Class Index | File Index

Classes


Class X509


Version 1.0.1 (08 May 2012).
hexadecimal X.509 certificate ASN.1 parser class
Defined in: x509-1.1.js.

Class Summary
Constructor Attributes Constructor Name and Description
 
X509(params)
hexadecimal X.509 certificate ASN.1 parser class.
Field Summary
Field Attributes Field Name and Description
 
(DEPRECATED) array of parameters for extensions
 
hex
hexacedimal string for X.509 certificate.
 
format version (1: X509v1, 3: X509v3, otherwise: unknown) since jsrsasign 7.1.4
Method Summary
Method Attributes Method Name and Description
 
convert array for X500 distinguish name to distinguish name string
This method converts from an array representation of X.500 distinguished name to X.500 name string.
 
findExt(aExt, extname)
find extension parameter in array
This method returns an extension parameter for specified extension name in the array.
 
get algorithm name name of AlgorithmIdentifier ASN.1 structure This method will get a name of AlgorithmIdentifier.
 
get AttributeTypeAndValue ASN.1 structure parameter as JSON object
This method will get AttributeTypeAndValue parameters defined in RFC 5280 4.1.2.4.
 
get DisplayText ASN.1 structure parameter as JSON object This method will get DisplayText parameters.
 
get DistributionPoint ASN.1 structure parameter as JSON object This method will get DistributionPoint parameters.
 
get DistributionPointName ASN.1 structure parameter as JSON object This method will get DistributionPointName parameters.
 
getExtAdobeTimeStamp(hExtV, critical)
parse AdobeTimeStamp extension as JSON object
This method parses X.509v3 AdobeTimeStamp private extension value defined in the Adobe site as JSON object.
 
get AuthorityInfoAccess extension value in the certificate as associative array This method will get authority info access value as associate array which has following properties:
  • ocsp - array of string for OCSP responder URL
  • caissuer - array of string for caIssuer value (i.e.
 
getExtAuthorityInfoAccess(hExtV, critical)
get AuthorityInfoAccess extension value as JSON object This method parse authorityInfoAccess extension.
 
get authorityKeyIdentifier value as JSON object in the certificate
This method will get AuthorityKeyIdentifier extension value as JSON object.
 
getExtBasicConstraints(hExtV, critical)
get BasicConstraints extension value as object in the certificate This method will get basic constraints extension value as object with following paramters.
 
getExtCertificatePolicies(hExtV, critical)
get CertificatePolicies extension value as JSON object This method will get certificate policies value as an array of JSON object which has properties defined in KJUR.asn1.x509.CertificatePolicies.
 
getExtCRLDistributionPoints(hExtV, critical)
get CRLDistributionPoints extension value as JSON object This method will get certificate policies value as an array of JSON object which has properties defined in KJUR.asn1.x509.CRLDistributionPoints.
 
get array of string for fullName URIs in cRLDistributionPoints(CDP) in the certificate (DEPRECATED) This method will get all fullName URIs of cRLDistributionPoints extension in the certificate as array of URI string.
 
getExtCRLNumber(hExtV, critical)
parse cRLNumber CRL extension as JSON object
This method parses CRLNumber CRL extension value defined in RFC 5280 5.2.3 as JSON object.
 
getExtCRLReason(hExtV, critical)
parse cRLReason CRL entry extension as JSON object
This method parses CRLReason CRL entry extension value defined in RFC 5280 5.3.1 as JSON object.
 
getExtExtKeyUsage(hExtV, critical)
get extKeyUsage value as JSON object This method parse extKeyUsage extension.
 
get extKeyUsage value as array of name string in the certificate(DEPRECATED)
This method will get extended key usage extension value as array of name or OID string.
 
getExtInfo(oidOrName)
get a X.509v3 extesion information such as extension OID, criticality and value index for specified oid or name.
 
getExtIssuerAltName(hExtV, critical)
get issuerAltName value as array of string in the certificate This method will get issuerAltName value as an array of JSON object which has properties defined in KJUR.asn1.x509.IssuerAltName.
 
getExtKeyUsage(hExtV, critical)
get KeyUsage extension value as JSON object This method parse keyUsage extension.
 
get KeyUsage extension value as binary string in the certificate
This method will get key usage extension value as binary string such like '101'.
 
get KeyUsage extension value as names in the certificate
This method will get key usage extension value as comma separated string of usage names.
 
getExtOCSPNoCheck(hExtV, critical)
parse OCSPNoCheck OCSP extension as JSON object
This method parses OCSPNoCheck extension value defined in RFC 6960 4.2.2.2.1 as JSON object.
 
getExtOCSPNonce(hExtV, critical)
parse OCSPNonce OCSP extension as JSON object
This method parses Nonce OCSP extension value defined in RFC 6960 4.4.1 as JSON object.
 
get a extension parameter JSON object
This method returns a extension parameters as JSON object.
 
get array of certificate extension parameter JSON object
This method returns an array of certificate extension parameters.
 
getExtSubjectAltName(hExtV, critical)
get subjectAltName value as array of string in the certificate This method will get subjectAltName value as an array of JSON object which has properties defined in KJUR.asn1.x509.SubjectAltName.
 
get subjectAltName value as array of string in the certificate (DEPRECATED) This method will get subject alt name extension value as array of type and name.
 
getExtSubjectKeyIdentifier(hExtV, critical)
get subjectKeyIdentifier value as hexadecimal string in the certificate
This method will get SubjectKeyIdentifier extension value as JSON object.
 
get GeneralName ASN.1 structure parameter as JSON object This method will get GeneralName parameters defined in RFC 5280 4.2.1.6.
 
get GeneralNames ASN.1 structure parameter as JSON object This method will get GeneralNames parameters defined in RFC 5280 4.2.1.6.
 
get certificate information as string.
 
get JSON object of issuer field
 
get hexadecimal string of issuer field TLV of certificate.
 
get string of issuer field of certificate.
 
get notAfter field string of certificate.
 
get notBefore field string of certificate.
 
get JSON object of certificate parameters
This method returns a JSON object of the certificate parameters.
 
get PolicyInformation ASN.1 structure parameter as JSON object This method will get PolicyInformation parameters defined in RFC 5280 4.2.1.4.
 
get PolicyQualifierInfo ASN.1 structure parameter as JSON object This method will get PolicyQualifierInfo parameters.
 
get a RSAKey/ECDSA/DSA public key object of subjectPublicKeyInfo field.
 
get a string index of contents of subjectPublicKeyInfo BITSTRING value from hexadecimal certificate
<static>  
get RSA/DSA/ECDSA public key object from X.509 certificate hexadecimal string
<static>  
X509.getPublicKeyFromCertPEM(sCertPEM)
get RSA/DSA/ECDSA public key object from PEM certificate string NOTE: DSA is also supported since x509 1.1.2.
 
get a hexadecimal string of subjectPublicKeyInfo field.
 
get a string index of subjectPublicKeyInfo field for hexadecimal string certificate.
<static>  
get public key information from PEM certificate Resulted associative array has following properties:
  • algoid - hexadecimal string of OID of asymmetric key algorithm
  • algparam - hexadecimal string of OID of ECC curve name or null
  • keyhex - hexadecimal string of key in the certificate
NOTE: X509v1 certificate is also supported since x509.js 1.1.9.
 
getRDN(h)
get RelativeDistinguishedName ASN.1 structure parameter array
This method will get RelativeDistinguishedName parameters defined in RFC 5280 4.1.2.4.
 
get hexadecimal string of serialNumber field of certificate.
 
get signature algorithm name in basic field This method will get a name of signature algorithm in basic field of certificate.
 
get signature algorithm name from hexadecimal certificate data This method will get signature algorithm name of certificate:
 
get signature value as hexadecimal string
This method will get signature value of certificate:
 
get JSON object of subject field
 
get hexadecimal string of subject field of certificate.
 
get string of subject field of certificate.
 
get UserNotice ASN.1 structure parameter as JSON object This method will get UserNotice parameters.
 
get format version (X.509v1 or v3 certificate)
This method returns a format version of X.509 certificate.
 
get Name ASN.1 structure parameter array
This method will get Name parameter defined in RFC 5280 4.1.2.4.
 
get X.500 Name ASN.1 structure parameter array
This method will get Name parameter defined in RFC 5280 4.1.2.4.
<static>  
X509.hex2attrTypeValue(hex, idx)
get string from hexadecimal string of ASN.1 DER AttributeTypeAndValue
This static method converts from a hexadecimal string of AttributeTypeAndValue specified by 'hex' and 'idx' to LDAP string representation (ex.
<static>  
X509.hex2dn(hex, idx)
get distinguished name string in OpenSSL online format from hexadecimal string of ASN.1 DER X.500 name
This static method converts from a hexadecimal string of distinguished name (DN) specified by 'hex' and 'idx' to OpenSSL oneline string representation (ex.
<static>  
X509.hex2rdn(hex, idx)
get relative distinguished name string in OpenSSL online format from hexadecimal string of ASN.1 DER RDN
This static method converts from a hexadecimal string of relative distinguished name (RDN) specified by 'hex' and 'idx' to LDAP string representation (ex.
 
parseExt(hCSR)
set array of X.509v3 and CSR extesion information such as extension OID, criticality and value index.
 
readCertHex(sCertHex)
read a hexadecimal string of X.509 certificate
NOTE: X509#parseExt will called internally since jsrsasign 7.2.0.
 
readCertPEM(sCertPEM)
read PEM formatted X.509 certificate from string.
 
updateAIACAIssuer(aExt, newURI)
update authorityInfoAccess caIssuer in parameter
This method updates "caIssuer" accessMethod URI of AuthorityInfoAccess extension in the extension parameter array if it exists.
 
updateAIAOCSP(aExt, newURI)
update authorityInfoAccess ocsp in parameter
This method updates "ocsp" accessMethod URI of AuthorityInfoAccess extension in the extension parameter array if it exists.
 
updateCDPFullURI(aExt, newURI)
update CRLDistributionPoints Full URI in parameter
This method updates Full URI of CRLDistributionPoints extension in the extension parameter array if it exists.
 
verifies signature value by public key
This method verifies signature value of hexadecimal string of X.509 certificate by specified public key object.
Class Detail
X509(params)
hexadecimal X.509 certificate ASN.1 parser class.
X509 class provides following functionality:
  • parse X.509 certificate ASN.1 structure
  • get basic fields, extensions, signature algorithms and signature values
  • read PEM certificate

Author: Kenji Urushima.
Parameters:
params
See:
'jsrsasign'(RSA Sign JavaScript Library) home page https://kjur.github.io/jsrsasign/
Field Detail
{Array} aExtInfo
(DEPRECATED) array of parameters for extensions

{String} hex
hexacedimal string for X.509 certificate.

{Number} version
format version (1: X509v1, 3: X509v3, otherwise: unknown) since jsrsasign 7.1.4
Method Detail
{String} dnarraytostr(aDN)
convert array for X500 distinguish name to distinguish name string
This method converts from an array representation of X.500 distinguished name to X.500 name string. This supports multi-valued RDN.
var x = new X509();
x.dnarraytostr(
  [[{type:"C",value:"JP",ds:"prn"}],
  [{type:"O",value:"T1",ds:"prn"}]]) → "/C=JP/O=T1"
x.dnarraytostr(
  [[{type:"C",value:"JP",ds:"prn"}],
  [{type:"O",value:"T1",ds:"prn"}
   {type:"CN",value:"Bob",ds:"prn"}]]) → "/C=JP/O=T1+CN=Bob"
Parameters:
{Array} aDN
array for X500 distinguish name
Since:
jsrsasign 10.0.6 x509 2.0.8
Returns:
{String} distinguish name
See:
X509#getX500Name
X509#getX500NameArray
KJUR.asn1.x509.X500Name

{Array} findExt(aExt, extname)
find extension parameter in array
This method returns an extension parameter for specified extension name in the array. This method is useful to update extension parameter value. When there is no such extension with the extname, this returns "null".
// (1) 
x = new X509(CERTPEM);
params = x.getParam();
pSKID = x.findExt(params.ext, "subjectKeyIdentifier");
pSKID.kid = "1234abced..."; // skid in the params is updated.
  // then params was updated

// (2) another example
aExt = [
  {extname:"keyUsage",critical:true,names:["digitalSignature"]},
  {extname:"basicConstraints",critical:true},
  {extname:"subjectKeyIdentifier",kid:{hex:"f2eb..."}},
  {extname:"authorityKeyIdentifier",kid:{hex:"12ab..."}},
  {extname:"authorityInfoAccess",array:[{ocsp:"http://ocsp.example.com/"}]},
  {extname:"certificatePolicies",array:[{policyoid:"2.23.140.1.2.1"}]}
];
var x = new X509();
x.findExt(aExt, "authorityKeyInfoAccess").array[0].ocsp = "http://aaa.com";
pKU = x.findExt(aExt, "keyUsage");
delete pKU["critical"]; // clear criticla flag
pKU.names = ["keyCertSign", "cRLSign"];
  // then aExt was updated
Parameters:
{Array} aExt
array of extension parameters
{String} extname
extension name
Since:
jsrsasign 10.0.3 x509 2.0.7
Returns:
{Array} extension parameter in the array or null
See:
X509#getParam

{String} getAlgorithmIdentifierName(hTLV)
get algorithm name name of AlgorithmIdentifier ASN.1 structure This method will get a name of AlgorithmIdentifier.
var x = new X509();
algName = x.getAlgorithmIdentifierName("30...");
Parameters:
{String} hTLV
hexadecimal string of AlgorithmIdentifier
Since:
jsrsasign 9.0.0 x509 2.0.0
Returns:
{String} algorithm name (ex. SHA1withRSA, SHA256withECDSA, SHA512withRSAandMGF1, SHA1)

{Object} getAttrTypeAndValue(h)
get AttributeTypeAndValue ASN.1 structure parameter as JSON object
This method will get AttributeTypeAndValue parameters defined in RFC 5280 4.1.2.4.
AttributeTypeAndValue ::= SEQUENCE {
  type     AttributeType,
  value    AttributeValue }
AttributeType ::= OBJECT IDENTIFIER
AttributeValue ::= ANY -- DEFINED BY AttributeType
"ds" has one of following value:
x = new X509();
x.getAttrTypeAndValue("30...") →
{type:"CN",value:"john.smith@example.com",ds:"ia5"} or
{type:"O",value:"Sample Corp.",ds:"prn"}
Parameters:
{String} h
hexadecimal string of AttributeTypeAndValue
Since:
jsrsasign 9.0.0 x509 2.0.0
Returns:
{Object} JSON object of AttributeTypeAndValue parameters
See:
X509#getX500Name
X509#getRDN

{Object} getDisplayText(h)
get DisplayText ASN.1 structure parameter as JSON object This method will get DisplayText parameters.
DisplayText ::= CHOICE {
     ia5String        IA5String      (SIZE (1..200)),
     visibleString    VisibleString  (SIZE (1..200)),
     bmpString        BMPString      (SIZE (1..200)),
     utf8String       UTF8String     (SIZE (1..200)) }     
Result of this method can be passed to KJUR.asn1.x509.DisplayText constructor.
x = new X509();
x.getDisplayText("0c03616161") &rarr {type: 'utf8', str: 'aaa'}
x.getDisplayText("1e03616161") &rarr {type: 'bmp',  str: 'aaa'}
Parameters:
{String} h
hexadecimal string of DisplayText
Since:
jsrsasign 9.0.0 x509 2.0.0
Returns:
{Object} JSON object of DisplayText parameters
See:
X509#getExtCertificatePolicies
X509#getPolicyInformation

{Object} getDistributionPoint(h)
get DistributionPoint ASN.1 structure parameter as JSON object This method will get DistributionPoint parameters. Result of this method can be passed to KJUR.asn1.x509.DistributionPoint constructor.
NOTE: reasons[1] and CRLIssuer[2] field not supported
x = new X509();
x.getDistributionPoint("30...") →
{dpname: {full: [{uri: "http://aaa.com/"}]}}
Parameters:
{String} h
hexadecimal string of DistributionPoint
Since:
jsrsasign 9.0.0 x509 2.0.0
Returns:
{Object} JSON object of DistributionPoint parameters
See:
X509#getExtCRLDistributionPoints
X509#getDistributionPointName
X509#getGeneralNames
X509#getGeneralName

{Object} getDistributionPointName(h)
get DistributionPointName ASN.1 structure parameter as JSON object This method will get DistributionPointName parameters. Result of this method can be passed to KJUR.asn1.x509.DistributionPointName constructor.
NOTE: nameRelativeToCRLIssuer[1] not supported
x = new X509();
x.getDistributionPointName("a0...") →
{full: [{uri: "http://aaa.com/"}]}
Parameters:
{String} h
hexadecimal string of DistributionPointName
Since:
jsrsasign 9.0.0 x509 2.0.0
Returns:
{Object} JSON object of DistributionPointName parameters
See:
X509#getExtCRLDistributionPoints
X509#getDistributionPoint
X509#getGeneralNames
X509#getGeneralName

{Array} getExtAdobeTimeStamp(hExtV, critical)
parse AdobeTimeStamp extension as JSON object
This method parses X.509v3 AdobeTimeStamp private extension value defined in the Adobe site as JSON object. This extension provides the URL location for time stamp service.
adbe- OBJECT IDENTIFIER ::=  { adbe(1.2.840.113583) acrobat(1) security(1) x509Ext(9) 1 }
 ::= SEQUENCE {
    version INTEGER  { v1(1) }, -- extension version
    location GeneralName (In v1 GeneralName can be only uniformResourceIdentifier)
    requiresAuth        boolean (default false), OPTIONAL }

Result of this method can be passed to KJUR.asn1.x509.AdobeTimeStamp constructor.
NOTE: This extesion doesn't seem to have official name. This may be called as "pdfTimeStamp".
x.getExtAdobeTimeStamp(<>) →
{ extname: "adobeTimeStamp", uri: "http://tsa.example.com/" reqauth: true }
Parameters:
{String} hExtV
hexadecimal string of extension value
{Boolean} critical
flag
Since:
jsrsasign 10.0.1 x509 2.0.5
Returns:
{Array} JSON object of parsed AdobeTimeStamp extension
See:
KJUR.asn1.x509.AdobeTimeStamp
X509#getExtParamArray
X509#getExtParam

{Object} getExtAIAInfo()
get AuthorityInfoAccess extension value in the certificate as associative array This method will get authority info access value as associate array which has following properties: If there is this in the certificate, it returns undefined;
x = new X509();
x.readCertPEM(sCertPEM); // parseExt() will also be called internally.
x.getExtAIAInfo(hCert) → 
{ ocsp:     ["http://ocsp.foo.com"],
  caissuer: ["http://rep.foo.com/aaa.p8m"] }
Since:
jsrsasign 7.2.0 x509 1.1.14
Returns:
{Object} associative array of AIA extension properties

{Array} getExtAuthorityInfoAccess(hExtV, critical)
get AuthorityInfoAccess extension value as JSON object This method parse authorityInfoAccess extension. When arguments are not specified, its extension in X509 object will be parsed. Result of this method can be passed to KJUR.asn1.x509.AuthorityInfoAccess constructor.
When hExtV and critical specified as arguments, return value will be generated from them.
x = new X509();
x.readCertPEM(sCertPEM); // parseExt() will also be called internally.
x.getExtAuthorityInfoAccess() →
{
  critial: true, // 
  array: [{ocsp: http://ocsp.example.com/},
          {caissuer: https://repository.example.com/}]
}

x = new X509();
x.getExtAuthorityInfoAccesss("306230...") 
x.getExtAuthorityInfoAccesss("306230...", true)
Parameters:
{String} hExtV
hexadecimal string of extension value (OPTIONAL)
{Boolean} critical
flag (OPTIONAL)
Since:
jsrsasign 9.0.0 x509 2.0.0
Returns:
{Array} JSON object of AuthorityInfoAccess parameters or undefined
See:
KJUR.asn1.x509.AuthorityInfoAccess

{Array} getExtAuthorityKeyIdentifier(hExtV, critical)
get authorityKeyIdentifier value as JSON object in the certificate
This method will get AuthorityKeyIdentifier extension value as JSON object.
When hExtV and critical specified as arguments, return value will be generated from them. If there is no such extension in the certificate, it returns undefined.
Result of this method can be passed to KJUR.asn1.x509.AuthorityKeyIdentifier constructor.
   id-ce-authorityKeyIdentifier OBJECT IDENTIFIER ::=  { id-ce 35 }
   AuthorityKeyIdentifier ::= SEQUENCE {
      keyIdentifier             [0] KeyIdentifier           OPTIONAL,
      authorityCertIssuer       [1] GeneralNames            OPTIONAL,
      authorityCertSerialNumber [2] CertificateSerialNumber OPTIONAL  }
   KeyIdentifier ::= OCTET STRING
Constructor may have following parameters:
NOTE: The 'authorityCertIssuer' and 'authorityCertSerialNumber' supported since jsrsasign 9.0.0 x509 2.0.0.
x = new X509();
x.readCertPEM(sCertPEM); // parseExt() will also be called internally.
x.getExtAuthorityKeyIdentifier() → 
{ kid: {hex: "1234abcd..."},
  issuer: {hex: "30..."},
  sn: {hex: "1234..."},
  critical: true}
Parameters:
{String} hExtV
hexadecimal string of extension value (OPTIONAL)
{Boolean} critical
flag (OPTIONAL)
Since:
jsrsasign 7.2.0 x509 1.1.14
Returns:
{Array} JSON object of AuthorityKeyIdentifier parameter or undefined
See:
KJUR.asn1.x509.AuthorityKeyIdentifier

{Array} getExtBasicConstraints(hExtV, critical)
get BasicConstraints extension value as object in the certificate This method will get basic constraints extension value as object with following paramters. There are use cases for return values:
x = new X509();
x.readCertPEM(sCertPEM); // parseExt() will also be called internally.
x.getExtBasicConstraints() → {cA:true,pathLen:3,critical:true}
Parameters:
{String} hExtV
hexadecimal string of extension value (OPTIONAL)
{Boolean} critical
flag (OPTIONAL)
Since:
jsrsasign 7.2.0 x509 1.1.14
Returns:
{Array} JSON object of BasicConstraints parameter or undefined
See:
KJUR.asn1.x509.BasicConstraints

{Object} getExtCertificatePolicies(hExtV, critical)
get CertificatePolicies extension value as JSON object This method will get certificate policies value as an array of JSON object which has properties defined in KJUR.asn1.x509.CertificatePolicies. Result of this method can be passed to KJUR.asn1.x509.CertificatePolicies constructor. If there is no this extension in the certificate, it returns undefined.
CAUTION: return value of JSON object format have been changed from jsrsasign 9.0.0 without backword compatibility.
When hExtV and critical specified as arguments, return value will be generated from them.
x = new X509();
x.readCertPEM(sCertPEM); // parseExt() will also be called internally.
x.getExtCertificatePolicies() → 
{ array: [
  { policyoid: "1.2.3.4" }
  { policyoid: "1.2.3.5",
    array: [
      { cps: "https://example.com/" },
      { unotice: { exptext: { type: "bmp", str: "sample text" } } }
    ] 
  }
]}
Parameters:
{String} hExtV
hexadecimal string of extension value (OPTIONAL)
{Boolean} critical
flag (OPTIONAL)
Since:
jsrsasign 7.2.0 x509 1.1.14
Returns:
{Object} JSON object of CertificatePolicies parameters or undefined

{Object} getExtCRLDistributionPoints(hExtV, critical)
get CRLDistributionPoints extension value as JSON object This method will get certificate policies value as an array of JSON object which has properties defined in KJUR.asn1.x509.CRLDistributionPoints. Result of this method can be passed to KJUR.asn1.x509.CRLDistributionPoints constructor. If there is no this extension in the certificate, it returns undefined.
x = new X509();
x.readCertPEM(sCertPEM); // parseExt() will also be called internally.
x.getExtCRLDistributionPoints() → 
{array: [
  {dpname: {full: [{uri: "http://example.com/"}]}},
  {dpname: {full: [{uri: "ldap://example.com/"}]}}
 ],
 critical: true}
Parameters:
{String} hExtV
hexadecimal string of extension value (OPTIONAL)
{Boolean} critical
flag (OPTIONAL)
Since:
jsrsasign 9.0.0 x509 2.0.0
Returns:
{Object} JSON object of CRLDistributionPoints parameters or undefined
See:
KJUR.asn1.x509.CRLDistributionPoints
X509#getDistributionPoint
X509#getDistributionPointName
X509#getGeneralNames
X509#getGeneralName

{Object} getExtCRLDistributionPointsURI()
get array of string for fullName URIs in cRLDistributionPoints(CDP) in the certificate (DEPRECATED) This method will get all fullName URIs of cRLDistributionPoints extension in the certificate as array of URI string. If there is this in the certificate, it returns undefined;
NOTE: Currently this method supports only fullName URI so that other parameters will not be returned.
x = new X509();
x.readCertPEM(sCertPEM); // parseExt() will also be called internally.
x.getExtCRLDistributionPointsURI() →
["http://example.com/aaa.crl", "http://example.org/aaa.crl"]
Since:
jsrsasign 7.2.0 x509 1.1.14
Returns:
{Object} array of fullName URIs of CDP of the certificate

getExtCRLNumber(hExtV, critical)
parse cRLNumber CRL extension as JSON object
This method parses CRLNumber CRL extension value defined in RFC 5280 5.2.3 as JSON object.
id-ce-cRLNumber OBJECT IDENTIFIER ::= { id-ce 20 }
CRLNumber ::= INTEGER (0..MAX)

Result of this method can be passed to KJUR.asn1.x509.CRLNumber constructor.
crl = X509CRL("-----BEGIN X509 CRL...");
... get hExtV and critical flag ...
crl.getExtCRLNumber("02...", false) →
{extname: "cRLNumber", num: {hex: "12af"}}
Parameters:
{String} hExtV
hexadecimal string of extension value
{Boolean} critical
flag
Since:
jsrsasign 9.1.1 x509 2.0.1
See:
KJUR.asn1.x509.CRLNumber
X509#getExtParamArray

getExtCRLReason(hExtV, critical)
parse cRLReason CRL entry extension as JSON object
This method parses CRLReason CRL entry extension value defined in RFC 5280 5.3.1 as JSON object.
id-ce-cRLReasons OBJECT IDENTIFIER ::= { id-ce 21 }
-- reasonCode ::= { CRLReason }
CRLReason ::= ENUMERATED {
     unspecified             (0),
     keyCompromise           (1),
     cACompromise            (2),
     affiliationChanged      (3),
     superseded              (4),
     cessationOfOperation    (5),
     certificateHold         (6),
     removeFromCRL           (8),
     privilegeWithdrawn      (9),
     aACompromise           (10) }

Result of this method can be passed to KJUR.asn1.x509.CRLReason constructor.
crl = X509CRL("-----BEGIN X509 CRL...");
... get hExtV and critical flag ...
crl.getExtCRLReason("02...", false) →
{extname: "cRLReason", code: 3}
Parameters:
{String} hExtV
hexadecimal string of extension value
{Boolean} critical
flag
Since:
jsrsasign 9.1.1 x509 2.0.1
See:
KJUR.asn1.x509.CRLReason
X509#getExtParamArray

{Array, Object} getExtExtKeyUsage(hExtV, critical)
get extKeyUsage value as JSON object This method parse extKeyUsage extension. When arguments are not specified, its extension in X509 object will be parsed. Result of this method can be passed to KJUR.asn1.x509.ExtKeyUsage constructor.
When hExtV and critical specified as arguments, return value will be generated from them.
x = new X509();
x.readCertPEM(sCertPEM); // parseExt() will also be called internally.
x.getExtExtKeyUsage() →
{ array: ["clientAuth", "emailProtection", "1.3.6.1.4.1.311.10.3.4"], 
  critical: true},
Parameters:
{String} hExtV
hexadecimal string of extension value (OPTIONAL)
{Boolean} critical
flag (OPTIONAL)
Since:
jsrsasign 9.0.0 x509 2.0.0
Returns:
{Array} JSON object of ExtKeyUsage parameter or undefined
{Object} JSONarray of extended key usage ID name or oid
See:
KJUR.asn1.x509.ExtKeyUsage

{Object} getExtExtKeyUsageName()
get extKeyUsage value as array of name string in the certificate(DEPRECATED)
This method will get extended key usage extension value as array of name or OID string. If there is this in the certificate, it returns undefined;
NOTE: Supported extended key usage ID names are defined in name2oidList parameter in asn1x509.js file.
x = new X509();
x.readCertPEM(sCertPEM); // parseExt() will also be called internally.
x.getExtExtKeyUsageName() → ["serverAuth", "clientAuth", "0.1.2.3.4.5"]
Deprecated:
since jsrsasign 9.0.0 x509 2.0.0
Since:
jsrsasign 7.2.0 x509 1.1.14
Returns:
{Object} array of extended key usage ID name or oid

getExtInfo(oidOrName)
get a X.509v3 extesion information such as extension OID, criticality and value index for specified oid or name.
This method will get an X.509v3 extension information JSON object having extension OID, criticality and value idx for specified extension OID or name. If there is no such extension, this returns undefined.
x = new X509();
x.readCertPEM(sCertPEM); // parseExt() will also be called internally.

x.getExtInfo("keyUsage") → { oid: "2.5.29.15", critical: true, vidx: 1714 }
x.getExtInfo("unknownExt") → undefined
Parameters:
{String} oidOrName
X.509 extension oid or name (ex. keyUsage or 2.5.29.19)
Since:
jsrsasign 7.2.0 x509 1.1.14
Returns:
X.509 extension information such as extension OID or value indx (see X509#parseExt)

{Array} getExtIssuerAltName(hExtV, critical)
get issuerAltName value as array of string in the certificate This method will get issuerAltName value as an array of JSON object which has properties defined in KJUR.asn1.x509.IssuerAltName. Result of this method can be passed to KJUR.asn1.x509.IssuerAltName constructor. If there is no this extension in the certificate, it returns undefined.
When hExtV and critical specified as arguments, return value will be generated from them.
x = new X509();
x.readCertPEM(sCertPEM); // parseExt() will also be called internally.
x.getExtIssuerAltName() → 
{ array: [
    {uri: "http://example.com/"},
    {rfc822: "user1@example.com"},
    {dns: "example.com"}
  ],
  critical: true
}

x.getExtIssuerAltName("3026...") →
{ array: [{ip: "192.168.1.1"}] }
Parameters:
{String} hExtV
hexadecimal string of extension value (OPTIONAL)
{Boolean} critical
flag (OPTIONAL)
Since:
jsrsasign 9.0.0 x509 2.0.0
Returns:
{Array} JSON object of IssuerAltName parameters
See:
KJUR.asn1.x509.IssuerAltName
X509#getExtSubjectAltName

{Array} getExtKeyUsage(hExtV, critical)
get KeyUsage extension value as JSON object This method parse keyUsage extension. When arguments are not specified, its extension in X509 object will be parsed. Result of this method can be passed to KJUR.asn1.x509.KeyUsage constructor.
When hExtV and critical specified as arguments, return value will be generated from them.
id-ce-keyUsage OBJECT IDENTIFIER ::=  { id-ce 15 }
KeyUsage ::= BIT STRING {
     digitalSignature        (0),
     nonRepudiation          (1),
     keyEncipherment         (2),
     dataEncipherment        (3),
     keyAgreement            (4),
     keyCertSign             (5),
     cRLSign                 (6),
     encipherOnly            (7),
     decipherOnly            (8) }     
x = new X509();
x.readCertPEM(sCertPEM); // parseExt() will also be called internally.
x.getExtKeyUsage() →
{
  critial: true,
  names: ["digitalSignature", "decipherOnly"]
}

x = new X509();
x.getExtKeyUsage("306230...") 
x.getExtKeyUsage("306230...", true)
Parameters:
{String} hExtV
hexadecimal string of extension value (OPTIONAL)
{Boolean} critical
flag (OPTIONAL)
Since:
jsrsasign 9.0.0 x509 2.0.0
Returns:
{Array} JSON object of KeyUsage parameter or undefined
See:
KJUR.asn1.x509.KeyUsage
X509#getExtKeyUsageString

{String} getExtKeyUsageBin(hExtV)
get KeyUsage extension value as binary string in the certificate
This method will get key usage extension value as binary string such like '101'. Key usage bits definition is in the RFC 5280. If there is no key usage extension in the certificate, it returns empty string (i.e. '').
NOTE: argument 'hExtV' supported since jsrsasign 9.0.0 x509 2.0.0.
x = new X509();
x.readCertPEM(sCertPEM); // parseExt() will also be called internally.
x.getExtKeyUsageBin() → '101'
// 1 - digitalSignature
// 0 - nonRepudiation
// 1 - keyEncipherment
Parameters:
{String} hExtV
hexadecimal string of extension value (OPTIONAL)
Since:
jsrsasign 7.2.0 x509 1.1.14
Returns:
{String} binary string of key usage bits (ex. '101')
See:
X509#getExtKeyUsage

{String} getExtKeyUsageString(hExtV)
get KeyUsage extension value as names in the certificate
This method will get key usage extension value as comma separated string of usage names. If there is no key usage extension in the certificate, it returns empty string (i.e. '').
NOTE: argument 'hExtV' supported since jsrsasign 9.0.0 x509 2.0.0.
x = new X509();
x.readCertPEM(sCertPEM); // parseExt() will also be called internally.
x.getExtKeyUsageString() → "digitalSignature,keyEncipherment"
Parameters:
{String} hExtV
hexadecimal string of extension value (OPTIONAL)
Since:
jsrsasign 7.2.0 x509 1.1.14
Returns:
{String} comma separated string of key usage
See:
X509#getExtKeyUsage

{Array} getExtOCSPNoCheck(hExtV, critical)
parse OCSPNoCheck OCSP extension as JSON object
This method parses OCSPNoCheck extension value defined in RFC 6960 4.2.2.2.1 as JSON object.
id-pkix-ocsp-nocheck OBJECT IDENTIFIER ::= { id-pkix-ocsp 5 }

Result of this method can be passed to KJUR.asn1.x509.OCSPNoCheck constructor.
x = new X509();
x.getExtOCSPNoCheck(<>) →
{ extname: "ocspNoCheck" }
Parameters:
{String} hExtV
hexadecimal string of extension value
{Boolean} critical
flag
Since:
jsrsasign 9.1.6 x509 2.0.3
Returns:
{Array} JSON object of parsed OCSPNoCheck extension
See:
KJUR.asn1.x509.OCSPNoCheck
X509#getExtParamArray
X509#getExtParam

{Array} getExtOCSPNonce(hExtV, critical)
parse OCSPNonce OCSP extension as JSON object
This method parses Nonce OCSP extension value defined in RFC 6960 4.4.1 as JSON object.
id-pkix-ocsp           OBJECT IDENTIFIER ::= { id-ad-ocsp }
id-pkix-ocsp-nonce     OBJECT IDENTIFIER ::= { id-pkix-ocsp 2 }
Nonce ::= OCTET STRING

Result of this method can be passed to KJUR.asn1.x509.OCSPNonce constructor.
x = new X509();
x.getExtOCSPNonce(<>) →
{ extname: "ocspNonce", hex: "1a2b..." }
Parameters:
{String} hExtV
hexadecimal string of extension value
{Boolean} critical
flag
Since:
jsrsasign 9.1.6 x509 2.0.3
Returns:
{Array} JSON object of parsed OCSPNonce extension
See:
KJUR.asn1.x509.OCSPNonce
X509#getExtParamArray
X509#getExtParam

{Array} getExtParam(hExt)
get a extension parameter JSON object
This method returns a extension parameters as JSON object.
x = new X509();
...
x.getExtParam("30...") →
{extname:"keyUsage",critical:true,names:["digitalSignature"]}
Parameters:
{String} hExt
hexadecimal string of Extension
Since:
jsrsasign 9.1.1 x509 2.0.1
Returns:
{Array} Extension parameter JSON object
See:
KJUR.asn1.x509.X509Util.newCertPEM
X509#getParam
X509#getExtParamArray
X509CRL#getParam
KJUR.asn1.csr.CSRUtil.getParam

{Array} getExtParamArray(hExtSeq)
get array of certificate extension parameter JSON object
This method returns an array of certificate extension parameters.
NOTE: Argument "hExtSeq" have been supported since jsrsasign 9.1.1.
x = new X509();
x.readCertPEM("-----BEGIN CERTIFICATE...");
x.getExtParamArray() →
[ {extname:"keyUsage",critical:true,names:["digitalSignature"]},
  {extname:"basicConstraints",critical:true},
  {extname:"subjectKeyIdentifier",kid:{hex:"f2eb..."}},
  {extname:"authorityKeyIdentifier",kid:{hex:"12ab..."}},
  {extname:"authorityInfoAccess",array:[{ocsp:"http://ocsp.example.com/"}]},
  {extname:"certificatePolicies",array:[{policyoid:"2.23.140.1.2.1"}]}]
Parameters:
{String} hExtSeq
hexadecimal string of SEQUENCE of Extension
Since:
jsrsasign 9.0.0 x509 2.0.0
Returns:
{Array} array of certificate extension parameter JSON object
See:
KJUR.asn1.x509.X509Util.newCertPEM
X509#getParam
X509#getExtParam
X509CRL#getParam
KJUR.asn1.csr.CSRUtil.getParam

{Array} getExtSubjectAltName(hExtV, critical)
get subjectAltName value as array of string in the certificate This method will get subjectAltName value as an array of JSON object which has properties defined in KJUR.asn1.x509.SubjectAltName. Result of this method can be passed to KJUR.asn1.x509.SubjectAltName constructor. If there is no this extension in the certificate, it returns undefined.
When hExtV and critical specified as arguments, return value will be generated from them.
CAUTION: return value of JSON object format have been changed from jsrsasign 9.0.0 x509 2.0.0 without backword compatibility.
x = new X509();
x.readCertPEM(sCertPEM); // parseExt() will also be called internally.
x.getExtSubjectAltName() → 
{ array: [
    {uri: "http://example.com/"},
    {rfc822: "user1@example.com"},
    {dns: "example.com"}
  ],
  critical: true
}

x.getExtSubjectAltName("3026...") →
{ array: [{ip: "192.168.1.1"}] }
Parameters:
{String} hExtV
hexadecimal string of extension value (OPTIONAL)
{Boolean} critical
flag (OPTIONAL)
Since:
jsrsasign 7.2.0 x509 1.1.14
Returns:
{Array} JSON object of SubjectAltName parameters or undefined
See:
KJUR.asn1.x509.SubjectAltName
X509#getExtIssuerAltName

{Object} getExtSubjectAltName2()
get subjectAltName value as array of string in the certificate (DEPRECATED) This method will get subject alt name extension value as array of type and name. If there is this in the certificate, it returns undefined; Type of GeneralName will be shown as following:
x = new X509();
x.readCertPEM(sCertPEM); // parseExt() will also be called internally.
x.getExtSubjectAltName2() →
[["DNS",  "example.com"],
 ["DNS",  "example.org"],
 ["MAIL", "foo@example.com"],
 ["IP",   "192.168.1.1"],
 ["IP",   "2001:db8::2:1"],
 ["DN",   "/C=US/O=TEST1"]]
Deprecated:
jsrsasign 9.0.0 x509 2.0.0
Since:
jsrsasign 8.0.1 x509 1.1.17
Returns:
{Object} array of alt name array

{Array} getExtSubjectKeyIdentifier(hExtV, critical)
get subjectKeyIdentifier value as hexadecimal string in the certificate
This method will get SubjectKeyIdentifier extension value as JSON object.
When hExtV and critical specified as arguments, return value will be generated from them. If there is no such extension in the certificate, it returns undefined.
Result of this method can be passed to KJUR.asn1.x509.SubjectKeyIdentifier constructor.
id-ce-subjectKeyIdentifier OBJECT IDENTIFIER ::=  { id-ce 14 }
SubjectKeyIdentifier ::= KeyIdentifier

CAUTION: Returned JSON value format have been changed without backward compatibility since jsrsasign 9.0.0 x509 2.0.0.
x = new X509();
x.readCertPEM(sCertPEM); // parseExt() will also be called internally.
x.getExtSubjectKeyIdentifier() → 
{ kid: {hex: "1b3347ab..."}, critical: true };
Parameters:
{String} hExtV
hexadecimal string of extension value (OPTIONAL)
{Boolean} critical
flag (OPTIONAL)
Since:
jsrsasign 7.2.0 x509 1.1.14
Returns:
{Array} JSON object of SubjectKeyIdentifier parameter or undefined

{Array} getGeneralName(h)
get GeneralName ASN.1 structure parameter as JSON object This method will get GeneralName parameters defined in RFC 5280 4.2.1.6.
GeneralName ::= CHOICE {
     otherName                       [0]     OtherName,
     rfc822Name                      [1]     IA5String,
     dNSName                         [2]     IA5String,
     x400Address                     [3]     ORAddress,
     directoryName                   [4]     Name,
     ediPartyName                    [5]     EDIPartyName,
     uniformResourceIdentifier       [6]     IA5String,
     iPAddress                       [7]     OCTET STRING,
     registeredID                    [8]     OBJECT IDENTIFIER }
Result of this method can be passed to KJUR.asn1.x509.GeneralName constructor.
x = new X509();
x.getGeneralName("860f687474703a2f2f6161612e636f6d2f") 
→ {uri: "http://aaa.com/"}
x.getGeneralName("a41c30...") →
{ dn: {
    array: [
      [{type:"C", value:"JP", ds:"prn"}],
      [{type:"O", value:"T1", ds:"utf8"}]
    ],
    str: "/C=JP/O=T1" } }
Parameters:
{String} h
hexadecimal string of GeneralName
Since:
jsrsasign 9.0.0 x509 2.0.0
Returns:
{Array} JSON object of GeneralName parameters or undefined
See:
KJUR.asn1.x509.GeneralNames
X509#getGeneralName

{Array} getGeneralNames(h)
get GeneralNames ASN.1 structure parameter as JSON object This method will get GeneralNames parameters defined in RFC 5280 4.2.1.6.
GeneralNames ::= SEQUENCE SIZE (1..MAX) OF GeneralName
Result of this method can be passed to KJUR.asn1.x509.GeneralNames constructor.
x = new X509();
x.getGeneralNames("3011860f687474703a2f2f6161612e636f6d2f")
→ [{uri: "http://aaa.com/"}]

x.getGeneralNames("301ea41c30...") →
[{ dn: {
    array: [
      [{type:"C", value:"JP", ds:"prn"}],
      [{type:"O", value:"T1", ds:"utf8"}]
    ],
    str: "/C=JP/O=T1" } }]
Parameters:
{String} h
hexadecimal string of GeneralNames
Since:
jsrsasign 9.0.0 x509 2.0.0
Returns:
{Array} array of GeneralNames parameters
See:
KJUR.asn1.x509.GeneralNames
KJUR.asn1.x509.GeneralName
X509#getGeneralNames

{String} getInfo()
get certificate information as string.
x = new X509();
x.readCertPEM(certPEM);
console.log(x.getInfo());
// this shows as following
Basic Fields
  serial number: 02ac5c266a0b409b8f0b79f2ae462577
  signature algorithm: SHA1withRSA
  issuer: /C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert High Assurance EV Root CA
  notBefore: 061110000000Z
  notAfter: 311110000000Z
  subject: /C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert High Assurance EV Root CA
  subject public key info:
    key algorithm: RSA
    n=c6cce573e6fbd4bb...
    e=10001
X509v3 Extensions:
  keyUsage CRITICAL:
    digitalSignature,keyCertSign,cRLSign
  basicConstraints CRITICAL:
    cA=true
  subjectKeyIdentifier :
    b13ec36903f8bf4701d498261a0802ef63642bc3
  authorityKeyIdentifier :
    kid=b13ec36903f8bf4701d498261a0802ef63642bc3
signature algorithm: SHA1withRSA
signature: 1c1a0697dcd79c9f...
Since:
jsrsasign 5.0.10 x509 1.1.8
Returns:
{String} certificate information string

{Array} getIssuer()
get JSON object of issuer field
var x = new X509(sCertPEM);
x.getIssuer() →
{ array: [[{type:'C',value:'JP',ds:'prn'}],...],
  str: "/C=JP/..." }
Since:
jsrsasign 9.0.0 x509 2.0.0
Returns:
{Array} JSON object of issuer field
See:
X509#getX500Name

{String} getIssuerHex()
get hexadecimal string of issuer field TLV of certificate.
var x = new X509();
x.readCertPEM(sCertPEM);
var issuer = x.getIssuerHex(); // return string like "3013..."
Returns:
{String} hexadecial string of issuer DN ASN.1

{String} getIssuerString()
get string of issuer field of certificate.
var x = new X509();
x.readCertPEM(sCertPEM);
var dn1 = x.getIssuerString(); // return string like "/C=US/O=TEST"
var dn2 = KJUR.asn1.x509.X500Name.compatToLDAP(dn1); // returns "O=TEST, C=US"
Returns:
{String} issuer DN string
See:
X509#getIssuer

{String} getNotAfter()
get notAfter field string of certificate.
var x = new X509();
x.readCertPEM(sCertPEM);
var notAfter = x.getNotAfter(); // return string like "151231235959Z"
Returns:
{String} not after time value (ex. "151231235959Z")

{String} getNotBefore()
get notBefore field string of certificate.
var x = new X509();
x.readCertPEM(sCertPEM);
var notBefore = x.getNotBefore(); // return string like "151231235959Z"
Returns:
{String} not before time value (ex. "151231235959Z")

{Array} getParam()
get JSON object of certificate parameters
This method returns a JSON object of the certificate parameters. Return value can be passed to KJUR.asn1.x509.X509Util.newCertPEM.
x = new X509();
x.readCertPEM("-----BEGIN CERTIFICATE...");
x.getParam() →
{version:3,
 serial:{hex:"12ab"},
 sigalg:"SHA256withRSA",
 issuer: {array:[[{type:'CN',value:'CA1',ds:'prn'}]],str:"/O=CA1"},
 notbefore:"160403023700Z",
 notafter:"160702023700Z",
 subject: {array:[[{type:'CN',value:'Test1',ds:'prn'}]],str:"/CN=Test1"},
 sbjpubkey:"-----BEGIN PUBLIC KEY...",
 ext:[
  {extname:"keyUsage",critical:true,names:["digitalSignature"]},
  {extname:"basicConstraints",critical:true},
  {extname:"subjectKeyIdentifier",kid:{hex:"f2eb..."}},
  {extname:"authorityKeyIdentifier",kid:{hex:"12ab..."}},
  {extname:"authorityInfoAccess",array:[{ocsp:"http://ocsp.example.com/"}]},
  {extname:"certificatePolicies",array:[{policyoid:"2.23.140.1.2.1"}]}
 ],
 sighex:"0b76...8"
};
Since:
jsrsasign 9.0.0 x509 2.0.0
Returns:
{Array} JSON object of certificate parameters
See:
KJUR.asn1.x509.X509Util.newCertPEM

{Object} getPolicyInformation(h)
get PolicyInformation ASN.1 structure parameter as JSON object This method will get PolicyInformation parameters defined in RFC 5280 4.2.1.4.
PolicyInformation ::= SEQUENCE {
     policyIdentifier   CertPolicyId,
     policyQualifiers   SEQUENCE SIZE (1..MAX) OF
                             PolicyQualifierInfo OPTIONAL }
Result of this method can be passed to KJUR.asn1.x509.PolicyInformation constructor.
x = new X509();
x.getPolicyInformation("30...") →
{
    policyoid: "2.16.840.1.114412.2.1",
    array: [{cps: "https://www.digicert.com/CPS"}]
}
Parameters:
{String} h
hexadecimal string of PolicyInformation
Since:
jsrsasign 9.0.0 x509 2.0.0
Returns:
{Object} JSON object of PolicyInformation parameters

{Object} getPolicyQualifierInfo(h)
get PolicyQualifierInfo ASN.1 structure parameter as JSON object This method will get PolicyQualifierInfo parameters.
PolicyQualifierInfo ::= SEQUENCE {
     policyQualifierId  PolicyQualifierId,
     qualifier          ANY DEFINED BY policyQualifierId }
id-qt          OBJECT IDENTIFIER ::=  { id-pkix 2 }
id-qt-cps      OBJECT IDENTIFIER ::=  { id-qt 1 }
id-qt-unotice  OBJECT IDENTIFIER ::=  { id-qt 2 }
PolicyQualifierId ::= OBJECT IDENTIFIER ( id-qt-cps | id-qt-unotice )
Qualifier ::= CHOICE {
     cPSuri           CPSuri,
     userNotice       UserNotice }
CPSuri ::= IA5String
Result of this method can be passed to KJUR.asn1.x509.PolicyQualifierInfo constructor.
x = new X509();
x.getPolicyQualifierInfo("30...") 
→ {unotice: {exptext: {type: 'utf8', str: 'aaa'}}}
x.getPolicyQualifierInfo("30...") 
→ {cps: "https://repository.example.com/"}
Parameters:
{String} h
hexadecimal string of PolicyQualifierInfo
Since:
jsrsasign 9.0.0 x509 2.0.0
Returns:
{Object} JSON object of PolicyQualifierInfo parameters
See:
X509#getExtCertificatePolicies
X509#getPolicyInformation

{Object} getPublicKey()
get a RSAKey/ECDSA/DSA public key object of subjectPublicKeyInfo field.
x = new X509();
x.readCertPEM(sCertPEM);
pubkey= x.getPublicKey();
Since:
jsrsasign 7.1.4 x509 1.1.13
Returns:
{Object} RSAKey/ECDSA/DSA public key object of subjectPublicKeyInfo field

{Integer} getPublicKeyContentIdx()
get a string index of contents of subjectPublicKeyInfo BITSTRING value from hexadecimal certificate
x = new X509();
x.readCertPEM(sCertPEM);
idx = x.getPublicKeyContentIdx(); // return string index in x.hex parameter
Since:
jsrsasign 8.0.0 x509 1.2.0
Returns:
{Integer} string index of key contents

<static> X509.getPublicKeyFromCertHex(h)
get RSA/DSA/ECDSA public key object from X.509 certificate hexadecimal string
Parameters:
{String} h
hexadecimal string of X.509 certificate for RSA/ECDSA/DSA public key
Since:
jsrasign 7.1.0 x509 1.1.11
Returns:
returns RSAKey/KJUR.crypto.{ECDSA,DSA} object of public key

<static> X509.getPublicKeyFromCertPEM(sCertPEM)
get RSA/DSA/ECDSA public key object from PEM certificate string NOTE: DSA is also supported since x509 1.1.2.
Parameters:
{String} sCertPEM
PEM formatted RSA/ECDSA/DSA X.509 certificate
Since:
x509 1.1.1
Returns:
returns RSAKey/KJUR.crypto.{ECDSA,DSA} object of public key

{String} getPublicKeyHex()
get a hexadecimal string of subjectPublicKeyInfo field.
x = new X509();
x.readCertPEM(sCertPEM);
hSPKI = x.getPublicKeyHex(); // return string like "30820122..."
Since:
jsrsasign 7.1.4 x509 1.1.13
Returns:
{String} ASN.1 SEQUENCE hexadecimal string of subjectPublicKeyInfo field

{Number} getPublicKeyIdx()
get a string index of subjectPublicKeyInfo field for hexadecimal string certificate.
x = new X509();
x.readCertPEM(sCertPEM);
idx = x.getPublicKeyIdx(); // return string index in x.hex parameter
Since:
jsrsasign 7.1.4 x509 1.1.13
Returns:
{Number} string index of subjectPublicKeyInfo field for hexadecimal string certificate.

<static> {Hash} X509.getPublicKeyInfoPropOfCertPEM(sCertPEM)
get public key information from PEM certificate Resulted associative array has following properties:
NOTE: X509v1 certificate is also supported since x509.js 1.1.9.
Parameters:
{String} sCertPEM
string of PEM formatted certificate
Since:
x509 1.1.1
Returns:
{Hash} hash of information for public key

{Array} getRDN(h)
get RelativeDistinguishedName ASN.1 structure parameter array
This method will get RelativeDistinguishedName parameters defined in RFC 5280 4.1.2.4.
RelativeDistinguishedName ::=
  SET SIZE (1..MAX) OF AttributeTypeAndValue
x = new X509();
x.getRDN("31...") →
[{type:"C",value:"US",ds:"prn"}] or
[{type:"O",value:"Sample Corp.",ds:"prn"}] or
[{type:"CN",value:"john.smith@example.com",ds:"ia5"}]
Parameters:
{String} h
hexadecimal string of RDN
Since:
jsrsasign 9.0.0 x509 2.0.0
Returns:
{Array} array of AttrTypeAndValue parameters
See:
X509#getX500Name
X509#getRDN
X509#getAttrTypeAndValue

{String} getSerialNumberHex()
get hexadecimal string of serialNumber field of certificate.
var x = new X509();
x.readCertPEM(sCertPEM);
var sn = x.getSerialNumberHex(); // return string like "01ad..."
Returns:
{String} hexadecimal string of certificate serial number

{String} getSignatureAlgorithmField()
get signature algorithm name in basic field This method will get a name of signature algorithm in basic field of certificate.
NOTE: From jsrsasign 8.0.21, RSA-PSS certificate is also supported. For supported RSA-PSS algorithm name and PSS parameters, see X509#getSignatureAlgorithmField.
var x = new X509();
x.readCertPEM(sCertPEM);
algName = x.getSignatureAlgorithmField();
Since:
x509 1.1.8
Returns:
{String} signature algorithm name (ex. SHA1withRSA, SHA256withECDSA, SHA512withRSAandMGF1)
See:
X509#getAlgorithmIdentifierName

{String} getSignatureAlgorithmName()
get signature algorithm name from hexadecimal certificate data This method will get signature algorithm name of certificate:
var x = new X509();
x.readCertPEM(sCertPEM);
x.getSignatureAlgorithmName() → "SHA256withRSA"
Since:
jsrsasign 7.2.0 x509 1.1.14
Returns:
{String} signature algorithm name (ex. SHA1withRSA, SHA256withECDSA)
See:
X509#getAlgorithmIdentifierName

{String} getSignatureValueHex()
get signature value as hexadecimal string
This method will get signature value of certificate:
var x = new X509();
x.readCertPEM(sCertPEM);
x.getSignatureValueHex() &rarr "8a4c47913..."
Since:
jsrsasign 7.2.0 x509 1.1.14
Returns:
{String} signature value hexadecimal string without BitString unused bits

{Array} getSubject()
get JSON object of subject field
var x = new X509(sCertPEM);
x.getSubject() →
{ array: [[{type:'C',value:'JP',ds:'prn'}],...],
  str: "/C=JP/..." }
Since:
jsrsasign 9.0.0 x509 2.0.0
Returns:
{Array} JSON object of subject field
See:
X509#getX500Name

{String} getSubjectHex()
get hexadecimal string of subject field of certificate.
var x = new X509();
x.readCertPEM(sCertPEM);
var subject = x.getSubjectHex(); // return string like "3013..."
Returns:
{String} hexadecial string of subject DN ASN.1

{String} getSubjectString()
get string of subject field of certificate.
var x = new X509();
x.readCertPEM(sCertPEM);
var dn1 = x.getSubjectString(); // return string like "/C=US/O=TEST"
var dn2 = KJUR.asn1.x509.X500Name.compatToLDAP(dn1); // returns "O=TEST, C=US"
Returns:
{String} subject DN string
See:
X509#getSubject

{Object} getUserNotice(h)
get UserNotice ASN.1 structure parameter as JSON object This method will get UserNotice parameters.
UserNotice ::= SEQUENCE {
     noticeRef        NoticeReference OPTIONAL,
     explicitText     DisplayText OPTIONAL }
Result of this method can be passed to KJUR.asn1.x509.NoticeReference constructor.
NOTE: NoticeReference parsing is currently not supported and it will be ignored.
x = new X509();
x.getUserNotice("30...") → {exptext: {type: 'utf8', str: 'aaa'}}
Parameters:
{String} h
hexadecimal string of UserNotice
Since:
jsrsasign 9.0.0 x509 2.0.0
Returns:
{Object} JSON object of UserNotice parameters
See:
X509#getExtCertificatePolicies
X509#getPolicyInformation
X509#getPolicyQualifierInfo

{Number} getVersion()
get format version (X.509v1 or v3 certificate)
This method returns a format version of X.509 certificate. It returns 1 for X.509v1 certificate and 3 for v3 certificate. Otherwise returns 0. This method will be automatically called in X509#readCertPEM. After then, you can use X509.version parameter.
var x = new X509();
x.readCertPEM(sCertPEM);
version = x.getVersion();    // 1 or 3
sn = x.getSerialNumberHex(); // return string like "01ad..."
Since:
jsrsasign 7.1.14 x509 1.1.13
Returns:
{Number} 1 for X509v1, 3 for X509v3, otherwise 0

{Array} getX500Name(h)
get Name ASN.1 structure parameter array
This method will get Name parameter defined in RFC 5280 4.1.2.4.
Name ::= CHOICE { -- only one possibility for now --
  rdnSequence  RDNSequence }
RDNSequence ::= SEQUENCE OF RelativeDistinguishedName
x = new X509();
x.getX500Name("30...") →
{ array: [
    [{type:"C",value:"US",ds:"prn"}],
    [{type:"O",value:"Sample Corp.",ds:"utf8"}],
    [{type:"CN",value:"john.smith@example.com",ds:"ia5"}]
  ],
  str: "/C=US/O=Sample Corp./CN=john.smith@example.com",
  hex: "30..."
}
Parameters:
{String} h
hexadecimal string of Name
Since:
jsrsasign 9.0.0 x509 2.0.0
Returns:
{Array} array of RDN parameter array
See:
X509#getX500NameArray
X509#getRDN
X509#getAttrTypeAndValue
KJUR.asn1.x509.X500Name
KJUR.asn1.x509.GeneralName
KJUR.asn1.x509.GeneralNames

{Array} getX500NameArray(h)
get X.500 Name ASN.1 structure parameter array
This method will get Name parameter defined in RFC 5280 4.1.2.4.
Name ::= CHOICE { -- only one possibility for now --
  rdnSequence  RDNSequence }
RDNSequence ::= SEQUENCE OF RelativeDistinguishedName
x = new X509();
x.getX500NameArray("30...") →
[[{type:"C",value:"US",ds:"prn"}],
 [{type:"O",value:"Sample Corp.",ds:"utf8"}],
 [{type:"CN",value:"john.smith@example.com",ds:"ia5"}]]
Parameters:
{String} h
hexadecimal string of Name
Since:
jsrsasign 10.0.6 x509 2.0.9
Returns:
{Array} array of RDN parameter array
See:
X509#getX500Name
X509#getRDN
X509#getAttrTypeAndValue

<static> {String} X509.hex2attrTypeValue(hex, idx)
get string from hexadecimal string of ASN.1 DER AttributeTypeAndValue
This static method converts from a hexadecimal string of AttributeTypeAndValue specified by 'hex' and 'idx' to LDAP string representation (ex. C=US).
X509.hex2attrTypeValue("3008060355040a0c0161") → O=a
X509.hex2attrTypeValue("300806035504060c0161") → C=a
X509.hex2attrTypeValue("...3008060355040a0c0161...", 128) → O=a
Parameters:
{String} hex
hexadecimal string of ASN.1 DER concludes AttributeTypeAndValue
{Integer} idx
index of hexadecimal string (DEFAULT=0)
Returns:
{String} string representation of AttributeTypeAndValue (ex. C=US)

<static> {String} X509.hex2dn(hex, idx)
get distinguished name string in OpenSSL online format from hexadecimal string of ASN.1 DER X.500 name
This static method converts from a hexadecimal string of distinguished name (DN) specified by 'hex' and 'idx' to OpenSSL oneline string representation (ex. /C=US/O=a).
X509.hex2dn("3031310b3...") → /C=US/O=a/CN=b2+OU=b1
Parameters:
{String} hex
hexadecimal string of ASN.1 DER distinguished name
{Integer} idx
index of hexadecimal string (DEFAULT=0)
Returns:
{String} OpenSSL online format distinguished name

<static> {String} X509.hex2rdn(hex, idx)
get relative distinguished name string in OpenSSL online format from hexadecimal string of ASN.1 DER RDN
This static method converts from a hexadecimal string of relative distinguished name (RDN) specified by 'hex' and 'idx' to LDAP string representation (ex. O=test+CN=test).
NOTE: Multi-valued RDN is supported since jsnrsasign 6.2.2 x509 1.1.10.
X509.hex2rdn("310a3008060355040a0c0161") → O=a
X509.hex2rdn("31143008060355040a0c01613008060355040a0c0162") → O=a+O=b
Parameters:
{String} hex
hexadecimal string of ASN.1 DER concludes relative distinguished name
{Integer} idx
index of hexadecimal string (DEFAULT=0)
Returns:
{String} OpenSSL online format relative distinguished name

parseExt(hCSR)
set array of X.509v3 and CSR extesion information such as extension OID, criticality and value index. (DEPRECATED)
This method will set an array of X.509v3 extension information having following parameters:
x = new X509();
x.readCertPEM(sCertPEM); // parseExt() will also be called internally.

x.aExtInfo →
[ { oid: "2.5.29,19", critical: true, vidx: 2504 }, ... ]

// to parse CSR
X = new X509()
x.parseExt("-----BEGIN CERTIFICATE REQUEST-----...");
x.aExtInfo →
[ { oid: "2.5.29,19", critical: true, vidx: 2504 }, ... ]
Parameters:
{String} hCSR
- PEM string of certificate signing requrest(CSR) (OPTION)
Deprecated:
jsrsasign 9.1.1 x509 2.0.1
Since:
jsrsasign 7.2.0 x509 1.1.14

readCertHex(sCertHex)
read a hexadecimal string of X.509 certificate
NOTE: X509#parseExt will called internally since jsrsasign 7.2.0.
x = new X509();
x.readCertHex("3082..."); // read certificate
Parameters:
{String} sCertHex
hexadecimal string of X.509 certificate
Since:
jsrsasign 7.1.4 x509 1.1.13

readCertPEM(sCertPEM)
read PEM formatted X.509 certificate from string.
x = new X509();
x.readCertPEM(sCertPEM); // read certificate
Parameters:
{String} sCertPEM
string for PEM formatted X.509 certificate

updateAIACAIssuer(aExt, newURI)
update authorityInfoAccess caIssuer in parameter
This method updates "caIssuer" accessMethod URI of AuthorityInfoAccess extension in the extension parameter array if it exists.
aExt = [
  {extname:"authorityKeyIdentifier",kid:{hex:"12ab..."}},
  {extname:"authoriyInfoAccess",
   array:[
     {ocsp: "http://ocsp1.example.com"},
     {caissuer: "http://example.com/a.crt"}
   ]}
];
x = new X509();
x.updateAIACAIssuer(aExt, "http://example.net/b.crt");
Parameters:
{Array} aExt
array of extension parameters
{String} newURI
string of new uri
Since:
jsrsasign 10.0.4 x509 2.0.8
See:
X509#findExt
KJUR.asn1.x509.AuthorityInfoAccess

updateAIAOCSP(aExt, newURI)
update authorityInfoAccess ocsp in parameter
This method updates "ocsp" accessMethod URI of AuthorityInfoAccess extension in the extension parameter array if it exists.
aExt = [
  {extname:"authorityKeyIdentifier",kid:{hex:"12ab..."}},
  {extname:"authoriyInfoAccess",
   array:[
     {ocsp: "http://ocsp1.example.com"},
     {caissuer: "http://example.com/a.crt"}
   ]}
];
x = new X509();
x.updateAIAOCSP(aExt, "http://ocsp2.example.net");
Parameters:
{Array} aExt
array of extension parameters
{String} newURI
string of new uri
Since:
jsrsasign 10.0.4 x509 2.0.8
See:
X509#findExt
KJUR.asn1.x509.AuthorityInfoAccess

updateCDPFullURI(aExt, newURI)
update CRLDistributionPoints Full URI in parameter
This method updates Full URI of CRLDistributionPoints extension in the extension parameter array if it exists.
aExt = [
  {extname:"authorityKeyIdentifier",kid:{hex:"12ab..."}},
  {extname:"cRLDistributionPoints",
   array:[{dpname:{full:[{uri:"http://example.com/a.crl"}]}}]},
];
x = new X509();
x.updateCDPFullURI(aExt, "http://crl2.example.new/b.crl");
Parameters:
{Array} aExt
array of extension parameters
{String} newURI
string of new uri
Since:
jsrsasign 10.0.4 x509 2.0.8
See:
X509#findExt
KJUR.asn1.x509.CRLDistributionPoints

{Boolean} verifySignature(pubKey)
verifies signature value by public key
This method verifies signature value of hexadecimal string of X.509 certificate by specified public key object. The signature algorithm used to verify will refer signatureAlgorithm field. (See X509#getSignatureAlgorithmField) RSA-PSS signature algorithms (SHA{,256,384,512}withRSAandMGF1) are available.
pubKey = KEYUTIL.getKey(pemPublicKey); // or certificate
x = new X509();
x.readCertPEM(pemCert);
x.verifySignature(pubKey) → true, false or raising exception
Parameters:
{Object} pubKey
public key object
Since:
jsrsasign 7.2.0 x509 1.1.14
Returns:
{Boolean} true if signature value is valid otherwise false

© 2012-2021 Kenji Urushima, All rights reserved
Documentation generated by JsDoc Toolkit 2.4.0