Class X509CertificateGenerator

Class implementing a X.509 certificate generator
Defined in: X509CertificateGenerator.js.

Class Summary
Constructor Attributes	Constructor Name and Description
	X509CertificateGenerator(crypto) Create a X.509 certificate generator.

Method Summary
Method Attributes	Method Name and Description
	addAuthorityKeyIdentifierExtension(publicKeyOrId) Adds the authority public key identifier extension based on the issuers key.
	addBasicConstraintsExtension(cA, pathLenConstraint) Adds the BasicConstraints extension.
	addCRLDistributionPointURL(url) Adds the CRL distribution point URLs.
	addExtendedKeyUsages(oids, critical) Adds the extended key usage extension
	addExtension(extnID, critical, the) Adds an extension to the certificate The structure is defined as: Extension ::= SEQUENCE { extnID OBJECT IDENTIFIER, critical BOOLEAN DEFAULT FALSE, extnValue OCTET STRING -- contains the DER encoding of an ASN.1 value -- corresponding to the extension type identified -- by extnID }
	addKeyUsageExtension(the) Adds the key usage extension.
	addSubjectKeyIdentifierExtension() Adds the subject public key identifier extension based on the certificates subject key.
	generateX509Certificate(privateKey) Generates the certificate.
	getExtensions() Gets the certificate extension as TLV object
	getIssuer() Gets the issuer name as TLV object
	getSignatureAlgorithm() Gets the signature algorithm TLV object
	getSubject() Gets the subject name as TLV object
	getSubjectPublicKeyInfo() Gets the subject's public key as TLV object
	getTbsCertificate() Gets the part of the certificate that will be signed
	getValidity() Gets the certificate validity as TLV object
	reset() Resets all internal state variables.
	setIssuer(issuer) Sets the isser name.
	setNotAfter(date) Sets the expiration date for the certificate.
	setNotBefore(date) Sets the effective date for the certificate.
	setPublicKey(publicKey) Sets the subjects public key The methods accepts ECC and RSA Public Keys.
	setSerialNumber(serialNumber) Sets the serial number.
	setSignatureAlgorithm(alg) Sets the signature algorithm.
	setSubject(subject) Sets the subject name.

Class Detail

X509CertificateGenerator(crypto)

Create a X.509 certificate generator.

Parameters:
{Crypto} crypto: the crypto provider to use for signing operations

Method Detail

addAuthorityKeyIdentifierExtension(publicKeyOrId)

Adds the authority public key identifier extension based on the issuers key.

The key identifier is calculated as SHA-1 hash over the contents of the issuer public key (Without tag, length and number of unused bits.

Parameters:
{Key/ByteString} publicKeyOrId: the authority subject key or authority key identifier

addBasicConstraintsExtension(cA, pathLenConstraint)

Adds the BasicConstraints extension.

Parameters:
{Boolean} cA: the certificate belongs to a CA
{Number} pathLenConstraint: the maximum number of subordinate CA certificates

addCRLDistributionPointURL(url)

Adds the CRL distribution point URLs.

Parameters:
{String[]} url: a list of URLs

addExtendedKeyUsages(oids, critical)

Adds the extended key usage extension

Parameters:
{String[]} oids: the list of object identifier names
{Boolean} critical: the extension is critical

addExtension(extnID, critical, the)

Adds an extension to the certificate

The structure is defined as:

   Extension  ::=  SEQUENCE  {
       extnID      OBJECT IDENTIFIER,
       critical    BOOLEAN DEFAULT FALSE,
       extnValue   OCTET STRING
                   -- contains the DER encoding of an ASN.1 value
                   -- corresponding to the extension type identified
                   -- by extnID
       }

Parameters:
{String} extnID: the extensions object identifier
{Boolean} critical: the extension is critical
{ByteString} the: extension value as ByteString

addKeyUsageExtension(the)

Adds the key usage extension.

The following flags are defined:

PKIXCommon.digitalSignature = 0x0080;
PKIXCommon.nonRepudiation   = 0x0040;
PKIXCommon.keyEncipherment  = 0x0020;
PKIXCommon.dataEncipherment = 0x0010;
PKIXCommon.keyAgreement     = 0x0008;
PKIXCommon.keyCertSign      = 0x0004;
PKIXCommon.cRLSign          = 0x0002;
PKIXCommon.encipherOnly     = 0x0001;
PKIXCommon.decipherOnly     = 0x8000;

Parameters:
{Number} the: key usage flags as combination of the flags defined above.

addSubjectKeyIdentifierExtension()

Adds the subject public key identifier extension based on the certificates subject key.

The key identifier is calculated as SHA-1 hash over the contents of the subject public key (Without tag, length and number of unused bits.

{X509} generateX509Certificate(privateKey)

Generates the certificate.

Parameters:
privateKey

Returns:: the generated certificate

{ASN1} getExtensions()

Gets the certificate extension as TLV object

Returns:: the certificate extensions

{ASN1} getIssuer()

Gets the issuer name as TLV object

Returns:: the issuer RDNSequence

{ASN1} getSignatureAlgorithm()

Gets the signature algorithm TLV object

Returns:: the signature algorithm object

{ASN1} getSubject()

Gets the subject name as TLV object

Returns:: the issuer RDNSequence

{ASN1} getSubjectPublicKeyInfo()

Gets the subject's public key as TLV object

Returns:: the subject's public key info

{ASN1} getTbsCertificate()

Gets the part of the certificate that will be signed

Returns:: the TBSCertificate part

{ASN1} getValidity()

Gets the certificate validity as TLV object

Returns:: the certificates validity

reset()

Resets all internal state variables.

setIssuer(issuer)

Sets the isser name.

The issuer name must be a JavaScript object containing the properties:

C - the country
O - the organization
OU - the organization unit
CN - the common name

Example:

	var issuer = { C:"UT", O:"ACME Corporation", CN:"Test-CA" };

Parameters:
{Object} issuer: the issuer name

setNotAfter(date)

Sets the expiration date for the certificate.

Parameters:
{String or Date} date: the date in format YYMMDDHHMMSSZ

setNotBefore(date)

Sets the effective date for the certificate.

Parameters:
{String or Date} date: the date in format YYMMDDHHMMSSZ

setPublicKey(publicKey)

Sets the subjects public key

The methods accepts ECC and RSA Public Keys.

Parameters:
{Key} publicKey: the subjects public key

setSerialNumber(serialNumber)

Sets the serial number.

Parameters:
{ByteString} serialNumber: the serial number for the certificate

setSignatureAlgorithm(alg)

Sets the signature algorithm. Currently only Crypto.RSA is supported

Parameters:
{Number} alg: the signature algorithm, only Crypto.RSA supported

setSubject(subject)

Sets the subject name.

The subject name must be a JavaScript object containing the properties:

C - the country
O - the organization
OU - the organization unit
CN - the common name

Example:

	var subject = { C:"UT", O:"ACME Corporation", CN:"Joe Doe" };

Parameters:
{Object} subject: the subject name

Classes

Class X509CertificateGenerator