CertificationRequest
Represents the CertificationRequest structure described in RFC2986
Examples
and verify its challenge password extension and signature value
const pkcs10 = pkijs.CertificationRequest.fromBER(pkcs10Raw);
// Get and validate challenge password extension
if (pkcs10.attributes) {
const attrExtensions = pkcs10.attributes.find(o => o.type === "1.2.840.113549.1.9.14"); // pkcs-9-at-extensionRequest
if (attrExtensions) {
const extensions = new pkijs.Extensions({ schema: attrExtensions.values[0] });
for (const extension of extensions.extensions) {
if (extension.extnID === "1.2.840.113549.1.9.7") { // pkcs-9-at-challengePassword
const asn = asn1js.fromBER(extension.extnValue.valueBlock.valueHex);
if (asn.result.valueBlock.value !== "passwordChallenge") {
throw new Error("PKCS#11 certification request is invalid. Challenge password is incorrect");
}
}
}
}
}
// Verify signature value
const ok = await pkcs10.verify();
if (!ok) {
throw Error("PKCS#11 certification request is invalid. Signature is wrong")
}
// Get a "crypto" extension
const crypto = pkijs.getCrypto(true);
const pkcs10 = new pkijs.CertificationRequest();
pkcs10.subject.typesAndValues.push(new pkijs.AttributeTypeAndValue({
type: "2.5.4.3",
value: new asn1js.Utf8String({ value: "Test" })
}));
await pkcs10.subjectPublicKeyInfo.importKey(keys.publicKey);
pkcs10.attributes = [];
// Subject Alternative Name
const altNames = new pkijs.GeneralNames({
names: [
new pkijs.GeneralName({ // email
type: 1,
value: "[email protected]"
}),
new pkijs.GeneralName({ // domain
type: 2,
value: "www.domain.com"
}),
]
});
// SubjectKeyIdentifier
const subjectKeyIdentifier = await crypto.digest({ name: "SHA-1" }, pkcs10.subjectPublicKeyInfo.subjectPublicKey.valueBlock.valueHex);
pkcs10.attributes.push(new pkijs.Attribute({
type: "1.2.840.113549.1.9.14", // pkcs-9-at-extensionRequest
values: [(new pkijs.Extensions({
extensions: [
new pkijs.Extension({
extnID: "2.5.29.14", // id-ce-subjectKeyIdentifier
critical: false,
extnValue: (new asn1js.OctetString({ valueHex: subjectKeyIdentifier })).toBER(false)
}),
new pkijs.Extension({
extnID: "2.5.29.17", // id-ce-subjectAltName
critical: false,
extnValue: altNames.toSchema().toBER(false)
}),
new pkijs.Extension({
extnID: "1.2.840.113549.1.9.7", // pkcs-9-at-challengePassword
critical: false,
extnValue: (new asn1js.PrintableString({ value: "passwordChallenge" })).toBER(false)
})
]
})).toSchema()]
}));
// Signing final PKCS#10 request
await pkcs10.sign(keys.privateKey, "SHA-256");
const pkcs10Raw = pkcs10.toSchema(true).toBER();
Extends
Implements
Constructors
new CertificationRequest()
new CertificationRequest(
parameters):CertificationRequest
Initializes a new instance of the CertificationRequest class
Parameters
• parameters: CertificationRequestParameters = {}
Initialization parameters
Returns
Overrides
Properties
attributes?
optionalattributes:Attribute[]
Collection of attributes providing additional information about the subject of the certificate
Implementation of
ICertificationRequest.attributes
signatureAlgorithm
signatureAlgorithm:
AlgorithmIdentifier
signature algorithm (and any associated parameters) under which the certification-request information is signed
Implementation of
ICertificationRequest.signatureAlgorithm
signatureValue
signatureValue:
BitString
result of signing the certification request information with the certification request subject's private key
Implementation of
ICertificationRequest.signatureValue
subject
subject:
RelativeDistinguishedNames
Distinguished name of the certificate subject
Implementation of
subjectPublicKeyInfo
subjectPublicKeyInfo:
PublicKeyInfo
Information about the public key being certified
Implementation of
ICertificationRequest.subjectPublicKeyInfo
tbsView
tbsView:
Uint8Array
version
version:
number
Version number. It should be 0
Implementation of
CLASS_NAME
staticCLASS_NAME:string="CertificationRequest"
Name of the class
Overrides
Accessors
className
getclassName():string
Returns
string
Inherited from
tbs
gettbs():ArrayBuffer
Deprecated
Since version 3.0.0
settbs(value):void
Deprecated
Since version 3.0.0
Parameters
• value: ArrayBuffer
Returns
ArrayBuffer
Value being signed
Implementation of
Methods
encodeTBS()
protectedencodeTBS():Sequence
Aux function making ASN1js Sequence from current TBS
Returns
Sequence
fromSchema()
fromSchema(
schema):void
Converts parsed ASN.1 object into current class
Parameters
• schema: any
ASN.1 schema
Returns
void
Overrides
getPublicKey()
getPublicKey(
parameters?,crypto?):Promise<CryptoKey>
Importing public key for current certificate request
Parameters
• parameters?: CryptoEnginePublicKeyParams
• crypto?: ICryptoEngine = ...
Crypto engine
Returns
Promise<CryptoKey>
WebCrypt public key
sign()
sign(
privateKey,hashAlgorithm,crypto):Promise<void>
Makes signature for current certification request
Parameters
• privateKey: CryptoKey
WebCrypto private key
• hashAlgorithm: string = "SHA-1"
String representing current hashing algorithm
• crypto: ICryptoEngine = ...
Crypto engine
Returns
Promise<void>
toJSON()
toJSON():
CertificationRequestJson
Converts the class to JSON object
Returns
JSON object
Overrides
toSchema()
toSchema(
encodeFlag):Sequence
Converts current object to ASN.1 object and sets correct values
Parameters
• encodeFlag: boolean = false
If param equal to false then creates schema via decoding stored value. In other case creates schema via assembling from cached parts
Returns
Sequence
ASN.1 object
Overrides
toString()
toString(
encoding):string
Parameters
• encoding: "base64" | "base64url" | "hex" = "hex"
Returns
string
Inherited from
verify()
verify(
crypto):Promise<boolean>
Verify existing certification request signature
Parameters
• crypto: ICryptoEngine = ...
Crypto engine
Returns
Promise<boolean>
Returns true if signature value is valid, otherwise false
blockName()
staticblockName():string
Returns block name
Returns
string
Returns string block name
Inherited from
defaultValues()
defaultValues(memberName)
staticdefaultValues(memberName):ArrayBuffer
Returns default values for all class members
Parameters
• memberName: "tbs"
String name for a class member
Returns
ArrayBuffer
Default value
Overrides
defaultValues(memberName)
staticdefaultValues(memberName):number
Returns default values for all class members
Parameters
• memberName: "version"
String name for a class member
Returns
number
Default value
Overrides
PkiObject.defaultValues
defaultValues(memberName)
staticdefaultValues(memberName):RelativeDistinguishedNames
Returns default values for all class members
Parameters
• memberName: "subject"
String name for a class member
Returns
Default value
Overrides
PkiObject.defaultValues
defaultValues(memberName)
staticdefaultValues(memberName):PublicKeyInfo
Returns default values for all class members
Parameters
• memberName: "subjectPublicKeyInfo"
String name for a class member
Returns
Default value
Overrides
PkiObject.defaultValues
defaultValues(memberName)
staticdefaultValues(memberName):Attribute[]
Returns default values for all class members
Parameters
• memberName: "attributes"
String name for a class member
Returns
Default value
Overrides
PkiObject.defaultValues
defaultValues(memberName)
staticdefaultValues(memberName):AlgorithmIdentifier
Returns default values for all class members
Parameters
• memberName: "signatureAlgorithm"
String name for a class member
Returns
Default value
Overrides
PkiObject.defaultValues
defaultValues(memberName)
staticdefaultValues(memberName):BitString
Returns default values for all class members
Parameters
• memberName: "signatureValue"
String name for a class member
Returns
BitString
Default value
Overrides
PkiObject.defaultValues
fromBER()
staticfromBER<T>(this,raw):T
Creates PKI object from the raw data
Type Parameters
• T extends PkiObject
Parameters
• this: PkiObjectConstructor<T>
• raw: BufferSource
ASN.1 encoded raw data
Returns
T
Initialized and filled current class object
Inherited from
schema()
staticschema(parameters):any
Returns value of pre-defined ASN.1 schema for current class
Parameters
• parameters: SchemaParameters<object> = {}
Input parameters for the schema
Returns
any
ASN.1 schema object