mirror of
https://github.com/moparisthebest/mail
synced 2024-08-13 16:43:47 -04:00
1074 lines
30 KiB
JavaScript
1074 lines
30 KiB
JavaScript
/**
|
|
* Javascript implementation of Abstract Syntax Notation Number One.
|
|
*
|
|
* @author Dave Longley
|
|
*
|
|
* Copyright (c) 2010-2013 Digital Bazaar, Inc.
|
|
*
|
|
* An API for storing data using the Abstract Syntax Notation Number One
|
|
* format using DER (Distinguished Encoding Rules) encoding. This encoding is
|
|
* commonly used to store data for PKI, i.e. X.509 Certificates, and this
|
|
* implementation exists for that purpose.
|
|
*
|
|
* Abstract Syntax Notation Number One (ASN.1) is used to define the abstract
|
|
* syntax of information without restricting the way the information is encoded
|
|
* for transmission. It provides a standard that allows for open systems
|
|
* communication. ASN.1 defines the syntax of information data and a number of
|
|
* simple data types as well as a notation for describing them and specifying
|
|
* values for them.
|
|
*
|
|
* The RSA algorithm creates public and private keys that are often stored in
|
|
* X.509 or PKCS#X formats -- which use ASN.1 (encoded in DER format). This
|
|
* class provides the most basic functionality required to store and load DSA
|
|
* keys that are encoded according to ASN.1.
|
|
*
|
|
* The most common binary encodings for ASN.1 are BER (Basic Encoding Rules)
|
|
* and DER (Distinguished Encoding Rules). DER is just a subset of BER that
|
|
* has stricter requirements for how data must be encoded.
|
|
*
|
|
* Each ASN.1 structure has a tag (a byte identifying the ASN.1 structure type)
|
|
* and a byte array for the value of this ASN1 structure which may be data or a
|
|
* list of ASN.1 structures.
|
|
*
|
|
* Each ASN.1 structure using BER is (Tag-Length-Value):
|
|
*
|
|
* | byte 0 | bytes X | bytes Y |
|
|
* |--------|---------|----------
|
|
* | tag | length | value |
|
|
*
|
|
* ASN.1 allows for tags to be of "High-tag-number form" which allows a tag to
|
|
* be two or more octets, but that is not supported by this class. A tag is
|
|
* only 1 byte. Bits 1-5 give the tag number (ie the data type within a
|
|
* particular 'class'), 6 indicates whether or not the ASN.1 value is
|
|
* constructed from other ASN.1 values, and bits 7 and 8 give the 'class'. If
|
|
* bits 7 and 8 are both zero, the class is UNIVERSAL. If only bit 7 is set,
|
|
* then the class is APPLICATION. If only bit 8 is set, then the class is
|
|
* CONTEXT_SPECIFIC. If both bits 7 and 8 are set, then the class is PRIVATE.
|
|
* The tag numbers for the data types for the class UNIVERSAL are listed below:
|
|
*
|
|
* UNIVERSAL 0 Reserved for use by the encoding rules
|
|
* UNIVERSAL 1 Boolean type
|
|
* UNIVERSAL 2 Integer type
|
|
* UNIVERSAL 3 Bitstring type
|
|
* UNIVERSAL 4 Octetstring type
|
|
* UNIVERSAL 5 Null type
|
|
* UNIVERSAL 6 Object identifier type
|
|
* UNIVERSAL 7 Object descriptor type
|
|
* UNIVERSAL 8 External type and Instance-of type
|
|
* UNIVERSAL 9 Real type
|
|
* UNIVERSAL 10 Enumerated type
|
|
* UNIVERSAL 11 Embedded-pdv type
|
|
* UNIVERSAL 12 UTF8String type
|
|
* UNIVERSAL 13 Relative object identifier type
|
|
* UNIVERSAL 14-15 Reserved for future editions
|
|
* UNIVERSAL 16 Sequence and Sequence-of types
|
|
* UNIVERSAL 17 Set and Set-of types
|
|
* UNIVERSAL 18-22, 25-30 Character string types
|
|
* UNIVERSAL 23-24 Time types
|
|
*
|
|
* The length of an ASN.1 structure is specified after the tag identifier.
|
|
* There is a definite form and an indefinite form. The indefinite form may
|
|
* be used if the encoding is constructed and not all immediately available.
|
|
* The indefinite form is encoded using a length byte with only the 8th bit
|
|
* set. The end of the constructed object is marked using end-of-contents
|
|
* octets (two zero bytes).
|
|
*
|
|
* The definite form looks like this:
|
|
*
|
|
* The length may take up 1 or more bytes, it depends on the length of the
|
|
* value of the ASN.1 structure. DER encoding requires that if the ASN.1
|
|
* structure has a value that has a length greater than 127, more than 1 byte
|
|
* will be used to store its length, otherwise just one byte will be used.
|
|
* This is strict.
|
|
*
|
|
* In the case that the length of the ASN.1 value is less than 127, 1 octet
|
|
* (byte) is used to store the "short form" length. The 8th bit has a value of
|
|
* 0 indicating the length is "short form" and not "long form" and bits 7-1
|
|
* give the length of the data. (The 8th bit is the left-most, most significant
|
|
* bit: also known as big endian or network format).
|
|
*
|
|
* In the case that the length of the ASN.1 value is greater than 127, 2 to
|
|
* 127 octets (bytes) are used to store the "long form" length. The first
|
|
* byte's 8th bit is set to 1 to indicate the length is "long form." Bits 7-1
|
|
* give the number of additional octets. All following octets are in base 256
|
|
* with the most significant digit first (typical big-endian binary unsigned
|
|
* integer storage). So, for instance, if the length of a value was 257, the
|
|
* first byte would be set to:
|
|
*
|
|
* 10000010 = 130 = 0x82.
|
|
*
|
|
* This indicates there are 2 octets (base 256) for the length. The second and
|
|
* third bytes (the octets just mentioned) would store the length in base 256:
|
|
*
|
|
* octet 2: 00000001 = 1 * 256^1 = 256
|
|
* octet 3: 00000001 = 1 * 256^0 = 1
|
|
* total = 257
|
|
*
|
|
* The algorithm for converting a js integer value of 257 to base-256 is:
|
|
*
|
|
* var value = 257;
|
|
* var bytes = [];
|
|
* bytes[0] = (value >>> 8) & 0xFF; // most significant byte first
|
|
* bytes[1] = value & 0xFF; // least significant byte last
|
|
*
|
|
* On the ASN.1 UNIVERSAL Object Identifier (OID) type:
|
|
*
|
|
* An OID can be written like: "value1.value2.value3...valueN"
|
|
*
|
|
* The DER encoding rules:
|
|
*
|
|
* The first byte has the value 40 * value1 + value2.
|
|
* The following bytes, if any, encode the remaining values. Each value is
|
|
* encoded in base 128, most significant digit first (big endian), with as
|
|
* few digits as possible, and the most significant bit of each byte set
|
|
* to 1 except the last in each value's encoding. For example: Given the
|
|
* OID "1.2.840.113549", its DER encoding is (remember each byte except the
|
|
* last one in each encoding is OR'd with 0x80):
|
|
*
|
|
* byte 1: 40 * 1 + 2 = 42 = 0x2A.
|
|
* bytes 2-3: 128 * 6 + 72 = 840 = 6 72 = 6 72 = 0x0648 = 0x8648
|
|
* bytes 4-6: 16384 * 6 + 128 * 119 + 13 = 6 119 13 = 0x06770D = 0x86F70D
|
|
*
|
|
* The final value is: 0x2A864886F70D.
|
|
* The full OID (including ASN.1 tag and length of 6 bytes) is:
|
|
* 0x06062A864886F70D
|
|
*/
|
|
(function() {
|
|
/* ########## Begin module implementation ########## */
|
|
function initModule(forge) {
|
|
|
|
/* ASN.1 API */
|
|
var asn1 = forge.asn1 = forge.asn1 || {};
|
|
|
|
/**
|
|
* ASN.1 classes.
|
|
*/
|
|
asn1.Class = {
|
|
UNIVERSAL: 0x00,
|
|
APPLICATION: 0x40,
|
|
CONTEXT_SPECIFIC: 0x80,
|
|
PRIVATE: 0xC0
|
|
};
|
|
|
|
/**
|
|
* ASN.1 types. Not all types are supported by this implementation, only
|
|
* those necessary to implement a simple PKI are implemented.
|
|
*/
|
|
asn1.Type = {
|
|
NONE: 0,
|
|
BOOLEAN: 1,
|
|
INTEGER: 2,
|
|
BITSTRING: 3,
|
|
OCTETSTRING: 4,
|
|
NULL: 5,
|
|
OID: 6,
|
|
ODESC: 7,
|
|
EXTERNAL: 8,
|
|
REAL: 9,
|
|
ENUMERATED: 10,
|
|
EMBEDDED: 11,
|
|
UTF8: 12,
|
|
ROID: 13,
|
|
SEQUENCE: 16,
|
|
SET: 17,
|
|
PRINTABLESTRING: 19,
|
|
IA5STRING: 22,
|
|
UTCTIME: 23,
|
|
GENERALIZEDTIME: 24,
|
|
BMPSTRING: 30
|
|
};
|
|
|
|
/**
|
|
* Creates a new asn1 object.
|
|
*
|
|
* @param tagClass the tag class for the object.
|
|
* @param type the data type (tag number) for the object.
|
|
* @param constructed true if the asn1 object is in constructed form.
|
|
* @param value the value for the object, if it is not constructed.
|
|
*
|
|
* @return the asn1 object.
|
|
*/
|
|
asn1.create = function(tagClass, type, constructed, value) {
|
|
/* An asn1 object has a tagClass, a type, a constructed flag, and a
|
|
value. The value's type depends on the constructed flag. If
|
|
constructed, it will contain a list of other asn1 objects. If not,
|
|
it will contain the ASN.1 value as an array of bytes formatted
|
|
according to the ASN.1 data type. */
|
|
|
|
// remove undefined values
|
|
if(forge.util.isArray(value)) {
|
|
var tmp = [];
|
|
for(var i = 0; i < value.length; ++i) {
|
|
if(value[i] !== undefined) {
|
|
tmp.push(value[i]);
|
|
}
|
|
}
|
|
value = tmp;
|
|
}
|
|
|
|
return {
|
|
tagClass: tagClass,
|
|
type: type,
|
|
constructed: constructed,
|
|
composed: constructed || forge.util.isArray(value),
|
|
value: value
|
|
};
|
|
};
|
|
|
|
/**
|
|
* Gets the length of an ASN.1 value.
|
|
*
|
|
* In case the length is not specified, undefined is returned.
|
|
*
|
|
* @param b the ASN.1 byte buffer.
|
|
*
|
|
* @return the length of the ASN.1 value.
|
|
*/
|
|
var _getValueLength = function(b) {
|
|
var b2 = b.getByte();
|
|
if(b2 === 0x80) {
|
|
return undefined;
|
|
}
|
|
|
|
// see if the length is "short form" or "long form" (bit 8 set)
|
|
var length;
|
|
var longForm = b2 & 0x80;
|
|
if(!longForm) {
|
|
// length is just the first byte
|
|
length = b2;
|
|
}
|
|
else {
|
|
// the number of bytes the length is specified in bits 7 through 1
|
|
// and each length byte is in big-endian base-256
|
|
length = b.getInt((b2 & 0x7F) << 3);
|
|
}
|
|
return length;
|
|
};
|
|
|
|
/**
|
|
* Parses an asn1 object from a byte buffer in DER format.
|
|
*
|
|
* @param bytes the byte buffer to parse from.
|
|
* @param strict true to be strict when checking value lengths, false to
|
|
* allow truncated values (default: true).
|
|
*
|
|
* @return the parsed asn1 object.
|
|
*/
|
|
asn1.fromDer = function(bytes, strict) {
|
|
if(strict === undefined) {
|
|
strict = true;
|
|
}
|
|
|
|
// wrap in buffer if needed
|
|
if(typeof bytes === 'string') {
|
|
bytes = forge.util.createBuffer(bytes);
|
|
}
|
|
|
|
// minimum length for ASN.1 DER structure is 2
|
|
if(bytes.length() < 2) {
|
|
throw {
|
|
message: 'Too few bytes to parse DER.',
|
|
bytes: bytes.length()
|
|
};
|
|
}
|
|
|
|
// get the first byte
|
|
var b1 = bytes.getByte();
|
|
|
|
// get the tag class
|
|
var tagClass = (b1 & 0xC0);
|
|
|
|
// get the type (bits 1-5)
|
|
var type = b1 & 0x1F;
|
|
|
|
// get the value length
|
|
var length = _getValueLength(bytes);
|
|
|
|
// ensure there are enough bytes to get the value
|
|
if(bytes.length() < length) {
|
|
if(strict) {
|
|
throw {
|
|
message: 'Too few bytes to read ASN.1 value.',
|
|
detail: bytes.length() + ' < ' + length
|
|
};
|
|
}
|
|
// Note: be lenient with truncated values
|
|
length = bytes.length();
|
|
}
|
|
|
|
// prepare to get value
|
|
var value;
|
|
|
|
// constructed flag is bit 6 (32 = 0x20) of the first byte
|
|
var constructed = ((b1 & 0x20) === 0x20);
|
|
|
|
// determine if the value is composed of other ASN.1 objects (if its
|
|
// constructed it will be and if its a BITSTRING it may be)
|
|
var composed = constructed;
|
|
if(!composed && tagClass === asn1.Class.UNIVERSAL &&
|
|
type === asn1.Type.BITSTRING && length > 1) {
|
|
/* The first octet gives the number of bits by which the length of the
|
|
bit string is less than the next multiple of eight (this is called
|
|
the "number of unused bits").
|
|
|
|
The second and following octets give the value of the bit string
|
|
converted to an octet string. */
|
|
// if there are no unused bits, maybe the bitstring holds ASN.1 objs
|
|
var read = bytes.read;
|
|
var unused = bytes.getByte();
|
|
if(unused === 0) {
|
|
// if the first byte indicates UNIVERSAL or CONTEXT_SPECIFIC,
|
|
// and the length is valid, assume we've got an ASN.1 object
|
|
b1 = bytes.getByte();
|
|
var tc = (b1 & 0xC0);
|
|
if(tc === asn1.Class.UNIVERSAL || tc === asn1.Class.CONTEXT_SPECIFIC) {
|
|
try {
|
|
var len = _getValueLength(bytes);
|
|
composed = (len === length - (bytes.read - read));
|
|
if(composed) {
|
|
// adjust read/length to account for unused bits byte
|
|
++read;
|
|
--length;
|
|
}
|
|
}
|
|
catch(ex) {}
|
|
}
|
|
}
|
|
// restore read pointer
|
|
bytes.read = read;
|
|
}
|
|
|
|
if(composed) {
|
|
// parse child asn1 objects from the value
|
|
value = [];
|
|
if(length === undefined) {
|
|
// asn1 object of indefinite length, read until end tag
|
|
for(;;) {
|
|
if(bytes.bytes(2) === String.fromCharCode(0, 0)) {
|
|
bytes.getBytes(2);
|
|
break;
|
|
}
|
|
value.push(asn1.fromDer(bytes, strict));
|
|
}
|
|
}
|
|
else {
|
|
// parsing asn1 object of definite length
|
|
var start = bytes.length();
|
|
while(length > 0) {
|
|
value.push(asn1.fromDer(bytes, strict));
|
|
length -= start - bytes.length();
|
|
start = bytes.length();
|
|
}
|
|
}
|
|
}
|
|
// asn1 not composed, get raw value
|
|
else {
|
|
// TODO: do DER to OID conversion and vice-versa in .toDer?
|
|
|
|
if(length === undefined) {
|
|
throw {
|
|
message: 'Non-constructed ASN.1 object of indefinite length.'
|
|
};
|
|
}
|
|
|
|
if(type === asn1.Type.BMPSTRING) {
|
|
value = '';
|
|
for(var i = 0; i < length; i += 2) {
|
|
value += String.fromCharCode(bytes.getInt16());
|
|
}
|
|
}
|
|
else {
|
|
value = bytes.getBytes(length);
|
|
}
|
|
}
|
|
|
|
// create and return asn1 object
|
|
return asn1.create(tagClass, type, constructed, value);
|
|
};
|
|
|
|
/**
|
|
* Converts the given asn1 object to a buffer of bytes in DER format.
|
|
*
|
|
* @param asn1 the asn1 object to convert to bytes.
|
|
*
|
|
* @return the buffer of bytes.
|
|
*/
|
|
asn1.toDer = function(obj) {
|
|
var bytes = forge.util.createBuffer();
|
|
|
|
// build the first byte
|
|
var b1 = obj.tagClass | obj.type;
|
|
|
|
// for storing the ASN.1 value
|
|
var value = forge.util.createBuffer();
|
|
|
|
// if composed, use each child asn1 object's DER bytes as value
|
|
if(obj.composed) {
|
|
// turn on 6th bit (0x20 = 32) to indicate asn1 is constructed
|
|
// from other asn1 objects
|
|
if(obj.constructed) {
|
|
b1 |= 0x20;
|
|
}
|
|
// if type is a bit string, add unused bits of 0x00
|
|
else {
|
|
value.putByte(0x00);
|
|
}
|
|
|
|
// add all of the child DER bytes together
|
|
for(var i = 0; i < obj.value.length; ++i) {
|
|
if(obj.value[i] !== undefined) {
|
|
value.putBuffer(asn1.toDer(obj.value[i]));
|
|
}
|
|
}
|
|
}
|
|
// use asn1.value directly
|
|
else {
|
|
if(obj.type === asn1.Type.BMPSTRING) {
|
|
for(var i = 0; i < obj.value.length; ++i) {
|
|
value.putInt16(obj.value.charCodeAt(i));
|
|
}
|
|
}
|
|
else {
|
|
value.putBytes(obj.value);
|
|
}
|
|
}
|
|
|
|
// add tag byte
|
|
bytes.putByte(b1);
|
|
|
|
// use "short form" encoding
|
|
if(value.length() <= 127) {
|
|
// one byte describes the length
|
|
// bit 8 = 0 and bits 7-1 = length
|
|
bytes.putByte(value.length() & 0x7F);
|
|
}
|
|
// use "long form" encoding
|
|
else {
|
|
// 2 to 127 bytes describe the length
|
|
// first byte: bit 8 = 1 and bits 7-1 = # of additional bytes
|
|
// other bytes: length in base 256, big-endian
|
|
var len = value.length();
|
|
var lenBytes = '';
|
|
do {
|
|
lenBytes += String.fromCharCode(len & 0xFF);
|
|
len = len >>> 8;
|
|
}
|
|
while(len > 0);
|
|
|
|
// set first byte to # bytes used to store the length and turn on
|
|
// bit 8 to indicate long-form length is used
|
|
bytes.putByte(lenBytes.length | 0x80);
|
|
|
|
// concatenate length bytes in reverse since they were generated
|
|
// little endian and we need big endian
|
|
for(var i = lenBytes.length - 1; i >= 0; --i) {
|
|
bytes.putByte(lenBytes.charCodeAt(i));
|
|
}
|
|
}
|
|
|
|
// concatenate value bytes
|
|
bytes.putBuffer(value);
|
|
return bytes;
|
|
};
|
|
|
|
/**
|
|
* Converts an OID dot-separated string to a byte buffer. The byte buffer
|
|
* contains only the DER-encoded value, not any tag or length bytes.
|
|
*
|
|
* @param oid the OID dot-separated string.
|
|
*
|
|
* @return the byte buffer.
|
|
*/
|
|
asn1.oidToDer = function(oid) {
|
|
// split OID into individual values
|
|
var values = oid.split('.');
|
|
var bytes = forge.util.createBuffer();
|
|
|
|
// first byte is 40 * value1 + value2
|
|
bytes.putByte(40 * parseInt(values[0], 10) + parseInt(values[1], 10));
|
|
// other bytes are each value in base 128 with 8th bit set except for
|
|
// the last byte for each value
|
|
var last, valueBytes, value, b;
|
|
for(var i = 2; i < values.length; ++i) {
|
|
// produce value bytes in reverse because we don't know how many
|
|
// bytes it will take to store the value
|
|
last = true;
|
|
valueBytes = [];
|
|
value = parseInt(values[i], 10);
|
|
do {
|
|
b = value & 0x7F;
|
|
value = value >>> 7;
|
|
// if value is not last, then turn on 8th bit
|
|
if(!last) {
|
|
b |= 0x80;
|
|
}
|
|
valueBytes.push(b);
|
|
last = false;
|
|
}
|
|
while(value > 0);
|
|
|
|
// add value bytes in reverse (needs to be in big endian)
|
|
for(var n = valueBytes.length - 1; n >= 0; --n) {
|
|
bytes.putByte(valueBytes[n]);
|
|
}
|
|
}
|
|
|
|
return bytes;
|
|
};
|
|
|
|
/**
|
|
* Converts a DER-encoded byte buffer to an OID dot-separated string. The
|
|
* byte buffer should contain only the DER-encoded value, not any tag or
|
|
* length bytes.
|
|
*
|
|
* @param bytes the byte buffer.
|
|
*
|
|
* @return the OID dot-separated string.
|
|
*/
|
|
asn1.derToOid = function(bytes) {
|
|
var oid;
|
|
|
|
// wrap in buffer if needed
|
|
if(typeof bytes === 'string') {
|
|
bytes = forge.util.createBuffer(bytes);
|
|
}
|
|
|
|
// first byte is 40 * value1 + value2
|
|
var b = bytes.getByte();
|
|
oid = Math.floor(b / 40) + '.' + (b % 40);
|
|
|
|
// other bytes are each value in base 128 with 8th bit set except for
|
|
// the last byte for each value
|
|
var value = 0;
|
|
while(bytes.length() > 0) {
|
|
b = bytes.getByte();
|
|
value = value << 7;
|
|
// not the last byte for the value
|
|
if(b & 0x80) {
|
|
value += b & 0x7F;
|
|
}
|
|
// last byte
|
|
else {
|
|
oid += '.' + (value + b);
|
|
value = 0;
|
|
}
|
|
}
|
|
|
|
return oid;
|
|
};
|
|
|
|
/**
|
|
* Converts a UTCTime value to a date.
|
|
*
|
|
* Note: GeneralizedTime has 4 digits for the year and is used for X.509
|
|
* dates passed 2049. Parsing that structure hasn't been implemented yet.
|
|
*
|
|
* @param utc the UTCTime value to convert.
|
|
*
|
|
* @return the date.
|
|
*/
|
|
asn1.utcTimeToDate = function(utc) {
|
|
/* The following formats can be used:
|
|
|
|
YYMMDDhhmmZ
|
|
YYMMDDhhmm+hh'mm'
|
|
YYMMDDhhmm-hh'mm'
|
|
YYMMDDhhmmssZ
|
|
YYMMDDhhmmss+hh'mm'
|
|
YYMMDDhhmmss-hh'mm'
|
|
|
|
Where:
|
|
|
|
YY is the least significant two digits of the year
|
|
MM is the month (01 to 12)
|
|
DD is the day (01 to 31)
|
|
hh is the hour (00 to 23)
|
|
mm are the minutes (00 to 59)
|
|
ss are the seconds (00 to 59)
|
|
Z indicates that local time is GMT, + indicates that local time is
|
|
later than GMT, and - indicates that local time is earlier than GMT
|
|
hh' is the absolute value of the offset from GMT in hours
|
|
mm' is the absolute value of the offset from GMT in minutes */
|
|
var date = new Date();
|
|
|
|
// if YY >= 50 use 19xx, if YY < 50 use 20xx
|
|
var year = parseInt(utc.substr(0, 2), 10);
|
|
year = (year >= 50) ? 1900 + year : 2000 + year;
|
|
var MM = parseInt(utc.substr(2, 2), 10) - 1; // use 0-11 for month
|
|
var DD = parseInt(utc.substr(4, 2), 10);
|
|
var hh = parseInt(utc.substr(6, 2), 10);
|
|
var mm = parseInt(utc.substr(8, 2), 10);
|
|
var ss = 0;
|
|
|
|
// not just YYMMDDhhmmZ
|
|
if(utc.length > 11) {
|
|
// get character after minutes
|
|
var c = utc.charAt(10);
|
|
var end = 10;
|
|
|
|
// see if seconds are present
|
|
if(c !== '+' && c !== '-') {
|
|
// get seconds
|
|
ss = parseInt(utc.substr(10, 2), 10);
|
|
end += 2;
|
|
}
|
|
}
|
|
|
|
// update date
|
|
date.setUTCFullYear(year, MM, DD);
|
|
date.setUTCHours(hh, mm, ss, 0);
|
|
|
|
if(end) {
|
|
// get +/- after end of time
|
|
c = utc.charAt(end);
|
|
if(c === '+' || c === '-') {
|
|
// get hours+minutes offset
|
|
var hhoffset = parseInt(utc.substr(end + 1, 2), 10);
|
|
var mmoffset = parseInt(utc.substr(end + 4, 2), 10);
|
|
|
|
// calculate offset in milliseconds
|
|
var offset = hhoffset * 60 + mmoffset;
|
|
offset *= 60000;
|
|
|
|
// apply offset
|
|
if(c === '+') {
|
|
date.setTime(+date - offset);
|
|
}
|
|
else {
|
|
date.setTime(+date + offset);
|
|
}
|
|
}
|
|
}
|
|
|
|
return date;
|
|
};
|
|
|
|
/**
|
|
* Converts a GeneralizedTime value to a date.
|
|
*
|
|
* @param gentime the GeneralizedTime value to convert.
|
|
*
|
|
* @return the date.
|
|
*/
|
|
asn1.generalizedTimeToDate = function(gentime) {
|
|
/* The following formats can be used:
|
|
|
|
YYYYMMDDHHMMSS
|
|
YYYYMMDDHHMMSS.fff
|
|
YYYYMMDDHHMMSSZ
|
|
YYYYMMDDHHMMSS.fffZ
|
|
YYYYMMDDHHMMSS+hh'mm'
|
|
YYYYMMDDHHMMSS.fff+hh'mm'
|
|
YYYYMMDDHHMMSS-hh'mm'
|
|
YYYYMMDDHHMMSS.fff-hh'mm'
|
|
|
|
Where:
|
|
|
|
YYYY is the year
|
|
MM is the month (01 to 12)
|
|
DD is the day (01 to 31)
|
|
hh is the hour (00 to 23)
|
|
mm are the minutes (00 to 59)
|
|
ss are the seconds (00 to 59)
|
|
.fff is the second fraction, accurate to three decimal places
|
|
Z indicates that local time is GMT, + indicates that local time is
|
|
later than GMT, and - indicates that local time is earlier than GMT
|
|
hh' is the absolute value of the offset from GMT in hours
|
|
mm' is the absolute value of the offset from GMT in minutes */
|
|
var date = new Date();
|
|
|
|
var YYYY = parseInt(gentime.substr(0, 4), 10);
|
|
var MM = parseInt(gentime.substr(4, 2), 10) - 1; // use 0-11 for month
|
|
var DD = parseInt(gentime.substr(6, 2), 10);
|
|
var hh = parseInt(gentime.substr(8, 2), 10);
|
|
var mm = parseInt(gentime.substr(10, 2), 10);
|
|
var ss = parseInt(gentime.substr(12, 2), 10);
|
|
var fff = 0;
|
|
var offset = 0;
|
|
var isUTC = false;
|
|
|
|
if(gentime.charAt(gentime.length - 1) === 'Z') {
|
|
isUTC = true;
|
|
}
|
|
|
|
var end = gentime.length - 5, c = gentime.charAt(end);
|
|
if(c === '+' || c === '-') {
|
|
// get hours+minutes offset
|
|
var hhoffset = parseInt(gentime.substr(end + 1, 2), 10);
|
|
var mmoffset = parseInt(gentime.substr(end + 4, 2), 10);
|
|
|
|
// calculate offset in milliseconds
|
|
offset = hhoffset * 60 + mmoffset;
|
|
offset *= 60000;
|
|
|
|
// apply offset
|
|
if(c === '+') {
|
|
offset *= -1;
|
|
}
|
|
|
|
isUTC = true;
|
|
}
|
|
|
|
// check for second fraction
|
|
if(gentime.charAt(14) === '.') {
|
|
fff = parseFloat(gentime.substr(14), 10) * 1000;
|
|
}
|
|
|
|
if(isUTC) {
|
|
date.setUTCFullYear(YYYY, MM, DD);
|
|
date.setUTCHours(hh, mm, ss, fff);
|
|
|
|
// apply offset
|
|
date.setTime(+date + offset);
|
|
}
|
|
else {
|
|
date.setFullYear(YYYY, MM, DD);
|
|
date.setHours(hh, mm, ss, fff);
|
|
}
|
|
|
|
return date;
|
|
};
|
|
|
|
|
|
/**
|
|
* Converts a date to a UTCTime value.
|
|
*
|
|
* Note: GeneralizedTime has 4 digits for the year and is used for X.509
|
|
* dates passed 2049. Converting to a GeneralizedTime hasn't been
|
|
* implemented yet.
|
|
*
|
|
* @param date the date to convert.
|
|
*
|
|
* @return the UTCTime value.
|
|
*/
|
|
asn1.dateToUtcTime = function(date) {
|
|
var rval = '';
|
|
|
|
// create format YYMMDDhhmmssZ
|
|
var format = [];
|
|
format.push(('' + date.getUTCFullYear()).substr(2));
|
|
format.push('' + (date.getUTCMonth() + 1));
|
|
format.push('' + date.getUTCDate());
|
|
format.push('' + date.getUTCHours());
|
|
format.push('' + date.getUTCMinutes());
|
|
format.push('' + date.getUTCSeconds());
|
|
|
|
// ensure 2 digits are used for each format entry
|
|
for(var i = 0; i < format.length; ++i) {
|
|
if(format[i].length < 2) {
|
|
rval += '0';
|
|
}
|
|
rval += format[i];
|
|
}
|
|
rval += 'Z';
|
|
|
|
return rval;
|
|
};
|
|
|
|
/**
|
|
* Validates the that given ASN.1 object is at least a super set of the
|
|
* given ASN.1 structure. Only tag classes and types are checked. An
|
|
* optional map may also be provided to capture ASN.1 values while the
|
|
* structure is checked.
|
|
*
|
|
* To capture an ASN.1 value, set an object in the validator's 'capture'
|
|
* parameter to the key to use in the capture map. To capture the full
|
|
* ASN.1 object, specify 'captureAsn1'.
|
|
*
|
|
* Objects in the validator may set a field 'optional' to true to indicate
|
|
* that it isn't necessary to pass validation.
|
|
*
|
|
* @param obj the ASN.1 object to validate.
|
|
* @param v the ASN.1 structure validator.
|
|
* @param capture an optional map to capture values in.
|
|
* @param errors an optional array for storing validation errors.
|
|
*
|
|
* @return true on success, false on failure.
|
|
*/
|
|
asn1.validate = function(obj, v, capture, errors) {
|
|
var rval = false;
|
|
|
|
// ensure tag class and type are the same if specified
|
|
if((obj.tagClass === v.tagClass || typeof(v.tagClass) === 'undefined') &&
|
|
(obj.type === v.type || typeof(v.type) === 'undefined')) {
|
|
// ensure constructed flag is the same if specified
|
|
if(obj.constructed === v.constructed ||
|
|
typeof(v.constructed) === 'undefined') {
|
|
rval = true;
|
|
|
|
// handle sub values
|
|
if(v.value && forge.util.isArray(v.value)) {
|
|
var j = 0;
|
|
for(var i = 0; rval && i < v.value.length; ++i) {
|
|
rval = v.value[i].optional || false;
|
|
if(obj.value[j]) {
|
|
rval = asn1.validate(obj.value[j], v.value[i], capture, errors);
|
|
if(rval) {
|
|
++j;
|
|
}
|
|
else if(v.value[i].optional) {
|
|
rval = true;
|
|
}
|
|
}
|
|
if(!rval && errors) {
|
|
errors.push(
|
|
'[' + v.name + '] ' +
|
|
'Tag class "' + v.tagClass + '", type "' +
|
|
v.type + '" expected value length "' +
|
|
v.value.length + '", got "' +
|
|
obj.value.length + '"');
|
|
}
|
|
}
|
|
}
|
|
|
|
if(rval && capture) {
|
|
if(v.capture) {
|
|
capture[v.capture] = obj.value;
|
|
}
|
|
if(v.captureAsn1) {
|
|
capture[v.captureAsn1] = obj;
|
|
}
|
|
}
|
|
}
|
|
else if(errors) {
|
|
errors.push(
|
|
'[' + v.name + '] ' +
|
|
'Expected constructed "' + v.constructed + '", got "' +
|
|
obj.constructed + '"');
|
|
}
|
|
}
|
|
else if(errors) {
|
|
if(obj.tagClass !== v.tagClass) {
|
|
errors.push(
|
|
'[' + v.name + '] ' +
|
|
'Expected tag class "' + v.tagClass + '", got "' +
|
|
obj.tagClass + '"');
|
|
}
|
|
if(obj.type !== v.type) {
|
|
errors.push(
|
|
'[' + v.name + '] ' +
|
|
'Expected type "' + v.type + '", got "' + obj.type + '"');
|
|
}
|
|
}
|
|
return rval;
|
|
};
|
|
|
|
// regex for testing for non-latin characters
|
|
var _nonLatinRegex = /[^\\u0000-\\u00ff]/;
|
|
|
|
/**
|
|
* Pretty prints an ASN.1 object to a string.
|
|
*
|
|
* @param obj the object to write out.
|
|
* @param level the level in the tree.
|
|
* @param indentation the indentation to use.
|
|
*
|
|
* @return the string.
|
|
*/
|
|
asn1.prettyPrint = function(obj, level, indentation) {
|
|
var rval = '';
|
|
|
|
// set default level and indentation
|
|
level = level || 0;
|
|
indentation = indentation || 2;
|
|
|
|
// start new line for deep levels
|
|
if(level > 0) {
|
|
rval += '\n';
|
|
}
|
|
|
|
// create indent
|
|
var indent = '';
|
|
for(var i = 0; i < level * indentation; ++i) {
|
|
indent += ' ';
|
|
}
|
|
|
|
// print class:type
|
|
rval += indent + 'Tag: ';
|
|
switch(obj.tagClass) {
|
|
case asn1.Class.UNIVERSAL:
|
|
rval += 'Universal:';
|
|
break;
|
|
case asn1.Class.APPLICATION:
|
|
rval += 'Application:';
|
|
break;
|
|
case asn1.Class.CONTEXT_SPECIFIC:
|
|
rval += 'Context-Specific:';
|
|
break;
|
|
case asn1.Class.PRIVATE:
|
|
rval += 'Private:';
|
|
break;
|
|
}
|
|
|
|
if(obj.tagClass === asn1.Class.UNIVERSAL) {
|
|
rval += obj.type;
|
|
|
|
// known types
|
|
switch(obj.type) {
|
|
case asn1.Type.NONE:
|
|
rval += ' (None)';
|
|
break;
|
|
case asn1.Type.BOOLEAN:
|
|
rval += ' (Boolean)';
|
|
break;
|
|
case asn1.Type.BITSTRING:
|
|
rval += ' (Bit string)';
|
|
break;
|
|
case asn1.Type.INTEGER:
|
|
rval += ' (Integer)';
|
|
break;
|
|
case asn1.Type.OCTETSTRING:
|
|
rval += ' (Octet string)';
|
|
break;
|
|
case asn1.Type.NULL:
|
|
rval += ' (Null)';
|
|
break;
|
|
case asn1.Type.OID:
|
|
rval += ' (Object Identifier)';
|
|
break;
|
|
case asn1.Type.ODESC:
|
|
rval += ' (Object Descriptor)';
|
|
break;
|
|
case asn1.Type.EXTERNAL:
|
|
rval += ' (External or Instance of)';
|
|
break;
|
|
case asn1.Type.REAL:
|
|
rval += ' (Real)';
|
|
break;
|
|
case asn1.Type.ENUMERATED:
|
|
rval += ' (Enumerated)';
|
|
break;
|
|
case asn1.Type.EMBEDDED:
|
|
rval += ' (Embedded PDV)';
|
|
break;
|
|
case asn1.Type.UTF8:
|
|
rval += ' (UTF8)';
|
|
break;
|
|
case asn1.Type.ROID:
|
|
rval += ' (Relative Object Identifier)';
|
|
break;
|
|
case asn1.Type.SEQUENCE:
|
|
rval += ' (Sequence)';
|
|
break;
|
|
case asn1.Type.SET:
|
|
rval += ' (Set)';
|
|
break;
|
|
case asn1.Type.PRINTABLESTRING:
|
|
rval += ' (Printable String)';
|
|
break;
|
|
case asn1.Type.IA5String:
|
|
rval += ' (IA5String (ASCII))';
|
|
break;
|
|
case asn1.Type.UTCTIME:
|
|
rval += ' (UTC time)';
|
|
break;
|
|
case asn1.Type.GENERALIZEDTIME:
|
|
rval += ' (Generalized time)';
|
|
break;
|
|
case asn1.Type.BMPSTRING:
|
|
rval += ' (BMP String)';
|
|
break;
|
|
}
|
|
}
|
|
else {
|
|
rval += obj.type;
|
|
}
|
|
|
|
rval += '\n';
|
|
rval += indent + 'Constructed: ' + obj.constructed + '\n';
|
|
|
|
if(obj.composed) {
|
|
var subvalues = 0;
|
|
var sub = '';
|
|
for(var i = 0; i < obj.value.length; ++i) {
|
|
if(obj.value[i] !== undefined) {
|
|
subvalues += 1;
|
|
sub += asn1.prettyPrint(obj.value[i], level + 1, indentation);
|
|
if((i + 1) < obj.value.length) {
|
|
sub += ',';
|
|
}
|
|
}
|
|
}
|
|
rval += indent + 'Sub values: ' + subvalues + sub;
|
|
}
|
|
else {
|
|
rval += indent + 'Value: ';
|
|
if(obj.type === asn1.Type.OID) {
|
|
var oid = asn1.derToOid(obj.value);
|
|
rval += oid;
|
|
if(forge.pki && forge.pki.oids) {
|
|
if(oid in forge.pki.oids) {
|
|
rval += ' (' + forge.pki.oids[oid] + ')';
|
|
}
|
|
}
|
|
}
|
|
// FIXME: choose output (hex vs. printable) based on asn1.Type
|
|
else if(_nonLatinRegex.test(obj.value)) {
|
|
rval += '0x' + forge.util.createBuffer(obj.value, 'utf8').toHex();
|
|
}
|
|
else if(obj.value.length === 0) {
|
|
rval += '[null]';
|
|
}
|
|
else {
|
|
rval += obj.value;
|
|
}
|
|
}
|
|
|
|
return rval;
|
|
};
|
|
|
|
} // end module implementation
|
|
|
|
/* ########## Begin module wrapper ########## */
|
|
var name = 'asn1';
|
|
if(typeof define !== 'function') {
|
|
// NodeJS -> AMD
|
|
if(typeof module === 'object' && module.exports) {
|
|
var nodeJS = true;
|
|
define = function(ids, factory) {
|
|
factory(require, module);
|
|
};
|
|
}
|
|
// <script>
|
|
else {
|
|
if(typeof forge === 'undefined') {
|
|
forge = {};
|
|
}
|
|
return initModule(forge);
|
|
}
|
|
}
|
|
// AMD
|
|
var deps;
|
|
var defineFunc = function(require, module) {
|
|
module.exports = function(forge) {
|
|
var mods = deps.map(function(dep) {
|
|
return require(dep);
|
|
}).concat(initModule);
|
|
// handle circular dependencies
|
|
forge = forge || {};
|
|
forge.defined = forge.defined || {};
|
|
if(forge.defined[name]) {
|
|
return forge[name];
|
|
}
|
|
forge.defined[name] = true;
|
|
for(var i = 0; i < mods.length; ++i) {
|
|
mods[i](forge);
|
|
}
|
|
return forge[name];
|
|
};
|
|
};
|
|
var tmpDefine = define;
|
|
define = function(ids, factory) {
|
|
deps = (typeof ids === 'string') ? factory.slice(2) : ids.slice(2);
|
|
if(nodeJS) {
|
|
delete define;
|
|
return tmpDefine.apply(null, Array.prototype.slice.call(arguments, 0));
|
|
}
|
|
define = tmpDefine;
|
|
return define.apply(null, Array.prototype.slice.call(arguments, 0));
|
|
};
|
|
define(['require', 'module', './util', './oids'], function() {
|
|
defineFunc.apply(null, Array.prototype.slice.call(arguments, 0));
|
|
});
|
|
})();
|