conditions and the following disclaimer. 12 | * 13 | * 2. Redistributions in binary form must reproduce the above copyright notice, 14 | * this list of conditions and the following disclaimer in the documentation 15 | * and/or other materials provided with the distribution. 16 | * 17 | * 3. Neither the name of the copyright holder nor the names of its contributors 18 | * may be used to endorse or promote products derived from this software without 19 | * specific prior written permission. 20 | * 21 | * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND 22 | * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED 23 | * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 24 | * IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, 25 | * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 26 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR 27 | * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, 28 | * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 29 | * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY 30 | * OF SUCH DAMAGE. 31 | * 32 | */ 33 | ( 34 | function(in_window) 35 | { 36 | //************************************************************************************** 37 | // #region Declaration of global variables 38 | //************************************************************************************** 39 | // #region "org" namespace 40 | if(typeof in_window.org === "undefined") 41 | in_window.org = {}; 42 | else 43 | { 44 | if(typeof in_window.org !== "object") 45 | throw new Error("Name org already exists and it's not an object"); 46 | } 47 | // #endregion 48 | 49 | // #region "org.pkijs" namespace 50 | if(typeof in_window.org.pkijs === "undefined") 51 | in_window.org.pkijs = {}; 52 | else 53 | { 54 | if(typeof in_window.org.pkijs !== "object") 55 | throw new Error("Name org.pkijs already exists and it's not an object" + " but " + (typeof in_window.org.pkijs)); 56 | } 57 | // #endregion 58 | 59 | // #region "local" namespace 60 | var local = {}; 61 | // #endregion 62 | //************************************************************************************** 63 | // #endregion 64 | //************************************************************************************** 65 | // #region Declaration of common functions 66 | //************************************************************************************** 67 | in_window.org.pkijs.getNames = 68 | function(arg) 69 | { 70 | /// Get correct "names" array for all "schema" objects 71 | 72 | var names = {}; 73 | 74 | if(arg instanceof Object) 75 | names = (arg.names || {}); 76 | 77 | return names; 78 | } 79 | //************************************************************************************** 80 | in_window.org.pkijs.getValue = 81 | function(args, item, default_value) 82 | { 83 | if(item in args) 84 | return args[item]; 85 | else 86 | return default_value; 87 | } 88 | //************************************************************************************** 89 | in_window.org.pkijs.isEqual_view = 90 | function(input_view1, input_view2) 91 | { 92 | /// Compare two Uint8Arrays 93 | /// First Uint8Array for comparision 94 | /// Second Uint8Array for comparision 95 | 96 | if(input_view1.length !== input_view2.length) 97 | return false; 98 | 99 | for(var i = 0; i < input_view1.length; i++) 100 | { 101 | if(input_view1[i] != input_view2[i]) 102 | return false; 103 | } 104 | 105 | return true; 106 | } 107 | //************************************************************************************** 108 | in_window.org.pkijs.isEqual_buffer = 109 | function(input_buffer1, input_buffer2) 110 | { 111 | /// Compare two array buffers 112 | /// First ArrayBuffer for comparision 113 | /// Second ArrayBuffer for comparision 114 | 115 | if(input_buffer1.byteLength != input_buffer2.byteLength) 116 | return false; 117 | 118 | var view1 = new Uint8Array(input_buffer1); 119 | var view2 = new Uint8Array(input_buffer2); 120 | 121 | return in_window.org.pkijs.isEqual_view(view1, view2); 122 | } 123 | //************************************************************************************** 124 | in_window.org.pkijs.concat_buffers = 125 | function(input_buf1, input_buf2) 126 | { 127 | /// Concatenate two ArrayBuffers 128 | /// First ArrayBuffer (first part of concatenated array) 129 | /// Second ArrayBuffer (second part of concatenated array) 130 | 131 | var input_view1 = new Uint8Array(input_buf1); 132 | var input_view2 = new Uint8Array(input_buf2); 133 | 134 | var ret_buf = new ArrayBuffer(input_buf1.byteLength + input_buf2.byteLength); 135 | var ret_view = new Uint8Array(ret_buf); 136 | 137 | for(var i = 0; i < input_buf1.byteLength; i++) 138 | ret_view[i] = input_view1[i]; 139 | 140 | for(var j = 0; j < input_buf2.byteLength; j++) 141 | ret_view[input_buf1.byteLength + j] = input_view2[j]; 142 | 143 | return ret_buf; 144 | } 145 | //************************************************************************************** 146 | in_window.org.pkijs.copyBuffer = 147 | function(input_buffer) 148 | { 149 | var result = new ArrayBuffer(input_buffer.byteLength); 150 | 151 | var resultView = new Uint8Array(result); 152 | var inputView = new Uint8Array(input_buffer); 153 | 154 | for(var i = 0; i < inputView.length; i++) 155 | resultView[i] = inputView[i]; 156 | 157 | return result; 158 | } 159 | //************************************************************************************** 160 | in_window.org.pkijs.getCrypto = 161 | function() 162 | { 163 | var crypto_temp = {}; 164 | //crypto_temp = window.msCrypto; 165 | //if(typeof crypto_temp === "undefined") 166 | //crypto_temp = window.polycrypt; 167 | //else 168 | crypto_temp = window.crypto.subtle; 169 | 170 | return crypto_temp; 171 | } 172 | //************************************************************************************** 173 | in_window.org.pkijs.stringPrep = 174 | function(input_string) 175 | { 176 | /// String preparation function. In a future here will be realization of algorithm from RFC4518. 177 | /// JavaScript string. As soon as for each ASN.1 string type we have a specific transformation function here we will work with pure JavaScript string 178 | /// Formated string 179 | 180 | var result = input_string.replace(/^\s+|\s+$/g, ""); // Trim input string 181 | result = result.replace(/\s+/g, " "); // Change all sequence of SPACE down to SPACE char 182 | result = result.toLowerCase(); 183 | 184 | return result; 185 | } 186 | //************************************************************************************** 187 | in_window.org.pkijs.bufferToHexCodes = 188 | function(input_buffer, input_offset, input_lenght) 189 | { 190 | var result = ""; 191 | 192 | var int_buffer = new Uint8Array(input_buffer, input_offset, input_lenght); 193 | 194 | for(var i = 0; i < int_buffer.length; i++) 195 | { 196 | var str = int_buffer[i].toString(16).toUpperCase(); 197 | result = result + ((str.length === 1) ? "0" : "") + str; 198 | } 199 | 200 | return result; 201 | } 202 | //************************************************************************************** 203 | // #endregion 204 | //************************************************************************************** 205 | } 206 | )(typeof exports !== "undefined" ? exports : window); -------------------------------------------------------------------------------- /index.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | X.509 Certificate Creation 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 |

X.509 Certificate Creation

15 | 16 |

This page will create a key pair and 17 | a certificate for that key pair with 18 | the specified values. The certificate 19 | will be self-signed. 20 |

21 |

The certificate, public key, and private 22 | key will be provided for download. 23 |

24 | 25 |
26 | 27 | 28 | 29 | 30 | 31 | 32 | 33 | 34 | 35 | 36 | 37 | 38 | 39 | 40 | 41 | 42 | 43 |
44 |

45 |
46 | 47 |
48 |

Certificate in PEM Format

49 | Download Certificate 50 |

51 |     
52 | 53 |
54 |

Public Key in PEM Format

55 | Download Public Key 56 |

57 |     
58 | 59 |
60 |

Private Key in PEM Format

61 | Download Private Key 62 |

63 |     
64 | 65 | 66 | 67 | -------------------------------------------------------------------------------- /x509_schema.js: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2014, GMO GlobalSign 3 | * All rights reserved. 4 | * 5 | * Author 2014, Yury Strozhevsky . 6 | * 7 | * Redistribution and use in source and binary forms, with or without modification, 8 | * are permitted provided that the following conditions are met: 9 | * 10 | * 1. Redistributions of source code must retain the above copyright notice, 11 | * this list of conditions and the following disclaimer. 12 | * 13 | * 2. Redistributions in binary form must reproduce the above copyright notice, 14 | * this list of conditions and the following disclaimer in the documentation 15 | * and/or other materials provided with the distribution. 16 | * 17 | * 3. Neither the name of the copyright holder nor the names of its contributors 18 | * may be used to endorse or promote products derived from this software without 19 | * specific prior written permission. 20 | * 21 | * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND 22 | * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED 23 | * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 24 | * IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, 25 | * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 26 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR 27 | * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, 28 | * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 29 | * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY 30 | * OF SUCH DAMAGE. 31 | * 32 | */ 33 | ( 34 | function(in_window) 35 | { 36 | //************************************************************************************** 37 | // #region Declaration of global variables 38 | //************************************************************************************** 39 | // #region "org" namespace 40 | if(typeof in_window.org === "undefined") 41 | in_window.org = {}; 42 | else 43 | { 44 | if(typeof in_window.org !== "object") 45 | throw new Error("Name org already exists and it's not an object"); 46 | } 47 | // #endregion 48 | 49 | // #region "org.pkijs" namespace 50 | if(typeof in_window.org.pkijs === "undefined") 51 | in_window.org.pkijs = {}; 52 | else 53 | { 54 | if(typeof in_window.org.pkijs !== "object") 55 | throw new Error("Name org.pkijs already exists and it's not an object" + " but " + (typeof in_window.org.pkijs)); 56 | } 57 | // #endregion 58 | 59 | // #region "org.pkijs.schema" namespace 60 | if(typeof in_window.org.pkijs.schema === "undefined") 61 | in_window.org.pkijs.schema = {}; 62 | else 63 | { 64 | if(typeof in_window.org.pkijs.schema !== "object") 65 | throw new Error("Name org.pkijs.schema already exists and it's not an object" + " but " + (typeof in_window.org.pkijs.schema)); 66 | } 67 | // #endregion 68 | 69 | // #region "org.pkijs.schema.x509" namespace 70 | if(typeof in_window.org.pkijs.schema.x509 === "undefined") 71 | in_window.org.pkijs.schema.x509 = {}; 72 | else 73 | { 74 | if(typeof in_window.org.pkijs.schema.x509 !== "object") 75 | throw new Error("Name org.pkijs.schema.x509 already exists and it's not an object" + " but " + (typeof in_window.org.pkijs.schema.x509)); 76 | } 77 | // #endregion 78 | 79 | // #region "local" namespace 80 | var local = {}; 81 | // #endregion 82 | //************************************************************************************** 83 | // #endregion 84 | //************************************************************************************** 85 | // #region ASN.1 schema definition for "Time" type 86 | //************************************************************************************** 87 | in_window.org.pkijs.schema.TIME = 88 | function(input_names, input_optional) 89 | { 90 | var names = in_window.org.pkijs.getNames(arguments[0]); 91 | var optional = (input_optional || false); 92 | 93 | return (new in_window.org.pkijs.asn1.CHOICE({ 94 | optional: optional, 95 | value: [ 96 | new in_window.org.pkijs.asn1.UTCTIME({ name: (names.utcTimeName || "") }), 97 | new in_window.org.pkijs.asn1.GENERALIZEDTIME({ name: (names.generalTimeName || "") }) 98 | ] 99 | })); 100 | } 101 | //************************************************************************************** 102 | // #endregion 103 | //************************************************************************************** 104 | // #region ASN.1 schema definition for X.509 v3 certificate (RFC5280) 105 | //************************************************************************************** 106 | local.tbsCertificate = 107 | function() 108 | { 109 | //TBSCertificate ::= SEQUENCE { 110 | // version [0] EXPLICIT Version DEFAULT v1, 111 | // serialNumber CertificateSerialNumber, 112 | // signature AlgorithmIdentifier, 113 | // issuer Name, 114 | // validity Validity, 115 | // subject Name, 116 | // subjectPublicKeyInfo SubjectPublicKeyInfo, 117 | // issuerUniqueID [1] IMPLICIT UniqueIdentifier OPTIONAL, 118 | // -- If present, version MUST be v2 or v3 119 | // subjectUniqueID [2] IMPLICIT UniqueIdentifier OPTIONAL, 120 | // -- If present, version MUST be v2 or v3 121 | // extensions [3] EXPLICIT Extensions OPTIONAL 122 | // -- If present, version MUST be v3 123 | //} 124 | 125 | var names = in_window.org.pkijs.getNames(arguments[0]); 126 | 127 | return (new in_window.org.pkijs.asn1.SEQUENCE({ 128 | name: (names.block_name || "tbsCertificate"), 129 | value: [ 130 | new in_window.org.pkijs.asn1.ASN1_CONSTRUCTED({ 131 | optional: true, 132 | id_block: { 133 | tag_class: 3, // CONTEXT-SPECIFIC 134 | tag_number: 0 // [0] 135 | }, 136 | value: [ 137 | new in_window.org.pkijs.asn1.INTEGER({ name: (names.tbsCertificate_version || "tbsCertificate.version") }) // EXPLICIT integer value 138 | ] 139 | }), 140 | new in_window.org.pkijs.asn1.INTEGER({ name: (names.tbsCertificate_serialNumber || "tbsCertificate.serialNumber") }), 141 | in_window.org.pkijs.schema.ALGORITHM_IDENTIFIER(names.signature || { 142 | names: { 143 | block_name: "tbsCertificate.signature" 144 | } 145 | }), 146 | in_window.org.pkijs.schema.RDN(names.issuer || { 147 | names: { 148 | block_name: "tbsCertificate.issuer" 149 | } 150 | }), 151 | new in_window.org.pkijs.asn1.SEQUENCE({ 152 | name: (names.tbsCertificate_validity || "tbsCertificate.validity"), 153 | value: [ 154 | in_window.org.pkijs.schema.TIME(names.not_before || { 155 | names: { 156 | utcTimeName: "tbsCertificate.notBefore", 157 | generalTimeName: "tbsCertificate.notBefore" 158 | } 159 | }), 160 | in_window.org.pkijs.schema.TIME(names.not_after || { 161 | names: { 162 | utcTimeName: "tbsCertificate.notAfter", 163 | generalTimeName: "tbsCertificate.notAfter" 164 | } 165 | }) 166 | ] 167 | }), 168 | in_window.org.pkijs.schema.RDN(names.subject || { 169 | names: { 170 | block_name: "tbsCertificate.subject" 171 | } 172 | }), 173 | in_window.org.pkijs.schema.PUBLIC_KEY_INFO(names.subjectPublicKeyInfo || { 174 | names: { 175 | block_name: "tbsCertificate.subjectPublicKeyInfo" 176 | } 177 | }), 178 | new in_window.org.pkijs.asn1.ASN1_PRIMITIVE({ 179 | name: (names.tbsCertificate_issuerUniqueID ||"tbsCertificate.issuerUniqueID"), 180 | optional: true, 181 | id_block: { 182 | tag_class: 3, // CONTEXT-SPECIFIC 183 | tag_number: 1 // [1] 184 | } 185 | }), // IMPLICIT bistring value 186 | new in_window.org.pkijs.asn1.ASN1_PRIMITIVE({ 187 | name: (names.tbsCertificate_subjectUniqueID ||"tbsCertificate.subjectUniqueID"), 188 | optional: true, 189 | id_block: { 190 | tag_class: 3, // CONTEXT-SPECIFIC 191 | tag_number: 2 // [2] 192 | } 193 | }), // IMPLICIT bistring value 194 | new in_window.org.pkijs.asn1.ASN1_CONSTRUCTED({ 195 | optional: true, 196 | id_block: { 197 | tag_class: 3, // CONTEXT-SPECIFIC 198 | tag_number: 3 // [3] 199 | }, 200 | value: [in_window.org.pkijs.schema.EXTENSIONS(names.extensions || { 201 | names: { 202 | block_name: "tbsCertificate.extensions" 203 | } 204 | })] 205 | }) // EXPLICIT SEQUENCE value 206 | ] 207 | })); 208 | } 209 | //************************************************************************************** 210 | in_window.org.pkijs.schema.CERT = 211 | function() 212 | { 213 | //Certificate ::= SEQUENCE { 214 | // tbsCertificate TBSCertificate, 215 | // signatureAlgorithm AlgorithmIdentifier, 216 | // signatureValue BIT STRING } 217 | 218 | var names = in_window.org.pkijs.getNames(arguments[0]); 219 | 220 | return (new in_window.org.pkijs.asn1.SEQUENCE({ 221 | name: (names.block_name || ""), 222 | value: [ 223 | local.tbsCertificate(names.tbsCertificate), 224 | in_window.org.pkijs.schema.ALGORITHM_IDENTIFIER(names.signatureAlgorithm || { 225 | names: { 226 | block_name: "signatureAlgorithm" 227 | } 228 | }), 229 | new in_window.org.pkijs.asn1.BITSTRING({ name: (names.signatureValue || "signatureValue") }) 230 | ] 231 | })); 232 | } 233 | //************************************************************************************** 234 | // #endregion 235 | //************************************************************************************** 236 | // #region ASN.1 schema definition for X.509 CRL (Certificate Revocation List)(RFC5280) 237 | //************************************************************************************** 238 | local.tbsCertList = 239 | function() 240 | { 241 | //TBSCertList ::= SEQUENCE { 242 | // version Version OPTIONAL, 243 | // -- if present, MUST be v2 244 | // signature AlgorithmIdentifier, 245 | // issuer Name, 246 | // thisUpdate Time, 247 | // nextUpdate Time OPTIONAL, 248 | // revokedCertificates SEQUENCE OF SEQUENCE { 249 | // userCertificate CertificateSerialNumber, 250 | // revocationDate Time, 251 | // crlEntryExtensions Extensions OPTIONAL 252 | // -- if present, version MUST be v2 253 | // } OPTIONAL, 254 | // crlExtensions [0] EXPLICIT Extensions OPTIONAL 255 | // -- if present, version MUST be v2 256 | //} 257 | 258 | var names = in_window.org.pkijs.getNames(arguments[0]); 259 | 260 | return (new in_window.org.pkijs.asn1.SEQUENCE({ 261 | name: (names.block_name || "tbsCertList"), 262 | value: [ 263 | new in_window.org.pkijs.asn1.INTEGER({ 264 | optional: true, 265 | name: (names.tbsCertList_version || "tbsCertList.version"), 266 | value: 2 267 | }), // EXPLICIT integer value (v2) 268 | in_window.org.pkijs.schema.ALGORITHM_IDENTIFIER(names.signature || { 269 | names: { 270 | block_name: "tbsCertList.signature" 271 | } 272 | }), 273 | in_window.org.pkijs.schema.RDN(names.issuer || { 274 | names: { 275 | block_name: "tbsCertList.issuer" 276 | } 277 | }), 278 | in_window.org.pkijs.schema.TIME(names.tbsCertList_thisUpdate || { 279 | names: { 280 | utcTimeName: "tbsCertList.thisUpdate", 281 | generalTimeName: "tbsCertList.thisUpdate" 282 | } 283 | }), 284 | in_window.org.pkijs.schema.TIME(names.tbsCertList_thisUpdate || { 285 | names: { 286 | utcTimeName: "tbsCertList.nextUpdate", 287 | generalTimeName: "tbsCertList.nextUpdate" 288 | } 289 | }, true), 290 | new in_window.org.pkijs.asn1.SEQUENCE({ 291 | optional: true, 292 | value: [ 293 | new in_window.org.pkijs.asn1.REPEATED({ 294 | name: (names.tbsCertList_revokedCertificates || "tbsCertList.revokedCertificates"), 295 | value: new in_window.org.pkijs.asn1.SEQUENCE({ 296 | value: [ 297 | new in_window.org.pkijs.asn1.INTEGER(), 298 | in_window.org.pkijs.schema.TIME(), 299 | in_window.org.pkijs.schema.EXTENSIONS({}, true) 300 | ] 301 | }) 302 | }) 303 | ] 304 | }), 305 | new in_window.org.pkijs.asn1.ASN1_CONSTRUCTED({ 306 | optional: true, 307 | id_block: { 308 | tag_class: 3, // CONTEXT-SPECIFIC 309 | tag_number: 0 // [0] 310 | }, 311 | value: [in_window.org.pkijs.schema.EXTENSIONS(names.crlExtensions || { 312 | names: { 313 | block_name: "tbsCertList.extensions" 314 | } 315 | })] 316 | }) // EXPLICIT SEQUENCE value 317 | ] 318 | })); 319 | } 320 | //************************************************************************************** 321 | in_window.org.pkijs.schema.CRL = 322 | function() 323 | { 324 | //CertificateList ::= SEQUENCE { 325 | // tbsCertList TBSCertList, 326 | // signatureAlgorithm AlgorithmIdentifier, 327 | // signatureValue BIT STRING } 328 | 329 | var names = in_window.org.pkijs.getNames(arguments[0]); 330 | 331 | return (new in_window.org.pkijs.asn1.SEQUENCE({ 332 | name: (names.block_name || "CertificateList"), 333 | value: [ 334 | local.tbsCertList(arguments[0]), 335 | in_window.org.pkijs.schema.ALGORITHM_IDENTIFIER(names.signatureAlgorithm || { 336 | names: { 337 | block_name: "signatureAlgorithm" 338 | } 339 | }), 340 | new in_window.org.pkijs.asn1.BITSTRING({ name: (names.signatureValue || "signatureValue") }) 341 | ] 342 | })); 343 | } 344 | //************************************************************************************** 345 | // #endregion 346 | //************************************************************************************** 347 | // #region ASN.1 schema definition for PKCS#10 certificate request 348 | //************************************************************************************** 349 | local.CertificationRequestInfo = 350 | function() 351 | { 352 | //CertificationRequestInfo ::= SEQUENCE { 353 | // version INTEGER { v1(0) } (v1,...), 354 | // subject Name, 355 | // subjectPKInfo SubjectPublicKeyInfo{{ PKInfoAlgorithms }}, 356 | // attributes [0] Attributes{{ CRIAttributes }} 357 | //} 358 | 359 | var names = in_window.org.pkijs.getNames(arguments[0]); 360 | 361 | return (new in_window.org.pkijs.asn1.SEQUENCE({ 362 | name: (names.CertificationRequestInfo || "CertificationRequestInfo"), 363 | value: [ 364 | new in_window.org.pkijs.asn1.INTEGER({ name: (names.CertificationRequestInfo_version || "CertificationRequestInfo.version") }), 365 | new in_window.org.pkijs.schema.RDN(names.subject || { 366 | names: { 367 | block_name: "CertificationRequestInfo.subject" 368 | } 369 | }), 370 | new in_window.org.pkijs.schema.PUBLIC_KEY_INFO({ 371 | names: { 372 | block_name: "CertificationRequestInfo.subjectPublicKeyInfo" 373 | } 374 | }), 375 | new in_window.org.pkijs.asn1.ASN1_CONSTRUCTED({ 376 | optional: true, 377 | id_block: { 378 | tag_class: 3, // CONTEXT-SPECIFIC 379 | tag_number: 0 // [0] 380 | }, 381 | value: [ 382 | new in_window.org.pkijs.asn1.REPEATED({ 383 | optional: true, // Because OpenSSL makes wrong "attributes" field 384 | name: (names.CertificationRequestInfo_attributes || "CertificationRequestInfo.attributes"), 385 | value: in_window.org.pkijs.schema.ATTRIBUTE(names.attributes || {}) 386 | }) 387 | ] 388 | }) 389 | ] 390 | })); 391 | } 392 | //************************************************************************************** 393 | in_window.org.pkijs.schema.PKCS10 = 394 | function() 395 | { 396 | //CertificationRequest ::= SEQUENCE { 397 | // certificationRequestInfo CertificationRequestInfo, 398 | // signatureAlgorithm AlgorithmIdentifier{{ SignatureAlgorithms }}, 399 | // signature BIT STRING 400 | //} 401 | 402 | var names = in_window.org.pkijs.getNames(arguments[0]); 403 | 404 | return (new in_window.org.pkijs.asn1.SEQUENCE({ 405 | value: [ 406 | local.CertificationRequestInfo(names.certificationRequestInfo || {}), 407 | new in_window.org.pkijs.asn1.SEQUENCE({ 408 | name: (names.signatureAlgorithm || "signatureAlgorithm"), 409 | value: [ 410 | new in_window.org.pkijs.asn1.OID(), 411 | new in_window.org.pkijs.asn1.ANY({ optional: true }) 412 | ] 413 | }), 414 | new in_window.org.pkijs.asn1.BITSTRING({ name: (names.signatureValue || "signatureValue") }) 415 | ] 416 | })); 417 | } 418 | //************************************************************************************** 419 | // #endregion 420 | //************************************************************************************** 421 | // #region ASN.1 schema definition for PKCS#8 private key bag 422 | //************************************************************************************** 423 | in_window.org.pkijs.schema.PKCS8 = 424 | function() 425 | { 426 | //PrivateKeyInfo ::= SEQUENCE { 427 | // version Version, 428 | // privateKeyAlgorithm AlgorithmIdentifier {{PrivateKeyAlgorithms}}, 429 | // privateKey PrivateKey, 430 | // attributes [0] Attributes OPTIONAL } 431 | // 432 | //Version ::= INTEGER {v1(0)} (v1,...) 433 | // 434 | //PrivateKey ::= OCTET STRING 435 | // 436 | //Attributes ::= SET OF Attribute 437 | 438 | var names = in_window.org.pkijs.getNames(arguments[0]); 439 | 440 | return (new in_window.org.pkijs.asn1.SEQUENCE({ 441 | value: [ 442 | new in_window.org.pkijs.asn1.INTEGER({ name: (names.version || "") }), 443 | in_window.org.pkijs.schema.ALGORITHM_IDENTIFIER(names.privateKeyAlgorithm || ""), 444 | new in_window.org.pkijs.asn1.OCTETSTRING({ name: (names.privateKey || "") }), 445 | new in_window.org.pkijs.asn1.ASN1_CONSTRUCTED({ 446 | optional: true, 447 | id_block: { 448 | tag_class: 3, // CONTEXT-SPECIFIC 449 | tag_number: 0 // [0] 450 | }, 451 | value: [ 452 | new in_window.org.pkijs.asn1.REPEATED({ 453 | name: (names.attributes || ""), 454 | value: in_window.org.pkijs.schema.ATTRIBUTE() 455 | }) 456 | ] 457 | }) 458 | ] 459 | })); 460 | } 461 | //************************************************************************************** 462 | // #endregion 463 | //************************************************************************************** 464 | // #region ASN.1 schema definition for "GeneralName" type 465 | //************************************************************************************** 466 | local.BuiltInStandardAttributes = 467 | function(optional_flag) 468 | { 469 | //BuiltInStandardAttributes ::= SEQUENCE { 470 | // country-name CountryName OPTIONAL, 471 | // administration-domain-name AdministrationDomainName OPTIONAL, 472 | // network-address [0] IMPLICIT NetworkAddress OPTIONAL, 473 | // terminal-identifier [1] IMPLICIT TerminalIdentifier OPTIONAL, 474 | // private-domain-name [2] PrivateDomainName OPTIONAL, 475 | // organization-name [3] IMPLICIT OrganizationName OPTIONAL, 476 | // numeric-user-identifier [4] IMPLICIT NumericUserIdentifier OPTIONAL, 477 | // personal-name [5] IMPLICIT PersonalName OPTIONAL, 478 | // organizational-unit-names [6] IMPLICIT OrganizationalUnitNames OPTIONAL } 479 | 480 | if(typeof optional_flag === "undefined") 481 | optional_flag = false; 482 | 483 | var names = in_window.org.pkijs.getNames(arguments[0]); 484 | 485 | return (new in_window.org.pkijs.asn1.SEQUENCE({ 486 | optional: optional_flag, 487 | value: [ 488 | new in_window.org.pkijs.asn1.ASN1_CONSTRUCTED({ 489 | optional: true, 490 | id_block: { 491 | tag_class: 2, // APPLICATION-SPECIFIC 492 | tag_number: 1 // [1] 493 | }, 494 | name: (names.country_name || ""), 495 | value: [ 496 | new in_window.org.pkijs.asn1.CHOICE({ 497 | value: [ 498 | new in_window.org.pkijs.asn1.NUMERICSTRING(), 499 | new in_window.org.pkijs.asn1.PRINTABLESTRING() 500 | ] 501 | }) 502 | ] 503 | }), 504 | new in_window.org.pkijs.asn1.ASN1_CONSTRUCTED({ 505 | optional: true, 506 | id_block: { 507 | tag_class: 2, // APPLICATION-SPECIFIC 508 | tag_number: 2 // [2] 509 | }, 510 | name: (names.administration_domain_name || ""), 511 | value: [ 512 | new in_window.org.pkijs.asn1.CHOICE({ 513 | value: [ 514 | new in_window.org.pkijs.asn1.NUMERICSTRING(), 515 | new in_window.org.pkijs.asn1.PRINTABLESTRING() 516 | ] 517 | }) 518 | ] 519 | }), 520 | new in_window.org.pkijs.asn1.ASN1_PRIMITIVE({ 521 | optional: true, 522 | id_block: { 523 | tag_class: 3, // CONTEXT-SPECIFIC 524 | tag_number: 0 // [0] 525 | }, 526 | name: (names.network_address || ""), 527 | is_hex_only: true 528 | }), 529 | new in_window.org.pkijs.asn1.ASN1_PRIMITIVE({ 530 | optional: true, 531 | id_block: { 532 | tag_class: 3, // CONTEXT-SPECIFIC 533 | tag_number: 1 // [1] 534 | }, 535 | name: (names.terminal_identifier || ""), 536 | is_hex_only: true 537 | }), 538 | new in_window.org.pkijs.asn1.ASN1_CONSTRUCTED({ 539 | optional: true, 540 | id_block: { 541 | tag_class: 3, // CONTEXT-SPECIFIC 542 | tag_number: 2 // [2] 543 | }, 544 | name: (names.private_domain_name || ""), 545 | value: [ 546 | new in_window.org.pkijs.asn1.CHOICE({ 547 | value: [ 548 | new in_window.org.pkijs.asn1.NUMERICSTRING(), 549 | new in_window.org.pkijs.asn1.PRINTABLESTRING() 550 | ] 551 | }) 552 | ] 553 | }), 554 | new in_window.org.pkijs.asn1.ASN1_PRIMITIVE({ 555 | optional: true, 556 | id_block: { 557 | tag_class: 3, // CONTEXT-SPECIFIC 558 | tag_number: 3 // [3] 559 | }, 560 | name: (names.organization_name || ""), 561 | is_hex_only: true 562 | }), 563 | new in_window.org.pkijs.asn1.ASN1_PRIMITIVE({ 564 | optional: true, 565 | name: (names.numeric_user_identifier || ""), 566 | id_block: { 567 | tag_class: 3, // CONTEXT-SPECIFIC 568 | tag_number: 4 // [4] 569 | }, 570 | is_hex_only: true 571 | }), 572 | new in_window.org.pkijs.asn1.ASN1_CONSTRUCTED({ 573 | optional: true, 574 | name: (names.personal_name || ""), 575 | id_block: { 576 | tag_class: 3, // CONTEXT-SPECIFIC 577 | tag_number: 5 // [5] 578 | }, 579 | value: [ 580 | new in_window.org.pkijs.asn1.ASN1_PRIMITIVE({ 581 | id_block: { 582 | tag_class: 3, // CONTEXT-SPECIFIC 583 | tag_number: 0 // [0] 584 | }, 585 | is_hex_only: true 586 | }), 587 | new in_window.org.pkijs.asn1.ASN1_PRIMITIVE({ 588 | optional: true, 589 | id_block: { 590 | tag_class: 3, // CONTEXT-SPECIFIC 591 | tag_number: 1 // [1] 592 | }, 593 | is_hex_only: true 594 | }), 595 | new in_window.org.pkijs.asn1.ASN1_PRIMITIVE({ 596 | optional: true, 597 | id_block: { 598 | tag_class: 3, // CONTEXT-SPECIFIC 599 | tag_number: 2 // [2] 600 | }, 601 | is_hex_only: true 602 | }), 603 | new in_window.org.pkijs.asn1.ASN1_PRIMITIVE({ 604 | optional: true, 605 | id_block: { 606 | tag_class: 3, // CONTEXT-SPECIFIC 607 | tag_number: 3 // [3] 608 | }, 609 | is_hex_only: true 610 | }) 611 | ] 612 | }), 613 | new in_window.org.pkijs.asn1.ASN1_CONSTRUCTED({ 614 | optional: true, 615 | name: (names.organizational_unit_names || ""), 616 | id_block: { 617 | tag_class: 3, // CONTEXT-SPECIFIC 618 | tag_number: 6 // [6] 619 | }, 620 | value: [ 621 | new in_window.org.pkijs.asn1.REPEATED({ 622 | value: new in_window.org.pkijs.asn1.PRINTABLESTRING() 623 | }) 624 | ] 625 | }) 626 | ] 627 | })); 628 | } 629 | //************************************************************************************** 630 | local.BuiltInDomainDefinedAttributes = 631 | function(optional_flag) 632 | { 633 | if(typeof optional_flag === "undefined") 634 | optional_flag = false; 635 | 636 | return (new in_window.org.pkijs.asn1.SEQUENCE({ 637 | optional: optional_flag, 638 | value: [ 639 | new in_window.org.pkijs.asn1.PRINTABLESTRING(), 640 | new in_window.org.pkijs.asn1.PRINTABLESTRING() 641 | ] 642 | })); 643 | } 644 | //************************************************************************************** 645 | local.ExtensionAttributes = 646 | function(optional_flag) 647 | { 648 | if(typeof optional_flag === "undefined") 649 | optional_flag = false; 650 | 651 | return (new in_window.org.pkijs.asn1.SET({ 652 | optional: optional_flag, 653 | value: [ 654 | new in_window.org.pkijs.asn1.ASN1_PRIMITIVE({ 655 | optional: true, 656 | id_block: { 657 | tag_class: 3, // CONTEXT-SPECIFIC 658 | tag_number: 0 // [0] 659 | }, 660 | is_hex_only: true 661 | }), 662 | new in_window.org.pkijs.asn1.ASN1_CONSTRUCTED({ 663 | optional: true, 664 | id_block: { 665 | tag_class: 3, // CONTEXT-SPECIFIC 666 | tag_number: 1 // [1] 667 | }, 668 | value: [new in_window.org.pkijs.asn1.ANY()] 669 | }) 670 | ] 671 | })); 672 | } 673 | //************************************************************************************** 674 | in_window.org.pkijs.schema.GENERAL_NAME = 675 | function() 676 | { 677 | /// By passing "names" array as an argument you can name each element of "GENERAL NAME" choice 678 | 679 | //GeneralName ::= CHOICE { 680 | // otherName [0] OtherName, 681 | // rfc822Name [1] IA5String, 682 | // dNSName [2] IA5String, 683 | // x400Address [3] ORAddress, 684 | // directoryName [4] Name, 685 | // ediPartyName [5] EDIPartyName, 686 | // uniformResourceIdentifier [6] IA5String, 687 | // iPAddress [7] OCTET STRING, 688 | // registeredID [8] OBJECT IDENTIFIER } 689 | 690 | var names = in_window.org.pkijs.getNames(arguments[0]); 691 | 692 | return (new in_window.org.pkijs.asn1.CHOICE({ 693 | value: [ 694 | new in_window.org.pkijs.asn1.ASN1_CONSTRUCTED({ 695 | id_block: { 696 | tag_class: 3, // CONTEXT-SPECIFIC 697 | tag_number: 0 // [0] 698 | }, 699 | name: (names.block_name || ""), 700 | value: [ 701 | new in_window.org.pkijs.asn1.OID(), 702 | new in_window.org.pkijs.asn1.ASN1_CONSTRUCTED({ 703 | id_block: { 704 | tag_class: 3, // CONTEXT-SPECIFIC 705 | tag_number: 0 // [0] 706 | }, 707 | value: [new in_window.org.pkijs.asn1.ANY()] 708 | }) 709 | ] 710 | }), 711 | new in_window.org.pkijs.asn1.ASN1_PRIMITIVE({ 712 | name: (names.block_name || ""), 713 | id_block: { 714 | tag_class: 3, // CONTEXT-SPECIFIC 715 | tag_number: 1 // [1] 716 | } 717 | }), 718 | new in_window.org.pkijs.asn1.ASN1_PRIMITIVE({ 719 | name: (names.block_name || ""), 720 | id_block: { 721 | tag_class: 3, // CONTEXT-SPECIFIC 722 | tag_number: 2 // [2] 723 | } 724 | }), 725 | new in_window.org.pkijs.asn1.ASN1_CONSTRUCTED({ 726 | id_block: { 727 | tag_class: 3, // CONTEXT-SPECIFIC 728 | tag_number: 3 // [3] 729 | }, 730 | name: (names.block_name || ""), 731 | value: [ 732 | local.BuiltInStandardAttributes(false), 733 | local.BuiltInDomainDefinedAttributes(true), 734 | local.ExtensionAttributes(true) 735 | ] 736 | }), 737 | new in_window.org.pkijs.asn1.ASN1_CONSTRUCTED({ 738 | id_block: { 739 | tag_class: 3, // CONTEXT-SPECIFIC 740 | tag_number: 4 // [4] 741 | }, 742 | name: (names.block_name || ""), 743 | value: [in_window.org.pkijs.schema.RDN(names.directoryName || {})] 744 | }), 745 | new in_window.org.pkijs.asn1.ASN1_CONSTRUCTED({ 746 | id_block: { 747 | tag_class: 3, // CONTEXT-SPECIFIC 748 | tag_number: 5 // [5] 749 | }, 750 | name: (names.block_name || ""), 751 | value: [ 752 | new in_window.org.pkijs.asn1.ASN1_CONSTRUCTED({ 753 | optional: true, 754 | id_block: { 755 | tag_class: 3, // CONTEXT-SPECIFIC 756 | tag_number: 0 // [0] 757 | }, 758 | value: [ 759 | new in_window.org.pkijs.asn1.CHOICE({ 760 | value: [ 761 | new in_window.org.pkijs.asn1.TELETEXSTRING(), 762 | new in_window.org.pkijs.asn1.PRINTABLESTRING(), 763 | new in_window.org.pkijs.asn1.UNIVERSALSTRING(), 764 | new in_window.org.pkijs.asn1.UTF8STRING(), 765 | new in_window.org.pkijs.asn1.BMPSTRING() 766 | ] 767 | }) 768 | ] 769 | }), 770 | new in_window.org.pkijs.asn1.ASN1_CONSTRUCTED({ 771 | id_block: { 772 | tag_class: 3, // CONTEXT-SPECIFIC 773 | tag_number: 1 // [1] 774 | }, 775 | value: [ 776 | new in_window.org.pkijs.asn1.CHOICE({ 777 | value: [ 778 | new in_window.org.pkijs.asn1.TELETEXSTRING(), 779 | new in_window.org.pkijs.asn1.PRINTABLESTRING(), 780 | new in_window.org.pkijs.asn1.UNIVERSALSTRING(), 781 | new in_window.org.pkijs.asn1.UTF8STRING(), 782 | new in_window.org.pkijs.asn1.BMPSTRING() 783 | ] 784 | }) 785 | ] 786 | }) 787 | ] 788 | }), 789 | new in_window.org.pkijs.asn1.ASN1_PRIMITIVE({ 790 | name: (names.block_name || ""), 791 | id_block: { 792 | tag_class: 3, // CONTEXT-SPECIFIC 793 | tag_number: 6 // [6] 794 | } 795 | }), 796 | new in_window.org.pkijs.asn1.ASN1_PRIMITIVE({ 797 | name: (names.block_name || ""), 798 | id_block: { 799 | tag_class: 3, // CONTEXT-SPECIFIC 800 | tag_number: 7 // [7] 801 | } 802 | }), 803 | new in_window.org.pkijs.asn1.ASN1_PRIMITIVE({ 804 | name: (names.block_name || ""), 805 | id_block: { 806 | tag_class: 3, // CONTEXT-SPECIFIC 807 | tag_number: 8 // [8] 808 | } 809 | }) 810 | ] 811 | })); 812 | } 813 | //************************************************************************************** 814 | // #endregion 815 | //************************************************************************************** 816 | // #region ASN.1 schema definition for "AlgorithmIdentifier" type 817 | //************************************************************************************** 818 | in_window.org.pkijs.schema.ALGORITHM_IDENTIFIER = 819 | function() 820 | { 821 | //AlgorithmIdentifier ::= SEQUENCE { 822 | // algorithm OBJECT IDENTIFIER, 823 | // parameters ANY DEFINED BY algorithm OPTIONAL } 824 | 825 | var names = in_window.org.pkijs.getNames(arguments[0]); 826 | 827 | return (new in_window.org.pkijs.asn1.SEQUENCE({ 828 | name: (names.block_name || ""), 829 | value: [ 830 | new in_window.org.pkijs.asn1.OID({ name: (names.algorithmIdentifier || "") }), 831 | new in_window.org.pkijs.asn1.ANY({ name: (names.algorithmParams || ""), optional: true }) 832 | ] 833 | })); 834 | } 835 | //************************************************************************************** 836 | // #endregion 837 | //************************************************************************************** 838 | // #region ASN.1 schema definition for "RSAPublicKey" type (RFC3447) 839 | //************************************************************************************** 840 | in_window.org.pkijs.schema.x509.RSAPublicKey = 841 | function() 842 | { 843 | //RSAPublicKey ::= SEQUENCE { 844 | // modulus INTEGER, -- n 845 | // publicExponent INTEGER -- e 846 | //} 847 | 848 | var names = in_window.org.pkijs.getNames(arguments[0]); 849 | 850 | return (new in_window.org.pkijs.asn1.SEQUENCE({ 851 | name: (names.block_name || ""), 852 | value: [ 853 | new in_window.org.pkijs.asn1.INTEGER({ name: (names.modulus || "") }), 854 | new in_window.org.pkijs.asn1.INTEGER({ name: (names.publicExponent || "") }) 855 | ] 856 | })); 857 | } 858 | //************************************************************************************** 859 | // #endregion 860 | //************************************************************************************** 861 | // #region ASN.1 schema definition for "OtherPrimeInfo" type (RFC3447) 862 | //************************************************************************************** 863 | in_window.org.pkijs.schema.x509.OtherPrimeInfo = 864 | function() 865 | { 866 | //OtherPrimeInfo ::= SEQUENCE { 867 | // prime INTEGER, -- ri 868 | // exponent INTEGER, -- di 869 | // coefficient INTEGER -- ti 870 | //} 871 | 872 | var names = in_window.org.pkijs.getNames(arguments[0]); 873 | 874 | return (new in_window.org.pkijs.asn1.SEQUENCE({ 875 | name: (names.block_name || ""), 876 | value: [ 877 | new in_window.org.pkijs.asn1.INTEGER({ name: (names.prime || "") }), 878 | new in_window.org.pkijs.asn1.INTEGER({ name: (names.exponent || "") }), 879 | new in_window.org.pkijs.asn1.INTEGER({ name: (names.coefficient || "") }) 880 | ] 881 | })); 882 | } 883 | //************************************************************************************** 884 | // #endregion 885 | //************************************************************************************** 886 | // #region ASN.1 schema definition for "RSAPrivateKey" type (RFC3447) 887 | //************************************************************************************** 888 | in_window.org.pkijs.schema.x509.RSAPrivateKey = 889 | function() 890 | { 891 | //RSAPrivateKey ::= SEQUENCE { 892 | // version Version, 893 | // modulus INTEGER, -- n 894 | // publicExponent INTEGER, -- e 895 | // privateExponent INTEGER, -- d 896 | // prime1 INTEGER, -- p 897 | // prime2 INTEGER, -- q 898 | // exponent1 INTEGER, -- d mod (p-1) 899 | // exponent2 INTEGER, -- d mod (q-1) 900 | // coefficient INTEGER, -- (inverse of q) mod p 901 | // otherPrimeInfos OtherPrimeInfos OPTIONAL 902 | //} 903 | // 904 | //OtherPrimeInfos ::= SEQUENCE SIZE(1..MAX) OF OtherPrimeInfo 905 | 906 | var names = in_window.org.pkijs.getNames(arguments[0]); 907 | 908 | return (new in_window.org.pkijs.asn1.SEQUENCE({ 909 | name: (names.block_name || ""), 910 | value: [ 911 | new in_window.org.pkijs.asn1.INTEGER({ name: (names.version || "") }), 912 | new in_window.org.pkijs.asn1.INTEGER({ name: (names.modulus || "") }), 913 | new in_window.org.pkijs.asn1.INTEGER({ name: (names.publicExponent || "") }), 914 | new in_window.org.pkijs.asn1.INTEGER({ name: (names.privateExponent || "") }), 915 | new in_window.org.pkijs.asn1.INTEGER({ name: (names.prime1 || "") }), 916 | new in_window.org.pkijs.asn1.INTEGER({ name: (names.prime2 || "") }), 917 | new in_window.org.pkijs.asn1.INTEGER({ name: (names.exponent1 || "") }), 918 | new in_window.org.pkijs.asn1.INTEGER({ name: (names.exponent2 || "") }), 919 | new in_window.org.pkijs.asn1.INTEGER({ name: (names.coefficient || "") }), 920 | new in_window.org.pkijs.asn1.SEQUENCE({ 921 | optional: true, 922 | value: [ 923 | new in_window.org.pkijs.asn1.REPEATED({ 924 | name: (names.otherPrimeInfos || ""), 925 | value: in_window.org.pkijs.schema.x509.OtherPrimeInfo(names.otherPrimeInfo || {}) 926 | }) 927 | ] 928 | }) 929 | ] 930 | })); 931 | } 932 | //************************************************************************************** 933 | // #endregion 934 | //************************************************************************************** 935 | // #region ASN.1 schema definition for "SubjectPublicKeyInfo" type 936 | //************************************************************************************** 937 | in_window.org.pkijs.schema.PUBLIC_KEY_INFO = 938 | function() 939 | { 940 | //SubjectPublicKeyInfo ::= SEQUENCE { 941 | // algorithm AlgorithmIdentifier, 942 | // subjectPublicKey BIT STRING } 943 | 944 | var names = in_window.org.pkijs.getNames(arguments[0]); 945 | 946 | return (new in_window.org.pkijs.asn1.SEQUENCE({ 947 | name: (names.block_name || ""), 948 | value: [ 949 | in_window.org.pkijs.schema.ALGORITHM_IDENTIFIER(names.algorithm || {}), 950 | new in_window.org.pkijs.asn1.BITSTRING({ name: (names.subjectPublicKey || "") }) 951 | ] 952 | })); 953 | } 954 | //************************************************************************************** 955 | // #endregion 956 | //************************************************************************************** 957 | // #region ASN.1 schema definition for "Attribute" type 958 | //************************************************************************************** 959 | in_window.org.pkijs.schema.ATTRIBUTE = 960 | function() 961 | { 962 | // Attribute { ATTRIBUTE:IOSet } ::= SEQUENCE { 963 | // type ATTRIBUTE.&id({IOSet}), 964 | // values SET SIZE(1..MAX) OF ATTRIBUTE.&Type({IOSet}{@type}) 965 | //} 966 | 967 | var names = in_window.org.pkijs.getNames(arguments[0]); 968 | 969 | return (new in_window.org.pkijs.asn1.SEQUENCE({ 970 | name: (names.block_name || ""), 971 | value: [ 972 | new in_window.org.pkijs.asn1.OID({ name: (names.type || "") }), 973 | new in_window.org.pkijs.asn1.SET({ 974 | name: (names.set_name || ""), 975 | value: [ 976 | new in_window.org.pkijs.asn1.REPEATED({ 977 | name: (names.values || ""), 978 | value: new in_window.org.pkijs.asn1.ANY() 979 | }) 980 | ] 981 | }) 982 | ] 983 | })); 984 | } 985 | //************************************************************************************** 986 | // #endregion 987 | //************************************************************************************** 988 | // #region ASN.1 schema definition for "AttributeTypeAndValue" type 989 | //************************************************************************************** 990 | in_window.org.pkijs.schema.ATTR_TYPE_AND_VALUE = 991 | function() 992 | { 993 | //AttributeTypeAndValue ::= SEQUENCE { 994 | // type AttributeType, 995 | // value AttributeValue } 996 | // 997 | //AttributeType ::= OBJECT IDENTIFIER 998 | // 999 | //AttributeValue ::= ANY -- DEFINED BY AttributeType 1000 | 1001 | var names = in_window.org.pkijs.getNames(arguments[0]); 1002 | 1003 | return (new in_window.org.pkijs.asn1.SEQUENCE({ 1004 | name: (names.block_name || ""), 1005 | value: [ 1006 | new in_window.org.pkijs.asn1.OID({ name: (names.type || "") }), 1007 | new in_window.org.pkijs.asn1.ANY({ name: (names.value || "") }) 1008 | ] 1009 | })); 1010 | } 1011 | //************************************************************************************** 1012 | // #endregion 1013 | //************************************************************************************** 1014 | // #region ASN.1 schema definition for "RelativeDistinguishedName" type 1015 | //************************************************************************************** 1016 | in_window.org.pkijs.schema.RDN = 1017 | function() 1018 | { 1019 | //RDNSequence ::= SEQUENCE OF RelativeDistinguishedName 1020 | // 1021 | //RelativeDistinguishedName ::= 1022 | //SET SIZE (1..MAX) OF AttributeTypeAndValue 1023 | 1024 | var names = in_window.org.pkijs.getNames(arguments[0]); 1025 | 1026 | return (new in_window.org.pkijs.asn1.SEQUENCE({ 1027 | name: (names.block_name || ""), 1028 | value: [ 1029 | new in_window.org.pkijs.asn1.REPEATED({ 1030 | name: (names.repeated_sequence || ""), 1031 | value: new in_window.org.pkijs.asn1.SET({ 1032 | value: [ 1033 | new in_window.org.pkijs.asn1.REPEATED({ 1034 | name: (names.repeated_set || ""), 1035 | value: in_window.org.pkijs.schema.ATTR_TYPE_AND_VALUE(names.attr_type_and_value || {}) 1036 | }) 1037 | ] 1038 | }) 1039 | }) 1040 | ] 1041 | })); 1042 | } 1043 | //************************************************************************************** 1044 | // #endregion 1045 | //************************************************************************************** 1046 | // #region ASN.1 schema definition for "Extension" type 1047 | //************************************************************************************** 1048 | in_window.org.pkijs.schema.EXTENSION = 1049 | function() 1050 | { 1051 | //Extension ::= SEQUENCE { 1052 | // extnID OBJECT IDENTIFIER, 1053 | // critical BOOLEAN DEFAULT FALSE, 1054 | // extnValue OCTET STRING 1055 | //} 1056 | 1057 | var names = in_window.org.pkijs.getNames(arguments[0]); 1058 | 1059 | return (new in_window.org.pkijs.asn1.SEQUENCE({ 1060 | name: (names.block_name || ""), 1061 | value: [ 1062 | new in_window.org.pkijs.asn1.OID({ name: (names.extnID || "") }), 1063 | new in_window.org.pkijs.asn1.BOOLEAN({ name: (names.critical || ""), optional: true }), 1064 | new in_window.org.pkijs.asn1.OCTETSTRING({ name: (names.extnValue || "") }) 1065 | ] 1066 | })); 1067 | } 1068 | //************************************************************************************** 1069 | // #endregion 1070 | //************************************************************************************** 1071 | // #region ASN.1 schema definition for "Extensions" type (sequence of many Extension) 1072 | //************************************************************************************** 1073 | in_window.org.pkijs.schema.EXTENSIONS = 1074 | function(input_names, input_optional) 1075 | { 1076 | //Extensions ::= SEQUENCE SIZE (1..MAX) OF Extension 1077 | 1078 | var names = in_window.org.pkijs.getNames(arguments[0]); 1079 | var optional = input_optional || false; 1080 | 1081 | return (new in_window.org.pkijs.asn1.SEQUENCE({ 1082 | optional: optional, 1083 | name: (names.block_name || ""), 1084 | value: [ 1085 | new in_window.org.pkijs.asn1.REPEATED({ 1086 | name: (names.extensions || ""), 1087 | value: in_window.org.pkijs.schema.EXTENSION(names.extension || {}) 1088 | }) 1089 | ] 1090 | })); 1091 | } 1092 | //************************************************************************************** 1093 | // #endregion 1094 | //************************************************************************************** 1095 | // #region ASN.1 schema definition for "AuthorityKeyIdentifier" type of extension 1096 | //************************************************************************************** 1097 | in_window.org.pkijs.schema.x509.AuthorityKeyIdentifier = 1098 | function() 1099 | { 1100 | // AuthorityKeyIdentifier OID ::= 2.5.29.35 1101 | // 1102 | //AuthorityKeyIdentifier ::= SEQUENCE { 1103 | // keyIdentifier [0] KeyIdentifier OPTIONAL, 1104 | // authorityCertIssuer [1] GeneralNames OPTIONAL, 1105 | // authorityCertSerialNumber [2] CertificateSerialNumber OPTIONAL } 1106 | // 1107 | //KeyIdentifier ::= OCTET STRING 1108 | 1109 | var names = in_window.org.pkijs.getNames(arguments[0]); 1110 | 1111 | return (new in_window.org.pkijs.asn1.SEQUENCE({ 1112 | name: (names.block_name || ""), 1113 | value: [ 1114 | new in_window.org.pkijs.asn1.ASN1_PRIMITIVE({ 1115 | name: (names.keyIdentifier || ""), 1116 | optional: true, 1117 | id_block: { 1118 | tag_class: 3, // CONTEXT-SPECIFIC 1119 | tag_number: 0 // [0] 1120 | } 1121 | }), 1122 | new in_window.org.pkijs.asn1.ASN1_CONSTRUCTED({ 1123 | optional: true, 1124 | id_block: { 1125 | tag_class: 3, // CONTEXT-SPECIFIC 1126 | tag_number: 1 // [1] 1127 | }, 1128 | value: [ 1129 | new in_window.org.pkijs.asn1.REPEATED({ 1130 | name: (names.authorityCertIssuer || ""), 1131 | value: in_window.org.pkijs.schema.GENERAL_NAME() 1132 | }) 1133 | ] 1134 | }), 1135 | new in_window.org.pkijs.asn1.ASN1_PRIMITIVE({ 1136 | name: (names.authorityCertSerialNumber || ""), 1137 | optional: true, 1138 | id_block: { 1139 | tag_class: 3, // CONTEXT-SPECIFIC 1140 | tag_number: 2 // [2] 1141 | } 1142 | }) 1143 | ] 1144 | })); 1145 | } 1146 | //************************************************************************************** 1147 | // #endregion 1148 | //************************************************************************************** 1149 | // #region ASN.1 schema definition for "PrivateKeyUsagePeriod" type of extension 1150 | //************************************************************************************** 1151 | in_window.org.pkijs.schema.x509.PrivateKeyUsagePeriod = 1152 | function() 1153 | { 1154 | // PrivateKeyUsagePeriod OID ::= 2.5.29.16 1155 | // 1156 | //PrivateKeyUsagePeriod ::= SEQUENCE { 1157 | // notBefore [0] GeneralizedTime OPTIONAL, 1158 | // notAfter [1] GeneralizedTime OPTIONAL } 1159 | //-- either notBefore or notAfter MUST be present 1160 | 1161 | var names = in_window.org.pkijs.getNames(arguments[0]); 1162 | 1163 | return (new in_window.org.pkijs.asn1.SEQUENCE({ 1164 | name: (names.block_name || ""), 1165 | value: [ 1166 | new in_window.org.pkijs.asn1.ASN1_PRIMITIVE({ 1167 | name: (names.notBefore || ""), 1168 | optional: true, 1169 | id_block: { 1170 | tag_class: 3, // CONTEXT-SPECIFIC 1171 | tag_number: 0 // [0] 1172 | } 1173 | }), 1174 | new in_window.org.pkijs.asn1.ASN1_PRIMITIVE({ 1175 | name: (names.notAfter || ""), 1176 | optional: true, 1177 | id_block: { 1178 | tag_class: 3, // CONTEXT-SPECIFIC 1179 | tag_number: 1 // [1] 1180 | } 1181 | }) 1182 | ] 1183 | })); 1184 | } 1185 | //************************************************************************************** 1186 | // #endregion 1187 | //************************************************************************************** 1188 | // #region ASN.1 schema definition for "IssuerAltName" and "SubjectAltName" types of extension 1189 | //************************************************************************************** 1190 | in_window.org.pkijs.schema.x509.AltName = 1191 | function() 1192 | { 1193 | // SubjectAltName OID ::= 2.5.29.17 1194 | // IssuerAltName OID ::= 2.5.29.18 1195 | // 1196 | // AltName ::= GeneralNames 1197 | 1198 | var names = in_window.org.pkijs.getNames(arguments[0]); 1199 | 1200 | return (new in_window.org.pkijs.asn1.SEQUENCE({ 1201 | name: (names.block_name || ""), 1202 | value: [ 1203 | new in_window.org.pkijs.asn1.REPEATED({ 1204 | name: (names.altNames || ""), 1205 | value: in_window.org.pkijs.schema.GENERAL_NAME() 1206 | }) 1207 | ] 1208 | })); 1209 | } 1210 | //************************************************************************************** 1211 | // #endregion 1212 | //************************************************************************************** 1213 | // #region ASN.1 schema definition for "SubjectDirectoryAttributes" type of extension 1214 | //************************************************************************************** 1215 | in_window.org.pkijs.schema.x509.SubjectDirectoryAttributes = 1216 | function() 1217 | { 1218 | // SubjectDirectoryAttributes OID ::= 2.5.29.9 1219 | // 1220 | //SubjectDirectoryAttributes ::= SEQUENCE SIZE (1..MAX) OF Attribute 1221 | 1222 | var names = in_window.org.pkijs.getNames(arguments[0]); 1223 | 1224 | return (new in_window.org.pkijs.asn1.SEQUENCE({ 1225 | name: (names.block_name || ""), 1226 | value: [ 1227 | new in_window.org.pkijs.asn1.REPEATED({ 1228 | name: (names.attributes || ""), 1229 | value: in_window.org.pkijs.schema.ATTRIBUTE() 1230 | }) 1231 | ] 1232 | })); 1233 | } 1234 | //************************************************************************************** 1235 | // #endregion 1236 | //************************************************************************************** 1237 | // #region ASN.1 schema definition for "GeneralSubtree" type 1238 | //************************************************************************************** 1239 | in_window.org.pkijs.schema.x509.GeneralSubtree = 1240 | function() 1241 | { 1242 | //GeneralSubtree ::= SEQUENCE { 1243 | // base GeneralName, 1244 | // minimum [0] BaseDistance DEFAULT 0, 1245 | // maximum [1] BaseDistance OPTIONAL } 1246 | // 1247 | //BaseDistance ::= INTEGER (0..MAX) 1248 | 1249 | var names = in_window.org.pkijs.getNames(arguments[0]); 1250 | 1251 | return (new in_window.org.pkijs.asn1.SEQUENCE({ 1252 | name: (names.block_name || ""), 1253 | value: [ 1254 | in_window.org.pkijs.schema.GENERAL_NAME(names.base || ""), 1255 | new in_window.org.pkijs.asn1.ASN1_CONSTRUCTED({ 1256 | optional: true, 1257 | id_block: { 1258 | tag_class: 3, // CONTEXT-SPECIFIC 1259 | tag_number: 0 // [0] 1260 | }, 1261 | value: [new in_window.org.pkijs.asn1.INTEGER({ name: (names.minimum || "") })] 1262 | }), 1263 | new in_window.org.pkijs.asn1.ASN1_CONSTRUCTED({ 1264 | optional: true, 1265 | id_block: { 1266 | tag_class: 3, // CONTEXT-SPECIFIC 1267 | tag_number: 1 // [1] 1268 | }, 1269 | value: [new in_window.org.pkijs.asn1.INTEGER({ name: (names.maximum || "") })] 1270 | }) 1271 | ] 1272 | })); 1273 | } 1274 | //************************************************************************************** 1275 | // #endregion 1276 | //************************************************************************************** 1277 | // #region ASN.1 schema definition for "NameConstraints" type of extension 1278 | //************************************************************************************** 1279 | in_window.org.pkijs.schema.x509.NameConstraints = 1280 | function() 1281 | { 1282 | // NameConstraints OID ::= 2.5.29.30 1283 | // 1284 | //NameConstraints ::= SEQUENCE { 1285 | // permittedSubtrees [0] GeneralSubtrees OPTIONAL, 1286 | // excludedSubtrees [1] GeneralSubtrees OPTIONAL } 1287 | 1288 | var names = in_window.org.pkijs.getNames(arguments[0]); 1289 | 1290 | return (new in_window.org.pkijs.asn1.SEQUENCE({ 1291 | name: (names.block_name || ""), 1292 | value: [ 1293 | new in_window.org.pkijs.asn1.ASN1_CONSTRUCTED({ 1294 | optional: true, 1295 | id_block: { 1296 | tag_class: 3, // CONTEXT-SPECIFIC 1297 | tag_number: 0 // [0] 1298 | }, 1299 | value: [ 1300 | new in_window.org.pkijs.asn1.REPEATED({ 1301 | name: (names.permittedSubtrees || ""), 1302 | value: in_window.org.pkijs.schema.x509.GeneralSubtree() 1303 | }) 1304 | ] 1305 | }), 1306 | new in_window.org.pkijs.asn1.ASN1_CONSTRUCTED({ 1307 | optional: true, 1308 | id_block: { 1309 | tag_class: 3, // CONTEXT-SPECIFIC 1310 | tag_number: 1 // [1] 1311 | }, 1312 | value: [ 1313 | new in_window.org.pkijs.asn1.REPEATED({ 1314 | name: (names.excludedSubtrees || ""), 1315 | value: in_window.org.pkijs.schema.x509.GeneralSubtree() 1316 | }) 1317 | ] 1318 | }) 1319 | ] 1320 | })); 1321 | } 1322 | //************************************************************************************** 1323 | // #endregion 1324 | //************************************************************************************** 1325 | // #region ASN.1 schema definition for "BasicConstraints" type of extension 1326 | //************************************************************************************** 1327 | in_window.org.pkijs.schema.x509.BasicConstraints = 1328 | function() 1329 | { 1330 | // BasicConstraints OID ::= 2.5.29.19 1331 | // 1332 | //BasicConstraints ::= SEQUENCE { 1333 | // cA BOOLEAN DEFAULT FALSE, 1334 | // pathLenConstraint INTEGER (0..MAX) OPTIONAL } 1335 | 1336 | var names = in_window.org.pkijs.getNames(arguments[0]); 1337 | 1338 | return (new in_window.org.pkijs.asn1.SEQUENCE({ 1339 | name: (names.block_name || ""), 1340 | value: [ 1341 | new in_window.org.pkijs.asn1.BOOLEAN({ 1342 | optional: true, 1343 | name: (names.cA || "") 1344 | }), 1345 | new in_window.org.pkijs.asn1.INTEGER({ 1346 | optional: true, 1347 | name: (names.pathLenConstraint || "") 1348 | }) 1349 | ] 1350 | })); 1351 | } 1352 | //************************************************************************************** 1353 | // #endregion 1354 | //************************************************************************************** 1355 | // #region ASN.1 schema definition for "PolicyQualifierInfo" type 1356 | //************************************************************************************** 1357 | in_window.org.pkijs.schema.x509.PolicyQualifierInfo = 1358 | function() 1359 | { 1360 | //PolicyQualifierInfo ::= SEQUENCE { 1361 | // policyQualifierId PolicyQualifierId, 1362 | // qualifier ANY DEFINED BY policyQualifierId } 1363 | // 1364 | //id-qt OBJECT IDENTIFIER ::= { id-pkix 2 } 1365 | //id-qt-cps OBJECT IDENTIFIER ::= { id-qt 1 } 1366 | //id-qt-unotice OBJECT IDENTIFIER ::= { id-qt 2 } 1367 | // 1368 | //PolicyQualifierId ::= OBJECT IDENTIFIER ( id-qt-cps | id-qt-unotice ) 1369 | 1370 | var names = in_window.org.pkijs.getNames(arguments[0]); 1371 | 1372 | return (new in_window.org.pkijs.asn1.SEQUENCE({ 1373 | name: (names.block_name || ""), 1374 | value: [ 1375 | new in_window.org.pkijs.asn1.OID({ name: (names.policyQualifierId || "") }), 1376 | new in_window.org.pkijs.asn1.ANY({ name: (names.qualifier || "") }) 1377 | ] 1378 | })); 1379 | } 1380 | //************************************************************************************** 1381 | // #endregion 1382 | //************************************************************************************** 1383 | // #region ASN.1 schema definition for "PolicyInformation" type 1384 | //************************************************************************************** 1385 | in_window.org.pkijs.schema.x509.PolicyInformation = 1386 | function() 1387 | { 1388 | //PolicyInformation ::= SEQUENCE { 1389 | // policyIdentifier CertPolicyId, 1390 | // policyQualifiers SEQUENCE SIZE (1..MAX) OF 1391 | // PolicyQualifierInfo OPTIONAL } 1392 | // 1393 | //CertPolicyId ::= OBJECT IDENTIFIER 1394 | 1395 | var names = in_window.org.pkijs.getNames(arguments[0]); 1396 | 1397 | return (new in_window.org.pkijs.asn1.SEQUENCE({ 1398 | name: (names.block_name || ""), 1399 | value: [ 1400 | new in_window.org.pkijs.asn1.OID({ name: (names.policyIdentifier || "") }), 1401 | new in_window.org.pkijs.asn1.SEQUENCE({ 1402 | optional: true, 1403 | value: [ 1404 | new in_window.org.pkijs.asn1.REPEATED({ 1405 | name: (names.policyQualifiers || ""), 1406 | value: in_window.org.pkijs.schema.x509.PolicyQualifierInfo() 1407 | }) 1408 | ] 1409 | }) 1410 | ] 1411 | })); 1412 | } 1413 | //************************************************************************************** 1414 | // #endregion 1415 | //************************************************************************************** 1416 | // #region ASN.1 schema definition for "CertificatePolicies" type of extension 1417 | //************************************************************************************** 1418 | in_window.org.pkijs.schema.x509.CertificatePolicies = 1419 | function() 1420 | { 1421 | // CertificatePolicies OID ::= 2.5.29.32 1422 | // 1423 | //certificatePolicies ::= SEQUENCE SIZE (1..MAX) OF PolicyInformation 1424 | 1425 | var names = in_window.org.pkijs.getNames(arguments[0]); 1426 | 1427 | return (new in_window.org.pkijs.asn1.SEQUENCE({ 1428 | name: (names.block_name || ""), 1429 | value: [ 1430 | new in_window.org.pkijs.asn1.REPEATED({ 1431 | name: (names.certificatePolicies || ""), 1432 | value: in_window.org.pkijs.schema.x509.PolicyInformation() 1433 | }) 1434 | ] 1435 | })); 1436 | } 1437 | //************************************************************************************** 1438 | // #endregion 1439 | //************************************************************************************** 1440 | // #region ASN.1 schema definition for "PolicyMapping" type 1441 | //************************************************************************************** 1442 | in_window.org.pkijs.schema.x509.PolicyMapping = 1443 | function() 1444 | { 1445 | //PolicyMapping ::= SEQUENCE { 1446 | // issuerDomainPolicy CertPolicyId, 1447 | // subjectDomainPolicy CertPolicyId } 1448 | 1449 | var names = in_window.org.pkijs.getNames(arguments[0]); 1450 | 1451 | return (new in_window.org.pkijs.asn1.SEQUENCE({ 1452 | name: (names.block_name || ""), 1453 | value: [ 1454 | new in_window.org.pkijs.asn1.OID({ name: (names.issuerDomainPolicy || "") }), 1455 | new in_window.org.pkijs.asn1.OID({ name: (names.subjectDomainPolicy || "") }) 1456 | ] 1457 | })); 1458 | } 1459 | //************************************************************************************** 1460 | // #endregion 1461 | //************************************************************************************** 1462 | // #region ASN.1 schema definition for "PolicyMappings" type of extension 1463 | //************************************************************************************** 1464 | in_window.org.pkijs.schema.x509.PolicyMappings = 1465 | function() 1466 | { 1467 | // PolicyMappings OID ::= 2.5.29.33 1468 | // 1469 | //PolicyMappings ::= SEQUENCE SIZE (1..MAX) OF PolicyMapping 1470 | 1471 | var names = in_window.org.pkijs.getNames(arguments[0]); 1472 | 1473 | return (new in_window.org.pkijs.asn1.SEQUENCE({ 1474 | name: (names.block_name || ""), 1475 | value: [ 1476 | new in_window.org.pkijs.asn1.REPEATED({ 1477 | name: (names.mappings || ""), 1478 | value: in_window.org.pkijs.schema.x509.PolicyMapping() 1479 | }) 1480 | ] 1481 | })); 1482 | } 1483 | //************************************************************************************** 1484 | // #endregion 1485 | //************************************************************************************** 1486 | // #region ASN.1 schema definition for "PolicyConstraints" type of extension 1487 | //************************************************************************************** 1488 | in_window.org.pkijs.schema.x509.PolicyConstraints = 1489 | function() 1490 | { 1491 | // PolicyMappings OID ::= 2.5.29.36 1492 | // 1493 | //PolicyConstraints ::= SEQUENCE { 1494 | // requireExplicitPolicy [0] SkipCerts OPTIONAL, 1495 | // inhibitPolicyMapping [1] SkipCerts OPTIONAL } 1496 | // 1497 | //SkipCerts ::= INTEGER (0..MAX) 1498 | 1499 | var names = in_window.org.pkijs.getNames(arguments[0]); 1500 | 1501 | return (new in_window.org.pkijs.asn1.SEQUENCE({ 1502 | name: (names.block_name || ""), 1503 | value: [ 1504 | new in_window.org.pkijs.asn1.ASN1_PRIMITIVE({ 1505 | name: (names.requireExplicitPolicy || ""), 1506 | optional: true, 1507 | id_block: { 1508 | tag_class: 3, // CONTEXT-SPECIFIC 1509 | tag_number: 0 // [0] 1510 | } 1511 | }), // IMPLICIT integer value 1512 | new in_window.org.pkijs.asn1.ASN1_PRIMITIVE({ 1513 | name: (names.inhibitPolicyMapping || ""), 1514 | optional: true, 1515 | id_block: { 1516 | tag_class: 3, // CONTEXT-SPECIFIC 1517 | tag_number: 1 // [1] 1518 | } 1519 | }) // IMPLICIT integer value 1520 | ] 1521 | })); 1522 | } 1523 | //************************************************************************************** 1524 | // #endregion 1525 | //************************************************************************************** 1526 | // #region ASN.1 schema definition for "ExtKeyUsage" type of extension 1527 | //************************************************************************************** 1528 | in_window.org.pkijs.schema.x509.ExtKeyUsage = 1529 | function() 1530 | { 1531 | // ExtKeyUsage OID ::= 2.5.29.37 1532 | // 1533 | // ExtKeyUsage ::= SEQUENCE SIZE (1..MAX) OF KeyPurposeId 1534 | 1535 | // KeyPurposeId ::= OBJECT IDENTIFIER 1536 | 1537 | var names = in_window.org.pkijs.getNames(arguments[0]); 1538 | 1539 | return (new in_window.org.pkijs.asn1.SEQUENCE({ 1540 | name: (names.block_name || ""), 1541 | value: [ 1542 | new in_window.org.pkijs.asn1.REPEATED({ 1543 | name: (names.keyPurposes || ""), 1544 | value: new in_window.org.pkijs.asn1.OID() 1545 | }) 1546 | ] 1547 | })); 1548 | } 1549 | //************************************************************************************** 1550 | // #endregion 1551 | //************************************************************************************** 1552 | // #region ASN.1 schema definition for "DistributionPoint" type 1553 | //************************************************************************************** 1554 | in_window.org.pkijs.schema.x509.DistributionPoint = 1555 | function() 1556 | { 1557 | //DistributionPoint ::= SEQUENCE { 1558 | // distributionPoint [0] DistributionPointName OPTIONAL, 1559 | // reasons [1] ReasonFlags OPTIONAL, 1560 | // cRLIssuer [2] GeneralNames OPTIONAL } 1561 | // 1562 | //DistributionPointName ::= CHOICE { 1563 | // fullName [0] GeneralNames, 1564 | // nameRelativeToCRLIssuer [1] RelativeDistinguishedName } 1565 | // 1566 | //ReasonFlags ::= BIT STRING { 1567 | // unused (0), 1568 | // keyCompromise (1), 1569 | // cACompromise (2), 1570 | // affiliationChanged (3), 1571 | // superseded (4), 1572 | // cessationOfOperation (5), 1573 | // certificateHold (6), 1574 | // privilegeWithdrawn (7), 1575 | // aACompromise (8) } 1576 | 1577 | var names = in_window.org.pkijs.getNames(arguments[0]); 1578 | 1579 | return (new in_window.org.pkijs.asn1.SEQUENCE({ 1580 | name: (names.block_name || ""), 1581 | value: [ 1582 | new in_window.org.pkijs.asn1.ASN1_CONSTRUCTED({ 1583 | optional: true, 1584 | id_block: { 1585 | tag_class: 3, // CONTEXT-SPECIFIC 1586 | tag_number: 0 // [0] 1587 | }, 1588 | value: [ 1589 | new in_window.org.pkijs.asn1.CHOICE({ 1590 | value: [ 1591 | new in_window.org.pkijs.asn1.ASN1_CONSTRUCTED({ 1592 | name: (names.distributionPoint || ""), 1593 | optional: true, 1594 | id_block: { 1595 | tag_class: 3, // CONTEXT-SPECIFIC 1596 | tag_number: 0 // [0] 1597 | }, 1598 | value: [ 1599 | new in_window.org.pkijs.asn1.REPEATED({ 1600 | name: (names.distributionPoint_names || ""), 1601 | value: in_window.org.pkijs.schema.GENERAL_NAME() 1602 | }) 1603 | ] 1604 | }), 1605 | new in_window.org.pkijs.asn1.ASN1_CONSTRUCTED({ 1606 | name: (names.distributionPoint || ""), 1607 | optional: true, 1608 | id_block: { 1609 | tag_class: 3, // CONTEXT-SPECIFIC 1610 | tag_number: 1 // [1] 1611 | }, 1612 | value: in_window.org.pkijs.schema.RDN().value_block.value 1613 | }) 1614 | ] 1615 | }) 1616 | ] 1617 | }), 1618 | new in_window.org.pkijs.asn1.ASN1_PRIMITIVE({ 1619 | name: (names.reasons || ""), 1620 | optional: true, 1621 | id_block: { 1622 | tag_class: 3, // CONTEXT-SPECIFIC 1623 | tag_number: 1 // [1] 1624 | } 1625 | }), // IMPLICIT bitstring value 1626 | new in_window.org.pkijs.asn1.ASN1_CONSTRUCTED({ 1627 | name: (names.cRLIssuer || ""), 1628 | optional: true, 1629 | id_block: { 1630 | tag_class: 3, // CONTEXT-SPECIFIC 1631 | tag_number: 2 // [2] 1632 | }, 1633 | value: [ 1634 | new in_window.org.pkijs.asn1.REPEATED({ 1635 | name: (names.cRLIssuer_names || ""), 1636 | value: in_window.org.pkijs.schema.GENERAL_NAME() 1637 | }) 1638 | ] 1639 | }) // IMPLICIT bitstring value 1640 | ] 1641 | })); 1642 | } 1643 | //************************************************************************************** 1644 | // #endregion 1645 | //************************************************************************************** 1646 | // #region ASN.1 schema definition for "CRLDistributionPoints" type of extension 1647 | //************************************************************************************** 1648 | in_window.org.pkijs.schema.x509.CRLDistributionPoints = 1649 | function() 1650 | { 1651 | // CRLDistributionPoints OID ::= 2.5.29.31 1652 | // 1653 | //CRLDistributionPoints ::= SEQUENCE SIZE (1..MAX) OF DistributionPoint 1654 | 1655 | var names = in_window.org.pkijs.getNames(arguments[0]); 1656 | 1657 | return (new in_window.org.pkijs.asn1.SEQUENCE({ 1658 | name: (names.block_name || ""), 1659 | value: [ 1660 | new in_window.org.pkijs.asn1.REPEATED({ 1661 | name: (names.distributionPoints || ""), 1662 | value: in_window.org.pkijs.schema.x509.DistributionPoint() 1663 | }) 1664 | ] 1665 | })); 1666 | } 1667 | //************************************************************************************** 1668 | // #endregion 1669 | //************************************************************************************** 1670 | // #region ASN.1 schema definition for "AccessDescription" type 1671 | //************************************************************************************** 1672 | in_window.org.pkijs.schema.x509.AccessDescription = 1673 | function() 1674 | { 1675 | //AccessDescription ::= SEQUENCE { 1676 | // accessMethod OBJECT IDENTIFIER, 1677 | // accessLocation GeneralName } 1678 | 1679 | var names = in_window.org.pkijs.getNames(arguments[0]); 1680 | 1681 | return (new in_window.org.pkijs.asn1.SEQUENCE({ 1682 | name: (names.block_name || ""), 1683 | value: [ 1684 | new in_window.org.pkijs.asn1.OID({ name: (names.accessMethod || "") }), 1685 | in_window.org.pkijs.schema.GENERAL_NAME(names.accessLocation || "") 1686 | ] 1687 | })); 1688 | } 1689 | //************************************************************************************** 1690 | // #endregion 1691 | //************************************************************************************** 1692 | // #region ASN.1 schema definition for "AuthorityInfoAccess" and "SubjectInfoAccess" types of extension 1693 | //************************************************************************************** 1694 | in_window.org.pkijs.schema.x509.InfoAccess = 1695 | function() 1696 | { 1697 | // AuthorityInfoAccess OID ::= 1.3.6.1.5.5.7.1.1 1698 | // SubjectInfoAccess OID ::= 1.3.6.1.5.5.7.1.11 1699 | // 1700 | //AuthorityInfoAccessSyntax ::= 1701 | //SEQUENCE SIZE (1..MAX) OF AccessDescription 1702 | 1703 | var names = in_window.org.pkijs.getNames(arguments[0]); 1704 | 1705 | return (new in_window.org.pkijs.asn1.SEQUENCE({ 1706 | name: (names.block_name || ""), 1707 | value: [ 1708 | new in_window.org.pkijs.asn1.REPEATED({ 1709 | name: (names.accessDescriptions || ""), 1710 | value: in_window.org.pkijs.schema.x509.AccessDescription() 1711 | }) 1712 | ] 1713 | })); 1714 | } 1715 | //************************************************************************************** 1716 | // #endregion 1717 | //************************************************************************************** 1718 | // #region ASN.1 schema definition for "IssuingDistributionPoint" type of extension 1719 | //************************************************************************************** 1720 | in_window.org.pkijs.schema.x509.IssuingDistributionPoint = 1721 | function() 1722 | { 1723 | // IssuingDistributionPoint OID ::= 2.5.29.28 1724 | // 1725 | //IssuingDistributionPoint ::= SEQUENCE { 1726 | // distributionPoint [0] DistributionPointName OPTIONAL, 1727 | // onlyContainsUserCerts [1] BOOLEAN DEFAULT FALSE, 1728 | // onlyContainsCACerts [2] BOOLEAN DEFAULT FALSE, 1729 | // onlySomeReasons [3] ReasonFlags OPTIONAL, 1730 | // indirectCRL [4] BOOLEAN DEFAULT FALSE, 1731 | // onlyContainsAttributeCerts [5] BOOLEAN DEFAULT FALSE } 1732 | // 1733 | //ReasonFlags ::= BIT STRING { 1734 | // unused (0), 1735 | // keyCompromise (1), 1736 | // cACompromise (2), 1737 | // affiliationChanged (3), 1738 | // superseded (4), 1739 | // cessationOfOperation (5), 1740 | // certificateHold (6), 1741 | // privilegeWithdrawn (7), 1742 | // aACompromise (8) } 1743 | 1744 | var names = in_window.org.pkijs.getNames(arguments[0]); 1745 | 1746 | return (new in_window.org.pkijs.asn1.SEQUENCE({ 1747 | name: (names.block_name || ""), 1748 | value: [ 1749 | new in_window.org.pkijs.asn1.ASN1_CONSTRUCTED({ 1750 | optional: true, 1751 | id_block: { 1752 | tag_class: 3, // CONTEXT-SPECIFIC 1753 | tag_number: 0 // [0] 1754 | }, 1755 | value: [ 1756 | new in_window.org.pkijs.asn1.CHOICE({ 1757 | value: [ 1758 | new in_window.org.pkijs.asn1.ASN1_CONSTRUCTED({ 1759 | name: (names.distributionPoint || ""), 1760 | id_block: { 1761 | tag_class: 3, // CONTEXT-SPECIFIC 1762 | tag_number: 0 // [0] 1763 | }, 1764 | value: [ 1765 | new in_window.org.pkijs.asn1.REPEATED({ 1766 | name: (names.distributionPoint_names || ""), 1767 | value: in_window.org.pkijs.schema.GENERAL_NAME() 1768 | }) 1769 | ] 1770 | }), 1771 | new in_window.org.pkijs.asn1.ASN1_CONSTRUCTED({ 1772 | name: (names.distributionPoint || ""), 1773 | id_block: { 1774 | tag_class: 3, // CONTEXT-SPECIFIC 1775 | tag_number: 1 // [1] 1776 | }, 1777 | value: in_window.org.pkijs.schema.RDN().value_block.value 1778 | }) 1779 | ] 1780 | }) 1781 | ] 1782 | }), 1783 | new in_window.org.pkijs.asn1.ASN1_PRIMITIVE({ 1784 | name: (names.onlyContainsUserCerts || ""), 1785 | optional: true, 1786 | id_block: { 1787 | tag_class: 3, // CONTEXT-SPECIFIC 1788 | tag_number: 1 // [1] 1789 | } 1790 | }), // IMPLICIT boolean value 1791 | new in_window.org.pkijs.asn1.ASN1_PRIMITIVE({ 1792 | name: (names.onlyContainsCACerts || ""), 1793 | optional: true, 1794 | id_block: { 1795 | tag_class: 3, // CONTEXT-SPECIFIC 1796 | tag_number: 2 // [2] 1797 | } 1798 | }), // IMPLICIT boolean value 1799 | new in_window.org.pkijs.asn1.ASN1_PRIMITIVE({ 1800 | name: (names.onlySomeReasons || ""), 1801 | optional: true, 1802 | id_block: { 1803 | tag_class: 3, // CONTEXT-SPECIFIC 1804 | tag_number: 3 // [3] 1805 | } 1806 | }), // IMPLICIT bitstring value 1807 | new in_window.org.pkijs.asn1.ASN1_PRIMITIVE({ 1808 | name: (names.indirectCRL || ""), 1809 | optional: true, 1810 | id_block: { 1811 | tag_class: 3, // CONTEXT-SPECIFIC 1812 | tag_number: 4 // [4] 1813 | } 1814 | }), // IMPLICIT boolean value 1815 | new in_window.org.pkijs.asn1.ASN1_PRIMITIVE({ 1816 | name: (names.onlyContainsAttributeCerts || ""), 1817 | optional: true, 1818 | id_block: { 1819 | tag_class: 3, // CONTEXT-SPECIFIC 1820 | tag_number: 5 // [5] 1821 | } 1822 | }) // IMPLICIT boolean value 1823 | ] 1824 | })); 1825 | } 1826 | //************************************************************************************** 1827 | // #endregion 1828 | //************************************************************************************** 1829 | } 1830 | )(typeof exports !== "undefined" ? exports : window); --------------------------------------------------------------------------------