Class: CertificateChainValidationEngine
Represents a chain-building engine for Certificate certificates.
Example
const rootCa = pkijs.Certificate.fromBER(certRaw1);
const intermediateCa = pkijs.Certificate.fromBER(certRaw2);
const leafCert = pkijs.Certificate.fromBER(certRaw3);
const crl1 = pkijs.CertificateRevocationList.fromBER(crlRaw1);
const ocsp1 = pkijs.BasicOCSPResponse.fromBER(ocspRaw1);
const chainEngine = new pkijs.CertificateChainValidationEngine({
certs: [rootCa, intermediateCa, leafCert],
crls: [crl1],
ocsps: [ocsp1],
checkDate: new Date("2015-07-13"), // optional
trustedCerts: [rootCa],
});
const chain = await chainEngine.verify();
Constructors
constructor
• new CertificateChainValidationEngine(parameters?): CertificateChainValidationEngine
Constructor for CertificateChainValidationEngine class
Parameters
| Name | Type |
|---|---|
parameters | CertificateChainValidationEngineParameters |
Returns
CertificateChainValidationEngine
Properties
certs
• certs: Certificate[]
Array with certificate chain. Could be only one end-user certificate in there!
checkDate
• checkDate: Date
The date at which the check would be
crls
• crls: CertificateRevocationList[]
Array of all CRLs for all certificates from certificate chain
findIssuer
• findIssuer: FindIssuerCallback
The date at which the check would be
findOrigin
• findOrigin: FindOriginCallback
The date at which the check would be
ocsps
• ocsps: BasicOCSPResponse[]
Array of all OCSP responses
trustedCerts
• trustedCerts: Certificate[]
Array of pre-defined trusted (by user) certificates
Methods
defaultFindIssuer
▸ defaultFindIssuer(certificate, validationEngine, crypto?): Promise<Certificate[]>
Parameters
| Name | Type |
|---|---|
certificate | Certificate |
validationEngine | CertificateChainValidationEngine |
crypto | ICryptoEngine |
Returns
Promise<Certificate[]>
defaultValues
▸ defaultValues(memberName): Certificate[]
Returns default values for all class members
Parameters
| Name | Type | Description |
|---|---|---|
memberName | "trustedCerts" | String name for a class member |
Returns
Default value
▸ defaultValues(memberName): Certificate[]
Parameters
| Name | Type |
|---|---|
memberName | "certs" |
Returns
▸ defaultValues(memberName): CertificateRevocationList[]
Parameters
| Name | Type |
|---|---|
memberName | "crls" |
Returns
▸ defaultValues(memberName): BasicOCSPResponse[]
Parameters
| Name | Type |
|---|---|
memberName | "ocsps" |
Returns
▸ defaultValues(memberName): Date
Parameters
| Name | Type |
|---|---|
memberName | "checkDate" |
Returns
Date
▸ defaultValues(memberName): FindOriginCallback
Parameters
| Name | Type |
|---|---|
memberName | "findOrigin" |
Returns
▸ defaultValues(memberName): FindIssuerCallback
Parameters
| Name | Type |
|---|---|
memberName | "findIssuer" |
Returns
sort
▸ sort(passedWhenNotRevValues?, crypto?): Promise<Certificate[]>
Parameters
| Name | Type | Default value |
|---|---|---|
passedWhenNotRevValues | boolean | false |
crypto | ICryptoEngine | undefined |
Returns
Promise<Certificate[]>
verify
▸ verify(parameters?, crypto?): Promise<CertificateChainValidationEngineVerifyResult>
Major verification function for certificate chain.
Parameters
| Name | Type | Description |
|---|---|---|
parameters | CertificateChainValidationEngineVerifyParams | |
crypto | ICryptoEngine | Crypto engine |
Returns
Promise<CertificateChainValidationEngineVerifyResult>
defaultFindOrigin
▸ defaultFindOrigin(certificate, validationEngine): string
Parameters
| Name | Type |
|---|---|
certificate | Certificate |
validationEngine | CertificateChainValidationEngine |
Returns
string