web-pki 2.15.2 → 2.16.1

package/lacuna-web-pki.d.ts

@@ -311,29 +311,7 @@ export declare class LacunaWebPKI {
 	}): Promise<string>;
 
 	/**************************************************************
-	 * Signs a batch of hashes with signer certificate private key.
-	 *
-	 * @returns A promise object that can register [[fail]] and [[success]] callbacks to be called when the operation completes. The [[success]] callback for this promise receives the (Base64 encoded) signature bytes array.
-	 *
-	 * Usage example (JavaScript)
-	 * ```javascript
-	 * var batch = [
-	 *     'f4OxZX/x/FO5LcGBSKHWXfwtSx+j1ncoSt3SABJtkGk=', // Base64 encoded SHA-256 of 'Hello World!'
-	 *     'f4OxZX/x/FO5LcGBSKHWXfwtSx+j1ncoSt3SABJtkGk=',
-	 *     'f4OxZX/x/FO5LcGBSKHWXfwtSx+j1ncoSt3SABJtkGk='
-	 * ];
-	 *
-	 * pki.signHashBatch({
-	 *     certificateThumbprint: $('#certificateSelect').val(),
-	 *     batch: batch,
-	 *     digestAlgorithm: 'SHA-256'
-	 * }).success(function (result) {
-	 *     // Use signatures array
-	 *     var signatures = result.signatures;
-	 * });
-	 * ```
-	 *
-	 * JSFiddle live example: [Sign Hash Batch](https://jsfiddle.net/LacunaSoftware/1car2yjz)
+	 * **OBSOLETE** Please use [[signHashes]]
 	 */
 	signHashBatch(args: {
 		/** The signer certificate thumbprint. Available in [[CertificateModel.thumbprint]] property returned by [[listCertificates]] method. */
@@ -346,6 +324,38 @@ export declare class LacunaWebPKI {
 		usePreauthorizedSignatures?: boolean
 	}): Promise<SignHashBatchResponse>;
 
+	// TODO: next version
+	// /**************************************************************
+	//  * Signs a batch of hashes with signer certificate private key.
+	//  *
+	//  * @returns A promise object that can register [[fail]] and [[success]] callbacks to be called when the operation completes. The [[success]] callback for this promise receives the (Base64 encoded) signature bytes array.
+	//  *
+	//  * Usage example (JavaScript)
+	//  * ```javascript
+	//  * var hashes = [
+	//  *     { algorithm: 'SHA-256', value: 'f4OxZX/x/FO5LcGBSKHWXfwtSx+j1ncoSt3SABJtkGk=' }, // Base64 encoded SHA-256 of 'Hello World!'
+	//  *     { algorithm: 'SHA-256', value: 'f4OxZX/x/FO5LcGBSKHWXfwtSx+j1ncoSt3SABJtkGk=' },
+	//  *     { algorithm: 'SHA-256', value: 'f4OxZX/x/FO5LcGBSKHWXfwtSx+j1ncoSt3SABJtkGk=' }
+	//  * ];
+	//  *
+	//  * pki.signHashes({
+	//  *     certificateThumbprint: $('#certificateSelect').val(),
+	//  *     hashes: hashes
+	//  * }).success(function (result) {
+	//  *     // Use signatures array
+	//  *     var signatures = result.signatures;
+	//  * });
+	//  * ```
+	//  *
+	//  * JSFiddle live example: [Sign Hashes](https://jsfiddle.net/LacunaSoftware/1car2yjz)
+	//  */
+	//  signHashes(args: {
+	// 	/** The signer certificate thumbprint. Available in [[CertificateModel.thumbprint]] property returned by [[listCertificates]] method. */
+	// 	certificateThumbprint: string,
+	// 	/** The Array of [[Hash]] with the hash algorithm and value to be signed. */
+	// 	hashes: Hash[],
+	// }): Promise<SignHashesResponse>;
+
 	/**************************************************************
 	 * Executes a document signature with Rest PKI (server-side) integration. See [Rest PKI documentation](https://docs.lacunasoftware.com/articles/rest-pki/) for more informations.
 	 *
@@ -529,6 +539,22 @@ export declare class LacunaWebPKI {
 		/** If `true`, will not apply the `pdfMarks` in case PDF already has a signature. If `false`, any previous signature will be removed before the marks be applied. */
 		bypassMarksIfSigned?: boolean,
 
+		// TODO: next version
+		// /** A signing reason */
+		// reason?: string,
+
+		// /** The signing location or address */
+		// location?: string,
+
+		// /** The signer name */
+		// signerName?: string,
+
+		// /** A custom signature field name. Signature field name must be unique for the PDF */
+		// customSignatureFieldName?: string,
+
+		// /** Any metadata to be added to the PDF */
+		// metadata?: { [key: string]: string; },
+
 		/** The PDF signature policy. */
 		policy: LacunaWebPKI.PadesPolicies,
 
@@ -569,15 +595,23 @@ export declare class LacunaWebPKI {
 		/** Whether or not to remove the `policy` default trust arbitrator. If `true`, you must pass the `trustArbitrators` argument. */
 		clearPolicyTrustArbitrators?: boolean,
 
-		/** If you already have a CAdES file and a co-signature is intended, pass this argument instead of `fileId`. Optionally, you can use the `fileId` for CAdES signature file and enable the `autoDetectCosign`. */
+		/** If you already have a CAdES file and a co-signature is intended, pass this argument instead of `fileId` or `content`. Optionally, you can use the `fileId` for CAdES signature file and enable the `autoDetectCosign`. */
 		cmsToCosignFileId?: string,
 
+		// TODO: next version
+		// /** If you already have a CAdES file and a co-signature is intended, pass this argument instead of `fileId` or `content`. Optionally, you can use the `fileId` for CAdES signature file and enable the `autoDetectCosign`. */
+		// cmsToCosignContent?: string,
+
 		/** Whether or not to auto-detect a co-signature intention if the `fileId` passed is a CAdES signature file.  */
 		autoDetectCosign?: boolean,
 
 		/** Whether or not to include the encapsulated content (the original document) in the resulting CAdES signature file. */
 		includeEncapsulatedContent?: boolean,
 
+		// TODO: next version
+		// /** A signing description or reason */
+		// signingDescription?: string,
+
 		/** The CAdES signature policy. */
 		policy: LacunaWebPKI.CadesPolicies,
 
@@ -612,6 +646,10 @@ export declare class LacunaWebPKI {
 		/** A XML content (UTF-8 string or Base64 encoded bytes) to sign can be passed optionally to `filedId`. */
 		content?: string,
 
+		// TODO: next version
+		// /** A signing description or reason */
+		// signingDescription?: string,
+
 		/** The XML signature policy. */
 		policy: LacunaWebPKI.XmlPolicies,
 
@@ -667,6 +705,10 @@ export declare class LacunaWebPKI {
 		/** A XML content (UTF-8 string or Base64 encoded) to sign can be passed optionally to `filedId`.  */
 		content?: string,
 
+		// TODO: next version
+		// /** A signing description or reason */
+		// signingDescription?: string,
+
 		/** The XML signature policy. */
 		policy: LacunaWebPKI.XmlPolicies,
 
@@ -724,8 +766,14 @@ export declare class LacunaWebPKI {
 		/** The signed PDF content (Base64 encoded bytes) to open. It can be passed optionally to `signatureFileId`. */
 		signatureContent?: string,
 
-		/** The original file. Only applies if the passed `signatureFileId` does not have the encapsulated content. */
+		/** The original file. Only applies if the passed `signatureFileId` or `signatureContent` does not have the encapsulated content. */
 		originalFileId?: string,
+		
+		// TODO: next version
+		// /** The original file content (Base64 encoded bytes). Only applies if the passed `signatureFileId` or `signatureContent` does not have the encapsulated content. */
+		// originalContent?: string,
+		// /** Set to return the encapsulated content */
+		// returnEncapsulatedContent?: boolean,
 
 		/** Whether or not to validate the CAdES sinatures. */
 		validate: boolean,
@@ -819,7 +867,12 @@ export declare class LacunaWebPKI {
 		/** A label for the generated keys objects in the token. If not set, a random Id is used. */
 		keyLabel?: string,
 		/** The RSA keys size to be genarated. Be sure that the selected device supports the requested key size on [[TokenModel.mechanisms]]. */
-		keySize: number
+		keySize: number,
+		
+		// TODO: next version
+		// /** Whether or not to auto enable the used PKCS#11 module after command success. The **default** is `true` */
+		// enableUsedPkcs11Module?: boolean
+
 	}): Promise<GenerateTokenKeyPairResponse>;
 
 	/**************************************************************
@@ -833,7 +886,9 @@ export declare class LacunaWebPKI {
 		/** A subject name (DN) string for the generated CSR. E.g. `'CN=My Name, O=ACME Inc., C=BR'` */
 		subjectName?: string,
 		/** The RSA keys size to be genarated. */
-		keySize: number
+		keySize: number,
+		/** Generates a non exportable key. Software generated non exportable keys are **only supported on Windows platform**. */
+		nonExportableKey?: boolean
 	}): Promise<GenerateKeyPairResponse>;
 
 	/**************************************************************
@@ -855,7 +910,12 @@ export declare class LacunaWebPKI {
 		/** The digital certificate content (PEM or Base64 encoded DER bytes formats). */
 		certificateContent: string,
 		/** A label for the imported certificate object in the token. If not set, the same key Id is used. */
-		certificateLabel?: string
+		certificateLabel?: string,
+		
+		// TODO: next version
+		// /** Whether or not to auto enable the used PKCS#11 module after command success. The **default** is `true` */
+		// enableUsedPkcs11Module?: boolean
+
 	}): Promise<ImportTokenCertificateResponse>;
 
 	/**************************************************************
@@ -915,6 +975,54 @@ export declare class LacunaWebPKI {
 		timeout?: number
 	}): Promise<HttpResponseModel>;
 
+	/**********************************************************
+	 * Encrypts data with selected certificate public key or generated public key.
+	 *
+	 * @returns A promise object that can register [[fail]] and [[success]] callbacks to be called when the operation completes. The [[success]] callback for this promise receives a [[EncryptResponse]] object.
+	 *
+	 * **Live Example**
+	 *
+	 * [Encrypt Sample](https://jsfiddle.net/LacunaSoftware/mo3p4g7x/): JSFiddle example for encrypting text with a selected certificate public key.
+	 */
+	 encrypt(args: {
+		/** A certificate thumbprint which public key will be used to encrypt data. Available in [[CertificateModel.thumbprint]] property returned by [[listCertificates]] method. */
+		certificateThumbprint?: string,
+		/** A public key content or PKCertificate content (PEM or DER base64 encoded) to encrypt data with */
+		publicKey?: string,
+		/** A private key Id returned in the generate key pair methods [[generateSoftwareRsaKeyPair]] or [[generateTokenRsaKeyPair]]. */
+		privateKeyId?: string,
+		/** The user crypto device returned from [[listTokens]]. This parameter ir mandatory if the privateKeyId is from a crypto device. */
+		token?: TokenModel
+		/** The encryption parameters and padding algorithm to be used */
+		parameters: LacunaWebPKI.EncryptionParamaters,
+		/** The Base64 encoded data to be encrypted. */
+		data: string,
+		
+	}): Promise<EncryptResponse>;
+
+	/**********************************************************
+	 * Decrypts data with selected certificate private key or generated private key.
+	 *
+	 * @returns A promise object that can register [[fail]] and [[success]] callbacks to be called when the operation completes. The [[success]] callback for this promise receives a [[DecryptResponse]] object.
+	 *
+	 * **Live Example**
+	 *
+	 * [Decrypt Sample](https://jsfiddle.net/LacunaSoftware/068gnLmw/): JSFiddle example for decrypting text with a selected certificate private key.
+	 */
+	 decrypt(args: {
+		/** A certificate thumbprint which private key will be used to decrypt data. Available in [[CertificateModel.thumbprint]] property returned by [[listCertificates]] method. */
+		certificateThumbprint?: string,
+		/** A private key Id returned in the generate key pair methods [[generateSoftwareRsaKeyPair]] or [[generateTokenRsaKeyPair]]. */
+		privateKeyId?: string,
+		/** The user crypto device returned from [[listTokens]]. This parameter ir mandatory if the privateKeyId is from a crypto device. */
+		token?: TokenModel
+		/** The encryption parameters and padding algorithm to be used */
+		parameters: LacunaWebPKI.EncryptionParamaters,
+		/** The Base64 encoded encrypted data to be decrypted. */
+		data: string,
+		
+	}): Promise<DecryptResponse>;
+
 
 
 }
@@ -943,7 +1051,8 @@ export namespace LacunaWebPKI {
 		v1_6 = '1.6.0',
 		v1_6_1 = '1.6.1',
 		v1_7_0 = '1.7.0',
-		v1_7_2 = '1.7.2'
+		v1_7_2 = '1.7.2',
+		v1_8_0 = '1.8.0'
 	}
 
 	/**************************************************************
@@ -974,6 +1083,8 @@ export namespace LacunaWebPKI {
 		COMMAND_PARAMETER_NOT_SET      = 'command_parameter_not_set',
 		/** A command parameter is not valid. */
 		COMMAND_INVALID_PARAMETER      = 'command_invalid_parameter',
+		/** A command parameter is not supported on this platform */
+		COMMAND_PARAMETER_NOT_SUPPORTED= 'command_parameter_not_supported',
 		/** The web extension failed to connect to native component. */
 		NATIVE_CONNECT_FAILURE         = 'native_connect_failure',
 		/** The native component disconnected from web extension. */
@@ -1021,7 +1132,8 @@ export namespace LacunaWebPKI {
 		MOBILE_NOT_AUTHORIZED          = 'mobile_not_authorized',
 		MOBILE_SEND_MESSAGE            = 'mobile_send_message',
 		COMMAND_DECRYPT_ERROR          = 'command_decrypt_error',
-		BLOCKED_DOMAIN                 = 'blocked_domain'
+		BLOCKED_DOMAIN                 = 'blocked_domain',
+		INVALID_OPERATION              = 'invalid_operation'
 	}
 
 	export const enum CertificateTypes {
@@ -1150,6 +1262,18 @@ export namespace LacunaWebPKI {
 		TstInfo           = 'TstInfo',
 	}
 
+	export const enum PdfAStandards {
+		Unknown = 'Unknown',
+		PdfA_1B = 'PdfA_1B',
+		PdfA_1A = 'PdfA_1A',
+		PdfA_2B = 'PdfA_2B',
+		PdfA_2A = 'PdfA_2A',
+		PdfA_2U = 'PdfA_2U',
+		PdfA_3B = 'PdfA_3B',
+		PdfA_3A = 'PdfA_3A',
+		PdfA_3U = 'PdfA_3U',
+	}
+
 	// visual representation
 	export const enum PadesPaperSizes {
 		Custom = 'custom',
@@ -1230,6 +1354,14 @@ export namespace LacunaWebPKI {
 		Mutual = 'mutual'
 	}
 
+	export const enum EncryptionParamaters {
+		RSAEncryptionPkcs1 = 'RSAEncryptionPkcs1',
+		RSAEncryptionOaepSHA1 = 'RSAEncryptionOaepSHA1',
+		RSAEncryptionOaepSHA256 = 'RSAEncryptionOaepSHA256',
+		RSAEncryptionOaepSHA384 = 'RSAEncryptionOaepSHA384',
+		RSAEncryptionOaepSHA512 = 'RSAEncryptionOaepSHA512'
+	}
+
 
 
 }
@@ -1299,6 +1431,8 @@ export interface CertificateModel {
 	thumbprint: string,
 	/** Object with boolean properties indicating wether each possible key usage is set on the certificate. */
 	keyUsage: KeyUsagesModel,
+	/** Object with boolean properties indicating wether each possible EXTENDED key usage is set on the certificate. If null, certificate does not have the ExtendedKeyUsage extension */
+	extendedKeyUsage?: ExtendedKeyUsagesModel,
 	/** Array with certificate policies info */
 	certificatePolicies: CertificatePolicyModel[],
 	/** Object with Brazil-specific fields. */
@@ -1331,6 +1465,19 @@ export interface KeyUsagesModel {
 	nonRepudiation: boolean
 }
 
+export interface ExtendedKeyUsagesModel {
+	clientAuth: boolean,
+	serverAuth: boolean,
+	codeSigning: boolean,
+	emailProtection: boolean,
+	timeStamping: boolean,
+	ocspSigning: boolean,
+	ipsecEndSystem: boolean,
+	ipsecTunnel: boolean,
+	ipsecUser: boolean,
+	any: boolean
+}
+
 /**************************************************************
  * Object with PKI Brazil specific fields.
  *
@@ -1599,30 +1746,49 @@ export interface SignerModel {
 
 export interface CadesSignerModel extends SignerModel {
 	messageDigest: DigestModel,
+	// TODO: next version
+	// signingDescription?: string,
 }
 
 export interface PadesSignerModel extends SignerModel {
 	messageDigest: DigestModel,
 	isDocumentTimestamp: boolean,
-	signatureFieldName: string
+	signatureFieldName: string,
+	// TODO: next version
+	// reason?: string,
+	// location?: string,
 }
 
 export interface XmlSignerModel extends SignerModel {
 	signatureElementId : string,
 	type : LacunaWebPKI.XmlSignedEntityTypes,
-	signedElement : XmlElementModel 
+	signedElement : XmlElementModel,
+	// TODO: next version
+	// dataObjectFormat?: DataObjectFormatModel,
 }
 
 export interface CadesSignatureModel {
 	encapsulatedContentType: LacunaWebPKI.CmsContentTypes,
 	hasEncapsulatedContent: boolean,
+	// TODO: next version
+	// encapsulatedContent?: string,
 	signers: CadesSignerModel[]
 }
 
 export interface PadesSignatureModel {
+	// TODO: next version
+	// pagesCount: number,
+	// pdfAStandard?: LacunaWebPKI.PdfAStandards,
+	// metadata?: { [key: string]: string; },
 	signers: PadesSignerModel[]
 }
 
+export interface DataObjectFormatModel {
+	description?: string,
+	oid?: string,
+	mimeType?: string,
+}
+
 export interface XmlSignatureModel {
 	signers: XmlSignerModel[]
 }
@@ -1747,6 +1913,11 @@ export interface SignHashBatchResponse {
 	signatures: string[]
 }
 
+export interface SignHashesResponse {
+	/** A Base64 encoded signatures array. */
+	signatures: string[]
+}
+
 // Visual Representation Types
 
 export interface VisualRepresentation {
@@ -1864,4 +2035,21 @@ export interface GeolocationInfo {
 	timestamp: Date
 }
 
+export interface EncryptResponse {
+	/** The encrypted data Base64 encoded  */
+	encrypted: string
+}
+
+export interface DecryptResponse {
+	/** The decrypted data Base64 encoded  */
+	decrypted: string
+}
+
+export interface Hash {
+	/** The hash algorithm name or OID */
+	algorithm: string,
+	/** The hash value in Base64 */
+	value: string
+}
+
 

package/lacuna-web-pki.js

@@ -130,17 +130,17 @@ LacunaWebPKI = function (license) {
 	$._edgeExtensionId = 'nedeegdmhlnmboboahchfpkmdnnemapd';
 	$._edgeLegacyProductId = 'd2798a85-9698-425a-add7-3db79a39ca8a';
 	$._chromeExtensionFirstVersionWithSelfUpdate = '2.0.20';
-	$._jslibVersion = '2.15.2';
+	$._jslibVersion = '2.16.1';
 	$._mobileSupported = 'true' === 'true';
 	$._buildChannel = 'stable';
 
 	// latest components version ----------------------
 	$._extensionRequiredVersion = '2.16.0';
-	$._chromeNativeWinRequiredVersion = '2.11.0';
-	$._chromeNativeLinuxRequiredVersion = '2.12.1';
-	$._chromeNativeMacRequiredVersion = '2.12.1';
-	$._ieAddonRequiredVersion = '2.8.0';
-	$._mobileRequiredVersion = '3.0.0';
+	$._chromeNativeWinRequiredVersion = '2.12.1';
+	$._chromeNativeLinuxRequiredVersion = '2.13.1';
+	$._chromeNativeMacRequiredVersion = '2.13.1';
+	$._ieAddonRequiredVersion = '2.9.1';
+	$._mobileRequiredVersion = '3.2.0';
     // ------------------------------------------------
 
     $._chromeInstallationStates = {
@@ -163,6 +163,19 @@ LacunaWebPKI = function (license) {
         nonRepudiation: 64
     };
 
+	$._certExtendedKeyUsages = {
+		clientAuth: 1,
+		serverAuth: 2,
+		codeSigning: 4,
+		emailProtection: 8,
+		timeStamping: 16,
+		ocspSigning: 32,
+		ipsecEndSystem: 64,
+		ipsecTunnel: 128,
+		ipsecUser: 256,
+		any: 512
+	};
+
 	$.apiVersions = {
 		v1_0: '1.0',
 		v1_1: '1.1',
@@ -177,6 +190,8 @@ LacunaWebPKI = function (license) {
 		v1_6_1: '1.6.1',
 		v1_7_0: '1.7.0',
 		v1_7_2: '1.7.2',
+		v1_8_0: '1.8.0',
+		v1_8_1: '1.8.1',
 		latest: 'latest'
 	};
 
@@ -203,6 +218,8 @@ LacunaWebPKI = function (license) {
 	$._apiMap.nativeWin[$.apiVersions.v1_6_1] = '2.10.1';
 	$._apiMap.nativeWin[$.apiVersions.v1_7_0] = '2.11.0';
 	$._apiMap.nativeWin[$.apiVersions.v1_7_2] = '2.11.0';
+	$._apiMap.nativeWin[$.apiVersions.v1_8_0] = '2.12.0';
+	$._apiMap.nativeWin[$.apiVersions.v1_8_1] = '2.12.1';
 
     // IE
     $._apiMap.ieAddon[$.apiVersions.v1_0] = '2.0.4';
@@ -218,6 +235,8 @@ LacunaWebPKI = function (license) {
 	$._apiMap.ieAddon[$.apiVersions.v1_6_1] = '2.7.2';
 	$._apiMap.ieAddon[$.apiVersions.v1_7_0] = '2.8.0';
 	$._apiMap.ieAddon[$.apiVersions.v1_7_2] = '2.8.0';
+	$._apiMap.ieAddon[$.apiVersions.v1_8_0] = '2.9.0';
+	$._apiMap.ieAddon[$.apiVersions.v1_8_1] = '2.9.1';
 
     // Linux
     $._apiMap.nativeLinux[$.apiVersions.v1_0] = '2.0.0';
@@ -233,6 +252,8 @@ LacunaWebPKI = function (license) {
 	$._apiMap.nativeLinux[$.apiVersions.v1_6_1] = '2.10.0';
 	$._apiMap.nativeLinux[$.apiVersions.v1_7_0] = '2.12.0';
 	$._apiMap.nativeLinux[$.apiVersions.v1_7_2] = '2.12.1';
+	$._apiMap.nativeLinux[$.apiVersions.v1_8_0] = '2.13.0';
+	$._apiMap.nativeLinux[$.apiVersions.v1_8_1] = '2.13.1';
 
     // Mac
     $._apiMap.nativeMac[$.apiVersions.v1_0] = '2.3.0';
@@ -248,6 +269,8 @@ LacunaWebPKI = function (license) {
 	$._apiMap.nativeMac[$.apiVersions.v1_6_1] = '2.10.0';
 	$._apiMap.nativeMac[$.apiVersions.v1_7_0] = '2.12.0';
 	$._apiMap.nativeMac[$.apiVersions.v1_7_2] = '2.12.1';
+	$._apiMap.nativeMac[$.apiVersions.v1_8_0] = '2.13.0';
+	$._apiMap.nativeMac[$.apiVersions.v1_8_1] = '2.13.1';
 
     // WebExtension
     $._apiMap.extension[$.apiVersions.v1_0] = '2.3.2';
@@ -263,6 +286,8 @@ LacunaWebPKI = function (license) {
 	$._apiMap.extension[$.apiVersions.v1_6_1] = '2.15.0';
 	$._apiMap.extension[$.apiVersions.v1_7_0] = '2.16.0';
 	$._apiMap.extension[$.apiVersions.v1_7_2] = '2.16.0';
+	$._apiMap.extension[$.apiVersions.v1_8_0] = '2.16.0';
+	$._apiMap.extension[$.apiVersions.v1_8_1] = '2.16.0';
 
 	// Mobile
     $._apiMap.mobile[$.apiVersions.v1_0] = '1.1.0';
@@ -278,6 +303,8 @@ LacunaWebPKI = function (license) {
 	$._apiMap.mobile[$.apiVersions.v1_6_1] = '2.7.0';
 	$._apiMap.mobile[$.apiVersions.v1_7_0] = '3.0.0';
 	$._apiMap.mobile[$.apiVersions.v1_7_2] = '3.0.0';
+	$._apiMap.mobile[$.apiVersions.v1_8_0] = '3.2.0';
+	$._apiMap.mobile[$.apiVersions.v1_8_1] = '3.2.0';
 
     // All latest
     $._apiMap.nativeWin  [$.apiVersions.latest] = $._chromeNativeWinRequiredVersion;
@@ -462,6 +489,14 @@ LacunaWebPKI = function (license) {
 		browserIntegration: 'browserIntegration'
 	};
 
+	$.encryptionParameters = {
+		rsaEncryptionPkcs1: 'RSAEncryptionPkcs1',
+		rsaEncryptionOaepSHA1: 'RSAEncryptionOaepSHA1',
+		rsaEncryptionOaepSHA256: 'RSAEncryptionOaepSHA256',
+		rsaEncryptionOaepSHA384: 'RSAEncryptionOaepSHA384',
+		rsaEncryptionOaepSHA512: 'RSAEncryptionOaepSHA512'
+	};
+
 	$._parseDataUrl = function (url) {
 		var match = /^data:(.+);base64,(.+)$/.exec(url);
 		if (!match) {
@@ -536,6 +571,7 @@ LacunaWebPKI = function (license) {
 	    COMMAND_NOT_SUPPORTED:          'command_not_supported',
 	    COMMAND_PARAMETER_NOT_SET:      'command_parameter_not_set',
 	    COMMAND_INVALID_PARAMETER:      'command_invalid_parameter',
+	    COMMAND_PARAMETER_NOT_SUPPORTED:'command_parameter_not_supported',
 	    NATIVE_CONNECT_FAILURE:         'native_connect_failure',
 	    NATIVE_DISCONNECTED:            'native_disconnected',
 	    NATIVE_NO_RESPONSE:             'native_no_response',
@@ -566,7 +602,8 @@ LacunaWebPKI = function (license) {
 	    MOBILE_NOT_AUTHORIZED:          'mobile_not_authorized',
 	    MOBILE_SEND_MESSAGE:            'mobile_send_message',
 	    COMMAND_DECRYPT_ERROR:          'command_decrypt_error',
-		BLOCKED_DOMAIN:                 'blocked_domain'
+		BLOCKED_DOMAIN:                 'blocked_domain',
+		INVALID_OPERATION:              'invalid_operation'
 	};
 
 	// -------------------- "Private" static functions (no reference to 'this') --------------------
@@ -743,17 +780,22 @@ LacunaWebPKI = function (license) {
 		return context.promise;
 	};
 
+	$._processCertificate = function (cert) {
+		cert.validityStart = new Date(cert.validityStart);
+		cert.validityEnd = new Date(cert.validityEnd);
+		cert.keyUsage = $._processKeyUsage(cert.keyUsage);
+		cert.extendedKeyUsage = $._processExtendedKeyUsage(cert.extendedKeyUsage);
+		if (cert.pkiBrazil && cert.pkiBrazil.dateOfBirth) {
+			var s = cert.pkiBrazil.dateOfBirth;
+			cert.pkiBrazil.dateOfBirth = new Date(parseInt(s.slice(0, 4), 10), parseInt(s.slice(5, 7), 10) - 1, parseInt(s.slice(8, 10), 10));
+		}
+	};
+
 	$._processCertificates = function (result, filter, selectId, selectOptionFormatter) {
 		var toReturn = [];
 		for (var i = 0; i < result.length; i++) {
 			var cert = result[i];
-			cert.validityStart = new Date(cert.validityStart);
-			cert.validityEnd = new Date(cert.validityEnd);
-			cert.keyUsage = $._processKeyUsage(cert.keyUsage);
-			if (cert.pkiBrazil && cert.pkiBrazil.dateOfBirth) {
-				var s = cert.pkiBrazil.dateOfBirth;
-				cert.pkiBrazil.dateOfBirth = new Date(parseInt(s.slice(0, 4), 10), parseInt(s.slice(5, 7), 10) - 1, parseInt(s.slice(8, 10), 10));
-			}
+			$._processCertificate(cert);
 			if (filter) {
 				if (filter(cert)) {
 					toReturn.push(cert);
@@ -820,6 +862,73 @@ LacunaWebPKI = function (license) {
 	    };
 	};
 
+	$._processExtendedKeyUsage = function (extendedKeyUsageValue) {
+		if (typeof extendedKeyUsageValue !== 'number') {
+			return null;
+		}
+		return {
+			clientAuth: (extendedKeyUsageValue & $._certExtendedKeyUsages.clientAuth) !== 0,
+			serverAuth: (extendedKeyUsageValue & $._certExtendedKeyUsages.serverAuth) !== 0,
+			codeSigning: (extendedKeyUsageValue & $._certExtendedKeyUsages.codeSigning) !== 0,
+			emailProtection: (extendedKeyUsageValue & $._certExtendedKeyUsages.emailProtection) !== 0,
+			timeStamping: (extendedKeyUsageValue & $._certExtendedKeyUsages.timeStamping) !== 0,
+			ocspSigning: (extendedKeyUsageValue & $._certExtendedKeyUsages.ocspSigning) !== 0,
+			ipsecEndSystem: (extendedKeyUsageValue & $._certExtendedKeyUsages.ipsecEndSystem) !== 0,
+			ipsecTunnel: (extendedKeyUsageValue & $._certExtendedKeyUsages.ipsecTunnel) !== 0,
+			ipsecUser: (extendedKeyUsageValue & $._certExtendedKeyUsages.ipsecUser) !== 0,
+			any: (extendedKeyUsageValue & $._certExtendedKeyUsages.any) !== 0
+		};
+	};
+
+	$._processSignResult = function (result) {
+		if (!result || !result.signatureInfo) {
+			return result;
+		}
+		if (result.signatureInfo.signerCertificate) {
+			$._processCertificate(result.signatureInfo.signerCertificate);
+		}
+		if (result.signatureInfo.signingTime) {
+			result.signatureInfo.signingTime = new Date(result.signatureInfo.signingTime);
+		}
+		return result;
+	};
+
+	$._processSignerModel = function (signer) {
+		if (!signer) {
+			return;
+		}
+		if (signer.certificate) {
+			$._processCertificate(signer.certificate);
+		}
+		if (signer.signingTime) {
+			signer.signingTime = new Date(signer.signingTime);
+		}
+		if (signer.certifiedDateReference) {
+			signer.certifiedDateReference = new Date(signer.certifiedDateReference);
+		}
+		if (signer.timestamps && signer.timestamps.length > 0) {
+			for (var i = 0; i < signer.timestamps.length; i++) {
+				var tst = signer.timestamps[i];
+				$._processOpenResult(tst);
+			}
+		}
+	};
+
+	$._processOpenResult = function (result) {
+		if (!result || !result.signers || result.signers.length <= 0) {
+			return result;
+		}
+		// case is a CadesTimestampModel
+		if (result.genTime) {
+			result.genTime = new Date(result.genTime);
+		}
+		for (var i = 0; i < result.signers.length; i++) {
+			var signer = result.signers[i];
+			$._processSignerModel(signer);
+		}
+		return result;
+	};
+
 	$.filters = {
 		isPkiBrazilPessoaFisica: function (cert) {
 			if (typeof cert == 'undefined') {
@@ -1020,6 +1129,17 @@ LacunaWebPKI = function (license) {
 		return context.promise;
 	};
 
+	// TODO: next version
+	// $.signHashes = function (args) {
+	// 	var context = this._createContext(args);
+	// 	var request = {
+	// 		certificateThumbprint: args.certificateThumbprint,
+	// 		hashes: args.hashes
+	// 	};
+	// 	$._requestHandler.sendCommand(context, 'signHashes', request);
+	// 	return context.promise;
+	// };
+
 	$.preauthorizeSignatures = function (args) {
 
 		if (!args) {
@@ -1165,14 +1285,31 @@ LacunaWebPKI = function (license) {
         request.visualRepresentation = args.visualRepresentation;
         request.pdfMarks = args.pdfMarks;
         request.bypassMarksIfSigned = args.bypassMarksIfSigned;
+		request.reason = args.reason;
+		request.location = args.location;
+		request.signerName = args.signerName;
+		request.customSignatureFieldName = args.customSignatureFieldName;
+
+		if (typeof args.metadata === 'object') {
+			request.metadata = {};
+			var metaKeys = Object.keys(args.metadata);
+			for (var i=0; i<metaKeys.length; i++) {
+				var curKey = metaKeys[i];
+				// ensure string values only
+				if (typeof args.metadata[curKey] != 'string') {
+					throw 'Only string values allowed on metadata dictionary. Found type ' + typeof args.metadata[curKey] + ': ' + curKey + ':' + args.metadata[curKey];
+				}
+				request.metadata[curKey] = args.metadata[curKey];
+			}
+		}
 
 	    if (request.visualRepresentation && request.visualRepresentation.image && request.visualRepresentation.image.resource && !request.visualRepresentation.image.resource.content && request.visualRepresentation.image.resource.url && !/^(https?:)?\/\//.exec(request.visualRepresentation.image.resource.url)) {
 	        $._downloadResource(request.visualRepresentation.image.resource.url, function (resource) {
 	            request.visualRepresentation.image.resource = resource;
-	            $._requestHandler.sendCommand(context, 'signPdf', request);
+	            $._requestHandler.sendCommand(context, 'signPdf', request, $._processSignResult);
 	        });
 	    } else {
-	        $._requestHandler.sendCommand(context, 'signPdf', request);
+	        $._requestHandler.sendCommand(context, 'signPdf', request, $._processSignResult);
 	    }
 	    return context.promise;
 	};
@@ -1181,10 +1318,12 @@ LacunaWebPKI = function (license) {
 	    var context = this._createContext(args);
 	    var request = $._createCommonSignerRequest(args);
         request.cmsToCosignFileId = args.cmsToCosignFileId;
+		request.cmsToCosignContent = args.cmsToCosignContent;
         request.autoDetectCosign = args.autoDetectCosign;
         request.includeEncapsulatedContent = args.includeEncapsulatedContent === null || args.includeEncapsulatedContent === undefined ? true : args.includeEncapsulatedContent;
+		request.signingDescription = args.signingDescription;
 	    
-		$._requestHandler.sendCommand(context, 'signCades', request);
+		$._requestHandler.sendCommand(context, 'signCades', request, $._processSignResult);
 		return context.promise;
 	};
 
@@ -1212,6 +1351,7 @@ LacunaWebPKI = function (license) {
 
 	$._signXmlCommon = function (args, request, context) {
 		request.signatureElementId = args.signatureElementId;
+		request.signingDescription = args.signingDescription;
 
 		if (args.signatureElementLocation) {
 			request.signatureElementLocation = {
@@ -1221,7 +1361,7 @@ LacunaWebPKI = function (license) {
 		}
 		request.namespaces = args.namespaces;
 
-		$._requestHandler.sendCommand(context, 'signXml', request);
+		$._requestHandler.sendCommand(context, 'signXml', request, $._processSignResult);
 	};
 
 	$._createCommonOpenRequest = function(args) {
@@ -1240,7 +1380,7 @@ LacunaWebPKI = function (license) {
 	    var context = this._createContext(args);
 	    var request = $._createCommonOpenRequest(args);
 	    	
-	    $._requestHandler.sendCommand(context, 'openPades', request);
+	    $._requestHandler.sendCommand(context, 'openPades', request, $._processOpenResult);
 	    return context.promise;
 	};
 
@@ -1250,8 +1390,9 @@ LacunaWebPKI = function (license) {
     	request.originalFileId = args.originalFileId;
     	request.originalContent = args.originalContent;
         request.acceptablePolicies = args.acceptablePolicies;
+		request.returnEncapsulatedContent = args.returnEncapsulatedContent;
 
-	    $._requestHandler.sendCommand(context, 'openCades', request);
+	    $._requestHandler.sendCommand(context, 'openCades', request, $._processOpenResult);
 	    return context.promise;
 	};
 
@@ -1261,7 +1402,7 @@ LacunaWebPKI = function (license) {
 		request.idResolutionTable = args.idResolutionTable;
 		request.acceptablePolicies = args.acceptablePolicies;
 
-		$._requestHandler.sendCommand(context, 'openXmlSignature', request);
+		$._requestHandler.sendCommand(context, 'openXmlSignature', request, $._processOpenResult);
 	    return context.promise;
 	};
 
@@ -1282,7 +1423,8 @@ LacunaWebPKI = function (license) {
 			subjectName: args.subjectName,
 			tokenSerialNumber: args.tokenSerialNumber,
 			keyLabel: args.keyLabel,
-			keySize: args.keySize
+			keySize: args.keySize,
+			enableUsedPkcs11Module: args.enableUsedPkcs11Module
 		};
 		$._handleP11ModulesArgs(args, request);
 		$._requestHandler.sendCommand(context, 'generateTokenRsaKeyPair', request);
@@ -1293,7 +1435,8 @@ LacunaWebPKI = function (license) {
 		var context = this._createContext(args);
 		var request = {
 			subjectName: args.subjectName,
-			keySize: args.keySize
+			keySize: args.keySize,
+			nonExportableKey: args.nonExportableKey
 		};
 		$._requestHandler.sendCommand(context, 'generateSoftwareRsaKeyPair', request);
 		return context.promise;
@@ -1306,7 +1449,8 @@ LacunaWebPKI = function (license) {
 			pkcs11Modules: $._getRequestOsP11Modules(args.pkcs11Modules),
 			tokenSerialNumber: args.tokenSerialNumber,
 			certificateContent: args.certificateContent,
-			certificateLabel: args.certificateLabel
+			certificateLabel: args.certificateLabel,
+			enableUsedPkcs11Module: args.enableUsedPkcs11Module
 		};
 		$._handleP11ModulesArgs(args, request);
 		$._requestHandler.sendCommand(context, 'importTokenCertificate', request);
@@ -1348,6 +1492,37 @@ LacunaWebPKI = function (license) {
 		return context.promise;
 	};
 
+	$.encrypt = function (args) {
+		var token = typeof args.token === 'object' ? args.token : null;
+		var context = this._createContext(args);
+		var request = {
+			certificateThumbprint: args.certificateThumbprint,
+			publicKey: args.publicKey,
+			privateKeyId: args.privateKeyId,
+			tokenSerialNumber: token ? token.serialNumber : null,
+			pkcs11Module: token ? token.pkcs11Module : null,
+			parameters: args.parameters,
+			data: args.data
+		};
+		$._requestHandler.sendCommand(context, 'encrypt', request);
+		return context.promise;
+	};
+
+	$.decrypt = function (args) {
+		var token = typeof args.token === 'object' ? args.token : null;
+		var context = this._createContext(args);
+		var request = {
+			certificateThumbprint: args.certificateThumbprint,
+			privateKeyId: args.privateKeyId,
+			tokenSerialNumber: token ? token.serialNumber : null,
+			pkcs11Module: token ? token.pkcs11Module : null,
+			parameters: args.parameters,
+			data: args.data
+		};
+		$._requestHandler.sendCommand(context, 'decrypt', request);
+		return context.promise;
+	};
+
 
 	// -------------------- Browser detection --------------------
 	// Based on http://stackoverflow.com/questions/2400935/browser-detection-in-javascript

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "web-pki",
-  "version": "2.15.2",
+  "version": "2.16.1",
   "description": "The Lacuna Web PKI component enables web applications to interact with digital certificates through javascript, without the need of Java.",
   "main": "lacuna-web-pki.js",
   "types": "lacuna-web-pki.d.ts",