Class: CertificateChainValidationEngine
Represents a chain-building engine for Certificate certificates.
Example
const rootCa = pkijs.Certificate.fromBER(certRaw1);
const intermediateCa = pkijs.Certificate.fromBER(certRaw2);
const leafCert = pkijs.Certificate.fromBER(certRaw3);
const crl1 = pkijs.CertificateRevocationList.fromBER(crlRaw1);
const ocsp1 = pkijs.BasicOCSPResponse.fromBER(ocspRaw1);
const chainEngine = new pkijs.CertificateChainValidationEngine({
certs: [rootCa, intermediateCa, leafCert],
crls: [crl1],
ocsps: [ocsp1],
checkDate: new Date("2015-07-13"), // optional
trustedCerts: [rootCa],
});
const chain = await chainEngine.verify();
Constructors
constructor
• new CertificateChainValidationEngine(parameters?
): CertificateChainValidationEngine
Constructor for CertificateChainValidationEngine class
Parameters
Name | Type |
---|---|
parameters | CertificateChainValidationEngineParameters |
Returns
CertificateChainValidationEngine
Properties
certs
• certs: Certificate
[]
Array with certificate chain. Could be only one end-user certificate in there!
checkDate
• checkDate: Date
The date at which the check would be
crls
• crls: CertificateRevocationList
[]
Array of all CRLs for all certificates from certificate chain
findIssuer
• findIssuer: FindIssuerCallback
The date at which the check would be
findOrigin
• findOrigin: FindOriginCallback
The date at which the check would be
ocsps
• ocsps: BasicOCSPResponse
[]
Array of all OCSP responses
trustedCerts
• trustedCerts: Certificate
[]
Array of pre-defined trusted (by user) certificates
Methods
defaultFindIssuer
▸ defaultFindIssuer(certificate
, validationEngine
, crypto?
): Promise
<Certificate
[]>
Parameters
Name | Type |
---|---|
certificate | Certificate |
validationEngine | CertificateChainValidationEngine |
crypto | ICryptoEngine |
Returns
Promise
<Certificate
[]>
defaultValues
▸ defaultValues(memberName
): Certificate
[]
Returns default values for all class members
Parameters
Name | Type | Description |
---|---|---|
memberName | "trustedCerts" | String name for a class member |
Returns
Default value
▸ defaultValues(memberName
): Certificate
[]
Parameters
Name | Type |
---|---|
memberName | "certs" |
Returns
▸ defaultValues(memberName
): CertificateRevocationList
[]
Parameters
Name | Type |
---|---|
memberName | "crls" |
Returns
▸ defaultValues(memberName
): BasicOCSPResponse
[]
Parameters
Name | Type |
---|---|
memberName | "ocsps" |
Returns
▸ defaultValues(memberName
): Date
Parameters
Name | Type |
---|---|
memberName | "checkDate" |
Returns
Date
▸ defaultValues(memberName
): FindOriginCallback
Parameters
Name | Type |
---|---|
memberName | "findOrigin" |
Returns
▸ defaultValues(memberName
): FindIssuerCallback
Parameters
Name | Type |
---|---|
memberName | "findIssuer" |
Returns
sort
▸ sort(passedWhenNotRevValues?
, crypto?
): Promise
<Certificate
[]>
Parameters
Name | Type | Default value |
---|---|---|
passedWhenNotRevValues | boolean | false |
crypto | ICryptoEngine | undefined |
Returns
Promise
<Certificate
[]>
verify
▸ verify(parameters?
, crypto?
): Promise
<CertificateChainValidationEngineVerifyResult
>
Major verification function for certificate chain.
Parameters
Name | Type | Description |
---|---|---|
parameters | CertificateChainValidationEngineVerifyParams | |
crypto | ICryptoEngine | Crypto engine |
Returns
Promise
<CertificateChainValidationEngineVerifyResult
>
defaultFindOrigin
▸ defaultFindOrigin(certificate
, validationEngine
): string
Parameters
Name | Type |
---|---|
certificate | Certificate |
validationEngine | CertificateChainValidationEngine |
Returns
string