CertificateChainValidationEngine
Represents a chain-building engine for Certificate certificates.
Example
const rootCa = pkijs.Certificate.fromBER(certRaw1);
const intermediateCa = pkijs.Certificate.fromBER(certRaw2);
const leafCert = pkijs.Certificate.fromBER(certRaw3);
const crl1 = pkijs.CertificateRevocationList.fromBER(crlRaw1);
const ocsp1 = pkijs.BasicOCSPResponse.fromBER(ocspRaw1);
const chainEngine = new pkijs.CertificateChainValidationEngine({
certs: [rootCa, intermediateCa, leafCert],
crls: [crl1],
ocsps: [ocsp1],
checkDate: new Date("2015-07-13"), // optional
trustedCerts: [rootCa],
});
const chain = await chainEngine.verify();
Constructors
new CertificateChainValidationEngine()
new CertificateChainValidationEngine(
parameters):CertificateChainValidationEngine
Constructor for CertificateChainValidationEngine class
Parameters
• parameters: CertificateChainValidationEngineParameters = {}
Returns
CertificateChainValidationEngine
Properties
certs
certs:
Certificate[]
Array with certificate chain. Could be only one end-user certificate in there!
checkDate
checkDate:
Date
The date at which the check would be
crls
crls:
CertificateRevocationList[]
Array of all CRLs for all certificates from certificate chain
findIssuer
findIssuer:
FindIssuerCallback
The date at which the check would be
findOrigin
findOrigin:
FindOriginCallback
The date at which the check would be
ocsps
ocsps:
BasicOCSPResponse[]
Array of all OCSP responses
trustedCerts
trustedCerts:
Certificate[]
Array of pre-defined trusted (by user) certificates
Methods
defaultFindIssuer()
defaultFindIssuer(
certificate,validationEngine,crypto):Promise<Certificate[]>
Parameters
• certificate: Certificate
• validationEngine: CertificateChainValidationEngine
• crypto: ICryptoEngine = ...
Returns
Promise<Certificate[]>
defaultValues()
defaultValues(memberName)
defaultValues(
memberName):Certificate[]
Returns default values for all class members
Parameters
• memberName: "trustedCerts"
String name for a class member
Returns
Default value
defaultValues(memberName)
defaultValues(
memberName):Certificate[]
Parameters
• memberName: "certs"
Returns
defaultValues(memberName)
defaultValues(
memberName):CertificateRevocationList[]
Parameters
• memberName: "crls"
Returns
defaultValues(memberName)
defaultValues(
memberName):BasicOCSPResponse[]
Parameters
• memberName: "ocsps"
Returns
defaultValues(memberName)
defaultValues(
memberName):Date
Parameters
• memberName: "checkDate"
Returns
Date
defaultValues(memberName)
defaultValues(
memberName):FindOriginCallback
Parameters
• memberName: "findOrigin"
Returns
defaultValues(memberName)
defaultValues(
memberName):FindIssuerCallback
Parameters
• memberName: "findIssuer"
Returns
sort()
sort(
passedWhenNotRevValues,crypto):Promise<Certificate[]>
Parameters
• passedWhenNotRevValues: boolean = false
• crypto: ICryptoEngine = ...
Returns
Promise<Certificate[]>
verify()
verify(
parameters,crypto):Promise<CertificateChainValidationEngineVerifyResult>
Major verification function for certificate chain.
Parameters
• parameters: CertificateChainValidationEngineVerifyParams = {}
• crypto: ICryptoEngine = ...
Crypto engine
Returns
Promise<CertificateChainValidationEngineVerifyResult>
defaultFindOrigin()
staticdefaultFindOrigin(certificate,validationEngine):string
Parameters
• certificate: Certificate
• validationEngine: CertificateChainValidationEngine
Returns
string