Class: Certificate
Represents an X.509 certificate described in RFC5280 Section 4.
Example
The following example demonstrates how to parse X.509 Certificate
const asn1 = asn1js.fromBER(raw);
if (asn1.offset === -1) {
throw new Error("Incorrect encoded ASN.1 data");
}
const cert = new pkijs.Certificate({ schema: asn1.result });
Example
The following example demonstrates how to create self-signed certificate
const crypto = pkijs.getCrypto(true);
// Create certificate
const certificate = new pkijs.Certificate();
certificate.version = 2;
certificate.serialNumber = new asn1js.Integer({ value: 1 });
certificate.issuer.typesAndValues.push(new pkijs.AttributeTypeAndValue({
type: "2.5.4.3", // Common name
value: new asn1js.BmpString({ value: "Test" })
}));
certificate.subject.typesAndValues.push(new pkijs.AttributeTypeAndValue({
type: "2.5.4.3", // Common name
value: new asn1js.BmpString({ value: "Test" })
}));
certificate.notBefore.value = new Date();
const notAfter = new Date();
notAfter.setUTCFullYear(notAfter.getUTCFullYear() + 1);
certificate.notAfter.value = notAfter;
certificate.extensions = []; // Extensions are not a part of certificate by default, it's an optional array
// "BasicConstraints" extension
const basicConstr = new pkijs.BasicConstraints({
cA: true,
pathLenConstraint: 3
});
certificate.extensions.push(new pkijs.Extension({
extnID: "2.5.29.19",
critical: false,
extnValue: basicConstr.toSchema().toBER(false),
parsedValue: basicConstr // Parsed value for well-known extensions
}));
// "KeyUsage" extension
const bitArray = new ArrayBuffer(1);
const bitView = new Uint8Array(bitArray);
bitView[0] |= 0x02; // Key usage "cRLSign" flag
bitView[0] |= 0x04; // Key usage "keyCertSign" flag
const keyUsage = new asn1js.BitString({ valueHex: bitArray });
certificate.extensions.push(new pkijs.Extension({
extnID: "2.5.29.15",
critical: false,
extnValue: keyUsage.toBER(false),
parsedValue: keyUsage // Parsed value for well-known extensions
}));
const algorithm = pkijs.getAlgorithmParameters("RSASSA-PKCS1-v1_5", "generateKey");
if ("hash" in algorithm.algorithm) {
algorithm.algorithm.hash.name = "SHA-256";
}
const keys = await crypto.generateKey(algorithm.algorithm, true, algorithm.usages);
// Exporting public key into "subjectPublicKeyInfo" value of certificate
await certificate.subjectPublicKeyInfo.importKey(keys.publicKey);
// Signing final certificate
await certificate.sign(keys.privateKey, "SHA-256");
const raw = certificate.toSchema().toBER();
Hierarchy
-
↳
Certificate
Implements
Constructors
constructor
• new Certificate(parameters?
): Certificate
Initializes a new instance of the Certificate class
Parameters
Name | Type | Description |
---|---|---|
parameters | CertificateParameters | Initialization parameters |
Returns
Overrides
Properties
extensions
• Optional
extensions: Extension
[]
If present, this field is a SEQUENCE of one or more certificate extensions
Implementation of
issuer
• issuer: RelativeDistinguishedNames
The issuer field identifies the entity that has signed and issued the certificate
Implementation of
issuerUniqueID
• Optional
issuerUniqueID: ArrayBuffer
The subject and issuer unique identifiers are present in the certificate to handle the possibility of reuse of subject and/or issuer names over time
Implementation of
notAfter
• notAfter: Time
The date on which the certificate validity period ends
Implementation of
notBefore
• notBefore: Time
The date on which the certificate validity period begins
Implementation of
serialNumber
• serialNumber: Integer
Serial number of the certificate
Implementation of
signature
• signature: AlgorithmIdentifier
This field contains the algorithm identifier for the algorithm used by the CA to sign the certificate
Implementation of
signatureAlgorithm
• signatureAlgorithm: AlgorithmIdentifier
The signatureAlgorithm field contains the identifier for the cryptographic algorithm used by the CA to sign this certificate
Implementation of
ICertificate.signatureAlgorithm
signatureValue
• signatureValue: BitString
The signatureValue field contains a digital signature computed upon the ASN.1 DER encoded tbsCertificate
Implementation of
subject
• subject: RelativeDistinguishedNames
The subject field identifies the entity associated with the public key stored in the subject public key field
Implementation of
subjectPublicKeyInfo
• subjectPublicKeyInfo: PublicKeyInfo
This field is used to carry the public key and identify the algorithm with which the key is used
Implementation of
ICertificate.subjectPublicKeyInfo
subjectUniqueID
• Optional
subjectUniqueID: ArrayBuffer
The subject and issuer unique identifiers are present in the certificate to handle the possibility of reuse of subject and/or issuer names over time
Implementation of
tbsView
• tbsView: Uint8Array
version
• version: number
Version number
Implementation of
CLASS_NAME
▪ Static
CLASS_NAME: string
= "Certificate"
Name of the class
Overrides
Accessors
className
• get
className(): string
Returns
string
Inherited from
PkiObject.className
tbs
• get
tbs(): ArrayBuffer
Returns
ArrayBuffer
Deprecated
Since version 3.0.0
Implementation of
• set
tbs(value
): void
Parameters
Name | Type |
---|---|
value | ArrayBuffer |
Returns
void
Deprecated
Since version 3.0.0
Implementation of
Methods
encodeTBS
▸ encodeTBS(): Sequence
Creates ASN.1 schema for existing values of TBS part for the certificate
Returns
Sequence
ASN.1 SEQUENCE
fromSchema
▸ fromSchema(schema
): void
Converts parsed ASN.1 object into current class
Parameters
Name | Type | Description |
---|---|---|
schema | any | ASN.1 schema |
Returns
void
Overrides
getKeyHash
▸ getKeyHash(hashAlgorithm?
, crypto?
): Promise
<ArrayBuffer
>
Get hash value for subject public key (default SHA-1)
Parameters
Name | Type | Default value | Description |
---|---|---|---|
hashAlgorithm | string | "SHA-1" | Hashing algorithm name |
crypto | ICryptoEngine | undefined | Crypto engine |
Returns
Promise
<ArrayBuffer
>
Computed hash value from Certificate.tbsCertificate.subjectPublicKeyInfo.subjectPublicKey
getPublicKey
▸ getPublicKey(parameters?
, crypto?
): Promise
<CryptoKey
>
Importing public key for current certificate
Parameters
Name | Type | Description |
---|---|---|
parameters? | CryptoEnginePublicKeyParams | Public key export parameters |
crypto | ICryptoEngine | Crypto engine |
Returns
Promise
<CryptoKey
>
WebCrypto public key
sign
▸ sign(privateKey
, hashAlgorithm?
, crypto?
): Promise
<void
>
Make a signature for current value from TBS section
Parameters
Name | Type | Default value | Description |
---|---|---|---|
privateKey | CryptoKey | undefined | Private key for SUBJECT_PUBLIC_KEY_INFO structure |
hashAlgorithm | string | "SHA-1" | Hashing algorithm |
crypto | ICryptoEngine | undefined | Crypto engine |
Returns
Promise
<void
>
toJSON
▸ toJSON(): CertificateJson
Converts the class to JSON object
Returns
JSON object
Overrides
toSchema
▸ toSchema(encodeFlag?
): Sequence
Converts current object to ASN.1 object and sets correct values
Parameters
Name | Type | Default value | Description |
---|---|---|---|
encodeFlag | boolean | false | If param equal to false then creates schema via decoding stored value. In other case creates schema via assembling from cached parts |
Returns
Sequence
ASN.1 object
Overrides
toString
▸ toString(encoding?
): string
Parameters
Name | Type | Default value |
---|---|---|
encoding | "base64" | "base64url" | "hex" | "hex" |
Returns
string
Inherited from
verify
▸ verify(issuerCertificate?
, crypto?
): Promise
<boolean
>
Verifies the certificate signature
Parameters
Name | Type | Description |
---|---|---|
issuerCertificate? | Certificate | |
crypto | ICryptoEngine | Crypto engine |
Returns
Promise
<boolean
>
blockName
▸ blockName(): string
Returns block name
Returns
string
Returns string block name
Inherited from
defaultValues
▸ defaultValues(memberName
): ArrayBuffer
Return default values for all class members
Parameters
Name | Type | Description |
---|---|---|
memberName | "tbs" | String name for a class member |
Returns
ArrayBuffer
Predefined default value
Overrides
▸ defaultValues(memberName
): number
Parameters
Name | Type |
---|---|
memberName | "version" |
Returns
number
Overrides
PkiObject.defaultValues
▸ defaultValues(memberName
): Integer
Parameters
Name | Type |
---|---|
memberName | "serialNumber" |
Returns
Integer
Overrides
PkiObject.defaultValues
▸ defaultValues(memberName
): AlgorithmIdentifier
Parameters
Name | Type |
---|---|
memberName | "signature" |
Returns
Overrides
PkiObject.defaultValues
▸ defaultValues(memberName
): RelativeDistinguishedNames
Parameters
Name | Type |
---|---|
memberName | "issuer" |
Returns
Overrides
PkiObject.defaultValues
▸ defaultValues(memberName
): Time
Parameters
Name | Type |
---|---|
memberName | "notBefore" |
Returns
Overrides
PkiObject.defaultValues
▸ defaultValues(memberName
): Time
Parameters
Name | Type |
---|---|
memberName | "notAfter" |
Returns
Overrides
PkiObject.defaultValues
▸ defaultValues(memberName
): RelativeDistinguishedNames
Parameters
Name | Type |
---|---|
memberName | "subject" |
Returns
Overrides
PkiObject.defaultValues
▸ defaultValues(memberName
): PublicKeyInfo
Parameters
Name | Type |
---|---|
memberName | "subjectPublicKeyInfo" |
Returns
Overrides
PkiObject.defaultValues
▸ defaultValues(memberName
): ArrayBuffer
Parameters
Name | Type |
---|---|
memberName | "issuerUniqueID" |
Returns
ArrayBuffer
Overrides
PkiObject.defaultValues
▸ defaultValues(memberName
): ArrayBuffer
Parameters
Name | Type |
---|---|
memberName | "subjectUniqueID" |
Returns
ArrayBuffer
Overrides
PkiObject.defaultValues
▸ defaultValues(memberName
): Extension
[]
Parameters
Name | Type |
---|---|
memberName | "extensions" |
Returns
Overrides
PkiObject.defaultValues
▸ defaultValues(memberName
): AlgorithmIdentifier
Parameters
Name | Type |
---|---|
memberName | "signatureAlgorithm" |
Returns
Overrides
PkiObject.defaultValues
▸ defaultValues(memberName
): BitString
Parameters
Name | Type |
---|---|
memberName | "signatureValue" |
Returns
BitString
Overrides
PkiObject.defaultValues
fromBER
▸ fromBER<T
>(this
, raw
): T
Creates PKI object from the raw data
Type parameters
Name | Type |
---|---|
T | extends PkiObject |
Parameters
Name | Type | Description |
---|---|---|
this | PkiObjectConstructor <T > | - |
raw | BufferSource | ASN.1 encoded raw data |
Returns
T
Initialized and filled current class object
Inherited from
schema
▸ schema(parameters?
): any
Returns value of pre-defined ASN.1 schema for current class
Parameters
Name | Type | Description |
---|---|---|
parameters | CertificateSchema | Input parameters for the schema |
Returns
any
ASN.1 schema object