Class PKCS10Generator

Object
   |
   +--PKCS10Generator

class PKCS10Generator

Class implementing a PKCS#10 certificate request
Defined in pkcs10.js

Field Detail

crypto

Object crypto

cRLSign

<static> Object cRLSign

dataEncipherment

<static> Object dataEncipherment

decipherOnly

<static> Object decipherOnly

digitalSignature

<static> Object digitalSignature

encipherOnly

<static> Object encipherOnly

keyAgreement

<static> Object keyAgreement

keyCertSign

<static> Object keyCertSign

keyEncipherment

<static> Object keyEncipherment

nonRepudiation

<static> Object nonRepudiation

PKCS10Generator

PKCS10Generator(<Crypto> crypto)

Create a PKCS#10 certificate request

Parameters:
crypto - the crypto provider to use for signing operations

addBasicConstraintsExtension

void addBasicConstraintsExtension(<Boolean> cA, <Number> pathLenConstraint)

Adds the BasicConstraints extension.

Parameters:
cA - the certificate belongs to a CA
pathLenConstraint - the maximum number of subordinate CA certificates

addExtendedKeyUsageExtension

void addExtendedKeyUsageExtension(keyusages)

Adds extended key usages

Parameters:
the - list of extended key usage object identifier

addExtension

void addExtension(<String> extnID, extnValue)

Adds an extension to the certificate

The structure is defined as:

    Extension  ::=  SEQUENCE  {
        extnID      OBJECT IDENTIFIER,
        extnValue   OCTET STRING
                    -- contains the DER encoding of an ASN.1 value
                    -- corresponding to the extension type identified
                    -- by extnID
        }

Parameters:
extnID - the extensions object identifier
the - extension value as ByteString

addKeyUsageExtension

void addKeyUsageExtension(flags)

Adds the key usage extension.

The following flags are defined:

 PKCS10Generator.digitalSignature = 0x0080;
 PKCS10Generator.nonRepudiation   = 0x0040;
 PKCS10Generator.keyEncipherment  = 0x0020;
 PKCS10Generator.dataEncipherment = 0x0010;
 PKCS10Generator.keyAgreement     = 0x0008;
 PKCS10Generator.keyCertSign      = 0x0004;
 PKCS10Generator.cRLSign          = 0x0002;
 PKCS10Generator.encipherOnly     = 0x0001;
 PKCS10Generator.decipherOnly     = 0x8000;
 

Parameters:
the - key usage flags as combination of the flags defined above.

generateCertificationRequest

ASN1 generateCertificationRequest(privateKey)

Generates the certificate.

Returns:
the generated certificate

getAttributes

ASN1 getAttributes()

Gets the attributes as TLV object

Returns:
the request attributes

getExtensions

ASN1 getExtensions()

Gets the extension attribute as TLV object

Returns:
the certificate extensions

getSignatureAlgorithm

ASN1 getSignatureAlgorithm()

Gets the signature algorithm TLV object

Returns:
the signature algorithm object

getSubject

ASN1 getSubject()

Gets the subject name as TLV object

Returns:
the issuer RDNSequence

getSubjectPublicKeyInfo

ASN1 getSubjectPublicKeyInfo()

Gets the subject's public key as TLV object

Returns:
the subject's public key info

getTbsRequest

ASN1 getTbsRequest()

Gets the part of the request that will be signed

Returns:
the TBSCertificate part

reset

void reset()

Resets all internal state variables.

setPublicKey

void setPublicKey(<Key> publicKey)

Sets the subjects public key

The methods accepts ECC and RSA Public Keys.

Parameters:
publicKey - the subjects public key

setSignatureAlgorithm

void setSignatureAlgorithm(<Number> alg)

Sets the signature algorithm. Currently only Crypto.RSA is supported

Parameters:
alg - the signature algorithm, only Crypto.RSA supported

setSubject

void setSubject(<Object> subject)

Sets the subject name.

The subject name must be a JavaScript object containing the properties:

• C - the country
• O - the organization
• OU - the organization unit
• CN - the common name

Example:

	var subject = { C:"UT", O:"ACME Corporation", CN:"Joe Doe" };
 

Parameters:
subject - the subject name

See:
- PKIXCommon.encodeName()