Class X509CertificateGenerator
Class implementing a X.509 certificate generator
Defined in: X509CertificateGenerator.js.
Constructor Attributes | Constructor Name and Description |
---|---|
X509CertificateGenerator(crypto)
Create a X.509 certificate generator.
|
Method Attributes | Method Name and Description |
---|---|
addAuthorityKeyIdentifierExtension(publicKeyOrId)
Adds the authority public key identifier extension based on the issuers key.
|
|
addBasicConstraintsExtension(cA, pathLenConstraint)
Adds the BasicConstraints extension.
|
|
Adds the CRL distribution point URLs.
|
|
addExtendedKeyUsages(oids, critical)
Adds the extended key usage extension
|
|
addExtension(extnID, critical, the)
Adds an extension to the certificate
The structure is defined as: Extension ::= SEQUENCE { extnID OBJECT IDENTIFIER, critical BOOLEAN DEFAULT FALSE, extnValue OCTET STRING -- contains the DER encoding of an ASN.1 value -- corresponding to the extension type identified -- by extnID } |
|
addKeyUsageExtension(the)
Adds the key usage extension.
|
|
Adds the subject public key identifier extension based on the certificates subject key.
|
|
generateX509Certificate(privateKey)
Generates the certificate.
|
|
Gets the certificate extension as TLV object
|
|
Gets the issuer name as TLV object
|
|
Gets the signature algorithm TLV object
|
|
Gets the subject name as TLV object
|
|
Gets the subject's public key as TLV object
|
|
Gets the part of the certificate that will be signed
|
|
Gets the certificate validity as TLV object
|
|
reset()
Resets all internal state variables.
|
|
setIssuer(issuer)
Sets the isser name.
|
|
setNotAfter(date)
Sets the expiration date for the certificate.
|
|
setNotBefore(date)
Sets the effective date for the certificate.
|
|
setPublicKey(publicKey)
Sets the subjects public key
The methods accepts ECC and RSA Public Keys. |
|
setSerialNumber(serialNumber)
Sets the serial number.
|
|
Sets the signature algorithm.
|
|
setSubject(subject)
Sets the subject name.
|
Class Detail
X509CertificateGenerator(crypto)
Create a X.509 certificate generator.
- Parameters:
- {Crypto} crypto
- the crypto provider to use for signing operations
Method Detail
addAuthorityKeyIdentifierExtension(publicKeyOrId)
Adds the authority public key identifier extension based on the issuers key.
The key identifier is calculated as SHA-1 hash over the contents of the issuer public key (Without tag, length and number of unused bits.
- Parameters:
- {Key/ByteString} publicKeyOrId
- the authority subject key or authority key identifier
addBasicConstraintsExtension(cA, pathLenConstraint)
Adds the BasicConstraints extension.
- Parameters:
- {Boolean} cA
- the certificate belongs to a CA
- {Number} pathLenConstraint
- the maximum number of subordinate CA certificates
addCRLDistributionPointURL(url)
Adds the CRL distribution point URLs.
- Parameters:
- {String[]} url
- a list of URLs
addExtendedKeyUsages(oids, critical)
Adds the extended key usage extension
- Parameters:
- {String[]} oids
- the list of object identifier names
- {Boolean} critical
- the extension is critical
addExtension(extnID, critical, the)
Adds an extension to the certificate
The structure is defined as:
Extension ::= SEQUENCE { extnID OBJECT IDENTIFIER, critical BOOLEAN DEFAULT FALSE, extnValue OCTET STRING -- contains the DER encoding of an ASN.1 value -- corresponding to the extension type identified -- by extnID }
- Parameters:
- {String} extnID
- the extensions object identifier
- {Boolean} critical
- the extension is critical
- {ByteString} the
- extension value as ByteString
addKeyUsageExtension(the)
Adds the key usage extension.
The following flags are defined:
PKIXCommon.digitalSignature = 0x0080; PKIXCommon.nonRepudiation = 0x0040; PKIXCommon.keyEncipherment = 0x0020; PKIXCommon.dataEncipherment = 0x0010; PKIXCommon.keyAgreement = 0x0008; PKIXCommon.keyCertSign = 0x0004; PKIXCommon.cRLSign = 0x0002; PKIXCommon.encipherOnly = 0x0001; PKIXCommon.decipherOnly = 0x8000;
- Parameters:
- {Number} the
- key usage flags as combination of the flags defined above.
addSubjectKeyIdentifierExtension()
Adds the subject public key identifier extension based on the certificates subject key.
The key identifier is calculated as SHA-1 hash over the contents of the subject public key (Without tag, length and number of unused bits.
{X509}
generateX509Certificate(privateKey)
Generates the certificate.
- Parameters:
- privateKey
- Returns:
- the generated certificate
{ASN1}
getExtensions()
Gets the certificate extension as TLV object
- Returns:
- the certificate extensions
{ASN1}
getIssuer()
Gets the issuer name as TLV object
- Returns:
- the issuer RDNSequence
{ASN1}
getSignatureAlgorithm()
Gets the signature algorithm TLV object
- Returns:
- the signature algorithm object
{ASN1}
getSubject()
Gets the subject name as TLV object
- Returns:
- the issuer RDNSequence
{ASN1}
getSubjectPublicKeyInfo()
Gets the subject's public key as TLV object
- Returns:
- the subject's public key info
{ASN1}
getTbsCertificate()
Gets the part of the certificate that will be signed
- Returns:
- the TBSCertificate part
{ASN1}
getValidity()
Gets the certificate validity as TLV object
- Returns:
- the certificates validity
reset()
Resets all internal state variables.
setIssuer(issuer)
Sets the isser name.
The issuer name must be a JavaScript object containing the properties:
- C - the country
- O - the organization
- OU - the organization unit
- CN - the common name
Example:
var issuer = { C:"UT", O:"ACME Corporation", CN:"Test-CA" };
- Parameters:
- {Object} issuer
- the issuer name
setNotAfter(date)
Sets the expiration date for the certificate.
- Parameters:
- {String or Date} date
- the date in format YYMMDDHHMMSSZ
setNotBefore(date)
Sets the effective date for the certificate.
- Parameters:
- {String or Date} date
- the date in format YYMMDDHHMMSSZ
setPublicKey(publicKey)
Sets the subjects public key
The methods accepts ECC and RSA Public Keys.
- Parameters:
- {Key} publicKey
- the subjects public key
setSerialNumber(serialNumber)
Sets the serial number.
- Parameters:
- {ByteString} serialNumber
- the serial number for the certificate
setSignatureAlgorithm(alg)
Sets the signature algorithm. Currently only Crypto.RSA is supported
- Parameters:
- {Number} alg
- the signature algorithm, only Crypto.RSA supported
setSubject(subject)
Sets the subject name.
The subject name must be a JavaScript object containing the properties:
- C - the country
- O - the organization
- OU - the organization unit
- CN - the common name
Example:
var subject = { C:"UT", O:"ACME Corporation", CN:"Joe Doe" };
- Parameters:
- {Object} subject
- the subject name