Class CVC
Class implementing a decoder for card verifiable certificates or requests according to
Extended Access Control (EAC) as defined in BSI TR-03110 1.11 and 2.02.
Defined in: CVC.js.
Constructor Attributes | Constructor Name and Description |
---|---|
CVC(param)
Create a CVC object from a DER encoded ByteString.
|
Field Attributes | Field Name and Description |
---|---|
<static> |
CVC.ATRIGHTS
Table of rights description for id-AT
|
<static> |
CVC.id_TA_ECDSA
TA constants
|
<static> |
CVC.ISRIGHTS
Table of rights description for id-IS
|
<static> |
CVC.OBJECTNAMES
Table of tag names
|
<static> |
CVC.STRIGHTS
Table of rights description for id-ST
|
<static> |
CVC.TAG_AT
Authentication Template
|
<static> |
CVC.TAG_AUT
Relative Authorization
|
<static> |
CVC.TAG_BODY
Certificate Body
|
<static> |
CVC.TAG_CAR
Certification Authority Reference
|
<static> |
CVC.TAG_CED
Certificate Effective Date
|
<static> |
CVC.TAG_CHAT
Certificate Holder Authorisation Template
|
<static> |
CVC.TAG_CHR
Certificate Holder Reference
|
<static> |
CVC.TAG_CPI
Certificate Profile Identifier
|
<static> |
CVC.TAG_CVC
CV Certificate
|
<static> |
CVC.TAG_CXD
Certificate Expiration Date
|
<static> |
CVC.TAG_ECC_A
First coefficient a
|
<static> |
CVC.TAG_ECC_B
Second coefficient b
|
<static> |
CVC.TAG_ECC_G
Base Point G
|
<static> |
CVC.TAG_ECC_H
Cofactor f
|
<static> |
CVC.TAG_ECC_N
Order of the base point
|
<static> |
CVC.TAG_ECC_P
Prime Modulus
|
<static> |
CVC.TAG_ECC_Q
Public Point y
|
<static> |
CVC.TAG_EXTN
Certificate Extension
|
<static> |
CVC.TAG_PUK
Public Key
|
<static> |
CVC.TAG_SIG
Signature
|
Method Attributes | Method Name and Description |
---|---|
Return true of the certificate contains domain parameter
|
|
<static> |
CVC.decodeECPublicKey(pdo, key)
Decode a public key from the TR-03110 format
|
decorate()
Decorate the ASN.1 object with the correct name
|
|
<static> |
CVC.decorateTree(node)
Function to recursively walk the ASN.1 tree
|
Determine the SubjectKeyIdentifier as defined in X.509
|
|
<static> |
CVC.fromJSON(obj)
Recreate object from JSON encoding
|
getASN1()
Returns the certificate as ASN1 structure
|
|
getBytes()
Returns the encoded certificate
|
|
getCAR()
Returns the certification authority reference (CAR).
|
|
getCED()
Returns the certificate effective date (CED).
|
|
getCHAT()
Returns the Certificate Holder Authorization Template.
|
|
getCHR()
Returns the certificate holder reference (CHR).
|
|
getCPI()
Returns the certificate profile indicator (CPI)
|
|
getCXD()
Returns the certificate expiration date (CXD).
|
|
getECPublicKey(domParam)
Returns the EC public key contained in the certificate.
|
|
getExtension(extoid)
Returns the extension identified by the object identifier.
|
|
<static> |
CVC.getHashMech(oid)
Return hash mechanism for object identifier
|
getLevel()
Return position of certificate in PKI hierachie
|
|
Returns the outer certification authority reference (CAR).
|
|
getPublicKey(domParam)
Returns the public key contained in the certificate.
|
|
Returns the public key object identifier
|
|
Return list of rights granted by the certificate
|
|
Returns the RSA public key contained in the certificate.
|
|
<static> |
CVC.getSignatureMech(oid, keysize)
Return signature mechanism for object identifier
|
getType()
Return a string describing the certificate type
|
|
<static> |
CVC.I2O(value, length)
Integer to octet string conversion
|
Determine if this is an authenticated request
|
|
Determine if this is a certificate request
|
|
Determine if this is a countersigned authenticated request
|
|
<static> |
CVC.isCurveOID(oid)
Return true of the object identifier denotes a curve
|
<static> |
CVC.isECDSA(oid)
Return true of the object identifier starts with id-TA-ECDSA
|
Determine if this certificate is expired
|
|
<static> |
CVC.rewrapSignature(signature, the)
Rewrap an ECDSA signature that contains redundant leading zeros in integer.
|
toJSON()
Return object suitable for JSON encoding
|
|
toString()
Return a textual description of the certificate
|
|
<static> |
CVC.unwrapSignature(signature, keylen)
Unwrap a ECDSA signature from the TLV encoding according to RFC3279 into the concatenation
of the unsigned integer r and s
|
validate()
Validate ASN1 semantic for card verifiable certificate or certificate request
|
|
verifyATWith(puk, oid, oid)
Verify outer signature of an authenticated request with public key
|
|
verifyATWithCVC(cvc, cvc)
Verify outer signature of an authenticated request with public key from card verifiable certificate
|
|
verifyWith(crypto, puk, oid)
Verify certificate signature with public key
|
|
verifyWithCVC(cvc, cvc)
Verify certificate signature with public key from card verifiable certificate
|
|
<static> |
CVC.wrapSignature(signature)
Wrap an ECDSA signature in the format r || s into a TLV encoding as defined by RFC 3279
|
Class Detail
CVC(param)
Create a CVC object from a DER encoded ByteString.
- Parameters:
- {ByteString} param
- the DER encoded certificate
- Returns:
Field Detail
<static>
CVC.ATRIGHTS
Table of rights description for id-AT
<static>
CVC.id_TA_ECDSA
TA constants
<static>
CVC.ISRIGHTS
Table of rights description for id-IS
<static>
CVC.OBJECTNAMES
Table of tag names
<static>
CVC.STRIGHTS
Table of rights description for id-ST
<static>
CVC.TAG_AT
Authentication Template
<static>
CVC.TAG_AUT
Relative Authorization
<static>
CVC.TAG_BODY
Certificate Body
<static>
CVC.TAG_CAR
Certification Authority Reference
<static>
CVC.TAG_CED
Certificate Effective Date
<static>
CVC.TAG_CHAT
Certificate Holder Authorisation Template
<static>
CVC.TAG_CHR
Certificate Holder Reference
<static>
CVC.TAG_CPI
Certificate Profile Identifier
<static>
CVC.TAG_CVC
CV Certificate
<static>
CVC.TAG_CXD
Certificate Expiration Date
<static>
CVC.TAG_ECC_A
First coefficient a
<static>
CVC.TAG_ECC_B
Second coefficient b
<static>
CVC.TAG_ECC_G
Base Point G
<static>
CVC.TAG_ECC_H
Cofactor f
<static>
CVC.TAG_ECC_N
Order of the base point
<static>
CVC.TAG_ECC_P
Prime Modulus
<static>
CVC.TAG_ECC_Q
Public Point y
<static>
CVC.TAG_EXTN
Certificate Extension
<static>
CVC.TAG_PUK
Public Key
<static>
CVC.TAG_SIG
Signature
Method Detail
{boolean}
containsDomainParameter()
Return true of the certificate contains domain parameter
- Returns:
- true, if certificate contains domain parameter
<static>
CVC.decodeECPublicKey(pdo, key)
Decode a public key from the TR-03110 format
- Parameters:
- {ASN1} pdo
- the public key data object
- {Key} key
- the key object to fill
decorate()
Decorate the ASN.1 object with the correct name
<static>
CVC.decorateTree(node)
Function to recursively walk the ASN.1 tree
- Parameters:
- node
{ByteString}
determineKeyIdentifier()
Determine the SubjectKeyIdentifier as defined in X.509
- Returns:
- the key identifier
<static>
{Object}
CVC.fromJSON(obj)
Recreate object from JSON encoding
- Parameters:
- obj
- Returns:
- the CVC object
{ASN1}
getASN1()
Returns the certificate as ASN1 structure
- Returns:
- the certificate as ASN1 structure
{ByteString}
getBytes()
Returns the encoded certificate
- Returns:
- the DER encoded certificate
{PublicKeyReference}
getCAR()
Returns the certification authority reference (CAR).
- Returns:
- the CAR or null
{Date}
getCED()
Returns the certificate effective date (CED).
- Returns:
- the CED or null
{ASN1}
getCHAT()
Returns the Certificate Holder Authorization Template.
- Returns:
- the chat or null if not defined
{PublicKeyReference}
getCHR()
Returns the certificate holder reference (CHR).
- Returns:
- the CHR
{Number}
getCPI()
Returns the certificate profile indicator (CPI)
- Returns:
- the CPI or null
{Date}
getCXD()
Returns the certificate expiration date (CXD).
- Returns:
- the CXD or null
{Key}
getECPublicKey(domParam)
Returns the EC public key contained in the certificate.
- Parameters:
- {Key} domParam
- optional domain parameter if they are not contained in certificate
- Returns:
- the public key object
{ASN1}
getExtension(extoid)
Returns the extension identified by the object identifier.
- Parameters:
- extoid
- Returns:
- the extension including the OID or null if not defined
<static>
{Number}
CVC.getHashMech(oid)
Return hash mechanism for object identifier
- Parameters:
- {ByteString} oid
- the object identifer from the public key object
- Returns:
- the hash mechanism as Crypto. constant or -1 if not defined
{Number}
getLevel()
Return position of certificate in PKI hierachie
- Returns:
- Position in PKI hierachie: 0 unknown, 1-CVCA, 2-DVCA, 3-Terminal
{PublicKeyReference}
getOuterCAR()
Returns the outer certification authority reference (CAR).
- Returns:
- the outer CAR or null
{Key}
getPublicKey(domParam)
Returns the public key contained in the certificate.
- Parameters:
- {Key} domParam
- optional domain parameter if they are not contained in certificate
- Returns:
- the public key object
{ByteString}
getPublicKeyOID()
Returns the public key object identifier
- Returns:
- the object identifier assigned to the public key
{String[]}
getRightsAsList()
Return list of rights granted by the certificate
- Returns:
- the list of rights
{Key}
getRSAPublicKey()
Returns the RSA public key contained in the certificate.
- Returns:
- the public key object
<static>
{Number}
CVC.getSignatureMech(oid, keysize)
Return signature mechanism for object identifier
- Parameters:
- {ByteString} oid
- the object identifer from the public key object
- keysize
- Returns:
- the signature mechanism as Crypto. constant or -1 if not defined
{String}
getType()
Return a string describing the certificate type
- Returns:
- a describing string
<static>
CVC.I2O(value, length)
Integer to octet string conversion
- Parameters:
- value
- length
{Boolean}
isAuthenticatedRequest()
Determine if this is an authenticated request
- Returns:
- true, if authenticated request
{Boolean}
isCertificateRequest()
Determine if this is a certificate request
- Returns:
- true, if certificate request
{Boolean}
isCountersignedRequest()
Determine if this is a countersigned authenticated request
- Returns:
- true, if countersigned authenticated request
<static>
{boolean}
CVC.isCurveOID(oid)
Return true of the object identifier denotes a curve
- Parameters:
- oid
- Returns:
- true, if ECDSA based OID
<static>
{boolean}
CVC.isECDSA(oid)
Return true of the object identifier starts with id-TA-ECDSA
- Parameters:
- oid
- Returns:
- true, if ECDSA based OID
{Boolean}
isExpired()
Determine if this certificate is expired
- Returns:
- true, if certificate is expired
<static>
{ByteString}
CVC.rewrapSignature(signature, the)
Rewrap an ECDSA signature that contains redundant leading zeros in integer.
- Parameters:
- signature
- the signature
- the
- fixed signature
{Object}
toJSON()
Return object suitable for JSON encoding
- Returns:
- a JSON encodable object
{String}
toString()
Return a textual description of the certificate
- Returns:
- a string containing information about the certificate
<static>
CVC.unwrapSignature(signature, keylen)
Unwrap a ECDSA signature from the TLV encoding according to RFC3279 into the concatenation
of the unsigned integer r and s
- Parameters:
- signature
- TLV encoded signature
- keylen
- Returns:
- concatenation of r and s
{String}
validate()
Validate ASN1 semantic for card verifiable certificate or certificate request
- Returns:
- null if no error, or error message
{Boolean}
verifyATWith(puk, oid, oid)
Verify outer signature of an authenticated request with public key
- Parameters:
- {Key} puk
- the public key
- {ByteString} oid
- the signature algorithm
- oid
- Returns:
- true if the signature is valid
{Boolean}
verifyATWithCVC(cvc, cvc)
Verify outer signature of an authenticated request with public key from card verifiable certificate
- Parameters:
- {CVC} cvc
- the card verifiable certificate used to obtain the public key
- cvc
- Returns:
- true if the signature is valid
{Boolean}
verifyWith(crypto, puk, oid)
Verify certificate signature with public key
- Parameters:
- {Crypto} crypto
- the crypto instance to use for verification
- {Key} puk
- the public key
- {ByteString} oid
- the signature algorithm
- Returns:
- true if the signature is valid
{Boolean}
verifyWithCVC(cvc, cvc)
Verify certificate signature with public key from card verifiable certificate
- Parameters:
- {CVC} cvc
- the card verifiable certificate used to obtain the public key
- cvc
- Returns:
- true if the signature is valid
<static>
CVC.wrapSignature(signature)
Wrap an ECDSA signature in the format r || s into a TLV encoding as defined by RFC 3279
- Parameters:
- signature
- ByteString containing the concatenation of r and s as unsigned integer values
- Returns:
- ASN.1 SEQUENCE objects containing two signed integer r and s