zoukankan      html  css  js  c++  java
  • RSA与AES实现数据加密传输

    RSA、AES简介

    RSA:非对称加密,需要提前生成两个密钥(一对的),通过其中一个密钥加密后的数据,只有另一个密钥能解密。通常这两个密钥中有一个会暴漏出来,即对外公开的,这个密钥称为“公钥”,反之另一个是隐藏起来的,不公开的密钥称为“私钥”。

    EAS:对称机密,数据的加密和解密都只使用同一个密钥。

    关于加密传输

      是为了保证数据传输过程中,数据即使被“中间人”截获,“中间人”也无法解析其中的数据,使“中间人”无法得知我们实际要传输的数据,以达到保护数据的目的。如果客户端本身存在安全问题,则无法保证数据的安全,如浏览器端JS变量存储了即将传输的用户密码,这个变量被其他非信任脚本或其他方式获取到了,会导致数据泄露,这种问题并不是加密传输所能处理的。加密传输能保障数据,有一个前提,那就是对于本地动态生成的变量,就认为是安全的,是认为第三方无法获取的

    RSA和AES配合实现加密传输

    客户端往服务端传输加密数据

    1. 客户端每次请求前,都随机生成不同的AES密钥,保存到变量aesKey中
    2. 使用aesKey对要传输的信息进加密,得到加密内容A
    3. 通过预置在客户端的RSA公钥rsaPublicKey对aesKey加密,得到加密内容B
    4. 将内容A和内容B传输到服务端
    5. 服务端接收到内容A和内容B
    6. 使用预置在服务器端的RSA私钥rsaPrivateKey对内容B进行解密,还原得到客户端的aesKey
    7. 使用刚刚得到的aesKey对内容A进行解密,得到实际要传输的内容

    服务端往客户端响应加密数据

    1. 以上第6步中,服务器得到了客户端的aesKey,用这个aesKey对要响应的内容进行加密,得到内容C,将内容C传输给客户端。
    2. 客户端接收到内容C,使用本地变量aesKey对内容C解密,得到实际的响应内容。

    总结

      以上过程中,客户端动态生成的本地变量aesKey,就认为是外部无法获取的,并且信任这个值,用来加密传输数据。如果这个值被外部获取到了,则服务器响应给客户端的加密数据的安全性就无法得到保障了。可能会有这样的疑问:前端调试打个断点不就获取到了吗?同样的道理,你打个断点也能获取到用户即将提交的登陆账号密码。所以还是那句话,相信本地动态生成的变量的安全性,否则加密传输的安全性无法得到保障。

    代码实现

    AES加密解密(JS和JAVA) 代码参考来源:https://www.cnblogs.com/libo0125ok/p/7668026.html

    JS

    首先JS库

    !function(t,n){"object"==typeof exports?module.exports=exports=n():"function"==typeof define&&define.amd?define([],n):t.CryptoJS=n()}(this,function(){var t=t||function(t,n){var i=Object.create||function(){function t(){}return function(n){var i;return t.prototype=n,i=new t,t.prototype=null,i}}(),e={},r=e.lib={},o=r.Base=function(){return{extend:function(t){var n=i(this);return t&&n.mixIn(t),n.hasOwnProperty("init")&&this.init!==n.init||(n.init=function(){n.$super.init.apply(this,arguments)}),n.init.prototype=n,n.$super=this,n},create:function(){var t=this.extend();return t.init.apply(t,arguments),t},init:function(){},mixIn:function(t){for(var n in t)t.hasOwnProperty(n)&&(this[n]=t[n]);t.hasOwnProperty("toString")&&(this.toString=t.toString)},clone:function(){return this.init.prototype.extend(this)}}}(),s=r.WordArray=o.extend({init:function(t,i){t=this.words=t||[],i!=n?this.sigBytes=i:this.sigBytes=4*t.length},toString:function(t){return(t||c).stringify(this)},concat:function(t){var n=this.words,i=t.words,e=this.sigBytes,r=t.sigBytes;if(this.clamp(),e%4)for(var o=0;o<r;o++){var s=i[o>>>2]>>>24-o%4*8&255;n[e+o>>>2]|=s<<24-(e+o)%4*8}else for(var o=0;o<r;o+=4)n[e+o>>>2]=i[o>>>2];return this.sigBytes+=r,this},clamp:function(){var n=this.words,i=this.sigBytes;n[i>>>2]&=4294967295<<32-i%4*8,n.length=t.ceil(i/4)},clone:function(){var t=o.clone.call(this);return t.words=this.words.slice(0),t},random:function(n){for(var i,e=[],r=function(n){var n=n,i=987654321,e=4294967295;return function(){i=36969*(65535&i)+(i>>16)&e,n=18e3*(65535&n)+(n>>16)&e;var r=(i<<16)+n&e;return r/=4294967296,r+=.5,r*(t.random()>.5?1:-1)}},o=0;o<n;o+=4){var a=r(4294967296*(i||t.random()));i=987654071*a(),e.push(4294967296*a()|0)}return new s.init(e,n)}}),a=e.enc={},c=a.Hex={stringify:function(t){for(var n=t.words,i=t.sigBytes,e=[],r=0;r<i;r++){var o=n[r>>>2]>>>24-r%4*8&255;e.push((o>>>4).toString(16)),e.push((15&o).toString(16))}return e.join("")},parse:function(t){for(var n=t.length,i=[],e=0;e<n;e+=2)i[e>>>3]|=parseInt(t.substr(e,2),16)<<24-e%8*4;return new s.init(i,n/2)}},u=a.Latin1={stringify:function(t){for(var n=t.words,i=t.sigBytes,e=[],r=0;r<i;r++){var o=n[r>>>2]>>>24-r%4*8&255;e.push(String.fromCharCode(o))}return e.join("")},parse:function(t){for(var n=t.length,i=[],e=0;e<n;e++)i[e>>>2]|=(255&t.charCodeAt(e))<<24-e%4*8;return new s.init(i,n)}},f=a.Utf8={stringify:function(t){try{return decodeURIComponent(escape(u.stringify(t)))}catch(t){throw new Error("Malformed UTF-8 data")}},parse:function(t){return u.parse(unescape(encodeURIComponent(t)))}},h=r.BufferedBlockAlgorithm=o.extend({reset:function(){this._data=new s.init,this._nDataBytes=0},_append:function(t){"string"==typeof t&&(t=f.parse(t)),this._data.concat(t),this._nDataBytes+=t.sigBytes},_process:function(n){var i=this._data,e=i.words,r=i.sigBytes,o=this.blockSize,a=4*o,c=r/a;c=n?t.ceil(c):t.max((0|c)-this._minBufferSize,0);var u=c*o,f=t.min(4*u,r);if(u){for(var h=0;h<u;h+=o)this._doProcessBlock(e,h);var p=e.splice(0,u);i.sigBytes-=f}return new s.init(p,f)},clone:function(){var t=o.clone.call(this);return t._data=this._data.clone(),t},_minBufferSize:0}),p=(r.Hasher=h.extend({cfg:o.extend(),init:function(t){this.cfg=this.cfg.extend(t),this.reset()},reset:function(){h.reset.call(this),this._doReset()},update:function(t){return this._append(t),this._process(),this},finalize:function(t){t&&this._append(t);var n=this._doFinalize();return n},blockSize:16,_createHelper:function(t){return function(n,i){return new t.init(i).finalize(n)}},_createHmacHelper:function(t){return function(n,i){return new p.HMAC.init(t,i).finalize(n)}}}),e.algo={});return e}(Math);return t});
    //# sourceMappingURL=core.min.js.map
    !function(e,t,i){"object"==typeof exports?module.exports=exports=t(require("./core.min"),require("./sha1.min"),require("./hmac.min")):"function"==typeof define&&define.amd?define(["./core.min","./sha1.min","./hmac.min"],t):t(e.CryptoJS)}(this,function(e){return function(){var t=e,i=t.lib,r=i.Base,n=i.WordArray,o=t.algo,a=o.MD5,c=o.EvpKDF=r.extend({cfg:r.extend({keySize:4,hasher:a,iterations:1}),init:function(e){this.cfg=this.cfg.extend(e)},compute:function(e,t){for(var i=this.cfg,r=i.hasher.create(),o=n.create(),a=o.words,c=i.keySize,f=i.iterations;a.length<c;){s&&r.update(s);var s=r.update(e).finalize(t);r.reset();for(var u=1;u<f;u++)s=r.finalize(s),r.reset();o.concat(s)}return o.sigBytes=4*c,o}});t.EvpKDF=function(e,t,i){return c.create(i).compute(e,t)}}(),e.EvpKDF});
    //# sourceMappingURL=evpkdf.min.js.map
    !function(r,e){"object"==typeof exports?module.exports=exports=e(require("./core.min")):"function"==typeof define&&define.amd?define(["./core.min"],e):e(r.CryptoJS)}(this,function(r){return function(){function e(r,e,t){for(var n=[],i=0,o=0;o<e;o++)if(o%4){var f=t[r.charCodeAt(o-1)]<<o%4*2,c=t[r.charCodeAt(o)]>>>6-o%4*2;n[i>>>2]|=(f|c)<<24-i%4*8,i++}return a.create(n,i)}var t=r,n=t.lib,a=n.WordArray,i=t.enc;i.Base64={stringify:function(r){var e=r.words,t=r.sigBytes,n=this._map;r.clamp();for(var a=[],i=0;i<t;i+=3)for(var o=e[i>>>2]>>>24-i%4*8&255,f=e[i+1>>>2]>>>24-(i+1)%4*8&255,c=e[i+2>>>2]>>>24-(i+2)%4*8&255,s=o<<16|f<<8|c,h=0;h<4&&i+.75*h<t;h++)a.push(n.charAt(s>>>6*(3-h)&63));var p=n.charAt(64);if(p)for(;a.length%4;)a.push(p);return a.join("")},parse:function(r){var t=r.length,n=this._map,a=this._reverseMap;if(!a){a=this._reverseMap=[];for(var i=0;i<n.length;i++)a[n.charCodeAt(i)]=i}var o=n.charAt(64);if(o){var f=r.indexOf(o);f!==-1&&(t=f)}return e(r,t,a)},_map:"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/="}}(),r.enc.Base64});
    //# sourceMappingURL=enc-base64.min.js.map
    !function(e,t,r){"object"==typeof exports?module.exports=exports=t(require("./core.min"),require("./evpkdf.min")):"function"==typeof define&&define.amd?define(["./core.min","./evpkdf.min"],t):t(e.CryptoJS)}(this,function(e){e.lib.Cipher||function(t){var r=e,i=r.lib,n=i.Base,c=i.WordArray,o=i.BufferedBlockAlgorithm,s=r.enc,a=(s.Utf8,s.Base64),f=r.algo,p=f.EvpKDF,d=i.Cipher=o.extend({cfg:n.extend(),createEncryptor:function(e,t){return this.create(this._ENC_XFORM_MODE,e,t)},createDecryptor:function(e,t){return this.create(this._DEC_XFORM_MODE,e,t)},init:function(e,t,r){this.cfg=this.cfg.extend(r),this._xformMode=e,this._key=t,this.reset()},reset:function(){o.reset.call(this),this._doReset()},process:function(e){return this._append(e),this._process()},finalize:function(e){e&&this._append(e);var t=this._doFinalize();return t},keySize:4,ivSize:4,_ENC_XFORM_MODE:1,_DEC_XFORM_MODE:2,_createHelper:function(){function e(e){return"string"==typeof e?B:x}return function(t){return{encrypt:function(r,i,n){return e(i).encrypt(t,r,i,n)},decrypt:function(r,i,n){return e(i).decrypt(t,r,i,n)}}}}()}),h=(i.StreamCipher=d.extend({_doFinalize:function(){var e=this._process(!0);return e},blockSize:1}),r.mode={}),u=i.BlockCipherMode=n.extend({createEncryptor:function(e,t){return this.Encryptor.create(e,t)},createDecryptor:function(e,t){return this.Decryptor.create(e,t)},init:function(e,t){this._cipher=e,this._iv=t}}),l=h.CBC=function(){function e(e,r,i){var n=this._iv;if(n){var c=n;this._iv=t}else var c=this._prevBlock;for(var o=0;o<i;o++)e[r+o]^=c[o]}var r=u.extend();return r.Encryptor=r.extend({processBlock:function(t,r){var i=this._cipher,n=i.blockSize;e.call(this,t,r,n),i.encryptBlock(t,r),this._prevBlock=t.slice(r,r+n)}}),r.Decryptor=r.extend({processBlock:function(t,r){var i=this._cipher,n=i.blockSize,c=t.slice(r,r+n);i.decryptBlock(t,r),e.call(this,t,r,n),this._prevBlock=c}}),r}(),_=r.pad={},v=_.Pkcs7={pad:function(e,t){for(var r=4*t,i=r-e.sigBytes%r,n=i<<24|i<<16|i<<8|i,o=[],s=0;s<i;s+=4)o.push(n);var a=c.create(o,i);e.concat(a)},unpad:function(e){var t=255&e.words[e.sigBytes-1>>>2];e.sigBytes-=t}},y=(i.BlockCipher=d.extend({cfg:d.cfg.extend({mode:l,padding:v}),reset:function(){d.reset.call(this);var e=this.cfg,t=e.iv,r=e.mode;if(this._xformMode==this._ENC_XFORM_MODE)var i=r.createEncryptor;else{var i=r.createDecryptor;this._minBufferSize=1}this._mode&&this._mode.__creator==i?this._mode.init(this,t&&t.words):(this._mode=i.call(r,this,t&&t.words),this._mode.__creator=i)},_doProcessBlock:function(e,t){this._mode.processBlock(e,t)},_doFinalize:function(){var e=this.cfg.padding;if(this._xformMode==this._ENC_XFORM_MODE){e.pad(this._data,this.blockSize);var t=this._process(!0)}else{var t=this._process(!0);e.unpad(t)}return t},blockSize:4}),i.CipherParams=n.extend({init:function(e){this.mixIn(e)},toString:function(e){return(e||this.formatter).stringify(this)}})),m=r.format={},k=m.OpenSSL={stringify:function(e){var t=e.ciphertext,r=e.salt;if(r)var i=c.create([1398893684,1701076831]).concat(r).concat(t);else var i=t;return i.toString(a)},parse:function(e){var t=a.parse(e),r=t.words;if(1398893684==r[0]&&1701076831==r[1]){var i=c.create(r.slice(2,4));r.splice(0,4),t.sigBytes-=16}return y.create({ciphertext:t,salt:i})}},x=i.SerializableCipher=n.extend({cfg:n.extend({format:k}),encrypt:function(e,t,r,i){i=this.cfg.extend(i);var n=e.createEncryptor(r,i),c=n.finalize(t),o=n.cfg;return y.create({ciphertext:c,key:r,iv:o.iv,algorithm:e,mode:o.mode,padding:o.padding,blockSize:e.blockSize,formatter:i.format})},decrypt:function(e,t,r,i){i=this.cfg.extend(i),t=this._parse(t,i.format);var n=e.createDecryptor(r,i).finalize(t.ciphertext);return n},_parse:function(e,t){return"string"==typeof e?t.parse(e,this):e}}),g=r.kdf={},S=g.OpenSSL={execute:function(e,t,r,i){i||(i=c.random(8));var n=p.create({keySize:t+r}).compute(e,i),o=c.create(n.words.slice(t),4*r);return n.sigBytes=4*t,y.create({key:n,iv:o,salt:i})}},B=i.PasswordBasedCipher=x.extend({cfg:x.cfg.extend({kdf:S}),encrypt:function(e,t,r,i){i=this.cfg.extend(i);var n=i.kdf.execute(r,e.keySize,e.ivSize);i.iv=n.iv;var c=x.encrypt.call(this,e,t,n.key,i);return c.mixIn(n),c},decrypt:function(e,t,r,i){i=this.cfg.extend(i),t=this._parse(t,i.format);var n=i.kdf.execute(r,e.keySize,e.ivSize,t.salt);i.iv=n.iv;var c=x.decrypt.call(this,e,t,n.key,i);return c}})}()});
    //# sourceMappingURL=cipher-core.min.js.map
    !function(e,i){"object"==typeof exports?module.exports=exports=i(require("./core.min")):"function"==typeof define&&define.amd?define(["./core.min"],i):i(e.CryptoJS)}(this,function(e){!function(){var i=e,t=i.lib,n=t.Base,s=i.enc,r=s.Utf8,o=i.algo;o.HMAC=n.extend({init:function(e,i){e=this._hasher=new e.init,"string"==typeof i&&(i=r.parse(i));var t=e.blockSize,n=4*t;i.sigBytes>n&&(i=e.finalize(i)),i.clamp();for(var s=this._oKey=i.clone(),o=this._iKey=i.clone(),a=s.words,f=o.words,c=0;c<t;c++)a[c]^=1549556828,f[c]^=909522486;s.sigBytes=o.sigBytes=n,this.reset()},reset:function(){var e=this._hasher;e.reset(),e.update(this._iKey)},update:function(e){return this._hasher.update(e),this},finalize:function(e){var i=this._hasher,t=i.finalize(e);i.reset();var n=i.finalize(this._oKey.clone().concat(t));return n}})}()});
    //# sourceMappingURL=hmac.min.js.map
    !function(e,o,r){"object"==typeof exports?module.exports=exports=o(require("./core.min"),require("./cipher-core.min")):"function"==typeof define&&define.amd?define(["./core.min","./cipher-core.min"],o):o(e.CryptoJS)}(this,function(e){return e.mode.ECB=function(){var o=e.lib.BlockCipherMode.extend();return o.Encryptor=o.extend({processBlock:function(e,o){this._cipher.encryptBlock(e,o)}}),o.Decryptor=o.extend({processBlock:function(e,o){this._cipher.decryptBlock(e,o)}}),o}(),e.mode.ECB});
    //# sourceMappingURL=mode-ecb.min.js.map
    !function(e,r,i){"object"==typeof exports?module.exports=exports=r(require("./core.min"),require("./cipher-core.min")):"function"==typeof define&&define.amd?define(["./core.min","./cipher-core.min"],r):r(e.CryptoJS)}(this,function(e){return e.pad.Pkcs7});
    //# sourceMappingURL=pad-pkcs7.min.js.map
    !function(e,r,i){"object"==typeof exports?module.exports=exports=r(require("./core.min"),require("./enc-base64.min"),require("./md5.min"),require("./evpkdf.min"),require("./cipher-core.min")):"function"==typeof define&&define.amd?define(["./core.min","./enc-base64.min","./md5.min","./evpkdf.min","./cipher-core.min"],r):r(e.CryptoJS)}(this,function(e){return function(){var r=e,i=r.lib,n=i.BlockCipher,o=r.algo,t=[],c=[],s=[],f=[],a=[],d=[],u=[],v=[],h=[],y=[];!function(){for(var e=[],r=0;r<256;r++)r<128?e[r]=r<<1:e[r]=r<<1^283;for(var i=0,n=0,r=0;r<256;r++){var o=n^n<<1^n<<2^n<<3^n<<4;o=o>>>8^255&o^99,t[i]=o,c[o]=i;var p=e[i],l=e[p],_=e[l],k=257*e[o]^16843008*o;s[i]=k<<24|k>>>8,f[i]=k<<16|k>>>16,a[i]=k<<8|k>>>24,d[i]=k;var k=16843009*_^65537*l^257*p^16843008*i;u[o]=k<<24|k>>>8,v[o]=k<<16|k>>>16,h[o]=k<<8|k>>>24,y[o]=k,i?(i=p^e[e[e[_^p]]],n^=e[e[n]]):i=n=1}}();var p=[0,1,2,4,8,16,32,64,128,27,54],l=o.AES=n.extend({_doReset:function(){if(!this._nRounds||this._keyPriorReset!==this._key){for(var e=this._keyPriorReset=this._key,r=e.words,i=e.sigBytes/4,n=this._nRounds=i+6,o=4*(n+1),c=this._keySchedule=[],s=0;s<o;s++)if(s<i)c[s]=r[s];else{var f=c[s-1];s%i?i>6&&s%i==4&&(f=t[f>>>24]<<24|t[f>>>16&255]<<16|t[f>>>8&255]<<8|t[255&f]):(f=f<<8|f>>>24,f=t[f>>>24]<<24|t[f>>>16&255]<<16|t[f>>>8&255]<<8|t[255&f],f^=p[s/i|0]<<24),c[s]=c[s-i]^f}for(var a=this._invKeySchedule=[],d=0;d<o;d++){var s=o-d;if(d%4)var f=c[s];else var f=c[s-4];d<4||s<=4?a[d]=f:a[d]=u[t[f>>>24]]^v[t[f>>>16&255]]^h[t[f>>>8&255]]^y[t[255&f]]}}},encryptBlock:function(e,r){this._doCryptBlock(e,r,this._keySchedule,s,f,a,d,t)},decryptBlock:function(e,r){var i=e[r+1];e[r+1]=e[r+3],e[r+3]=i,this._doCryptBlock(e,r,this._invKeySchedule,u,v,h,y,c);var i=e[r+1];e[r+1]=e[r+3],e[r+3]=i},_doCryptBlock:function(e,r,i,n,o,t,c,s){for(var f=this._nRounds,a=e[r]^i[0],d=e[r+1]^i[1],u=e[r+2]^i[2],v=e[r+3]^i[3],h=4,y=1;y<f;y++){var p=n[a>>>24]^o[d>>>16&255]^t[u>>>8&255]^c[255&v]^i[h++],l=n[d>>>24]^o[u>>>16&255]^t[v>>>8&255]^c[255&a]^i[h++],_=n[u>>>24]^o[v>>>16&255]^t[a>>>8&255]^c[255&d]^i[h++],k=n[v>>>24]^o[a>>>16&255]^t[d>>>8&255]^c[255&u]^i[h++];a=p,d=l,u=_,v=k}var p=(s[a>>>24]<<24|s[d>>>16&255]<<16|s[u>>>8&255]<<8|s[255&v])^i[h++],l=(s[d>>>24]<<24|s[u>>>16&255]<<16|s[v>>>8&255]<<8|s[255&a])^i[h++],_=(s[u>>>24]<<24|s[v>>>16&255]<<16|s[a>>>8&255]<<8|s[255&d])^i[h++],k=(s[v>>>24]<<24|s[a>>>16&255]<<16|s[d>>>8&255]<<8|s[255&u])^i[h++];e[r]=p,e[r+1]=l,e[r+2]=_,e[r+3]=k},keySize:8});r.AES=n._createHelper(l)}(),e.AES});
    //# sourceMappingURL=aes.min.js.map
    !function(e,n){"object"==typeof exports?module.exports=exports=n(require("./core.min")):"function"==typeof define&&define.amd?define(["./core.min"],n):n(e.CryptoJS)}(this,function(e){return e.enc.Utf8});
    //# sourceMappingURL=enc-utf8.min.js.map

    JS加密解密函数(密钥需替换)

        function encrypt(word){
            var key = CryptoJS.enc.Utf8.parse("abcdefgabcdefg12");
            var srcs = CryptoJS.enc.Utf8.parse(word);
            var encrypted = CryptoJS.AES.encrypt(srcs, key, {mode:CryptoJS.mode.ECB,padding: CryptoJS.pad.Pkcs7});
            return encrypted.toString();
        }
        
        function decrypt(word){
            var key = CryptoJS.enc.Utf8.parse("abcdefgabcdefg12");
            var decrypt = CryptoJS.AES.decrypt(word, key, {mode:CryptoJS.mode.ECB,padding: CryptoJS.pad.Pkcs7});
            return CryptoJS.enc.Utf8.stringify(decrypt).toString();
        }

    Java

    Java依赖

    <dependency>
        <groupId>commons-codec</groupId>
        <artifactId>commons-codec</artifactId>
        <version>1.10</version>
    </dependency>
    <dependency>
        <groupId>org.apache.commons</groupId>
        <artifactId>commons-lang3</artifactId>
        <version>3.4</version>
    </dependency>

    加密解密类

    package com.lin.utils;
    
    import java.math.BigInteger;
    
    import javax.crypto.Cipher;
    import javax.crypto.KeyGenerator;
    import javax.crypto.spec.SecretKeySpec;
    
    import org.apache.commons.codec.binary.Base64;
    import org.apache.commons.lang3.StringUtils;
    
    import sun.misc.BASE64Decoder;
    
    /**
     * AES的加密和解密
     * @author libo
     */
    public class Aes {
        //密钥 (需要前端和后端保持一致)
        private static final String KEY = "abcdefgabcdefg12";  
        //算法
        private static final String ALGORITHMSTR = "AES/ECB/PKCS5Padding";
        
        /** 
         * aes解密 
         * @param encrypt   内容 
         * @return 
         * @throws Exception 
         */  
        public static String aesDecrypt(String encrypt) {  
            try {
                return aesDecrypt(encrypt, KEY);
            } catch (Exception e) {
                e.printStackTrace();
                return "";
            }  
        }  
          
        /** 
         * aes加密 
         * @param content 
         * @return 
         * @throws Exception 
         */  
        public static String aesEncrypt(String content) {  
            try {
                return aesEncrypt(content, KEY);
            } catch (Exception e) {
                e.printStackTrace();
                return "";
            }  
        }  
      
        /** 
         * 将byte[]转为各种进制的字符串 
         * @param bytes byte[] 
         * @param radix 可以转换进制的范围,从Character.MIN_RADIX到Character.MAX_RADIX,超出范围后变为10进制 
         * @return 转换后的字符串 
         */  
        public static String binary(byte[] bytes, int radix){  
            return new BigInteger(1, bytes).toString(radix);// 这里的1代表正数  
        }  
      
        /** 
         * base 64 encode 
         * @param bytes 待编码的byte[] 
         * @return 编码后的base 64 code 
         */  
        public static String base64Encode(byte[] bytes){  
            return Base64.encodeBase64String(bytes);  
        }  
      
        /** 
         * base 64 decode 
         * @param base64Code 待解码的base 64 code 
         * @return 解码后的byte[] 
         * @throws Exception 
         */  
        public static byte[] base64Decode(String base64Code) throws Exception{  
            return StringUtils.isEmpty(base64Code) ? null : new BASE64Decoder().decodeBuffer(base64Code);  
        }  
      
          
        /** 
         * AES加密 
         * @param content 待加密的内容 
         * @param encryptKey 加密密钥 
         * @return 加密后的byte[] 
         * @throws Exception 
         */  
        public static byte[] aesEncryptToBytes(String content, String encryptKey) throws Exception {  
            KeyGenerator kgen = KeyGenerator.getInstance("AES");  
            kgen.init(128);  
            Cipher cipher = Cipher.getInstance(ALGORITHMSTR);  
            cipher.init(Cipher.ENCRYPT_MODE, new SecretKeySpec(encryptKey.getBytes(), "AES"));  
      
            return cipher.doFinal(content.getBytes("utf-8"));  
        }  
      
      
        /** 
         * AES加密为base 64 code 
         * @param content 待加密的内容 
         * @param encryptKey 加密密钥 
         * @return 加密后的base 64 code 
         * @throws Exception 
         */  
        public static String aesEncrypt(String content, String encryptKey) throws Exception {  
            return base64Encode(aesEncryptToBytes(content, encryptKey));  
        }  
      
        /** 
         * AES解密 
         * @param encryptBytes 待解密的byte[] 
         * @param decryptKey 解密密钥 
         * @return 解密后的String 
         * @throws Exception 
         */  
        public static String aesDecryptByBytes(byte[] encryptBytes, String decryptKey) throws Exception {  
            KeyGenerator kgen = KeyGenerator.getInstance("AES");  
            kgen.init(128);  
      
            Cipher cipher = Cipher.getInstance(ALGORITHMSTR);  
            cipher.init(Cipher.DECRYPT_MODE, new SecretKeySpec(decryptKey.getBytes(), "AES"));  
            byte[] decryptBytes = cipher.doFinal(encryptBytes);  
            return new String(decryptBytes);  
        }  
      
      
        /** 
         * 将base 64 code AES解密 
         * @param encryptStr 待解密的base 64 code 
         * @param decryptKey 解密密钥 
         * @return 解密后的string 
         * @throws Exception 
         */  
        public static String aesDecrypt(String encryptStr, String decryptKey) throws Exception {  
            return StringUtils.isEmpty(encryptStr) ? null : aesDecryptByBytes(base64Decode(encryptStr), decryptKey);  
        }  
        
        /**
         * 测试
         */
        public static void main(String[] args) throws Exception {  
            String content = "123";  
            System.out.println("加密前:" + content);  
            System.out.println("加密密钥和解密密钥:" + KEY);  
            String encrypt = aesEncrypt(content, KEY);  
            System.out.println("加密后:" + encrypt);  
            String decrypt = aesDecrypt(encrypt, KEY);  
            System.out.println("解密后:" + decrypt);  
        } 
    }

    RSA(JS加密,Java解密)

    Java依赖

    <dependency>
        <groupId>commons-codec</groupId>
        <artifactId>commons-codec</artifactId>
        <version>1.10</version>
    </dependency>
    <dependency>
        <groupId>org.bouncycastle</groupId>
        <artifactId>bcprov-jdk15on</artifactId>
        <version>1.52</version>
    </dependency>

    Java生成公钥和私钥

    /**
     * 每次生成的结果都不一致,所以系统整个生命周期中一般只需要生成一次即可,将生成结果保留下来.
     */
    public static void init() throws Exception {
        Security.addProvider(new BouncyCastleProvider());
        SecureRandom random = new SecureRandom();
        KeyPairGenerator generator = KeyPairGenerator.getInstance("RSA", "BC");
        generator.initialize(1024, random);
        KeyPair kp = generator.generateKeyPair();
        
        System.out.println("公钥:" + Base64.encodeBase64String(kp.getPublic().getEncoded()));
        System.out.println("私钥:" + Base64.encodeBase64String(kp.getPrivate().getEncoded()));
    }

    解密函数

    /**
     * 解密.
     * @param data 待解密字符串.
     * @param key 私钥.
     * @return 返回解密后的字符串.
     * @throws Exception
     */
    public static String decryptByPrivateKey(String data, String key) throws Exception{
        byte[] dataByte = Base64.decodeBase64(data);
        byte[] keyBytes = Base64.decodeBase64(key);
        
        // 取得私钥
        PKCS8EncodedKeySpec pkcs8KeySpec = new PKCS8EncodedKeySpec(keyBytes);
        KeyFactory keyFactory = KeyFactory.getInstance("RSA");
        Key privateKey = keyFactory.generatePrivate(pkcs8KeySpec);
        
        // 对数据解密
        Cipher cipher = Cipher.getInstance(keyFactory.getAlgorithm());
        cipher.init(Cipher.DECRYPT_MODE, privateKey);
        
        return new String(cipher.doFinal(dataByte), "UTF-8");
    }

    JS库(https://blog-static.cnblogs.com/files/woodk/jsencrypt.js

       1 var JSEncryptExports = {};
       2 (function(exports) {
       3 // Copyright (c) 2005  Tom Wu
       4 // All Rights Reserved.
       5 // See "LICENSE" for details.
       6 
       7 // Basic JavaScript BN library - subset useful for RSA encryption.
       8 
       9 // Bits per digit
      10     var dbits;
      11 
      12 // JavaScript engine analysis
      13     var canary = 0xdeadbeefcafe;
      14     var j_lm = ((canary&0xffffff)==0xefcafe);
      15 
      16 // (public) Constructor
      17     function BigInteger(a,b,c) {
      18         if(a != null)
      19             if("number" == typeof a) this.fromNumber(a,b,c);
      20             else if(b == null && "string" != typeof a) this.fromString(a,256);
      21             else this.fromString(a,b);
      22     }
      23 
      24 // return new, unset BigInteger
      25     function nbi() { return new BigInteger(null); }
      26 
      27 // am: Compute w_j += (x*this_i), propagate carries,
      28 // c is initial carry, returns final carry.
      29 // c < 3*dvalue, x < 2*dvalue, this_i < dvalue
      30 // We need to select the fastest one that works in this environment.
      31 
      32 // am1: use a single mult and divide to get the high bits,
      33 // max digit bits should be 26 because
      34 // max internal value = 2*dvalue^2-2*dvalue (< 2^53)
      35     function am1(i,x,w,j,c,n) {
      36         while(--n >= 0) {
      37             var v = x*this[i++]+w[j]+c;
      38             c = Math.floor(v/0x4000000);
      39             w[j++] = v&0x3ffffff;
      40         }
      41         return c;
      42     }
      43 // am2 avoids a big mult-and-extract completely.
      44 // Max digit bits should be <= 30 because we do bitwise ops
      45 // on values up to 2*hdvalue^2-hdvalue-1 (< 2^31)
      46     function am2(i,x,w,j,c,n) {
      47         var xl = x&0x7fff, xh = x>>15;
      48         while(--n >= 0) {
      49             var l = this[i]&0x7fff;
      50             var h = this[i++]>>15;
      51             var m = xh*l+h*xl;
      52             l = xl*l+((m&0x7fff)<<15)+w[j]+(c&0x3fffffff);
      53             c = (l>>>30)+(m>>>15)+xh*h+(c>>>30);
      54             w[j++] = l&0x3fffffff;
      55         }
      56         return c;
      57     }
      58 // Alternately, set max digit bits to 28 since some
      59 // browsers slow down when dealing with 32-bit numbers.
      60     function am3(i,x,w,j,c,n) {
      61         var xl = x&0x3fff, xh = x>>14;
      62         while(--n >= 0) {
      63             var l = this[i]&0x3fff;
      64             var h = this[i++]>>14;
      65             var m = xh*l+h*xl;
      66             l = xl*l+((m&0x3fff)<<14)+w[j]+c;
      67             c = (l>>28)+(m>>14)+xh*h;
      68             w[j++] = l&0xfffffff;
      69         }
      70         return c;
      71     }
      72     if(j_lm && (navigator.appName == "Microsoft Internet Explorer")) {
      73         BigInteger.prototype.am = am2;
      74         dbits = 30;
      75     }
      76     else if(j_lm && (navigator.appName != "Netscape")) {
      77         BigInteger.prototype.am = am1;
      78         dbits = 26;
      79     }
      80     else { // Mozilla/Netscape seems to prefer am3
      81         BigInteger.prototype.am = am3;
      82         dbits = 28;
      83     }
      84 
      85     BigInteger.prototype.DB = dbits;
      86     BigInteger.prototype.DM = ((1<<dbits)-1);
      87     BigInteger.prototype.DV = (1<<dbits);
      88 
      89     var BI_FP = 52;
      90     BigInteger.prototype.FV = Math.pow(2,BI_FP);
      91     BigInteger.prototype.F1 = BI_FP-dbits;
      92     BigInteger.prototype.F2 = 2*dbits-BI_FP;
      93 
      94 // Digit conversions
      95     var BI_RM = "0123456789abcdefghijklmnopqrstuvwxyz";
      96     var BI_RC = new Array();
      97     var rr,vv;
      98     rr = "0".charCodeAt(0);
      99     for(vv = 0; vv <= 9; ++vv) BI_RC[rr++] = vv;
     100     rr = "a".charCodeAt(0);
     101     for(vv = 10; vv < 36; ++vv) BI_RC[rr++] = vv;
     102     rr = "A".charCodeAt(0);
     103     for(vv = 10; vv < 36; ++vv) BI_RC[rr++] = vv;
     104 
     105     function int2char(n) { return BI_RM.charAt(n); }
     106     function intAt(s,i) {
     107         var c = BI_RC[s.charCodeAt(i)];
     108         return (c==null)?-1:c;
     109     }
     110 
     111 // (protected) copy this to r
     112     function bnpCopyTo(r) {
     113         for(var i = this.t-1; i >= 0; --i) r[i] = this[i];
     114         r.t = this.t;
     115         r.s = this.s;
     116     }
     117 
     118 // (protected) set from integer value x, -DV <= x < DV
     119     function bnpFromInt(x) {
     120         this.t = 1;
     121         this.s = (x<0)?-1:0;
     122         if(x > 0) this[0] = x;
     123         else if(x < -1) this[0] = x+this.DV;
     124         else this.t = 0;
     125     }
     126 
     127 // return bigint initialized to value
     128     function nbv(i) { var r = nbi(); r.fromInt(i); return r; }
     129 
     130 // (protected) set from string and radix
     131     function bnpFromString(s,b) {
     132         var k;
     133         if(b == 16) k = 4;
     134         else if(b == 8) k = 3;
     135         else if(b == 256) k = 8; // byte array
     136         else if(b == 2) k = 1;
     137         else if(b == 32) k = 5;
     138         else if(b == 4) k = 2;
     139         else { this.fromRadix(s,b); return; }
     140         this.t = 0;
     141         this.s = 0;
     142         var i = s.length, mi = false, sh = 0;
     143         while(--i >= 0) {
     144             var x = (k==8)?s[i]&0xff:intAt(s,i);
     145             if(x < 0) {
     146                 if(s.charAt(i) == "-") mi = true;
     147                 continue;
     148             }
     149             mi = false;
     150             if(sh == 0)
     151                 this[this.t++] = x;
     152             else if(sh+k > this.DB) {
     153                 this[this.t-1] |= (x&((1<<(this.DB-sh))-1))<<sh;
     154                 this[this.t++] = (x>>(this.DB-sh));
     155             }
     156             else
     157                 this[this.t-1] |= x<<sh;
     158             sh += k;
     159             if(sh >= this.DB) sh -= this.DB;
     160         }
     161         if(k == 8 && (s[0]&0x80) != 0) {
     162             this.s = -1;
     163             if(sh > 0) this[this.t-1] |= ((1<<(this.DB-sh))-1)<<sh;
     164         }
     165         this.clamp();
     166         if(mi) BigInteger.ZERO.subTo(this,this);
     167     }
     168 
     169 // (protected) clamp off excess high words
     170     function bnpClamp() {
     171         var c = this.s&this.DM;
     172         while(this.t > 0 && this[this.t-1] == c) --this.t;
     173     }
     174 
     175 // (public) return string representation in given radix
     176     function bnToString(b) {
     177         if(this.s < 0) return "-"+this.negate().toString(b);
     178         var k;
     179         if(b == 16) k = 4;
     180         else if(b == 8) k = 3;
     181         else if(b == 2) k = 1;
     182         else if(b == 32) k = 5;
     183         else if(b == 4) k = 2;
     184         else return this.toRadix(b);
     185         var km = (1<<k)-1, d, m = false, r = "", i = this.t;
     186         var p = this.DB-(i*this.DB)%k;
     187         if(i-- > 0) {
     188             if(p < this.DB && (d = this[i]>>p) > 0) { m = true; r = int2char(d); }
     189             while(i >= 0) {
     190                 if(p < k) {
     191                     d = (this[i]&((1<<p)-1))<<(k-p);
     192                     d |= this[--i]>>(p+=this.DB-k);
     193                 }
     194                 else {
     195                     d = (this[i]>>(p-=k))&km;
     196                     if(p <= 0) { p += this.DB; --i; }
     197                 }
     198                 if(d > 0) m = true;
     199                 if(m) r += int2char(d);
     200             }
     201         }
     202         return m?r:"0";
     203     }
     204 
     205 // (public) -this
     206     function bnNegate() { var r = nbi(); BigInteger.ZERO.subTo(this,r); return r; }
     207 
     208 // (public) |this|
     209     function bnAbs() { return (this.s<0)?this.negate():this; }
     210 
     211 // (public) return + if this > a, - if this < a, 0 if equal
     212     function bnCompareTo(a) {
     213         var r = this.s-a.s;
     214         if(r != 0) return r;
     215         var i = this.t;
     216         r = i-a.t;
     217         if(r != 0) return (this.s<0)?-r:r;
     218         while(--i >= 0) if((r=this[i]-a[i]) != 0) return r;
     219         return 0;
     220     }
     221 
     222 // returns bit length of the integer x
     223     function nbits(x) {
     224         var r = 1, t;
     225         if((t=x>>>16) != 0) { x = t; r += 16; }
     226         if((t=x>>8) != 0) { x = t; r += 8; }
     227         if((t=x>>4) != 0) { x = t; r += 4; }
     228         if((t=x>>2) != 0) { x = t; r += 2; }
     229         if((t=x>>1) != 0) { x = t; r += 1; }
     230         return r;
     231     }
     232 
     233 // (public) return the number of bits in "this"
     234     function bnBitLength() {
     235         if(this.t <= 0) return 0;
     236         return this.DB*(this.t-1)+nbits(this[this.t-1]^(this.s&this.DM));
     237     }
     238 
     239 // (protected) r = this << n*DB
     240     function bnpDLShiftTo(n,r) {
     241         var i;
     242         for(i = this.t-1; i >= 0; --i) r[i+n] = this[i];
     243         for(i = n-1; i >= 0; --i) r[i] = 0;
     244         r.t = this.t+n;
     245         r.s = this.s;
     246     }
     247 
     248 // (protected) r = this >> n*DB
     249     function bnpDRShiftTo(n,r) {
     250         for(var i = n; i < this.t; ++i) r[i-n] = this[i];
     251         r.t = Math.max(this.t-n,0);
     252         r.s = this.s;
     253     }
     254 
     255 // (protected) r = this << n
     256     function bnpLShiftTo(n,r) {
     257         var bs = n%this.DB;
     258         var cbs = this.DB-bs;
     259         var bm = (1<<cbs)-1;
     260         var ds = Math.floor(n/this.DB), c = (this.s<<bs)&this.DM, i;
     261         for(i = this.t-1; i >= 0; --i) {
     262             r[i+ds+1] = (this[i]>>cbs)|c;
     263             c = (this[i]&bm)<<bs;
     264         }
     265         for(i = ds-1; i >= 0; --i) r[i] = 0;
     266         r[ds] = c;
     267         r.t = this.t+ds+1;
     268         r.s = this.s;
     269         r.clamp();
     270     }
     271 
     272 // (protected) r = this >> n
     273     function bnpRShiftTo(n,r) {
     274         r.s = this.s;
     275         var ds = Math.floor(n/this.DB);
     276         if(ds >= this.t) { r.t = 0; return; }
     277         var bs = n%this.DB;
     278         var cbs = this.DB-bs;
     279         var bm = (1<<bs)-1;
     280         r[0] = this[ds]>>bs;
     281         for(var i = ds+1; i < this.t; ++i) {
     282             r[i-ds-1] |= (this[i]&bm)<<cbs;
     283             r[i-ds] = this[i]>>bs;
     284         }
     285         if(bs > 0) r[this.t-ds-1] |= (this.s&bm)<<cbs;
     286         r.t = this.t-ds;
     287         r.clamp();
     288     }
     289 
     290 // (protected) r = this - a
     291     function bnpSubTo(a,r) {
     292         var i = 0, c = 0, m = Math.min(a.t,this.t);
     293         while(i < m) {
     294             c += this[i]-a[i];
     295             r[i++] = c&this.DM;
     296             c >>= this.DB;
     297         }
     298         if(a.t < this.t) {
     299             c -= a.s;
     300             while(i < this.t) {
     301                 c += this[i];
     302                 r[i++] = c&this.DM;
     303                 c >>= this.DB;
     304             }
     305             c += this.s;
     306         }
     307         else {
     308             c += this.s;
     309             while(i < a.t) {
     310                 c -= a[i];
     311                 r[i++] = c&this.DM;
     312                 c >>= this.DB;
     313             }
     314             c -= a.s;
     315         }
     316         r.s = (c<0)?-1:0;
     317         if(c < -1) r[i++] = this.DV+c;
     318         else if(c > 0) r[i++] = c;
     319         r.t = i;
     320         r.clamp();
     321     }
     322 
     323 // (protected) r = this * a, r != this,a (HAC 14.12)
     324 // "this" should be the larger one if appropriate.
     325     function bnpMultiplyTo(a,r) {
     326         var x = this.abs(), y = a.abs();
     327         var i = x.t;
     328         r.t = i+y.t;
     329         while(--i >= 0) r[i] = 0;
     330         for(i = 0; i < y.t; ++i) r[i+x.t] = x.am(0,y[i],r,i,0,x.t);
     331         r.s = 0;
     332         r.clamp();
     333         if(this.s != a.s) BigInteger.ZERO.subTo(r,r);
     334     }
     335 
     336 // (protected) r = this^2, r != this (HAC 14.16)
     337     function bnpSquareTo(r) {
     338         var x = this.abs();
     339         var i = r.t = 2*x.t;
     340         while(--i >= 0) r[i] = 0;
     341         for(i = 0; i < x.t-1; ++i) {
     342             var c = x.am(i,x[i],r,2*i,0,1);
     343             if((r[i+x.t]+=x.am(i+1,2*x[i],r,2*i+1,c,x.t-i-1)) >= x.DV) {
     344                 r[i+x.t] -= x.DV;
     345                 r[i+x.t+1] = 1;
     346             }
     347         }
     348         if(r.t > 0) r[r.t-1] += x.am(i,x[i],r,2*i,0,1);
     349         r.s = 0;
     350         r.clamp();
     351     }
     352 
     353 // (protected) divide this by m, quotient and remainder to q, r (HAC 14.20)
     354 // r != q, this != m.  q or r may be null.
     355     function bnpDivRemTo(m,q,r) {
     356         var pm = m.abs();
     357         if(pm.t <= 0) return;
     358         var pt = this.abs();
     359         if(pt.t < pm.t) {
     360             if(q != null) q.fromInt(0);
     361             if(r != null) this.copyTo(r);
     362             return;
     363         }
     364         if(r == null) r = nbi();
     365         var y = nbi(), ts = this.s, ms = m.s;
     366         var nsh = this.DB-nbits(pm[pm.t-1]);    // normalize modulus
     367         if(nsh > 0) { pm.lShiftTo(nsh,y); pt.lShiftTo(nsh,r); }
     368         else { pm.copyTo(y); pt.copyTo(r); }
     369         var ys = y.t;
     370         var y0 = y[ys-1];
     371         if(y0 == 0) return;
     372         var yt = y0*(1<<this.F1)+((ys>1)?y[ys-2]>>this.F2:0);
     373         var d1 = this.FV/yt, d2 = (1<<this.F1)/yt, e = 1<<this.F2;
     374         var i = r.t, j = i-ys, t = (q==null)?nbi():q;
     375         y.dlShiftTo(j,t);
     376         if(r.compareTo(t) >= 0) {
     377             r[r.t++] = 1;
     378             r.subTo(t,r);
     379         }
     380         BigInteger.ONE.dlShiftTo(ys,t);
     381         t.subTo(y,y);    // "negative" y so we can replace sub with am later
     382         while(y.t < ys) y[y.t++] = 0;
     383         while(--j >= 0) {
     384             // Estimate quotient digit
     385             var qd = (r[--i]==y0)?this.DM:Math.floor(r[i]*d1+(r[i-1]+e)*d2);
     386             if((r[i]+=y.am(0,qd,r,j,0,ys)) < qd) {    // Try it out
     387                 y.dlShiftTo(j,t);
     388                 r.subTo(t,r);
     389                 while(r[i] < --qd) r.subTo(t,r);
     390             }
     391         }
     392         if(q != null) {
     393             r.drShiftTo(ys,q);
     394             if(ts != ms) BigInteger.ZERO.subTo(q,q);
     395         }
     396         r.t = ys;
     397         r.clamp();
     398         if(nsh > 0) r.rShiftTo(nsh,r);    // Denormalize remainder
     399         if(ts < 0) BigInteger.ZERO.subTo(r,r);
     400     }
     401 
     402 // (public) this mod a
     403     function bnMod(a) {
     404         var r = nbi();
     405         this.abs().divRemTo(a,null,r);
     406         if(this.s < 0 && r.compareTo(BigInteger.ZERO) > 0) a.subTo(r,r);
     407         return r;
     408     }
     409 
     410 // Modular reduction using "classic" algorithm
     411     function Classic(m) { this.m = m; }
     412     function cConvert(x) {
     413         if(x.s < 0 || x.compareTo(this.m) >= 0) return x.mod(this.m);
     414         else return x;
     415     }
     416     function cRevert(x) { return x; }
     417     function cReduce(x) { x.divRemTo(this.m,null,x); }
     418     function cMulTo(x,y,r) { x.multiplyTo(y,r); this.reduce(r); }
     419     function cSqrTo(x,r) { x.squareTo(r); this.reduce(r); }
     420 
     421     Classic.prototype.convert = cConvert;
     422     Classic.prototype.revert = cRevert;
     423     Classic.prototype.reduce = cReduce;
     424     Classic.prototype.mulTo = cMulTo;
     425     Classic.prototype.sqrTo = cSqrTo;
     426 
     427 // (protected) return "-1/this % 2^DB"; useful for Mont. reduction
     428 // justification:
     429 //         xy == 1 (mod m)
     430 //         xy =  1+km
     431 //   xy(2-xy) = (1+km)(1-km)
     432 // x[y(2-xy)] = 1-k^2m^2
     433 // x[y(2-xy)] == 1 (mod m^2)
     434 // if y is 1/x mod m, then y(2-xy) is 1/x mod m^2
     435 // should reduce x and y(2-xy) by m^2 at each step to keep size bounded.
     436 // JS multiply "overflows" differently from C/C++, so care is needed here.
     437     function bnpInvDigit() {
     438         if(this.t < 1) return 0;
     439         var x = this[0];
     440         if((x&1) == 0) return 0;
     441         var y = x&3;        // y == 1/x mod 2^2
     442         y = (y*(2-(x&0xf)*y))&0xf;    // y == 1/x mod 2^4
     443         y = (y*(2-(x&0xff)*y))&0xff;    // y == 1/x mod 2^8
     444         y = (y*(2-(((x&0xffff)*y)&0xffff)))&0xffff;    // y == 1/x mod 2^16
     445         // last step - calculate inverse mod DV directly;
     446         // assumes 16 < DB <= 32 and assumes ability to handle 48-bit ints
     447         y = (y*(2-x*y%this.DV))%this.DV;        // y == 1/x mod 2^dbits
     448         // we really want the negative inverse, and -DV < y < DV
     449         return (y>0)?this.DV-y:-y;
     450     }
     451 
     452 // Montgomery reduction
     453     function Montgomery(m) {
     454         this.m = m;
     455         this.mp = m.invDigit();
     456         this.mpl = this.mp&0x7fff;
     457         this.mph = this.mp>>15;
     458         this.um = (1<<(m.DB-15))-1;
     459         this.mt2 = 2*m.t;
     460     }
     461 
     462 // xR mod m
     463     function montConvert(x) {
     464         var r = nbi();
     465         x.abs().dlShiftTo(this.m.t,r);
     466         r.divRemTo(this.m,null,r);
     467         if(x.s < 0 && r.compareTo(BigInteger.ZERO) > 0) this.m.subTo(r,r);
     468         return r;
     469     }
     470 
     471 // x/R mod m
     472     function montRevert(x) {
     473         var r = nbi();
     474         x.copyTo(r);
     475         this.reduce(r);
     476         return r;
     477     }
     478 
     479 // x = x/R mod m (HAC 14.32)
     480     function montReduce(x) {
     481         while(x.t <= this.mt2)    // pad x so am has enough room later
     482             x[x.t++] = 0;
     483         for(var i = 0; i < this.m.t; ++i) {
     484             // faster way of calculating u0 = x[i]*mp mod DV
     485             var j = x[i]&0x7fff;
     486             var u0 = (j*this.mpl+(((j*this.mph+(x[i]>>15)*this.mpl)&this.um)<<15))&x.DM;
     487             // use am to combine the multiply-shift-add into one call
     488             j = i+this.m.t;
     489             x[j] += this.m.am(0,u0,x,i,0,this.m.t);
     490             // propagate carry
     491             while(x[j] >= x.DV) { x[j] -= x.DV; x[++j]++; }
     492         }
     493         x.clamp();
     494         x.drShiftTo(this.m.t,x);
     495         if(x.compareTo(this.m) >= 0) x.subTo(this.m,x);
     496     }
     497 
     498 // r = "x^2/R mod m"; x != r
     499     function montSqrTo(x,r) { x.squareTo(r); this.reduce(r); }
     500 
     501 // r = "xy/R mod m"; x,y != r
     502     function montMulTo(x,y,r) { x.multiplyTo(y,r); this.reduce(r); }
     503 
     504     Montgomery.prototype.convert = montConvert;
     505     Montgomery.prototype.revert = montRevert;
     506     Montgomery.prototype.reduce = montReduce;
     507     Montgomery.prototype.mulTo = montMulTo;
     508     Montgomery.prototype.sqrTo = montSqrTo;
     509 
     510 // (protected) true iff this is even
     511     function bnpIsEven() { return ((this.t>0)?(this[0]&1):this.s) == 0; }
     512 
     513 // (protected) this^e, e < 2^32, doing sqr and mul with "r" (HAC 14.79)
     514     function bnpExp(e,z) {
     515         if(e > 0xffffffff || e < 1) return BigInteger.ONE;
     516         var r = nbi(), r2 = nbi(), g = z.convert(this), i = nbits(e)-1;
     517         g.copyTo(r);
     518         while(--i >= 0) {
     519             z.sqrTo(r,r2);
     520             if((e&(1<<i)) > 0) z.mulTo(r2,g,r);
     521             else { var t = r; r = r2; r2 = t; }
     522         }
     523         return z.revert(r);
     524     }
     525 
     526 // (public) this^e % m, 0 <= e < 2^32
     527     function bnModPowInt(e,m) {
     528         var z;
     529         if(e < 256 || m.isEven()) z = new Classic(m); else z = new Montgomery(m);
     530         return this.exp(e,z);
     531     }
     532 
     533 // protected
     534     BigInteger.prototype.copyTo = bnpCopyTo;
     535     BigInteger.prototype.fromInt = bnpFromInt;
     536     BigInteger.prototype.fromString = bnpFromString;
     537     BigInteger.prototype.clamp = bnpClamp;
     538     BigInteger.prototype.dlShiftTo = bnpDLShiftTo;
     539     BigInteger.prototype.drShiftTo = bnpDRShiftTo;
     540     BigInteger.prototype.lShiftTo = bnpLShiftTo;
     541     BigInteger.prototype.rShiftTo = bnpRShiftTo;
     542     BigInteger.prototype.subTo = bnpSubTo;
     543     BigInteger.prototype.multiplyTo = bnpMultiplyTo;
     544     BigInteger.prototype.squareTo = bnpSquareTo;
     545     BigInteger.prototype.divRemTo = bnpDivRemTo;
     546     BigInteger.prototype.invDigit = bnpInvDigit;
     547     BigInteger.prototype.isEven = bnpIsEven;
     548     BigInteger.prototype.exp = bnpExp;
     549 
     550 // public
     551     BigInteger.prototype.toString = bnToString;
     552     BigInteger.prototype.negate = bnNegate;
     553     BigInteger.prototype.abs = bnAbs;
     554     BigInteger.prototype.compareTo = bnCompareTo;
     555     BigInteger.prototype.bitLength = bnBitLength;
     556     BigInteger.prototype.mod = bnMod;
     557     BigInteger.prototype.modPowInt = bnModPowInt;
     558 
     559 // "constants"
     560     BigInteger.ZERO = nbv(0);
     561     BigInteger.ONE = nbv(1);
     562 // Copyright (c) 2005-2009  Tom Wu
     563 // All Rights Reserved.
     564 // See "LICENSE" for details.
     565 
     566 // Extended JavaScript BN functions, required for RSA private ops.
     567 
     568 // Version 1.1: new BigInteger("0", 10) returns "proper" zero
     569 // Version 1.2: square() API, isProbablePrime fix
     570 
     571 // (public)
     572     function bnClone() { var r = nbi(); this.copyTo(r); return r; }
     573 
     574 // (public) return value as integer
     575     function bnIntValue() {
     576         if(this.s < 0) {
     577             if(this.t == 1) return this[0]-this.DV;
     578             else if(this.t == 0) return -1;
     579         }
     580         else if(this.t == 1) return this[0];
     581         else if(this.t == 0) return 0;
     582         // assumes 16 < DB < 32
     583         return ((this[1]&((1<<(32-this.DB))-1))<<this.DB)|this[0];
     584     }
     585 
     586 // (public) return value as byte
     587     function bnByteValue() { return (this.t==0)?this.s:(this[0]<<24)>>24; }
     588 
     589 // (public) return value as short (assumes DB>=16)
     590     function bnShortValue() { return (this.t==0)?this.s:(this[0]<<16)>>16; }
     591 
     592 // (protected) return x s.t. r^x < DV
     593     function bnpChunkSize(r) { return Math.floor(Math.LN2*this.DB/Math.log(r)); }
     594 
     595 // (public) 0 if this == 0, 1 if this > 0
     596     function bnSigNum() {
     597         if(this.s < 0) return -1;
     598         else if(this.t <= 0 || (this.t == 1 && this[0] <= 0)) return 0;
     599         else return 1;
     600     }
     601 
     602 // (protected) convert to radix string
     603     function bnpToRadix(b) {
     604         if(b == null) b = 10;
     605         if(this.signum() == 0 || b < 2 || b > 36) return "0";
     606         var cs = this.chunkSize(b);
     607         var a = Math.pow(b,cs);
     608         var d = nbv(a), y = nbi(), z = nbi(), r = "";
     609         this.divRemTo(d,y,z);
     610         while(y.signum() > 0) {
     611             r = (a+z.intValue()).toString(b).substr(1) + r;
     612             y.divRemTo(d,y,z);
     613         }
     614         return z.intValue().toString(b) + r;
     615     }
     616 
     617 // (protected) convert from radix string
     618     function bnpFromRadix(s,b) {
     619         this.fromInt(0);
     620         if(b == null) b = 10;
     621         var cs = this.chunkSize(b);
     622         var d = Math.pow(b,cs), mi = false, j = 0, w = 0;
     623         for(var i = 0; i < s.length; ++i) {
     624             var x = intAt(s,i);
     625             if(x < 0) {
     626                 if(s.charAt(i) == "-" && this.signum() == 0) mi = true;
     627                 continue;
     628             }
     629             w = b*w+x;
     630             if(++j >= cs) {
     631                 this.dMultiply(d);
     632                 this.dAddOffset(w,0);
     633                 j = 0;
     634                 w = 0;
     635             }
     636         }
     637         if(j > 0) {
     638             this.dMultiply(Math.pow(b,j));
     639             this.dAddOffset(w,0);
     640         }
     641         if(mi) BigInteger.ZERO.subTo(this,this);
     642     }
     643 
     644 // (protected) alternate constructor
     645     function bnpFromNumber(a,b,c) {
     646         if("number" == typeof b) {
     647             // new BigInteger(int,int,RNG)
     648             if(a < 2) this.fromInt(1);
     649             else {
     650                 this.fromNumber(a,c);
     651                 if(!this.testBit(a-1))    // force MSB set
     652                     this.bitwiseTo(BigInteger.ONE.shiftLeft(a-1),op_or,this);
     653                 if(this.isEven()) this.dAddOffset(1,0); // force odd
     654                 while(!this.isProbablePrime(b)) {
     655                     this.dAddOffset(2,0);
     656                     if(this.bitLength() > a) this.subTo(BigInteger.ONE.shiftLeft(a-1),this);
     657                 }
     658             }
     659         }
     660         else {
     661             // new BigInteger(int,RNG)
     662             var x = new Array(), t = a&7;
     663             x.length = (a>>3)+1;
     664             b.nextBytes(x);
     665             if(t > 0) x[0] &= ((1<<t)-1); else x[0] = 0;
     666             this.fromString(x,256);
     667         }
     668     }
     669 
     670 // (public) convert to bigendian byte array
     671     function bnToByteArray() {
     672         var i = this.t, r = new Array();
     673         r[0] = this.s;
     674         var p = this.DB-(i*this.DB)%8, d, k = 0;
     675         if(i-- > 0) {
     676             if(p < this.DB && (d = this[i]>>p) != (this.s&this.DM)>>p)
     677                 r[k++] = d|(this.s<<(this.DB-p));
     678             while(i >= 0) {
     679                 if(p < 8) {
     680                     d = (this[i]&((1<<p)-1))<<(8-p);
     681                     d |= this[--i]>>(p+=this.DB-8);
     682                 }
     683                 else {
     684                     d = (this[i]>>(p-=8))&0xff;
     685                     if(p <= 0) { p += this.DB; --i; }
     686                 }
     687                 if((d&0x80) != 0) d |= -256;
     688                 if(k == 0 && (this.s&0x80) != (d&0x80)) ++k;
     689                 if(k > 0 || d != this.s) r[k++] = d;
     690             }
     691         }
     692         return r;
     693     }
     694 
     695     function bnEquals(a) { return(this.compareTo(a)==0); }
     696     function bnMin(a) { return(this.compareTo(a)<0)?this:a; }
     697     function bnMax(a) { return(this.compareTo(a)>0)?this:a; }
     698 
     699 // (protected) r = this op a (bitwise)
     700     function bnpBitwiseTo(a,op,r) {
     701         var i, f, m = Math.min(a.t,this.t);
     702         for(i = 0; i < m; ++i) r[i] = op(this[i],a[i]);
     703         if(a.t < this.t) {
     704             f = a.s&this.DM;
     705             for(i = m; i < this.t; ++i) r[i] = op(this[i],f);
     706             r.t = this.t;
     707         }
     708         else {
     709             f = this.s&this.DM;
     710             for(i = m; i < a.t; ++i) r[i] = op(f,a[i]);
     711             r.t = a.t;
     712         }
     713         r.s = op(this.s,a.s);
     714         r.clamp();
     715     }
     716 
     717 // (public) this & a
     718     function op_and(x,y) { return x&y; }
     719     function bnAnd(a) { var r = nbi(); this.bitwiseTo(a,op_and,r); return r; }
     720 
     721 // (public) this | a
     722     function op_or(x,y) { return x|y; }
     723     function bnOr(a) { var r = nbi(); this.bitwiseTo(a,op_or,r); return r; }
     724 
     725 // (public) this ^ a
     726     function op_xor(x,y) { return x^y; }
     727     function bnXor(a) { var r = nbi(); this.bitwiseTo(a,op_xor,r); return r; }
     728 
     729 // (public) this & ~a
     730     function op_andnot(x,y) { return x&~y; }
     731     function bnAndNot(a) { var r = nbi(); this.bitwiseTo(a,op_andnot,r); return r; }
     732 
     733 // (public) ~this
     734     function bnNot() {
     735         var r = nbi();
     736         for(var i = 0; i < this.t; ++i) r[i] = this.DM&~this[i];
     737         r.t = this.t;
     738         r.s = ~this.s;
     739         return r;
     740     }
     741 
     742 // (public) this << n
     743     function bnShiftLeft(n) {
     744         var r = nbi();
     745         if(n < 0) this.rShiftTo(-n,r); else this.lShiftTo(n,r);
     746         return r;
     747     }
     748 
     749 // (public) this >> n
     750     function bnShiftRight(n) {
     751         var r = nbi();
     752         if(n < 0) this.lShiftTo(-n,r); else this.rShiftTo(n,r);
     753         return r;
     754     }
     755 
     756 // return index of lowest 1-bit in x, x < 2^31
     757     function lbit(x) {
     758         if(x == 0) return -1;
     759         var r = 0;
     760         if((x&0xffff) == 0) { x >>= 16; r += 16; }
     761         if((x&0xff) == 0) { x >>= 8; r += 8; }
     762         if((x&0xf) == 0) { x >>= 4; r += 4; }
     763         if((x&3) == 0) { x >>= 2; r += 2; }
     764         if((x&1) == 0) ++r;
     765         return r;
     766     }
     767 
     768 // (public) returns index of lowest 1-bit (or -1 if none)
     769     function bnGetLowestSetBit() {
     770         for(var i = 0; i < this.t; ++i)
     771             if(this[i] != 0) return i*this.DB+lbit(this[i]);
     772         if(this.s < 0) return this.t*this.DB;
     773         return -1;
     774     }
     775 
     776 // return number of 1 bits in x
     777     function cbit(x) {
     778         var r = 0;
     779         while(x != 0) { x &= x-1; ++r; }
     780         return r;
     781     }
     782 
     783 // (public) return number of set bits
     784     function bnBitCount() {
     785         var r = 0, x = this.s&this.DM;
     786         for(var i = 0; i < this.t; ++i) r += cbit(this[i]^x);
     787         return r;
     788     }
     789 
     790 // (public) true iff nth bit is set
     791     function bnTestBit(n) {
     792         var j = Math.floor(n/this.DB);
     793         if(j >= this.t) return(this.s!=0);
     794         return((this[j]&(1<<(n%this.DB)))!=0);
     795     }
     796 
     797 // (protected) this op (1<<n)
     798     function bnpChangeBit(n,op) {
     799         var r = BigInteger.ONE.shiftLeft(n);
     800         this.bitwiseTo(r,op,r);
     801         return r;
     802     }
     803 
     804 // (public) this | (1<<n)
     805     function bnSetBit(n) { return this.changeBit(n,op_or); }
     806 
     807 // (public) this & ~(1<<n)
     808     function bnClearBit(n) { return this.changeBit(n,op_andnot); }
     809 
     810 // (public) this ^ (1<<n)
     811     function bnFlipBit(n) { return this.changeBit(n,op_xor); }
     812 
     813 // (protected) r = this + a
     814     function bnpAddTo(a,r) {
     815         var i = 0, c = 0, m = Math.min(a.t,this.t);
     816         while(i < m) {
     817             c += this[i]+a[i];
     818             r[i++] = c&this.DM;
     819             c >>= this.DB;
     820         }
     821         if(a.t < this.t) {
     822             c += a.s;
     823             while(i < this.t) {
     824                 c += this[i];
     825                 r[i++] = c&this.DM;
     826                 c >>= this.DB;
     827             }
     828             c += this.s;
     829         }
     830         else {
     831             c += this.s;
     832             while(i < a.t) {
     833                 c += a[i];
     834                 r[i++] = c&this.DM;
     835                 c >>= this.DB;
     836             }
     837             c += a.s;
     838         }
     839         r.s = (c<0)?-1:0;
     840         if(c > 0) r[i++] = c;
     841         else if(c < -1) r[i++] = this.DV+c;
     842         r.t = i;
     843         r.clamp();
     844     }
     845 
     846 // (public) this + a
     847     function bnAdd(a) { var r = nbi(); this.addTo(a,r); return r; }
     848 
     849 // (public) this - a
     850     function bnSubtract(a) { var r = nbi(); this.subTo(a,r); return r; }
     851 
     852 // (public) this * a
     853     function bnMultiply(a) { var r = nbi(); this.multiplyTo(a,r); return r; }
     854 
     855 // (public) this^2
     856     function bnSquare() { var r = nbi(); this.squareTo(r); return r; }
     857 
     858 // (public) this / a
     859     function bnDivide(a) { var r = nbi(); this.divRemTo(a,r,null); return r; }
     860 
     861 // (public) this % a
     862     function bnRemainder(a) { var r = nbi(); this.divRemTo(a,null,r); return r; }
     863 
     864 // (public) [this/a,this%a]
     865     function bnDivideAndRemainder(a) {
     866         var q = nbi(), r = nbi();
     867         this.divRemTo(a,q,r);
     868         return new Array(q,r);
     869     }
     870 
     871 // (protected) this *= n, this >= 0, 1 < n < DV
     872     function bnpDMultiply(n) {
     873         this[this.t] = this.am(0,n-1,this,0,0,this.t);
     874         ++this.t;
     875         this.clamp();
     876     }
     877 
     878 // (protected) this += n << w words, this >= 0
     879     function bnpDAddOffset(n,w) {
     880         if(n == 0) return;
     881         while(this.t <= w) this[this.t++] = 0;
     882         this[w] += n;
     883         while(this[w] >= this.DV) {
     884             this[w] -= this.DV;
     885             if(++w >= this.t) this[this.t++] = 0;
     886             ++this[w];
     887         }
     888     }
     889 
     890 // A "null" reducer
     891     function NullExp() {}
     892     function nNop(x) { return x; }
     893     function nMulTo(x,y,r) { x.multiplyTo(y,r); }
     894     function nSqrTo(x,r) { x.squareTo(r); }
     895 
     896     NullExp.prototype.convert = nNop;
     897     NullExp.prototype.revert = nNop;
     898     NullExp.prototype.mulTo = nMulTo;
     899     NullExp.prototype.sqrTo = nSqrTo;
     900 
     901 // (public) this^e
     902     function bnPow(e) { return this.exp(e,new NullExp()); }
     903 
     904 // (protected) r = lower n words of "this * a", a.t <= n
     905 // "this" should be the larger one if appropriate.
     906     function bnpMultiplyLowerTo(a,n,r) {
     907         var i = Math.min(this.t+a.t,n);
     908         r.s = 0; // assumes a,this >= 0
     909         r.t = i;
     910         while(i > 0) r[--i] = 0;
     911         var j;
     912         for(j = r.t-this.t; i < j; ++i) r[i+this.t] = this.am(0,a[i],r,i,0,this.t);
     913         for(j = Math.min(a.t,n); i < j; ++i) this.am(0,a[i],r,i,0,n-i);
     914         r.clamp();
     915     }
     916 
     917 // (protected) r = "this * a" without lower n words, n > 0
     918 // "this" should be the larger one if appropriate.
     919     function bnpMultiplyUpperTo(a,n,r) {
     920         --n;
     921         var i = r.t = this.t+a.t-n;
     922         r.s = 0; // assumes a,this >= 0
     923         while(--i >= 0) r[i] = 0;
     924         for(i = Math.max(n-this.t,0); i < a.t; ++i)
     925             r[this.t+i-n] = this.am(n-i,a[i],r,0,0,this.t+i-n);
     926         r.clamp();
     927         r.drShiftTo(1,r);
     928     }
     929 
     930 // Barrett modular reduction
     931     function Barrett(m) {
     932         // setup Barrett
     933         this.r2 = nbi();
     934         this.q3 = nbi();
     935         BigInteger.ONE.dlShiftTo(2*m.t,this.r2);
     936         this.mu = this.r2.divide(m);
     937         this.m = m;
     938     }
     939 
     940     function barrettConvert(x) {
     941         if(x.s < 0 || x.t > 2*this.m.t) return x.mod(this.m);
     942         else if(x.compareTo(this.m) < 0) return x;
     943         else { var r = nbi(); x.copyTo(r); this.reduce(r); return r; }
     944     }
     945 
     946     function barrettRevert(x) { return x; }
     947 
     948 // x = x mod m (HAC 14.42)
     949     function barrettReduce(x) {
     950         x.drShiftTo(this.m.t-1,this.r2);
     951         if(x.t > this.m.t+1) { x.t = this.m.t+1; x.clamp(); }
     952         this.mu.multiplyUpperTo(this.r2,this.m.t+1,this.q3);
     953         this.m.multiplyLowerTo(this.q3,this.m.t+1,this.r2);
     954         while(x.compareTo(this.r2) < 0) x.dAddOffset(1,this.m.t+1);
     955         x.subTo(this.r2,x);
     956         while(x.compareTo(this.m) >= 0) x.subTo(this.m,x);
     957     }
     958 
     959 // r = x^2 mod m; x != r
     960     function barrettSqrTo(x,r) { x.squareTo(r); this.reduce(r); }
     961 
     962 // r = x*y mod m; x,y != r
     963     function barrettMulTo(x,y,r) { x.multiplyTo(y,r); this.reduce(r); }
     964 
     965     Barrett.prototype.convert = barrettConvert;
     966     Barrett.prototype.revert = barrettRevert;
     967     Barrett.prototype.reduce = barrettReduce;
     968     Barrett.prototype.mulTo = barrettMulTo;
     969     Barrett.prototype.sqrTo = barrettSqrTo;
     970 
     971 // (public) this^e % m (HAC 14.85)
     972     function bnModPow(e,m) {
     973         var i = e.bitLength(), k, r = nbv(1), z;
     974         if(i <= 0) return r;
     975         else if(i < 18) k = 1;
     976         else if(i < 48) k = 3;
     977         else if(i < 144) k = 4;
     978         else if(i < 768) k = 5;
     979         else k = 6;
     980         if(i < 8)
     981             z = new Classic(m);
     982         else if(m.isEven())
     983             z = new Barrett(m);
     984         else
     985             z = new Montgomery(m);
     986 
     987         // precomputation
     988         var g = new Array(), n = 3, k1 = k-1, km = (1<<k)-1;
     989         g[1] = z.convert(this);
     990         if(k > 1) {
     991             var g2 = nbi();
     992             z.sqrTo(g[1],g2);
     993             while(n <= km) {
     994                 g[n] = nbi();
     995                 z.mulTo(g2,g[n-2],g[n]);
     996                 n += 2;
     997             }
     998         }
     999 
    1000         var j = e.t-1, w, is1 = true, r2 = nbi(), t;
    1001         i = nbits(e[j])-1;
    1002         while(j >= 0) {
    1003             if(i >= k1) w = (e[j]>>(i-k1))&km;
    1004             else {
    1005                 w = (e[j]&((1<<(i+1))-1))<<(k1-i);
    1006                 if(j > 0) w |= e[j-1]>>(this.DB+i-k1);
    1007             }
    1008 
    1009             n = k;
    1010             while((w&1) == 0) { w >>= 1; --n; }
    1011             if((i -= n) < 0) { i += this.DB; --j; }
    1012             if(is1) {    // ret == 1, don't bother squaring or multiplying it
    1013                 g[w].copyTo(r);
    1014                 is1 = false;
    1015             }
    1016             else {
    1017                 while(n > 1) { z.sqrTo(r,r2); z.sqrTo(r2,r); n -= 2; }
    1018                 if(n > 0) z.sqrTo(r,r2); else { t = r; r = r2; r2 = t; }
    1019                 z.mulTo(r2,g[w],r);
    1020             }
    1021 
    1022             while(j >= 0 && (e[j]&(1<<i)) == 0) {
    1023                 z.sqrTo(r,r2); t = r; r = r2; r2 = t;
    1024                 if(--i < 0) { i = this.DB-1; --j; }
    1025             }
    1026         }
    1027         return z.revert(r);
    1028     }
    1029 
    1030 // (public) gcd(this,a) (HAC 14.54)
    1031     function bnGCD(a) {
    1032         var x = (this.s<0)?this.negate():this.clone();
    1033         var y = (a.s<0)?a.negate():a.clone();
    1034         if(x.compareTo(y) < 0) { var t = x; x = y; y = t; }
    1035         var i = x.getLowestSetBit(), g = y.getLowestSetBit();
    1036         if(g < 0) return x;
    1037         if(i < g) g = i;
    1038         if(g > 0) {
    1039             x.rShiftTo(g,x);
    1040             y.rShiftTo(g,y);
    1041         }
    1042         while(x.signum() > 0) {
    1043             if((i = x.getLowestSetBit()) > 0) x.rShiftTo(i,x);
    1044             if((i = y.getLowestSetBit()) > 0) y.rShiftTo(i,y);
    1045             if(x.compareTo(y) >= 0) {
    1046                 x.subTo(y,x);
    1047                 x.rShiftTo(1,x);
    1048             }
    1049             else {
    1050                 y.subTo(x,y);
    1051                 y.rShiftTo(1,y);
    1052             }
    1053         }
    1054         if(g > 0) y.lShiftTo(g,y);
    1055         return y;
    1056     }
    1057 
    1058 // (protected) this % n, n < 2^26
    1059     function bnpModInt(n) {
    1060         if(n <= 0) return 0;
    1061         var d = this.DV%n, r = (this.s<0)?n-1:0;
    1062         if(this.t > 0)
    1063             if(d == 0) r = this[0]%n;
    1064             else for(var i = this.t-1; i >= 0; --i) r = (d*r+this[i])%n;
    1065         return r;
    1066     }
    1067 
    1068 // (public) 1/this % m (HAC 14.61)
    1069     function bnModInverse(m) {
    1070         var ac = m.isEven();
    1071         if((this.isEven() && ac) || m.signum() == 0) return BigInteger.ZERO;
    1072         var u = m.clone(), v = this.clone();
    1073         var a = nbv(1), b = nbv(0), c = nbv(0), d = nbv(1);
    1074         while(u.signum() != 0) {
    1075             while(u.isEven()) {
    1076                 u.rShiftTo(1,u);
    1077                 if(ac) {
    1078                     if(!a.isEven() || !b.isEven()) { a.addTo(this,a); b.subTo(m,b); }
    1079                     a.rShiftTo(1,a);
    1080                 }
    1081                 else if(!b.isEven()) b.subTo(m,b);
    1082                 b.rShiftTo(1,b);
    1083             }
    1084             while(v.isEven()) {
    1085                 v.rShiftTo(1,v);
    1086                 if(ac) {
    1087                     if(!c.isEven() || !d.isEven()) { c.addTo(this,c); d.subTo(m,d); }
    1088                     c.rShiftTo(1,c);
    1089                 }
    1090                 else if(!d.isEven()) d.subTo(m,d);
    1091                 d.rShiftTo(1,d);
    1092             }
    1093             if(u.compareTo(v) >= 0) {
    1094                 u.subTo(v,u);
    1095                 if(ac) a.subTo(c,a);
    1096                 b.subTo(d,b);
    1097             }
    1098             else {
    1099                 v.subTo(u,v);
    1100                 if(ac) c.subTo(a,c);
    1101                 d.subTo(b,d);
    1102             }
    1103         }
    1104         if(v.compareTo(BigInteger.ONE) != 0) return BigInteger.ZERO;
    1105         if(d.compareTo(m) >= 0) return d.subtract(m);
    1106         if(d.signum() < 0) d.addTo(m,d); else return d;
    1107         if(d.signum() < 0) return d.add(m); else return d;
    1108     }
    1109 
    1110     var lowprimes = [2,3,5,7,11,13,17,19,23,29,31,37,41,43,47,53,59,61,67,71,73,79,83,89,97,101,103,107,109,113,127,131,137,139,149,151,157,163,167,173,179,181,191,193,197,199,211,223,227,229,233,239,241,251,257,263,269,271,277,281,283,293,307,311,313,317,331,337,347,349,353,359,367,373,379,383,389,397,401,409,419,421,431,433,439,443,449,457,461,463,467,479,487,491,499,503,509,521,523,541,547,557,563,569,571,577,587,593,599,601,607,613,617,619,631,641,643,647,653,659,661,673,677,683,691,701,709,719,727,733,739,743,751,757,761,769,773,787,797,809,811,821,823,827,829,839,853,857,859,863,877,881,883,887,907,911,919,929,937,941,947,953,967,971,977,983,991,997];
    1111     var lplim = (1<<26)/lowprimes[lowprimes.length-1];
    1112 
    1113 // (public) test primality with certainty >= 1-.5^t
    1114     function bnIsProbablePrime(t) {
    1115         var i, x = this.abs();
    1116         if(x.t == 1 && x[0] <= lowprimes[lowprimes.length-1]) {
    1117             for(i = 0; i < lowprimes.length; ++i)
    1118                 if(x[0] == lowprimes[i]) return true;
    1119             return false;
    1120         }
    1121         if(x.isEven()) return false;
    1122         i = 1;
    1123         while(i < lowprimes.length) {
    1124             var m = lowprimes[i], j = i+1;
    1125             while(j < lowprimes.length && m < lplim) m *= lowprimes[j++];
    1126             m = x.modInt(m);
    1127             while(i < j) if(m%lowprimes[i++] == 0) return false;
    1128         }
    1129         return x.millerRabin(t);
    1130     }
    1131 
    1132 // (protected) true if probably prime (HAC 4.24, Miller-Rabin)
    1133     function bnpMillerRabin(t) {
    1134         var n1 = this.subtract(BigInteger.ONE);
    1135         var k = n1.getLowestSetBit();
    1136         if(k <= 0) return false;
    1137         var r = n1.shiftRight(k);
    1138         t = (t+1)>>1;
    1139         if(t > lowprimes.length) t = lowprimes.length;
    1140         var a = nbi();
    1141         for(var i = 0; i < t; ++i) {
    1142             //Pick bases at random, instead of starting at 2
    1143             a.fromInt(lowprimes[Math.floor(Math.random()*lowprimes.length)]);
    1144             var y = a.modPow(r,this);
    1145             if(y.compareTo(BigInteger.ONE) != 0 && y.compareTo(n1) != 0) {
    1146                 var j = 1;
    1147                 while(j++ < k && y.compareTo(n1) != 0) {
    1148                     y = y.modPowInt(2,this);
    1149                     if(y.compareTo(BigInteger.ONE) == 0) return false;
    1150                 }
    1151                 if(y.compareTo(n1) != 0) return false;
    1152             }
    1153         }
    1154         return true;
    1155     }
    1156 
    1157 // protected
    1158     BigInteger.prototype.chunkSize = bnpChunkSize;
    1159     BigInteger.prototype.toRadix = bnpToRadix;
    1160     BigInteger.prototype.fromRadix = bnpFromRadix;
    1161     BigInteger.prototype.fromNumber = bnpFromNumber;
    1162     BigInteger.prototype.bitwiseTo = bnpBitwiseTo;
    1163     BigInteger.prototype.changeBit = bnpChangeBit;
    1164     BigInteger.prototype.addTo = bnpAddTo;
    1165     BigInteger.prototype.dMultiply = bnpDMultiply;
    1166     BigInteger.prototype.dAddOffset = bnpDAddOffset;
    1167     BigInteger.prototype.multiplyLowerTo = bnpMultiplyLowerTo;
    1168     BigInteger.prototype.multiplyUpperTo = bnpMultiplyUpperTo;
    1169     BigInteger.prototype.modInt = bnpModInt;
    1170     BigInteger.prototype.millerRabin = bnpMillerRabin;
    1171 
    1172 // public
    1173     BigInteger.prototype.clone = bnClone;
    1174     BigInteger.prototype.intValue = bnIntValue;
    1175     BigInteger.prototype.byteValue = bnByteValue;
    1176     BigInteger.prototype.shortValue = bnShortValue;
    1177     BigInteger.prototype.signum = bnSigNum;
    1178     BigInteger.prototype.toByteArray = bnToByteArray;
    1179     BigInteger.prototype.equals = bnEquals;
    1180     BigInteger.prototype.min = bnMin;
    1181     BigInteger.prototype.max = bnMax;
    1182     BigInteger.prototype.and = bnAnd;
    1183     BigInteger.prototype.or = bnOr;
    1184     BigInteger.prototype.xor = bnXor;
    1185     BigInteger.prototype.andNot = bnAndNot;
    1186     BigInteger.prototype.not = bnNot;
    1187     BigInteger.prototype.shiftLeft = bnShiftLeft;
    1188     BigInteger.prototype.shiftRight = bnShiftRight;
    1189     BigInteger.prototype.getLowestSetBit = bnGetLowestSetBit;
    1190     BigInteger.prototype.bitCount = bnBitCount;
    1191     BigInteger.prototype.testBit = bnTestBit;
    1192     BigInteger.prototype.setBit = bnSetBit;
    1193     BigInteger.prototype.clearBit = bnClearBit;
    1194     BigInteger.prototype.flipBit = bnFlipBit;
    1195     BigInteger.prototype.add = bnAdd;
    1196     BigInteger.prototype.subtract = bnSubtract;
    1197     BigInteger.prototype.multiply = bnMultiply;
    1198     BigInteger.prototype.divide = bnDivide;
    1199     BigInteger.prototype.remainder = bnRemainder;
    1200     BigInteger.prototype.divideAndRemainder = bnDivideAndRemainder;
    1201     BigInteger.prototype.modPow = bnModPow;
    1202     BigInteger.prototype.modInverse = bnModInverse;
    1203     BigInteger.prototype.pow = bnPow;
    1204     BigInteger.prototype.gcd = bnGCD;
    1205     BigInteger.prototype.isProbablePrime = bnIsProbablePrime;
    1206 
    1207 // JSBN-specific extension
    1208     BigInteger.prototype.square = bnSquare;
    1209 
    1210 // BigInteger interfaces not implemented in jsbn:
    1211 
    1212 // BigInteger(int signum, byte[] magnitude)
    1213 // double doubleValue()
    1214 // float floatValue()
    1215 // int hashCode()
    1216 // long longValue()
    1217 // static BigInteger valueOf(long val)
    1218 // prng4.js - uses Arcfour as a PRNG
    1219 
    1220     function Arcfour() {
    1221         this.i = 0;
    1222         this.j = 0;
    1223         this.S = new Array();
    1224     }
    1225 
    1226 // Initialize arcfour context from key, an array of ints, each from [0..255]
    1227     function ARC4init(key) {
    1228         var i, j, t;
    1229         for(i = 0; i < 256; ++i)
    1230             this.S[i] = i;
    1231         j = 0;
    1232         for(i = 0; i < 256; ++i) {
    1233             j = (j + this.S[i] + key[i % key.length]) & 255;
    1234             t = this.S[i];
    1235             this.S[i] = this.S[j];
    1236             this.S[j] = t;
    1237         }
    1238         this.i = 0;
    1239         this.j = 0;
    1240     }
    1241 
    1242     function ARC4next() {
    1243         var t;
    1244         this.i = (this.i + 1) & 255;
    1245         this.j = (this.j + this.S[this.i]) & 255;
    1246         t = this.S[this.i];
    1247         this.S[this.i] = this.S[this.j];
    1248         this.S[this.j] = t;
    1249         return this.S[(t + this.S[this.i]) & 255];
    1250     }
    1251 
    1252     Arcfour.prototype.init = ARC4init;
    1253     Arcfour.prototype.next = ARC4next;
    1254 
    1255 // Plug in your RNG constructor here
    1256     function prng_newstate() {
    1257         return new Arcfour();
    1258     }
    1259 
    1260 // Pool size must be a multiple of 4 and greater than 32.
    1261 // An array of bytes the size of the pool will be passed to init()
    1262     var rng_psize = 256;
    1263 // Random number generator - requires a PRNG backend, e.g. prng4.js
    1264     var rng_state;
    1265     var rng_pool;
    1266     var rng_pptr;
    1267 
    1268 // Initialize the pool with junk if needed.
    1269     if(rng_pool == null) {
    1270         rng_pool = new Array();
    1271         rng_pptr = 0;
    1272         var t;
    1273         if(window.crypto && window.crypto.getRandomValues) {
    1274             // Extract entropy (2048 bits) from RNG if available
    1275             var z = new Uint32Array(256);
    1276             window.crypto.getRandomValues(z);
    1277             for (t = 0; t < z.length; ++t)
    1278                 rng_pool[rng_pptr++] = z[t] & 255;
    1279         }
    1280 
    1281         // Use mouse events for entropy, if we do not have enough entropy by the time
    1282         // we need it, entropy will be generated by Math.random.
    1283         var onMouseMoveListener = function(ev) {
    1284             this.count = this.count || 0;
    1285             if (this.count >= 256 || rng_pptr >= rng_psize) {
    1286                 if (window.removeEventListener)
    1287                     window.removeEventListener("mousemove", onMouseMoveListener);
    1288                 else if (window.detachEvent)
    1289                     window.detachEvent("onmousemove", onMouseMoveListener);
    1290                 return;
    1291             }
    1292             this.count += 1;
    1293             var mouseCoordinates = ev.x + ev.y;
    1294             rng_pool[rng_pptr++] = mouseCoordinates & 255;
    1295         };
    1296         if (window.addEventListener)
    1297             window.addEventListener("mousemove", onMouseMoveListener);
    1298         else if (window.attachEvent)
    1299             window.attachEvent("onmousemove", onMouseMoveListener);
    1300 
    1301     }
    1302 
    1303     function rng_get_byte() {
    1304         if(rng_state == null) {
    1305             rng_state = prng_newstate();
    1306             // At this point, we may not have collected enough entropy.  If not, fall back to Math.random
    1307             while (rng_pptr < rng_psize) {
    1308                 var random = Math.floor(65536 * Math.random());
    1309                 rng_pool[rng_pptr++] = random & 255;
    1310             }
    1311             rng_state.init(rng_pool);
    1312             for(rng_pptr = 0; rng_pptr < rng_pool.length; ++rng_pptr)
    1313                 rng_pool[rng_pptr] = 0;
    1314             rng_pptr = 0;
    1315         }
    1316         // TODO: allow reseeding after first request
    1317         return rng_state.next();
    1318     }
    1319 
    1320     function rng_get_bytes(ba) {
    1321         var i;
    1322         for(i = 0; i < ba.length; ++i) ba[i] = rng_get_byte();
    1323     }
    1324 
    1325     function SecureRandom() {}
    1326 
    1327     SecureRandom.prototype.nextBytes = rng_get_bytes;
    1328 // Depends on jsbn.js and rng.js
    1329 
    1330 // Version 1.1: support utf-8 encoding in pkcs1pad2
    1331 
    1332 // convert a (hex) string to a bignum object
    1333     function parseBigInt(str,r) {
    1334         return new BigInteger(str,r);
    1335     }
    1336 
    1337     function linebrk(s,n) {
    1338         var ret = "";
    1339         var i = 0;
    1340         while(i + n < s.length) {
    1341             ret += s.substring(i,i+n) + "
    ";
    1342             i += n;
    1343         }
    1344         return ret + s.substring(i,s.length);
    1345     }
    1346 
    1347     function byte2Hex(b) {
    1348         if(b < 0x10)
    1349             return "0" + b.toString(16);
    1350         else
    1351             return b.toString(16);
    1352     }
    1353 
    1354 // PKCS#1 (type 2, random) pad input string s to n bytes, and return a bigint
    1355     function pkcs1pad2(s,n) {
    1356         if(n < s.length + 11) { // TODO: fix for utf-8
    1357             console.error("Message too long for RSA");
    1358             return null;
    1359         }
    1360         var ba = new Array();
    1361         var i = s.length - 1;
    1362         while(i >= 0 && n > 0) {
    1363             var c = s.charCodeAt(i--);
    1364             if(c < 128) { // encode using utf-8
    1365                 ba[--n] = c;
    1366             }
    1367             else if((c > 127) && (c < 2048)) {
    1368                 ba[--n] = (c & 63) | 128;
    1369                 ba[--n] = (c >> 6) | 192;
    1370             }
    1371             else {
    1372                 ba[--n] = (c & 63) | 128;
    1373                 ba[--n] = ((c >> 6) & 63) | 128;
    1374                 ba[--n] = (c >> 12) | 224;
    1375             }
    1376         }
    1377         ba[--n] = 0;
    1378         var rng = new SecureRandom();
    1379         var x = new Array();
    1380         while(n > 2) { // random non-zero pad
    1381             x[0] = 0;
    1382             while(x[0] == 0) rng.nextBytes(x);
    1383             ba[--n] = x[0];
    1384         }
    1385         ba[--n] = 2;
    1386         ba[--n] = 0;
    1387         return new BigInteger(ba);
    1388     }
    1389 
    1390 // "empty" RSA key constructor
    1391     function RSAKey() {
    1392         this.n = null;
    1393         this.e = 0;
    1394         this.d = null;
    1395         this.p = null;
    1396         this.q = null;
    1397         this.dmp1 = null;
    1398         this.dmq1 = null;
    1399         this.coeff = null;
    1400     }
    1401 
    1402 // Set the public key fields N and e from hex strings
    1403     function RSASetPublic(N,E) {
    1404         if(N != null && E != null && N.length > 0 && E.length > 0) {
    1405             this.n = parseBigInt(N,16);
    1406             this.e = parseInt(E,16);
    1407         }
    1408         else
    1409             console.error("Invalid RSA public key");
    1410     }
    1411 
    1412 // Perform raw public operation on "x": return x^e (mod n)
    1413     function RSADoPublic(x) {
    1414         return x.modPowInt(this.e, this.n);
    1415     }
    1416 
    1417 // Return the PKCS#1 RSA encryption of "text" as an even-length hex string
    1418     function RSAEncrypt(text) {
    1419         var m = pkcs1pad2(text,(this.n.bitLength()+7)>>3);
    1420         if(m == null) return null;
    1421         var c = this.doPublic(m);
    1422         if(c == null) return null;
    1423         var h = c.toString(16);
    1424         if((h.length & 1) == 0) return h; else return "0" + h;
    1425     }
    1426 
    1427 // Return the PKCS#1 RSA encryption of "text" as a Base64-encoded string
    1428 //function RSAEncryptB64(text) {
    1429 //  var h = this.encrypt(text);
    1430 //  if(h) return hex2b64(h); else return null;
    1431 //}
    1432 
    1433 // protected
    1434     RSAKey.prototype.doPublic = RSADoPublic;
    1435 
    1436 // public
    1437     RSAKey.prototype.setPublic = RSASetPublic;
    1438     RSAKey.prototype.encrypt = RSAEncrypt;
    1439 //RSAKey.prototype.encrypt_b64 = RSAEncryptB64;
    1440 // Depends on rsa.js and jsbn2.js
    1441 
    1442 // Version 1.1: support utf-8 decoding in pkcs1unpad2
    1443 
    1444 // Undo PKCS#1 (type 2, random) padding and, if valid, return the plaintext
    1445     function pkcs1unpad2(d,n) {
    1446         var b = d.toByteArray();
    1447         var i = 0;
    1448         while(i < b.length && b[i] == 0) ++i;
    1449         if(b.length-i != n-1 || b[i] != 2)
    1450             return null;
    1451         ++i;
    1452         while(b[i] != 0)
    1453             if(++i >= b.length) return null;
    1454         var ret = "";
    1455         while(++i < b.length) {
    1456             var c = b[i] & 255;
    1457             if(c < 128) { // utf-8 decode
    1458                 ret += String.fromCharCode(c);
    1459             }
    1460             else if((c > 191) && (c < 224)) {
    1461                 ret += String.fromCharCode(((c & 31) << 6) | (b[i+1] & 63));
    1462                 ++i;
    1463             }
    1464             else {
    1465                 ret += String.fromCharCode(((c & 15) << 12) | ((b[i+1] & 63) << 6) | (b[i+2] & 63));
    1466                 i += 2;
    1467             }
    1468         }
    1469         return ret;
    1470     }
    1471 
    1472 // Set the private key fields N, e, and d from hex strings
    1473     function RSASetPrivate(N,E,D) {
    1474         if(N != null && E != null && N.length > 0 && E.length > 0) {
    1475             this.n = parseBigInt(N,16);
    1476             this.e = parseInt(E,16);
    1477             this.d = parseBigInt(D,16);
    1478         }
    1479         else
    1480             console.error("Invalid RSA private key");
    1481     }
    1482 
    1483 // Set the private key fields N, e, d and CRT params from hex strings
    1484     function RSASetPrivateEx(N,E,D,P,Q,DP,DQ,C) {
    1485         if(N != null && E != null && N.length > 0 && E.length > 0) {
    1486             this.n = parseBigInt(N,16);
    1487             this.e = parseInt(E,16);
    1488             this.d = parseBigInt(D,16);
    1489             this.p = parseBigInt(P,16);
    1490             this.q = parseBigInt(Q,16);
    1491             this.dmp1 = parseBigInt(DP,16);
    1492             this.dmq1 = parseBigInt(DQ,16);
    1493             this.coeff = parseBigInt(C,16);
    1494         }
    1495         else
    1496             console.error("Invalid RSA private key");
    1497     }
    1498 
    1499 // Generate a new random private key B bits long, using public expt E
    1500     function RSAGenerate(B,E) {
    1501         var rng = new SecureRandom();
    1502         var qs = B>>1;
    1503         this.e = parseInt(E,16);
    1504         var ee = new BigInteger(E,16);
    1505         for(;;) {
    1506             for(;;) {
    1507                 this.p = new BigInteger(B-qs,1,rng);
    1508                 if(this.p.subtract(BigInteger.ONE).gcd(ee).compareTo(BigInteger.ONE) == 0 && this.p.isProbablePrime(10)) break;
    1509             }
    1510             for(;;) {
    1511                 this.q = new BigInteger(qs,1,rng);
    1512                 if(this.q.subtract(BigInteger.ONE).gcd(ee).compareTo(BigInteger.ONE) == 0 && this.q.isProbablePrime(10)) break;
    1513             }
    1514             if(this.p.compareTo(this.q) <= 0) {
    1515                 var t = this.p;
    1516                 this.p = this.q;
    1517                 this.q = t;
    1518             }
    1519             var p1 = this.p.subtract(BigInteger.ONE);
    1520             var q1 = this.q.subtract(BigInteger.ONE);
    1521             var phi = p1.multiply(q1);
    1522             if(phi.gcd(ee).compareTo(BigInteger.ONE) == 0) {
    1523                 this.n = this.p.multiply(this.q);
    1524                 this.d = ee.modInverse(phi);
    1525                 this.dmp1 = this.d.mod(p1);
    1526                 this.dmq1 = this.d.mod(q1);
    1527                 this.coeff = this.q.modInverse(this.p);
    1528                 break;
    1529             }
    1530         }
    1531     }
    1532 
    1533 // Perform raw private operation on "x": return x^d (mod n)
    1534     function RSADoPrivate(x) {
    1535         if(this.p == null || this.q == null)
    1536             return x.modPow(this.d, this.n);
    1537 
    1538         // TODO: re-calculate any missing CRT params
    1539         var xp = x.mod(this.p).modPow(this.dmp1, this.p);
    1540         var xq = x.mod(this.q).modPow(this.dmq1, this.q);
    1541 
    1542         while(xp.compareTo(xq) < 0)
    1543             xp = xp.add(this.p);
    1544         return xp.subtract(xq).multiply(this.coeff).mod(this.p).multiply(this.q).add(xq);
    1545     }
    1546 
    1547 // Return the PKCS#1 RSA decryption of "ctext".
    1548 // "ctext" is an even-length hex string and the output is a plain string.
    1549     function RSADecrypt(ctext) {
    1550         var c = parseBigInt(ctext, 16);
    1551         var m = this.doPrivate(c);
    1552         if(m == null) return null;
    1553         return pkcs1unpad2(m, (this.n.bitLength()+7)>>3);
    1554     }
    1555 
    1556 // Return the PKCS#1 RSA decryption of "ctext".
    1557 // "ctext" is a Base64-encoded string and the output is a plain string.
    1558 //function RSAB64Decrypt(ctext) {
    1559 //  var h = b64tohex(ctext);
    1560 //  if(h) return this.decrypt(h); else return null;
    1561 //}
    1562 
    1563 // protected
    1564     RSAKey.prototype.doPrivate = RSADoPrivate;
    1565 
    1566 // public
    1567     RSAKey.prototype.setPrivate = RSASetPrivate;
    1568     RSAKey.prototype.setPrivateEx = RSASetPrivateEx;
    1569     RSAKey.prototype.generate = RSAGenerate;
    1570     RSAKey.prototype.decrypt = RSADecrypt;
    1571 //RSAKey.prototype.b64_decrypt = RSAB64Decrypt;
    1572 // Copyright (c) 2011  Kevin M Burns Jr.
    1573 // All Rights Reserved.
    1574 // See "LICENSE" for details.
    1575 //
    1576 // Extension to jsbn which adds facilities for asynchronous RSA key generation
    1577 // Primarily created to avoid execution timeout on mobile devices
    1578 //
    1579 // http://www-cs-students.stanford.edu/~tjw/jsbn/
    1580 //
    1581 // ---
    1582 
    1583     (function(){
    1584 
    1585 // Generate a new random private key B bits long, using public expt E
    1586         var RSAGenerateAsync = function (B, E, callback) {
    1587             //var rng = new SeededRandom();
    1588             var rng = new SecureRandom();
    1589             var qs = B >> 1;
    1590             this.e = parseInt(E, 16);
    1591             var ee = new BigInteger(E, 16);
    1592             var rsa = this;
    1593             // These functions have non-descript names because they were originally for(;;) loops.
    1594             // I don't know about cryptography to give them better names than loop1-4.
    1595             var loop1 = function() {
    1596                 var loop4 = function() {
    1597                     if (rsa.p.compareTo(rsa.q) <= 0) {
    1598                         var t = rsa.p;
    1599                         rsa.p = rsa.q;
    1600                         rsa.q = t;
    1601                     }
    1602                     var p1 = rsa.p.subtract(BigInteger.ONE);
    1603                     var q1 = rsa.q.subtract(BigInteger.ONE);
    1604                     var phi = p1.multiply(q1);
    1605                     if (phi.gcd(ee).compareTo(BigInteger.ONE) == 0) {
    1606                         rsa.n = rsa.p.multiply(rsa.q);
    1607                         rsa.d = ee.modInverse(phi);
    1608                         rsa.dmp1 = rsa.d.mod(p1);
    1609                         rsa.dmq1 = rsa.d.mod(q1);
    1610                         rsa.coeff = rsa.q.modInverse(rsa.p);
    1611                         setTimeout(function(){callback()},0); // escape
    1612                     } else {
    1613                         setTimeout(loop1,0);
    1614                     }
    1615                 };
    1616                 var loop3 = function() {
    1617                     rsa.q = nbi();
    1618                     rsa.q.fromNumberAsync(qs, 1, rng, function(){
    1619                         rsa.q.subtract(BigInteger.ONE).gcda(ee, function(r){
    1620                             if (r.compareTo(BigInteger.ONE) == 0 && rsa.q.isProbablePrime(10)) {
    1621                                 setTimeout(loop4,0);
    1622                             } else {
    1623                                 setTimeout(loop3,0);
    1624                             }
    1625                         });
    1626                     });
    1627                 };
    1628                 var loop2 = function() {
    1629                     rsa.p = nbi();
    1630                     rsa.p.fromNumberAsync(B - qs, 1, rng, function(){
    1631                         rsa.p.subtract(BigInteger.ONE).gcda(ee, function(r){
    1632                             if (r.compareTo(BigInteger.ONE) == 0 && rsa.p.isProbablePrime(10)) {
    1633                                 setTimeout(loop3,0);
    1634                             } else {
    1635                                 setTimeout(loop2,0);
    1636                             }
    1637                         });
    1638                     });
    1639                 };
    1640                 setTimeout(loop2,0);
    1641             };
    1642             setTimeout(loop1,0);
    1643         };
    1644         RSAKey.prototype.generateAsync = RSAGenerateAsync;
    1645 
    1646 // Public API method
    1647         var bnGCDAsync = function (a, callback) {
    1648             var x = (this.s < 0) ? this.negate() : this.clone();
    1649             var y = (a.s < 0) ? a.negate() : a.clone();
    1650             if (x.compareTo(y) < 0) {
    1651                 var t = x;
    1652                 x = y;
    1653                 y = t;
    1654             }
    1655             var i = x.getLowestSetBit(),
    1656                 g = y.getLowestSetBit();
    1657             if (g < 0) {
    1658                 callback(x);
    1659                 return;
    1660             }
    1661             if (i < g) g = i;
    1662             if (g > 0) {
    1663                 x.rShiftTo(g, x);
    1664                 y.rShiftTo(g, y);
    1665             }
    1666             // Workhorse of the algorithm, gets called 200 - 800 times per 512 bit keygen.
    1667             var gcda1 = function() {
    1668                 if ((i = x.getLowestSetBit()) > 0){ x.rShiftTo(i, x); }
    1669                 if ((i = y.getLowestSetBit()) > 0){ y.rShiftTo(i, y); }
    1670                 if (x.compareTo(y) >= 0) {
    1671                     x.subTo(y, x);
    1672                     x.rShiftTo(1, x);
    1673                 } else {
    1674                     y.subTo(x, y);
    1675                     y.rShiftTo(1, y);
    1676                 }
    1677                 if(!(x.signum() > 0)) {
    1678                     if (g > 0) y.lShiftTo(g, y);
    1679                     setTimeout(function(){callback(y)},0); // escape
    1680                 } else {
    1681                     setTimeout(gcda1,0);
    1682                 }
    1683             };
    1684             setTimeout(gcda1,10);
    1685         };
    1686         BigInteger.prototype.gcda = bnGCDAsync;
    1687 
    1688 // (protected) alternate constructor
    1689         var bnpFromNumberAsync = function (a,b,c,callback) {
    1690             if("number" == typeof b) {
    1691                 if(a < 2) {
    1692                     this.fromInt(1);
    1693                 } else {
    1694                     this.fromNumber(a,c);
    1695                     if(!this.testBit(a-1)){
    1696                         this.bitwiseTo(BigInteger.ONE.shiftLeft(a-1),op_or,this);
    1697                     }
    1698                     if(this.isEven()) {
    1699                         this.dAddOffset(1,0);
    1700                     }
    1701                     var bnp = this;
    1702                     var bnpfn1 = function(){
    1703                         bnp.dAddOffset(2,0);
    1704                         if(bnp.bitLength() > a) bnp.subTo(BigInteger.ONE.shiftLeft(a-1),bnp);
    1705                         if(bnp.isProbablePrime(b)) {
    1706                             setTimeout(function(){callback()},0); // escape
    1707                         } else {
    1708                             setTimeout(bnpfn1,0);
    1709                         }
    1710                     };
    1711                     setTimeout(bnpfn1,0);
    1712                 }
    1713             } else {
    1714                 var x = new Array(), t = a&7;
    1715                 x.length = (a>>3)+1;
    1716                 b.nextBytes(x);
    1717                 if(t > 0) x[0] &= ((1<<t)-1); else x[0] = 0;
    1718                 this.fromString(x,256);
    1719             }
    1720         };
    1721         BigInteger.prototype.fromNumberAsync = bnpFromNumberAsync;
    1722 
    1723     })();var b64map="ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";
    1724     var b64pad="=";
    1725 
    1726     function hex2b64(h) {
    1727         var i;
    1728         var c;
    1729         var ret = "";
    1730         for(i = 0; i+3 <= h.length; i+=3) {
    1731             c = parseInt(h.substring(i,i+3),16);
    1732             ret += b64map.charAt(c >> 6) + b64map.charAt(c & 63);
    1733         }
    1734         if(i+1 == h.length) {
    1735             c = parseInt(h.substring(i,i+1),16);
    1736             ret += b64map.charAt(c << 2);
    1737         }
    1738         else if(i+2 == h.length) {
    1739             c = parseInt(h.substring(i,i+2),16);
    1740             ret += b64map.charAt(c >> 2) + b64map.charAt((c & 3) << 4);
    1741         }
    1742         while((ret.length & 3) > 0) ret += b64pad;
    1743         return ret;
    1744     }
    1745 
    1746 // convert a base64 string to hex
    1747     function b64tohex(s) {
    1748         var ret = ""
    1749         var i;
    1750         var k = 0; // b64 state, 0-3
    1751         var slop;
    1752         for(i = 0; i < s.length; ++i) {
    1753             if(s.charAt(i) == b64pad) break;
    1754             v = b64map.indexOf(s.charAt(i));
    1755             if(v < 0) continue;
    1756             if(k == 0) {
    1757                 ret += int2char(v >> 2);
    1758                 slop = v & 3;
    1759                 k = 1;
    1760             }
    1761             else if(k == 1) {
    1762                 ret += int2char((slop << 2) | (v >> 4));
    1763                 slop = v & 0xf;
    1764                 k = 2;
    1765             }
    1766             else if(k == 2) {
    1767                 ret += int2char(slop);
    1768                 ret += int2char(v >> 2);
    1769                 slop = v & 3;
    1770                 k = 3;
    1771             }
    1772             else {
    1773                 ret += int2char((slop << 2) | (v >> 4));
    1774                 ret += int2char(v & 0xf);
    1775                 k = 0;
    1776             }
    1777         }
    1778         if(k == 1)
    1779             ret += int2char(slop << 2);
    1780         return ret;
    1781     }
    1782 
    1783 // convert a base64 string to a byte/number array
    1784     function b64toBA(s) {
    1785         //piggyback on b64tohex for now, optimize later
    1786         var h = b64tohex(s);
    1787         var i;
    1788         var a = new Array();
    1789         for(i = 0; 2*i < h.length; ++i) {
    1790             a[i] = parseInt(h.substring(2*i,2*i+2),16);
    1791         }
    1792         return a;
    1793     }
    1794     /*! asn1-1.0.2.js (c) 2013 Kenji Urushima | kjur.github.com/jsrsasign/license
    1795  */
    1796 
    1797     var JSX = JSX || {};
    1798     JSX.env = JSX.env || {};
    1799 
    1800     var L = JSX, OP = Object.prototype, FUNCTION_TOSTRING = '[object Function]',ADD = ["toString", "valueOf"];
    1801 
    1802     JSX.env.parseUA = function(agent) {
    1803 
    1804         var numberify = function(s) {
    1805                 var c = 0;
    1806                 return parseFloat(s.replace(/./g, function() {
    1807                     return (c++ == 1) ? '' : '.';
    1808                 }));
    1809             },
    1810 
    1811             nav = navigator,
    1812             o = {
    1813                 ie: 0,
    1814                 opera: 0,
    1815                 gecko: 0,
    1816                 webkit: 0,
    1817                 chrome: 0,
    1818                 mobile: null,
    1819                 air: 0,
    1820                 ipad: 0,
    1821                 iphone: 0,
    1822                 ipod: 0,
    1823                 ios: null,
    1824                 android: 0,
    1825                 webos: 0,
    1826                 caja: nav && nav.cajaVersion,
    1827                 secure: false,
    1828                 os: null
    1829 
    1830             },
    1831 
    1832             ua = agent || (navigator && navigator.userAgent),
    1833             loc = window && window.location,
    1834             href = loc && loc.href,
    1835             m;
    1836 
    1837         o.secure = href && (href.toLowerCase().indexOf("https") === 0);
    1838 
    1839         if (ua) {
    1840 
    1841             if ((/windows|win32/i).test(ua)) {
    1842                 o.os = 'windows';
    1843             } else if ((/macintosh/i).test(ua)) {
    1844                 o.os = 'macintosh';
    1845             } else if ((/rhino/i).test(ua)) {
    1846                 o.os = 'rhino';
    1847             }
    1848             if ((/KHTML/).test(ua)) {
    1849                 o.webkit = 1;
    1850             }
    1851             m = ua.match(/AppleWebKit/([^s]*)/);
    1852             if (m && m[1]) {
    1853                 o.webkit = numberify(m[1]);
    1854                 if (/ Mobile//.test(ua)) {
    1855                     o.mobile = 'Apple'; // iPhone or iPod Touch
    1856                     m = ua.match(/OS ([^s]*)/);
    1857                     if (m && m[1]) {
    1858                         m = numberify(m[1].replace('_', '.'));
    1859                     }
    1860                     o.ios = m;
    1861                     o.ipad = o.ipod = o.iphone = 0;
    1862                     m = ua.match(/iPad|iPod|iPhone/);
    1863                     if (m && m[0]) {
    1864                         o[m[0].toLowerCase()] = o.ios;
    1865                     }
    1866                 } else {
    1867                     m = ua.match(/NokiaN[^/]*|Android d.d|webOS/d.d/);
    1868                     if (m) {
    1869                         o.mobile = m[0];
    1870                     }
    1871                     if (/webOS/.test(ua)) {
    1872                         o.mobile = 'WebOS';
    1873                         m = ua.match(/webOS/([^s]*);/);
    1874                         if (m && m[1]) {
    1875                             o.webos = numberify(m[1]);
    1876                         }
    1877                     }
    1878                     if (/ Android/.test(ua)) {
    1879                         o.mobile = 'Android';
    1880                         m = ua.match(/Android ([^s]*);/);
    1881                         if (m && m[1]) {
    1882                             o.android = numberify(m[1]);
    1883                         }
    1884                     }
    1885                 }
    1886                 m = ua.match(/Chrome/([^s]*)/);
    1887                 if (m && m[1]) {
    1888                     o.chrome = numberify(m[1]); // Chrome
    1889                 } else {
    1890                     m = ua.match(/AdobeAIR/([^s]*)/);
    1891                     if (m) {
    1892                         o.air = m[0]; // Adobe AIR 1.0 or better
    1893                     }
    1894                 }
    1895             }
    1896             if (!o.webkit) {
    1897                 m = ua.match(/Opera[s/]([^s]*)/);
    1898                 if (m && m[1]) {
    1899                     o.opera = numberify(m[1]);
    1900                     m = ua.match(/Version/([^s]*)/);
    1901                     if (m && m[1]) {
    1902                         o.opera = numberify(m[1]); // opera 10+
    1903                     }
    1904                     m = ua.match(/Opera Mini[^;]*/);
    1905                     if (m) {
    1906                         o.mobile = m[0]; // ex: Opera Mini/2.0.4509/1316
    1907                     }
    1908                 } else { // not opera or webkit
    1909                     m = ua.match(/MSIEs([^;]*)/);
    1910                     if (m && m[1]) {
    1911                         o.ie = numberify(m[1]);
    1912                     } else { // not opera, webkit, or ie
    1913                         m = ua.match(/Gecko/([^s]*)/);
    1914                         if (m) {
    1915                             o.gecko = 1; // Gecko detected, look for revision
    1916                             m = ua.match(/rv:([^s)]*)/);
    1917                             if (m && m[1]) {
    1918                                 o.gecko = numberify(m[1]);
    1919                             }
    1920                         }
    1921                     }
    1922                 }
    1923             }
    1924         }
    1925         return o;
    1926     };
    1927 
    1928     JSX.env.ua = JSX.env.parseUA();
    1929 
    1930     JSX.isFunction = function(o) {
    1931         return (typeof o === 'function') || OP.toString.apply(o) === FUNCTION_TOSTRING;
    1932     };
    1933 
    1934     JSX._IEEnumFix = (JSX.env.ua.ie) ? function(r, s) {
    1935         var i, fname, f;
    1936         for (i=0;i<ADD.length;i=i+1) {
    1937 
    1938             fname = ADD[i];
    1939             f = s[fname];
    1940 
    1941             if (L.isFunction(f) && f!=OP[fname]) {
    1942                 r[fname]=f;
    1943             }
    1944         }
    1945     } : function(){};
    1946 
    1947     JSX.extend = function(subc, superc, overrides) {
    1948         if (!superc||!subc) {
    1949             throw new Error("extend failed, please check that " +
    1950                 "all dependencies are included.");
    1951         }
    1952         var F = function() {}, i;
    1953         F.prototype=superc.prototype;
    1954         subc.prototype=new F();
    1955         subc.prototype.constructor=subc;
    1956         subc.superclass=superc.prototype;
    1957         if (superc.prototype.constructor == OP.constructor) {
    1958             superc.prototype.constructor=superc;
    1959         }
    1960 
    1961         if (overrides) {
    1962             for (i in overrides) {
    1963                 if (L.hasOwnProperty(overrides, i)) {
    1964                     subc.prototype[i]=overrides[i];
    1965                 }
    1966             }
    1967 
    1968             L._IEEnumFix(subc.prototype, overrides);
    1969         }
    1970     };
    1971 
    1972     /*
    1973  * asn1.js - ASN.1 DER encoder classes
    1974  *
    1975  * Copyright (c) 2013 Kenji Urushima (kenji.urushima@gmail.com)
    1976  *
    1977  * This software is licensed under the terms of the MIT License.
    1978  * http://kjur.github.com/jsrsasign/license
    1979  *
    1980  * The above copyright and license notice shall be
    1981  * included in all copies or substantial portions of the Software.
    1982  */
    1983 
    1984     /**
    1985      * @fileOverview
    1986      * @name asn1-1.0.js
    1987      * @author Kenji Urushima kenji.urushima@gmail.com
    1988      * @version 1.0.2 (2013-May-30)
    1989      * @since 2.1
    1990      * @license <a href="http://kjur.github.io/jsrsasign/license/">MIT License</a>
    1991      */
    1992 
    1993     /**
    1994      * kjur's class library name space
    1995      * <p>
    1996      * This name space provides following name spaces:
    1997      * <ul>
    1998      * <li>{@link KJUR.asn1} - ASN.1 primitive hexadecimal encoder</li>
    1999      * <li>{@link KJUR.asn1.x509} - ASN.1 structure for X.509 certificate and CRL</li>
    2000      * <li>{@link KJUR.crypto} - Java Cryptographic Extension(JCE) style MessageDigest/Signature
    2001      * class and utilities</li>
    2002      * </ul>
    2003      * </p>
    2004      * NOTE: Please ignore method summary and document of this namespace. This caused by a bug of jsdoc2.
    2005      * @name KJUR
    2006      * @namespace kjur's class library name space
    2007      */
    2008     if (typeof KJUR == "undefined" || !KJUR) KJUR = {};
    2009 
    2010     /**
    2011      * kjur's ASN.1 class library name space
    2012      * <p>
    2013      * This is ITU-T X.690 ASN.1 DER encoder class library and
    2014      * class structure and methods is very similar to
    2015      * org.bouncycastle.asn1 package of
    2016      * well known BouncyCaslte Cryptography Library.
    2017      *
    2018      * <h4>PROVIDING ASN.1 PRIMITIVES</h4>
    2019      * Here are ASN.1 DER primitive classes.
    2020      * <ul>
    2021      * <li>{@link KJUR.asn1.DERBoolean}</li>
    2022      * <li>{@link KJUR.asn1.DERInteger}</li>
    2023      * <li>{@link KJUR.asn1.DERBitString}</li>
    2024      * <li>{@link KJUR.asn1.DEROctetString}</li>
    2025      * <li>{@link KJUR.asn1.DERNull}</li>
    2026      * <li>{@link KJUR.asn1.DERObjectIdentifier}</li>
    2027      * <li>{@link KJUR.asn1.DERUTF8String}</li>
    2028      * <li>{@link KJUR.asn1.DERNumericString}</li>
    2029      * <li>{@link KJUR.asn1.DERPrintableString}</li>
    2030      * <li>{@link KJUR.asn1.DERTeletexString}</li>
    2031      * <li>{@link KJUR.asn1.DERIA5String}</li>
    2032      * <li>{@link KJUR.asn1.DERUTCTime}</li>
    2033      * <li>{@link KJUR.asn1.DERGeneralizedTime}</li>
    2034      * <li>{@link KJUR.asn1.DERSequence}</li>
    2035      * <li>{@link KJUR.asn1.DERSet}</li>
    2036      * </ul>
    2037      *
    2038      * <h4>OTHER ASN.1 CLASSES</h4>
    2039      * <ul>
    2040      * <li>{@link KJUR.asn1.ASN1Object}</li>
    2041      * <li>{@link KJUR.asn1.DERAbstractString}</li>
    2042      * <li>{@link KJUR.asn1.DERAbstractTime}</li>
    2043      * <li>{@link KJUR.asn1.DERAbstractStructured}</li>
    2044      * <li>{@link KJUR.asn1.DERTaggedObject}</li>
    2045      * </ul>
    2046      * </p>
    2047      * NOTE: Please ignore method summary and document of this namespace. This caused by a bug of jsdoc2.
    2048      * @name KJUR.asn1
    2049      * @namespace
    2050      */
    2051     if (typeof KJUR.asn1 == "undefined" || !KJUR.asn1) KJUR.asn1 = {};
    2052 
    2053     /**
    2054      * ASN1 utilities class
    2055      * @name KJUR.asn1.ASN1Util
    2056      * @classs ASN1 utilities class
    2057      * @since asn1 1.0.2
    2058      */
    2059     KJUR.asn1.ASN1Util = new function() {
    2060         this.integerToByteHex = function(i) {
    2061             var h = i.toString(16);
    2062             if ((h.length % 2) == 1) h = '0' + h;
    2063             return h;
    2064         };
    2065         this.bigIntToMinTwosComplementsHex = function(bigIntegerValue) {
    2066             var h = bigIntegerValue.toString(16);
    2067             if (h.substr(0, 1) != '-') {
    2068                 if (h.length % 2 == 1) {
    2069                     h = '0' + h;
    2070                 } else {
    2071                     if (! h.match(/^[0-7]/)) {
    2072                         h = '00' + h;
    2073                     }
    2074                 }
    2075             } else {
    2076                 var hPos = h.substr(1);
    2077                 var xorLen = hPos.length;
    2078                 if (xorLen % 2 == 1) {
    2079                     xorLen += 1;
    2080                 } else {
    2081                     if (! h.match(/^[0-7]/)) {
    2082                         xorLen += 2;
    2083                     }
    2084                 }
    2085                 var hMask = '';
    2086                 for (var i = 0; i < xorLen; i++) {
    2087                     hMask += 'f';
    2088                 }
    2089                 var biMask = new BigInteger(hMask, 16);
    2090                 var biNeg = biMask.xor(bigIntegerValue).add(BigInteger.ONE);
    2091                 h = biNeg.toString(16).replace(/^-/, '');
    2092             }
    2093             return h;
    2094         };
    2095         /**
    2096          * get PEM string from hexadecimal data and header string
    2097          * @name getPEMStringFromHex
    2098          * @memberOf KJUR.asn1.ASN1Util
    2099          * @function
    2100          * @param {String} dataHex hexadecimal string of PEM body
    2101          * @param {String} pemHeader PEM header string (ex. 'RSA PRIVATE KEY')
    2102          * @return {String} PEM formatted string of input data
    2103          * @description
    2104          * @example
    2105          * var pem  = KJUR.asn1.ASN1Util.getPEMStringFromHex('616161', 'RSA PRIVATE KEY');
    2106          * // value of pem will be:
    2107          * -----BEGIN PRIVATE KEY-----
    2108          * YWFh
    2109          * -----END PRIVATE KEY-----
    2110          */
    2111         this.getPEMStringFromHex = function(dataHex, pemHeader) {
    2112             var dataWA = CryptoJS.enc.Hex.parse(dataHex);
    2113             var dataB64 = CryptoJS.enc.Base64.stringify(dataWA);
    2114             var pemBody = dataB64.replace(/(.{64})/g, "$1
    ");
    2115             pemBody = pemBody.replace(/
    $/, '');
    2116             return "-----BEGIN " + pemHeader + "-----
    " +
    2117                 pemBody +
    2118                 "
    -----END " + pemHeader + "-----
    ";
    2119         };
    2120     };
    2121 
    2122 // ********************************************************************
    2123 //  Abstract ASN.1 Classes
    2124 // ********************************************************************
    2125 
    2126 // ********************************************************************
    2127 
    2128     /**
    2129      * base class for ASN.1 DER encoder object
    2130      * @name KJUR.asn1.ASN1Object
    2131      * @class base class for ASN.1 DER encoder object
    2132      * @property {Boolean} isModified flag whether internal data was changed
    2133      * @property {String} hTLV hexadecimal string of ASN.1 TLV
    2134      * @property {String} hT hexadecimal string of ASN.1 TLV tag(T)
    2135      * @property {String} hL hexadecimal string of ASN.1 TLV length(L)
    2136      * @property {String} hV hexadecimal string of ASN.1 TLV value(V)
    2137      * @description
    2138      */
    2139     KJUR.asn1.ASN1Object = function() {
    2140         var isModified = true;
    2141         var hTLV = null;
    2142         var hT = '00'
    2143         var hL = '00';
    2144         var hV = '';
    2145 
    2146         /**
    2147          * get hexadecimal ASN.1 TLV length(L) bytes from TLV value(V)
    2148          * @name getLengthHexFromValue
    2149          * @memberOf KJUR.asn1.ASN1Object
    2150          * @function
    2151          * @return {String} hexadecimal string of ASN.1 TLV length(L)
    2152          */
    2153         this.getLengthHexFromValue = function() {
    2154             if (typeof this.hV == "undefined" || this.hV == null) {
    2155                 throw "this.hV is null or undefined.";
    2156             }
    2157             if (this.hV.length % 2 == 1) {
    2158                 throw "value hex must be even length: n=" + hV.length + ",v=" + this.hV;
    2159             }
    2160             var n = this.hV.length / 2;
    2161             var hN = n.toString(16);
    2162             if (hN.length % 2 == 1) {
    2163                 hN = "0" + hN;
    2164             }
    2165             if (n < 128) {
    2166                 return hN;
    2167             } else {
    2168                 var hNlen = hN.length / 2;
    2169                 if (hNlen > 15) {
    2170                     throw "ASN.1 length too long to represent by 8x: n = " + n.toString(16);
    2171                 }
    2172                 var head = 128 + hNlen;
    2173                 return head.toString(16) + hN;
    2174             }
    2175         };
    2176 
    2177         /**
    2178          * get hexadecimal string of ASN.1 TLV bytes
    2179          * @name getEncodedHex
    2180          * @memberOf KJUR.asn1.ASN1Object
    2181          * @function
    2182          * @return {String} hexadecimal string of ASN.1 TLV
    2183          */
    2184         this.getEncodedHex = function() {
    2185             if (this.hTLV == null || this.isModified) {
    2186                 this.hV = this.getFreshValueHex();
    2187                 this.hL = this.getLengthHexFromValue();
    2188                 this.hTLV = this.hT + this.hL + this.hV;
    2189                 this.isModified = false;
    2190                 //console.error("first time: " + this.hTLV);
    2191             }
    2192             return this.hTLV;
    2193         };
    2194 
    2195         /**
    2196          * get hexadecimal string of ASN.1 TLV value(V) bytes
    2197          * @name getValueHex
    2198          * @memberOf KJUR.asn1.ASN1Object
    2199          * @function
    2200          * @return {String} hexadecimal string of ASN.1 TLV value(V) bytes
    2201          */
    2202         this.getValueHex = function() {
    2203             this.getEncodedHex();
    2204             return this.hV;
    2205         }
    2206 
    2207         this.getFreshValueHex = function() {
    2208             return '';
    2209         };
    2210     };
    2211 
    2212 // == BEGIN DERAbstractString ================================================
    2213     /**
    2214      * base class for ASN.1 DER string classes
    2215      * @name KJUR.asn1.DERAbstractString
    2216      * @class base class for ASN.1 DER string classes
    2217      * @param {Array} params associative array of parameters (ex. {'str': 'aaa'})
    2218      * @property {String} s internal string of value
    2219      * @extends KJUR.asn1.ASN1Object
    2220      * @description
    2221      * <br/>
    2222      * As for argument 'params' for constructor, you can specify one of
    2223      * following properties:
    2224      * <ul>
    2225      * <li>str - specify initial ASN.1 value(V) by a string</li>
    2226      * <li>hex - specify initial ASN.1 value(V) by a hexadecimal string</li>
    2227      * </ul>
    2228      * NOTE: 'params' can be omitted.
    2229      */
    2230     KJUR.asn1.DERAbstractString = function(params) {
    2231         KJUR.asn1.DERAbstractString.superclass.constructor.call(this);
    2232         var s = null;
    2233         var hV = null;
    2234 
    2235         /**
    2236          * get string value of this string object
    2237          * @name getString
    2238          * @memberOf KJUR.asn1.DERAbstractString
    2239          * @function
    2240          * @return {String} string value of this string object
    2241          */
    2242         this.getString = function() {
    2243             return this.s;
    2244         };
    2245 
    2246         /**
    2247          * set value by a string
    2248          * @name setString
    2249          * @memberOf KJUR.asn1.DERAbstractString
    2250          * @function
    2251          * @param {String} newS value by a string to set
    2252          */
    2253         this.setString = function(newS) {
    2254             this.hTLV = null;
    2255             this.isModified = true;
    2256             this.s = newS;
    2257             this.hV = stohex(this.s);
    2258         };
    2259 
    2260         /**
    2261          * set value by a hexadecimal string
    2262          * @name setStringHex
    2263          * @memberOf KJUR.asn1.DERAbstractString
    2264          * @function
    2265          * @param {String} newHexString value by a hexadecimal string to set
    2266          */
    2267         this.setStringHex = function(newHexString) {
    2268             this.hTLV = null;
    2269             this.isModified = true;
    2270             this.s = null;
    2271             this.hV = newHexString;
    2272         };
    2273 
    2274         this.getFreshValueHex = function() {
    2275             return this.hV;
    2276         };
    2277 
    2278         if (typeof params != "undefined") {
    2279             if (typeof params['str'] != "undefined") {
    2280                 this.setString(params['str']);
    2281             } else if (typeof params['hex'] != "undefined") {
    2282                 this.setStringHex(params['hex']);
    2283             }
    2284         }
    2285     };
    2286     JSX.extend(KJUR.asn1.DERAbstractString, KJUR.asn1.ASN1Object);
    2287 // == END   DERAbstractString ================================================
    2288 
    2289 // == BEGIN DERAbstractTime ==================================================
    2290     /**
    2291      * base class for ASN.1 DER Generalized/UTCTime class
    2292      * @name KJUR.asn1.DERAbstractTime
    2293      * @class base class for ASN.1 DER Generalized/UTCTime class
    2294      * @param {Array} params associative array of parameters (ex. {'str': '130430235959Z'})
    2295      * @extends KJUR.asn1.ASN1Object
    2296      * @description
    2297      * @see KJUR.asn1.ASN1Object - superclass
    2298      */
    2299     KJUR.asn1.DERAbstractTime = function(params) {
    2300         KJUR.asn1.DERAbstractTime.superclass.constructor.call(this);
    2301         var s = null;
    2302         var date = null;
    2303 
    2304         // --- PRIVATE METHODS --------------------
    2305         this.localDateToUTC = function(d) {
    2306             utc = d.getTime() + (d.getTimezoneOffset() * 60000);
    2307             var utcDate = new Date(utc);
    2308             return utcDate;
    2309         };
    2310 
    2311         this.formatDate = function(dateObject, type) {
    2312             var pad = this.zeroPadding;
    2313             var d = this.localDateToUTC(dateObject);
    2314             var year = String(d.getFullYear());
    2315             if (type == 'utc') year = year.substr(2, 2);
    2316             var month = pad(String(d.getMonth() + 1), 2);
    2317             var day = pad(String(d.getDate()), 2);
    2318             var hour = pad(String(d.getHours()), 2);
    2319             var min = pad(String(d.getMinutes()), 2);
    2320             var sec = pad(String(d.getSeconds()), 2);
    2321             return year + month + day + hour + min + sec + 'Z';
    2322         };
    2323 
    2324         this.zeroPadding = function(s, len) {
    2325             if (s.length >= len) return s;
    2326             return new Array(len - s.length + 1).join('0') + s;
    2327         };
    2328 
    2329         // --- PUBLIC METHODS --------------------
    2330         /**
    2331          * get string value of this string object
    2332          * @name getString
    2333          * @memberOf KJUR.asn1.DERAbstractTime
    2334          * @function
    2335          * @return {String} string value of this time object
    2336          */
    2337         this.getString = function() {
    2338             return this.s;
    2339         };
    2340 
    2341         /**
    2342          * set value by a string
    2343          * @name setString
    2344          * @memberOf KJUR.asn1.DERAbstractTime
    2345          * @function
    2346          * @param {String} newS value by a string to set such like "130430235959Z"
    2347          */
    2348         this.setString = function(newS) {
    2349             this.hTLV = null;
    2350             this.isModified = true;
    2351             this.s = newS;
    2352             this.hV = stohex(this.s);
    2353         };
    2354 
    2355         /**
    2356          * set value by a Date object
    2357          * @name setByDateValue
    2358          * @memberOf KJUR.asn1.DERAbstractTime
    2359          * @function
    2360          * @param {Integer} year year of date (ex. 2013)
    2361          * @param {Integer} month month of date between 1 and 12 (ex. 12)
    2362          * @param {Integer} day day of month
    2363          * @param {Integer} hour hours of date
    2364          * @param {Integer} min minutes of date
    2365          * @param {Integer} sec seconds of date
    2366          */
    2367         this.setByDateValue = function(year, month, day, hour, min, sec) {
    2368             var dateObject = new Date(Date.UTC(year, month - 1, day, hour, min, sec, 0));
    2369             this.setByDate(dateObject);
    2370         };
    2371 
    2372         this.getFreshValueHex = function() {
    2373             return this.hV;
    2374         };
    2375     };
    2376     JSX.extend(KJUR.asn1.DERAbstractTime, KJUR.asn1.ASN1Object);
    2377 // == END   DERAbstractTime ==================================================
    2378 
    2379 // == BEGIN DERAbstractStructured ============================================
    2380     /**
    2381      * base class for ASN.1 DER structured class
    2382      * @name KJUR.asn1.DERAbstractStructured
    2383      * @class base class for ASN.1 DER structured class
    2384      * @property {Array} asn1Array internal array of ASN1Object
    2385      * @extends KJUR.asn1.ASN1Object
    2386      * @description
    2387      * @see KJUR.asn1.ASN1Object - superclass
    2388      */
    2389     KJUR.asn1.DERAbstractStructured = function(params) {
    2390         KJUR.asn1.DERAbstractString.superclass.constructor.call(this);
    2391         var asn1Array = null;
    2392 
    2393         /**
    2394          * set value by array of ASN1Object
    2395          * @name setByASN1ObjectArray
    2396          * @memberOf KJUR.asn1.DERAbstractStructured
    2397          * @function
    2398          * @param {array} asn1ObjectArray array of ASN1Object to set
    2399          */
    2400         this.setByASN1ObjectArray = function(asn1ObjectArray) {
    2401             this.hTLV = null;
    2402             this.isModified = true;
    2403             this.asn1Array = asn1ObjectArray;
    2404         };
    2405 
    2406         /**
    2407          * append an ASN1Object to internal array
    2408          * @name appendASN1Object
    2409          * @memberOf KJUR.asn1.DERAbstractStructured
    2410          * @function
    2411          * @param {ASN1Object} asn1Object to add
    2412          */
    2413         this.appendASN1Object = function(asn1Object) {
    2414             this.hTLV = null;
    2415             this.isModified = true;
    2416             this.asn1Array.push(asn1Object);
    2417         };
    2418 
    2419         this.asn1Array = new Array();
    2420         if (typeof params != "undefined") {
    2421             if (typeof params['array'] != "undefined") {
    2422                 this.asn1Array = params['array'];
    2423             }
    2424         }
    2425     };
    2426     JSX.extend(KJUR.asn1.DERAbstractStructured, KJUR.asn1.ASN1Object);
    2427 
    2428 
    2429 // ********************************************************************
    2430 //  ASN.1 Object Classes
    2431 // ********************************************************************
    2432 
    2433 // ********************************************************************
    2434     /**
    2435      * class for ASN.1 DER Boolean
    2436      * @name KJUR.asn1.DERBoolean
    2437      * @class class for ASN.1 DER Boolean
    2438      * @extends KJUR.asn1.ASN1Object
    2439      * @description
    2440      * @see KJUR.asn1.ASN1Object - superclass
    2441      */
    2442     KJUR.asn1.DERBoolean = function() {
    2443         KJUR.asn1.DERBoolean.superclass.constructor.call(this);
    2444         this.hT = "01";
    2445         this.hTLV = "0101ff";
    2446     };
    2447     JSX.extend(KJUR.asn1.DERBoolean, KJUR.asn1.ASN1Object);
    2448 
    2449 // ********************************************************************
    2450     /**
    2451      * class for ASN.1 DER Integer
    2452      * @name KJUR.asn1.DERInteger
    2453      * @class class for ASN.1 DER Integer
    2454      * @extends KJUR.asn1.ASN1Object
    2455      * @description
    2456      * <br/>
    2457      * As for argument 'params' for constructor, you can specify one of
    2458      * following properties:
    2459      * <ul>
    2460      * <li>int - specify initial ASN.1 value(V) by integer value</li>
    2461      * <li>bigint - specify initial ASN.1 value(V) by BigInteger object</li>
    2462      * <li>hex - specify initial ASN.1 value(V) by a hexadecimal string</li>
    2463      * </ul>
    2464      * NOTE: 'params' can be omitted.
    2465      */
    2466     KJUR.asn1.DERInteger = function(params) {
    2467         KJUR.asn1.DERInteger.superclass.constructor.call(this);
    2468         this.hT = "02";
    2469 
    2470         /**
    2471          * set value by Tom Wu's BigInteger object
    2472          * @name setByBigInteger
    2473          * @memberOf KJUR.asn1.DERInteger
    2474          * @function
    2475          * @param {BigInteger} bigIntegerValue to set
    2476          */
    2477         this.setByBigInteger = function(bigIntegerValue) {
    2478             this.hTLV = null;
    2479             this.isModified = true;
    2480             this.hV = KJUR.asn1.ASN1Util.bigIntToMinTwosComplementsHex(bigIntegerValue);
    2481         };
    2482 
    2483         /**
    2484          * set value by integer value
    2485          * @name setByInteger
    2486          * @memberOf KJUR.asn1.DERInteger
    2487          * @function
    2488          * @param {Integer} integer value to set
    2489          */
    2490         this.setByInteger = function(intValue) {
    2491             var bi = new BigInteger(String(intValue), 10);
    2492             this.setByBigInteger(bi);
    2493         };
    2494 
    2495         /**
    2496          * set value by integer value
    2497          * @name setValueHex
    2498          * @memberOf KJUR.asn1.DERInteger
    2499          * @function
    2500          * @param {String} hexadecimal string of integer value
    2501          * @description
    2502          * <br/>
    2503          * NOTE: Value shall be represented by minimum octet length of
    2504          * two's complement representation.
    2505          */
    2506         this.setValueHex = function(newHexString) {
    2507             this.hV = newHexString;
    2508         };
    2509 
    2510         this.getFreshValueHex = function() {
    2511             return this.hV;
    2512         };
    2513 
    2514         if (typeof params != "undefined") {
    2515             if (typeof params['bigint'] != "undefined") {
    2516                 this.setByBigInteger(params['bigint']);
    2517             } else if (typeof params['int'] != "undefined") {
    2518                 this.setByInteger(params['int']);
    2519             } else if (typeof params['hex'] != "undefined") {
    2520                 this.setValueHex(params['hex']);
    2521             }
    2522         }
    2523     };
    2524     JSX.extend(KJUR.asn1.DERInteger, KJUR.asn1.ASN1Object);
    2525 
    2526 // ********************************************************************
    2527     /**
    2528      * class for ASN.1 DER encoded BitString primitive
    2529      * @name KJUR.asn1.DERBitString
    2530      * @class class for ASN.1 DER encoded BitString primitive
    2531      * @extends KJUR.asn1.ASN1Object
    2532      * @description
    2533      * <br/>
    2534      * As for argument 'params' for constructor, you can specify one of
    2535      * following properties:
    2536      * <ul>
    2537      * <li>bin - specify binary string (ex. '10111')</li>
    2538      * <li>array - specify array of boolean (ex. [true,false,true,true])</li>
    2539      * <li>hex - specify hexadecimal string of ASN.1 value(V) including unused bits</li>
    2540      * </ul>
    2541      * NOTE: 'params' can be omitted.
    2542      */
    2543     KJUR.asn1.DERBitString = function(params) {
    2544         KJUR.asn1.DERBitString.superclass.constructor.call(this);
    2545         this.hT = "03";
    2546 
    2547         /**
    2548          * set ASN.1 value(V) by a hexadecimal string including unused bits
    2549          * @name setHexValueIncludingUnusedBits
    2550          * @memberOf KJUR.asn1.DERBitString
    2551          * @function
    2552          * @param {String} newHexStringIncludingUnusedBits
    2553          */
    2554         this.setHexValueIncludingUnusedBits = function(newHexStringIncludingUnusedBits) {
    2555             this.hTLV = null;
    2556             this.isModified = true;
    2557             this.hV = newHexStringIncludingUnusedBits;
    2558         };
    2559 
    2560         /**
    2561          * set ASN.1 value(V) by unused bit and hexadecimal string of value
    2562          * @name setUnusedBitsAndHexValue
    2563          * @memberOf KJUR.asn1.DERBitString
    2564          * @function
    2565          * @param {Integer} unusedBits
    2566          * @param {String} hValue
    2567          */
    2568         this.setUnusedBitsAndHexValue = function(unusedBits, hValue) {
    2569             if (unusedBits < 0 || 7 < unusedBits) {
    2570                 throw "unused bits shall be from 0 to 7: u = " + unusedBits;
    2571             }
    2572             var hUnusedBits = "0" + unusedBits;
    2573             this.hTLV = null;
    2574             this.isModified = true;
    2575             this.hV = hUnusedBits + hValue;
    2576         };
    2577 
    2578         /**
    2579          * set ASN.1 DER BitString by binary string
    2580          * @name setByBinaryString
    2581          * @memberOf KJUR.asn1.DERBitString
    2582          * @function
    2583          * @param {String} binaryString binary value string (i.e. '10111')
    2584          * @description
    2585          * Its unused bits will be calculated automatically by length of
    2586          * 'binaryValue'. <br/>
    2587          * NOTE: Trailing zeros '0' will be ignored.
    2588          */
    2589         this.setByBinaryString = function(binaryString) {
    2590             binaryString = binaryString.replace(/0+$/, '');
    2591             var unusedBits = 8 - binaryString.length % 8;
    2592             if (unusedBits == 8) unusedBits = 0;
    2593             for (var i = 0; i <= unusedBits; i++) {
    2594                 binaryString += '0';
    2595             }
    2596             var h = '';
    2597             for (var i = 0; i < binaryString.length - 1; i += 8) {
    2598                 var b = binaryString.substr(i, 8);
    2599                 var x = parseInt(b, 2).toString(16);
    2600                 if (x.length == 1) x = '0' + x;
    2601                 h += x;
    2602             }
    2603             this.hTLV = null;
    2604             this.isModified = true;
    2605             this.hV = '0' + unusedBits + h;
    2606         };
    2607 
    2608         /**
    2609          * set ASN.1 TLV value(V) by an array of boolean
    2610          * @name setByBooleanArray
    2611          * @memberOf KJUR.asn1.DERBitString
    2612          * @function
    2613          * @param {array} booleanArray array of boolean (ex. [true, false, true])
    2614          * @description
    2615          * NOTE: Trailing falses will be ignored.
    2616          */
    2617         this.setByBooleanArray = function(booleanArray) {
    2618             var s = '';
    2619             for (var i = 0; i < booleanArray.length; i++) {
    2620                 if (booleanArray[i] == true) {
    2621                     s += '1';
    2622                 } else {
    2623                     s += '0';
    2624                 }
    2625             }
    2626             this.setByBinaryString(s);
    2627         };
    2628 
    2629         /**
    2630          * generate an array of false with specified length
    2631          * @name newFalseArray
    2632          * @memberOf KJUR.asn1.DERBitString
    2633          * @function
    2634          * @param {Integer} nLength length of array to generate
    2635          * @return {array} array of boolean faluse
    2636          * @description
    2637          * This static method may be useful to initialize boolean array.
    2638          */
    2639         this.newFalseArray = function(nLength) {
    2640             var a = new Array(nLength);
    2641             for (var i = 0; i < nLength; i++) {
    2642                 a[i] = false;
    2643             }
    2644             return a;
    2645         };
    2646 
    2647         this.getFreshValueHex = function() {
    2648             return this.hV;
    2649         };
    2650 
    2651         if (typeof params != "undefined") {
    2652             if (typeof params['hex'] != "undefined") {
    2653                 this.setHexValueIncludingUnusedBits(params['hex']);
    2654             } else if (typeof params['bin'] != "undefined") {
    2655                 this.setByBinaryString(params['bin']);
    2656             } else if (typeof params['array'] != "undefined") {
    2657                 this.setByBooleanArray(params['array']);
    2658             }
    2659         }
    2660     };
    2661     JSX.extend(KJUR.asn1.DERBitString, KJUR.asn1.ASN1Object);
    2662 
    2663 // ********************************************************************
    2664     /**
    2665      * class for ASN.1 DER OctetString
    2666      * @name KJUR.asn1.DEROctetString
    2667      * @class class for ASN.1 DER OctetString
    2668      * @param {Array} params associative array of parameters (ex. {'str': 'aaa'})
    2669      * @extends KJUR.asn1.DERAbstractString
    2670      * @description
    2671      * @see KJUR.asn1.DERAbstractString - superclass
    2672      */
    2673     KJUR.asn1.DEROctetString = function(params) {
    2674         KJUR.asn1.DEROctetString.superclass.constructor.call(this, params);
    2675         this.hT = "04";
    2676     };
    2677     JSX.extend(KJUR.asn1.DEROctetString, KJUR.asn1.DERAbstractString);
    2678 
    2679 // ********************************************************************
    2680     /**
    2681      * class for ASN.1 DER Null
    2682      * @name KJUR.asn1.DERNull
    2683      * @class class for ASN.1 DER Null
    2684      * @extends KJUR.asn1.ASN1Object
    2685      * @description
    2686      * @see KJUR.asn1.ASN1Object - superclass
    2687      */
    2688     KJUR.asn1.DERNull = function() {
    2689         KJUR.asn1.DERNull.superclass.constructor.call(this);
    2690         this.hT = "05";
    2691         this.hTLV = "0500";
    2692     };
    2693     JSX.extend(KJUR.asn1.DERNull, KJUR.asn1.ASN1Object);
    2694 
    2695 // ********************************************************************
    2696     /**
    2697      * class for ASN.1 DER ObjectIdentifier
    2698      * @name KJUR.asn1.DERObjectIdentifier
    2699      * @class class for ASN.1 DER ObjectIdentifier
    2700      * @param {Array} params associative array of parameters (ex. {'oid': '2.5.4.5'})
    2701      * @extends KJUR.asn1.ASN1Object
    2702      * @description
    2703      * <br/>
    2704      * As for argument 'params' for constructor, you can specify one of
    2705      * following properties:
    2706      * <ul>
    2707      * <li>oid - specify initial ASN.1 value(V) by a oid string (ex. 2.5.4.13)</li>
    2708      * <li>hex - specify initial ASN.1 value(V) by a hexadecimal string</li>
    2709      * </ul>
    2710      * NOTE: 'params' can be omitted.
    2711      */
    2712     KJUR.asn1.DERObjectIdentifier = function(params) {
    2713         var itox = function(i) {
    2714             var h = i.toString(16);
    2715             if (h.length == 1) h = '0' + h;
    2716             return h;
    2717         };
    2718         var roidtox = function(roid) {
    2719             var h = '';
    2720             var bi = new BigInteger(roid, 10);
    2721             var b = bi.toString(2);
    2722             var padLen = 7 - b.length % 7;
    2723             if (padLen == 7) padLen = 0;
    2724             var bPad = '';
    2725             for (var i = 0; i < padLen; i++) bPad += '0';
    2726             b = bPad + b;
    2727             for (var i = 0; i < b.length - 1; i += 7) {
    2728                 var b8 = b.substr(i, 7);
    2729                 if (i != b.length - 7) b8 = '1' + b8;
    2730                 h += itox(parseInt(b8, 2));
    2731             }
    2732             return h;
    2733         }
    2734 
    2735         KJUR.asn1.DERObjectIdentifier.superclass.constructor.call(this);
    2736         this.hT = "06";
    2737 
    2738         /**
    2739          * set value by a hexadecimal string
    2740          * @name setValueHex
    2741          * @memberOf KJUR.asn1.DERObjectIdentifier
    2742          * @function
    2743          * @param {String} newHexString hexadecimal value of OID bytes
    2744          */
    2745         this.setValueHex = function(newHexString) {
    2746             this.hTLV = null;
    2747             this.isModified = true;
    2748             this.s = null;
    2749             this.hV = newHexString;
    2750         };
    2751 
    2752         /**
    2753          * set value by a OID string
    2754          * @name setValueOidString
    2755          * @memberOf KJUR.asn1.DERObjectIdentifier
    2756          * @function
    2757          * @param {String} oidString OID string (ex. 2.5.4.13)
    2758          */
    2759         this.setValueOidString = function(oidString) {
    2760             if (! oidString.match(/^[0-9.]+$/)) {
    2761                 throw "malformed oid string: " + oidString;
    2762             }
    2763             var h = '';
    2764             var a = oidString.split('.');
    2765             var i0 = parseInt(a[0]) * 40 + parseInt(a[1]);
    2766             h += itox(i0);
    2767             a.splice(0, 2);
    2768             for (var i = 0; i < a.length; i++) {
    2769                 h += roidtox(a[i]);
    2770             }
    2771             this.hTLV = null;
    2772             this.isModified = true;
    2773             this.s = null;
    2774             this.hV = h;
    2775         };
    2776 
    2777         /**
    2778          * set value by a OID name
    2779          * @name setValueName
    2780          * @memberOf KJUR.asn1.DERObjectIdentifier
    2781          * @function
    2782          * @param {String} oidName OID name (ex. 'serverAuth')
    2783          * @since 1.0.1
    2784          * @description
    2785          * OID name shall be defined in 'KJUR.asn1.x509.OID.name2oidList'.
    2786          * Otherwise raise error.
    2787          */
    2788         this.setValueName = function(oidName) {
    2789             if (typeof KJUR.asn1.x509.OID.name2oidList[oidName] != "undefined") {
    2790                 var oid = KJUR.asn1.x509.OID.name2oidList[oidName];
    2791                 this.setValueOidString(oid);
    2792             } else {
    2793                 throw "DERObjectIdentifier oidName undefined: " + oidName;
    2794             }
    2795         };
    2796 
    2797         this.getFreshValueHex = function() {
    2798             return this.hV;
    2799         };
    2800 
    2801         if (typeof params != "undefined") {
    2802             if (typeof params['oid'] != "undefined") {
    2803                 this.setValueOidString(params['oid']);
    2804             } else if (typeof params['hex'] != "undefined") {
    2805                 this.setValueHex(params['hex']);
    2806             } else if (typeof params['name'] != "undefined") {
    2807                 this.setValueName(params['name']);
    2808             }
    2809         }
    2810     };
    2811     JSX.extend(KJUR.asn1.DERObjectIdentifier, KJUR.asn1.ASN1Object);
    2812 
    2813 // ********************************************************************
    2814     /**
    2815      * class for ASN.1 DER UTF8String
    2816      * @name KJUR.asn1.DERUTF8String
    2817      * @class class for ASN.1 DER UTF8String
    2818      * @param {Array} params associative array of parameters (ex. {'str': 'aaa'})
    2819      * @extends KJUR.asn1.DERAbstractString
    2820      * @description
    2821      * @see KJUR.asn1.DERAbstractString - superclass
    2822      */
    2823     KJUR.asn1.DERUTF8String = function(params) {
    2824         KJUR.asn1.DERUTF8String.superclass.constructor.call(this, params);
    2825         this.hT = "0c";
    2826     };
    2827     JSX.extend(KJUR.asn1.DERUTF8String, KJUR.asn1.DERAbstractString);
    2828 
    2829 // ********************************************************************
    2830     /**
    2831      * class for ASN.1 DER NumericString
    2832      * @name KJUR.asn1.DERNumericString
    2833      * @class class for ASN.1 DER NumericString
    2834      * @param {Array} params associative array of parameters (ex. {'str': 'aaa'})
    2835      * @extends KJUR.asn1.DERAbstractString
    2836      * @description
    2837      * @see KJUR.asn1.DERAbstractString - superclass
    2838      */
    2839     KJUR.asn1.DERNumericString = function(params) {
    2840         KJUR.asn1.DERNumericString.superclass.constructor.call(this, params);
    2841         this.hT = "12";
    2842     };
    2843     JSX.extend(KJUR.asn1.DERNumericString, KJUR.asn1.DERAbstractString);
    2844 
    2845 // ********************************************************************
    2846     /**
    2847      * class for ASN.1 DER PrintableString
    2848      * @name KJUR.asn1.DERPrintableString
    2849      * @class class for ASN.1 DER PrintableString
    2850      * @param {Array} params associative array of parameters (ex. {'str': 'aaa'})
    2851      * @extends KJUR.asn1.DERAbstractString
    2852      * @description
    2853      * @see KJUR.asn1.DERAbstractString - superclass
    2854      */
    2855     KJUR.asn1.DERPrintableString = function(params) {
    2856         KJUR.asn1.DERPrintableString.superclass.constructor.call(this, params);
    2857         this.hT = "13";
    2858     };
    2859     JSX.extend(KJUR.asn1.DERPrintableString, KJUR.asn1.DERAbstractString);
    2860 
    2861 // ********************************************************************
    2862     /**
    2863      * class for ASN.1 DER TeletexString
    2864      * @name KJUR.asn1.DERTeletexString
    2865      * @class class for ASN.1 DER TeletexString
    2866      * @param {Array} params associative array of parameters (ex. {'str': 'aaa'})
    2867      * @extends KJUR.asn1.DERAbstractString
    2868      * @description
    2869      * @see KJUR.asn1.DERAbstractString - superclass
    2870      */
    2871     KJUR.asn1.DERTeletexString = function(params) {
    2872         KJUR.asn1.DERTeletexString.superclass.constructor.call(this, params);
    2873         this.hT = "14";
    2874     };
    2875     JSX.extend(KJUR.asn1.DERTeletexString, KJUR.asn1.DERAbstractString);
    2876 
    2877 // ********************************************************************
    2878     /**
    2879      * class for ASN.1 DER IA5String
    2880      * @name KJUR.asn1.DERIA5String
    2881      * @class class for ASN.1 DER IA5String
    2882      * @param {Array} params associative array of parameters (ex. {'str': 'aaa'})
    2883      * @extends KJUR.asn1.DERAbstractString
    2884      * @description
    2885      * @see KJUR.asn1.DERAbstractString - superclass
    2886      */
    2887     KJUR.asn1.DERIA5String = function(params) {
    2888         KJUR.asn1.DERIA5String.superclass.constructor.call(this, params);
    2889         this.hT = "16";
    2890     };
    2891     JSX.extend(KJUR.asn1.DERIA5String, KJUR.asn1.DERAbstractString);
    2892 
    2893 // ********************************************************************
    2894     /**
    2895      * class for ASN.1 DER UTCTime
    2896      * @name KJUR.asn1.DERUTCTime
    2897      * @class class for ASN.1 DER UTCTime
    2898      * @param {Array} params associative array of parameters (ex. {'str': '130430235959Z'})
    2899      * @extends KJUR.asn1.DERAbstractTime
    2900      * @description
    2901      * <br/>
    2902      * As for argument 'params' for constructor, you can specify one of
    2903      * following properties:
    2904      * <ul>
    2905      * <li>str - specify initial ASN.1 value(V) by a string (ex.'130430235959Z')</li>
    2906      * <li>hex - specify initial ASN.1 value(V) by a hexadecimal string</li>
    2907      * <li>date - specify Date object.</li>
    2908      * </ul>
    2909      * NOTE: 'params' can be omitted.
    2910      * <h4>EXAMPLES</h4>
    2911      * @example
    2912      * var d1 = new KJUR.asn1.DERUTCTime();
    2913      * d1.setString('130430125959Z');
    2914      *
    2915      * var d2 = new KJUR.asn1.DERUTCTime({'str': '130430125959Z'});
    2916      *
    2917      * var d3 = new KJUR.asn1.DERUTCTime({'date': new Date(Date.UTC(2015, 0, 31, 0, 0, 0, 0))});
    2918      */
    2919     KJUR.asn1.DERUTCTime = function(params) {
    2920         KJUR.asn1.DERUTCTime.superclass.constructor.call(this, params);
    2921         this.hT = "17";
    2922 
    2923         /**
    2924          * set value by a Date object
    2925          * @name setByDate
    2926          * @memberOf KJUR.asn1.DERUTCTime
    2927          * @function
    2928          * @param {Date} dateObject Date object to set ASN.1 value(V)
    2929          */
    2930         this.setByDate = function(dateObject) {
    2931             this.hTLV = null;
    2932             this.isModified = true;
    2933             this.date = dateObject;
    2934             this.s = this.formatDate(this.date, 'utc');
    2935             this.hV = stohex(this.s);
    2936         };
    2937 
    2938         if (typeof params != "undefined") {
    2939             if (typeof params['str'] != "undefined") {
    2940                 this.setString(params['str']);
    2941             } else if (typeof params['hex'] != "undefined") {
    2942                 this.setStringHex(params['hex']);
    2943             } else if (typeof params['date'] != "undefined") {
    2944                 this.setByDate(params['date']);
    2945             }
    2946         }
    2947     };
    2948     JSX.extend(KJUR.asn1.DERUTCTime, KJUR.asn1.DERAbstractTime);
    2949 
    2950 // ********************************************************************
    2951     /**
    2952      * class for ASN.1 DER GeneralizedTime
    2953      * @name KJUR.asn1.DERGeneralizedTime
    2954      * @class class for ASN.1 DER GeneralizedTime
    2955      * @param {Array} params associative array of parameters (ex. {'str': '20130430235959Z'})
    2956      * @extends KJUR.asn1.DERAbstractTime
    2957      * @description
    2958      * <br/>
    2959      * As for argument 'params' for constructor, you can specify one of
    2960      * following properties:
    2961      * <ul>
    2962      * <li>str - specify initial ASN.1 value(V) by a string (ex.'20130430235959Z')</li>
    2963      * <li>hex - specify initial ASN.1 value(V) by a hexadecimal string</li>
    2964      * <li>date - specify Date object.</li>
    2965      * </ul>
    2966      * NOTE: 'params' can be omitted.
    2967      */
    2968     KJUR.asn1.DERGeneralizedTime = function(params) {
    2969         KJUR.asn1.DERGeneralizedTime.superclass.constructor.call(this, params);
    2970         this.hT = "18";
    2971 
    2972         /**
    2973          * set value by a Date object
    2974          * @name setByDate
    2975          * @memberOf KJUR.asn1.DERGeneralizedTime
    2976          * @function
    2977          * @param {Date} dateObject Date object to set ASN.1 value(V)
    2978          * @example
    2979          * When you specify UTC time, use 'Date.UTC' method like this:<br/>
    2980          * var o = new DERUTCTime();
    2981          * var date = new Date(Date.UTC(2015, 0, 31, 23, 59, 59, 0)); #2015JAN31 23:59:59
    2982          * o.setByDate(date);
    2983          */
    2984         this.setByDate = function(dateObject) {
    2985             this.hTLV = null;
    2986             this.isModified = true;
    2987             this.date = dateObject;
    2988             this.s = this.formatDate(this.date, 'gen');
    2989             this.hV = stohex(this.s);
    2990         };
    2991 
    2992         if (typeof params != "undefined") {
    2993             if (typeof params['str'] != "undefined") {
    2994                 this.setString(params['str']);
    2995             } else if (typeof params['hex'] != "undefined") {
    2996                 this.setStringHex(params['hex']);
    2997             } else if (typeof params['date'] != "undefined") {
    2998                 this.setByDate(params['date']);
    2999             }
    3000         }
    3001     };
    3002     JSX.extend(KJUR.asn1.DERGeneralizedTime, KJUR.asn1.DERAbstractTime);
    3003 
    3004 // ********************************************************************
    3005     /**
    3006      * class for ASN.1 DER Sequence
    3007      * @name KJUR.asn1.DERSequence
    3008      * @class class for ASN.1 DER Sequence
    3009      * @extends KJUR.asn1.DERAbstractStructured
    3010      * @description
    3011      * <br/>
    3012      * As for argument 'params' for constructor, you can specify one of
    3013      * following properties:
    3014      * <ul>
    3015      * <li>array - specify array of ASN1Object to set elements of content</li>
    3016      * </ul>
    3017      * NOTE: 'params' can be omitted.
    3018      */
    3019     KJUR.asn1.DERSequence = function(params) {
    3020         KJUR.asn1.DERSequence.superclass.constructor.call(this, params);
    3021         this.hT = "30";
    3022         this.getFreshValueHex = function() {
    3023             var h = '';
    3024             for (var i = 0; i < this.asn1Array.length; i++) {
    3025                 var asn1Obj = this.asn1Array[i];
    3026                 h += asn1Obj.getEncodedHex();
    3027             }
    3028             this.hV = h;
    3029             return this.hV;
    3030         };
    3031     };
    3032     JSX.extend(KJUR.asn1.DERSequence, KJUR.asn1.DERAbstractStructured);
    3033 
    3034 // ********************************************************************
    3035     /**
    3036      * class for ASN.1 DER Set
    3037      * @name KJUR.asn1.DERSet
    3038      * @class class for ASN.1 DER Set
    3039      * @extends KJUR.asn1.DERAbstractStructured
    3040      * @description
    3041      * <br/>
    3042      * As for argument 'params' for constructor, you can specify one of
    3043      * following properties:
    3044      * <ul>
    3045      * <li>array - specify array of ASN1Object to set elements of content</li>
    3046      * </ul>
    3047      * NOTE: 'params' can be omitted.
    3048      */
    3049     KJUR.asn1.DERSet = function(params) {
    3050         KJUR.asn1.DERSet.superclass.constructor.call(this, params);
    3051         this.hT = "31";
    3052         this.getFreshValueHex = function() {
    3053             var a = new Array();
    3054             for (var i = 0; i < this.asn1Array.length; i++) {
    3055                 var asn1Obj = this.asn1Array[i];
    3056                 a.push(asn1Obj.getEncodedHex());
    3057             }
    3058             a.sort();
    3059             this.hV = a.join('');
    3060             return this.hV;
    3061         };
    3062     };
    3063     JSX.extend(KJUR.asn1.DERSet, KJUR.asn1.DERAbstractStructured);
    3064 
    3065 // ********************************************************************
    3066     /**
    3067      * class for ASN.1 DER TaggedObject
    3068      * @name KJUR.asn1.DERTaggedObject
    3069      * @class class for ASN.1 DER TaggedObject
    3070      * @extends KJUR.asn1.ASN1Object
    3071      * @description
    3072      * <br/>
    3073      * Parameter 'tagNoNex' is ASN.1 tag(T) value for this object.
    3074      * For example, if you find '[1]' tag in a ASN.1 dump,
    3075      * 'tagNoHex' will be 'a1'.
    3076      * <br/>
    3077      * As for optional argument 'params' for constructor, you can specify *ANY* of
    3078      * following properties:
    3079      * <ul>
    3080      * <li>explicit - specify true if this is explicit tag otherwise false
    3081      *     (default is 'true').</li>
    3082      * <li>tag - specify tag (default is 'a0' which means [0])</li>
    3083      * <li>obj - specify ASN1Object which is tagged</li>
    3084      * </ul>
    3085      * @example
    3086      * d1 = new KJUR.asn1.DERUTF8String({'str':'a'});
    3087      * d2 = new KJUR.asn1.DERTaggedObject({'obj': d1});
    3088      * hex = d2.getEncodedHex();
    3089      */
    3090     KJUR.asn1.DERTaggedObject = function(params) {
    3091         KJUR.asn1.DERTaggedObject.superclass.constructor.call(this);
    3092         this.hT = "a0";
    3093         this.hV = '';
    3094         this.isExplicit = true;
    3095         this.asn1Object = null;
    3096 
    3097         /**
    3098          * set value by an ASN1Object
    3099          * @name setString
    3100          * @memberOf KJUR.asn1.DERTaggedObject
    3101          * @function
    3102          * @param {Boolean} isExplicitFlag flag for explicit/implicit tag
    3103          * @param {Integer} tagNoHex hexadecimal string of ASN.1 tag
    3104          * @param {ASN1Object} asn1Object ASN.1 to encapsulate
    3105          */
    3106         this.setASN1Object = function(isExplicitFlag, tagNoHex, asn1Object) {
    3107             this.hT = tagNoHex;
    3108             this.isExplicit = isExplicitFlag;
    3109             this.asn1Object = asn1Object;
    3110             if (this.isExplicit) {
    3111                 this.hV = this.asn1Object.getEncodedHex();
    3112                 this.hTLV = null;
    3113                 this.isModified = true;
    3114             } else {
    3115                 this.hV = null;
    3116                 this.hTLV = asn1Object.getEncodedHex();
    3117                 this.hTLV = this.hTLV.replace(/^../, tagNoHex);
    3118                 this.isModified = false;
    3119             }
    3120         };
    3121 
    3122         this.getFreshValueHex = function() {
    3123             return this.hV;
    3124         };
    3125 
    3126         if (typeof params != "undefined") {
    3127             if (typeof params['tag'] != "undefined") {
    3128                 this.hT = params['tag'];
    3129             }
    3130             if (typeof params['explicit'] != "undefined") {
    3131                 this.isExplicit = params['explicit'];
    3132             }
    3133             if (typeof params['obj'] != "undefined") {
    3134                 this.asn1Object = params['obj'];
    3135                 this.setASN1Object(this.isExplicit, this.hT, this.asn1Object);
    3136             }
    3137         }
    3138     };
    3139     JSX.extend(KJUR.asn1.DERTaggedObject, KJUR.asn1.ASN1Object);// Hex JavaScript decoder
    3140 // Copyright (c) 2008-2013 Lapo Luchini <lapo@lapo.it>
    3141 
    3142 // Permission to use, copy, modify, and/or distribute this software for any
    3143 // purpose with or without fee is hereby granted, provided that the above
    3144 // copyright notice and this permission notice appear in all copies.
    3145 //
    3146 // THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
    3147 // WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
    3148 // MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
    3149 // ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
    3150 // WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
    3151 // ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
    3152 // OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
    3153 
    3154     /*jshint browser: true, strict: true, immed: true, latedef: true, undef: true, regexdash: false */
    3155     (function (undefined) {
    3156         "use strict";
    3157 
    3158         var Hex = {},
    3159             decoder;
    3160 
    3161         Hex.decode = function(a) {
    3162             var i;
    3163             if (decoder === undefined) {
    3164                 var hex = "0123456789ABCDEF",
    3165                     ignore = " f
    
    	u00A0u2028u2029";
    3166                 decoder = [];
    3167                 for (i = 0; i < 16; ++i)
    3168                     decoder[hex.charAt(i)] = i;
    3169                 hex = hex.toLowerCase();
    3170                 for (i = 10; i < 16; ++i)
    3171                     decoder[hex.charAt(i)] = i;
    3172                 for (i = 0; i < ignore.length; ++i)
    3173                     decoder[ignore.charAt(i)] = -1;
    3174             }
    3175             var out = [],
    3176                 bits = 0,
    3177                 char_count = 0;
    3178             for (i = 0; i < a.length; ++i) {
    3179                 var c = a.charAt(i);
    3180                 if (c == '=')
    3181                     break;
    3182                 c = decoder[c];
    3183                 if (c == -1)
    3184                     continue;
    3185                 if (c === undefined)
    3186                     throw 'Illegal character at offset ' + i;
    3187                 bits |= c;
    3188                 if (++char_count >= 2) {
    3189                     out[out.length] = bits;
    3190                     bits = 0;
    3191                     char_count = 0;
    3192                 } else {
    3193                     bits <<= 4;
    3194                 }
    3195             }
    3196             if (char_count)
    3197                 throw "Hex encoding incomplete: 4 bits missing";
    3198             return out;
    3199         };
    3200 
    3201 // export globals
    3202         window.Hex = Hex;
    3203     })();// Base64 JavaScript decoder
    3204 // Copyright (c) 2008-2013 Lapo Luchini <lapo@lapo.it>
    3205 
    3206 // Permission to use, copy, modify, and/or distribute this software for any
    3207 // purpose with or without fee is hereby granted, provided that the above
    3208 // copyright notice and this permission notice appear in all copies.
    3209 //
    3210 // THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
    3211 // WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
    3212 // MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
    3213 // ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
    3214 // WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
    3215 // ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
    3216 // OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
    3217 
    3218     /*jshint browser: true, strict: true, immed: true, latedef: true, undef: true, regexdash: false */
    3219     (function (undefined) {
    3220         "use strict";
    3221 
    3222         var Base64 = {},
    3223             decoder;
    3224 
    3225         Base64.decode = function (a) {
    3226             var i;
    3227             if (decoder === undefined) {
    3228                 var b64 = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/",
    3229                     ignore = "= f
    
    	u00A0u2028u2029";
    3230                 decoder = [];
    3231                 for (i = 0; i < 64; ++i)
    3232                     decoder[b64.charAt(i)] = i;
    3233                 for (i = 0; i < ignore.length; ++i)
    3234                     decoder[ignore.charAt(i)] = -1;
    3235             }
    3236             var out = [];
    3237             var bits = 0, char_count = 0;
    3238             for (i = 0; i < a.length; ++i) {
    3239                 var c = a.charAt(i);
    3240                 if (c == '=')
    3241                     break;
    3242                 c = decoder[c];
    3243                 if (c == -1)
    3244                     continue;
    3245                 if (c === undefined)
    3246                     throw 'Illegal character at offset ' + i;
    3247                 bits |= c;
    3248                 if (++char_count >= 4) {
    3249                     out[out.length] = (bits >> 16);
    3250                     out[out.length] = (bits >> 8) & 0xFF;
    3251                     out[out.length] = bits & 0xFF;
    3252                     bits = 0;
    3253                     char_count = 0;
    3254                 } else {
    3255                     bits <<= 6;
    3256                 }
    3257             }
    3258             switch (char_count) {
    3259                 case 1:
    3260                     throw "Base64 encoding incomplete: at least 2 bits missing";
    3261                 case 2:
    3262                     out[out.length] = (bits >> 10);
    3263                     break;
    3264                 case 3:
    3265                     out[out.length] = (bits >> 16);
    3266                     out[out.length] = (bits >> 8) & 0xFF;
    3267                     break;
    3268             }
    3269             return out;
    3270         };
    3271 
    3272         Base64.re = /-----BEGIN [^-]+-----([A-Za-z0-9+/=s]+)-----END [^-]+-----|begin-base64[^
    ]+
    ([A-Za-z0-9+/=s]+)====/;
    3273         Base64.unarmor = function (a) {
    3274             var m = Base64.re.exec(a);
    3275             if (m) {
    3276                 if (m[1])
    3277                     a = m[1];
    3278                 else if (m[2])
    3279                     a = m[2];
    3280                 else
    3281                     throw "RegExp out of sync";
    3282             }
    3283             return Base64.decode(a);
    3284         };
    3285 
    3286 // export globals
    3287         window.Base64 = Base64;
    3288     })();// ASN.1 JavaScript decoder
    3289 // Copyright (c) 2008-2013 Lapo Luchini <lapo@lapo.it>
    3290 
    3291 // Permission to use, copy, modify, and/or distribute this software for any
    3292 // purpose with or without fee is hereby granted, provided that the above
    3293 // copyright notice and this permission notice appear in all copies.
    3294 //
    3295 // THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
    3296 // WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
    3297 // MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
    3298 // ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
    3299 // WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
    3300 // ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
    3301 // OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
    3302 
    3303     /*jshint browser: true, strict: true, immed: true, latedef: true, undef: true, regexdash: false */
    3304     /*global oids */
    3305     (function (undefined) {
    3306         "use strict";
    3307 
    3308         var hardLimit = 100,
    3309             ellipsis = "u2026",
    3310             DOM = {
    3311                 tag: function (tagName, className) {
    3312                     var t = document.createElement(tagName);
    3313                     t.className = className;
    3314                     return t;
    3315                 },
    3316                 text: function (str) {
    3317                     return document.createTextNode(str);
    3318                 }
    3319             };
    3320 
    3321         function Stream(enc, pos) {
    3322             if (enc instanceof Stream) {
    3323                 this.enc = enc.enc;
    3324                 this.pos = enc.pos;
    3325             } else {
    3326                 this.enc = enc;
    3327                 this.pos = pos;
    3328             }
    3329         }
    3330         Stream.prototype.get = function (pos) {
    3331             if (pos === undefined)
    3332                 pos = this.pos++;
    3333             if (pos >= this.enc.length)
    3334                 throw 'Requesting byte offset ' + pos + ' on a stream of length ' + this.enc.length;
    3335             return this.enc[pos];
    3336         };
    3337         Stream.prototype.hexDigits = "0123456789ABCDEF";
    3338         Stream.prototype.hexByte = function (b) {
    3339             return this.hexDigits.charAt((b >> 4) & 0xF) + this.hexDigits.charAt(b & 0xF);
    3340         };
    3341         Stream.prototype.hexDump = function (start, end, raw) {
    3342             var s = "";
    3343             for (var i = start; i < end; ++i) {
    3344                 s += this.hexByte(this.get(i));
    3345                 if (raw !== true)
    3346                     switch (i & 0xF) {
    3347                         case 0x7: s += "  "; break;
    3348                         case 0xF: s += "
    "; break;
    3349                         default:  s += " ";
    3350                     }
    3351             }
    3352             return s;
    3353         };
    3354         Stream.prototype.parseStringISO = function (start, end) {
    3355             var s = "";
    3356             for (var i = start; i < end; ++i)
    3357                 s += String.fromCharCode(this.get(i));
    3358             return s;
    3359         };
    3360         Stream.prototype.parseStringUTF = function (start, end) {
    3361             var s = "";
    3362             for (var i = start; i < end; ) {
    3363                 var c = this.get(i++);
    3364                 if (c < 128)
    3365                     s += String.fromCharCode(c);
    3366                 else if ((c > 191) && (c < 224))
    3367                     s += String.fromCharCode(((c & 0x1F) << 6) | (this.get(i++) & 0x3F));
    3368                 else
    3369                     s += String.fromCharCode(((c & 0x0F) << 12) | ((this.get(i++) & 0x3F) << 6) | (this.get(i++) & 0x3F));
    3370             }
    3371             return s;
    3372         };
    3373         Stream.prototype.parseStringBMP = function (start, end) {
    3374             var str = ""
    3375             for (var i = start; i < end; i += 2) {
    3376                 var high_byte = this.get(i);
    3377                 var low_byte = this.get(i + 1);
    3378                 str += String.fromCharCode( (high_byte << 8) + low_byte );
    3379             }
    3380 
    3381             return str;
    3382         };
    3383         Stream.prototype.reTime = /^((?:1[89]|2d)?dd)(0[1-9]|1[0-2])(0[1-9]|[12]d|3[01])([01]d|2[0-3])(?:([0-5]d)(?:([0-5]d)(?:[.,](d{1,3}))?)?)?(Z|[-+](?:[0]d|1[0-2])([0-5]d)?)?$/;
    3384         Stream.prototype.parseTime = function (start, end) {
    3385             var s = this.parseStringISO(start, end),
    3386                 m = this.reTime.exec(s);
    3387             if (!m)
    3388                 return "Unrecognized time: " + s;
    3389             s = m[1] + "-" + m[2] + "-" + m[3] + " " + m[4];
    3390             if (m[5]) {
    3391                 s += ":" + m[5];
    3392                 if (m[6]) {
    3393                     s += ":" + m[6];
    3394                     if (m[7])
    3395                         s += "." + m[7];
    3396                 }
    3397             }
    3398             if (m[8]) {
    3399                 s += " UTC";
    3400                 if (m[8] != 'Z') {
    3401                     s += m[8];
    3402                     if (m[9])
    3403                         s += ":" + m[9];
    3404                 }
    3405             }
    3406             return s;
    3407         };
    3408         Stream.prototype.parseInteger = function (start, end) {
    3409             //TODO support negative numbers
    3410             var len = end - start;
    3411             if (len > 4) {
    3412                 len <<= 3;
    3413                 var s = this.get(start);
    3414                 if (s === 0)
    3415                     len -= 8;
    3416                 else
    3417                     while (s < 128) {
    3418                         s <<= 1;
    3419                         --len;
    3420                     }
    3421                 return "(" + len + " bit)";
    3422             }
    3423             var n = 0;
    3424             for (var i = start; i < end; ++i)
    3425                 n = (n << 8) | this.get(i);
    3426             return n;
    3427         };
    3428         Stream.prototype.parseBitString = function (start, end) {
    3429             var unusedBit = this.get(start),
    3430                 lenBit = ((end - start - 1) << 3) - unusedBit,
    3431                 s = "(" + lenBit + " bit)";
    3432             if (lenBit <= 20) {
    3433                 var skip = unusedBit;
    3434                 s += " ";
    3435                 for (var i = end - 1; i > start; --i) {
    3436                     var b = this.get(i);
    3437                     for (var j = skip; j < 8; ++j)
    3438                         s += (b >> j) & 1 ? "1" : "0";
    3439                     skip = 0;
    3440                 }
    3441             }
    3442             return s;
    3443         };
    3444         Stream.prototype.parseOctetString = function (start, end) {
    3445             var len = end - start,
    3446                 s = "(" + len + " byte) ";
    3447             if (len > hardLimit)
    3448                 end = start + hardLimit;
    3449             for (var i = start; i < end; ++i)
    3450                 s += this.hexByte(this.get(i)); //TODO: also try Latin1?
    3451             if (len > hardLimit)
    3452                 s += ellipsis;
    3453             return s;
    3454         };
    3455         Stream.prototype.parseOID = function (start, end) {
    3456             var s = '',
    3457                 n = 0,
    3458                 bits = 0;
    3459             for (var i = start; i < end; ++i) {
    3460                 var v = this.get(i);
    3461                 n = (n << 7) | (v & 0x7F);
    3462                 bits += 7;
    3463                 if (!(v & 0x80)) { // finished
    3464                     if (s === '') {
    3465                         var m = n < 80 ? n < 40 ? 0 : 1 : 2;
    3466                         s = m + "." + (n - m * 40);
    3467                     } else
    3468                         s += "." + ((bits >= 31) ? "bigint" : n);
    3469                     n = bits = 0;
    3470                 }
    3471             }
    3472             return s;
    3473         };
    3474 
    3475         function ASN1(stream, header, length, tag, sub) {
    3476             this.stream = stream;
    3477             this.header = header;
    3478             this.length = length;
    3479             this.tag = tag;
    3480             this.sub = sub;
    3481         }
    3482         ASN1.prototype.typeName = function () {
    3483             if (this.tag === undefined)
    3484                 return "unknown";
    3485             var tagClass = this.tag >> 6,
    3486                 tagConstructed = (this.tag >> 5) & 1,
    3487                 tagNumber = this.tag & 0x1F;
    3488             switch (tagClass) {
    3489                 case 0: // universal
    3490                     switch (tagNumber) {
    3491                         case 0x00: return "EOC";
    3492                         case 0x01: return "BOOLEAN";
    3493                         case 0x02: return "INTEGER";
    3494                         case 0x03: return "BIT_STRING";
    3495                         case 0x04: return "OCTET_STRING";
    3496                         case 0x05: return "NULL";
    3497                         case 0x06: return "OBJECT_IDENTIFIER";
    3498                         case 0x07: return "ObjectDescriptor";
    3499                         case 0x08: return "EXTERNAL";
    3500                         case 0x09: return "REAL";
    3501                         case 0x0A: return "ENUMERATED";
    3502                         case 0x0B: return "EMBEDDED_PDV";
    3503                         case 0x0C: return "UTF8String";
    3504                         case 0x10: return "SEQUENCE";
    3505                         case 0x11: return "SET";
    3506                         case 0x12: return "NumericString";
    3507                         case 0x13: return "PrintableString"; // ASCII subset
    3508                         case 0x14: return "TeletexString"; // aka T61String
    3509                         case 0x15: return "VideotexString";
    3510                         case 0x16: return "IA5String"; // ASCII
    3511                         case 0x17: return "UTCTime";
    3512                         case 0x18: return "GeneralizedTime";
    3513                         case 0x19: return "GraphicString";
    3514                         case 0x1A: return "VisibleString"; // ASCII subset
    3515                         case 0x1B: return "GeneralString";
    3516                         case 0x1C: return "UniversalString";
    3517                         case 0x1E: return "BMPString";
    3518                         default:   return "Universal_" + tagNumber.toString(16);
    3519                     }
    3520                 case 1: return "Application_" + tagNumber.toString(16);
    3521                 case 2: return "[" + tagNumber + "]"; // Context
    3522                 case 3: return "Private_" + tagNumber.toString(16);
    3523             }
    3524         };
    3525         ASN1.prototype.reSeemsASCII = /^[ -~]+$/;
    3526         ASN1.prototype.content = function () {
    3527             if (this.tag === undefined)
    3528                 return null;
    3529             var tagClass = this.tag >> 6,
    3530                 tagNumber = this.tag & 0x1F,
    3531                 content = this.posContent(),
    3532                 len = Math.abs(this.length);
    3533             if (tagClass !== 0) { // universal
    3534                 if (this.sub !== null)
    3535                     return "(" + this.sub.length + " elem)";
    3536                 //TODO: TRY TO PARSE ASCII STRING
    3537                 var s = this.stream.parseStringISO(content, content + Math.min(len, hardLimit));
    3538                 if (this.reSeemsASCII.test(s))
    3539                     return s.substring(0, 2 * hardLimit) + ((s.length > 2 * hardLimit) ? ellipsis : "");
    3540                 else
    3541                     return this.stream.parseOctetString(content, content + len);
    3542             }
    3543             switch (tagNumber) {
    3544                 case 0x01: // BOOLEAN
    3545                     return (this.stream.get(content) === 0) ? "false" : "true";
    3546                 case 0x02: // INTEGER
    3547                     return this.stream.parseInteger(content, content + len);
    3548                 case 0x03: // BIT_STRING
    3549                     return this.sub ? "(" + this.sub.length + " elem)" :
    3550                         this.stream.parseBitString(content, content + len);
    3551                 case 0x04: // OCTET_STRING
    3552                     return this.sub ? "(" + this.sub.length + " elem)" :
    3553                         this.stream.parseOctetString(content, content + len);
    3554                 //case 0x05: // NULL
    3555                 case 0x06: // OBJECT_IDENTIFIER
    3556                     return this.stream.parseOID(content, content + len);
    3557                 //case 0x07: // ObjectDescriptor
    3558                 //case 0x08: // EXTERNAL
    3559                 //case 0x09: // REAL
    3560                 //case 0x0A: // ENUMERATED
    3561                 //case 0x0B: // EMBEDDED_PDV
    3562                 case 0x10: // SEQUENCE
    3563                 case 0x11: // SET
    3564                     return "(" + this.sub.length + " elem)";
    3565                 case 0x0C: // UTF8String
    3566                     return this.stream.parseStringUTF(content, content + len);
    3567                 case 0x12: // NumericString
    3568                 case 0x13: // PrintableString
    3569                 case 0x14: // TeletexString
    3570                 case 0x15: // VideotexString
    3571                 case 0x16: // IA5String
    3572                 //case 0x19: // GraphicString
    3573                 case 0x1A: // VisibleString
    3574                     //case 0x1B: // GeneralString
    3575                     //case 0x1C: // UniversalString
    3576                     return this.stream.parseStringISO(content, content + len);
    3577                 case 0x1E: // BMPString
    3578                     return this.stream.parseStringBMP(content, content + len);
    3579                 case 0x17: // UTCTime
    3580                 case 0x18: // GeneralizedTime
    3581                     return this.stream.parseTime(content, content + len);
    3582             }
    3583             return null;
    3584         };
    3585         ASN1.prototype.toString = function () {
    3586             return this.typeName() + "@" + this.stream.pos + "[header:" + this.header + ",length:" + this.length + ",sub:" + ((this.sub === null) ? 'null' : this.sub.length) + "]";
    3587         };
    3588         ASN1.prototype.print = function (indent) {
    3589             if (indent === undefined) indent = '';
    3590             document.writeln(indent + this);
    3591             if (this.sub !== null) {
    3592                 indent += '  ';
    3593                 for (var i = 0, max = this.sub.length; i < max; ++i)
    3594                     this.sub[i].print(indent);
    3595             }
    3596         };
    3597         ASN1.prototype.toPrettyString = function (indent) {
    3598             if (indent === undefined) indent = '';
    3599             var s = indent + this.typeName() + " @" + this.stream.pos;
    3600             if (this.length >= 0)
    3601                 s += "+";
    3602             s += this.length;
    3603             if (this.tag & 0x20)
    3604                 s += " (constructed)";
    3605             else if (((this.tag == 0x03) || (this.tag == 0x04)) && (this.sub !== null))
    3606                 s += " (encapsulates)";
    3607             s += "
    ";
    3608             if (this.sub !== null) {
    3609                 indent += '  ';
    3610                 for (var i = 0, max = this.sub.length; i < max; ++i)
    3611                     s += this.sub[i].toPrettyString(indent);
    3612             }
    3613             return s;
    3614         };
    3615         ASN1.prototype.toDOM = function () {
    3616             var node = DOM.tag("div", "node");
    3617             node.asn1 = this;
    3618             var head = DOM.tag("div", "head");
    3619             var s = this.typeName().replace(/_/g, " ");
    3620             head.innerHTML = s;
    3621             var content = this.content();
    3622             if (content !== null) {
    3623                 content = String(content).replace(/</g, "&lt;");
    3624                 var preview = DOM.tag("span", "preview");
    3625                 preview.appendChild(DOM.text(content));
    3626                 head.appendChild(preview);
    3627             }
    3628             node.appendChild(head);
    3629             this.node = node;
    3630             this.head = head;
    3631             var value = DOM.tag("div", "value");
    3632             s = "Offset: " + this.stream.pos + "<br/>";
    3633             s += "Length: " + this.header + "+";
    3634             if (this.length >= 0)
    3635                 s += this.length;
    3636             else
    3637                 s += (-this.length) + " (undefined)";
    3638             if (this.tag & 0x20)
    3639                 s += "<br/>(constructed)";
    3640             else if (((this.tag == 0x03) || (this.tag == 0x04)) && (this.sub !== null))
    3641                 s += "<br/>(encapsulates)";
    3642             //TODO if (this.tag == 0x03) s += "Unused bits: "
    3643             if (content !== null) {
    3644                 s += "<br/>Value:<br/><b>" + content + "</b>";
    3645                 if ((typeof oids === 'object') && (this.tag == 0x06)) {
    3646                     var oid = oids[content];
    3647                     if (oid) {
    3648                         if (oid.d) s += "<br/>" + oid.d;
    3649                         if (oid.c) s += "<br/>" + oid.c;
    3650                         if (oid.w) s += "<br/>(warning!)";
    3651                     }
    3652                 }
    3653             }
    3654             value.innerHTML = s;
    3655             node.appendChild(value);
    3656             var sub = DOM.tag("div", "sub");
    3657             if (this.sub !== null) {
    3658                 for (var i = 0, max = this.sub.length; i < max; ++i)
    3659                     sub.appendChild(this.sub[i].toDOM());
    3660             }
    3661             node.appendChild(sub);
    3662             head.onclick = function () {
    3663                 node.className = (node.className == "node collapsed") ? "node" : "node collapsed";
    3664             };
    3665             return node;
    3666         };
    3667         ASN1.prototype.posStart = function () {
    3668             return this.stream.pos;
    3669         };
    3670         ASN1.prototype.posContent = function () {
    3671             return this.stream.pos + this.header;
    3672         };
    3673         ASN1.prototype.posEnd = function () {
    3674             return this.stream.pos + this.header + Math.abs(this.length);
    3675         };
    3676         ASN1.prototype.fakeHover = function (current) {
    3677             this.node.className += " hover";
    3678             if (current)
    3679                 this.head.className += " hover";
    3680         };
    3681         ASN1.prototype.fakeOut = function (current) {
    3682             var re = / ?hover/;
    3683             this.node.className = this.node.className.replace(re, "");
    3684             if (current)
    3685                 this.head.className = this.head.className.replace(re, "");
    3686         };
    3687         ASN1.prototype.toHexDOM_sub = function (node, className, stream, start, end) {
    3688             if (start >= end)
    3689                 return;
    3690             var sub = DOM.tag("span", className);
    3691             sub.appendChild(DOM.text(
    3692                 stream.hexDump(start, end)));
    3693             node.appendChild(sub);
    3694         };
    3695         ASN1.prototype.toHexDOM = function (root) {
    3696             var node = DOM.tag("span", "hex");
    3697             if (root === undefined) root = node;
    3698             this.head.hexNode = node;
    3699             this.head.onmouseover = function () { this.hexNode.className = "hexCurrent"; };
    3700             this.head.onmouseout  = function () { this.hexNode.className = "hex"; };
    3701             node.asn1 = this;
    3702             node.onmouseover = function () {
    3703                 var current = !root.selected;
    3704                 if (current) {
    3705                     root.selected = this.asn1;
    3706                     this.className = "hexCurrent";
    3707                 }
    3708                 this.asn1.fakeHover(current);
    3709             };
    3710             node.onmouseout  = function () {
    3711                 var current = (root.selected == this.asn1);
    3712                 this.asn1.fakeOut(current);
    3713                 if (current) {
    3714                     root.selected = null;
    3715                     this.className = "hex";
    3716                 }
    3717             };
    3718             this.toHexDOM_sub(node, "tag", this.stream, this.posStart(), this.posStart() + 1);
    3719             this.toHexDOM_sub(node, (this.length >= 0) ? "dlen" : "ulen", this.stream, this.posStart() + 1, this.posContent());
    3720             if (this.sub === null)
    3721                 node.appendChild(DOM.text(
    3722                     this.stream.hexDump(this.posContent(), this.posEnd())));
    3723             else if (this.sub.length > 0) {
    3724                 var first = this.sub[0];
    3725                 var last = this.sub[this.sub.length - 1];
    3726                 this.toHexDOM_sub(node, "intro", this.stream, this.posContent(), first.posStart());
    3727                 for (var i = 0, max = this.sub.length; i < max; ++i)
    3728                     node.appendChild(this.sub[i].toHexDOM(root));
    3729                 this.toHexDOM_sub(node, "outro", this.stream, last.posEnd(), this.posEnd());
    3730             }
    3731             return node;
    3732         };
    3733         ASN1.prototype.toHexString = function (root) {
    3734             return this.stream.hexDump(this.posStart(), this.posEnd(), true);
    3735         };
    3736         ASN1.decodeLength = function (stream) {
    3737             var buf = stream.get(),
    3738                 len = buf & 0x7F;
    3739             if (len == buf)
    3740                 return len;
    3741             if (len > 3)
    3742                 throw "Length over 24 bits not supported at position " + (stream.pos - 1);
    3743             if (len === 0)
    3744                 return -1; // undefined
    3745             buf = 0;
    3746             for (var i = 0; i < len; ++i)
    3747                 buf = (buf << 8) | stream.get();
    3748             return buf;
    3749         };
    3750         ASN1.hasContent = function (tag, len, stream) {
    3751             if (tag & 0x20) // constructed
    3752                 return true;
    3753             if ((tag < 0x03) || (tag > 0x04))
    3754                 return false;
    3755             var p = new Stream(stream);
    3756             if (tag == 0x03) p.get(); // BitString unused bits, must be in [0, 7]
    3757             var subTag = p.get();
    3758             if ((subTag >> 6) & 0x01) // not (universal or context)
    3759                 return false;
    3760             try {
    3761                 var subLength = ASN1.decodeLength(p);
    3762                 return ((p.pos - stream.pos) + subLength == len);
    3763             } catch (exception) {
    3764                 return false;
    3765             }
    3766         };
    3767         ASN1.decode = function (stream) {
    3768             if (!(stream instanceof Stream))
    3769                 stream = new Stream(stream, 0);
    3770             var streamStart = new Stream(stream),
    3771                 tag = stream.get(),
    3772                 len = ASN1.decodeLength(stream),
    3773                 header = stream.pos - streamStart.pos,
    3774                 sub = null;
    3775             if (ASN1.hasContent(tag, len, stream)) {
    3776                 // it has content, so we decode it
    3777                 var start = stream.pos;
    3778                 if (tag == 0x03) stream.get(); // skip BitString unused bits, must be in [0, 7]
    3779                 sub = [];
    3780                 if (len >= 0) {
    3781                     // definite length
    3782                     var end = start + len;
    3783                     while (stream.pos < end)
    3784                         sub[sub.length] = ASN1.decode(stream);
    3785                     if (stream.pos != end)
    3786                         throw "Content size is not correct for container starting at offset " + start;
    3787                 } else {
    3788                     // undefined length
    3789                     try {
    3790                         for (;;) {
    3791                             var s = ASN1.decode(stream);
    3792                             if (s.tag === 0)
    3793                                 break;
    3794                             sub[sub.length] = s;
    3795                         }
    3796                         len = start - stream.pos;
    3797                     } catch (e) {
    3798                         throw "Exception while decoding undefined length content: " + e;
    3799                     }
    3800                 }
    3801             } else
    3802                 stream.pos += len; // skip content
    3803             return new ASN1(streamStart, header, len, tag, sub);
    3804         };
    3805         ASN1.test = function () {
    3806             var test = [
    3807                 { value: [0x27],                   expected: 0x27     },
    3808                 { value: [0x81, 0xC9],             expected: 0xC9     },
    3809                 { value: [0x83, 0xFE, 0xDC, 0xBA], expected: 0xFEDCBA }
    3810             ];
    3811             for (var i = 0, max = test.length; i < max; ++i) {
    3812                 var pos = 0,
    3813                     stream = new Stream(test[i].value, 0),
    3814                     res = ASN1.decodeLength(stream);
    3815                 if (res != test[i].expected)
    3816                     document.write("In test[" + i + "] expected " + test[i].expected + " got " + res + "
    ");
    3817             }
    3818         };
    3819 
    3820 // export globals
    3821         window.ASN1 = ASN1;
    3822     })();/**
    3823      * Retrieve the hexadecimal value (as a string) of the current ASN.1 element
    3824      * @returns {string}
    3825      * @public
    3826      */
    3827     ASN1.prototype.getHexStringValue = function () {
    3828         var hexString = this.toHexString();
    3829         var offset = this.header * 2;
    3830         var length = this.length * 2;
    3831         return hexString.substr(offset, length);
    3832     };
    3833 
    3834     /**
    3835      * Method to parse a pem encoded string containing both a public or private key.
    3836      * The method will translate the pem encoded string in a der encoded string and
    3837      * will parse private key and public key parameters. This method accepts public key
    3838      * in the rsaencryption pkcs #1 format (oid: 1.2.840.113549.1.1.1).
    3839      *
    3840      * @todo Check how many rsa formats use the same format of pkcs #1.
    3841      *
    3842      * The format is defined as:
    3843      * PublicKeyInfo ::= SEQUENCE {
    3844  *   algorithm       AlgorithmIdentifier,
    3845  *   PublicKey       BIT STRING
    3846  * }
    3847      * Where AlgorithmIdentifier is:
    3848      * AlgorithmIdentifier ::= SEQUENCE {
    3849  *   algorithm       OBJECT IDENTIFIER,     the OID of the enc algorithm
    3850  *   parameters      ANY DEFINED BY algorithm OPTIONAL (NULL for PKCS #1)
    3851  * }
    3852      * and PublicKey is a SEQUENCE encapsulated in a BIT STRING
    3853      * RSAPublicKey ::= SEQUENCE {
    3854  *   modulus           INTEGER,  -- n
    3855  *   publicExponent    INTEGER   -- e
    3856  * }
    3857      * it's possible to examine the structure of the keys obtained from openssl using
    3858      * an asn.1 dumper as the one used here to parse the components: http://lapo.it/asn1js/
    3859      * @argument {string} pem the pem encoded string, can include the BEGIN/END header/footer
    3860      * @private
    3861      */
    3862     RSAKey.prototype.parseKey = function (pem) {
    3863         try {
    3864             var modulus = 0;
    3865             var public_exponent = 0;
    3866             var reHex = /^s*(?:[0-9A-Fa-f][0-9A-Fa-f]s*)+$/;
    3867             var der = reHex.test(pem) ? Hex.decode(pem) : Base64.unarmor(pem);
    3868             var asn1 = ASN1.decode(der);
    3869 
    3870             //Fixes a bug with OpenSSL 1.0+ private keys
    3871             if(asn1.sub.length === 3){
    3872                 asn1 = asn1.sub[2].sub[0];
    3873             }
    3874             if (asn1.sub.length === 9) {
    3875 
    3876                 // Parse the private key.
    3877                 modulus = asn1.sub[1].getHexStringValue(); //bigint
    3878                 this.n = parseBigInt(modulus, 16);
    3879 
    3880                 public_exponent = asn1.sub[2].getHexStringValue(); //int
    3881                 this.e = parseInt(public_exponent, 16);
    3882 
    3883                 var private_exponent = asn1.sub[3].getHexStringValue(); //bigint
    3884                 this.d = parseBigInt(private_exponent, 16);
    3885 
    3886                 var prime1 = asn1.sub[4].getHexStringValue(); //bigint
    3887                 this.p = parseBigInt(prime1, 16);
    3888 
    3889                 var prime2 = asn1.sub[5].getHexStringValue(); //bigint
    3890                 this.q = parseBigInt(prime2, 16);
    3891 
    3892                 var exponent1 = asn1.sub[6].getHexStringValue(); //bigint
    3893                 this.dmp1 = parseBigInt(exponent1, 16);
    3894 
    3895                 var exponent2 = asn1.sub[7].getHexStringValue(); //bigint
    3896                 this.dmq1 = parseBigInt(exponent2, 16);
    3897 
    3898                 var coefficient = asn1.sub[8].getHexStringValue(); //bigint
    3899                 this.coeff = parseBigInt(coefficient, 16);
    3900 
    3901             }
    3902             else if (asn1.sub.length === 2) {
    3903 
    3904                 // Parse the public key.
    3905                 var bit_string = asn1.sub[1];
    3906                 var sequence = bit_string.sub[0];
    3907 
    3908                 modulus = sequence.sub[0].getHexStringValue();
    3909                 this.n = parseBigInt(modulus, 16);
    3910                 public_exponent = sequence.sub[1].getHexStringValue();
    3911                 this.e = parseInt(public_exponent, 16);
    3912 
    3913             }
    3914             else {
    3915                 return false;
    3916             }
    3917             return true;
    3918         }
    3919         catch (ex) {
    3920             return false;
    3921         }
    3922     };
    3923 
    3924     /**
    3925      * Translate rsa parameters in a hex encoded string representing the rsa key.
    3926      *
    3927      * The translation follow the ASN.1 notation :
    3928      * RSAPrivateKey ::= SEQUENCE {
    3929  *   version           Version,
    3930  *   modulus           INTEGER,  -- n
    3931  *   publicExponent    INTEGER,  -- e
    3932  *   privateExponent   INTEGER,  -- d
    3933  *   prime1            INTEGER,  -- p
    3934  *   prime2            INTEGER,  -- q
    3935  *   exponent1         INTEGER,  -- d mod (p1)
    3936  *   exponent2         INTEGER,  -- d mod (q-1)
    3937  *   coefficient       INTEGER,  -- (inverse of q) mod p
    3938  * }
    3939      * @returns {string}  DER Encoded String representing the rsa private key
    3940      * @private
    3941      */
    3942     RSAKey.prototype.getPrivateBaseKey = function () {
    3943         var options = {
    3944             'array': [
    3945                 new KJUR.asn1.DERInteger({'int': 0}),
    3946                 new KJUR.asn1.DERInteger({'bigint': this.n}),
    3947                 new KJUR.asn1.DERInteger({'int': this.e}),
    3948                 new KJUR.asn1.DERInteger({'bigint': this.d}),
    3949                 new KJUR.asn1.DERInteger({'bigint': this.p}),
    3950                 new KJUR.asn1.DERInteger({'bigint': this.q}),
    3951                 new KJUR.asn1.DERInteger({'bigint': this.dmp1}),
    3952                 new KJUR.asn1.DERInteger({'bigint': this.dmq1}),
    3953                 new KJUR.asn1.DERInteger({'bigint': this.coeff})
    3954             ]
    3955         };
    3956         var seq = new KJUR.asn1.DERSequence(options);
    3957         return seq.getEncodedHex();
    3958     };
    3959 
    3960     /**
    3961      * base64 (pem) encoded version of the DER encoded representation
    3962      * @returns {string} pem encoded representation without header and footer
    3963      * @public
    3964      */
    3965     RSAKey.prototype.getPrivateBaseKeyB64 = function () {
    3966         return hex2b64(this.getPrivateBaseKey());
    3967     };
    3968 
    3969     /**
    3970      * Translate rsa parameters in a hex encoded string representing the rsa public key.
    3971      * The representation follow the ASN.1 notation :
    3972      * PublicKeyInfo ::= SEQUENCE {
    3973  *   algorithm       AlgorithmIdentifier,
    3974  *   PublicKey       BIT STRING
    3975  * }
    3976      * Where AlgorithmIdentifier is:
    3977      * AlgorithmIdentifier ::= SEQUENCE {
    3978  *   algorithm       OBJECT IDENTIFIER,     the OID of the enc algorithm
    3979  *   parameters      ANY DEFINED BY algorithm OPTIONAL (NULL for PKCS #1)
    3980  * }
    3981      * and PublicKey is a SEQUENCE encapsulated in a BIT STRING
    3982      * RSAPublicKey ::= SEQUENCE {
    3983  *   modulus           INTEGER,  -- n
    3984  *   publicExponent    INTEGER   -- e
    3985  * }
    3986      * @returns {string} DER Encoded String representing the rsa public key
    3987      * @private
    3988      */
    3989     RSAKey.prototype.getPublicBaseKey = function () {
    3990         var options = {
    3991             'array': [
    3992                 new KJUR.asn1.DERObjectIdentifier({'oid': '1.2.840.113549.1.1.1'}), //RSA Encryption pkcs #1 oid
    3993                 new KJUR.asn1.DERNull()
    3994             ]
    3995         };
    3996         var first_sequence = new KJUR.asn1.DERSequence(options);
    3997 
    3998         options = {
    3999             'array': [
    4000                 new KJUR.asn1.DERInteger({'bigint': this.n}),
    4001                 new KJUR.asn1.DERInteger({'int': this.e})
    4002             ]
    4003         };
    4004         var second_sequence = new KJUR.asn1.DERSequence(options);
    4005 
    4006         options = {
    4007             'hex': '00' + second_sequence.getEncodedHex()
    4008         };
    4009         var bit_string = new KJUR.asn1.DERBitString(options);
    4010 
    4011         options = {
    4012             'array': [
    4013                 first_sequence,
    4014                 bit_string
    4015             ]
    4016         };
    4017         var seq = new KJUR.asn1.DERSequence(options);
    4018         return seq.getEncodedHex();
    4019     };
    4020 
    4021     /**
    4022      * base64 (pem) encoded version of the DER encoded representation
    4023      * @returns {string} pem encoded representation without header and footer
    4024      * @public
    4025      */
    4026     RSAKey.prototype.getPublicBaseKeyB64 = function () {
    4027         return hex2b64(this.getPublicBaseKey());
    4028     };
    4029 
    4030     /**
    4031      * wrap the string in block of width chars. The default value for rsa keys is 64
    4032      * characters.
    4033      * @param {string} str the pem encoded string without header and footer
    4034      * @param {Number} [width=64] - the length the string has to be wrapped at
    4035      * @returns {string}
    4036      * @private
    4037      */
    4038     RSAKey.prototype.wordwrap = function (str, width) {
    4039         width = width || 64;
    4040         if (!str) {
    4041             return str;
    4042         }
    4043         var regex = '(.{1,' + width + '})( +|$
    ?)|(.{1,' + width + '})';
    4044         return str.match(RegExp(regex, 'g')).join('
    ');
    4045     };
    4046 
    4047     /**
    4048      * Retrieve the pem encoded private key
    4049      * @returns {string} the pem encoded private key with header/footer
    4050      * @public
    4051      */
    4052     RSAKey.prototype.getPrivateKey = function () {
    4053         var key = "-----BEGIN RSA PRIVATE KEY-----
    ";
    4054         key += this.wordwrap(this.getPrivateBaseKeyB64()) + "
    ";
    4055         key += "-----END RSA PRIVATE KEY-----";
    4056         return key;
    4057     };
    4058 
    4059     /**
    4060      * Retrieve the pem encoded public key
    4061      * @returns {string} the pem encoded public key with header/footer
    4062      * @public
    4063      */
    4064     RSAKey.prototype.getPublicKey = function () {
    4065         var key = "-----BEGIN PUBLIC KEY-----
    ";
    4066         key += this.wordwrap(this.getPublicBaseKeyB64()) + "
    ";
    4067         key += "-----END PUBLIC KEY-----";
    4068         return key;
    4069     };
    4070 
    4071     /**
    4072      * Check if the object contains the necessary parameters to populate the rsa modulus
    4073      * and public exponent parameters.
    4074      * @param {Object} [obj={}] - An object that may contain the two public key
    4075      * parameters
    4076      * @returns {boolean} true if the object contains both the modulus and the public exponent
    4077      * properties (n and e)
    4078      * @todo check for types of n and e. N should be a parseable bigInt object, E should
    4079      * be a parseable integer number
    4080      * @private
    4081      */
    4082     RSAKey.prototype.hasPublicKeyProperty = function (obj) {
    4083         obj = obj || {};
    4084         return (
    4085             obj.hasOwnProperty('n') &&
    4086             obj.hasOwnProperty('e')
    4087         );
    4088     };
    4089 
    4090     /**
    4091      * Check if the object contains ALL the parameters of an RSA key.
    4092      * @param {Object} [obj={}] - An object that may contain nine rsa key
    4093      * parameters
    4094      * @returns {boolean} true if the object contains all the parameters needed
    4095      * @todo check for types of the parameters all the parameters but the public exponent
    4096      * should be parseable bigint objects, the public exponent should be a parseable integer number
    4097      * @private
    4098      */
    4099     RSAKey.prototype.hasPrivateKeyProperty = function (obj) {
    4100         obj = obj || {};
    4101         return (
    4102             obj.hasOwnProperty('n') &&
    4103             obj.hasOwnProperty('e') &&
    4104             obj.hasOwnProperty('d') &&
    4105             obj.hasOwnProperty('p') &&
    4106             obj.hasOwnProperty('q') &&
    4107             obj.hasOwnProperty('dmp1') &&
    4108             obj.hasOwnProperty('dmq1') &&
    4109             obj.hasOwnProperty('coeff')
    4110         );
    4111     };
    4112 
    4113     /**
    4114      * Parse the properties of obj in the current rsa object. Obj should AT LEAST
    4115      * include the modulus and public exponent (n, e) parameters.
    4116      * @param {Object} obj - the object containing rsa parameters
    4117      * @private
    4118      */
    4119     RSAKey.prototype.parsePropertiesFrom = function (obj) {
    4120         this.n = obj.n;
    4121         this.e = obj.e;
    4122 
    4123         if (obj.hasOwnProperty('d')) {
    4124             this.d = obj.d;
    4125             this.p = obj.p;
    4126             this.q = obj.q;
    4127             this.dmp1 = obj.dmp1;
    4128             this.dmq1 = obj.dmq1;
    4129             this.coeff = obj.coeff;
    4130         }
    4131     };
    4132 
    4133     /**
    4134      * Create a new JSEncryptRSAKey that extends Tom Wu's RSA key object.
    4135      * This object is just a decorator for parsing the key parameter
    4136      * @param {string|Object} key - The key in string format, or an object containing
    4137      * the parameters needed to build a RSAKey object.
    4138      * @constructor
    4139      */
    4140     var JSEncryptRSAKey = function (key) {
    4141         // Call the super constructor.
    4142         RSAKey.call(this);
    4143         // If a key key was provided.
    4144         if (key) {
    4145             // If this is a string...
    4146             if (typeof key === 'string') {
    4147                 this.parseKey(key);
    4148             }
    4149             else if (
    4150                 this.hasPrivateKeyProperty(key) ||
    4151                 this.hasPublicKeyProperty(key)
    4152             ) {
    4153                 // Set the values for the key.
    4154                 this.parsePropertiesFrom(key);
    4155             }
    4156         }
    4157     };
    4158 
    4159 // Derive from RSAKey.
    4160     JSEncryptRSAKey.prototype = new RSAKey();
    4161 
    4162 // Reset the contructor.
    4163     JSEncryptRSAKey.prototype.constructor = JSEncryptRSAKey;
    4164 
    4165 
    4166     /**
    4167      *
    4168      * @param {Object} [options = {}] - An object to customize JSEncrypt behaviour
    4169      * possible parameters are:
    4170      * - default_key_size        {number}  default: 1024 the key size in bit
    4171      * - default_public_exponent {string}  default: '010001' the hexadecimal representation of the public exponent
    4172      * - log                     {boolean} default: false whether log warn/error or not
    4173      * @constructor
    4174      */
    4175     var JSEncrypt = function (options) {
    4176         options = options || {};
    4177         this.default_key_size = parseInt(options.default_key_size) || 1024;
    4178         this.default_public_exponent = options.default_public_exponent || '010001'; //65537 default openssl public exponent for rsa key type
    4179         this.log = options.log || false;
    4180         // The private and public key.
    4181         this.key = null;
    4182     };
    4183 
    4184     /**
    4185      * Method to set the rsa key parameter (one method is enough to set both the public
    4186      * and the private key, since the private key contains the public key paramenters)
    4187      * Log a warning if logs are enabled
    4188      * @param {Object|string} key the pem encoded string or an object (with or without header/footer)
    4189      * @public
    4190      */
    4191     JSEncrypt.prototype.setKey = function (key) {
    4192         if (this.log && this.key) {
    4193             console.warn('A key was already set, overriding existing.');
    4194         }
    4195         this.key = new JSEncryptRSAKey(key);
    4196     };
    4197 
    4198     /**
    4199      * Proxy method for setKey, for api compatibility
    4200      * @see setKey
    4201      * @public
    4202      */
    4203     JSEncrypt.prototype.setPrivateKey = function (privkey) {
    4204         // Create the key.
    4205         this.setKey(privkey);
    4206     };
    4207 
    4208     /**
    4209      * Proxy method for setKey, for api compatibility
    4210      * @see setKey
    4211      * @public
    4212      */
    4213     JSEncrypt.prototype.setPublicKey = function (pubkey) {
    4214         // Sets the public key.
    4215         this.setKey(pubkey);
    4216     };
    4217 
    4218     /**
    4219      * Proxy method for RSAKey object's decrypt, decrypt the string using the private
    4220      * components of the rsa key object. Note that if the object was not set will be created
    4221      * on the fly (by the getKey method) using the parameters passed in the JSEncrypt constructor
    4222      * @param {string} string base64 encoded crypted string to decrypt
    4223      * @return {string} the decrypted string
    4224      * @public
    4225      */
    4226     JSEncrypt.prototype.decrypt = function (string) {
    4227         // Return the decrypted string.
    4228         try {
    4229             return this.getKey().decrypt(b64tohex(string));
    4230         }
    4231         catch (ex) {
    4232             return false;
    4233         }
    4234     };
    4235 
    4236     /**
    4237      * Proxy method for RSAKey object's encrypt, encrypt the string using the public
    4238      * components of the rsa key object. Note that if the object was not set will be created
    4239      * on the fly (by the getKey method) using the parameters passed in the JSEncrypt constructor
    4240      * @param {string} string the string to encrypt
    4241      * @return {string} the encrypted string encoded in base64
    4242      * @public
    4243      */
    4244     JSEncrypt.prototype.encrypt = function (string) {
    4245         // Return the encrypted string.
    4246         try {
    4247             return hex2b64(this.getKey().encrypt(string));
    4248         }
    4249         catch (ex) {
    4250             return false;
    4251         }
    4252     };
    4253 
    4254     /**
    4255      * Getter for the current JSEncryptRSAKey object. If it doesn't exists a new object
    4256      * will be created and returned
    4257      * @param {callback} [cb] the callback to be called if we want the key to be generated
    4258      * in an async fashion
    4259      * @returns {JSEncryptRSAKey} the JSEncryptRSAKey object
    4260      * @public
    4261      */
    4262     JSEncrypt.prototype.getKey = function (cb) {
    4263         // Only create new if it does not exist.
    4264         if (!this.key) {
    4265             // Get a new private key.
    4266             this.key = new JSEncryptRSAKey();
    4267             if (cb && {}.toString.call(cb) === '[object Function]') {
    4268                 this.key.generateAsync(this.default_key_size, this.default_public_exponent, cb);
    4269                 return;
    4270             }
    4271             // Generate the key.
    4272             this.key.generate(this.default_key_size, this.default_public_exponent);
    4273         }
    4274         return this.key;
    4275     };
    4276 
    4277     /**
    4278      * Returns the pem encoded representation of the private key
    4279      * If the key doesn't exists a new key will be created
    4280      * @returns {string} pem encoded representation of the private key WITH header and footer
    4281      * @public
    4282      */
    4283     JSEncrypt.prototype.getPrivateKey = function () {
    4284         // Return the private representation of this key.
    4285         return this.getKey().getPrivateKey();
    4286     };
    4287 
    4288     /**
    4289      * Returns the pem encoded representation of the private key
    4290      * If the key doesn't exists a new key will be created
    4291      * @returns {string} pem encoded representation of the private key WITHOUT header and footer
    4292      * @public
    4293      */
    4294     JSEncrypt.prototype.getPrivateKeyB64 = function () {
    4295         // Return the private representation of this key.
    4296         return this.getKey().getPrivateBaseKeyB64();
    4297     };
    4298 
    4299 
    4300     /**
    4301      * Returns the pem encoded representation of the public key
    4302      * If the key doesn't exists a new key will be created
    4303      * @returns {string} pem encoded representation of the public key WITH header and footer
    4304      * @public
    4305      */
    4306     JSEncrypt.prototype.getPublicKey = function () {
    4307         // Return the private representation of this key.
    4308         return this.getKey().getPublicKey();
    4309     };
    4310 
    4311     /**
    4312      * Returns the pem encoded representation of the public key
    4313      * If the key doesn't exists a new key will be created
    4314      * @returns {string} pem encoded representation of the public key WITHOUT header and footer
    4315      * @public
    4316      */
    4317     JSEncrypt.prototype.getPublicKeyB64 = function () {
    4318         // Return the private representation of this key.
    4319         return this.getKey().getPublicBaseKeyB64();
    4320     };
    4321 
    4322     exports.JSEncrypt = JSEncrypt;
    4323 })(JSEncryptExports);
    4324 var JSEncrypt = JSEncryptExports.JSEncrypt;
    View Code

    JS加密代码

    var publicKey = "替换为Java后台生成的公钥";
    var encrypt = new JSEncrypt();
    encrypt.setPublicKey(publicKey);
    // 这里输出加密后的字符串
    console.log(encrypt.encrypt("你好asd1"));

    将JS加密后的字符串传递给Java的解密函数,解密即可得到原文。

  • 相关阅读:
    (转)性能测试---并发用户理解
    (转)基于DDD的现代ASP.NET开发框架--ABP分层架构
    (转)Web自动化测试中的接口测试
    (转) 一致性Hash算法在Memcached中的应用
    Memcached工作原理及常见问题
    Memcached介绍及相关知识
    .net 面试题总结
    使用IDEA工具配置和运行vue项目(详细其中的坑)
    关于伪分布zookeeper集群启动出错(Error contacting service. It is probably not running.)
    常用查找和排序
  • 原文地址:https://www.cnblogs.com/hellohello/p/10063048.html
Copyright © 2011-2022 走看看