Working with certificate requests
In this example, you will see how to create a CSR, parse it and verify its signature.
import * as pkijs from 'pkijs';
import * as asn1js from 'asn1js';
// Get a "crypto" extension
const crypto = pkijs.getCrypto(true);
const pkcs10 = new pkijs.CertificationRequest();
pkcs10.subject.typesAndValues.push(new pkijs.AttributeTypeAndValue({
type: "2.5.4.3",
value: new asn1js.Utf8String({ value: "Test" })
}));
await pkcs10.subjectPublicKeyInfo.importKey(keys.publicKey);
pkcs10.attributes = [];
// Subject Alternative Name
const altNames = new pkijs.GeneralNames({
names: [
new pkijs.GeneralName({ // email
type: 1,
value: "[email protected]"
}),
new pkijs.GeneralName({ // domain
type: 2,
value: "www.domain.com"
}),
]
});
// SubjectKeyIdentifier
const subjectKeyIdentifier = await crypto.digest({ name: "SHA-1" }, pkcs10.subjectPublicKeyInfo.subjectPublicKey.valueBlock.valueHex);
pkcs10.attributes.push(new pkijs.Attribute({
type: "1.2.840.113549.1.9.14", // pkcs-9-at-extensionRequest
values: [(new pkijs.Extensions({
extensions: [
new pkijs.Extension({
extnID: "2.5.29.14", // id-ce-subjectKeyIdentifier
critical: false,
extnValue: (new asn1js.OctetString({ valueHex: subjectKeyIdentifier })).toBER(false)
}),
new pkijs.Extension({
extnID: "2.5.29.17", // id-ce-subjectAltName
critical: false,
extnValue: altNames.toSchema().toBER(false)
}),
new pkijs.Extension({
extnID: "1.2.840.113549.1.9.7", // pkcs-9-at-challengePassword
critical: false,
extnValue: (new asn1js.PrintableString({ value: "passwordChallenge" })).toBER(false)
})
]
})).toSchema()]
}));
// Signing final PKCS#10 request
await pkcs10.sign(keys.privateKey, "SHA-256");
const pkcs10Raw = pkcs10.toSchema(true).toBER();