5.0.12 release

Author: kjur

ChangeLog.txt

@@ -1,6 +1,14 @@
 
 ChangeLog for jsrsasign
 
+* Changes between 5.0.11 to 5.0.12
+  - jws between 3.3.3 to 3.3.4
+    - support grace period for verifyJWT method.
+      This is to allow time difference between 
+      JWT generator and verifier.
+  - asn1hex
+    - API document update
+
 * Changes between 5.0.10 to 5.0.11
   - X509v1 certificate support in KEYUTIL.getKey and
     X509.getPublicKeyInfoPropOfCertPEM

api/files.html

@@ -649,7 +649,7 @@ <h2><a href="symbols/src/jws-3.3.js.html">jws-3.3.js</a></h2>
 
 
 						<dt class="heading">Version:</dt>
-							<dd>3.3.3 (2015-Nov-27)</dd>
+							<dd>3.3.4 (2016-May-17)</dd>
 
 
 

api/symbols/ASN1HEX.html

@@ -448,7 +448,9 @@ <h1 class="classTitle">
 							<div class="fixedFont">
 								<b><a href="../symbols/ASN1HEX.html#constructor">ASN1HEX</a></b>()
 							</div>
-							<div class="description">ASN.1 DER encoded hexadecimal string utility class</div>
+							<div class="description">ASN.1 DER encoded hexadecimal string utility class
+This class provides a parser for hexadecimal string of
+DER encoded ASN.1 binary data.</div>
 						</td>
 					</tr>
 				</tbody>
@@ -633,6 +635,41 @@ <h1 class="classTitle">
 
 				<div class="description">
 					ASN.1 DER encoded hexadecimal string utility class
+This class provides a parser for hexadecimal string of
+DER encoded ASN.1 binary data.
+Here are major methods of this class.
+<ul>
+<li><b>ACCESS BY POSITION</b>
+  <ul>
+  <li><a href="../symbols/ASN1HEX.html#.getHexOfTLV_AtObj">ASN1HEX.getHexOfTLV_AtObj</a> - get ASN.1 TLV at specified position</li>
+  <li><a href="../symbols/ASN1HEX.html#.getHexOfV_AtObj">ASN1HEX.getHexOfV_AtObj</a> - get ASN.1 V at specified position</li>
+  <li><a href="../symbols/ASN1HEX.html#.getHexOfL_AtObj">ASN1HEX.getHexOfL_AtObj</a> - get hexadecimal ASN.1 L at specified position</li>
+  <li><a href="../symbols/ASN1HEX.html#.getIntOfL_AtObj">ASN1HEX.getIntOfL_AtObj</a> - get integer ASN.1 L at specified position</li>
+  <li><a href="../symbols/ASN1HEX.html#.getStartPosOfV_AtObj">ASN1HEX.getStartPosOfV_AtObj</a> - get ASN.1 V position from its ASN.1 TLV position</li>
+  </ul>
+</li>
+<li><b>ACCESS FOR CHILD ITEM</b>
+  <ul>
+  <li><a href="../symbols/ASN1HEX.html#.getNthChildIndex_AtObj">ASN1HEX.getNthChildIndex_AtObj</a> - get nth child index at specified position</li>
+  <li><a href="../symbols/ASN1HEX.html#.getPosArrayOfChildren_AtObj">ASN1HEX.getPosArrayOfChildren_AtObj</a> - get indexes of children</li>
+  <li><a href="../symbols/ASN1HEX.html#.getPosOfNextSibling_AtObj">ASN1HEX.getPosOfNextSibling_AtObj</a> - get position of next sibling</li>
+  </ul>
+</li>
+<li><b>ACCESS NESTED ASN.1 STRUCTURE</b>
+  <ul>
+  <li><a href="../symbols/ASN1HEX.html#.getDecendantHexTLVByNthList">ASN1HEX.getDecendantHexTLVByNthList</a> - get ASN.1 TLV at specified list index</li>
+  <li><a href="../symbols/ASN1HEX.html#.getDecendantHexVByNthList">ASN1HEX.getDecendantHexVByNthList</a> - get ASN.1 V at specified list index</li>
+  <li><a href="../symbols/ASN1HEX.html#.getDecendantIndexByNthList">ASN1HEX.getDecendantIndexByNthList</a> - get index at specified list index</li>
+  </ul>
+</li>
+<li><b>UTILITIES</b>
+  <ul>
+  <li><a href="../symbols/ASN1HEX.html#.dump">ASN1HEX.dump</a> - dump ASN.1 structure</li>
+  <li><a href="../symbols/ASN1HEX.html#.isASN1HEX">ASN1HEX.isASN1HEX</a> - check whether ASN.1 hexadecimal string or not</li>
+  <li><a href="../symbols/ASN1HEX.html#.hextooidstr">ASN1HEX.hextooidstr</a> - convert hexadecimal string of OID to dotted integer list</li>
+  </ul>
+</li>
+</ul>
 
 				</div>
 
@@ -700,16 +737,19 @@ <h1 class="classTitle">
 ASN1HEX.dump('0203012345')
 &darr;
 INTEGER 012345
+
 // ASN.1 Object Identifier
 ASN1HEX.dump('06052b0e03021a')
 &darr;
 ObjectIdentifier sha1 (1 3 14 3 2 26)
+
 // ASN.1 SEQUENCE
 ASN1HEX.dump('3006020101020102')
 &darr;
 SEQUENCE
   INTEGER 01
   INTEGER 02
+
 // ASN.1 DUMP FOR X.509 CERTIFICATE
 ASN1HEX.dump(X509.pemToHex(certPEM))
 &darr;

api/symbols/KJUR.jws.JWS.html

@@ -1518,11 +1518,22 @@ <h4>Supported Algorithms</h4>
     the same as value if specified. (OPTION)</li>
 <li>Time validity
 <ul>
-<li>If acceptField.verifyAt as number of UNIX origin time is specifed for validation time, 
-this method will verify at the time for it, otherwise current time will be used to verify.</li>
-<li>Payload.exp (expire) - Validation time is smaller than Payloead.exp.</li>
-<li>Payload.nbf (not before) - Validation time is greater than Payloead.nbf.</li>
-<li>Payload.iat (issued at) - Validation time is greater than Payloead.iat.</li>
+<li>
+If acceptField.verifyAt as number of UNIX origin time is specifed for validation time, 
+this method will verify at the time for it, otherwise current time will be used to verify.
+</li>
+<li>
+Clock of JWT generator or verifier can be fast or slow. If these clocks are
+very different, JWT validation may fail. To avoid such case, 'jsrsasign' supports
+'acceptField.gracePeriod' parameter which specifies acceptable time difference
+of those clocks in seconds. So if you want to accept slow or fast in 2 hours,
+you can specify <code>acceptField.gracePeriod = 2 * 60 * 60;</code>.
+"gracePeriod" is zero by default.
+"gracePeriod" is supported since jsrsasign 5.0.12.
+</li>
+<li>Payload.exp (expire) - Validation time is smaller than Payload.exp + gracePeriod.</li>
+<li>Payload.nbf (not before) - Validation time is greater than Payload.nbf - gracePeriod.</li>
+<li>Payload.iat (issued at) - Validation time is greater than Payload.iat - gracePeriod.</li>
 </ul>
 </li>
 <li>Payload.jti (JWT id) - Payload.jti is included in acceptField.jti if specified. (OPTION)</li>
@@ -1545,7 +1556,8 @@ <h4>Supported Algorithms</h4>
   sub: ['mailto:[email protected]', 'mailto:[email protected]'],
   verifyAt: KJUR.jws.IntDate.get('20150520235959Z'),
   aud: ['http://foo.com'], // aud: 'http://foo.com' is fine too.
-  jti: 'id123456'
+  jti: 'id123456',
+  gracePeriod: 1 * 60 * 60 // accept 1 hour slow or fast
 });</pre>