Class Index | File Index

Classes


Class X509


Version 1.0.1 (08 May 2012).
hexadecimal X.509 certificate ASN.1 parser class
Defined in: x509-1.1.js.

Class Summary
Constructor Attributes Constructor Name and Description
 
X509(params)
hexadecimal X.509 certificate ASN.1 parser class.
Field Summary
Field Attributes Field Name and Description
 
(DEPRECATED) array of parameters for extensions
<static>  
X509.EXT_PARSER
additional definition for X.509 extension parsers
 
getOtherName ASN.1 structure parameter as JSON object
This method will get OtherName parameters defined in RFC 5280 4.2.1.6.
 
hex
hexacedimal string for X.509 certificate.
 
format version (1: X509v1, 3: X509v3, otherwise: unknown) since jsrsasign 7.1.4
Method Summary
Method Attributes Method Name and Description
 
convert ASN1Object parameter to DisplayText parameter This method converts from KJUR.asn1.ASN1Util#newObject paramter to KJUR.asn1.x509.DisplayText paramter for DisplayText ASN.1 structure.
 
simple canonicalization(c14n) for RDN array
This method canonicalizes a DN string according to "RFC 4518 StringPrep Appendix B Substring Matching" as following:
  • convert to lower case
  • convert from all sequence of spaces to a space
  • remove leading and trailing spaces
 
convert array for X500 distinguish name to distinguish name string
This method converts from an array representation of X.500 distinguished name to X.500 name string.
 
findExt(aExt, extname)
find extension parameter in array
This method returns an extension parameter for specified extension name in the array.
 
get algorithm name name of AlgorithmIdentifier ASN.1 structure This method will get a name of AlgorithmIdentifier.
 
get AttributeTypeAndValue ASN.1 structure parameter as JSON object
This method will get AttributeTypeAndValue parameters defined in RFC 5280 4.1.2.4.
 
getCriticalExtV(extname, hExtV, critical)
get extension value and critical flag value
This method is an utility method for all getExt* of extensions.
 
get DisplayText ASN.1 structure parameter as JSON object This method will get DisplayText parameters.
 
get DistributionPoint ASN.1 structure parameter as JSON object This method will get DistributionPoint parameters.
 
get DistributionPointName ASN.1 structure parameter as JSON object This method will get DistributionPointName parameters.
 
getExtAdobeTimeStamp(hExtV, critical)
parse AdobeTimeStamp extension as JSON object
This method parses X.509v3 AdobeTimeStamp private extension value defined in the Adobe site as JSON object.
 
get AuthorityInfoAccess extension value in the certificate as associative array This method will get authority info access value as associate array which has following properties:
  • ocsp - array of string for OCSP responder URL
  • caissuer - array of string for caIssuer value (i.e.
 
getExtAuthorityInfoAccess(hExtV, critical)
get AuthorityInfoAccess extension value as JSON object This method parse authorityInfoAccess extension.
 
get authorityKeyIdentifier value as JSON object in the certificate
This method will get AuthorityKeyIdentifier extension value as JSON object.
 
getExtBasicConstraints(hExtV, critical)
get BasicConstraints extension value as object in the certificate This method will get basic constraints extension value as object with following paramters.
 
getExtCertificatePolicies(hExtV, critical)
get CertificatePolicies extension value as JSON object This method will get certificate policies value as an array of JSON object which has properties defined in KJUR.asn1.x509.CertificatePolicies.
 
getExtCRLDistributionPoints(hExtV, critical)
get CRLDistributionPoints extension value as JSON object This method will get certificate policies value as an array of JSON object which has properties defined in KJUR.asn1.x509.CRLDistributionPoints.
 
get array of string for fullName URIs in cRLDistributionPoints(CDP) in the certificate (DEPRECATED) This method will get all fullName URIs of cRLDistributionPoints extension in the certificate as array of URI string.
 
getExtCRLNumber(hExtV, critical)
parse cRLNumber CRL extension as JSON object
This method parses CRLNumber CRL extension value defined in RFC 5280 5.2.3 as JSON object.
 
getExtCRLReason(hExtV, critical)
parse cRLReason CRL entry extension as JSON object
This method parses CRLReason CRL entry extension value defined in RFC 5280 5.3.1 as JSON object.
 
getExtExtKeyUsage(hExtV, critical)
get extKeyUsage value as JSON object This method parse extKeyUsage extension.
 
get extKeyUsage value as array of name string in the certificate(DEPRECATED)
This method will get extended key usage extension value as array of name or OID string.
 
getExtInfo(oidOrName)
get a X.509v3 extesion information such as extension OID, criticality and value index for specified oid or name.
 
getExtInhibitAnyPolicy(hExtV, critical)
get InhibitAnyPolicy extension value as JSON object
This method will get certificate policies value as an array of JSON object which has properties defined in KJUR.asn1.x509.InhibitAnyPolicy.
 
getExtIssuerAltName(hExtV, critical)
get issuerAltName value as array of string in the certificate This method will get issuerAltName value as an array of JSON object which has properties defined in KJUR.asn1.x509.IssuerAltName.
 
getExtKeyUsage(hExtV, critical)
get KeyUsage extension value as JSON object This method parse keyUsage extension.
 
get KeyUsage extension value as binary string in the certificate
This method will get key usage extension value as binary string such like '101'.
 
get KeyUsage extension value as names in the certificate
This method will get key usage extension value as comma separated string of usage names.
 
getExtNameConstraints(hExtV, critical)
get NameConstraints extension value as object in the certificate
This method will get name constraints extension value as object with following paramters.
 
getExtOcspNoCheck(hExtV, critical)
parse OCSPNoCheck OCSP extension as JSON object
This method parses OCSPNoCheck extension value defined in RFC 6960 4.2.2.2.1 as JSON object.
 
getExtOcspNonce(hExtV, critical)
parse OCSPNonce OCSP extension as JSON object
This method parses Nonce OCSP extension value defined in RFC 6960 4.4.1 as JSON object.
 
get a extension parameter JSON object
This method returns a extension parameters as JSON object.
 
get array of certificate extension parameter JSON object
This method returns an array of certificate extension parameters.
 
getExtPolicyConstraints(hExtV, critical)
get PolicyConstraints extension value as JSON object
This method will get certificate policies value as an array of JSON object which has properties defined in KJUR.asn1.x509.PolicyConstraints.
 
getExtPolicyMappings(hExtV, critical)
get PolicyMappings extension value as JSON object
This method will get certificate policies value as an array of JSON object which has properties defined in KJUR.asn1.x509.PolicyMappings.
 
getExtSubjectAltName(hExtV, critical)
get subjectAltName value as array of string in the certificate This method will get subjectAltName value as an array of JSON object which has properties defined in KJUR.asn1.x509.SubjectAltName.
 
get subjectAltName value as array of string in the certificate (DEPRECATED) This method will get subject alt name extension value as array of type and name.
 
parse SubjectDirectoryAttributes extension as JSON object
This method parses SubjectDirectoryAttributes extension value defined in the defined in RFC 3739 Qualified Certificate Profile section 3.3.2 as JSON object.
 
getExtSubjectKeyIdentifier(hExtV, critical)
get subjectKeyIdentifier value as hexadecimal string in the certificate
This method will get SubjectKeyIdentifier extension value as JSON object.
 
get GeneralName ASN.1 structure parameter as JSON object
This method will get GeneralName parameters defined in RFC 5280 4.2.1.6.
 
get GeneralNames ASN.1 structure parameter as JSON object This method will get GeneralNames parameters defined in RFC 5280 4.2.1.6.
 
get GeneralSubtree ASN.1 structure parameter as JSON object
This method will get GeneralSubtree parameters defined in RFC 5280 4.2.1.10.
 
get certificate information as string.
 
getIssuer(flagCanon, flagHex)
get JSON object of issuer field
Get a JSON object of an issuer field.
 
get hexadecimal string of issuer field TLV of certificate.
 
get string of issuer field of certificate.
 
get notAfter field string of certificate.
 
get notBefore field string of certificate.
 
getParam(option)
get JSON object of certificate parameters
This method returns a JSON object of the certificate parameters.
 
get PolicyInformation ASN.1 structure parameter as JSON object This method will get PolicyInformation parameters defined in RFC 5280 4.2.1.4.
 
get PolicyQualifierInfo ASN.1 structure parameter as JSON object This method will get PolicyQualifierInfo parameters.
 
get a RSAKey/ECDSA/DSA public key object of subjectPublicKeyInfo field.
 
get a string index of contents of subjectPublicKeyInfo BITSTRING value from hexadecimal certificate
<static>  
get RSA/DSA/ECDSA public key object from X.509 certificate hexadecimal string
<static>  
X509.getPublicKeyFromCertPEM(sCertPEM)
get RSA/DSA/ECDSA public key object from PEM certificate string NOTE: DSA is also supported since x509 1.1.2.
 
get a hexadecimal string of subjectPublicKeyInfo field.
 
get a string index of subjectPublicKeyInfo field for hexadecimal string certificate.
<static>  
get public key information from PEM certificate Resulted associative array has following properties:
  • algoid - hexadecimal string of OID of asymmetric key algorithm
  • algparam - hexadecimal string of OID of ECC curve name or null
  • keyhex - hexadecimal string of key in the certificate
NOTE: X509v1 certificate is also supported since x509.js 1.1.9.
 
getRDN(h)
get RelativeDistinguishedName ASN.1 structure parameter array
This method will get RelativeDistinguishedName parameters defined in RFC 5280 4.1.2.4.
 
get hexadecimal string of serialNumber field of certificate.
 
get signature algorithm name in basic field This method will get a name of signature algorithm in basic field of certificate.
 
get signature algorithm name from hexadecimal certificate data This method will get signature algorithm name of certificate:
 
get signature value as hexadecimal string
This method will get signature value of certificate:
 
get ASN.1 TLV hexadecimal string of subjectPublicKeyInfo field.
 
get hexadecimal string of subjectPublicKey of subjectPublicKeyInfo field.
 
getSubject(flagCanon, flagHex)
get JSON object of subject field
Get a JSON object of a subject field.
 
get hexadecimal string of subject field of certificate.
 
get string of subject field of certificate.
 
get UserNotice ASN.1 structure parameter as JSON object This method will get UserNotice parameters.
 
get format version (X.509v1 or v3 certificate)
This method returns a format version of X.509 certificate.
 
getX500Name(h, flagCanon, flagHex)
get Name ASN.1 structure parameter array
This method will get Name parameter defined in RFC 5280 4.1.2.4.
 
get X.500 Name ASN.1 structure parameter array
This method will get Name parameter defined in RFC 5280 4.1.2.4.
<static>  
X509.hex2attrTypeValue(hex, idx)
get string from hexadecimal string of ASN.1 DER AttributeTypeAndValue
This static method converts from a hexadecimal string of AttributeTypeAndValue specified by 'hex' and 'idx' to LDAP string representation (ex.
<static>  
X509.hex2dn(hex, idx)
get distinguished name string in OpenSSL online format from hexadecimal string of ASN.1 DER X.500 name
This static method converts from a hexadecimal string of distinguished name (DN) specified by 'hex' and 'idx' to OpenSSL oneline string representation (ex.
<static>  
X509.hex2rdn(hex, idx)
get relative distinguished name string in OpenSSL online format from hexadecimal string of ASN.1 DER RDN
This static method converts from a hexadecimal string of relative distinguished name (RDN) specified by 'hex' and 'idx' to LDAP string representation (ex.
 
parseExt(hCSR)
set array of X.509v3 and CSR extesion information such as extension OID, criticality and value index.
 
readCertHex(sCertHex)
read a hexadecimal string of X.509 certificate
NOTE: X509#parseExt will called internally since jsrsasign 7.2.0.
 
readCertPEM(sCertPEM)
read PEM formatted X.509 certificate from string.
<static>  
X509.registExtParser(oid, func)
define X.509 extension parser for specified OID

This static method specifies a X.509 extension value parsing function for specified an extension OID.

 
set canonicalized DN to a DN parameter
This method canonicalizes a DN string as following:
  • convert to lower case
  • convert from all multiple spaces to a space
 
updateAIACAIssuer(aExt, newURI)
update authorityInfoAccess caIssuer in parameter
This method updates "caIssuer" accessMethod URI of AuthorityInfoAccess extension in the extension parameter array if it exists.
 
updateAIAOCSP(aExt, newURI)
update authorityInfoAccess ocsp in parameter
This method updates "ocsp" accessMethod URI of AuthorityInfoAccess extension in the extension parameter array if it exists.
 
updateCDPFullURI(aExt, newURI)
update CRLDistributionPoints Full URI in parameter
This method updates Full URI of CRLDistributionPoints extension in the extension parameter array if it exists.
 
verifies signature value by public key
This method verifies signature value of hexadecimal string of X.509 certificate by specified public key object.
Class Detail
X509(params)
hexadecimal X.509 certificate ASN.1 parser class.
X509 class provides following functionality:
  • parse X.509 certificate ASN.1 structure
  • get basic fields, extensions, signature algorithms and signature values
  • read PEM certificate

Author: Kenji Urushima.
Parameters:
params
See:
'jsrsasign'(RSA Sign JavaScript Library) home page https://kjur.github.io/jsrsasign/
Field Detail
{Array} aExtInfo
(DEPRECATED) array of parameters for extensions

<static> X509.EXT_PARSER
additional definition for X.509 extension parsers
See:
X509.registExtParser

{Array} getOtherName
getOtherName ASN.1 structure parameter as JSON object
This method will get OtherName parameters defined in RFC 5280 4.2.1.6.
OtherName ::= SEQUENCE {
   type-id    OBJECT IDENTIFIER,
   value      [0] EXPLICIT ANY DEFINED BY type-id }
The value of member "other" is converted by ASN1HEX#parse.
x = new X509();
x.getOtherName("30...") →
{ oid: "1.2.3.4",
  value: {utf8str: {str: "aaa"}} }
Since:
jsrsasign 10.5.3 x509 2.0.12
See:
KJUR.asn1.x509.GeneralNames
KJUR.asn1.x509.GeneralName
KJUR.asn1.x509.OtherName
X509#getGeneralName
ASN1HEX#parse

{String} hex
hexacedimal string for X.509 certificate.

{Number} version
format version (1: X509v1, 3: X509v3, otherwise: unknown) since jsrsasign 7.1.4
Method Detail
{Object} asn1ToDisplayText(pASN1)
convert ASN1Object parameter to DisplayText parameter This method converts from KJUR.asn1.ASN1Util#newObject paramter to KJUR.asn1.x509.DisplayText paramter for DisplayText ASN.1 structure.
DisplayText ::= CHOICE {
     ia5String        IA5String      (SIZE (1..200)),
     visibleString    VisibleString  (SIZE (1..200)),
     bmpString        BMPString      (SIZE (1..200)),
     utf8String       UTF8String     (SIZE (1..200)) }     
Result of this method can be passed to KJUR.asn1.x509.DisplayText constructor.
x = new X509();
x.asn1ToDisplayText({utf8str: {str: "aaa"}}) &rarr {type: 'utf8', str: 'aaa'}
x.asn1ToDisplayText({bmpstr: {str: "aaa"}}) &rarr {type: 'bmp',  str: 'aaa'}
Parameters:
{Object} pASN1
ASN1Object paramter for DisplayText
Since:
jsrsasign 10.8.0 x509 2.1.3
Returns:
{Object} DisplayText paramter
See:
X509#getDisplayText
KJUR.asn1.x509.DisplayText
KJUR.asn1.ASN1Util#newObject

{string} c14nRDNArray(aRDN)
simple canonicalization(c14n) for RDN array
This method canonicalizes a DN string according to "RFC 4518 StringPrep Appendix B Substring Matching" as following:
var x = new X509();
x.c14nRDNArray([
  [{type:"C", value:"JP", ds: "prn"}],
  [{type:"O", value:"    Test    1234     ", ds: "utf8"}],
  [{type:"OU", value:"HR   45", ds: "utf8"}]
]) → "/c=jp/o=test 1234/ou=hr 45"
Parameters:
{array} aRDN
array of RDN parameters
Since:
jsrsasign 10.6.0 x509 2.1.0
Returns:
{string} canonicalized distinguish name (ex. "/c=jp/o=test ca")

{String} dnarraytostr(aDN)
convert array for X500 distinguish name to distinguish name string
This method converts from an array representation of X.500 distinguished name to X.500 name string. This supports multi-valued RDN.
var x = new X509();
x.dnarraytostr(
  [[{type:"C",value:"JP",ds:"prn"}],
  [{type:"O",value:"T1",ds:"prn"}]]) → "/C=JP/O=T1"
x.dnarraytostr(
  [[{type:"C",value:"JP",ds:"prn"}],
  [{type:"O",value:"T1",ds:"prn"}
   {type:"CN",value:"Bob",ds:"prn"}]]) → "/C=JP/O=T1+CN=Bob"
Parameters:
{Array} aDN
array for X500 distinguish name
Since:
jsrsasign 10.0.6 x509 2.0.8
Returns:
{String} distinguish name
See:
X509#getX500Name
X509#getX500NameArray
KJUR.asn1.x509.X500Name

{Array} findExt(aExt, extname)
find extension parameter in array
This method returns an extension parameter for specified extension name in the array. This method is useful to update extension parameter value. When there is no such extension with the extname, this returns "null".
// (1) 
x = new X509(CERTPEM);
params = x.getParam();
pSKID = x.findExt(params.ext, "subjectKeyIdentifier");
pSKID.kid = "1234abced..."; // skid in the params is updated.
  // then params was updated

// (2) another example
aExt = [
  {extname:"keyUsage",critical:true,names:["digitalSignature"]},
  {extname:"basicConstraints",critical:true},
  {extname:"subjectKeyIdentifier",kid:{hex:"f2eb..."}},
  {extname:"authorityKeyIdentifier",kid:{hex:"12ab..."}},
  {extname:"authorityInfoAccess",array:[{ocsp:"http://ocsp.example.com/"}]},
  {extname:"certificatePolicies",array:[{policyoid:"2.23.140.1.2.1"}]}
];
var x = new X509();
x.findExt(aExt, "authorityKeyInfoAccess").array[0].ocsp = "http://aaa.com";
pKU = x.findExt(aExt, "keyUsage");
delete pKU["critical"]; // clear criticla flag
pKU.names = ["keyCertSign", "cRLSign"];
  // then aExt was updated
Parameters:
{Array} aExt
array of extension parameters
{String} extname
extension name
Since:
jsrsasign 10.0.3 x509 2.0.7
Returns:
{Array} extension parameter in the array or null
See:
X509#getParam

{String} getAlgorithmIdentifierName(hTLV)
get algorithm name name of AlgorithmIdentifier ASN.1 structure This method will get a name of AlgorithmIdentifier.
var x = new X509();
algName = x.getAlgorithmIdentifierName("30...");
Parameters:
{String} hTLV
hexadecimal string of AlgorithmIdentifier
Since:
jsrsasign 9.0.0 x509 2.0.0
Returns:
{String} algorithm name (ex. SHA1withRSA, SHA256withECDSA, SHA512withRSAandMGF1, SHA1)

{Object} getAttrTypeAndValue(h)
get AttributeTypeAndValue ASN.1 structure parameter as JSON object
This method will get AttributeTypeAndValue parameters defined in RFC 5280 4.1.2.4.
AttributeTypeAndValue ::= SEQUENCE {
  type     AttributeType,
  value    AttributeValue }
AttributeType ::= OBJECT IDENTIFIER
AttributeValue ::= ANY -- DEFINED BY AttributeType
"ds" has one of following value:
x = new X509();
x.getAttrTypeAndValue("30...") →
{type:"CN",value:"john.smith@example.com",ds:"ia5"} or
{type:"O",value:"Sample Corp.",ds:"prn"}
Parameters:
{String} h
hexadecimal string of AttributeTypeAndValue
Since:
jsrsasign 9.0.0 x509 2.0.0
Returns:
{Object} JSON object of AttributeTypeAndValue parameters
See:
X509#getX500Name
X509#getRDN

{Array} getCriticalExtV(extname, hExtV, critical)
get extension value and critical flag value
This method is an utility method for all getExt* of extensions.
x = new X509(sCertPEM);
x.getCriticalExtV("inhibitAnyPolicy") &rarr ["020103", true] // get from X509 object
x.getCriticalExtV("inhibitAnyPolicy",
                  "020104",
                  true) &rarr ["020104", true] // by argument of method.
Parameters:
{string} extname
name string of the extension
{string} hExtV
hexadecimal string of extension
{boolean} critical
flag
Since:
jsrsasign 10.6.1 x509 2.1.1
Returns:
{Array} extension value hex and critical flag

{Object} getDisplayText(h)
get DisplayText ASN.1 structure parameter as JSON object This method will get DisplayText parameters.
DisplayText ::= CHOICE {
     ia5String        IA5String      (SIZE (1..200)),
     visibleString    VisibleString  (SIZE (1..200)),
     bmpString        BMPString      (SIZE (1..200)),
     utf8String       UTF8String     (SIZE (1..200)) }     
Result of this method can be passed to KJUR.asn1.x509.DisplayText constructor.
x = new X509();
x.getDisplayText("0c03616161") &rarr {type: 'utf8', str: 'aaa'}
x.getDisplayText("1e03616161") &rarr {type: 'bmp',  str: 'aaa'}
Parameters:
{String} h
hexadecimal string of DisplayText
Since:
jsrsasign 9.0.0 x509 2.0.0
Returns:
{Object} JSON object of DisplayText parameters
See:
X509#getExtCertificatePolicies
X509#getPolicyInformation

{Object} getDistributionPoint(h)
get DistributionPoint ASN.1 structure parameter as JSON object This method will get DistributionPoint parameters. Result of this method can be passed to KJUR.asn1.x509.DistributionPoint constructor.
NOTE: reasons[1] and CRLIssuer[2] field not supported
x = new X509();
x.getDistributionPoint("30...") →
{dpname: {full: [{uri: "http://aaa.com/"}]}}
Parameters:
{String} h
hexadecimal string of DistributionPoint
Since:
jsrsasign 9.0.0 x509 2.0.0
Returns:
{Object} JSON object of DistributionPoint parameters
See:
X509#getExtCRLDistributionPoints
X509#getDistributionPointName
X509#getGeneralNames
X509#getGeneralName

{Object} getDistributionPointName(h)
get DistributionPointName ASN.1 structure parameter as JSON object This method will get DistributionPointName parameters. Result of this method can be passed to KJUR.asn1.x509.DistributionPointName constructor.
NOTE: nameRelativeToCRLIssuer[1] not supported
x = new X509();
x.getDistributionPointName("a0...") →
{full: [{uri: "http://aaa.com/"}]}
Parameters:
{String} h
hexadecimal string of DistributionPointName
Since:
jsrsasign 9.0.0 x509 2.0.0
Returns:
{Object} JSON object of DistributionPointName parameters
See:
X509#getExtCRLDistributionPoints
X509#getDistributionPoint
X509#getGeneralNames
X509#getGeneralName

{Array} getExtAdobeTimeStamp(hExtV, critical)
parse AdobeTimeStamp extension as JSON object
This method parses X.509v3 AdobeTimeStamp private extension value defined in the Adobe site as JSON object. This extension provides the URL location for time stamp service.
adbe- OBJECT IDENTIFIER ::=  { adbe(1.2.840.113583) acrobat(1) security(1) x509Ext(9) 1 }
 ::= SEQUENCE {
    version INTEGER  { v1(1) }, -- extension version
    location GeneralName (In v1 GeneralName can be only uniformResourceIdentifier)
    requiresAuth        boolean (default false), OPTIONAL }

Result of this method can be passed to KJUR.asn1.x509.AdobeTimeStamp constructor.
NOTE: This extesion doesn't seem to have official name. This may be called as "pdfTimeStamp".
x.getExtAdobeTimeStamp(<>) →
{ extname: "adobeTimeStamp", uri: "http://tsa.example.com/" reqauth: true }
Parameters:
{String} hExtV
hexadecimal string of extension value
{Boolean} critical
flag
Since:
jsrsasign 10.0.1 x509 2.0.5
Returns:
{Array} JSON object of parsed AdobeTimeStamp extension
See:
KJUR.asn1.x509.AdobeTimeStamp
X509#getExtParamArray
X509#getExtParam

{Object} getExtAIAInfo()
get AuthorityInfoAccess extension value in the certificate as associative array This method will get authority info access value as associate array which has following properties: If there is this in the certificate, it returns undefined;
x = new X509();
x.readCertPEM(sCertPEM); // parseExt() will also be called internally.
x.getExtAIAInfo(hCert) → 
{ ocsp:     ["http://ocsp.foo.com"],
  caissuer: ["http://rep.foo.com/aaa.p8m"] }
Since:
jsrsasign 7.2.0 x509 1.1.14
Returns:
{Object} associative array of AIA extension properties

{Array} getExtAuthorityInfoAccess(hExtV, critical)
get AuthorityInfoAccess extension value as JSON object This method parse authorityInfoAccess extension. When arguments are not specified, its extension in X509 object will be parsed. Result of this method can be passed to KJUR.asn1.x509.AuthorityInfoAccess constructor.
When hExtV and critical specified as arguments, return value will be generated from them.
x = new X509();
x.readCertPEM(sCertPEM); // parseExt() will also be called internally.
x.getExtAuthorityInfoAccess() →
{
  critial: true, // 
  array: [{ocsp: http://ocsp.example.com/},
          {caissuer: https://repository.example.com/}]
}

x = new X509();
x.getExtAuthorityInfoAccesss("306230...") 
x.getExtAuthorityInfoAccesss("306230...", true)
Parameters:
{String} hExtV
hexadecimal string of extension value (OPTIONAL)
{Boolean} critical
flag (OPTIONAL)
Since:
jsrsasign 9.0.0 x509 2.0.0
Returns:
{Array} JSON object of AuthorityInfoAccess parameters or undefined
See:
KJUR.asn1.x509.AuthorityInfoAccess

{Array} getExtAuthorityKeyIdentifier(hExtV, critical)
get authorityKeyIdentifier value as JSON object in the certificate
This method will get AuthorityKeyIdentifier extension value as JSON object.
When hExtV and critical specified as arguments, return value will be generated from them. If there is no such extension in the certificate, it returns undefined.
Result of this method can be passed to KJUR.asn1.x509.AuthorityKeyIdentifier constructor.
   id-ce-authorityKeyIdentifier OBJECT IDENTIFIER ::=  { id-ce 35 }
   AuthorityKeyIdentifier ::= SEQUENCE {
      keyIdentifier             [0] KeyIdentifier           OPTIONAL,
      authorityCertIssuer       [1] GeneralNames            OPTIONAL,
      authorityCertSerialNumber [2] CertificateSerialNumber OPTIONAL  }
   KeyIdentifier ::= OCTET STRING
Constructor may have following parameters:
NOTE: The 'authorityCertIssuer' and 'authorityCertSerialNumber' supported since jsrsasign 9.0.0 x509 2.0.0.
x = new X509();
x.readCertPEM(sCertPEM); // parseExt() will also be called internally.
x.getExtAuthorityKeyIdentifier() → 
{ kid: {hex: "1234abcd..."},
  issuer: {hex: "30..."},
  sn: {hex: "1234..."},
  critical: true}
Parameters:
{String} hExtV
hexadecimal string of extension value (OPTIONAL)
{Boolean} critical
flag (OPTIONAL)
Since:
jsrsasign 7.2.0 x509 1.1.14
Returns:
{Array} JSON object of AuthorityKeyIdentifier parameter or undefined
See:
KJUR.asn1.x509.AuthorityKeyIdentifier

{Array} getExtBasicConstraints(hExtV, critical)
get BasicConstraints extension value as object in the certificate This method will get basic constraints extension value as object with following paramters. There are use cases for return values:
x = new X509();
x.readCertPEM(sCertPEM); // parseExt() will also be called internally.
x.getExtBasicConstraints() → {cA:true,pathLen:3,critical:true}
Parameters:
{String} hExtV
hexadecimal string of extension value (OPTIONAL)
{Boolean} critical
flag (OPTIONAL)
Since:
jsrsasign 7.2.0 x509 1.1.14
Returns:
{Array} JSON object of BasicConstraints parameter or undefined
See:
KJUR.asn1.x509.BasicConstraints

{Object} getExtCertificatePolicies(hExtV, critical)
get CertificatePolicies extension value as JSON object This method will get certificate policies value as an array of JSON object which has properties defined in KJUR.asn1.x509.CertificatePolicies. Result of this method can be passed to KJUR.asn1.x509.CertificatePolicies constructor. If there is no this extension in the certificate, it returns undefined.
CAUTION: return value of JSON object format have been changed from jsrsasign 9.0.0 without backword compatibility.
When hExtV and critical specified as arguments, return value will be generated from them.
x = new X509();
x.readCertPEM(sCertPEM); // parseExt() will also be called internally.
x.getExtCertificatePolicies() → 
{ array: [
  { policyoid: "1.2.3.4" }
  { policyoid: "1.2.3.5",
    array: [
      { cps: "https://example.com/" },
      { unotice: { exptext: { type: "bmp", str: "sample text" } } }
    ] 
  }
]}
Parameters:
{String} hExtV
hexadecimal string of extension value (OPTIONAL)
{Boolean} critical
flag (OPTIONAL)
Since:
jsrsasign 7.2.0 x509 1.1.14
Returns:
{Object} JSON object of CertificatePolicies parameters or undefined

{Object} getExtCRLDistributionPoints(hExtV, critical)
get CRLDistributionPoints extension value as JSON object This method will get certificate policies value as an array of JSON object which has properties defined in KJUR.asn1.x509.CRLDistributionPoints. Result of this method can be passed to KJUR.asn1.x509.CRLDistributionPoints constructor. If there is no this extension in the certificate, it returns undefined.
x = new X509();
x.readCertPEM(sCertPEM); // parseExt() will also be called internally.
x.getExtCRLDistributionPoints() → 
{array: [
  {dpname: {full: [{uri: "http://example.com/"}]}},
  {dpname: {full: [{uri: "ldap://example.com/"}]}}
 ],
 critical: true}
Parameters:
{String} hExtV
hexadecimal string of extension value (OPTIONAL)
{Boolean} critical
flag (OPTIONAL)
Since:
jsrsasign 9.0.0 x509 2.0.0
Returns:
{Object} JSON object of CRLDistributionPoints parameters or undefined
See:
KJUR.asn1.x509.CRLDistributionPoints
X509#getDistributionPoint
X509#getDistributionPointName
X509#getGeneralNames
X509#getGeneralName

{Object} getExtCRLDistributionPointsURI()
get array of string for fullName URIs in cRLDistributionPoints(CDP) in the certificate (DEPRECATED) This method will get all fullName URIs of cRLDistributionPoints extension in the certificate as array of URI string. If there is this in the certificate, it returns undefined;
NOTE: Currently this method supports only fullName URI so that other parameters will not be returned.
x = new X509();
x.readCertPEM(sCertPEM); // parseExt() will also be called internally.
x.getExtCRLDistributionPointsURI() →
["http://example.com/aaa.crl", "http://example.org/aaa.crl"]
Since:
jsrsasign 7.2.0 x509 1.1.14
Returns:
{Object} array of fullName URIs of CDP of the certificate

getExtCRLNumber(hExtV, critical)
parse cRLNumber CRL extension as JSON object
This method parses CRLNumber CRL extension value defined in RFC 5280 5.2.3 as JSON object.
id-ce-cRLNumber OBJECT IDENTIFIER ::= { id-ce 20 }
CRLNumber ::= INTEGER (0..MAX)

Result of this method can be passed to KJUR.asn1.x509.CRLNumber constructor.
crl = X509CRL("-----BEGIN X509 CRL...");
... get hExtV and critical flag ...
crl.getExtCRLNumber("02...", false) →
{extname: "cRLNumber", num: {hex: "12af"}}
Parameters:
{String} hExtV
hexadecimal string of extension value
{Boolean} critical
flag
Since:
jsrsasign 9.1.1 x509 2.0.1
See:
KJUR.asn1.x509.CRLNumber
X509#getExtParamArray

getExtCRLReason(hExtV, critical)
parse cRLReason CRL entry extension as JSON object
This method parses CRLReason CRL entry extension value defined in RFC 5280 5.3.1 as JSON object.
id-ce-cRLReasons OBJECT IDENTIFIER ::= { id-ce 21 }
-- reasonCode ::= { CRLReason }
CRLReason ::= ENUMERATED {
     unspecified             (0),
     keyCompromise           (1),
     cACompromise            (2),
     affiliationChanged      (3),
     superseded              (4),
     cessationOfOperation    (5),
     certificateHold         (6),
     removeFromCRL           (8),
     privilegeWithdrawn      (9),
     aACompromise           (10) }

Result of this method can be passed to KJUR.asn1.x509.CRLReason constructor.
crl = X509CRL("-----BEGIN X509 CRL...");
... get hExtV and critical flag ...
crl.getExtCRLReason("02...", false) →
{extname: "cRLReason", code: 3}
Parameters:
{String} hExtV
hexadecimal string of extension value
{Boolean} critical
flag
Since:
jsrsasign 9.1.1 x509 2.0.1
See:
KJUR.asn1.x509.CRLReason
X509#getExtParamArray

{Array, Object} getExtExtKeyUsage(hExtV, critical)
get extKeyUsage value as JSON object This method parse extKeyUsage extension. When arguments are not specified, its extension in X509 object will be parsed. Result of this method can be passed to KJUR.asn1.x509.ExtKeyUsage constructor.
When hExtV and critical specified as arguments, return value will be generated from them.
x = new X509();
x.readCertPEM(sCertPEM); // parseExt() will also be called internally.
x.getExtExtKeyUsage() →
{ array: ["clientAuth", "emailProtection", "1.3.6.1.4.1.311.10.3.4"], 
  critical: true},
Parameters:
{String} hExtV
hexadecimal string of extension value (OPTIONAL)
{Boolean} critical
flag (OPTIONAL)
Since:
jsrsasign 9.0.0 x509 2.0.0
Returns:
{Array} JSON object of ExtKeyUsage parameter or undefined
{Object} JSONarray of extended key usage ID name or oid
See:
KJUR.asn1.x509.ExtKeyUsage

{Object} getExtExtKeyUsageName()
get extKeyUsage value as array of name string in the certificate(DEPRECATED)
This method will get extended key usage extension value as array of name or OID string. If there is this in the certificate, it returns undefined;
NOTE: Supported extended key usage ID names are defined in name2oidList parameter in asn1x509.js file.
x = new X509();
x.readCertPEM(sCertPEM); // parseExt() will also be called internally.
x.getExtExtKeyUsageName() → ["serverAuth", "clientAuth", "0.1.2.3.4.5"]
Deprecated:
since jsrsasign 9.0.0 x509 2.0.0
Since:
jsrsasign 7.2.0 x509 1.1.14
Returns:
{Object} array of extended key usage ID name or oid

getExtInfo(oidOrName)
get a X.509v3 extesion information such as extension OID, criticality and value index for specified oid or name.
This method will get an X.509v3 extension information JSON object having extension OID, criticality and value idx for specified extension OID or name. If there is no such extension, this returns undefined.
x = new X509();
x.readCertPEM(sCertPEM); // parseExt() will also be called internally.

x.getExtInfo("keyUsage") → { oid: "2.5.29.15", critical: true, vidx: 1714 }
x.getExtInfo("unknownExt") → undefined
Parameters:
{String} oidOrName
X.509 extension oid or name (ex. keyUsage or 2.5.29.19)
Since:
jsrsasign 7.2.0 x509 1.1.14
Returns:
X.509 extension information such as extension OID or value indx (see X509#parseExt)

{Object} getExtInhibitAnyPolicy(hExtV, critical)
get InhibitAnyPolicy extension value as JSON object
This method will get certificate policies value as an array of JSON object which has properties defined in KJUR.asn1.x509.InhibitAnyPolicy. Result of this method can be passed to KJUR.asn1.x509.InhibitAnyPolicy constructor. If there is no this extension in the certificate, it returns undefined.
When hExtV and critical specified as arguments, return value will be generated from them.
x = new X509(sCertPEM);
x.getExtInhibitAnyPolicy() → 
{ extname: "policyConstraints",
  critical: true,
  skip: 3 }

x.getExtInhibitAnyPolicy("020103", true) → same as above
Parameters:
{String} hExtV
hexadecimal string of extension value (OPTIONAL)
{Boolean} critical
flag (OPTIONAL)
Since:
jsrsasign 10.6.1 x509 2.1.1
Returns:
{Object} JSON object of InhibitAnyPolicy parameters or undefined
See:
KJUR.asn1.x509.InhibitAnyPolicy

{Array} getExtIssuerAltName(hExtV, critical)
get issuerAltName value as array of string in the certificate This method will get issuerAltName value as an array of JSON object which has properties defined in KJUR.asn1.x509.IssuerAltName. Result of this method can be passed to KJUR.asn1.x509.IssuerAltName constructor. If there is no this extension in the certificate, it returns undefined.
When hExtV and critical specified as arguments, return value will be generated from them.
x = new X509();
x.readCertPEM(sCertPEM); // parseExt() will also be called internally.
x.getExtIssuerAltName() → 
{ array: [
    {uri: "http://example.com/"},
    {rfc822: "user1@example.com"},
    {dns: "example.com"}
  ],
  critical: true
}

x.getExtIssuerAltName("3026...") →
{ array: [{ip: "192.168.1.1"}] }
Parameters:
{String} hExtV
hexadecimal string of extension value (OPTIONAL)
{Boolean} critical
flag (OPTIONAL)
Since:
jsrsasign 9.0.0 x509 2.0.0
Returns:
{Array} JSON object of IssuerAltName parameters
See:
KJUR.asn1.x509.IssuerAltName
X509#getExtSubjectAltName

{Array} getExtKeyUsage(hExtV, critical)
get KeyUsage extension value as JSON object This method parse keyUsage extension. When arguments are not specified, its extension in X509 object will be parsed. Result of this method can be passed to KJUR.asn1.x509.KeyUsage constructor.
When hExtV and critical specified as arguments, return value will be generated from them.
id-ce-keyUsage OBJECT IDENTIFIER ::=  { id-ce 15 }
KeyUsage ::= BIT STRING {
     digitalSignature        (0),
     nonRepudiation          (1),
     keyEncipherment         (2),
     dataEncipherment        (3),
     keyAgreement            (4),
     keyCertSign             (5),
     cRLSign                 (6),
     encipherOnly            (7),
     decipherOnly            (8) }     
x = new X509();
x.readCertPEM(sCertPEM); // parseExt() will also be called internally.
x.getExtKeyUsage() →
{
  critial: true,
  names: ["digitalSignature", "decipherOnly"]
}

x = new X509();
x.getExtKeyUsage("306230...") 
x.getExtKeyUsage("306230...", true)
Parameters:
{String} hExtV
hexadecimal string of extension value (OPTIONAL)
{Boolean} critical
flag (OPTIONAL)
Since:
jsrsasign 9.0.0 x509 2.0.0
Returns:
{Array} JSON object of KeyUsage parameter or undefined
See:
KJUR.asn1.x509.KeyUsage
X509#getExtKeyUsageString

{String} getExtKeyUsageBin(hExtV)
get KeyUsage extension value as binary string in the certificate
This method will get key usage extension value as binary string such like '101'. Key usage bits definition is in the RFC 5280. If there is no key usage extension in the certificate, it returns empty string (i.e. '').
NOTE: argument 'hExtV' supported since jsrsasign 9.0.0 x509 2.0.0.
x = new X509();
x.readCertPEM(sCertPEM); // parseExt() will also be called internally.
x.getExtKeyUsageBin() → '101'
// 1 - digitalSignature
// 0 - nonRepudiation
// 1 - keyEncipherment
Parameters:
{String} hExtV
hexadecimal string of extension value (OPTIONAL)
Since:
jsrsasign 7.2.0 x509 1.1.14
Returns:
{String} binary string of key usage bits (ex. '101')
See:
X509#getExtKeyUsage

{String} getExtKeyUsageString(hExtV)
get KeyUsage extension value as names in the certificate
This method will get key usage extension value as comma separated string of usage names. If there is no key usage extension in the certificate, it returns empty string (i.e. '').
NOTE: argument 'hExtV' supported since jsrsasign 9.0.0 x509 2.0.0.
x = new X509();
x.readCertPEM(sCertPEM); // parseExt() will also be called internally.
x.getExtKeyUsageString() → "digitalSignature,keyEncipherment"
Parameters:
{String} hExtV
hexadecimal string of extension value (OPTIONAL)
Since:
jsrsasign 7.2.0 x509 1.1.14
Returns:
{String} comma separated string of key usage
See:
X509#getExtKeyUsage

{Object} getExtNameConstraints(hExtV, critical)
get NameConstraints extension value as object in the certificate
This method will get name constraints extension value as object with following paramters.
x = new X509(sCertPEM);
x.getExtNameConstraints() → {
  critical: true,
  permit: [{dns: 'example.com'},{rfc822: 'john@example.com'}],
  exclude: [{dn: {...X500Name parameter...}}]
}
Parameters:
{String} hExtV
hexadecimal string of extension value (OPTIONAL)
{Boolean} critical
flag (OPTIONAL)
Since:
jsrsasign 10.5.16 x509 2.0.16
Returns:
{Object} JSON object of NamConstraints parameter or undefined
See:
KJUR.asn1.x509.NameConstraints
KJUR.asn1.x509.GeneralSubtree
KJUR.asn1.x509.GeneralName
X509#getGeneralSubtree
X509#getGeneralName

{Array} getExtOcspNoCheck(hExtV, critical)
parse OCSPNoCheck OCSP extension as JSON object
This method parses OCSPNoCheck extension value defined in RFC 6960 4.2.2.2.1 as JSON object.
id-pkix-ocsp-nocheck OBJECT IDENTIFIER ::= { id-pkix-ocsp 5 }

Result of this method can be passed to KJUR.asn1.x509.OCSPNoCheck constructor.
x = new X509();
x.getExtOcspNoCheck(<>) →
{ extname: "ocspNoCheck" }
Parameters:
{String} hExtV
hexadecimal string of extension value
{Boolean} critical
flag
Since:
jsrsasign 9.1.6 x509 2.0.3
Returns:
{Array} JSON object of parsed OCSPNoCheck extension
See:
KJUR.asn1.x509.OCSPNoCheck
X509#getExtParamArray
X509#getExtParam

{Array} getExtOcspNonce(hExtV, critical)
parse OCSPNonce OCSP extension as JSON object
This method parses Nonce OCSP extension value defined in RFC 6960 4.4.1 as JSON object.
id-pkix-ocsp           OBJECT IDENTIFIER ::= { id-ad-ocsp }
id-pkix-ocsp-nonce     OBJECT IDENTIFIER ::= { id-pkix-ocsp 2 }
Nonce ::= OCTET STRING

Result of this method can be passed to KJUR.asn1.x509.OCSPNonce constructor.
x = new X509();
x.getExtOcspNonce(<>) →
{ extname: "ocspNonce", hex: "1a2b..." }
Parameters:
{String} hExtV
hexadecimal string of extension value
{Boolean} critical
flag
Since:
jsrsasign 9.1.6 x509 2.0.3
Returns:
{Array} JSON object of parsed OCSPNonce extension
See:
KJUR.asn1.x509.OCSPNonce
X509#getExtParamArray
X509#getExtParam

{Array} getExtParam(hExt)
get a extension parameter JSON object
This method returns a extension parameters as JSON object.
x = new X509();
...
x.getExtParam("30...") →
{extname:"keyUsage",critical:true,names:["digitalSignature"]}
Parameters:
{String} hExt
hexadecimal string of Extension
Since:
jsrsasign 9.1.1 x509 2.0.1
Returns:
{Array} Extension parameter JSON object
See:
KJUR.asn1.x509.X509Util.newCertPEM
X509#getParam
X509#getExtParamArray
X509CRL#getParam
KJUR.asn1.csr.CSRUtil.getParam

{Array} getExtParamArray(hExtSeq)
get array of certificate extension parameter JSON object
This method returns an array of certificate extension parameters.
NOTE: Argument "hExtSeq" have been supported since jsrsasign 9.1.1.
x = new X509();
x.readCertPEM("-----BEGIN CERTIFICATE...");
x.getExtParamArray() →
[ {extname:"keyUsage",critical:true,names:["digitalSignature"]},
  {extname:"basicConstraints",critical:true},
  {extname:"subjectKeyIdentifier",kid:{hex:"f2eb..."}},
  {extname:"authorityKeyIdentifier",kid:{hex:"12ab..."}},
  {extname:"authorityInfoAccess",array:[{ocsp:"http://ocsp.example.com/"}]},
  {extname:"certificatePolicies",array:[{policyoid:"2.23.140.1.2.1"}]}]
Parameters:
{String} hExtSeq
hexadecimal string of SEQUENCE of Extension
Since:
jsrsasign 9.0.0 x509 2.0.0
Returns:
{Array} array of certificate extension parameter JSON object
See:
KJUR.asn1.x509.X509Util.newCertPEM
X509#getParam
X509#getExtParam
X509CRL#getParam
KJUR.asn1.csr.CSRUtil.getParam

{Object} getExtPolicyConstraints(hExtV, critical)
get PolicyConstraints extension value as JSON object
This method will get certificate policies value as an array of JSON object which has properties defined in KJUR.asn1.x509.PolicyConstraints. Result of this method can be passed to KJUR.asn1.x509.PolicyConstraints constructor. If there is no this extension in the certificate, it returns undefined.
When hExtV and critical specified as arguments, return value will be generated from them.
x = new X509(sCertPEM);
x.getExtPolicyConstraints() → 
{ extname: "policyConstraints",
  critical: true,
  reqexp: 3,
  inhibit: 3 }
Parameters:
{String} hExtV
hexadecimal string of extension value (OPTIONAL)
{Boolean} critical
flag (OPTIONAL)
Since:
jsrsasign 10.6.1 x509 2.1.1
Returns:
{Object} JSON object of PolicyConstraints parameters or undefined
See:
KJUR.asn1.x509.PolicyConstraints

{Object} getExtPolicyMappings(hExtV, critical)
get PolicyMappings extension value as JSON object
This method will get certificate policies value as an array of JSON object which has properties defined in KJUR.asn1.x509.PolicyMappings. Result of this method can be passed to KJUR.asn1.x509.PolicyMappings constructor. If there is no this extension in the certificate, it returns undefined.
When hExtV and critical specified as arguments, return value will be generated from them.
x = new X509(sCertPEM);
x.getExtPolicyMappings() → 
{ extname: "policyMappings",
  critical: true,
  array: [["1.2.3", "1.4.5"],["0.1.2", "anyPolicy"]]}
Parameters:
{String} hExtV
hexadecimal string of extension value (OPTIONAL)
{Boolean} critical
flag (OPTIONAL)
Since:
jsrsasign 10.6.1 x509 2.1.1
Returns:
{Object} JSON object of PolicyMappings parameters or undefined
See:
KJUR.asn1.x509.PolicyMappings

{Array} getExtSubjectAltName(hExtV, critical)
get subjectAltName value as array of string in the certificate This method will get subjectAltName value as an array of JSON object which has properties defined in KJUR.asn1.x509.SubjectAltName. Result of this method can be passed to KJUR.asn1.x509.SubjectAltName constructor. If there is no this extension in the certificate, it returns undefined.
When hExtV and critical specified as arguments, return value will be generated from them.
CAUTION: return value of JSON object format have been changed from jsrsasign 9.0.0 x509 2.0.0 without backword compatibility.
x = new X509();
x.readCertPEM(sCertPEM); // parseExt() will also be called internally.
x.getExtSubjectAltName() → 
{ array: [
    {uri: "http://example.com/"},
    {rfc822: "user1@example.com"},
    {dns: "example.com"}
  ],
  critical: true
}

x.getExtSubjectAltName("3026...") →
{ array: [{ip: "192.168.1.1"}] }
Parameters:
{String} hExtV
hexadecimal string of extension value (OPTIONAL)
{Boolean} critical
flag (OPTIONAL)
Since:
jsrsasign 7.2.0 x509 1.1.14
Returns:
{Array} JSON object of SubjectAltName parameters or undefined
See:
KJUR.asn1.x509.SubjectAltName
X509#getExtIssuerAltName

{Object} getExtSubjectAltName2()
get subjectAltName value as array of string in the certificate (DEPRECATED) This method will get subject alt name extension value as array of type and name. If there is this in the certificate, it returns undefined; Type of GeneralName will be shown as following:
x = new X509();
x.readCertPEM(sCertPEM); // parseExt() will also be called internally.
x.getExtSubjectAltName2() →
[["DNS",  "example.com"],
 ["DNS",  "example.org"],
 ["MAIL", "foo@example.com"],
 ["IP",   "192.168.1.1"],
 ["IP",   "2001:db8::2:1"],
 ["DN",   "/C=US/O=TEST1"]]
Deprecated:
jsrsasign 9.0.0 x509 2.0.0
Since:
jsrsasign 8.0.1 x509 1.1.17
Returns:
{Object} array of alt name array

{Array} getExtSubjectDirectoryAttributes(hExtV, critical)
parse SubjectDirectoryAttributes extension as JSON object
This method parses SubjectDirectoryAttributes extension value defined in the defined in RFC 3739 Qualified Certificate Profile section 3.3.2 as JSON object.
SubjectDirectoryAttributes ::= Attributes
Attributes ::= SEQUENCE SIZE (1..MAX) OF Attribute
Attribute ::= SEQUENCE {
  type AttributeType 
  values SET OF AttributeValue }
AttributeType ::= OBJECT IDENTIFIER
AttributeValue ::= ANY DEFINED BY AttributeType

Result of this method can be passed to KJUR.asn1.x509.SubjectDirectoryAttributes constructor.
x.getExtSubjectDirectoryAttributes(<>) →
{ "extname": "SubjectDirectoryAttributes",
  "array": [
    { "attr": "gender", "array": [{"prnstr": {"str": "female"}}] },
    { "attr": "1.2.3.4.5", "array": [{"prnstr": {"str": "aaa"}}, {"utf8str": {"str": "bbb"}}] }
  ] }
Parameters:
{String} hExtV
hexadecimal string of extension value
{Boolean} critical
flag
Since:
jsrsasign 10.8.4 x509 2.1.4
Returns:
{Array} JSON object of parsed SubjectDirectoryAttributes extension
See:
KJUR.asn1.x509.SubjectDirectoryAttributes
X509#getExtParamArray
X509#getExtParam

{Array} getExtSubjectKeyIdentifier(hExtV, critical)
get subjectKeyIdentifier value as hexadecimal string in the certificate
This method will get SubjectKeyIdentifier extension value as JSON object.
When hExtV and critical specified as arguments, return value will be generated from them. If there is no such extension in the certificate, it returns undefined.
Result of this method can be passed to KJUR.asn1.x509.SubjectKeyIdentifier constructor.
id-ce-subjectKeyIdentifier OBJECT IDENTIFIER ::=  { id-ce 14 }
SubjectKeyIdentifier ::= KeyIdentifier

CAUTION: Returned JSON value format have been changed without backward compatibility since jsrsasign 9.0.0 x509 2.0.0.
x = new X509();
x.readCertPEM(sCertPEM); // parseExt() will also be called internally.
x.getExtSubjectKeyIdentifier() → 
{ kid: {hex: "1b3347ab..."}, critical: true };
Parameters:
{String} hExtV
hexadecimal string of extension value (OPTIONAL)
{Boolean} critical
flag (OPTIONAL)
Since:
jsrsasign 7.2.0 x509 1.1.14
Returns:
{Array} JSON object of SubjectKeyIdentifier parameter or undefined

{Array} getGeneralName(h)
get GeneralName ASN.1 structure parameter as JSON object
This method will get GeneralName parameters defined in RFC 5280 4.2.1.6.
GeneralName ::= CHOICE {
     otherName                       [0]     OtherName,
     rfc822Name                      [1]     IA5String,
     dNSName                         [2]     IA5String,
     x400Address                     [3]     ORAddress,
     directoryName                   [4]     Name,
     ediPartyName                    [5]     EDIPartyName,
     uniformResourceIdentifier       [6]     IA5String,
     iPAddress                       [7]     OCTET STRING,
     registeredID                    [8]     OBJECT IDENTIFIER }
Result of this method can be passed to KJUR.asn1.x509.GeneralName constructor.
x = new X509();
x.getGeneralName("860f687474703a2f2f6161612e636f6d2f") 
→ {uri: "http://aaa.com/"}
x.getGeneralName("a41c30...") →
{ dn: {
    array: [
      [{type:"C", value:"JP", ds:"prn"}],
      [{type:"O", value:"T1", ds:"utf8"}]
    ],
    str: "/C=JP/O=T1" } }
Parameters:
{String} h
hexadecimal string of GeneralName
Since:
jsrsasign 9.0.0 x509 2.0.0
Returns:
{Array} JSON object of GeneralName parameters or undefined
See:
KJUR.asn1.x509.GeneralNames
KJUR.asn1.x509.GeneralName
KJUR.asn1.x509.OtherName
X509#getGeneralName
X509#getOtherName

{Array} getGeneralNames(h)
get GeneralNames ASN.1 structure parameter as JSON object This method will get GeneralNames parameters defined in RFC 5280 4.2.1.6.
GeneralNames ::= SEQUENCE SIZE (1..MAX) OF GeneralName
Result of this method can be passed to KJUR.asn1.x509.GeneralNames constructor.
x = new X509();
x.getGeneralNames("3011860f687474703a2f2f6161612e636f6d2f")
→ [{uri: "http://aaa.com/"}]

x.getGeneralNames("301ea41c30...") →
[{ dn: {
    array: [
      [{type:"C", value:"JP", ds:"prn"}],
      [{type:"O", value:"T1", ds:"utf8"}]
    ],
    str: "/C=JP/O=T1" } }]
Parameters:
{String} h
hexadecimal string of GeneralNames
Since:
jsrsasign 9.0.0 x509 2.0.0
Returns:
{Array} array of GeneralNames parameters
See:
KJUR.asn1.x509.GeneralNames
KJUR.asn1.x509.GeneralName
X509#getGeneralNames

{Object} getGeneralSubtree(h)
get GeneralSubtree ASN.1 structure parameter as JSON object
This method will get GeneralSubtree parameters defined in RFC 5280 4.2.1.10.
GeneralSubtree ::= SEQUENCE {
     base                    GeneralName,
     minimum         [0]     BaseDistance DEFAULT 0,
     maximum         [1]     BaseDistance OPTIONAL }
BaseDistance ::= INTEGER (0..MAX)
Result of this method can be passed to KJUR.asn1.x509.GeneralSubtree constructor.
x = new X509(sPEM);
x.getGeneralSubtree("30...") → { dn: ...X500NameObject..., min: 1, max: 3 }
x.getGeneralSubtree("30...") → { dns: ".example.com" }
Parameters:
{String} h
hexadecimal string of GeneralSubtree
Since:
jsrsasign 10.5.16 x509 2.0.16
Returns:
{Object} JSON object of GeneralSubtree parameters or undefined
See:
KJUR.asn1.x509.GeneralSubtree
KJUR.asn1.x509.GeneralName
X509#getExtNameConstraints
X509#getGeneralName

{String} getInfo()
get certificate information as string.
x = new X509();
x.readCertPEM(certPEM);
console.log(x.getInfo());
// this shows as following
Basic Fields
  serial number: 02ac5c266a0b409b8f0b79f2ae462577
  signature algorithm: SHA1withRSA
  issuer: /C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert High Assurance EV Root CA
  notBefore: 061110000000Z
  notAfter: 311110000000Z
  subject: /C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert High Assurance EV Root CA
  subject public key info:
    key algorithm: RSA
    n=c6cce573e6fbd4bb...
    e=10001
X509v3 Extensions:
  keyUsage CRITICAL:
    digitalSignature,keyCertSign,cRLSign
  basicConstraints CRITICAL:
    cA=true
  subjectKeyIdentifier :
    b13ec36903f8bf4701d498261a0802ef63642bc3
  authorityKeyIdentifier :
    kid=b13ec36903f8bf4701d498261a0802ef63642bc3
signature algorithm: SHA1withRSA
signature: 1c1a0697dcd79c9f...
Since:
jsrsasign 5.0.10 x509 1.1.8
Returns:
{String} certificate information string

{Array} getIssuer(flagCanon, flagHex)
get JSON object of issuer field
Get a JSON object of an issuer field.
NOTE: From jsrsasign 10.6.0, flagHex and flagCanon has been supported to conclude a canonicalized name for caseIgnoreMatch desribed in RFC 4518.
var x = new X509(sCertPEM);
x.getIssuer() →
{ array: [[{type:'C',value:'JP',ds:'prn'}],...],
  str: "/C=JP/..." }

// with flags
x.getIssuer(true, true) →
{ array: ...,
  str: "/C=JP/O=   Test    123   ",
  canon: "/c=jp/o=test 123",
  hex: "30..." }
Parameters:
{boolean} flagCanon
flag to conclude canonicalized name (DEFAULT false)
{boolean} flagHex
flag to conclude hexadecimal string (DEFAULT false)
Since:
jsrsasign 9.0.0 x509 2.0.0
Returns:
{Array} JSON object of issuer field
See:
X509#getX500Name

{String} getIssuerHex()
get hexadecimal string of issuer field TLV of certificate.
var x = new X509();
x.readCertPEM(sCertPEM);
var issuer = x.getIssuerHex(); // return string like "3013..."
Returns:
{String} hexadecial string of issuer DN ASN.1

{String} getIssuerString()
get string of issuer field of certificate.
var x = new X509();
x.readCertPEM(sCertPEM);
var dn1 = x.getIssuerString(); // return string like "/C=US/O=TEST"
var dn2 = KJUR.asn1.x509.X500Name.compatToLDAP(dn1); // returns "O=TEST, C=US"
Returns:
{String} issuer DN string
See:
X509#getIssuer

{String} getNotAfter()
get notAfter field string of certificate.
var x = new X509();
x.readCertPEM(sCertPEM);
var notAfter = x.getNotAfter(); // return string like "151231235959Z"
Returns:
{String} not after time value (ex. "151231235959Z")

{String} getNotBefore()
get notBefore field string of certificate.
var x = new X509();
x.readCertPEM(sCertPEM);
var notBefore = x.getNotBefore(); // return string like "151231235959Z"
Returns:
{String} not before time value (ex. "151231235959Z")

{Object} getParam(option)
get JSON object of certificate parameters
This method returns a JSON object of the certificate parameters. Return value can be passed to KJUR.asn1.x509.X509Util.newCertPEM.
NOTE1: From jsrsasign 10.5.16, optional argument can be applied. It can have following members:
NOTE2: From jsrsasign 10.6.0, member "dncanon" and "dnhex" supported in the "option" argument.
x = new X509();
x.readCertPEM("-----BEGIN CERTIFICATE...");
x.getParam() →
{version:3,
 serial:{hex:"12ab"},
 sigalg:"SHA256withRSA",
 issuer: {array:[[{type:'CN',value:'CA1',ds:'prn'}]],str:"/O=CA1"},
 notbefore:"160403023700Z",
 notafter:"160702023700Z",
 subject: {array:[[{type:'CN',value:'Test1',ds:'prn'}]],str:"/CN=Test1"},
 sbjpubkey:"-----BEGIN PUBLIC KEY...",
 ext:[
  {extname:"keyUsage",critical:true,names:["digitalSignature"]},
  {extname:"basicConstraints",critical:true},
  {extname:"subjectKeyIdentifier",kid:{hex:"f2eb..."}},
  {extname:"authorityKeyIdentifier",kid:{hex:"12ab..."}},
  {extname:"authorityInfoAccess",array:[{ocsp:"http://ocsp.example.com/"}]},
  {extname:"certificatePolicies",array:[{policyoid:"2.23.140.1.2.1"}]}
 ],
 sighex:"0b76...8"
};

x.getParam({tbshex: true}) → { ... , tbshex: "30..." }
x.getParam({nodnarray: true}) → {issuer: {str: "/C=JP"}, ...}
x.getParam({dncanon: true}) → {... {issuer: {canon: "/c=jp/o=..."} ...} ...}
x.getParam({dnhex: true}) → {... {issuer: {hex: "30..."} ...} ...}
Parameters:
{Object} option
optional setting for return object
Since:
jsrsasign 9.0.0 x509 2.0.0
Returns:
{Object} JSON object of certificate parameters
See:
KJUR.asn1.x509.X509Util.newCertPEM

{Object} getPolicyInformation(h)
get PolicyInformation ASN.1 structure parameter as JSON object This method will get PolicyInformation parameters defined in RFC 5280 4.2.1.4.
PolicyInformation ::= SEQUENCE {
     policyIdentifier   CertPolicyId,
     policyQualifiers   SEQUENCE SIZE (1..MAX) OF
                             PolicyQualifierInfo OPTIONAL }
Result of this method can be passed to KJUR.asn1.x509.PolicyInformation constructor.
x = new X509();
x.getPolicyInformation("30...") →
{
    policyoid: "2.16.840.1.114412.2.1",
    array: [{cps: "https://www.digicert.com/CPS"}]
}
Parameters:
{String} h
hexadecimal string of PolicyInformation
Since:
jsrsasign 9.0.0 x509 2.0.0
Returns:
{Object} JSON object of PolicyInformation parameters

{Object} getPolicyQualifierInfo(h)
get PolicyQualifierInfo ASN.1 structure parameter as JSON object This method will get PolicyQualifierInfo parameters.
PolicyQualifierInfo ::= SEQUENCE {
     policyQualifierId  PolicyQualifierId,
     qualifier          ANY DEFINED BY policyQualifierId }
id-qt          OBJECT IDENTIFIER ::=  { id-pkix 2 }
id-qt-cps      OBJECT IDENTIFIER ::=  { id-qt 1 }
id-qt-unotice  OBJECT IDENTIFIER ::=  { id-qt 2 }
PolicyQualifierId ::= OBJECT IDENTIFIER ( id-qt-cps | id-qt-unotice )
Qualifier ::= CHOICE {
     cPSuri           CPSuri,
     userNotice       UserNotice }
CPSuri ::= IA5String
Result of this method can be passed to KJUR.asn1.x509.PolicyQualifierInfo constructor.
x = new X509();
x.getPolicyQualifierInfo("30...") 
→ {unotice: {exptext: {type: 'utf8', str: 'aaa'}}}
x.getPolicyQualifierInfo("30...") 
→ {cps: "https://repository.example.com/"}
Parameters:
{String} h
hexadecimal string of PolicyQualifierInfo
Since:
jsrsasign 9.0.0 x509 2.0.0
Returns:
{Object} JSON object of PolicyQualifierInfo parameters
See:
X509#getExtCertificatePolicies
X509#getPolicyInformation

{Object} getPublicKey()
get a RSAKey/ECDSA/DSA public key object of subjectPublicKeyInfo field.
x = new X509();
x.readCertPEM(sCertPEM);
pubkey= x.getPublicKey();
Since:
jsrsasign 7.1.4 x509 1.1.13
Returns:
{Object} RSAKey/ECDSA/DSA public key object of subjectPublicKeyInfo field

{Integer} getPublicKeyContentIdx()
get a string index of contents of subjectPublicKeyInfo BITSTRING value from hexadecimal certificate
x = new X509();
x.readCertPEM(sCertPEM);
idx = x.getPublicKeyContentIdx(); // return string index in x.hex parameter
Since:
jsrsasign 8.0.0 x509 1.2.0
Returns:
{Integer} string index of key contents

<static> X509.getPublicKeyFromCertHex(h)
get RSA/DSA/ECDSA public key object from X.509 certificate hexadecimal string
Parameters:
{String} h
hexadecimal string of X.509 certificate for RSA/ECDSA/DSA public key
Since:
jsrasign 7.1.0 x509 1.1.11
Returns:
returns RSAKey/KJUR.crypto.{ECDSA,DSA} object of public key

<static> X509.getPublicKeyFromCertPEM(sCertPEM)
get RSA/DSA/ECDSA public key object from PEM certificate string NOTE: DSA is also supported since x509 1.1.2.
Parameters:
{String} sCertPEM
PEM formatted RSA/ECDSA/DSA X.509 certificate
Since:
x509 1.1.1
Returns:
returns RSAKey/KJUR.crypto.{ECDSA,DSA} object of public key

{String} getPublicKeyHex()
get a hexadecimal string of subjectPublicKeyInfo field.
x = new X509(sCertPEM);
hSPKI = x.getPublicKeyHex(); // return string like "30820122..."
Deprecated:
since jsrsasign 10.5.7 x509 2.0.13. Please use X509#getSPKI instead.
Since:
jsrsasign 7.1.4 x509 1.1.13
Returns:
{String} ASN.1 SEQUENCE hexadecimal string of subjectPublicKeyInfo field

{Number} getPublicKeyIdx()
get a string index of subjectPublicKeyInfo field for hexadecimal string certificate.
x = new X509();
x.readCertPEM(sCertPEM);
idx = x.getPublicKeyIdx(); // return string index in x.hex parameter
Since:
jsrsasign 7.1.4 x509 1.1.13
Returns:
{Number} string index of subjectPublicKeyInfo field for hexadecimal string certificate.

<static> {Hash} X509.getPublicKeyInfoPropOfCertPEM(sCertPEM)
get public key information from PEM certificate Resulted associative array has following properties:
NOTE: X509v1 certificate is also supported since x509.js 1.1.9.
Parameters:
{String} sCertPEM
string of PEM formatted certificate
Since:
x509 1.1.1
Returns:
{Hash} hash of information for public key

{Array} getRDN(h)
get RelativeDistinguishedName ASN.1 structure parameter array
This method will get RelativeDistinguishedName parameters defined in RFC 5280 4.1.2.4.
RelativeDistinguishedName ::=
  SET SIZE (1..MAX) OF AttributeTypeAndValue
x = new X509();
x.getRDN("31...") →
[{type:"C",value:"US",ds:"prn"}] or
[{type:"O",value:"Sample Corp.",ds:"prn"}] or
[{type:"CN",value:"john.smith@example.com",ds:"ia5"}]
Parameters:
{String} h
hexadecimal string of RDN
Since:
jsrsasign 9.0.0 x509 2.0.0
Returns:
{Array} array of AttrTypeAndValue parameters
See:
X509#getX500Name
X509#getRDN
X509#getAttrTypeAndValue

{String} getSerialNumberHex()
get hexadecimal string of serialNumber field of certificate.
var x = new X509();
x.readCertPEM(sCertPEM);
var sn = x.getSerialNumberHex(); // return string like "01ad..."
Returns:
{String} hexadecimal string of certificate serial number

{String} getSignatureAlgorithmField()
get signature algorithm name in basic field This method will get a name of signature algorithm in basic field of certificate.
NOTE: From jsrsasign 8.0.21, RSA-PSS certificate is also supported. For supported RSA-PSS algorithm name and PSS parameters, see X509#getSignatureAlgorithmField.
var x = new X509();
x.readCertPEM(sCertPEM);
algName = x.getSignatureAlgorithmField();
Since:
x509 1.1.8
Returns:
{String} signature algorithm name (ex. SHA1withRSA, SHA256withECDSA, SHA512withRSAandMGF1)
See:
X509#getAlgorithmIdentifierName

{String} getSignatureAlgorithmName()
get signature algorithm name from hexadecimal certificate data This method will get signature algorithm name of certificate:
var x = new X509();
x.readCertPEM(sCertPEM);
x.getSignatureAlgorithmName() → "SHA256withRSA"
Since:
jsrsasign 7.2.0 x509 1.1.14
Returns:
{String} signature algorithm name (ex. SHA1withRSA, SHA256withECDSA)
See:
X509#getAlgorithmIdentifierName

{String} getSignatureValueHex()
get signature value as hexadecimal string
This method will get signature value of certificate:
var x = new X509();
x.readCertPEM(sCertPEM);
x.getSignatureValueHex() &rarr "8a4c47913..."
Since:
jsrsasign 7.2.0 x509 1.1.14
Returns:
{String} signature value hexadecimal string without BitString unused bits

{string} getSPKI()
get ASN.1 TLV hexadecimal string of subjectPublicKeyInfo field.
Get a hexadecimal string of SubjectPublicKeyInfo ASN.1 TLV of the certificate.
SubjectPublicKeyInfo  ::=  SEQUENCE  {
   algorithm         AlgorithmIdentifier,
   subjectPublicKey  BIT STRING  }
x = new X509(sCertPEM);
hSPKI = x.getSPKI(); // return string like "30820122..."
Since:
jsrsasign 10.5.8 x509 2.0.13
Returns:
{string} ASN.1 SEQUENCE hexadecimal string of subjectPublicKeyInfo field
See:
X509#getPublicKeyHex
X509#getSPKIValue

{string} getSPKIValue()
get hexadecimal string of subjectPublicKey of subjectPublicKeyInfo field.
Get a hexadecimal string of subjectPublicKey ASN.1 value of SubjectPublicKeyInfo of the certificate without unusedbit "00". The "subjectPublicKey" is encapsulated by BIT STRING. This method returns BIT STRING value without unusedbits.
SubjectPublicKeyInfo  ::=  SEQUENCE  {
   algorithm         AlgorithmIdentifier,
   subjectPublicKey  BIT STRING  }
x = new X509(sCertPEM);
hSPKIValue = x.getSPKIValue(); // without BIT STRING Encapusulation.
Since:
jsrsasign 10.5.8 x509 2.0.13
Returns:
{string} ASN.1 hexadecimal string of subjectPublicKey
See:
X509#getSPKI

{object} getSubject(flagCanon, flagHex)
get JSON object of subject field
Get a JSON object of a subject field.
NOTE: From jsrsasign 10.6.0, flagHex and flagCanon has been supported to conclude a canonicalized name for caseIgnoreMatch desribed in RFC 4518.
var x = new X509(sCertPEM);
x.getSubject() →
{ array: [[{type:'C',value:'JP',ds:'prn'}],...],
  str: "/C=JP/..." }

// with flags
x.getSubject(true, true) →
{ array: ...,
  str: "/C=JP/O=   Test    123   ",
  canon: "/c=jp/o=test 123",
  hex: "30..." }
Parameters:
{boolean} flagCanon
flag to conclude canonicalized name (DEFAULT false)
{boolean} flagHex
flag to conclude hexadecimal string (DEFAULT false)
Since:
jsrsasign 9.0.0 x509 2.0.0
Returns:
{object} JSON object of subject field
See:
X509#getX500Name

{String} getSubjectHex()
get hexadecimal string of subject field of certificate.
var x = new X509();
x.readCertPEM(sCertPEM);
var subject = x.getSubjectHex(); // return string like "3013..."
Returns:
{String} hexadecial string of subject DN ASN.1

{String} getSubjectString()
get string of subject field of certificate.
var x = new X509();
x.readCertPEM(sCertPEM);
var dn1 = x.getSubjectString(); // return string like "/C=US/O=TEST"
var dn2 = KJUR.asn1.x509.X500Name.compatToLDAP(dn1); // returns "O=TEST, C=US"
Returns:
{String} subject DN string
See:
X509#getSubject

{Object} getUserNotice(h)
get UserNotice ASN.1 structure parameter as JSON object This method will get UserNotice parameters.
UserNotice ::= SEQUENCE {
     noticeRef        NoticeReference OPTIONAL,
     explicitText     DisplayText OPTIONAL }
NoticeReference ::= SEQUENCE {
     organization     DisplayText,
     noticeNumbers    SEQUENCE OF INTEGER }
Result of this method can be passed to KJUR.asn1.x509.UserNotice constructor.
NOTE: NoticeReference supported from jsrsasign 10.8.0.
x = new X509();
x.getUserNotice("30...") → { 
  noticeref: {
    org: {type: 'utf8', str: 'test org'},
    noticenum: [1]
  },
  exptext: {type: 'utf8', str: 'test text'}
}
Parameters:
{String} h
hexadecimal string of UserNotice
Since:
jsrsasign 9.0.0 x509 2.0.0
Returns:
{Object} JSON object of UserNotice parameters
See:
X509#getExtCertificatePolicies
X509#getPolicyInformation
X509#getPolicyQualifierInfo
KJUR.asn1.x509.UserNotice

{Number} getVersion()
get format version (X.509v1 or v3 certificate)
This method returns a format version of X.509 certificate. It returns 1 for X.509v1 certificate and 3 for v3 certificate. Otherwise returns 0. This method will be automatically called in X509#readCertPEM. After then, you can use X509.version parameter.
var x = new X509();
x.readCertPEM(sCertPEM);
version = x.getVersion();    // 1 or 3
sn = x.getSerialNumberHex(); // return string like "01ad..."
Since:
jsrsasign 7.1.14 x509 1.1.13
Returns:
{Number} 1 for X509v1, 3 for X509v3, otherwise 0

{Array} getX500Name(h, flagCanon, flagHex)
get Name ASN.1 structure parameter array
This method will get Name parameter defined in RFC 5280 4.1.2.4.
Name ::= CHOICE { -- only one possibility for now --
  rdnSequence  RDNSequence }
RDNSequence ::= SEQUENCE OF RelativeDistinguishedName

NOTE: From jsrsasign 10.6.0, flagHex and flagCanon has been supported to conclude a canonicalized name for caseIgnoreMatch desribed in RFC 4518.
x = new X509();
x.getX500Name("30...") →
{ array: [
    [{type:"C",value:"US",ds:"prn"}],
    [{type:"O",value:"Sample Corp.",ds:"utf8"}],
    [{type:"CN",value:"john.smith@example.com",ds:"ia5"}]
  ],
  str: "/C=US/O=Sample Corp./CN=john.smith@example.com",
  hex: "30..." }

x.getX500Name("30...", true) →
{ array: [
    [{type:"C",value:"US",ds:"prn"}],
    [{type:"O",value:"Sample    Corp.",ds:"utf8"}]
  ],
  str: "/C=US/O=Sample    Corp.",
  canon: "/c=us/o=sample corp.",
  hex: "30..." }
Parameters:
{String} h
hexadecimal string of Name
{boolean} flagCanon
flag to conclude canonicalized name (DEFAULT false)
{boolean} flagHex
flag to conclude hexadecimal string (DEFAULT false)
Since:
jsrsasign 9.0.0 x509 2.0.0
Returns:
{Array} array of RDN parameter array
See:
X509#getX500NameArray
X509#getRDN
X509#getAttrTypeAndValue
X509#c14nRDNArray
KJUR.asn1.x509.X500Name
KJUR.asn1.x509.GeneralName
KJUR.asn1.x509.GeneralNames

{Array} getX500NameArray(h)
get X.500 Name ASN.1 structure parameter array
This method will get Name parameter defined in RFC 5280 4.1.2.4.
Name ::= CHOICE { -- only one possibility for now --
  rdnSequence  RDNSequence }
RDNSequence ::= SEQUENCE OF RelativeDistinguishedName
x = new X509();
x.getX500NameArray("30...") →
[[{type:"C",value:"US",ds:"prn"}],
 [{type:"O",value:"Sample Corp.",ds:"utf8"}],
 [{type:"CN",value:"john.smith@example.com",ds:"ia5"}]]
Parameters:
{String} h
hexadecimal string of Name
Since:
jsrsasign 10.0.6 x509 2.0.9
Returns:
{Array} array of RDN parameter array
See:
X509#getX500Name
X509#getRDN
X509#getAttrTypeAndValue

<static> {String} X509.hex2attrTypeValue(hex, idx)
get string from hexadecimal string of ASN.1 DER AttributeTypeAndValue
This static method converts from a hexadecimal string of AttributeTypeAndValue specified by 'hex' and 'idx' to LDAP string representation (ex. C=US).
X509.hex2attrTypeValue("3008060355040a0c0161") → O=a
X509.hex2attrTypeValue("300806035504060c0161") → C=a
X509.hex2attrTypeValue("...3008060355040a0c0161...", 128) → O=a
Parameters:
{String} hex
hexadecimal string of ASN.1 DER concludes AttributeTypeAndValue
{Integer} idx
index of hexadecimal string (DEFAULT=0)
Returns:
{String} string representation of AttributeTypeAndValue (ex. C=US)

<static> {String} X509.hex2dn(hex, idx)
get distinguished name string in OpenSSL online format from hexadecimal string of ASN.1 DER X.500 name
This static method converts from a hexadecimal string of distinguished name (DN) specified by 'hex' and 'idx' to OpenSSL oneline string representation (ex. /C=US/O=a).
X509.hex2dn("3031310b3...") → /C=US/O=a/CN=b2+OU=b1
Parameters:
{String} hex
hexadecimal string of ASN.1 DER distinguished name
{Integer} idx
index of hexadecimal string (DEFAULT=0)
Returns:
{String} OpenSSL online format distinguished name

<static> {String} X509.hex2rdn(hex, idx)
get relative distinguished name string in OpenSSL online format from hexadecimal string of ASN.1 DER RDN
This static method converts from a hexadecimal string of relative distinguished name (RDN) specified by 'hex' and 'idx' to LDAP string representation (ex. O=test+CN=test).
NOTE: Multi-valued RDN is supported since jsnrsasign 6.2.2 x509 1.1.10.
X509.hex2rdn("310a3008060355040a0c0161") → O=a
X509.hex2rdn("31143008060355040a0c01613008060355040a0c0162") → O=a+O=b
Parameters:
{String} hex
hexadecimal string of ASN.1 DER concludes relative distinguished name
{Integer} idx
index of hexadecimal string (DEFAULT=0)
Returns:
{String} OpenSSL online format relative distinguished name

parseExt(hCSR)
set array of X.509v3 and CSR extesion information such as extension OID, criticality and value index. (DEPRECATED)
This method will set an array of X.509v3 extension information having following parameters:
x = new X509();
x.readCertPEM(sCertPEM); // parseExt() will also be called internally.

x.aExtInfo →
[ { oid: "2.5.29,19", critical: true, vidx: 2504 }, ... ]

// to parse CSR
X = new X509()
x.parseExt("-----BEGIN CERTIFICATE REQUEST-----...");
x.aExtInfo →
[ { oid: "2.5.29,19", critical: true, vidx: 2504 }, ... ]
Parameters:
{String} hCSR
- PEM string of certificate signing requrest(CSR) (OPTION)
Deprecated:
jsrsasign 9.1.1 x509 2.0.1
Since:
jsrsasign 7.2.0 x509 1.1.14

readCertHex(sCertHex)
read a hexadecimal string of X.509 certificate
NOTE: X509#parseExt will called internally since jsrsasign 7.2.0.
x = new X509();
x.readCertHex("3082..."); // read certificate
Parameters:
{String} sCertHex
hexadecimal string of X.509 certificate
Since:
jsrsasign 7.1.4 x509 1.1.13

readCertPEM(sCertPEM)
read PEM formatted X.509 certificate from string.
x = new X509();
x.readCertPEM(sCertPEM); // read certificate
Parameters:
{String} sCertPEM
string for PEM formatted X.509 certificate

<static> X509.registExtParser(oid, func)
define X.509 extension parser for specified OID

This static method specifies a X.509 extension value parsing function for specified an extension OID.

Extension parser function must have following three arguments:

The funcition must return an associative array for the extension when hExtV can be parsed properly. Otherwise it must return value "undefined".

function _extparser1(oid, critical, hExtV) {
  try {
    var result = { extname: oid, value: ASN1HEX.parse(hExtV).utf8str.str };
    if (critical) result.critical = true;
    return result;
  } catch(ex) {
    return undefined;
  }
}
X509.registExtParser("1.2.3.4", _extparser1);
Parameters:
{string} oid
extension OID string (ex. "1.2.3.4")
{function} func
registering func extension value parsing function
Since:
jsrsasign 10.7.0 x509 2.1.2
Returns:
unspecified

setCanonicalizedDN(pDN)
set canonicalized DN to a DN parameter
This method canonicalizes a DN string as following:
var x = new X509();
var pDN = {
  array: [
    [{type:'C',value:'JP',ds:'prn'}],
    [{type:'O',value:'Test    1',ds:'prn'}] ],
  str: "/C=JP/O=Test    1" };
x.setCanonicalizedDN(pDN);
// pDN will become following
pDN = {
  array: [
    [{type:'C',value:'JP',ds:'prn'}],
    [{type:'O',value:'Test    1',ds:'prn'}] ],
  str: "/C=JP/O=Test    1",
  canon: "/c=jp/o=test 1" };
Parameters:
{object} pDN
DN parameter associative array
Since:
jsrsasign 10.6.0 x509 2.1.0

updateAIACAIssuer(aExt, newURI)
update authorityInfoAccess caIssuer in parameter
This method updates "caIssuer" accessMethod URI of AuthorityInfoAccess extension in the extension parameter array if it exists.
aExt = [
  {extname:"authorityKeyIdentifier",kid:{hex:"12ab..."}},
  {extname:"authoriyInfoAccess",
   array:[
     {ocsp: "http://ocsp1.example.com"},
     {caissuer: "http://example.com/a.crt"}
   ]}
];
x = new X509();
x.updateAIACAIssuer(aExt, "http://example.net/b.crt");
Parameters:
{Array} aExt
array of extension parameters
{String} newURI
string of new uri
Since:
jsrsasign 10.0.4 x509 2.0.8
See:
X509#findExt
KJUR.asn1.x509.AuthorityInfoAccess

updateAIAOCSP(aExt, newURI)
update authorityInfoAccess ocsp in parameter
This method updates "ocsp" accessMethod URI of AuthorityInfoAccess extension in the extension parameter array if it exists.
aExt = [
  {extname:"authorityKeyIdentifier",kid:{hex:"12ab..."}},
  {extname:"authoriyInfoAccess",
   array:[
     {ocsp: "http://ocsp1.example.com"},
     {caissuer: "http://example.com/a.crt"}
   ]}
];
x = new X509();
x.updateAIAOCSP(aExt, "http://ocsp2.example.net");
Parameters:
{Array} aExt
array of extension parameters
{String} newURI
string of new uri
Since:
jsrsasign 10.0.4 x509 2.0.8
See:
X509#findExt
KJUR.asn1.x509.AuthorityInfoAccess

updateCDPFullURI(aExt, newURI)
update CRLDistributionPoints Full URI in parameter
This method updates Full URI of CRLDistributionPoints extension in the extension parameter array if it exists.
aExt = [
  {extname:"authorityKeyIdentifier",kid:{hex:"12ab..."}},
  {extname:"cRLDistributionPoints",
   array:[{dpname:{full:[{uri:"http://example.com/a.crl"}]}}]},
];
x = new X509();
x.updateCDPFullURI(aExt, "http://crl2.example.new/b.crl");
Parameters:
{Array} aExt
array of extension parameters
{String} newURI
string of new uri
Since:
jsrsasign 10.0.4 x509 2.0.8
See:
X509#findExt
KJUR.asn1.x509.CRLDistributionPoints

{Boolean} verifySignature(pubKey)
verifies signature value by public key
This method verifies signature value of hexadecimal string of X.509 certificate by specified public key object. The signature algorithm used to verify will refer signatureAlgorithm field. (See X509#getSignatureAlgorithmField) RSA-PSS signature algorithms (SHA{,256,384,512}withRSAandMGF1) are available.
pubKey = KEYUTIL.getKey(pemPublicKey); // or certificate
x = new X509();
x.readCertPEM(pemCert);
x.verifySignature(pubKey) → true, false or raising exception
Parameters:
{Object} pubKey
public key object
Since:
jsrsasign 7.2.0 x509 1.1.14
Returns:
{Boolean} true if signature value is valid otherwise false

© 2012-2023 Kenji Urushima, All rights reserved
Documentation generated by JsDoc Toolkit 2.4.0