Class: CertificationRequest
Represents the CertificationRequest structure described in RFC2986
Example
The following example demonstrates how to parse PKCS#11 certification request and verify its challenge password extension and signature value
const pkcs10 = pkijs.CertificationRequest.fromBER(pkcs10Raw);
// Get and validate challenge password extension
if (pkcs10.attributes) {
const attrExtensions = pkcs10.attributes.find(o => o.type === "1.2.840.113549.1.9.14"); // pkcs-9-at-extensionRequest
if (attrExtensions) {
const extensions = new pkijs.Extensions({ schema: attrExtensions.values[0] });
for (const extension of extensions.extensions) {
if (extension.extnID === "1.2.840.113549.1.9.7") { // pkcs-9-at-challengePassword
const asn = asn1js.fromBER(extension.extnValue.valueBlock.valueHex);
if (asn.result.valueBlock.value !== "passwordChallenge") {
throw new Error("PKCS#11 certification request is invalid. Challenge password is incorrect");
}
}
}
}
}
// Verify signature value
const ok = await pkcs10.verify();
if (!ok) {
throw Error("PKCS#11 certification request is invalid. Signature is wrong")
}
Example
The following example demonstrates how to create PKCS#11 certification request
// Get a "crypto" extension
const crypto = pkijs.getCrypto(true);
const pkcs10 = new pkijs.CertificationRequest();
pkcs10.subject.typesAndValues.push(new pkijs.AttributeTypeAndValue({
type: "2.5.4.3",
value: new asn1js.Utf8String({ value: "Test" })
}));
await pkcs10.subjectPublicKeyInfo.importKey(keys.publicKey);
pkcs10.attributes = [];
// Subject Alternative Name
const altNames = new pkijs.GeneralNames({
names: [
new pkijs.GeneralName({ // email
type: 1,
value: "[email protected]"
}),
new pkijs.GeneralName({ // domain
type: 2,
value: "www.domain.com"
}),
]
});
// SubjectKeyIdentifier
const subjectKeyIdentifier = await crypto.digest({ name: "SHA-1" }, pkcs10.subjectPublicKeyInfo.subjectPublicKey.valueBlock.valueHex);
pkcs10.attributes.push(new pkijs.Attribute({
type: "1.2.840.113549.1.9.14", // pkcs-9-at-extensionRequest
values: [(new pkijs.Extensions({
extensions: [
new pkijs.Extension({
extnID: "2.5.29.14", // id-ce-subjectKeyIdentifier
critical: false,
extnValue: (new asn1js.OctetString({ valueHex: subjectKeyIdentifier })).toBER(false)
}),
new pkijs.Extension({
extnID: "2.5.29.17", // id-ce-subjectAltName
critical: false,
extnValue: altNames.toSchema().toBER(false)
}),
new pkijs.Extension({
extnID: "1.2.840.113549.1.9.7", // pkcs-9-at-challengePassword
critical: false,
extnValue: (new asn1js.PrintableString({ value: "passwordChallenge" })).toBER(false)
})
]
})).toSchema()]
}));
// Signing final PKCS#10 request
await pkcs10.sign(keys.privateKey, "SHA-256");
const pkcs10Raw = pkcs10.toSchema(true).toBER();
Hierarchy
-
↳
CertificationRequest
Implements
Constructors
constructor
• new CertificationRequest(parameters?): CertificationRequest
Initializes a new instance of the CertificationRequest class
Parameters
| Name | Type | Description |
|---|---|---|
parameters | CertificationRequestParameters | Initialization parameters |
Returns
Overrides
Properties
attributes
• Optional attributes: Attribute[]
Collection of attributes providing additional information about the subject of the certificate
Implementation of
ICertificationRequest.attributes
signatureAlgorithm
• signatureAlgorithm: AlgorithmIdentifier
signature algorithm (and any associated parameters) under which the certification-request information is signed
Implementation of
ICertificationRequest.signatureAlgorithm
signatureValue
• signatureValue: BitString
result of signing the certification request information with the certification request subject's private key
Implementation of
ICertificationRequest.signatureValue
subject
• subject: RelativeDistinguishedNames
Distinguished name of the certificate subject
Implementation of
subjectPublicKeyInfo
• subjectPublicKeyInfo: PublicKeyInfo
Information about the public key being certified
Implementation of
ICertificationRequest.subjectPublicKeyInfo
tbsView
• tbsView: Uint8Array
version
• version: number
Version number. It should be 0
Implementation of
CLASS_NAME
▪ Static CLASS_NAME: string = "CertificationRequest"
Name of the class
Overrides
Accessors
className
• get className(): string
Returns
string
Inherited from
PkiObject.className
tbs
• get tbs(): ArrayBuffer
Returns
ArrayBuffer
Deprecated
Since version 3.0.0
Implementation of
• set tbs(value): void
Parameters
| Name | Type |
|---|---|
value | ArrayBuffer |
Returns
void
Deprecated
Since version 3.0.0
Implementation of
Methods
encodeTBS
▸ encodeTBS(): Sequence
Aux function making ASN1js Sequence from current TBS
Returns
Sequence
fromSchema
▸ fromSchema(schema): void
Converts parsed ASN.1 object into current class
Parameters
| Name | Type | Description |
|---|---|---|
schema | any | ASN.1 schema |
Returns
void
Overrides
getPublicKey
▸ getPublicKey(parameters?, crypto?): Promise<CryptoKey>
Importing public key for current certificate request
Parameters
| Name | Type | Description |
|---|---|---|
parameters? | CryptoEnginePublicKeyParams | |
crypto | ICryptoEngine | Crypto engine |
Returns
Promise<CryptoKey>
WebCrypt public key
sign
▸ sign(privateKey, hashAlgorithm?, crypto?): Promise<void>
Makes signature for current certification request
Parameters
| Name | Type | Default value | Description |
|---|---|---|---|
privateKey | CryptoKey | undefined | WebCrypto private key |
hashAlgorithm | string | "SHA-1" | String representing current hashing algorithm |
crypto | ICryptoEngine | undefined | Crypto engine |
Returns
Promise<void>
toJSON
▸ toJSON(): CertificationRequestJson
Converts the class to JSON object
Returns
JSON object
Overrides
toSchema
▸ toSchema(encodeFlag?): Sequence
Converts current object to ASN.1 object and sets correct values
Parameters
| Name | Type | Default value | Description |
|---|---|---|---|
encodeFlag | boolean | false | If param equal to false then creates schema via decoding stored value. In other case creates schema via assembling from cached parts |
Returns
Sequence
ASN.1 object
Overrides
toString
▸ toString(encoding?): string
Parameters
| Name | Type | Default value |
|---|---|---|
encoding | "base64" | "base64url" | "hex" | "hex" |
Returns
string
Inherited from
verify
▸ verify(crypto?): Promise<boolean>
Verify existing certification request signature
Parameters
| Name | Type | Description |
|---|---|---|
crypto | ICryptoEngine | Crypto engine |
Returns
Promise<boolean>
Returns true if signature value is valid, otherwise false
blockName
▸ blockName(): string
Returns block name
Returns
string
Returns string block name
Inherited from
defaultValues
▸ defaultValues(memberName): ArrayBuffer
Returns default values for all class members
Parameters
| Name | Type | Description |
|---|---|---|
memberName | "tbs" | String name for a class member |
Returns
ArrayBuffer
Default value
Overrides
▸ defaultValues(memberName): number
Parameters
| Name | Type |
|---|---|
memberName | "version" |
Returns
number
Overrides
PkiObject.defaultValues
▸ defaultValues(memberName): RelativeDistinguishedNames
Parameters
| Name | Type |
|---|---|
memberName | "subject" |
Returns
Overrides
PkiObject.defaultValues
▸ defaultValues(memberName): PublicKeyInfo
Parameters
| Name | Type |
|---|---|
memberName | "subjectPublicKeyInfo" |
Returns
Overrides
PkiObject.defaultValues
▸ defaultValues(memberName): Attribute[]
Parameters
| Name | Type |
|---|---|
memberName | "attributes" |
Returns
Overrides
PkiObject.defaultValues
▸ defaultValues(memberName): AlgorithmIdentifier
Parameters
| Name | Type |
|---|---|
memberName | "signatureAlgorithm" |
Returns
Overrides
PkiObject.defaultValues
▸ defaultValues(memberName): BitString
Parameters
| Name | Type |
|---|---|
memberName | "signatureValue" |
Returns
BitString
Overrides
PkiObject.defaultValues
fromBER
▸ fromBER<T>(this, raw): T
Creates PKI object from the raw data
Type parameters
| Name | Type |
|---|---|
T | extends PkiObject |
Parameters
| Name | Type | Description |
|---|---|---|
this | PkiObjectConstructor<T> | - |
raw | BufferSource | ASN.1 encoded raw data |
Returns
T
Initialized and filled current class object
Inherited from
schema
▸ schema(parameters?): any
Returns value of pre-defined ASN.1 schema for current class
Parameters
| Name | Type | Description |
|---|---|---|
parameters | SchemaParameters<{ certificationRequestInfo?: CertificationRequestInfoParameters ; signatureAlgorithm?: string ; signatureValue?: string }> | Input parameters for the schema |
Returns
any
ASN.1 schema object