/* globals X509, KJUR, ASN1HEX, KEYUTIL, BigInteger */ /** * Public Key operations. * * @author n1474335 [n1474335@gmail.com] * @copyright Crown Copyright 2016 * @license Apache-2.0 * * @namespace */ var PublicKey = { /** * @constant * @default */ X509_INPUT_FORMAT: ["PEM", "DER Hex", "Base64", "Raw"], /** * Parse X.509 certificate operation. * * @param {string} input * @param {Object[]} args * @returns {string} */ run_parse_x509: function (input, args) { var cert = new X509(), input_format = args[0]; if (!input.length) { return "No input"; } switch (input_format) { case "DER Hex": input = input.replace(/\s/g, ""); cert.hex = input; cert.pem = KJUR.asn1.ASN1Util.getPEMStringFromHex(input, "CERTIFICATE"); break; case "PEM": cert.hex = X509.pemToHex(input); cert.pem = input; break; case "Base64": cert.hex = Utils.to_hex(Utils.from_base64(input, null, "byte_array"), ""); cert.pem = KJUR.asn1.ASN1Util.getPEMStringFromHex(cert.hex, "CERTIFICATE"); break; case "Raw": cert.hex = Utils.to_hex(Utils.str_to_byte_array(input), ""); cert.pem = KJUR.asn1.ASN1Util.getPEMStringFromHex(cert.hex, "CERTIFICATE"); break; default: throw "Undefined input format"; } var version = ASN1HEX.getDecendantHexVByNthList(cert.hex, 0, [0, 0, 0]), sn = cert.getSerialNumberHex(), algorithm = KJUR.asn1.x509.OID.oid2name(KJUR.asn1.ASN1Util.oidHexToInt(ASN1HEX.getDecendantHexVByNthList(cert.hex, 0, [0, 2, 0]))), issuer = cert.getIssuerString(), not_before = cert.getNotBefore(), not_after = cert.getNotAfter(), subject = cert.getSubjectString(), pk_algorithm = KJUR.asn1.x509.OID.oid2name(KJUR.asn1.ASN1Util.oidHexToInt(ASN1HEX.getDecendantHexVByNthList(cert.hex, 0, [0, 6, 0, 0]))), pk = X509.getPublicKeyFromCertPEM(cert.pem), pk_fields = [], pk_str = "", cert_sig_alg = KJUR.asn1.x509.OID.oid2name(KJUR.asn1.ASN1Util.oidHexToInt(ASN1HEX.getDecendantHexVByNthList(cert.hex, 0, [1, 0]))), cert_sig = ASN1HEX.getDecendantHexVByNthList(cert.hex, 0, [2]).substr(2), sig_str = "", extensions = ASN1HEX.dump(ASN1HEX.getDecendantHexVByNthList(cert.hex, 0, [0, 7])); // Public Key fields if (pk.type == "EC") { // ECDSA pk_fields.push({ key: "Curve Name", value: pk.curveName }); pk_fields.push({ key: "Length", value: (((new BigInteger(pk.pubKeyHex, 16)).bitLength()-3) /2) + " bits" }); pk_fields.push({ key: "pub", value: PublicKey._format_byte_str(pk.pubKeyHex, 16, 18) }); } else if (pk.type == "DSA") { // DSA pk_fields.push({ key: "pub", value: PublicKey._format_byte_str(pk.y.toString(16), 16, 18) }); pk_fields.push({ key: "P", value: PublicKey._format_byte_str(pk.p.toString(16), 16, 18) }); pk_fields.push({ key: "Q", value: PublicKey._format_byte_str(pk.q.toString(16), 16, 18) }); pk_fields.push({ key: "G", value: PublicKey._format_byte_str(pk.g.toString(16), 16, 18) }); } else if (pk.e) { // RSA pk_fields.push({ key: "Length", value: pk.n.bitLength() + " bits" }); pk_fields.push({ key: "Modulus", value: PublicKey._format_byte_str(pk.n.toString(16), 16, 18) }); pk_fields.push({ key: "Exponent", value: pk.e + " (0x" + pk.e.toString(16) + ")" }); } else { pk_fields.push({ key: "Error", value: "Unknown Public Key type" }); } // Signature fields if (ASN1HEX.dump(cert_sig).indexOf("SEQUENCE") === 0) { // DSA or ECDSA sig_str = " r: " + PublicKey._format_byte_str(ASN1HEX.getDecendantHexVByNthList(cert_sig, 0, [0]), 16, 18) + "\n" + " s: " + PublicKey._format_byte_str(ASN1HEX.getDecendantHexVByNthList(cert_sig, 0, [1]), 16, 18) + "\n"; } else { // RSA sig_str = " Signature: " + PublicKey._format_byte_str(cert_sig, 16, 18) + "\n"; } // Format Public Key fields for (var i = 0; i < pk_fields.length; i++) { pk_str += " " + pk_fields[i].key + ":" + Utils.pad_left( pk_fields[i].value + "\n", 18 - (pk_fields[i].key.length + 3) + pk_fields[i].value.length + 1, " " ); } var issuer_str = PublicKey._format_dn_str(issuer, 2), nb_date = PublicKey._format_date(not_before), na_date = PublicKey._format_date(not_after), subject_str = PublicKey._format_dn_str(subject, 2), cert_sig_str = PublicKey._format_byte_str(cert_sig, 16, 18); var output = "Version: " + (parseInt(version, 16) + 1) + " (0x" + version + ")\n" + "Serial number: " + new BigInteger(sn, 16).toString() + " (0x" + sn + ")\n" + "Algorithm ID: " + algorithm + "\n" + "Validity\n" + " Not Before: " + nb_date + " (dd-mm-yy hh:mm:ss) (" + not_before + ")\n" + " Not After: " + na_date + " (dd-mm-yy hh:mm:ss) (" + not_after + ")\n" + "Issuer\n" + issuer_str + "Subject\n" + subject_str + "Public Key\n" + " Algorithm: " + pk_algorithm + "\n" + pk_str + "Certificate Signature\n" + " Algorithm: " + cert_sig_alg + "\n" + sig_str + "\nExtensions (parsed ASN.1)\n" + extensions; return output; }, /** * PEM to Hex operation. * * @param {string} input * @param {Object[]} args * @returns {string} */ run_pem_to_hex: function(input, args) { if (input.indexOf("-----BEGIN") < 0) { // Add header so that the KEYUTIL function works input = "-----BEGIN CERTIFICATE-----" + input; } if (input.indexOf("-----END") < 0) { // Add footer so that the KEYUTIL function works input = input + "-----END CERTIFICATE-----"; } return KEYUTIL.getHexFromPEM(input); }, /** * @constant * @default */ PEM_HEADER_STRING: "CERTIFICATE", /** * Hex to PEM operation. * * @param {string} input * @param {Object[]} args * @returns {string} */ run_hex_to_pem: function(input, args) { return KJUR.asn1.ASN1Util.getPEMStringFromHex(input.replace(/\s/g, ""), args[0]); }, /** * Hex to Object Identifier operation. * * @param {string} input * @param {Object[]} args * @returns {string} */ run_hex_to_object_identifier: function(input, args) { return KJUR.asn1.ASN1Util.oidHexToInt(input.replace(/\s/g, "")); }, /** * Object Identifier to Hex operation. * * @param {string} input * @param {Object[]} args * @returns {string} */ run_object_identifier_to_hex: function(input, args) { return KJUR.asn1.ASN1Util.oidIntToHex(input); }, /** * @constant * @default */ ASN1_TRUNCATE_LENGTH: 32, /** * Parse ASN.1 hex string operation. * * @param {string} input * @param {Object[]} args * @returns {string} */ run_parse_asn1_hex_string: function(input, args) { var truncate_len = args[1], index = args[0]; return ASN1HEX.dump(input.replace(/\s/g, ""), { "ommit_long_octet": truncate_len }, index); }, /** * Formats Distinguished Name (DN) strings. * * @private * @param {string} dn_str * @param {number} indent * @returns {string} */ _format_dn_str: function(dn_str, indent) { var output = "", fields = dn_str.split(",/|"), max_key_len = 0, key, value, str; for (var i = 0; i < fields.length; i++) { if (!fields[i].length) continue; key = fields[i].split("=")[0]; max_key_len = key.length > max_key_len ? key.length : max_key_len; } for (i = 0; i < fields.length; i++) { if (!fields[i].length) continue; key = fields[i].split("=")[0]; value = fields[i].split("=")[1]; str = Utils.pad_right(key, max_key_len) + " = " + value + "\n"; output += Utils.pad_left(str, indent + str.length, " "); } return output; }, /** * Formats byte strings by adding line breaks and delimiters. * * @private * @param {string} byte_str * @param {number} length - Line width * @param {number} indent * @returns {string} */ _format_byte_str: function(byte_str, length, indent) { byte_str = Utils.to_hex(Utils.from_hex(byte_str), ":"); length = length * 3; var output = ""; for (var i = 0; i < byte_str.length; i += length) { var str = byte_str.slice(i, i + length) + "\n"; if (i === 0) { output += str; } else { output += Utils.pad_left(str, indent + str.length, " "); } } return output.slice(0, output.length-1); }, /** * Formats dates. * * @private * @param {string} date_str * @returns {string} */ _format_date: function(date_str) { return date_str[4] + date_str[5] + "/" + date_str[2] + date_str[3] + "/" + date_str[0] + date_str[1] + " " + date_str[6] + date_str[7] + ":" + date_str[8] + date_str[9] + ":" + date_str[10] + date_str[11]; }, }; /** * Overwrite X509.hex2dn function so as to join RDNs with a string which can be split on without * causing problems later (I hope). * * @param {string} hDN - Hex DN string * @returns {string} */ X509.hex2dn = function(hDN) { var s = ""; var a = ASN1HEX.getPosArrayOfChildren_AtObj(hDN, 0); for (var i = 0; i < a.length; i++) { var hRDN = ASN1HEX.getHexOfTLV_AtObj(hDN, a[i]); s = s + ",/|" + X509.hex2rdn(hRDN); } return s; }; /** * Overwrite DN attribute lookup in jsrasign library with a much more complete version from * https://github.com/nfephp-org/nfephp/blob/master/libs/Common/Certificate/Oids.php * * Various duplicates commented out. * * @constant */ X509.DN_ATTRHEX = { '0603550403' : 'commonName', '0603550404' : 'surname', '0603550406' : 'countryName', '0603550407' : 'localityName', '0603550408' : 'stateOrProvinceName', '0603550409' : 'streetAddress', '060355040a' : 'organizationName', '060355040b' : 'organizationalUnitName', '060355040c' : 'title', '0603550414' : 'telephoneNumber', '060355042a' : 'givenName', // '0603551d0e' : 'id-ce-subjectKeyIdentifier', // '0603551d0f' : 'id-ce-keyUsage', // '0603551d11' : 'id-ce-subjectAltName', // '0603551d13' : 'id-ce-basicConstraints', // '0603551d14' : 'id-ce-cRLNumber', // '0603551d1f' : 'id-ce-CRLDistributionPoints', // '0603551d20' : 'id-ce-certificatePolicies', // '0603551d23' : 'id-ce-authorityKeyIdentifier', // '0603551d25' : 'id-ce-extKeyUsage', // '06032a864886f70d010901' : 'Email', // '06032a864886f70d010101' : 'RSAEncryption', // '06032a864886f70d010102' : 'md2WithRSAEncryption', // '06032a864886f70d010104' : 'md5withRSAEncryption', // '06032a864886f70d010105' : 'SHA-1WithRSAEncryption', // '06032a8648ce380403' : 'id-dsa-with-sha-1', // '06032b06010505070302' : 'id_kp_clientAuth', // '06032b06010505070304' : 'id_kp_securityemail', '06032b06010505070201' : 'id_certificatePolicies', '06036086480186f8420101' : 'netscape-cert-type', '06036086480186f8420102' : 'netscape-base-url', '06036086480186f8420103' : 'netscape-revocation-url', '06036086480186f8420104' : 'netscape-ca-revocation-url', '06036086480186f8420107' : 'netscape-cert-renewal-url', '06036086480186f8420108' : 'netscape-ca-policy-url', '06036086480186f842010c' : 'netscape-ssl-server-name', '06036086480186f842010d' : 'netscape-comment', '0603604c010201' : 'A1', '0603604c010203' : 'A3', '0603604c01020110' : 'Certification Practice Statement pointer', '0603604c010301' : 'Dados do cert parte 1', '0603604c010305' : 'Dados do cert parte 2', '0603604c010306' : 'Dados do cert parte 3', '06030992268993f22c640119' : 'domainComponent', '06032a24a0f2a07d01010a' : 'Signet pilot', '06032a24a0f2a07d01010b' : 'Signet intraNet', '06032a24a0f2a07d010102' : 'Signet personal', '06032a24a0f2a07d010114' : 'Signet securityPolicy', '06032a24a0f2a07d010103' : 'Signet business', '06032a24a0f2a07d010104' : 'Signet legal', '06032a24a497a35301640101' : 'Certificates Australia policyIdentifier', '06032a85702201' : 'seis-cp', '06032a8570220101' : 'SEIS certificatePolicy-s10', '06032a85702202' : 'SEIS pe', '06032a85702203' : 'SEIS at', '06032a8570220301' : 'SEIS at-personalIdentifier', '06032a8648ce380201' : 'holdinstruction-none', '06032a8648ce380202' : 'holdinstruction-callissuer', '06032a8648ce380203' : 'holdinstruction-reject', '06032a8648ce380401' : 'dsa', '06032a8648ce380403' : 'dsaWithSha1', '06032a8648ce3d01' : 'fieldType', '06032a8648ce3d0101' : 'prime-field', '06032a8648ce3d0102' : 'characteristic-two-field', '06032a8648ce3d010201' : 'ecPublicKey', '06032a8648ce3d010203' : 'characteristic-two-basis', '06032a8648ce3d01020301' : 'onBasis', '06032a8648ce3d01020302' : 'tpBasis', '06032a8648ce3d01020303' : 'ppBasis', '06032a8648ce3d02' : 'publicKeyType', '06032a8648ce3d0201' : 'ecPublicKey', '06032a8648ce3e0201' : 'dhPublicNumber', '06032a864886f67d07' : 'nsn', '06032a864886f67d0741' : 'nsn-ce', '06032a864886f67d074100' : 'entrustVersInfo', '06032a864886f67d0742' : 'nsn-alg', '06032a864886f67d07420a' : 'cast5CBC', '06032a864886f67d07420b' : 'cast5MAC', '06032a864886f67d07420c' : 'pbeWithMD5AndCAST5-CBC', '06032a864886f67d07420d' : 'passwordBasedMac', '06032a864886f67d074203' : 'cast3CBC', '06032a864886f67d0743' : 'nsn-oc', '06032a864886f67d074300' : 'entrustUser', '06032a864886f67d0744' : 'nsn-at', '06032a864886f67d074400' : 'entrustCAInfo', '06032a864886f67d07440a' : 'attributeCertificate', '06032a864886f70d0101' : 'pkcs-1', '06032a864886f70d010101' : 'rsaEncryption', '06032a864886f70d010102' : 'md2withRSAEncryption', '06032a864886f70d010103' : 'md4withRSAEncryption', '06032a864886f70d010104' : 'md5withRSAEncryption', '06032a864886f70d010105' : 'sha1withRSAEncryption', '06032a864886f70d010106' : 'rsaOAEPEncryptionSET', '06032a864886f70d010910020b' : 'SMIMEEncryptionKeyPreference', '06032a864886f70d010c' : 'pkcs-12', '06032a864886f70d010c01' : 'pkcs-12-PbeIds', '06032a864886f70d010c0101' : 'pbeWithSHAAnd128BitRC4', '06032a864886f70d010c0102' : 'pbeWithSHAAnd40BitRC4', '06032a864886f70d010c0103' : 'pbeWithSHAAnd3-KeyTripleDES-CBC', '06032a864886f70d010c0104' : 'pbeWithSHAAnd2-KeyTripleDES-CBC', '06032a864886f70d010c0105' : 'pbeWithSHAAnd128BitRC2-CBC', '06032a864886f70d010c0106' : 'pbeWithSHAAnd40BitRC2-CBC', '06032a864886f70d010c0a' : 'pkcs-12Version1', '06032a864886f70d010c0a01' : 'pkcs-12BadIds', '06032a864886f70d010c0a0101' : 'pkcs-12-keyBag', '06032a864886f70d010c0a0102' : 'pkcs-12-pkcs-8ShroudedKeyBag', '06032a864886f70d010c0a0103' : 'pkcs-12-certBag', '06032a864886f70d010c0a0104' : 'pkcs-12-crlBag', '06032a864886f70d010c0a0105' : 'pkcs-12-secretBag', '06032a864886f70d010c0a0106' : 'pkcs-12-safeContentsBag', '06032a864886f70d010c02' : 'pkcs-12-ESPVKID', '06032a864886f70d010c0201' : 'pkcs-12-PKCS8KeyShrouding', '06032a864886f70d010c03' : 'pkcs-12-BagIds', '06032a864886f70d010c0301' : 'pkcs-12-keyBagId', '06032a864886f70d010c0302' : 'pkcs-12-certAndCRLBagId', '06032a864886f70d010c0303' : 'pkcs-12-secretBagId', '06032a864886f70d010c0304' : 'pkcs-12-safeContentsId', '06032a864886f70d010c0305' : 'pkcs-12-pkcs-8ShroudedKeyBagId', '06032a864886f70d010c04' : 'pkcs-12-CertBagID', '06032a864886f70d010c0401' : 'pkcs-12-X509CertCRLBagID', '06032a864886f70d010c0402' : 'pkcs-12-SDSICertBagID', '06032a864886f70d010c05' : 'pkcs-12-OID', '06032a864886f70d010c0501' : 'pkcs-12-PBEID', '06032a864886f70d010c050101' : 'pkcs-12-PBEWithSha1And128BitRC4', '06032a864886f70d010c050102' : 'pkcs-12-PBEWithSha1And40BitRC4', '06032a864886f70d010c050103' : 'pkcs-12-PBEWithSha1AndTripleDESCBC', '06032a864886f70d010c050104' : 'pkcs-12-PBEWithSha1And128BitRC2CBC', '06032a864886f70d010c050105' : 'pkcs-12-PBEWithSha1And40BitRC2CBC', '06032a864886f70d010c050106' : 'pkcs-12-PBEWithSha1AndRC4', '06032a864886f70d010c050107' : 'pkcs-12-PBEWithSha1AndRC2CBC', '06032a864886f70d010c0502' : 'pkcs-12-EnvelopingID', '06032a864886f70d010c050201' : 'pkcs-12-RSAEncryptionWith128BitRC4', '06032a864886f70d010c050202' : 'pkcs-12-RSAEncryptionWith40BitRC4', '06032a864886f70d010c050203' : 'pkcs-12-RSAEncryptionWithTripleDES', '06032a864886f70d010c0503' : 'pkcs-12-SignatureID', '06032a864886f70d010c050301' : 'pkcs-12-RSASignatureWithSHA1Digest', '06032a864886f70d0103' : 'pkcs-3', '06032a864886f70d010301' : 'dhKeyAgreement', '06032a864886f70d0105' : 'pkcs-5', '06032a864886f70d010501' : 'pbeWithMD2AndDES-CBC', '06032a864886f70d01050a' : 'pbeWithSHAAndDES-CBC', '06032a864886f70d010503' : 'pbeWithMD5AndDES-CBC', '06032a864886f70d010504' : 'pbeWithMD2AndRC2-CBC', '06032a864886f70d010506' : 'pbeWithMD5AndRC2-CBC', '06032a864886f70d010509' : 'pbeWithMD5AndXOR', '06032a864886f70d0107' : 'pkcs-7', '06032a864886f70d010701' : 'data', '06032a864886f70d010702' : 'signedData', '06032a864886f70d010703' : 'envelopedData', '06032a864886f70d010704' : 'signedAndEnvelopedData', '06032a864886f70d010705' : 'digestData', '06032a864886f70d010706' : 'encryptedData', '06032a864886f70d010707' : 'dataWithAttributes', '06032a864886f70d010708' : 'encryptedPrivateKeyInfo', '06032a864886f70d0109' : 'pkcs-9', '06032a864886f70d010901' : 'emailAddress', '06032a864886f70d01090a' : 'issuerAndSerialNumber', '06032a864886f70d01090b' : 'passwordCheck', '06032a864886f70d01090c' : 'publicKey', '06032a864886f70d01090d' : 'signingDescription', '06032a864886f70d01090e' : 'extensionReq', '06032a864886f70d01090f' : 'sMIMECapabilities', '06032a864886f70d01090f01' : 'preferSignedData', '06032a864886f70d01090f02' : 'canNotDecryptAny', '06032a864886f70d01090f03' : 'receiptRequest', '06032a864886f70d01090f04' : 'receipt', '06032a864886f70d01090f05' : 'contentHints', '06032a864886f70d01090f06' : 'mlExpansionHistory', '06032a864886f70d010910' : 'id-sMIME', '06032a864886f70d01091000' : 'id-mod', '06032a864886f70d0109100001' : 'id-mod-cms', '06032a864886f70d0109100002' : 'id-mod-ess', '06032a864886f70d01091001' : 'id-ct', '06032a864886f70d0109100101' : 'id-ct-receipt', '06032a864886f70d01091002' : 'id-aa', '06032a864886f70d0109100201' : 'id-aa-receiptRequest', '06032a864886f70d0109100202' : 'id-aa-securityLabel', '06032a864886f70d0109100203' : 'id-aa-mlExpandHistory', '06032a864886f70d0109100204' : 'id-aa-contentHint', '06032a864886f70d010902' : 'unstructuredName', '06032a864886f70d010914' : 'friendlyName', '06032a864886f70d010915' : 'localKeyID', '06032a864886f70d010916' : 'certTypes', '06032a864886f70d01091601' : 'x509Certificate', '06032a864886f70d01091602' : 'sdsiCertificate', '06032a864886f70d010917' : 'crlTypes', '06032a864886f70d01091701' : 'x509Crl', '06032a864886f70d010903' : 'contentType', '06032a864886f70d010904' : 'messageDigest', '06032a864886f70d010905' : 'signingTime', '06032a864886f70d010906' : 'countersignature', '06032a864886f70d010907' : 'challengePassword', '06032a864886f70d010908' : 'unstructuredAddress', '06032a864886f70d010909' : 'extendedCertificateAttributes', '06032a864886f70d02' : 'digestAlgorithm', '06032a864886f70d0202' : 'md2', '06032a864886f70d0204' : 'md4', '06032a864886f70d0205' : 'md5', '06032a864886f70d03' : 'encryptionAlgorithm', '06032a864886f70d030a' : 'desCDMF', '06032a864886f70d0302' : 'rc2CBC', '06032a864886f70d0303' : 'rc2ECB', '06032a864886f70d0304' : 'rc4', '06032a864886f70d0305' : 'rc4WithMAC', '06032a864886f70d0306' : 'DESX-CBC', '06032a864886f70d0307' : 'DES-EDE3-CBC', '06032a864886f70d0308' : 'RC5CBC', '06032a864886f70d0309' : 'RC5-CBCPad', '06032a864886f7140403' : 'microsoftExcel', '06032a864886f7140404' : 'titledWithOID', '06032a864886f7140405' : 'microsoftPowerPoint', '06032b81051086480954' : 'x9-84', '06032b8105108648095400' : 'x9-84-Module', '06032b810510864809540001' : 'x9-84-Biometrics', '06032b810510864809540002' : 'x9-84-CMS', '06032b810510864809540003' : 'x9-84-Identifiers', '06032b8105108648095401' : 'biometric', '06032b810510864809540100' : 'id-unknown-Type', '06032b810510864809540101' : 'id-body-Odor', '06032b81051086480954010a' : 'id-palm', '06032b81051086480954010b' : 'id-retina', '06032b81051086480954010c' : 'id-signature', '06032b81051086480954010d' : 'id-speech-Pattern', '06032b81051086480954010e' : 'id-thermal-Image', '06032b81051086480954010f' : 'id-vein-Pattern', '06032b810510864809540110' : 'id-thermal-Face-Image', '06032b810510864809540111' : 'id-thermal-Hand-Image', '06032b810510864809540112' : 'id-lip-Movement', '06032b810510864809540113' : 'id-gait', '06032b810510864809540102' : 'id-dna', '06032b810510864809540103' : 'id-ear-Shape', '06032b810510864809540104' : 'id-facial-Features', '06032b810510864809540105' : 'id-finger-Image', '06032b810510864809540106' : 'id-finger-Geometry', '06032b810510864809540107' : 'id-hand-Geometry', '06032b810510864809540108' : 'id-iris-Features', '06032b810510864809540109' : 'id-keystroke-Dynamics', '06032b8105108648095402' : 'processing-algorithm', '06032b8105108648095403' : 'matching-method', '06032b8105108648095404' : 'format-Owner', '06032b810510864809540400' : 'cbeff-Owner', '06032b810510864809540401' : 'ibia-Owner', '06032b81051086480954040101' : 'id-ibia-SAFLINK', '06032b8105108648095404010a' : 'id-ibia-SecuGen', '06032b8105108648095404010b' : 'id-ibia-PreciseBiometric', '06032b8105108648095404010c' : 'id-ibia-Identix', '06032b8105108648095404010d' : 'id-ibia-DERMALOG', '06032b8105108648095404010e' : 'id-ibia-LOGICO', '06032b8105108648095404010f' : 'id-ibia-NIST', '06032b81051086480954040110' : 'id-ibia-A3Vision', '06032b81051086480954040111' : 'id-ibia-NEC', '06032b81051086480954040112' : 'id-ibia-STMicroelectronics', '06032b81051086480954040102' : 'id-ibia-Bioscrypt', '06032b81051086480954040103' : 'id-ibia-Visionics', '06032b81051086480954040104' : 'id-ibia-InfineonTechnologiesAG', '06032b81051086480954040105' : 'id-ibia-IridianTechnologies', '06032b81051086480954040106' : 'id-ibia-Veridicom', '06032b81051086480954040107' : 'id-ibia-CyberSIGN', '06032b81051086480954040108' : 'id-ibia-eCryp.', '06032b81051086480954040109' : 'id-ibia-FingerprintCardsAB', '06032b810510864809540402' : 'x9-Owner', '06032b0e021a05' : 'sha', '06032b0e03020101' : 'rsa', '06032b0e03020a' : 'desMAC', '06032b0e03020b' : 'rsaSignature', '06032b0e03020c' : 'dsa', '06032b0e03020d' : 'dsaWithSHA', '06032b0e03020e' : 'mdc2WithRSASignature', '06032b0e03020f' : 'shaWithRSASignature', '06032b0e030210' : 'dhWithCommonModulus', '06032b0e030211' : 'desEDE', '06032b0e030212' : 'sha', '06032b0e030213' : 'mdc-2', '06032b0e030202' : 'md4WitRSA', '06032b0e03020201' : 'sqmod-N', '06032b0e030214' : 'dsaCommon', '06032b0e030215' : 'dsaCommonWithSHA', '06032b0e030216' : 'rsaKeyTransport', '06032b0e030217' : 'keyed-hash-seal', '06032b0e030218' : 'md2WithRSASignature', '06032b0e030219' : 'md5WithRSASignature', '06032b0e03021a' : 'sha1', '06032b0e03021b' : 'dsaWithSHA1', '06032b0e03021c' : 'dsaWithCommonSHA1', '06032b0e03021d' : 'sha-1WithRSAEncryption', '06032b0e030203' : 'md5WithRSA', '06032b0e03020301' : 'sqmod-NwithRSA', '06032b0e030204' : 'md4WithRSAEncryption', '06032b0e030206' : 'desECB', '06032b0e030207' : 'desCBC', '06032b0e030208' : 'desOFB', '06032b0e030209' : 'desCFB', '06032b0e030301' : 'simple-strong-auth-mechanism', '06032b0e07020101' : 'ElGamal', '06032b0e07020301' : 'md2WithRSA', '06032b0e07020302' : 'md2WithElGamal', '06032b2403' : 'algorithm', '06032b240301' : 'encryptionAlgorithm', '06032b24030101' : 'des', '06032b240301010101' : 'desECBPad', '06032b24030101010101' : 'desECBPadISO', '06032b240301010201' : 'desCBCPad', '06032b24030101020101' : 'desCBCPadISO', '06032b24030102' : 'idea', '06032b2403010201' : 'ideaECB', '06032b240301020101' : 'ideaECBPad', '06032b24030102010101' : 'ideaECBPadISO', '06032b2403010202' : 'ideaCBC', '06032b240301020201' : 'ideaCBCPad', '06032b24030102020101' : 'ideaCBCPadISO', '06032b2403010203' : 'ideaOFB', '06032b2403010204' : 'ideaCFB', '06032b24030103' : 'des-3', '06032b240301030101' : 'des-3ECBPad', '06032b24030103010101' : 'des-3ECBPadISO', '06032b240301030201' : 'des-3CBCPad', '06032b24030103020101' : 'des-3CBCPadISO', '06032b240302' : 'hashAlgorithm', '06032b24030201' : 'ripemd160', '06032b24030202' : 'ripemd128', '06032b24030203' : 'ripemd256', '06032b24030204' : 'mdc2singleLength', '06032b24030205' : 'mdc2doubleLength', '06032b240303' : 'signatureAlgorithm', '06032b24030301' : 'rsa', '06032b2403030101' : 'rsaMitSHA-1', '06032b2403030102' : 'rsaMitRIPEMD160', '06032b24030302' : 'ellipticCurve', '06032b240304' : 'signatureScheme', '06032b24030401' : 'iso9796-1', '06032b2403040201' : 'iso9796-2', '06032b2403040202' : 'iso9796-2rsa', '06032b2404' : 'attribute', '06032b2405' : 'policy', '06032b2406' : 'api', '06032b240601' : 'manufacturerSpecific', '06032b240602' : 'functionalitySpecific', '06032b2407' : 'api', '06032b240701' : 'keyAgreement', '06032b240702' : 'keyTransport', '06032b06010401927c0a0101' : 'UNINETT policyIdentifier', '06032b0601040195180a' : 'ICE-TEL policyIdentifier', '06032b0601040197552001' : 'cryptlibEnvelope', '06032b0601040197552002' : 'cryptlibPrivateKey', '060a2b060104018237' : 'Microsoft OID', '060a2b0601040182370a' : 'Crypto 2.0', '060a2b0601040182370a01' : 'certTrustList', '060a2b0601040182370a0101' : 'szOID_SORTED_CTL', '060a2b0601040182370a0a' : 'Microsoft CMC OIDs', '060a2b0601040182370a0a01' : 'szOID_CMC_ADD_ATTRIBUTES', '060a2b0601040182370a0b' : 'Microsoft certificate property OIDs', '060a2b0601040182370a0b01' : 'szOID_CERT_PROP_ID_PREFIX', '060a2b0601040182370a0c' : 'CryptUI', '060a2b0601040182370a0c01' : 'szOID_ANY_APPLICATION_POLICY', '060a2b0601040182370a02' : 'nextUpdateLocation', '060a2b0601040182370a0301' : 'certTrustListSigning', '060a2b0601040182370a030a' : 'szOID_KP_QUALIFIED_SUBORDINATION', '060a2b0601040182370a030b' : 'szOID_KP_KEY_RECOVERY', '060a2b0601040182370a030c' : 'szOID_KP_DOCUMENT_SIGNING', '060a2b0601040182370a0302' : 'timeStampSigning', '060a2b0601040182370a0303' : 'serverGatedCrypto', '060a2b0601040182370a030301' : 'szOID_SERIALIZED', '060a2b0601040182370a0304' : 'encryptedFileSystem', '060a2b0601040182370a030401' : 'szOID_EFS_RECOVERY', '060a2b0601040182370a0305' : 'szOID_WHQL_CRYPTO', '060a2b0601040182370a0306' : 'szOID_NT5_CRYPTO', '060a2b0601040182370a0307' : 'szOID_OEM_WHQL_CRYPTO', '060a2b0601040182370a0308' : 'szOID_EMBEDDED_NT_CRYPTO', '060a2b0601040182370a0309' : 'szOID_ROOT_LIST_SIGNER', '060a2b0601040182370a0401' : 'yesnoTrustAttr', '060a2b0601040182370a0501' : 'szOID_DRM', '060a2b0601040182370a0502' : 'szOID_DRM_INDIVIDUALIZATION', '060a2b0601040182370a0601' : 'szOID_LICENSES', '060a2b0601040182370a0602' : 'szOID_LICENSE_SERVER', '060a2b0601040182370a07' : 'szOID_MICROSOFT_RDN_PREFIX', '060a2b0601040182370a0701' : 'szOID_KEYID_RDN', '060a2b0601040182370a0801' : 'szOID_REMOVE_CERTIFICATE', '060a2b0601040182370a0901' : 'szOID_CROSS_CERT_DIST_POINTS', '060a2b0601040182370c' : 'Catalog', '060a2b0601040182370c0101' : 'szOID_CATALOG_LIST', '060a2b0601040182370c0102' : 'szOID_CATALOG_LIST_MEMBER', '060a2b0601040182370c0201' : 'CAT_NAMEVALUE_OBJID', '060a2b0601040182370c0202' : 'CAT_MEMBERINFO_OBJID', '060a2b0601040182370d' : 'Microsoft PKCS10 OIDs', '060a2b0601040182370d01' : 'szOID_RENEWAL_CERTIFICATE', '060a2b0601040182370d0201' : 'szOID_ENROLLMENT_NAME_VALUE_PAIR', '060a2b0601040182370d0202' : 'szOID_ENROLLMENT_CSP_PROVIDER', '060a2b0601040182370d0203' : 'OS Version', '060a2b0601040182370f' : 'Microsoft Java', '060a2b06010401823710' : 'Microsoft Outlook/Exchange', '060a2b0601040182371004' : 'Outlook Express', '060a2b06010401823711' : 'Microsoft PKCS12 attributes', '060a2b0601040182371101' : 'szOID_LOCAL_MACHINE_KEYSET', '060a2b06010401823712' : 'Microsoft Hydra', '060a2b06010401823713' : 'Microsoft ISPU Test', '060a2b06010401823702' : 'Authenticode', '060a2b06010401823702010a' : 'spcAgencyInfo', '060a2b06010401823702010b' : 'spcStatementType', '060a2b06010401823702010c' : 'spcSpOpusInfo', '060a2b06010401823702010e' : 'certExtensions', '060a2b06010401823702010f' : 'spcPelmageData', '060a2b060104018237020112' : 'SPC_RAW_FILE_DATA_OBJID', '060a2b060104018237020113' : 'SPC_STRUCTURED_STORAGE_DATA_OBJID', '060a2b060104018237020114' : 'spcLink', '060a2b060104018237020115' : 'individualCodeSigning', '060a2b060104018237020116' : 'commercialCodeSigning', '060a2b060104018237020119' : 'spcLink', '060a2b06010401823702011a' : 'spcMinimalCriteriaInfo', '060a2b06010401823702011b' : 'spcFinancialCriteriaInfo', '060a2b06010401823702011c' : 'spcLink', '060a2b06010401823702011d' : 'SPC_HASH_INFO_OBJID', '060a2b06010401823702011e' : 'SPC_SIPINFO_OBJID', '060a2b060104018237020104' : 'spcIndirectDataContext', '060a2b0601040182370202' : 'CTL for Software Publishers Trusted CAs', '060a2b060104018237020201' : 'szOID_TRUSTED_CODESIGNING_CA_LIST', '060a2b060104018237020202' : 'szOID_TRUSTED_CLIENT_AUTH_CA_LIST', '060a2b060104018237020203' : 'szOID_TRUSTED_SERVER_AUTH_CA_LIST', '060a2b06010401823714' : 'Microsoft Enrollment Infrastructure', '060a2b0601040182371401' : 'szOID_AUTO_ENROLL_CTL_USAGE', '060a2b0601040182371402' : 'szOID_ENROLL_CERTTYPE_EXTENSION', '060a2b060104018237140201' : 'szOID_ENROLLMENT_AGENT', '060a2b060104018237140202' : 'szOID_KP_SMARTCARD_LOGON', '060a2b060104018237140203' : 'szOID_NT_PRINCIPAL_NAME', '060a2b0601040182371403' : 'szOID_CERT_MANIFOLD', '06092b06010401823715' : 'Microsoft CertSrv Infrastructure', '06092b0601040182371501' : 'szOID_CERTSRV_CA_VERSION', '06092b0601040182371514' : 'Client Information', '060a2b06010401823719' : 'Microsoft Directory Service', '060a2b0601040182371901' : 'szOID_NTDS_REPLICATION', '060a2b06010401823703' : 'Time Stamping', '060a2b060104018237030201' : 'SPC_TIME_STAMP_REQUEST_OBJID', '060a2b0601040182371e' : 'IIS', '060a2b0601040182371f' : 'Windows updates and service packs', '060a2b0601040182371f01' : 'szOID_PRODUCT_UPDATE', '060a2b06010401823704' : 'Permissions', '060a2b06010401823728' : 'Fonts', '060a2b06010401823729' : 'Microsoft Licensing and Registration', '060a2b0601040182372a' : 'Microsoft Corporate PKI (ITG)', '060a2b06010401823758' : 'CAPICOM', '060a2b0601040182375801' : 'szOID_CAPICOM_VERSION', '060a2b0601040182375802' : 'szOID_CAPICOM_ATTRIBUTE', '060a2b060104018237580201' : 'szOID_CAPICOM_DOCUMENT_NAME', '060a2b060104018237580202' : 'szOID_CAPICOM_DOCUMENT_DESCRIPTION', '060a2b0601040182375803' : 'szOID_CAPICOM_ENCRYPTED_DATA', '060a2b060104018237580301' : 'szOID_CAPICOM_ENCRYPTED_CONTENT', '06032b0601050507' : 'pkix', '06032b060105050701' : 'privateExtension', '06032b06010505070101' : 'authorityInfoAccess', '06032b06010505070c02' : 'CMC Data', '06032b060105050702' : 'policyQualifierIds', // '06032b06010505070201' : 'cps', '06032b06010505070202' : 'unotice', '06032b060105050703' : 'keyPurpose', '06032b06010505070301' : 'serverAuth', '06032b06010505070302' : 'clientAuth', '06032b06010505070303' : 'codeSigning', '06032b06010505070304' : 'emailProtection', '06032b06010505070305' : 'ipsecEndSystem', '06032b06010505070306' : 'ipsecTunnel', '06032b06010505070307' : 'ipsecUser', '06032b06010505070308' : 'timeStamping', '06032b060105050704' : 'cmpInformationTypes', '06032b06010505070401' : 'caProtEncCert', '06032b06010505070402' : 'signKeyPairTypes', '06032b06010505070403' : 'encKeyPairTypes', '06032b06010505070404' : 'preferredSymmAlg', '06032b06010505070405' : 'caKeyUpdateInfo', '06032b06010505070406' : 'currentCRL', '06032b06010505073001' : 'ocsp', '06032b06010505073002' : 'caIssuers', '06032b06010505080101' : 'HMAC-MD5', '06032b06010505080102' : 'HMAC-SHA', '060360864801650201010a' : 'mosaicKeyManagementAlgorithm', '060360864801650201010b' : 'sdnsKMandSigAlgorithm', '060360864801650201010c' : 'mosaicKMandSigAlgorithm', '060360864801650201010d' : 'SuiteASignatureAlgorithm', '060360864801650201010e' : 'SuiteAConfidentialityAlgorithm', '060360864801650201010f' : 'SuiteAIntegrityAlgorithm', '06036086480186f84201' : 'cert-extension', // '06036086480186f8420101' : 'netscape-cert-type', '06036086480186f842010a' : 'EntityLogo', '06036086480186f842010b' : 'UserPicture', // '06036086480186f842010c' : 'netscape-ssl-server-name', // '06036086480186f842010d' : 'netscape-comment', // '06036086480186f8420102' : 'netscape-base-url', // '06036086480186f8420103' : 'netscape-revocation-url', // '06036086480186f8420104' : 'netscape-ca-revocation-url', // '06036086480186f8420107' : 'netscape-cert-renewal-url', // '06036086480186f8420108' : 'netscape-ca-policy-url', '06036086480186f8420109' : 'HomePage-url', '06036086480186f84202' : 'data-type', '06036086480186f8420201' : 'GIF', '06036086480186f8420202' : 'JPEG', '06036086480186f8420203' : 'URL', '06036086480186f8420204' : 'HTML', '06036086480186f8420205' : 'netscape-cert-sequence', '06036086480186f8420206' : 'netscape-cert-url', '06036086480186f84203' : 'directory', '06036086480186f8420401' : 'serverGatedCrypto', '06036086480186f845010603' : 'Unknown Verisign extension', '06036086480186f845010606' : 'Unknown Verisign extension', '06036086480186f84501070101' : 'Verisign certificatePolicy', '06036086480186f8450107010101' : 'Unknown Verisign policy qualifier', '06036086480186f8450107010102' : 'Unknown Verisign policy qualifier', '0603678105' : 'TCPA', '060367810501' : 'tcpa_specVersion', '060367810502' : 'tcpa_attribute', '06036781050201' : 'tcpa_at_tpmManufacturer', '0603678105020a' : 'tcpa_at_securityQualities', '0603678105020b' : 'tcpa_at_tpmProtectionProfile', '0603678105020c' : 'tcpa_at_tpmSecurityTarget', '0603678105020d' : 'tcpa_at_foundationProtectionProfile', '0603678105020e' : 'tcpa_at_foundationSecurityTarget', '0603678105020f' : 'tcpa_at_tpmIdLabel', '06036781050202' : 'tcpa_at_tpmModel', '06036781050203' : 'tcpa_at_tpmVersion', '06036781050204' : 'tcpa_at_platformManufacturer', '06036781050205' : 'tcpa_at_platformModel', '06036781050206' : 'tcpa_at_platformVersion', '06036781050207' : 'tcpa_at_componentManufacturer', '06036781050208' : 'tcpa_at_componentModel', '06036781050209' : 'tcpa_at_componentVersion', '060367810503' : 'tcpa_protocol', '06036781050301' : 'tcpa_prtt_tpmIdProtocol', '0603672a00' : 'contentType', '0603672a0000' : 'PANData', '0603672a0001' : 'PANToken', '0603672a0002' : 'PANOnly', '0603672a01' : 'msgExt', '0603672a0a' : 'national', '0603672a0a8140' : 'Japan', '0603672a02' : 'field', '0603672a0200' : 'fullName', '0603672a0201' : 'givenName', '0603672a020a' : 'amount', '0603672a0202' : 'familyName', '0603672a0203' : 'birthFamilyName', '0603672a0204' : 'placeName', '0603672a0205' : 'identificationNumber', '0603672a0206' : 'month', '0603672a0207' : 'date', '0603672a02070b' : 'accountNumber', '0603672a02070c' : 'passPhrase', '0603672a0208' : 'address', '0603672a0209' : 'telephone', '0603672a03' : 'attribute', '0603672a0300' : 'cert', '0603672a030000' : 'rootKeyThumb', '0603672a030001' : 'additionalPolicy', '0603672a04' : 'algorithm', '0603672a05' : 'policy', '0603672a0500' : 'root', '0603672a06' : 'module', '0603672a07' : 'certExt', '0603672a0700' : 'hashedRootKey', '0603672a0701' : 'certificateType', '0603672a0702' : 'merchantData', '0603672a0703' : 'cardCertRequired', '0603672a0704' : 'tunneling', '0603672a0705' : 'setExtensions', '0603672a0706' : 'setQualifier', '0603672a08' : 'brand', '0603672a0801' : 'IATA-ATA', '0603672a081e' : 'Diners', '0603672a0822' : 'AmericanExpress', '0603672a0804' : 'VISA', '0603672a0805' : 'MasterCard', '0603672a08ae7b' : 'Novus', '0603672a09' : 'vendor', '0603672a0900' : 'GlobeSet', '0603672a0901' : 'IBM', '0603672a090a' : 'Griffin', '0603672a090b' : 'Certicom', '0603672a090c' : 'OSS', '0603672a090d' : 'TenthMountain', '0603672a090e' : 'Antares', '0603672a090f' : 'ECC', '0603672a0910' : 'Maithean', '0603672a0911' : 'Netscape', '0603672a0912' : 'Verisign', '0603672a0913' : 'BlueMoney', '0603672a0902' : 'CyberCash', '0603672a0914' : 'Lacerte', '0603672a0915' : 'Fujitsu', '0603672a0916' : 'eLab', '0603672a0917' : 'Entrust', '0603672a0918' : 'VIAnet', '0603672a0919' : 'III', '0603672a091a' : 'OpenMarket', '0603672a091b' : 'Lexem', '0603672a091c' : 'Intertrader', '0603672a091d' : 'Persimmon', '0603672a0903' : 'Terisa', '0603672a091e' : 'NABLE', '0603672a091f' : 'espace-net', '0603672a0920' : 'Hitachi', '0603672a0921' : 'Microsoft', '0603672a0922' : 'NEC', '0603672a0923' : 'Mitsubishi', '0603672a0924' : 'NCR', '0603672a0925' : 'e-COMM', '0603672a0926' : 'Gemplus', '0603672a0904' : 'RSADSI', '0603672a0905' : 'VeriFone', '0603672a0906' : 'TrinTech', '0603672a0907' : 'BankGate', '0603672a0908' : 'GTE', '0603672a0909' : 'CompuSource', '0603551d01' : 'authorityKeyIdentifier', '0603551d0a' : 'basicConstraints', '0603551d0b' : 'nameConstraints', '0603551d0c' : 'policyConstraints', '0603551d0d' : 'basicConstraints', '0603551d0e' : 'subjectKeyIdentifier', '0603551d0f' : 'keyUsage', '0603551d10' : 'privateKeyUsagePeriod', '0603551d11' : 'subjectAltName', '0603551d12' : 'issuerAltName', '0603551d13' : 'basicConstraints', '0603551d02' : 'keyAttributes', '0603551d14' : 'cRLNumber', '0603551d15' : 'cRLReason', '0603551d16' : 'expirationDate', '0603551d17' : 'instructionCode', '0603551d18' : 'invalidityDate', '0603551d1a' : 'issuingDistributionPoint', '0603551d1b' : 'deltaCRLIndicator', '0603551d1c' : 'issuingDistributionPoint', '0603551d1d' : 'certificateIssuer', '0603551d03' : 'certificatePolicies', '0603551d1e' : 'nameConstraints', '0603551d1f' : 'cRLDistributionPoints', '0603551d20' : 'certificatePolicies', '0603551d21' : 'policyMappings', '0603551d22' : 'policyConstraints', '0603551d23' : 'authorityKeyIdentifier', '0603551d24' : 'policyConstraints', '0603551d25' : 'extKeyUsage', '0603551d04' : 'keyUsageRestriction', '0603551d05' : 'policyMapping', '0603551d06' : 'subtreesConstraint', '0603551d07' : 'subjectAltName', '0603551d08' : 'issuerAltName', '0603551d09' : 'subjectDirectoryAttributes', '0603550400' : 'objectClass', '0603550401' : 'aliasObjectName', // '060355040c' : 'title', '060355040d' : 'description', '060355040e' : 'searchGuide', '060355040f' : 'businessCategory', '0603550410' : 'postalAddress', '0603550411' : 'postalCode', '0603550412' : 'postOfficeBox', '0603550413' : 'physicalDeliveryOfficeName', '0603550402' : 'knowledgeInformation', // '0603550414' : 'telephoneNumber', '0603550415' : 'telexNumber', '0603550416' : 'teletexTerminalIdentifier', '0603550417' : 'facsimileTelephoneNumber', '0603550418' : 'x121Address', '0603550419' : 'internationalISDNNumber', '060355041a' : 'registeredAddress', '060355041b' : 'destinationIndicator', '060355041c' : 'preferredDeliveryMehtod', '060355041d' : 'presentationAddress', '060355041e' : 'supportedApplicationContext', '060355041f' : 'member', '0603550420' : 'owner', '0603550421' : 'roleOccupant', '0603550422' : 'seeAlso', '0603550423' : 'userPassword', '0603550424' : 'userCertificate', '0603550425' : 'caCertificate', '0603550426' : 'authorityRevocationList', '0603550427' : 'certificateRevocationList', '0603550428' : 'crossCertificatePair', '0603550429' : 'givenName', // '060355042a' : 'givenName', '0603550405' : 'serialNumber', '0603550434' : 'supportedAlgorithms', '0603550435' : 'deltaRevocationList', '060355043a' : 'crossCertificatePair', // '0603550409' : 'streetAddress', '06035508' : 'X.500-Algorithms', '0603550801' : 'X.500-Alg-Encryption', '060355080101' : 'rsa', '0603604c0101' : 'DPC' };