Class CRLGenerator
Class implementing a CRL certificate generator
Defined in: CRLGenerator.js.
Constructor Attributes | Constructor Name and Description |
---|---|
CRLGenerator(crypto)
Create a Certificate Revocation List (CRL) generator.
|
Method Attributes | Method Name and Description |
---|---|
addAuthorityKeyIdentifierExtension(publicKey)
Adds the authority public key identifier extension based on the issuers key.
|
|
addCRLNumberExtension(crlnumber)
Adds the CRL number extension.
|
|
addExtension(extnID, critical, the)
Adds an extension to the CRL
The structure is defined as: Extension ::= SEQUENCE { extnID OBJECT IDENTIFIER, critical BOOLEAN DEFAULT FALSE, extnValue OCTET STRING -- contains the DER encoding of an ASN.1 value -- corresponding to the extension type identified -- by extnID } |
|
addRevokedCertificate(revokedCertificate)
Add a revoked certificate to the list.
|
|
generateCRL(privateKey)
Generates the certificate.
|
|
Gets the CRL extension as TLV object
|
|
Gets the issuer name as TLV object
|
|
Gets the nextUpdate TLV object
|
|
Gets revoked certificates
|
|
Gets the signature algorithm TLV object
|
|
Gets the part of the CRL that will be signed
|
|
Gets the thisUpdate TLV object
|
|
loadCRLEntries(crlbin)
Load list of revoked certificates from an existing CRL
|
|
reset()
Resets all internal state variables.
|
|
revokeCertificate(serial, timestamp, reason, ext)
Add a revoked certificate to the list.
|
|
setIssuer(issuer)
Sets the isser name.
|
|
setNextUpdate(datetime)
Sets the timestamp for the next update
|
|
Sets the signature algorithm.
|
|
setThisUpdate(datetime)
Sets the timestamp for this CRL
|
Class Detail
CRLGenerator(crypto)
Create a Certificate Revocation List (CRL) generator.
- Parameters:
- {Crypto} crypto
- the crypto provider to use for signing operations
Method Detail
addAuthorityKeyIdentifierExtension(publicKey)
Adds the authority public key identifier extension based on the issuers key.
The key identifier is calculated as SHA-1 hash over the contents of the issuer public key (Without tag, length and number of unused bits.
- Parameters:
- publicKey
addCRLNumberExtension(crlnumber)
Adds the CRL number extension.
- Parameters:
- crlnumber
addExtension(extnID, critical, the)
Adds an extension to the CRL
The structure is defined as:
Extension ::= SEQUENCE { extnID OBJECT IDENTIFIER, critical BOOLEAN DEFAULT FALSE, extnValue OCTET STRING -- contains the DER encoding of an ASN.1 value -- corresponding to the extension type identified -- by extnID }
- Parameters:
- {String} extnID
- the extensions object identifier
- {Boolean} critical
- the extension is critical
- {ByteString} the
- extension value as ByteString
addRevokedCertificate(revokedCertificate)
Add a revoked certificate to the list. This adds the complete DER encoded structure.
- Parameters:
- {ASN1} revokedCertificate
- the information related to the revoked certificate
{X509}
generateCRL(privateKey)
Generates the certificate.
- Parameters:
- privateKey
- Returns:
- the generated certificate
{ASN1}
getExtensions()
Gets the CRL extension as TLV object
- Returns:
- the CRL extensions
{ASN1}
getIssuer()
Gets the issuer name as TLV object
- Returns:
- the issuer RDNSequence
{ASN1}
getNextUpdate()
Gets the nextUpdate TLV object
- Returns:
- the nextUpdate UTC encoded time
{ASN1}
getRevokedCertificates()
Gets revoked certificates
- Returns:
- the list of revoked certificates
{ASN1}
getSignatureAlgorithm()
Gets the signature algorithm TLV object
- Returns:
- the signature algorithm object
{ASN1}
getTbsCertificateList()
Gets the part of the CRL that will be signed
- Returns:
- the TBSCertificate part
{ASN1}
getThisUpdate()
Gets the thisUpdate TLV object
- Returns:
- the thisUpdate UTC encoded time
{Number}
loadCRLEntries(crlbin)
Load list of revoked certificates from an existing CRL
- Parameters:
- {ByteString} crlbin
- the DER encoded CRL
- Returns:
- the value of the CRLNumber extension, 0 if extension not defined or -1 if file could not be loaded
reset()
Resets all internal state variables.
revokeCertificate(serial, timestamp, reason, ext)
Add a revoked certificate to the list. This adds the complete DER encoded structure.
- Parameters:
- {ByteString} serial
- the serial number of the certificate to revoke
- {Date} timestamp
- the revocation time, optional, default is now
- {Number} reason
- the revocation reason
- {ASN1} ext
- the crl entry extensions
setIssuer(issuer)
Sets the isser name.
The issuer name must be a JavaScript object containing the properties:
- C - the country
- O - the organization
- OU - the organization unit
- CN - the common name
Example:
var issuer = { C:"UT", O:"ACME Corporation", CN:"Test-CA" };
- Parameters:
- {Object} issuer
- the issuer name
setNextUpdate(datetime)
Sets the timestamp for the next update
- Parameters:
- {Date} datetime
- the date and time of the next update
setSignatureAlgorithm(alg)
Sets the signature algorithm.
- Parameters:
- {Number} alg
- the signature algorithm, must be one of Crypto.RSA, Crypto.RSA_SHA256 or Crypto.ECDSA_SHA256
setThisUpdate(datetime)
Sets the timestamp for this CRL
- Parameters:
- {Date} datetime
- the current date and time