10.5.17 release

Author: kjur

ChangeLog.txt

@@ -1,6 +1,18 @@
 
 ChangeLog for jsrsasign
 
+CIDR subnet mask support in iptohex and hextoip
+* Changes from 10.5.16 to 10.5.17 (2022-Apr-14)
+  - src/asn1x509.js
+    - add IP address support in NameConstraints class
+    - bugfix in NameConstraints ip address
+    - wrong ASN.1 encoder in NameConstraints class bug fix (wrong explicit tag)
+  - src/base64x.js
+    - add CIDR subnet mask support in iptohex and hextoip
+    - iptohex, hextoip refactoring
+  - test/qunit-do-{x509-ext,base64x,asn1x509-tbscert,asn1x509}.html
+    - add some test cases and fix for above
+
 Add NameConstraints extension and modify getEncodedHex to tohex
 * Changes from 10.5.15 to 10.5.16 (2022-Apr-08)
   - src/asn1x509.js

api/files.html

@@ -662,7 +662,7 @@ <h2><a href="symbols/src/asn1x509-1.0.js.html">asn1x509-1.0.js</a></h2>
 
 
 						<dt class="heading">Version:</dt>
-							<dd>jsrsasign 10.5.16 asn1x509 2.1.13 (2022-Apr-08)</dd>
+							<dd>jsrsasign 10.5.17 asn1x509 2.1.14 (2022-Apr-14)</dd>
 
 
 
@@ -681,7 +681,7 @@ <h2><a href="symbols/src/base64x-1.1.js.html">base64x-1.1.js</a></h2>
 
 
 						<dt class="heading">Version:</dt>
-							<dd>jsrsasign 10.5.12 base64x 1.1.25 (2022-Mar-13)</dd>
+							<dd>jsrsasign 10.5.17 base64x 1.1.26 (2022-Apr-14)</dd>
 
 
 

api/symbols/global__.html

@@ -2411,6 +2411,8 @@ <h1 class="classTitle">
 IPv6 address to IPv4 or IPv6 address string.
 If byte length is not 4 nor 16, this returns a
 hexadecimal string without conversion.
+<br/>
+NOTE: From jsrsasign 10.5.17, CIDR subnet mask notation also supported.
 
 							<br />
 							<i>Defined in: </i> <a href="../symbols/src/base64x-1.1.js.html">base64x-1.1.js</a>.
@@ -2420,10 +2422,11 @@ <h1 class="classTitle">
 
 
 
-					<pre class="code">hextoip("c0a80101") &rarr "192.168.1.1"
+					<pre class="code">hextoip("c0a80101") &rarr; "192.168.1.1"
 hextoip("871020010db8000000000000000000000004") &rarr "2001:db8::4"
-hextoip("c0a801010203") &rarr "c0a801010203" // 6 bytes
-hextoip("zzz")) &rarr raise exception because of not hexadecimal</pre>
+hextoip("c0a80100ffffff00") &rarr; "192.168.1.0/24"
+hextoip("c0a801010203") &rarr; "c0a801010203" // wrong 6 bytes
+hextoip("zzz")) &rarr; raise exception because of not hexadecimal</pre>
 
 
 
@@ -2461,7 +2464,9 @@ <h1 class="classTitle">
 							<dl class="detailList">
 							<dt class="heading">See:</dt>
 
-								<dd></dd>
+								<dd><a href="../symbols/global__.html#hextoipv6">hextoipv6</a></dd>
+							
+								<dd><a href="../symbols/global__.html#iptohex">iptohex</a></dd>
 
 							</dl>
 
@@ -3054,6 +3059,8 @@ <h1 class="classTitle">
 						convert IPv4/v6 addresss to a hexadecimal string<br/>
 This function converts IPv4 or IPv6 address string to
 a hexadecimal string of IPv4 or IPv6 address.
+<br/>
+NOTE: From jsrsasign 10.5.17, CIDR net mask notation also supported.
 
 							<br />
 							<i>Defined in: </i> <a href="../symbols/src/base64x-1.1.js.html">base64x-1.1.js</a>.
@@ -3063,9 +3070,11 @@ <h1 class="classTitle">
 
 
 
-					<pre class="code">iptohex("192.168.1.1") &rarr "c0a80101"
-iptohex("2001:db8::4") &rarr "871020010db8000000000000000000000004"
-iptohex("zzz")) &rarr raise exception</pre>
+					<pre class="code">iptohex("192.168.1.1") &rarr; "c0a80101"
+iptohex("2001:db8::4") &rarr; "871020010db8000000000000000000000004"
+iptohex("192.168.1.1/24") &rarr; "c0a80101ffffff00"
+iptohex("2001:db8::/120") &rarr; "871020010db8000000000000000000000000ffffffffffffffffffffffffffffffffff00"
+iptohex("zzz")) &rarr; raise exception</pre>
 
 
 
@@ -3100,6 +3109,15 @@ <h1 class="classTitle">
 
 
 
+							<dl class="detailList">
+							<dt class="heading">See:</dt>
+							
+								<dd><a href="../symbols/global__.html#hextoip">hextoip</a></dd>
+							
+								<dd><a href="../symbols/global__.html#ipv6tohex">ipv6tohex</a></dd>
+							
+							</dl>
+						
 
 					<hr />
 

api/symbols/src/asn1x509-1.0.js.html

@@ -1,6 +1,6 @@
 {
   "name": "kjur-jsrsasign",
-  "version": "10.5.16",
+  "version": "10.5.17",
   "main": "jsrsasign-all-min.js",
   "description": "The 'jsrsasign' (RSA-Sign JavaScript Library) is an opensource free cryptography library supporting RSA/RSAPSS/ECDSA/DSA signing/validation, ASN.1, PKCS#1/5/8 private/public key, X.509 certificate, CRL, OCSP, CMS SignedData, TimeStamp, CAdES, JWS and JWT in pure JavaScript.",
   "license": "MIT",

api/symbols/src/base64x-1.1.js.html

@@ -1,6 +1,6 @@
 {
   "name": "jsrsasign",
-  "version": "10.5.16",
+  "version": "10.5.17",
   "description": "opensource free pure JavaScript cryptographic library supports RSA/RSAPSS/ECDSA/DSA signing/validation, ASN.1, PKCS#1/5/8 private/public key, X.509 certificate, CRL, OCSP, CMS SignedData, TimeStamp and CAdES and JSON Web Signature(JWS)/Token(JWT)/Key(JWK).",
   "main": "lib/jsrsasign.js",
   "scripts": {

bower.json

@@ -1,4 +1,4 @@
-/* asn1x509-2.1.13.js (c) 2013-2022 Kenji Urushima | kjur.github.io/jsrsasign/license
+/* asn1x509-2.1.14.js (c) 2013-2022 Kenji Urushima | kjur.github.io/jsrsasign/license
  */
 /*
  * asn1x509.js - ASN.1 DER encoder classes for X.509 certificate
@@ -16,7 +16,7 @@
  * @fileOverview
  * @name asn1x509-1.0.js
  * @author Kenji Urushima [email protected]
- * @version jsrsasign 10.5.16 asn1x509 2.1.13 (2022-Apr-08)
+ * @version jsrsasign 10.5.17 asn1x509 2.1.14 (2022-Apr-14)
  * @since jsrsasign 2.1
  * @license <a href="https://kjur.github.io/jsrsasign/license/">MIT License</a>
  */
@@ -1373,7 +1373,7 @@ KJUR.asn1.x509.NameConstraints = function(params) {
 	    for (var i = 0; i < params.permit.length; i++) {
 		aPermit.push(new _GeneralSubtree(params.permit[i]));
 	    }
-	    aItem.push({tag: {tage: "a0", obj: {seq: aPermit}}});
+	    aItem.push({tag: {tagi: "a0", obj: {seq: aPermit}}});
 	}
 
 	if (params.exclude != undefined &&
@@ -1382,7 +1382,7 @@ KJUR.asn1.x509.NameConstraints = function(params) {
 	    for (var i = 0; i < params.exclude.length; i++) {
 		aExclude.push(new _GeneralSubtree(params.exclude[i]));
 	    }
-	    aItem.push({tag: {tage: "a1", obj: {seq: aExclude}}});
+	    aItem.push({tag: {tagi: "a1", obj: {seq: aExclude}}});
 	}
 
 	this.asn1ExtnValue = _newObject({seq: aItem});
@@ -4091,19 +4091,21 @@ KJUR.asn1.x509.GeneralName = function(params) {
 	    dObj = new _DERIA5String({str: params.uri});
 	} else if (params.ip !== undefined) {
 	    hTag = "87";
-	    var ip = params.ip;
 	    var hIP;
-	    var errmsg = "malformed IP address";
-	    if (ip.match(/^[0-9.]+[.][0-9.]+$/)) { // ipv4
-		hIP = intarystrtohex("[" + ip.split(".").join(",") + "]");
-		if (hIP.length !== 8)
-		    throw new _Error(errmsg);
-	    } else if (ip.match(/^[0-9A-Fa-f:]+:[0-9A-Fa-f:]+$/)) { // ipv6
-		hIP = ipv6tohex(ip);
-	    } else if (ip.match(/^([0-9A-Fa-f][0-9A-Fa-f]){1,}$/)) { // hex
-		hIP = ip;
-	    } else {
-		throw new _Error(errmsg);
+	    var ip = params.ip;
+	    try {
+		if (ip.match(/^[0-9a-f]+$/)) {
+		    var len = ip.length;
+		    if (len == 8 || len == 16 || len == 32 || len == 64) {
+			hIP = ip;
+		    } else {
+			throw "err";
+		    }
+		} else {
+		    hIP = iptohex(ip);
+		}
+	    } catch(ex) {
+		throw new _Error("malformed IP address: " + params.ip + ":" + ex.message);
 	    }
 	    dObj = new _DEROctetString({hex: hIP});
 	} else {

jsrsasign-all-min.js

@@ -1,4 +1,4 @@
-/* base64x-1.1.25 (c) 2012-2022 Kenji Urushima | kjur.github.io/jsrsasign/license
+/* base64x-1.1.26 (c) 2012-2022 Kenji Urushima | kjur.github.io/jsrsasign/license
  */
 /*
  * base64x.js - Base64url and supplementary functions for Tom Wu's base64.js library
@@ -16,7 +16,7 @@
  * @fileOverview
  * @name base64x-1.1.js
  * @author Kenji Urushima [email protected]
- * @version jsrsasign 10.5.12 base64x 1.1.25 (2022-Mar-13)
+ * @version jsrsasign 10.5.17 base64x 1.1.26 (2022-Apr-14)
  * @since jsrsasign 2.1
  * @license <a href="https://kjur.github.io/jsrsasign/license/">MIT License</a>
  */
@@ -946,77 +946,146 @@ function hextoipv6(s) {
  * @param {String} s hexadecimal string of IP address
  * @return {String} IP address string
  * @since jsrsasign 8.0.10 base64x 1.1.13
+ * @see hextoipv6
+ * @see iptohex
+ *
  * @description
  * This function converts a hexadecimal string of IPv4 or 
  * IPv6 address to IPv4 or IPv6 address string.
  * If byte length is not 4 nor 16, this returns a
  * hexadecimal string without conversion.
- * @see {@link hextoipv6}
+ * <br/>
+ * NOTE: From jsrsasign 10.5.17, CIDR subnet mask notation also supported.
+ *
  * @example
- * hextoip("c0a80101") &rarr "192.168.1.1"
+ * hextoip("c0a80101") &rarr; "192.168.1.1"
  * hextoip("871020010db8000000000000000000000004") &rarr "2001:db8::4"
- * hextoip("c0a801010203") &rarr "c0a801010203" // 6 bytes
- * hextoip("zzz")) &rarr raise exception because of not hexadecimal
+ * hextoip("c0a80100ffffff00") &rarr; "192.168.1.0/24"
+ * hextoip("c0a801010203") &rarr; "c0a801010203" // wrong 6 bytes
+ * hextoip("zzz")) &rarr; raise exception because of not hexadecimal
  */
 function hextoip(s) {
-  var malformedMsg = "malformed hex value";
-  if (! s.match(/^([0-9A-Fa-f][0-9A-Fa-f]){1,}$/))
-    throw malformedMsg;
-  if (s.length == 8) { // ipv4
-    var ip;
-    try {
-      ip = parseInt(s.substr(0, 2), 16) + "." +
-           parseInt(s.substr(2, 2), 16) + "." +
-           parseInt(s.substr(4, 2), 16) + "." +
-           parseInt(s.substr(6, 2), 16);
-      return ip;
-    } catch (ex) {
-      throw malformedMsg;
-    }
+    var malformedErr = new Error("malformed hex value");
+    if (! s.match(/^([0-9A-Fa-f][0-9A-Fa-f]){1,}$/))
+	throw malformedErr;
+    if (s.length == 8) { // ipv4
+	var ip;
+	try {
+	    ip = parseInt(s.substr(0, 2), 16) + "." +
+ 		 parseInt(s.substr(2, 2), 16) + "." +
+		 parseInt(s.substr(4, 2), 16) + "." +
+		 parseInt(s.substr(6, 2), 16);
+	    return ip;
+	} catch (ex) {
+	    throw malformedErr;
+	}
+  } else if (s.length == 16) {
+      try {
+	  return hextoip(s.substr(0, 8)) + "/" + ipprefixlen(s.substr(8));
+      } catch (ex) {
+	  throw malformedErr;
+      }
   } else if (s.length == 32) {
-    return hextoipv6(s);
+      return hextoipv6(s);
+  } else if (s.length == 64) {
+      try {
+	  return hextoipv6(s.substr(0, 32)) + "/" + ipprefixlen(s.substr(32));
+      } catch (ex) {
+	  throw malformedErr;
+      }
+      return 
   } else {
     return s;
   }
 }
 
+/*
+ * convert subnet mask hex to ip address prefix length<br/>
+ * @name ipprefixlen
+ * @param {string} hMask hexadecimal string of ipv4/6 subnet mask (ex. "ffffff00" for v4 class C)
+ * @return {nummber} ip address prefix length (ex. 24 for IPv4 class C)
+ */
+function ipprefixlen(hMask) {
+    var malformedErr = new Error("malformed mask");
+    var bMask;
+    try {
+	bMask = new BigInteger(hMask, 16).toString(2);
+    } catch(ex) {
+	throw malformedErr;
+    }
+    if (! bMask.match(/^1*0*$/)) throw malformedErr;
+    return bMask.replace(/0+$/, '').length;
+}
+
 /**
  * convert IPv4/v6 addresss to a hexadecimal string<br/>
  * @name iptohex
  * @function
  * @param {String} s IPv4/v6 address string
  * @return {String} hexadecimal string of IP address
  * @since jsrsasign 8.0.12 base64x 1.1.14
+ * @see hextoip
+ * @see ipv6tohex
+ *
  * @description
  * This function converts IPv4 or IPv6 address string to
  * a hexadecimal string of IPv4 or IPv6 address.
+ * <br/>
+ * NOTE: From jsrsasign 10.5.17, CIDR net mask notation also supported.
+ *
  * @example
- * iptohex("192.168.1.1") &rarr "c0a80101"
- * iptohex("2001:db8::4") &rarr "871020010db8000000000000000000000004"
- * iptohex("zzz")) &rarr raise exception
+ * iptohex("192.168.1.1") &rarr; "c0a80101"
+ * iptohex("2001:db8::4") &rarr; "871020010db8000000000000000000000004"
+ * iptohex("192.168.1.1/24") &rarr; "c0a80101ffffff00"
+ * iptohex("2001:db8::/120") &rarr; "871020010db8000000000000000000000000ffffffffffffffffffffffffffffffffff00"
+ * iptohex("zzz")) &rarr; raise exception
  */
 function iptohex(s) {
-  var malformedMsg = "malformed IP address";
-  s = s.toLowerCase(s);
-
-  if (s.match(/^[0-9.]+$/)) {
-    var a = s.split(".");
-    if (a.length !== 4) throw malformedMsg;
-    var hex = "";
-    try {
-      for (var i = 0; i < 4; i++) {
-        var d = parseInt(a[i]);
-        hex += ("0" + d.toString(16)).slice(-2);
-      }
-      return hex;
-    } catch(ex) {
-      throw malformedMsg;
+    var malformedErr = new Error("malformed IP address");
+    s = s.toLowerCase(s);
+
+    if (! s.match(/^[0-9a-f.:/]+$/) ) throw malformedErr;
+
+    if (s.match(/^[0-9.]+$/)) {
+	var a = s.split(".");
+	if (a.length !== 4) throw malformedErr;
+	var hex = "";
+	try {
+	    for (var i = 0; i < 4; i++) {
+		var d = parseInt(a[i]);
+		hex += ("0" + d.toString(16)).slice(-2);
+	    }
+	    return hex;
+	} catch(ex) {
+	    throw malformedErr;
+	}
+    } else if (s.match(/^[0-9.]+\/[0-9]+$/)) {
+	var aItem = s.split("/");
+	return iptohex(aItem[0]) + ipnetmask(parseInt(aItem[1]), 32);
+    } else if (s.match(/^[0-9a-f:]+$/) && s.indexOf(":") !== -1) {
+	return ipv6tohex(s);
+    } else if (s.match(/^[0-9a-f:]+\/[0-9]+$/) && s.indexOf(":") !== -1) {
+	var aItem = s.split("/");
+	return ipv6tohex(aItem[0]) + ipnetmask(parseInt(aItem[1]), 128);
+    } else {
+	throw malformedErr;
     }
-  } else if (s.match(/^[0-9a-f:]+$/) && s.indexOf(":") !== -1) {
-    return ipv6tohex(s);
-  } else {
-    throw malformedMsg;
-  }
+}
+
+/*
+ * convert ip prefix length to net mask octets<br/>
+ * @param {number} prefixlen ip prefix length value (ex. 24 for IPv4 class C)
+ * @param {number} len ip address length (ex. 32 for IPv4 and 128 for IPv6)
+ * @return {string} hexadecimal string of net mask octets
+ * @example
+ * ipnetmask(24, 32) &rarr; "ffffff00" 
+ * ipnetmask(120, 128) &rarr; "ffffffffffffffffffffffffffffff00"
+ */
+function ipnetmask(prefixlen, len) {
+    if (len == 32 && prefixlen == 0) return "00000000"; // v4
+    if (len == 128 && prefixlen == 0) return "00000000000000000000000000000000"; // v6
+    var b = Array(prefixlen + 1).join("1") + Array(len - prefixlen + 1).join("0");
+    return new BigInteger(b, 2).toString(16);
 }
 
 // ==== ucs2hex / utf8 ==============================