Class CertificationRequest

Represents the CertificationRequest structure described in RFC2986

Example

The following example demonstrates how to parse PKCS#11 certification request and verify its challenge password extension and signature value

const pkcs10 = pkijs.CertificationRequest.fromBER(pkcs10Raw);

// Get and validate challenge password extension
if (pkcs10.attributes) {
  const attrExtensions = pkcs10.attributes.find(o => o.type === "1.2.840.113549.1.9.14"); // pkcs-9-at-extensionRequest
  if (attrExtensions) {
    const extensions = new pkijs.Extensions({ schema: attrExtensions.values[0] });
    for (const extension of extensions.extensions) {
      if (extension.extnID === "1.2.840.113549.1.9.7") { // pkcs-9-at-challengePassword
        const asn = asn1js.fromBER(extension.extnValue.valueBlock.valueHex);
        if (asn.result.valueBlock.value !== "passwordChallenge") {
          throw new Error("PKCS#11 certification request is invalid. Challenge password is incorrect");
        }
      }
    }
  }
}

// Verify signature value
const ok = await pkcs10.verify();
if (!ok) {
  throw Error("PKCS#11 certification request is invalid. Signature is wrong")
}

Example

The following example demonstrates how to create PKCS#11 certification request

// Get a "crypto" extension
const crypto = pkijs.getCrypto(true);

const pkcs10 = new pkijs.CertificationRequest();

pkcs10.subject.typesAndValues.push(new pkijs.AttributeTypeAndValue({
  type: "2.5.4.3",
  value: new asn1js.Utf8String({ value: "Test" })
}));


await pkcs10.subjectPublicKeyInfo.importKey(keys.publicKey);

pkcs10.attributes = [];

// Subject Alternative Name
const altNames = new pkijs.GeneralNames({
  names: [
    new pkijs.GeneralName({ // email
      type: 1,
      value: "[email protected]"
    }),
    new pkijs.GeneralName({ // domain
      type: 2,
      value: "www.domain.com"
    }),
  ]
});

// SubjectKeyIdentifier
const subjectKeyIdentifier = await crypto.digest({ name: "SHA-1" }, pkcs10.subjectPublicKeyInfo.subjectPublicKey.valueBlock.valueHex);

pkcs10.attributes.push(new pkijs.Attribute({
  type: "1.2.840.113549.1.9.14", // pkcs-9-at-extensionRequest
  values: [(new pkijs.Extensions({
    extensions: [
      new pkijs.Extension({
        extnID: "2.5.29.14", // id-ce-subjectKeyIdentifier
        critical: false,
        extnValue: (new asn1js.OctetString({ valueHex: subjectKeyIdentifier })).toBER(false)
      }),
      new pkijs.Extension({
        extnID: "2.5.29.17", // id-ce-subjectAltName
        critical: false,
        extnValue: altNames.toSchema().toBER(false)
      }),
      new pkijs.Extension({
        extnID: "1.2.840.113549.1.9.7", // pkcs-9-at-challengePassword
        critical: false,
        extnValue: (new asn1js.PrintableString({ value: "passwordChallenge" })).toBER(false)
      })
    ]
  })).toSchema()]
}));

// Signing final PKCS#10 request
await pkcs10.sign(keys.privateKey, "SHA-256");

const pkcs10Raw = pkcs10.toSchema(true).toBER();

Hierarchy

Implements

Constructors

constructor

Properties

attributes? signatureAlgorithm signatureValue subject subjectPublicKeyInfo tbsView version CLASS_NAME

Accessors

className tbs

Methods

encodeTBS fromSchema getPublicKey sign toJSON toSchema toString verify blockName defaultValues fromBER schema

Constructors

constructor

Properties

Optional attributes

attributes?: Attribute[]

Collection of attributes providing additional information about the subject of the certificate

signatureAlgorithm

signatureAlgorithm: AlgorithmIdentifier

signature algorithm (and any associated parameters) under which the certification-request information is signed

signatureValue

signatureValue: BitString

result of signing the certification request information with the certification request subject's private key

subject

subject: RelativeDistinguishedNames

Distinguished name of the certificate subject

subjectPublicKeyInfo

subjectPublicKeyInfo: PublicKeyInfo

Information about the public key being certified

tbsView

tbsView: Uint8Array

version

version: number

Version number. It should be 0

Static CLASS_NAME

CLASS_NAME: string = "CertificationRequest"

Name of the class

Accessors

className

  • get className(): string

  • Returns string

tbs

Methods

Protected encodeTBS

fromSchema

getPublicKey

sign

  • Makes signature for current certification request

    Parameters

    • privateKey: CryptoKey

      WebCrypto private key

    • hashAlgorithm: string = "SHA-1"

      String representing current hashing algorithm

    • crypto: ICryptoEngine = ...

      Crypto engine

    Returns Promise<void>

toJSON

toSchema

  • Converts current object to ASN.1 object and sets correct values

    Returns

    ASN.1 object

    Parameters

    • encodeFlag: boolean = false

      If param equal to false then creates schema via decoding stored value. In other case creates schema via assembling from cached parts

    Returns Sequence

toString

  • Parameters

    • encoding: "base64" | "base64url" | "hex" = "hex"

    Returns string

verify

Static blockName

Static defaultValues

Static fromBER

  • Creates PKI object from the raw data

    Returns

    Initialized and filled current class object

    Type Parameters

    Parameters

    • this: PkiObjectConstructor<T>
    • raw: BufferSource

      ASN.1 encoded raw data

    Returns T

Static schema

Settings

Member Visibility

Theme

Generated using TypeDoc