Class KJUR.asn1.x509.AuthorityKeyIdentifier
Extends
KJUR.asn1.x509.Extension.
AuthorityKeyIdentifier ASN.1 structure class
Defined in: asn1x509-1.0.js.
| Constructor Attributes | Constructor Name and Description |
|---|---|
|
AuthorityKeyIdentifier ASN.1 structure class
This class represents ASN.1 structure for AuthorityKeyIdentifier in RFC 5280.
|
- Fields borrowed from class KJUR.asn1.ASN1Object:
- hL, hT, hTLV, hV, isModified, params
| Method Attributes | Method Name and Description |
|---|---|
|
setCertIssuerByParam(param)
set authorityCertIssuer value by X500Name parameter
This method will set authorityCertIssuer name by param.
|
|
|
setCertSerialNumberByParam(param)
set authorityCertSerialNumber value
This method will set authorityCertSerialNumber by param.
|
|
|
setKIDByParam(param)
set keyIdentifier value by DEROctetString parameter, key object or PEM file
This method will set keyIdentifier by param.
|
- Methods borrowed from class KJUR.asn1.ASN1Object:
- getEncodedHex, getLengthHexFromValue, getValueHex, tohex
Class Detail
KJUR.asn1.x509.AuthorityKeyIdentifier(params)
AuthorityKeyIdentifier ASN.1 structure class
This class represents ASN.1 structure for AuthorityKeyIdentifier in RFC 5280.
Constructor of this class may have following parameters.:
- kid - When key object (RSA, KJUR.crypto.ECDSA/DSA) or PEM string of issuing authority public key or issuer certificate is specified, key identifier will be automatically calculated by the method specified in RFC 5280. When a hexadecimal string is specifed, kid will be set explicitly by it.
- isscert - When PEM string of authority certificate is specified, both authorityCertIssuer and authorityCertSerialNumber will be set by the certificate.
- issuer - KJUR.asn1.x509.X500Name parameter to specify issuer name explicitly.
- sn - hexadecimal string to specify serial number explicitly.
- critical - boolean to specify criticality of this extension however conforming CA must mark this extension as non-critical in RFC 5280.
d-ce-authorityKeyIdentifier OBJECT IDENTIFIER ::= { id-ce 35 }
AuthorityKeyIdentifier ::= SEQUENCE {
keyIdentifier [0] KeyIdentifier OPTIONAL,
authorityCertIssuer [1] GeneralNames OPTIONAL,
authorityCertSerialNumber [2] CertificateSerialNumber OPTIONAL }
KeyIdentifier ::= OCTET STRING
// 1. kid by key object
keyobj = KEYUTIL.getKey("-----BEGIN PUBLIC KEY...");
e1 = new KJUR.asn1.x509.AuthorityKeyIdentifier({kid: keyobj});
// 2. kid by PEM string of authority certificate or public key
e1 = new KJUR.asn1.x509.AuthorityKeyIdentifier({kid: "-----BEGIN..."});
// 3. specify kid explicitly
e1 = new KJUR.asn1.x509.AuthorityKeyIdentifier({kid: "8ab1d3..."});
});
// 4. issuer and serial number by auhtority PEM certificate
e1 = new KJUR.asn1.x509.AuthorityKeyIdentifier({isscert: "-----BEGIN..."});
// 5. issuer and serial number explicitly
e1 = new KJUR.asn1.x509.AuthorityKeyIdentifier({
issuer: {ldapstr: "O=test,C=US"},
sn: {hex: "1ac7..."}});
// 6. combination
e1 = new KJUR.asn1.x509.AuthorityKeyIdentifier({
kid: "-----BEGIN CERTIFICATE...",
isscert: "-----BEGIN CERTIFICATE..."});
- Parameters:
- {Array} params
- associative array of parameters (ex. {kid: {hex: '89ab...'}, critical: true})
- Since:
- asn1x509 1.0.8
Method Detail
setCertIssuerByParam(param)
set authorityCertIssuer value by X500Name parameter
This method will set authorityCertIssuer name by param.
Issuer name can be set by following type of param argument:
- str/ldapstr/hex/certsubject/certissuer - set issuer by KJUR.asn1.x509.X500Name object with specified parameters.
- PEM CERTIFICATE STRING - extract its subject name from specified issuer PEM certificate and set.
var o = new KJUR.asn1.x509.AuthorityKeyIdentifier();
// 1. set it by string
o.setCertIssuerByParam({str: '/C=US/O=Test'});
// 2. set it by issuer PEM certificate
o.setCertIssuerByParam("-----BEGIN CERTIFICATE...");
- Parameters:
- {Array} param
- parameter to set issuer name
- Since:
- asn1x509 1.0.8
- See:
- KJUR.asn1.x509.X500Name
- KJUR.asn1.x509.GeneralNames
- X509.getSubjectHex
setCertSerialNumberByParam(param)
set authorityCertSerialNumber value
This method will set authorityCertSerialNumber by param.
Serial number can be set by following type of param argument:
- {int: 123} - by integer value
- {hex: "01af"} - by hexadecimal integer value
- {bigint: new BigInteger(...)} - by hexadecimal integer value
- PEM CERTIFICATE STRING - extract serial number from issuer certificate and set serial number. NOTE1: Automatic authorityCertSerialNumber setting by certificate is supported since jsrsasign 8.0.16.
- Parameters:
- {Object} param
- parameter to set serial number
- Since:
- asn1x509 1.0.8
- See:
- X509.getSerialNumberHex
setKIDByParam(param)
set keyIdentifier value by DEROctetString parameter, key object or PEM file
This method will set keyIdentifier by param.
Its key identifier value can be set by following type of param argument:
- {str: "123"} - by raw string
- {hex: "01af..."} - by hexadecimal value
- RSAKey/DSA/ECDSA - by RSAKey, KJUR.crypto.{DSA/ECDSA} public key object. key identifier value will be calculated by the method described in RFC 5280 4.2.1.2 (1).
- certificate PEM string - extract subjectPublicKeyInfo from specified PEM certificate and key identifier value will be calculated by the method described in RFC 5280 4.2.1.2 (1).
- PKCS#1/#8 public key PEM string - pem will be converted to a key object and to PKCS#8 ASN.1 structure then calculate a key identifier value will be calculated by the method described in RFC 5280 4.2.1.2 (1).
o = new KJUR.asn1.x509.AuthorityKeyIdentifier();
// set by hexadecimal string
o.setKIDByParam({hex: '1ad9...'});
// set by SubjectPublicKeyInfo of PEM certificate string
o.setKIDByParam("-----BEGIN CERTIFICATE...");
// set by PKCS#8 PEM public key string
o.setKIDByParam("-----BEGIN PUBLIC KEY...");
// set by public key object
pubkey = KEYUTIL.getKey("-----BEGIN CERTIFICATE...");
o.setKIDByParam(pubkey);
- Parameters:
- {Array} param
- parameter to set key identifier
- Since:
- asn1x509 1.0.8
- See:
- KEYUTIL.getKeyID