Class Index | File Index

Classes


Class X509


Version 1.0.1 (08 May 2012).
hexadecimal X.509 certificate ASN.1 parser class
Defined in: x509-1.1.js.

Class Summary
Constructor Attributes Constructor Name and Description
 
X509()
hexadecimal X.509 certificate ASN.1 parser class.
Field Summary
Field Attributes Field Name and Description
 
hex
hexacedimal string for X.509 certificate.
 
format version (1: X509v1, 3: X509v3, otherwise: unknown) since jsrsasign 7.1.4
Method Summary
Method Attributes Method Name and Description
 
get AuthorityInfoAccess extension value in the certificate as associative array This method will get authority info access value as associate array which has following properties:
  • ocsp - array of string for OCSP responder URL
  • caissuer - array of string for caIssuer value (i.e.
 
get authorityKeyIdentifier value as JSON object in the certificate
This method will get authority key identifier extension value as JSON object.
 
get BasicConstraints extension value as object in the certificate This method will get basic constraints extension value as object with following paramters.
 
get CertificatePolicies extension value in the certificate as array This method will get certificate policies value as an array of JSON object which has following properties:
  • id -
  • cps - URI of certification practice statement
  • unotice - string of UserNotice explicitText
If there is this extension in the certificate, it returns undefined;
 
get array of string for fullName URIs in cRLDistributionPoints(CDP) in the certificate This method will get all fullName URIs of cRLDistributionPoints extension in the certificate as array of URI string.
 
get extKeyUsage value as array of name string in the certificate
This method will get extended key usage extension value as array of name or OID string.
 
getExtInfo(oidOrName)
get a X.509v3 extesion information such as extension OID, criticality and value index for specified oid or name.
 
get KeyUsage extension value as binary string in the certificate
This method will get key usage extension value as binary string such like '101'.
 
get KeyUsage extension value as names in the certificate
This method will get key usage extension value as comma separated string of usage names.
 
(DEPRECATED) get subjectAltName value as array of string in the certificate This method will get subject alt name extension value as array of name.
 
get subjectAltName value as array of string in the certificate This method will get subject alt name extension value as array of type and name.
 
get subjectKeyIdentifier value as hexadecimal string in the certificate
This method will get subject key identifier extension value as hexadecimal string.
 
get certificate information as string.
 
get hexadecimal string of issuer field TLV of certificate.
 
get string of issuer field of certificate.
 
get notAfter field string of certificate.
 
get notBefore field string of certificate.
 
get a RSAKey/ECDSA/DSA public key object of subjectPublicKeyInfo field.
 
get a string index of contents of subjectPublicKeyInfo BITSTRING value from hexadecimal certificate
<static>  
get RSA/DSA/ECDSA public key object from X.509 certificate hexadecimal string
<static>  
X509.getPublicKeyFromCertPEM(sCertPEM)
get RSA/DSA/ECDSA public key object from PEM certificate string NOTE: DSA is also supported since x509 1.1.2.
 
get a hexadecimal string of subjectPublicKeyInfo field.
 
get a string index of subjectPublicKeyInfo field for hexadecimal string certificate.
<static>  
get public key information from PEM certificate Resulted associative array has following properties:
  • algoid - hexadecimal string of OID of asymmetric key algorithm
  • algparam - hexadecimal string of OID of ECC curve name or null
  • keyhex - hexadecimal string of key in the certificate
NOTE: X509v1 certificate is also supported since x509.js 1.1.9.
 
get hexadecimal string of serialNumber field of certificate.
 
get signature algorithm name in basic field This method will get a name of signature algorithm field of certificate:
 
get signature algorithm name from hexadecimal certificate data This method will get signature algorithm name of certificate:
 
get signature value in hexadecimal string
This method will get signature value of certificate:
 
get hexadecimal string of subject field of certificate.
 
get string of subject field of certificate.
 
get format version (X.509v1 or v3 certificate)
This method returns a format version of X.509 certificate.
<static>  
X509.hex2attrTypeValue(hex, idx)
get string from hexadecimal string of ASN.1 DER AttributeTypeAndValue
This static method converts from a hexadecimal string of AttributeTypeAndValue specified by 'hex' and 'idx' to LDAP string representation (ex.
<static>  
X509.hex2dn(hex, idx)
get distinguished name string in OpenSSL online format from hexadecimal string of ASN.1 DER X.500 name
This static method converts from a hexadecimal string of distinguished name (DN) specified by 'hex' and 'idx' to OpenSSL oneline string representation (ex.
<static>  
X509.hex2rdn(hex, idx)
get relative distinguished name string in OpenSSL online format from hexadecimal string of ASN.1 DER RDN
This static method converts from a hexadecimal string of relative distinguished name (RDN) specified by 'hex' and 'idx' to LDAP string representation (ex.
 
set array of X.509v3 extesion information such as extension OID, criticality and value index.
 
readCertHex(sCertHex)
read a hexadecimal string of X.509 certificate
NOTE: X509#parseExt will called internally since jsrsasign 7.2.0.
 
readCertPEM(sCertPEM)
read PEM formatted X.509 certificate from string.
 
verifies signature value by public key
This method verifies signature value of hexadecimal string of X.509 certificate by specified public key object.
Class Detail
X509()
hexadecimal X.509 certificate ASN.1 parser class.
X509 class provides following functionality:
  • parse X.509 certificate ASN.1 structure
  • get basic fields, extensions, signature algorithms and signature values
  • read PEM certificate

Author: Kenji Urushima.
See:
'jsrsasign'(RSA Sign JavaScript Library) home page https://kjur.github.io/jsrsasign/
Field Detail
{String} hex
hexacedimal string for X.509 certificate.

{Number} version
format version (1: X509v1, 3: X509v3, otherwise: unknown) since jsrsasign 7.1.4
Method Detail
{Object} getExtAIAInfo()
get AuthorityInfoAccess extension value in the certificate as associative array This method will get authority info access value as associate array which has following properties: If there is this in the certificate, it returns undefined;
x = new X509();
x.readCertPEM(sCertPEM); // parseExt() will also be called internally.
x.getExtAIAInfo(hCert) → 
{ ocsp:     ["http://ocsp.foo.com"],
  caissuer: ["http://rep.foo.com/aaa.p8m"] }
Since:
jsrsasign 7.2.0 x509 1.1.14
Returns:
{Object} associative array of AIA extension properties

{Object} getExtAuthorityKeyIdentifier()
get authorityKeyIdentifier value as JSON object in the certificate
This method will get authority key identifier extension value as JSON object. If there is this in the certificate, it returns undefined;
NOTE: Currently this method only supports keyIdentifier so that authorityCertIssuer and authorityCertSerialNumber will not be return in the JSON object.
x = new X509();
x.readCertPEM(sCertPEM); // parseExt() will also be called internally.
x.getExtAuthorityKeyIdentifier() → { kid: "1234abcd..." }
Since:
jsrsasign 7.2.0 x509 1.1.14
Returns:
{Object} JSON object of authority key identifier or null

{Object} getExtBasicConstraints()
get BasicConstraints extension value as object in the certificate This method will get basic constraints extension value as object with following paramters. There are use cases for return values:
x = new X509();
x.readCertPEM(sCertPEM); // parseExt() will also be called internally.
x.getExtBasicConstraints() → { cA: true, pathLen: 3 };
Since:
jsrsasign 7.2.0 x509 1.1.14
Returns:
{Object} associative array which may have "cA" and "pathLen" parameters

{Object} getExtCertificatePolicies()
get CertificatePolicies extension value in the certificate as array This method will get certificate policies value as an array of JSON object which has following properties: If there is this extension in the certificate, it returns undefined;
x = new X509();
x.readCertPEM(sCertPEM); // parseExt() will also be called internally.
x.getExtCertificatePolicies → 
[{ id: 1.2.3.4,
   cps: "http://example.com/cps",
   unotice: "explicit text" }]
Since:
jsrsasign 7.2.0 x509 1.1.14
Returns:
{Object} array of PolicyInformation JSON object

{Object} getExtCRLDistributionPointsURI()
get array of string for fullName URIs in cRLDistributionPoints(CDP) in the certificate This method will get all fullName URIs of cRLDistributionPoints extension in the certificate as array of URI string. If there is this in the certificate, it returns undefined;
NOTE: Currently this method supports only fullName URI so that other parameters will not be returned.
x = new X509();
x.readCertPEM(sCertPEM); // parseExt() will also be called internally.
x.getExtCRLDistributionPointsURI() →
["http://example.com/aaa.crl", "http://example.org/aaa.crl"]
Since:
jsrsasign 7.2.0 x509 1.1.14
Returns:
{Object} array of fullName URIs of CDP of the certificate

{Object} getExtExtKeyUsageName()
get extKeyUsage value as array of name string in the certificate
This method will get extended key usage extension value as array of name or OID string. If there is this in the certificate, it returns undefined;
NOTE: Supported extended key usage ID names are defined in name2oidList parameter in asn1x509.js file.
x = new X509();
x.readCertPEM(sCertPEM); // parseExt() will also be called internally.
x.getExtExtKeyUsageName() → ["serverAuth", "clientAuth", "0.1.2.3.4.5"]
Since:
jsrsasign 7.2.0 x509 1.1.14
Returns:
{Object} array of extended key usage ID name or oid

getExtInfo(oidOrName)
get a X.509v3 extesion information such as extension OID, criticality and value index for specified oid or name.
This method will get an X.509v3 extension information JSON object having extension OID, criticality and value idx for specified extension OID or name. If there is no such extension, this returns undefined.
x = new X509();
x.readCertPEM(sCertPEM); // parseExt() will also be called internally.

x.getExtInfo("keyUsage") → { oid: "2.5.29.15", critical: true, vidx: 1714 }
x.getExtInfo("unknownExt") → undefined
Parameters:
{String} oidOrName
X.509 extension oid or name (ex. keyUsage or 2.5.29.19)
Since:
jsrsasign 7.2.0 x509 1.1.14
Returns:
X.509 extension information such as extension OID or value indx (see X509#parseExt)

{String} getExtKeyUsageBin()
get KeyUsage extension value as binary string in the certificate
This method will get key usage extension value as binary string such like '101'. Key usage bits definition is in the RFC 5280. If there is no key usage extension in the certificate, it returns empty string (i.e. '').
x = new X509();
x.readCertPEM(sCertPEM); // parseExt() will also be called internally.
x.getExtKeyUsageBin() → '101'
// 1 - digitalSignature
// 0 - nonRepudiation
// 1 - keyEncipherment
Since:
jsrsasign 7.2.0 x509 1.1.14
Returns:
{String} binary string of key usage bits (ex. '101')

{String} getExtKeyUsageString()
get KeyUsage extension value as names in the certificate
This method will get key usage extension value as comma separated string of usage names. If there is no key usage extension in the certificate, it returns empty string (i.e. '').
x = new X509();
x.readCertPEM(sCertPEM); // parseExt() will also be called internally.
x.getExtKeyUsageString() → "digitalSignature,keyEncipherment"
Since:
jsrsasign 7.2.0 x509 1.1.14
Returns:
{String} comma separated string of key usage

{Object} getExtSubjectAltName()
(DEPRECATED) get subjectAltName value as array of string in the certificate This method will get subject alt name extension value as array of name. If there is this in the certificate, it returns undefined;
NOTE: Currently this method supports only dNSName so that other name type such like iPAddress or generalName will not be returned.
x = new X509();
x.readCertPEM(sCertPEM); // parseExt() will also be called internally.
x.getExtSubjectAltName() → ["example.com", "example.org"]
Deprecated:
since jsrsasign 8.0.1 x509 1.1.17. Please move to X509#getExtSubjectAltName2
Since:
jsrsasign 7.2.0 x509 1.1.14
Returns:
{Object} array of alt names

{Object} getExtSubjectAltName2()
get subjectAltName value as array of string in the certificate This method will get subject alt name extension value as array of type and name. If there is this in the certificate, it returns undefined; Type of GeneralName will be shown as following:
x = new X509();
x.readCertPEM(sCertPEM); // parseExt() will also be called internally.
x.getExtSubjectAltName2() →
[["DNS",  "example.com"],
 ["DNS",  "example.org"],
 ["MAIL", "foo@example.com"],
 ["IP",   "192.168.1.1"],
 ["IP",   "2001:db8::2:1"],
 ["DN",   "/C=US/O=TEST1"]]
Since:
jsrsasign 8.0.1 x509 1.1.17
Returns:
{Object} array of alt name array

{String} getExtSubjectKeyIdentifier()
get subjectKeyIdentifier value as hexadecimal string in the certificate
This method will get subject key identifier extension value as hexadecimal string. If there is this in the certificate, it returns undefined;
x = new X509();
x.readCertPEM(sCertPEM); // parseExt() will also be called internally.
x.getExtSubjectKeyIdentifier() → "1b3347ab...";
Since:
jsrsasign 7.2.0 x509 1.1.14
Returns:
{String} hexadecimal string of subject key identifier or null

{String} getInfo()
get certificate information as string.
x = new X509();
x.readCertPEM(certPEM);
console.log(x.getInfo());
// this shows as following
Basic Fields
  serial number: 02ac5c266a0b409b8f0b79f2ae462577
  signature algorithm: SHA1withRSA
  issuer: /C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert High Assurance EV Root CA
  notBefore: 061110000000Z
  notAfter: 311110000000Z
  subject: /C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert High Assurance EV Root CA
  subject public key info:
    key algorithm: RSA
    n=c6cce573e6fbd4bb...
    e=10001
X509v3 Extensions:
  keyUsage CRITICAL:
    digitalSignature,keyCertSign,cRLSign
  basicConstraints CRITICAL:
    cA=true
  subjectKeyIdentifier :
    b13ec36903f8bf4701d498261a0802ef63642bc3
  authorityKeyIdentifier :
    kid=b13ec36903f8bf4701d498261a0802ef63642bc3
signature algorithm: SHA1withRSA
signature: 1c1a0697dcd79c9f...
Since:
jsrsasign 5.0.10 x509 1.1.8
Returns:
{String} certificate information string

{String} getIssuerHex()
get hexadecimal string of issuer field TLV of certificate.
var x = new X509();
x.readCertPEM(sCertPEM);
var issuer = x.getIssuerHex(); // return string like "3013..."
Returns:
{String} hexadecial string of issuer DN ASN.1

{String} getIssuerString()
get string of issuer field of certificate.
var x = new X509();
x.readCertPEM(sCertPEM);
var issuer = x.getIssuerString(); // return string like "/C=US/O=TEST"
Returns:
{String} issuer DN string

{String} getNotAfter()
get notAfter field string of certificate.
var x = new X509();
x.readCertPEM(sCertPEM);
var notAfter = x.getNotAfter(); // return string like "151231235959Z"
Returns:
{String} not after time value (ex. "151231235959Z")

{String} getNotBefore()
get notBefore field string of certificate.
var x = new X509();
x.readCertPEM(sCertPEM);
var notBefore = x.getNotBefore(); // return string like "151231235959Z"
Returns:
{String} not before time value (ex. "151231235959Z")

{Object} getPublicKey()
get a RSAKey/ECDSA/DSA public key object of subjectPublicKeyInfo field.
x = new X509();
x.readCertPEM(sCertPEM);
pubkey= x.getPublicKey();
Since:
jsrsasign 7.1.4 x509 1.1.13
Returns:
{Object} RSAKey/ECDSA/DSA public key object of subjectPublicKeyInfo field

{Integer} getPublicKeyContentIdx()
get a string index of contents of subjectPublicKeyInfo BITSTRING value from hexadecimal certificate
x = new X509();
x.readCertPEM(sCertPEM);
idx = x.getPublicKeyContentIdx(); // return string index in x.hex parameter
Since:
jsrsasign 8.0.0 x509 1.2.0
Returns:
{Integer} string index of key contents

<static> X509.getPublicKeyFromCertHex(h)
get RSA/DSA/ECDSA public key object from X.509 certificate hexadecimal string
Parameters:
{String} h
hexadecimal string of X.509 certificate for RSA/ECDSA/DSA public key
Since:
jsrasign 7.1.0 x509 1.1.11
Returns:
returns RSAKey/KJUR.crypto.{ECDSA,DSA} object of public key

<static> X509.getPublicKeyFromCertPEM(sCertPEM)
get RSA/DSA/ECDSA public key object from PEM certificate string NOTE: DSA is also supported since x509 1.1.2.
Parameters:
{String} sCertPEM
PEM formatted RSA/ECDSA/DSA X.509 certificate
Since:
x509 1.1.1
Returns:
returns RSAKey/KJUR.crypto.{ECDSA,DSA} object of public key

{String} getPublicKeyHex()
get a hexadecimal string of subjectPublicKeyInfo field.
x = new X509();
x.readCertPEM(sCertPEM);
hSPKI = x.getPublicKeyHex(); // return string like "30820122..."
Since:
jsrsasign 7.1.4 x509 1.1.13
Returns:
{String} ASN.1 SEQUENCE hexadecimal string of subjectPublicKeyInfo field

{Number} getPublicKeyIdx()
get a string index of subjectPublicKeyInfo field for hexadecimal string certificate.
x = new X509();
x.readCertPEM(sCertPEM);
idx = x.getPublicKeyIdx(); // return string index in x.hex parameter
Since:
jsrsasign 7.1.4 x509 1.1.13
Returns:
{Number} string index of subjectPublicKeyInfo field for hexadecimal string certificate.

<static> {Hash} X509.getPublicKeyInfoPropOfCertPEM(sCertPEM)
get public key information from PEM certificate Resulted associative array has following properties:
NOTE: X509v1 certificate is also supported since x509.js 1.1.9.
Parameters:
{String} sCertPEM
string of PEM formatted certificate
Since:
x509 1.1.1
Returns:
{Hash} hash of information for public key

{String} getSerialNumberHex()
get hexadecimal string of serialNumber field of certificate.
var x = new X509();
x.readCertPEM(sCertPEM);
var sn = x.getSerialNumberHex(); // return string like "01ad..."
Returns:
{String} hexadecimal string of certificate serial number

{String} getSignatureAlgorithmField()
get signature algorithm name in basic field This method will get a name of signature algorithm field of certificate:
var x = new X509();
x.readCertPEM(sCertPEM);
algName = x.getSignatureAlgorithmField();
Since:
x509 1.1.8
Returns:
{String} signature algorithm name (ex. SHA1withRSA, SHA256withECDSA)

{String} getSignatureAlgorithmName(hCert)
get signature algorithm name from hexadecimal certificate data This method will get signature algorithm name of certificate:
var x = new X509();
x.readCertPEM(sCertPEM);
x.getSignatureAlgorithmName() → "SHA256withRSA"
Parameters:
{String} hCert
hexadecimal string of X.509 certificate binary
Since:
jsrsasign 7.2.0 x509 1.1.14
Returns:
{String} signature algorithm name (ex. SHA1withRSA, SHA256withECDSA)

{String} getSignatureValueHex()
get signature value in hexadecimal string
This method will get signature value of certificate:
var x = new X509();
x.readCertPEM(sCertPEM);
x.getSignatureValueHex() &rarr "8a4c47913..."
Since:
jsrsasign 7.2.0 x509 1.1.14
Returns:
{String} signature value hexadecimal string without BitString unused bits

{String} getSubjectHex()
get hexadecimal string of subject field of certificate.
var x = new X509();
x.readCertPEM(sCertPEM);
var subject = x.getSubjectHex(); // return string like "3013..."
Returns:
{String} hexadecial string of subject DN ASN.1

{String} getSubjectString()
get string of subject field of certificate.
var x = new X509();
x.readCertPEM(sCertPEM);
var subject = x.getSubjectString(); // return string like "/C=US/O=TEST"
Returns:
{String} subject DN string

{Number} getVersion()
get format version (X.509v1 or v3 certificate)
This method returns a format version of X.509 certificate. It returns 1 for X.509v1 certificate and 3 for v3 certificate. Otherwise returns 0. This method will be automatically called in X509#readCertPEM. After then, you can use X509.version parameter.
var x = new X509();
x.readCertPEM(sCertPEM);
version = x.getVersion();    // 1 or 3
sn = x.getSerialNumberHex(); // return string like "01ad..."
Since:
jsrsasign 7.1.14 x509 1.1.13
Returns:
{Number} 1 for X509v1, 3 for X509v3, otherwise 0

<static> {String} X509.hex2attrTypeValue(hex, idx)
get string from hexadecimal string of ASN.1 DER AttributeTypeAndValue
This static method converts from a hexadecimal string of AttributeTypeAndValue specified by 'hex' and 'idx' to LDAP string representation (ex. C=US).
X509.hex2attrTypeValue("3008060355040a0c0161") → O=a
X509.hex2attrTypeValue("300806035504060c0161") → C=a
X509.hex2attrTypeValue("...3008060355040a0c0161...", 128) → O=a
Parameters:
{String} hex
hexadecimal string of ASN.1 DER concludes AttributeTypeAndValue
{Integer} idx
index of hexadecimal string (DEFAULT=0)
Returns:
{String} string representation of AttributeTypeAndValue (ex. C=US)

<static> {String} X509.hex2dn(hex, idx)
get distinguished name string in OpenSSL online format from hexadecimal string of ASN.1 DER X.500 name
This static method converts from a hexadecimal string of distinguished name (DN) specified by 'hex' and 'idx' to OpenSSL oneline string representation (ex. /C=US/O=a).
X509.hex2dn("3031310b3...") → /C=US/O=a/CN=b2+OU=b1
Parameters:
{String} hex
hexadecimal string of ASN.1 DER distinguished name
{Integer} idx
index of hexadecimal string (DEFAULT=0)
Returns:
{String} OpenSSL online format distinguished name

<static> {String} X509.hex2rdn(hex, idx)
get relative distinguished name string in OpenSSL online format from hexadecimal string of ASN.1 DER RDN
This static method converts from a hexadecimal string of relative distinguished name (RDN) specified by 'hex' and 'idx' to LDAP string representation (ex. O=test+CN=test).
NOTE: Multi-valued RDN is supported since jsnrsasign 6.2.2 x509 1.1.10.
X509.hex2rdn("310a3008060355040a0c0161") → O=a
X509.hex2rdn("31143008060355040a0c01613008060355040a0c0162") → O=a+O=b
Parameters:
{String} hex
hexadecimal string of ASN.1 DER concludes relative distinguished name
{Integer} idx
index of hexadecimal string (DEFAULT=0)
Returns:
{String} OpenSSL online format relative distinguished name

parseExt()
set array of X.509v3 extesion information such as extension OID, criticality and value index.
This method will set an array of X.509v3 extension information having following parameters:
x = new X509();
x.readCertPEM(sCertPEM); // parseExt() will also be called internally.

x.aExtInfo →
[ { oid: "2.5.29,19", critical: true, vidx: 2504 }, ... ]
Since:
jsrsasign 7.2.0 x509 1.1.14

readCertHex(sCertHex)
read a hexadecimal string of X.509 certificate
NOTE: X509#parseExt will called internally since jsrsasign 7.2.0.
x = new X509();
x.readCertHex("3082..."); // read certificate
Parameters:
{String} sCertHex
hexadecimal string of X.509 certificate
Since:
jsrsasign 7.1.4 x509 1.1.13

readCertPEM(sCertPEM)
read PEM formatted X.509 certificate from string.
x = new X509();
x.readCertPEM(sCertPEM); // read certificate
Parameters:
{String} sCertPEM
string for PEM formatted X.509 certificate

{Boolean} verifySignature(pubKey)
verifies signature value by public key
This method verifies signature value of hexadecimal string of X.509 certificate by specified public key object.
pubKey = KEYUTIL.getKey(pemPublicKey); // or certificate
x = new X509();
x.readCertPEM(pemCert);
x.verifySignature(pubKey) → true, false or raising exception
Parameters:
{Object} pubKey
public key object
Since:
jsrsasign 7.2.0 x509 1.1.14
Returns:
{Boolean} true if signature value is valid otherwise false

© 2012-2017 Kenji Urushima, All rights reserved
Documentation generated by JsDoc Toolkit 2.4.0