Class X509CertificateGenerator

Object
   |
   +--X509CertificateGenerator

class X509CertificateGenerator

Class implementing a X.509 certificate generator
Defined in x509certificategenerator.js

Field Detail

crypto

Object crypto

encodeECDomainParameter

Object encodeECDomainParameter

cRLSign

<static> Object cRLSign

dataEncipherment

<static> Object dataEncipherment

decipherOnly

<static> Object decipherOnly

digitalSignature

<static> Object digitalSignature

encipherOnly

<static> Object encipherOnly

keyAgreement

<static> Object keyAgreement

keyCertSign

<static> Object keyCertSign

keyEncipherment

<static> Object keyEncipherment

nonRepudiation

<static> Object nonRepudiation

X509CertificateGenerator

X509CertificateGenerator(<Crypto> crypto)

Create a X.509 certificate generator.

Parameters:
crypto - the crypto provider to use for signing operations

addAuthorityKeyIdentifierExtension

void addAuthorityKeyIdentifierExtension(<Key> publicKey)

Adds the authority public key identifier extension based on the issuers key.

The key identifier is calculated as SHA-1 hash over the contents of the issuer public key (Without tag, length and number of unused bits.

Parameters:
publicKey - the authority subject key

addBasicConstraintsExtension

void addBasicConstraintsExtension(<Boolean> cA, <Number> pathLenConstraint)

Adds the BasicConstraints extension.

Parameters:
cA - the certificate belongs to a CA
pathLenConstraint - the maximum number of subordinate CA certificates

addCRLDistributionPointURL

void addCRLDistributionPointURL(<String[]> url)

Adds the CRL distribution point URLs.

Parameters:
url - a list of URLs

addExtendedKeyUsages

void addExtendedKeyUsages(<String[]> oids, <Boolean> critical)

Adds the extended key usage extension

Parameters:
oids - the list of object identifier names
critical - the extension is critical

addExtension

void addExtension(<String> extnID, <Boolean> critical, extnValue)

Adds an extension to the certificate

The structure is defined as:

    Extension  ::=  SEQUENCE  {
        extnID      OBJECT IDENTIFIER,
        critical    BOOLEAN DEFAULT FALSE,
        extnValue   OCTET STRING
                    -- contains the DER encoding of an ASN.1 value
                    -- corresponding to the extension type identified
                    -- by extnID
        }

Parameters:
extnID - the extensions object identifier
critical - the extension is critical
the - extension value as ByteString

addKeyUsageExtension

void addKeyUsageExtension(flags)

Adds the key usage extension.

The following flags are defined:

 PKIXCommon.digitalSignature = 0x0080;
 PKIXCommon.nonRepudiation   = 0x0040;
 PKIXCommon.keyEncipherment  = 0x0020;
 PKIXCommon.dataEncipherment = 0x0010;
 PKIXCommon.keyAgreement     = 0x0008;
 PKIXCommon.keyCertSign      = 0x0004;
 PKIXCommon.cRLSign          = 0x0002;
 PKIXCommon.encipherOnly     = 0x0001;
 PKIXCommon.decipherOnly     = 0x8000;
 

Parameters:
the - key usage flags as combination of the flags defined above.

addSubjectKeyIdentifierExtension

void addSubjectKeyIdentifierExtension()

Adds the subject public key identifier extension based on the certificates subject key.

The key identifier is calculated as SHA-1 hash over the contents of the subject public key (Without tag, length and number of unused bits.

generateX509Certificate

X509 generateX509Certificate(privateKey)

Generates the certificate.

Returns:
the generated certificate

getExtensions

ASN1 getExtensions()

Gets the certificate extension as TLV object

Returns:
the certificate extensions

getIssuer

ASN1 getIssuer()

Gets the issuer name as TLV object

Returns:
the issuer RDNSequence

getSignatureAlgorithm

ASN1 getSignatureAlgorithm()

Gets the signature algorithm TLV object

Returns:
the signature algorithm object

getSubject

ASN1 getSubject()

Gets the subject name as TLV object

Returns:
the issuer RDNSequence

getSubjectPublicKeyInfo

ASN1 getSubjectPublicKeyInfo()

Gets the subject's public key as TLV object

Returns:
the subject's public key info

getTbsCertificate

ASN1 getTbsCertificate()

Gets the part of the certificate that will be signed

Returns:
the TBSCertificate part

getValidity

ASN1 getValidity()

Gets the certificate validity as TLV object

Returns:
the certificates validity

reset

void reset()

Resets all internal state variables.

setIssuer

void setIssuer(<Object> issuer)

Sets the isser name.

The issuer name must be a JavaScript object containing the properties:

• C - the country
• O - the organization
• OU - the organization unit
• CN - the common name

Example:

	var issuer = { C:"UT", O:"ACME Corporation", CN:"Test-CA" };
 

Parameters:
issuer - the issuer name

setNotAfter

void setNotAfter(date)

Sets the expiration date for the certificate.

Parameters:
String - or Date} date the date in format YYMMDDHHMMSSZ

setNotBefore

void setNotBefore(date)

Sets the effective date for the certificate.

Parameters:
String - or Date} date the date in format YYMMDDHHMMSSZ

setPublicKey

void setPublicKey(<Key> publicKey)

Sets the subjects public key

The methods accepts ECC and RSA Public Keys.

Parameters:
publicKey - the subjects public key

setSerialNumber

void setSerialNumber(<ByteString> serialNumber)

Sets the serial number.

Parameters:
serialNumber - the serial number for the certificate

setSignatureAlgorithm

void setSignatureAlgorithm(<Number> alg)

Sets the signature algorithm. Currently only Crypto.RSA is supported

Parameters:
alg - the signature algorithm, only Crypto.RSA supported

setSubject

void setSubject(<Object> subject)

Sets the subject name.

The subject name must be a JavaScript object containing the properties:

• C - the country
• O - the organization
• OU - the organization unit
• CN - the common name

Example:

	var subject = { C:"UT", O:"ACME Corporation", CN:"Joe Doe" };
 

Parameters:
subject - the subject name