search

ampproject / samples

Apache License 2.0
443 stars 191 forks source link

Update dependency jsrsasign to v10 [SECURITY] - autoclosed #414

Closed renovate[bot] closed 1 year ago

renovate[bot] commented 1 year ago

Mend Renovate

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
jsrsasign (source) ^8.0.0 -> ^10.0.0 age adoption passing confidence

GitHub Vulnerability Alerts

GHSA-h87q-g2wp-47pj

In the jsrsasign package through 10.1.13 for Node.js, some invalid RSA PKCS#​1 v1.5 signatures are mistakenly recognized to be valid. NOTE: there is no known practical attack.

CVE-2022-25898

Impact

Jsrsasign supports JWS(JSON Web Signatures) and JWT(JSON Web Token) validation. However JWS or JWT signature with non Base64URL encoding special characters or number escaped characters may be validated as valid by mistake.

For example, even if a string of non Base64URL encoding characters such as !@​$% or \11 is inserted into a valid JWS or JWT signature value string, it will still be a valid JWS or JWT signature by mistake.

When jsrsasign's JWS or JWT validation is used in OpenID connect or OAuth2, this vulnerability will affect to authentication or authorization.

By our internal assessment, CVSS 3.1 score will be 8.6. CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N

Patches

Users validate JWS or JWT signatures should upgrade to 10.5.25.

Workarounds

Validate JWS or JWT signature if it has Base64URL and dot safe string before executing JWS.verify() or JWS.verifyJWT() method.

ACKNOWLEDGEMENT

Thanks to Adi Malyanker and Or David for this vulnerability report. Also thanks for Snyk security team for this coordination.

References

https://github.com/kjur/jsrsasign/releases/tag/10.5.25 https://github.com/kjur/jsrsasign/security/advisories/GHSA-3fvg-4v2m-98jf kjur's advisories https://github.com/advisories/GHSA-3fvg-4v2m-98jf github advisories https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25898 https://kjur.github.io/jsrsasign/api/symbols/KJUR.jws.JWS.html#.verifyJWT https://kjur.github.io/jsrsasign/api/symbols/KJUR.jws.JWS.html#.verify https://kjur.github.io/jsrsasign/api/symbols/global__.html#.isBase64URLDot https://github.com/kjur/jsrsasign/wiki/Tutorial-for-JWS-verification https://github.com/kjur/jsrsasign/wiki/Tutorial-for-JWT-verification https://security.snyk.io/vuln/SNYK-JS-JSRSASIGN-2869122

Release Notes

kjur/jsrsasign ### [`v10.5.25`](https://togithub.com/kjur/jsrsasign/releases/tag/10.5.25): CVE-2022-25898 Security fix in JWS and JWT validation [Compare Source](https://togithub.com/kjur/jsrsasign/compare/10.5.24...10.5.25) - Changes from 10.5.24 to 10.5.25 (2022-Jun-23) - src/jws.js - JWS.verify and JWS.verifyJWT - CVE-2022-25898 SECURITY FIX: verify and verifyJWT may accept signature with special characters or \number characters by mistake. Please see security advisory: https://github.com/kjur/jsrsasign/security/advisories/GHSA-3fvg-4v2m-98jf - src/base64x.js - function isBase64URLDot added - test/qunit-do-jwt-veri.html ### [`v10.5.24`](https://togithub.com/kjur/jsrsasign/releases/tag/10.5.24): X509.getParam bugfix for v1 certificate [Compare Source](https://togithub.com/kjur/jsrsasign/compare/10.5.23...10.5.24) - Changes from 10.5.23 to 10.5.24 (2022-Jun-04) - src/x509.js - X509.getParam bugfix for X.509v1 certificate without extension ### [`v10.5.23`](https://togithub.com/kjur/jsrsasign/releases/tag/10.5.23): BitString parsing bug fix [Compare Source](https://togithub.com/kjur/jsrsasign/compare/10.5.22...10.5.23) - Changes from 10.5.22 to 10.5.23 (2022-May-27) - src/base64x.js - bitstrtobinstr bugfix fix - src/asn1hex.js - ASN1HEX.parse change for bin string range - npm/lib/footers.js - add missed exports (bitstrtobinstr, binstrtobitstr, namearraytobinstr, extendClass) - test/qunit-do-{asn1hex-parse,base64x}.html - add and fix some test cases for above ### [`v10.5.22`](https://togithub.com/kjur/jsrsasign/releases/tag/10.5.22): DERBitString, KeyUsage and tsp PKIFailureInfo critical bug fix [Compare Source](https://togithub.com/kjur/jsrsasign/compare/10.5.21...10.5.22) - Changes from 10.5.21 to 10.5.22 (2022-May-24) - src/asn1.js - DERBitString critical bugfix - src/asn1tsp.js - PKIFailureInfo critical bugfix - src/asn1x509.js - KeyUsage critical bugfix - src/base64.x - namearraytobinstr critical bugfix - test/qunit-do-{asn1,asn1tsp,asn1x509,base64x}.html - add and fix some test cases for above ### [`v10.5.21`](https://togithub.com/kjur/jsrsasign/compare/10.5.20...10.5.21) [Compare Source](https://togithub.com/kjur/jsrsasign/compare/10.5.20...10.5.21) ### [`v10.5.20`](https://togithub.com/kjur/jsrsasign/releases/tag/10.5.20): OCSP ResponderID object udpate [Compare Source](https://togithub.com/kjur/jsrsasign/compare/10.5.19...10.5.20) - Changes from 10.5.19 to 10.5.20 (2022-Apr-25) - src/asn1ocsp.js - ResponderID class now also supports PEM certificate or X509 object for key and name field. - test/qunit-do-asn1ocsp.html - add some test cases and fix for above - remove silver sponsor ### [`v10.5.19`](https://togithub.com/kjur/jsrsasign/releases/tag/10.5.19): Time stamp package update [Compare Source](https://togithub.com/kjur/jsrsasign/compare/10.5.18...10.5.19) - Changes from 10.5.18 to 10.5.19 (2022-Apr-23) - src/asn1tsp.js - TimeStampResp class update to statusinfo member will be optional. If omitted, it will be "granted" by default. - API manual update for more detail ### [`v10.5.18`](https://togithub.com/kjur/jsrsasign/releases/tag/10.5.18): Time stamp package update [Compare Source](https://togithub.com/kjur/jsrsasign/compare/10.5.17...10.5.18) - Changes from 10.5.17 to 10.5.18 (2022-Apr-22) - src/asn1tsp.js - TSPParser.getTimeStampReq added - TSPUtil.parse{TimeStampReq,MessageImprint} now *DEPRECATED*. Please use TSPParser. - test/qunit-do-asn1tsp.html - add some test cases and fix for above ### [`v10.5.17`](https://togithub.com/kjur/jsrsasign/releases/tag/10.5.17): CIDR subnet mask support in iptohex and hextoip [Compare Source](https://togithub.com/kjur/jsrsasign/compare/10.5.16...10.5.17) - Changes from 10.5.16 to 10.5.17 (2022-Apr-14) - src/asn1x509.js - add IP address support in NameConstraints class - bugfix in NameConstraints ip address - wrong ASN.1 encoder in NameConstraints class bug fix (wrong explicit tag) - src/base64x.js - add CIDR subnet mask support in iptohex and hextoip - iptohex, hextoip refactoring - test/qunit-do-{x509-ext,base64x,asn1x509-tbscert,asn1x509}.html - add some test cases and fix for above ### [`v10.5.16`](https://togithub.com/kjur/jsrsasign/releases/tag/10.5.16): Add NameConstraints extension and modify getEncodedHex to tohex [Compare Source](https://togithub.com/kjur/jsrsasign/compare/10.5.15...10.5.16) - Changes from 10.5.15 to 10.5.16 (2022-Apr-08) - src/asn1x509.js - NameConstraints and GeneralSubtree class added - add support for nameConstraints in Extensions class - remove old GeneralName code - src/x509.js - getExtNameConstraints and getGeneralSubbtree method added - add support for nameConstraints in getParam method - X509.getParam supports optional arguments: - tbshex: to return hexadecimal tbsCertificate value - nodnarray: delete array member of subject and issuer in the result. - src/x509crl.js - X509CRL.getParam supports optional arguments: - tbshex: to return hexadecimal tbsCertList value - nodnarray: delete array member of subject and issuer in the result. - src/asn1.js - ASN1Object.tohex() method added - ASN1Object.getEncodedHex() method is now DEPRECATED. Please use ASN1Object.tohex() instead. - clean up some codes - src/\*.js - update for ASN1Object.tohex() - test/qunit-do-x509-ext.html - getExtNameConstraints and getGeneralSubtree method test added - test/qunit-do-asn1x509.html - NameConstraints and GeneralSubtree class test added - test/qunit-do-asn1-newobj.html - int and tag test refactoring - bugfix ### [`v10.5.15`](https://togithub.com/kjur/jsrsasign/releases/tag/10.5.15): X509.getExtCRLDistributionPointsURI small fix [Compare Source](https://togithub.com/kjur/jsrsasign/compare/10.5.14...10.5.15) - Changes from 10.5.14 to 10.5.15 (2022-Apr-06) - src/x509.js - fix X509.getExtCRLDistributionPointsURI. This returns undefined when no CDP extension as specified in document even though it is deprecated method. ### [`v10.5.14`](https://togithub.com/kjur/jsrsasign/releases/tag/10.5.14): KEYUTIL.getPEM small fix [Compare Source](https://togithub.com/kjur/jsrsasign/compare/10.5.13...10.5.14) - Changes from 10.5.13 to 10.5.14 (2022-Mar-28) - src/keyutil.js - fix KEYUTIL.getPEM when public key is not specified for ECDSA object. optional public key field will be omitted in such case. ([#​549](https://togithub.com/kjur/jsrsasign/issues/549)) - test/qunit-do-\*.html - test case added for above updates. ### [`v10.5.13`](https://togithub.com/kjur/jsrsasign/releases/tag/10.5.13): RSA key private generation fix [Compare Source](https://togithub.com/kjur/jsrsasign/compare/10.5.12...10.5.13) - Changes from 10.5.12 to 10.5.13 (2022-Mar-18) - ext/rsa2.js - fix RSAGenerate for checking |p - q| ([#​546](https://togithub.com/kjur/jsrsasign/issues/546)) ### [`v10.5.12`](https://togithub.com/kjur/jsrsasign/releases/tag/10.5.12): support ISO 8859-1 TeletexString and BMPString for X500Name [Compare Source](https://togithub.com/kjur/jsrsasign/compare/10.5.11...10.5.12) - Changes from 10.5.11 to 10.5.12 (2022-Mar-13) - src/asn1hex.js - ASN1HEX.parse fixed for TeletexString and BMPString - ASN1HEX.parse TeletexString supports non-ASCII ISO 8859-1 Latin1 characters. Before this version, only supports ASCII characters. - hextoipv6 bug fix raised in some of enviroment - src/base64x.js - iso88591hextoutf8/utf8toiso88591hex added - iso88591hextoutf8hex/utf8hextoiso88591hex added - hextoipv6 fixed - src/x509.js - refactoring for X509.get{X500NameArray,RDN,AttrTypeAndValue}. Add support for Teletex/BMPString and more attrTypes - test/qunit-do-\*.html - test case added for above updates. - qunit-do-base64x: add iso8859-1 / utf-8 converter tests - qunit-do-asn1hex-parse: add TeletexString parse tests - qunit-do-x509-ext: add NumericString/TeletexString X500Name tests ### [`v10.5.11`](https://togithub.com/kjur/jsrsasign/releases/tag/10.5.11): asn1hex update [Compare Source](https://togithub.com/kjur/jsrsasign/compare/10.5.10...10.5.11) - Changes from 10.5.10 to 10.5.11 (2022-Mar-12) - src/ash1hex.js - ASN1HEX.parse add NumericStiring(x12) support - ASN1HEX.parse fix for "8x" tag (non structured tag) - test/qunit-do-asn1hex.html - test case added for above updates. ### [`v10.5.10`](https://togithub.com/kjur/jsrsasign/releases/tag/10.5.10): hextoipv6 fix [Compare Source](https://togithub.com/kjur/jsrsasign/compare/10.5.9...10.5.10) - Changes from 10.5.9 to 10.5.10 (2022-Mar-10) - src/base64x.js - fix hextoipv6 for shrinking leading zeros ([#​536](https://togithub.com/kjur/jsrsasign/issues/536)) - test/qunit-do-base64x.html - test case added for above updates. ### [`v10.5.9`](https://togithub.com/kjur/jsrsasign/releases/tag/10.5.9): small fix [Compare Source](https://togithub.com/kjur/jsrsasign/compare/10.5.8...10.5.9) - Changes from 10.5.8 to 10.5.9 (2022-Mar-10) - src/base64x.js - fix zulutosec ([#​538](https://togithub.com/kjur/jsrsasign/issues/538)) - src/asn1csr.js - fix CSRUtil.getParam ([#​544](https://togithub.com/kjur/jsrsasign/issues/544)) - test/qunit-do-{base64x,asn1csr}.html - test case update for above updates. ### [`v10.5.8`](https://togithub.com/kjur/jsrsasign/releases/tag/10.5.8): OCSP CertID and X509 class update [Compare Source](https://togithub.com/kjur/jsrsasign/compare/10.5.7...10.5.8) - Changes from 10.5.7 to 10.5.8 (2022-Feb-25) - src/asn1ocsp.js - CertID class refactoring - CertID.getParamByCerts method added - src/x509.js - DEPRECATED getPublicKeyHex method (use getSPKI instead) - getSPKI, getSPKIValue method added - getExtCRLDistributionPointsURI bugfix - API document fix - test/qunit-do-{asn1ocsp,x509-ext,x509,x509-v1}.html - test case update and bugfix for above updates. ### [`v10.5.7`](https://togithub.com/kjur/jsrsasign/releases/tag/10.5.7): X509CRL.findRevCert bugfix for empty revCerts [Compare Source](https://togithub.com/kjur/jsrsasign/compare/10.5.6...10.5.7) - Changes from 10.5.6 to 10.5.7 (2022-Feb-19) - src/x509crl.js - X509CRL.{findRevCert,findRevCertBySN} method fix for empty revCerts ### [`v10.5.6`](https://togithub.com/kjur/jsrsasign/releases/tag/10.5.6): X509CRL.findRevCert bugfix [Compare Source](https://togithub.com/kjur/jsrsasign/compare/10.5.5...10.5.6) - Changes from 10.5.5 to 10.5.6 (2022-Feb-17) - src/x509crl.js X509CRL class - fix sn error in findRevCert ### [`v10.5.5`](https://togithub.com/kjur/jsrsasign/releases/tag/10.5.5): CRL parser update [Compare Source](https://togithub.com/kjur/jsrsasign/compare/10.5.4...10.5.5) - Changes from 10.5.4 to 10.5.5 (2022-Feb-17) - src/x509crl.js X509CRL class - add getIssuerHex method - add findRevCert method - add findRevCertBySN method - test/x509crl.html update ### [`v10.5.4`](https://togithub.com/kjur/jsrsasign/releases/tag/10.5.4): ASN.1 parser update and fix [Compare Source](https://togithub.com/kjur/jsrsasign/compare/10.5.3...10.5.4) - Changes from 10.5.3 to 10.5.4 (2022-Feb-15) - src/asn1.js - DERTaggedObject - refactoring - add {tag: xx, str:"aaa"} parameter support - add {tag: xx, hex:"616161"} parameter support - setASN1Object method now *deprecated*. Please use setByParam - src/asn1hex.js - ASN1HEX.parse - add encapsulated OctetString, BitString support - add encapsulated structured TaggedObject support - changed to return binary string for 3byte or less BitString value - ObjectIdentifier fix when undefined OID name - src/base64x.js - added bitstrtobinstr/binstrtobitstr - utf8tohex fix for lower case hexadecimal string - hextoutf8 fix for improper hexadecimal string for UTF-8 - bitstrtoint/inttobitstr fix for error case return - test/qunit-do-asn1.html - TaggedObject test case update - test/qunit-do-asn1hex-parse.html - BitString, TaggedObject test case update - test/qunit-do-base64x.html - hextoutf8/utf8tohex testcase update - bitstrtobinstr/binstrtobitstr testcase added ### [`v10.5.3`](https://togithub.com/kjur/jsrsasign/releases/tag/10.5.3): add OtherName support in GeneralName [Compare Source](https://togithub.com/kjur/jsrsasign/compare/10.5.2...10.5.3) - Changes from 10.5.2 to 10.5.3 (2022-Feb-10) - add otherName support in GeneralName by PR with small update ([#​535](https://togithub.com/kjur/jsrsasign/issues/535)) - src/asn1x509.js - add otherName of GeneralName support ([#​535](https://togithub.com/kjur/jsrsasign/issues/535)) - GeneralName class refactoring - add OtherName class - src/x509.js - add otherName of GeneralName support - src/asn1hex.js - add ASN1HEX.parse method - src/asn1.js - API doc and error exception fix - test/qunit-do-{asn1x509,x509-ext}.html - test case added - test/qunit-do-asn1hex-parse.html added ### [`v10.5.2`](https://togithub.com/kjur/jsrsasign/releases/tag/10.5.2): small update for OID and JWK [Compare Source](https://togithub.com/kjur/jsrsasign/compare/10.5.1...10.5.2) - Changes from 10.5.1 to 10.5.2 (2022-Feb-08) - src/asn1x509.js - add OID.{registerOIDs,checkOIDs} method - src/keyutil.js - getJWK, getJWKFromKey API doc update - test/qunit-do-asn1x509.html updated - test case added ### [`v10.5.1`](https://togithub.com/kjur/jsrsasign/releases/tag/10.5.1): add KEYUTIL.getJWK, fix EC P-521 concat signature value and add support for P-521 JWS JWK [Compare Source](https://togithub.com/kjur/jsrsasign/compare/10.5.0...10.5.1) - Changes from 10.5.0 to 10.5.1 (2021-Dec-01) - fix ECC P-521 curve issues ([#​528](https://togithub.com/kjur/jsrsasign/issues/528)) - src/ecdsa-modified.js - asn1SigToConcatSig fix P521 issue - concatSigToASN1Sig fix P521 issue - src/jws.js - add ES512 support - src/keyutil.js - fix P-521 issue in getKey,getJWKFromKey, - tool/tool_jwt.html - add ES512 support - test/qunit-do-ecdsamod-s.html - add P-521 asn1SigToConcatSig tests - add P-521 concatSigToASN1Sig tests - test/qunit-do-ecdsamod.html - add sha512 tests - test/qunit-do-jws-sign.html - add signing and verification ES512 test - test/qunit-do-keyutil-ec.html - add P-521 key test - test/qunit-do-keyutil-jwk.html - add P-521 private key test - test/qunit-do-x509-key.html - add P-521 certificate test - JWK from X509 certificate ([#​529](https://togithub.com/kjur/jsrsasign/issues/529)) - this PR was merged but - X509.getPublicKeyJWK was moved to KEYUTIL.getJWK - some tests in qunit-do-x509-jwk was moved to qunit-do-keyutil-jwk - readCertJWK was removed - src/keyutil - KEYUTIL.getJWK added and x5c/x5t/x5t#S256/kid member support - KEYUTIL.getJWKFromKey now deprecated - src/ecdsa-modified.js - missing variable definition fix ([#​527](https://togithub.com/kjur/jsrsasign/issues/527)) - test/qunit-do-x509.html test error fix - Great appreciate for [@​cplussharp](https://togithub.com/cplussharp) 's contribution. ### [`v10.5.0`](https://togithub.com/kjur/jsrsasign/releases/tag/10.5.0): Add EC support for secp521r1 secp224r1 secp192r1 [Compare Source](https://togithub.com/kjur/jsrsasign/compare/10.4.1...10.5.0) - Changes from 10.4.1 to 10.5.0 - Add EC support for secp521r1 secp224r1 secp192r1 ([#​521](https://togithub.com/kjur/jsrsasign/issues/521) [#​519](https://togithub.com/kjur/jsrsasign/issues/519)) Thank you indeed for [@​cplussharp](https://togithub.com/cplussharp) 's great work. - EC key length bugs for newly supported curves are fixed. - src/ecdsa-modified: key length fixes - src/ecparam.js: add keycharlen property - src/asn1x509.js: add secp521r1 OID - test/qunit-do-ecdsamod.html: all test code passed - test/qunit-do-ecdsamod-unsupport.html: all test code passed - test/qunit-do-ecdsamod-s.html: all test code passed - test/qunit-do-ecdsamod-nisttv.html: added for NIST EC keygen test - sample/sample-ecdsa.html: add P-521 - sample/sample-rsasign.html - fix to trim non hexadecimal strings ([#​517](https://togithub.com/kjur/jsrsasign/issues/517)) ### [`v10.4.1`](https://togithub.com/kjur/jsrsasign/releases/tag/10.4.1): GeneralizedTime, UTCTime refactoring and some bug fix [Compare Source](https://togithub.com/kjur/jsrsasign/compare/10.4.0...10.4.1) - Changes from 10.4.0 to 10.4.1 release - src/asn1.js - refactoring of DERUTCTime, DERGeneralizedTime and DERAbstractTime - now DERUTCTime support fraction of second - src/asn1x509.js - update Time class to follow DER{UTC,Generalized}Time update - tool/tool_tsreq.html - messageImprint bug fix ([#​504](https://togithub.com/kjur/jsrsasign/issues/504)) - tool/tool_tsres.html - serialNumber bug fix ([#​505](https://togithub.com/kjur/jsrsasign/issues/505)) - jsrsasign-\*-min.js - header URL fix to kjur.github.io ([#​503](https://togithub.com/kjur/jsrsasign/issues/503)) (will be fixed in next release while rebuild) - test/qunit-do-{asn1,asn1x509}.html updated - KJUR.asn1.DER{UTC,Generalized}Time, KJUR.asn1.x509.Time class test case added and updated. ### [`v10.4.0`](https://togithub.com/kjur/jsrsasign/releases/tag/10.4.0): Full support for parsing OCSP response [Compare Source](https://togithub.com/kjur/jsrsasign/compare/10.3.2...10.4.0) - Changes from 10.3.2 to 10.4.0 (2021-08-17) - asn1ocsp.js - add OCSP response parser support in OCSPParser class (request [#​501](https://togithub.com/kjur/jsrsasign/issues/501)) - OCSPParser.get{OCSPResponse,ResponseBytes,BasicOCSPResponse,ResponseData,ResponderID,SingleResponseList,SingleResponse,CertStatus} methods added - DEPRECATED: OCSPUtil.getOCSPResponseInfo - test/qunit-do-asn1ocsp.html updated - add test for OCSP response parser ### [`v10.3.2`](https://togithub.com/kjur/jsrsasign/releases/tag/10.3.2): fix wrong OCSPRequest for EC public key certificate [Compare Source](https://togithub.com/kjur/jsrsasign/compare/10.3.0...10.3.2) - Changes from 10.3.1 to 10.3.2 - asn1ocsp.js - CertID.setByCert fixed for issuer EC public key ([#​500](https://togithub.com/kjur/jsrsasign/issues/500)) ### [`v10.3.0`](https://togithub.com/kjur/jsrsasign/releases/tag/10.3.0): remove all YUI dependency [Compare Source](https://togithub.com/kjur/jsrsasign/compare/10.2.0...10.3.0) - Changes from 10.2.0 to 10.3.0 - remove YUI library dependency - LICENSE.txt - remove YUI license - src/base64x.js - add extendClass function to replace YUI class extend - src/\*.js - replace YAHOO.lang.extend to extendClass all - src/keyutil.js - change to raise exception in KEYUTIL class with Error class - src/asn1x509.js - API document update for Extesions and CRLReason class - npm_util/package.json - fix dependencies ([#​482](https://togithub.com/kjur/jsrsasign/issues/482)) - test/qunit-do-\*.html - updated to follow above - test/qunit-do-base64x-class.html added - test for extendClass function ### [`v10.2.0`](https://togithub.com/kjur/jsrsasign/releases/tag/10.2.0): CVE-2021-30246 RSAKey.verify issue fix [Compare Source](https://togithub.com/kjur/jsrsasign/compare/10.1.13...10.2.0) - Changes from 10.1.13 to 10.2.0 (2021-04-14) - src/rsasign.js - CVE-2021-30246 RSAKey.verify issue was fixed ([#​478](https://togithub.com/kjur/jsrsasign/issues/478)) - src/asn1cms.js - IssuerSerial, IsseruAndSerialNumber API document update - sample_node/asn1extract2 - change to "/usr/bin/env node" ### [`v10.1.13`](https://togithub.com/kjur/jsrsasign/releases/tag/10.1.13): add non-ascii BMPString support [Compare Source](https://togithub.com/kjur/jsrsasign/compare/10.1.12...10.1.13) - Changes from 10.1.12 to 10.1.13 (2021-03-08) - src/base64x.js - add ucs2hextoutf8 function - src/x509.js - X509.getAttrTypeAndValue supports non-ascii BMPString ([#​474](https://togithub.com/kjur/jsrsasign/issues/474)) - src/asn1hex.js - ASN1HEX.dump supports non-ascii BMPString - test/qunit-do-{asn1hex-dump,x509-ext,base64x}.html - updated to follow above ### [`v10.1.12`](https://togithub.com/kjur/jsrsasign/releases/tag/10.1.12): fix for wrong UTF-8 encoding in distinguished name parser [Compare Source](https://togithub.com/kjur/jsrsasign/compare/10.1.11...10.1.12) - Changes from 10.1.11 to 10.1.12 (2021-02-25) - src/x509.js - fix X509.getAttrTypeValue ([#​473](https://togithub.com/kjur/jsrsasign/issues/473)) - attribute value is converted by hextoutf8 not hextorstr - X509.getIssuerString update to use getIssuer - X509.getSubjectString update to use getSubject - X509.dnarraytostr fix to escape "+" and "/" - X509.hex2dn update to use getX500Name - test/qunit-do-x509-ext.html - updated to follow above ### [`v10.1.11`](https://togithub.com/kjur/jsrsasign/releases/tag/10.1.11): update X509.getVersion and add jsrsasign-util saveFileJSON [Compare Source](https://togithub.com/kjur/jsrsasign/compare/10.1.10...10.1.11) - Changes from 10.1.10 to 10.1.11 (2021-02-19) - src/x509.js - X509.getVersion supports other than empty(DEFAULT =v1) and \[0] {INTEGER 2} (=v3). Thus version checking is relaxed. ([#​471](https://togithub.com/kjur/jsrsasign/issues/471)) - src/nodeutil.js (jsrsasign-util 1.0.4) - add saveFileUTF8 - saveFileJSON API document fix ### [`v10.1.10`](https://togithub.com/kjur/jsrsasign/releases/tag/10.1.10): extend support for distinguished name [Compare Source](https://togithub.com/kjur/jsrsasign/compare/10.1.9...10.1.10) - Changes from 10.1.9 to 10.1.10 release (2021-02-14) - src/asn1x509.js - AttributeTypeAndValue - add support for OID and oid name constructor AttributeTypeAndValue({str: "/streetAddress=foo"}) AttributeTypeAndValue({str: "/2.5.4.9=foo"}) - OID.name2oidList - add givenName - test/qunit-do-asn1x509.html - updated to follow above ### [`v10.1.9`](https://togithub.com/kjur/jsrsasign/releases/tag/10.1.9): Add SubjectDirectoryAttributes extension support [Compare Source](https://togithub.com/kjur/jsrsasign/compare/10.1.8...10.1.9) - Changes from 10.1.8 to 10.1.9 release (2021-02-12) - src/asn1x509.js - SubjectDirectoryAttributes class added - Extensions class updated to support SubjectDirectoryAttributes - OID class update to support OIDs such as gender, placeOfBirth et.al. for SubjectDirectoryAttributes. - SubjectDirectoryAttributes parser is needed to be implemented in X509.js future. - test/qunit-do-asn1x509.html - updated to follow above ### [`v10.1.8`](https://togithub.com/kjur/jsrsasign/releases/tag/10.1.8): KEYUTIL supports PKCS8 private key with extension - Changes from 10.1.5 to 10.1.8 release (2021-02-08) - src/keyutil.js - KEYUTIL.parsePlainPrivatePKCS8Hex now supports private key extsion and and issue [#​454](https://togithub.com/kjur/jsrsasign/issues/454) fixed. - test/qunit-do-keyutil-eprv.html - updated to follow above ### [`v10.1.5`](https://togithub.com/kjur/jsrsasign/releases/tag/10.1.5): CAdES-T support update and fix [Compare Source](https://togithub.com/kjur/jsrsasign/compare/10.1.4...10.1.5) - Changes from 10.1.4 to 10.1.5 release (2021-01-17) - tool/tool_cades.html fix ([#​465](https://togithub.com/kjur/jsrsasign/issues/465)) - now works fine again for CAdES-T demo - src/asn1cms.js - SignerInfo class - unsigned attribute support again - Attribute class - add signaturePolicyIdentifier support - add signatureTimeStamp support - CMSParser class - add signaturePolicyIdentifier support - add setSignaturePolicyIdentifier method - src/asn1cades.js - CAdESUtil class - parseSignedDataForAddingUnsigned modified to use CMSParser - addSigTS removed since it was empty method - parseSignerInfoForAddingUnsigned is deprecated since parseSignedDataForAddingUnsigned will not call it. - src/crypto.js - Mac API document fix ([#​466](https://togithub.com/kjur/jsrsasign/issues/466)) ### [`v10.1.4`](https://togithub.com/kjur/jsrsasign/releases/tag/10.1.4): TSPParser.getPKIStatusInfo bugfix [Compare Source](https://togithub.com/kjur/jsrsasign/compare/10.1.3...10.1.4) - Changes from 10.1.3 to 10.1.4 release (2020-11-23) - asn1tsp.js - TSPParser class - getPKIStatusInfo out parameter name bugfix - test/qunit-do-asn1hex.html - updated to follow above ### [`v10.1.3`](https://togithub.com/kjur/jsrsasign/releases/tag/10.1.3): TSPParser.getPKIStatusInfo update [Compare Source](https://togithub.com/kjur/jsrsasign/compare/10.1.2...10.1.3) - Changes from 10.1.2 to 10.1.3 release (2020-11-22) - asn1tsp.js - TSPParser class - getPKIStatusInfo updated to supports PKIFreeText and PKIFailureInfo - getPKIFreeText added - getPKIFailureInfo added - asn1hex.js - ASN1HEX class - getString added - getInt method updated to supports ASN.1 BitString - base64x.js - function bitstrtoint, inttobitstr added - test/qunit-do-{asn1hex,asn1tsp,base64x}.html - updated to follow above ### [`v10.1.2`](https://togithub.com/kjur/jsrsasign/releases/tag/10.1.2): add SigningCertificateV2 for CMSParser and issue fix [Compare Source](https://togithub.com/kjur/jsrsasign/compare/10.1.1...10.1.2) - Changes from 10.1.1 to 10.1.2 release (2020-11-21) - src/asn1cms.js - CMSParser - getAttribute updated to support SigningCertificateV2 - add setSigningCertificateV2 method - add getESSCertIDv2 method - change sortflag of result parameter to true in CMSParser.getCertificateSet - test/qunit-do-asn1cms.html - updated to follow above ### [`v10.1.1`](https://togithub.com/kjur/jsrsasign/releases/tag/10.1.1): CMSSignedData and TimeStamp parser bugfix [Compare Source](https://togithub.com/kjur/jsrsasign/compare/10.1.0...10.1.1) - Changes from 10.1.0 to 10.1.1 release (2020-11-20) - src/asn1tsp.js - "serialNumber" parameter was changed to "serial" in TSTInfo class and TSPParser.getTSTInfo method. - src/asn1cms.js - change method name CMSParser.getAttributeArray to CMSParser.getAttributeList to align to the name AttributeList class. - getAttributeList returns JSON parameter which can be accepted by AttributeList constructor. - wrong sighex value for signature value by getSignerInfo method was fixed. - test/qunit-do-asn1tsp.html - updated to follow above ### [`v10.1.0`](https://togithub.com/kjur/jsrsasign/releases/tag/10.1.0): add new CMSSignedData and TimeStamp parser and X500Name update [Compare Source](https://togithub.com/kjur/jsrsasign/compare/10.0.5...10.1.0) - Changes from 10.0.5 to 10.1.0 release - add new CMSSignedData and TimeStamp parser - X500.get{X500Name,GeneralName,GeneralNames} result change - src/asn1cms.js - new CMSParser class for CMS SignedData - get{CMSSignedData,SignedData,HashAlgArray, EContent,SignerInfos,SignerInfo,SignerIdentifier, IssuerAndSerialNumber,AttributeArray, Attribute,ESSCertID,IssuerSerial,CertificateSet} - set{ContentType,SigningTime,MessageDigest, SigningCertificate} - src/asn1tsp.js - new TSPParser class to parser RFC 3161 TSP protocol - get{Response,Token,TSTInfo,Accuracy,MessageImprint, PKIStatusInfo} - setTSTInfo - src/asn1.js - DERObjectIdentifier class update to use new oidtohex - src/asn1hex.js - add ASN1HEX.{getInt,getOID,getOIDName} - src/asn1csr.js - CSRUtil.getParam result "subject" parameter result is changed because of X509.getX500Name update. - src/asn1x509.js - small update for Time class - small update for Certificate.sign method - document fix (issue [#​463](https://togithub.com/kjur/jsrsasign/issues/463)) - src/base64x.js - function "oidtohex" and "hextooid" added. - function "ishex" added - KJUR.lang.String.isHex now *DEPRECATED*. Please use "ishex". - src/x509.js - X509.getX500Name update - X509.get{Issuer,Subject,GeneralNames,GeneralName} - add X509.{getX500NameArray,dnarraytostr} - src/x509crl.js - X509CRL.getIssuer update for X509.getX500Name update - test/qunit-do-{asn1tsp,asn1cms,asn1hex,asn1x509-newcert-veri, base64x,x509-ext,x509crl}.html - updated to follow above ### [`v10.0.5`](https://togithub.com/kjur/jsrsasign/releases/tag/10.0.5): small issue fixes and updates [Compare Source](https://togithub.com/kjur/jsrsasign/compare/10.0.4...10.0.5) - Changes from 10.0.4 to 10.0.5 release - src/base64x.js - utf8tob64u, b64utoutf8 replace new Buffer() to Buffer.from() for Node.JS deprecation (issue [#​460](https://togithub.com/kjur/jsrsasign/issues/460)) - src/asn1x509.js - P-256 oid added in OID class (PR [#​461](https://togithub.com/kjur/jsrsasign/issues/461) [#​333](https://togithub.com/kjur/jsrsasign/issues/333)) - src/x509.js - document fix - tool/tool_csr.html - update to show ASN.1 dump of CSR - test/qunit-do-base64x.html, npm/test/t_base64x.js - update test code to follow above ### [`v10.0.4`](https://togithub.com/kjur/jsrsasign/releases/tag/10.0.4): add methods to modify some extension parameters [Compare Source](https://togithub.com/kjur/jsrsasign/compare/10.0.3...10.0.4) - Changes from 10.0.3 to 10.0.4 (2020-Oct-23) - src/x509.js - add X509.updateExt{CDPFullURI,AIAOCSP,AIACAIssuer} method - src/nodeutil.js - add read{JSON,JSONC},saveJSON,printJSON method added - jrsasign-util npm package updated - test/qunit-do-x509-param.html - updated to follow above ### [`v10.0.3`](https://togithub.com/kjur/jsrsasign/releases/tag/10.0.3): add findExt method in X509 class [Compare Source](https://togithub.com/kjur/jsrsasign/compare/10.0.2...10.0.3) - Changes from 10.0.2 to 10.0.3 (2020-Oct-21) - src/x509.js - add X509.findExt method - test/qunit-do-x509-param.html - updated to follow above ### [`v10.0.2`](https://togithub.com/kjur/jsrsasign/releases/tag/10.0.2): AdobeTimeStamp X.509v3 extension parser bugfix [Compare Source](https://togithub.com/kjur/jsrsasign/compare/10.0.1...10.0.2) - Changes from 10.0.1 to 10.0.2 (2020-Oct-14) - src/x509.js - X509.getExtAdobeTimeStamp method bugfix ### [`v10.0.1`](https://togithub.com/kjur/jsrsasign/releases/tag/10.0.1): AdobeTimeStamp X.509v3 certificate extension added [Compare Source](https://togithub.com/kjur/jsrsasign/compare/10.0.0...10.0.1) - Changes from 10.0.0 to 10.0.1 (2020-Oct-13) - src/asn1x509.js - AdobeTimeStamp class added - add AdobeTimeStamp support in Extension class - add "adobeTimeStamp" OID in OID class - src/x509.js - add getExtAdobeTimeStamp method to X509 class - add "adobeTimeStamp" support in getExtParam - src/asn1.js - DERBoolean add support for "false" value. - test/qunit-do-{asn1,asn1x509,x509}.html - updated to follow above ### [`v10.0.0`](https://togithub.com/kjur/jsrsasign/releases/tag/10.0.0): Major update for CMS SigneData TimeStamp and CAdES [Compare Source](https://togithub.com/kjur/jsrsasign/compare/9.1.9...10.0.0) - Changes from 9.1.9 to 10.0.0 (2020-Sep-24) - major update for CMS SignedData related classes to allow more simple ASN.1 generation - src/asn1cms.js - new architecture updates in SignedData, Attribute - all implemented Attributes such as ContentType, SigningTime are also updated. - new class added - ESSCertID - ESSCertIDv2 - SignerIdentifier - SubjectKeyIdentifier - CertificateSet - RevocationInfoChoices - RevocationInfoChoice - OtherRevocationFormat - following class/methods are now *deprecated* - CMSUtil.newSignedData - src/asn1tsp.js - aligned to new architecture: - TSTInfo, Accuracy, PKIStatusInfo, PKIStatus, PKIFreeText, PKIFailureInfo, - new class added - TimeStampToken - following class/methods are now *deprecated* - SimpleTSAAdapter, FixedTSAAdapter, TSPUtil.newTimeStampToken - src/asn1cades.js - aligned to new architecture - SignaturePolicyIdentifier, OtherHashAlgAndValue, SignatureTimeStamp, CompleteCertificateRefs, OtherCertID, OtherHash - new class added - SignaturePolicyId, OtherHashValue - src/asn1.js - DERTaggedObject add support for simple argument for explicit "tage" and implicit "tagi" - newObject add support for "asn1" property - DERObjectIdentifier constructor argument now accepts name and OID. method setValueNameOrOid added. - src/x509.js - X509(certPemOrHex) X509 class constructor add support for PEM or hex string of certificate as argument. - src/asn1x509.js - OID class: signaturePolicyIdentifier attribute OID added. ### [`v9.1.9`](https://togithub.com/kjur/jsrsasign/releases/tag/9.1.9): wrong encoding in CRLReason in OCSP CertStatus fixed [Compare Source](https://togithub.com/kjur/jsrsasign/compare/9.1.8...9.1.9) - Changes from 9.1.8 to 9.1.9 (2020-Sep-08) - src/asn1ocsp.js - BUGFIX: wrong encoding in CRLeason in OCSP CertStatus fixed - test/qunit-do-asn1ocsp.html - follow to above update ### [`v9.1.8`](https://togithub.com/kjur/jsrsasign/releases/tag/9.1.8): wrong encoding in byKey of OCSP ResponderID fixed [Compare Source](https://togithub.com/kjur/jsrsasign/compare/9.1.7...9.1.8) - Changes from 9.1.7 to 9.1.8 (2020-Sep-08) - src/asn1ocsp.js - BUGFIX: wrong encoding in byKey of OCSP ResponderID fixed - test/qunit-do-asn1ocsp.html - follow to above update ### [`v9.1.7`](https://togithub.com/kjur/jsrsasign/releases/tag/9.1.7): nextUpdate encoding bugfix in ocsp SingleResponse [Compare Source](https://togithub.com/kjur/jsrsasign/compare/9.1.6...9.1.7) - Changes from 9.1.6 to 9.1.7 (2020-Sep-08) - src/asn1ocsp.js - BUGFIX: nextUpdate encoding fix in SingleResponse - CertStatus document fix - test/qunit-do-asn1ocsp.html - follow to above update ### [`v9.1.6`](https://togithub.com/kjur/jsrsasign/releases/tag/9.1.6): add OCSP response and request encoder [Compare Source](https://togithub.com/kjur/jsrsasign/compare/9.1.5...9.1.6) - Changes from 9.1.5 to 9.1.6 (2020-Sep-05) - src/asn1ocsp.js - OCSPResponse class added - ResponseBytes class added - BasicOCSPResponse class added - ResponseData class added - ResponderID class added - SingleResponseList class added - SingleResponse class added - CertID class updated - changed properties to specify isserNameHash, issuerKeyHash and serialNumber without backward compatibility - CertStatus class added - OCSPParser class added - only OCSP request parser methods are available - src/asn1x509.js - OCSPNonce class OCSP extension added - OCSPNoCheck class certificate extension added - Extensios class supports OCSPNonce and OCSPNoCheck - OID clas supports ocspNonce, ocspNoCheck and ocspBasic - src/x509.js - X509.getExtParam supports OCSPNonce and OCSPNoCheck - X509.getExtOCSPNoCheck added - X509.getExtOCSPNonce added - src/asn1.js - ASN1Object class: add tlv parameter support - src/asn1hex.js - ASN1HEX.dump: enable to show tagged primitive ### [`v9.1.5`](https://togithub.com/kjur/jsrsasign/releases/tag/9.1.5): ASN1HEX getChildIdx bug for too many children [Compare Source](https://togithub.com/kjur/jsrsasign/compare/9.1.4...9.1.5) - Changes from 9.1.4 to 9.1.5 (2020-Aug-29) - src/asn1hex.js - BUGFIX: ASN1HEX.getChildIdx didn't returns proper result when too many child items such as over 200 children. - add ASN1HEX.getTLVblen method - DEPRECATED: getNextSiblingIdx. Please use getTLVblen instead. ### [`v9.1.4`](https://togithub.com/kjur/jsrsasign/releases/tag/9.1.4): X509CRL parser revokedCertificate bugfix X509CRL parser revokedCertificate bugfix - Changes from 9.1.3 to 9.1.4 (2020-Aug-28) - src/asn1hex.js - get{Idx,V,TLV}byList return value aligned to get{Idx,V,TLV}byListEx. - src/x509crl.js - BUGFIX: error when nextUpdate exists and no revokedCertificates missed to export X509CRL in npm package - Changes from 9.1.2 to 9.1.3 (2020-Aug-28) - npm/lib/footer.js - export X509CRL - NOTE: only npm package released ### [`v9.1.2`](https://togithub.com/kjur/jsrsasign/releases/tag/9.1.2): add private extension support for Cert CRL and CSR [Compare Source](https://togithub.com/kjur/jsrsasign/compare/9.1.1...9.1.2) - Changes from 9.1.1 to 9.1.2 (2020-Aug-27) - undefined extension regarded as private extesion in extension parser X509.getExtParam. Thus certificate, CRL and CSR parser will not raise error when undefined extension is parsed. - src/x509.js - unknown extension is parsed as private extension. - test/qunit-do-{x509-param}.html - add test case to follow above update ### [`v9.1.1`](https://togithub.com/kjur/jsrsasign/releases/tag/9.1.1): new CRL parser and private extension encoder support [Compare Source](https://togithub.com/kjur/jsrsasign/compare/9.1.0...9.1.1) - Changes from 9.1.0 to 9.1.1 (2020-Aug-27) - add new X509CRL class for CRL parser - add Certificate, CSR and CRL private extension support - src/x509crl.js (new) - X509CRL class - src/x509.js - new X509.getExtCRLNumber method for extension parser - new X509.getExtCRLReason method for extension parser - new X509.getExtParam method for parsing one extension - NOTE: not yet support for private extension - src/asn1x509.js - Extensions class: add support for private extension - PrivateExtension class added - OID.name2oid: add support OID (ex. "1.2.3.4") as argument - src/asn1csr.js - CSRUtil.getParam update to support X509.getExtParamArray and not using X509.parseExt - src/asn1.js - getLengthHexFromValue small update for exception - test/qunit-do-{asn1x509,asn1x509-tbscert,x509}.html - update to follow above updates - test/x509csr.html (new) ### [`v9.1.0`](https://togithub.com/kjur/jsrsasign/releases/tag/9.1.0): new CRL APIs and other updates [Compare Source](https://togithub.com/kjur/jsrsasign/compare/9.0.3...9.1.0) - Changes from 9.0.3 to 9.1.0 (2020-Aug-24) - CRL constructor update to align Certificate class without backward compatibility. - BUGFIX: SigningCertificate{,V2} encoding bugifx - src/asn1cms.js - BUGFIX: SigningCertificate{,V2} encoding have been missign SEQUENCE. ([#​448](https://togithub.com/kjur/jsrsasign/issues/448)) - src/asn1csr.js - CertificationRequestInfo class updated to new KJUR.asn1.x509.Extension class. - src/asn1x509.js - CRL and TBSCertList class constructor have been updated to align Certificate and CertificationRequestInfo style in 9.0.0 without backward compatibility. - this update makes more extension and entry extension support in the future. - CRLEntry class is *deprecated* since no more used in updated TBSCertList. - new CRLNumber extension class added - new CRLReason entry extension class added - OID class updated to support cRLNumber and cRLReason oids - TBSCertificate.getExtDERSequence method was moved to new Extensions class. - ASN1HEX.dump updated to support ENUMERATED - test/qunit-do-{asn1cms,asn1tsp,asn1x509-tbscert, asn1x509} updated to follow above updates. ### [`v9.0.3`](https://togithub.com/kjur/jsrsasign/releases/tag/9.0.3): TimeStampToken ASN.1 encoding error fix [Compare Source](https://togithub.com/kjur/jsrsasign/compare/9.0.2...9.0.3) - Changes from 9.0.2 to 9.0.3 (2020-Aug-22) - BUGFIX: tsa field of TSTInfo was not encoded properly. ([#​450](https://togithub.com/kjur/jsrsasign/issues/450)) - BUGFIX: CMSSignedData version of TimestampToken was not 3. ([#​448](https://togithub.com/kjur/jsrsasign/issues/448)) - src/asn1tsp.js - TSTInfo tsa field fix - TSTUtil.newTimeStampToken method to set CMSVersion 3. ### [`v9.0.2`](https://togithub.com/kjur/jsrsasign/releases/tag/9.0.2): PolicyInformation named policy OID bug fix [Compare Source](https://togithub.com/kjur/jsrsasign/compare/9.0.1...9.0.2) - Changes from 9.0.1 to 9.0.2 (2020-Aug-22) - BUGFIX: KJUR.asn1.tsp.PolicyInformation class constructor have not been accepted named policy OID such as "anyPolicy". The issue was fixed. - src/asn1x509.js - PolicyInformation bugfix for above. - test/qunit-do-asn1x509.html - updated to follow above. ### [`v9.0.1`](https://togithub.com/kjur/jsrsasign/releases/tag/9.0.1): TimeStampToken contentType attribute bug fix [Compare Source](https://togithub.com/kjur/jsrsasign/compare/9.0.0...9.0.1) - Changes from 9.0.0 to 9.0.1 (2020-Aug-21) - BUGFIX: KJUR.asn1.tsp.TimeStampToken class generates have generated with wrong contentType attribute with value "data". ([#​448](https://togithub.com/kjur/jsrsasign/issues/448)) - src/asn1tsp.js - TimeStampToken class constructor will add contentType attribute with "tstinfo" for bugfix. ([#​448](https://togithub.com/kjur/jsrsasign/issues/448)). - src/asn1cms.js - SignerInfo.setForContentAndHash class constructor parameter can have "contentType" property additionaly to set "tstinfo" as above. - src/asn1x509.js - some attribute type oids for CMS signedData are added to OID.name2oidList. ### [`v9.0.0`](https://togithub.com/kjur/jsrsasign/releases/tag/9.0.0): Certificate and CSR generator and parser API major updates [Compare Source](https://togithub.com/kjur/jsrsasign/compare/8.0.24...9.0.0) - Changes from 8.0.24 to 9.0.0 (2020-Aug-19) - Please see migration notes in wiki: https://github.com/kjur/jsrsasign/wiki/NOTE-jsrsasign-8.0.x-to-9.0.0-Certificate-and-CSR-API-migration-guide - CAUTION: some certificate and CSR APIs are missing backward compatibility so you may need to change your code to upgrade jsrsasign 9.0.0. - src/asn1x509.js - JSON argument format of Certificate and all certificate extension class were changed without backward compatibility. - They can accept JSON objects from ASN.1 parser methods in X509 class as an parameter arguments. - Certificate class constructor can automatically generate TBSCertificate and sign by params argument. So no need to call sign method or TBSCertificate constructor. - JSON argument format are aligned to the same manner among all certificate extension class. - For CRLDistributionPoints class, JSON argument format of DistributionPoint and DistributionPointName was changed. - Extension.appendByNameToArray method was removed. - "array" key was added to X500Name class constructor JSON argument. - AttributeTypeAndValue constructor argument also extended to support {type:"CN",value:"Test",ds:"prn"} style JSON object. - X509Util.newCertPEM argument format is updated to align Certificate class and is *deprecated*. - src/x509.js - returned JSON object format by all "get\*" parser method was changed to accept by related class defined in asn1x509.js without backward compatibility. - all certificate extension parsing methods are changed to have "hExtV" and "critical" as arguments. - following methods are added: getAlgorithmIdentifierName, getIssuer, getSubject, getGeneralNames, getGeneralName, getDistributionPoint, getDistributionPointName, getExtAuthorityInfoAccess, getPolicyInformation, getPolicyQualifierInfo, getUserNotice, getDisplayText, getX500NameRule, getX500Name, getRDN, getAttrTypeAndValue, getParam, getExtParamArray - following methods are *deprecated*: getExtSubjectAltName2, getExtAIAInfo, getExtCRLDistributionPointsURI. - X509Util.newCertPEM bugfix. Got error when cakey is [PKCS#​5](https://togithub.com/PKCS/jsrsasign/issues/5) plain PEM key string - src/asn1csr.js - JSON argument format was changed in CertificationRequest, CertificationRequestInfo, CSRUtil.netCSRPEM without backward compatibility. - CSRUtil.getInfo was renamed to CSRUtil.getParam - CSRUtil.netCSRPEM is now *deprecated* - src/asn1.js - ASN1Util.newObject can also conclude ASN1Object as well as JSON parameter. - tool/tool\_{ca,ca2}.html - changed to follow above updates. - test/\*.html - following test pages are updated to follow above: qunit-do-{asn1csr,asn1tsp,asn1x509-newcrt,asn1x509,base64x, ecdsmod-s,keyutil-getpem,package-jwths,x509-ext, x509-key,x509-kid,x509}.html - following test pages are added: qunit-do-{asn1x509-tbscert,x509-param}.html ### [`v8.0.24`](https://togithub.com/kjur/jsrsasign/releases/tag/8.0.24): fix SigningCertificate v1 v2 attribute ASN.1 encoding [Compare Source](https://togithub.com/kjur/jsrsasign/compare/8.0.23...8.0.24) - Changes from 8.0.23 to 8.0.24 (2020-Aug-18) - KJUR.asn1.cms.{SigningCertificate,SigningCertificateV2} wrong ASN.1 encoding issue was fixed ([#​448](https://togithub.com/kjur/jsrsasign/issues/448)) - src/asn1cms.js - KJUR.asn1.cms.{SigningCertificate,SigningCertificateV2} ASN.1 encoding issue fixed ([#​448](https://togithub.com/kjur/jsrsasign/issues/448)) - added KJUR.asn1.cms.IssuerSerial - test/qunit-do-asn1{cms,tsp}.html - updated for above issue ### [`v8.0.23`](https://togithub.com/kjur/jsrsasign/releases/tag/8.0.23): add CertificatePolicies BMPString and VisibleString support [Compare Source](https://togithub.com/kjur/jsrsasign/compare/8.0.22...8.0.23) - Changes from 8.0.22 to 8.0.23 (2020-Aug-06) - src/asn1x509.js - CertificatePolicies class added - update Extension.appendByNameToArray for CertificatePolicies - PolicyInformation, PolicyQualifierInfo, UserNotice, NoticeReference and DisplayText class added - src/asn1.js - BMPString and VisibleString class added - update ASN1Util.newObject for {BMP,Visible}String - src/asn1hex.js - update ASN1HEX.dump for {BMP,Visible}String - test qunit-do-{asn1,asn1-newobj,asn1x509,asn1hex-dump}.html ### [`v8.0.22`](https://togithub.com/kjur/jsrsasign/releases/tag/8.0.22): ASN1HEX and X509 class minior bug fix [Compare Source](https://togithub.com/kjur/jsrsasign/compare/8.0.21...8.0.22) - Changes from 8.0.21 to 8.0.22 (2020-Aug-05) - src/asn1hex.js - dump method update for BitString encapsulated - src/x509.js - getKeyUsageBin bugfix for such keyCertSign and cRLSign only - fix to stop raising error when X509 constructor called and asn1x509 doesn't loaded - TODO: getKeyUsageBin still has bug when decipherOnly(8) bit exists - test - qunit-do-{asn1hex-dump,x509-{ext,key}}.html to follow above updates ### [`v8.0.21`](https://togithub.com/kjur/jsrsasign/releases/tag/8.0.21): Donation program started, more RSA-PSS support and add ASN1HEX.get{Idx,TLV,V}byListEx [Compare Source](https://togithub.com/kjur/jsrsasign/compare/8.0.20...8.0.21) - Changes from 8.0.20 to 8.0.21 (2020-Aug-01) - *donation program* have been started. Please consider donation to sustain this project https://github.com/kjur/jsrsasign#donations - RSA-PSS support in AlgorithmIdentifier, Signature, X509 and newCertPEM - new method to access ASN.1 decendant object ASN1HEX.get{Idx,TLV,V}byListEx added Its tutorial page will be provided by following URL near in future https://github.com/kjur/jsrsasign/wiki/Tutorial-for-accessing-deep-inside-of-ASN.1-structure-by-using-new-ASN1HEX.getIdxbyListEx - src/x509.js - update getSignatureAlgorithmField to support RSA-PSS(SHA{,256,384,512}withRSAandMGF1) algorithms - update verifySignature to support RSA-PSS(SHA{,256,384,512}withRSAandMGF1) algorithms - src/crypto.js - Signature class - SHAwithRSAandMGF1 supported (the same as SHA1withRSAandMGF1) - src/asn1hex.js - ASN1HEX.getIdxbyList - add get{Idx,TLV,V}byListEx for context specific tag - add ASN1HEX.isContextTag to check context specific tag - get{Idx,TLV,V} will be deprecated near in the future version Please consider to move get{Idx,TLV,V}byListEx. - src/{asn1csr,dsa,rsapem,ecdsa-modified}.js - replace to use get{Idx,TLV,V}byListEx - test/qunit-do-asn1x509.html - add Certificate class test for RSA-PSS - add TBSCertificate class test for RSA-PSS - add AlgorithmIdentifier class test for SHA{,256,384,512}withRSAandMGF1 - test/qunit-do-crypto-pss.html - add Signature class test for SHAwithRSAandMGF1. - test/qunit-do-asn1x509-newcrt.html - add newCertPEM test for RSA-PSS - test/qunit-do-x509.html - add getSignatureAlgorithmField test for SHA{,256,384,512}withRSAandMGF1 - sample_node/asn1extract2 - bug fix for -v(--vonly) option - test/qunit-do-asn1hex.html - add test for ASN1HEX.isContextTag ### [`v8.0.20`](https://togithub.com/kjur/jsrsasign/releases/tag/8.0.20): add CSR support for subjectAltName [Compare Source](https://togithub.com/kjur/jsrsasign/compare/8.0.19...8.0.20) - Changes From 8.0.19 to 8.0.20 - src/asn1csr.js - CSRUtil.getInfo - add ext parameter to show subjectAltName property - change not to raise error when subject name is empty in CSR - src/x509.js - X509.parseExt - add support for CSR extension request field - src/asn1hex.js - ASN1HEX.getIdxbyList - small update for exception - test/ - qunit-do-{asn1csr, x509}.html to add tests for above. ### [`v8.0.19`](https://togithub.com/kjur/jsrsasign/releases/tag/8.0.19): ECDSA signature validation maleability fix and others [Compare Source](https://togithub.com/kjur/jsrsasign/compare/8.0.18...8.0.19) **JSRSASIGN SECURITY ADVISORY** : [2020.06.22 CVE-2020-14966 ECDSA signature validation vulnerability by accepting wrong ASN.1 encoding](https://togithub.com/kjur/jsrsasign/security/advisories/GHSA-p8c3-7rj8-q963) - Changes from 8.0.18 to 8.0.19 - src/ecdsa-mod.js - ECDSA.verifyHex fixed for some types of maleability ([#​437](https://togithub.com/kjur/jsrsasign/issues/437)) - src/asn1hex.js - ASN1HEX.checkStrictDER added - src/asn1x509.js - It's founded that OpenSSL's DN representation like "/C=US/O=test"

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

This PR has been generated by Mend Renovate. View repository job log here.