Class KJUR.asn1.x509.Certificate

Extends KJUR.asn1.ASN1Object.
X.509 Certificate class to sign and generate hex encoded certificate
Defined in: asn1x509-1.0.js.

Class Summary
Constructor Attributes	Constructor Name and Description
	KJUR.asn1.x509.Certificate(params) X.509 Certificate class to sign and generate hex encoded certificate This class provides Certificate ASN.1 class structure defined in RFC 5280 4.1.

Field Summary
Field Attributes	Field Name and Description
	params JSON object of parameters

Fields borrowed from class KJUR.asn1.ASN1Object:: hL, hT, hTLV, hV, isModified

Method Summary
Method Attributes	Method Name and Description
	getPEM() get PEM formatted certificate string after signed This method returns a string of PEM formatted certificate.
	setByParam(params) set parameter This method will set parameter KJUR.asn1.x509.Certificate#params to this object.
	sign() sign certificate This method signs TBSCertificate with a specified private key and algorithm by this.params.cakey and this.params.sigalg parameter.

Methods borrowed from class KJUR.asn1.ASN1Object:: getEncodedHex, getLengthHexFromValue, getValueHex, tohex

Class Detail

KJUR.asn1.x509.Certificate(params)

X.509 Certificate class to sign and generate hex encoded certificate
This class provides Certificate ASN.1 class structure defined in RFC 5280 4.1.

Certificate  ::=  SEQUENCE  {
     tbsCertificate       TBSCertificate,
     signatureAlgorithm   AlgorithmIdentifier,
     signatureValue       BIT STRING  }

Parameter "params" JSON object can be the same as KJUR.asn1.x509.TBSCertificate. Then they are used to generate TBSCertificate. Additionally just for Certificate, following parameters can be used:

{TBSCertfificate}tbsobj - specifies KJUR.asn1.x509.TBSCertificate object to be signed if needed. When this isn't specified, this will be set from other parametes of TBSCertificate.
{Object}cakey (OPTION) - specifies certificate signing private key. Parameter "cakey" or "sighex" shall be specified. Following values can be specified:
- PKCS#1/5 or PKCS#8 PEM string of private key
- RSAKey/DSA/ECDSA key object. KEYUTIL.getKey is useful to generate a key object.
{String}sighex (OPTION) - hexadecimal string of signature value (i.e. ASN.1 value(V) of signatureValue BIT STRING without unused bits)

CAUTION: APIs of this class have been totally updated without backward compatibility since jsrsasign 9.0.0.
NOTE1: 'params' can be omitted.
NOTE2: DSA/ECDSA is also supported for CA signging key from asn1x509 1.0.6.

var cert = new KJUR.asn1.x509.Certificate({
 version: 3,
 serial: {hex: "1234..."},
 sigalg: "SHA256withRSAandMGF1",
 ...
 sighex: "1d3f..." // sign() method won't be called
});

// sighex will by calculated by signing with cakey
var cert = new KJUR.asn1.x509.Certificate({
 version: 3,
 serial: {hex: "2345..."},
 sigalg: "SHA256withRSA",
 ...
 cakey: "-----BEGIN PRIVATE KEY..."
});

// use TBSCertificate object to sign
var cert = new KJUR.asn1.x509.Certificate({
 tbsobj: <>,
 sigalg: "SHA256withRSA",
 cakey: "-----BEGIN PRIVATE KEY..."
});

Parameters:
{Array} params: JSON object for Certificate parameters

Field Detail

{Array} params

JSON object of parameters

Method Detail

getPEM()

get PEM formatted certificate string after signed This method returns a string of PEM formatted certificate.

cert = new KJUR.asn1.x509.Certificate({...});
cert.getPEM() →
"-----BEGIN CERTIFICATE-----\r\n..."

Since:: jsrsasign 9.0.0 asn1hex 2.0.0

Returns:: PEM formatted string of certificate

setByParam(params)

set parameter
This method will set parameter KJUR.asn1.x509.Certificate#params to this object.

cert = new KJUR.asn1.x509.Certificate();
cert.setByParam({
  version: 3,
  serial: {hex: "1234..."},
  ...
});

Parameters:
params: {Array} JSON object of certificate parameters

Since:: jsrsasign 9.0.0 asn1hex 2.0.0

sign()

sign certificate
This method signs TBSCertificate with a specified private key and algorithm by this.params.cakey and this.params.sigalg parameter.

cert = new KJUR.asn1.x509.Certificate({...});
cert.sign()

Classes

Class KJUR.asn1.x509.Certificate