Class Index | File Index

Classes


Class X509CRL


Version 1.0.0 (2020-Aug-26).
hexadecimal X.509 CRL ASN.1 parser class
Defined in: x509crl.js.

Class Summary
Constructor Attributes Constructor Name and Description
 
X509CRL(params)
hexadecimal X.509 CRL ASN.1 parser class.
Field Summary
Field Attributes Field Name and Description
 
hex
hexadecimal string of X.509 CRL ASN.1 data
 
index of revokedCertificates field in TBSCertList depends on CRL version and nextUpdate field
 
index of SignatureAlgorithm field in TBSCertList position depends on CRL version field
Method Summary
Method Attributes Method Name and Description
 
get revokedCertificate associative array for checking certificate
This method will find revokedCertificate entry as JSON object for a specified certificate.
 
findRevCertBySN(hexadecimal)
get revokedCertificate associative array for serial number
This method will find revokedCertificate entry as JSON object for a specified serial number.
 
get JSON object of issuer field
This method returns parsed issuer field value as JSON object.
 
get hexadecimal string of issuer field TLV of certificate.
 
get JSON object of nextUpdate field
This method returns parsed nextUpdate field value as string.
 
get JSON object for CRL parameters
This method returns a JSON object of the CRL parameters.
 
get revokedCertificate JSON parameter
This method returns parsed revokedCertificate parameter as JSON object.
 
get array for revokedCertificates field
This method returns parsed revokedCertificates field value as array of revokedCertificate parameter.
 
get signature algorithm name in basic field This method will get a name of signature algorithm in CRL.
 
get signature value as hexadecimal string
This method will get signature value of CRL.
 
get JSON object of thisUpdate field
This method returns parsed thisUpdate field value as string.
 
get X.509 CRL format version
This method returns a version field value TBSCertList.
 
verifies signature value by public key
This method verifies signature value of hexadecimal string of X.509 CRL by specified public key.
Class Detail
X509CRL(params)
hexadecimal X.509 CRL ASN.1 parser class.
This class parses X.509 CRL. Following methods are provided to get field value:
BASIC FIELD
UTILITIES

Author: Kenji Urushima.
// constructor
crl = new X509CRL("-----BEGIN X509 CRL...");
crl = new X509CRL("3082...");
Parameters:
{String} params
X.509 CRL PEM string or hexadecimal string
See:
X509
jsrsasign home page https://kjur.github.io/jsrsasign/
Field Detail
{String} hex
hexadecimal string of X.509 CRL ASN.1 data

{Integer} posRevCert
index of revokedCertificates field in TBSCertList depends on CRL version and nextUpdate field

{Integer} posSigAlg
index of SignatureAlgorithm field in TBSCertList position depends on CRL version field
Method Detail
{object} findRevCert(PEM)
get revokedCertificate associative array for checking certificate
This method will find revokedCertificate entry as JSON object for a specified certificate.
When the serial number is not found in the entry, this returns null.
Before finding, X509CRL#getParam is called internally to parse CRL.
NOTE: This method will just find an entry for a serial number. You need to check whether CRL is proper one or not for checking certificate such as signature validation or name checking.
crl = new X509CRL(PEMCRL);

crl.findRevCert(PEMCERT-REVOKED) → 
{sn:"123a", date:"208025235959Z", ext: [{extname:"cRLReason",code:3}]}

crl.findRevCert(PEMCERT-NOTREVOKED) → null

crl.findRevCert(CERT-HEX) → null or {sn:...}
Parameters:
{string} PEM
or hexadecimal string of certificate to be revocation-checked
Since:
jsrsasign 10.5.5 x509crl 1.0.3
Returns:
{object} JSON object for revokedCertificate or null
See:
X509CRL#getParam
X509CRL#findRevCertBySN

{object} findRevCertBySN(hexadecimal)
get revokedCertificate associative array for serial number
This method will find revokedCertificate entry as JSON object for a specified serial number.
When the serial number is not found in the entry, this returns null.
Before finding, X509CRL#getParam is called internally to parse CRL.
NOTE: This method will just find an entry for a serial number. You need to check whether CRL is proper one or not for checking certificate such as signature validation or name checking.
crl = new X509CRL(PEMCRL);
crl.findRevCertBySN("123a") → // revoked
{sn:"123a", date:"208025235959Z", ext: [{extname:"cRLReason",code:3}]}

crl.findRevCertBySN("0000") → null // not revoked
Parameters:
{string} hexadecimal
string of checking certificate serial number
Since:
jsrsasign 10.5.5 x509crl 1.0.3
Returns:
{object} JSON object for revokedCertificate or null
See:
X509CRL#getParam
X509CRL#findRevCert

{Array} getIssuer()
get JSON object of issuer field
This method returns parsed issuer field value as JSON object.
crl = new X509CRL("-----BEGIN X509 CRL...");
x.getIssuer() →
{ array: [[{type:'C',value:'JP',ds:'prn'}],...],
  str: "/C=JP/..." }
Returns:
{Array} JSON object of issuer field
See:
X509#getIssuer
X509#getX500Name
KJUR.asn1.x509.X500Name

{string} getIssuerHex()
get hexadecimal string of issuer field TLV of certificate.
This method returns ASN.1 DER hexadecimal string of issuer field.
crl = new X509CRL("-----BEGIN X509 CRL...");
x.getIssuerHex() → "30..."
Since:
jsrsasign 10.5.5 x509crl 1.0.3
Returns:
{string} hexadecial string of issuer DN ASN.1
See:
X509CRL#getIssuer

{String} getNextUpdate()
get JSON object of nextUpdate field
This method returns parsed nextUpdate field value as string. "nextUpdate" is OPTIONAL field so when nextUpdate field doesn't exists, this returns null.
crl = new X509CRL("-----BEGIN X509 CRL...");
crl.getNextUpdate() → "200825235959Z"
Returns:
{String} string of nextUpdate field or null
See:
X509#getNotBefore
X509CRL#getThisUpdate
KJUR.asn1.x509.Time

{Array} getParam()
get JSON object for CRL parameters
This method returns a JSON object of the CRL parameters. Return value can be passed to KJUR.asn1.x509.CRL constructor.
NOTE1: From jsrsasign 10.5.16, optional argument can be applied. It can have following members:
crl = new X509CRL("-----BEGIN X509 CRL...");
crl.getParam() →
{version: 2,
 sigalg: "SHA256withRSA",
 issuer: {array:
   [[{type:"C",value:"JP",ds:"prn"}],[{type:"O",value:"T1",ds:"prn"}]]},
 thisupdate: "200820212434Z",
 nextupdate: "200910212434Z",
 revcert: [
  {sn:{hex:"123d..."},
   date:"061110000000Z",
   ext:[{extname:"cRLReason",code:4}]}],
 ext: [
  {extname:"authorityKeyIdentifier",kid:{hex: "03de..."}},
  {extname:"cRLNumber",num:{hex:"0211"}}],
 sighex: "3c5e..."}

crl.getParam({tbshex: true}) → { ... , tbshex: "30..." }
crl.getParam({nodnarray: true}) → {issuer: {str: "/C=JP"}, ...}
Returns:
{Array} JSON object for CRL parameters
See:
KJUR.asn1.x509.CRL

{Array} getRevCert()
get revokedCertificate JSON parameter
This method returns parsed revokedCertificate parameter as JSON object.
crl = new X509CRL();
crl.getRevCertArray("30...") →
{sn:"123a", date:"208025235959Z", ext: [{extname:"cRLReason",code:3}]}
Returns:
{Array} JSON object for revokedCertificate parameter
See:
X509CRL#getRevCertArray

{Array} getRevCertArray()
get array for revokedCertificates field
This method returns parsed revokedCertificates field value as array of revokedCertificate parameter. If the field doesn't exists, it returns null.
crl = new X509CRL("-----BEGIN X509 CRL...");
crl.getRevCertArray() →
[{sn:"123a", date:"208025235959Z", ext: [{extname:"cRLReason",code:3}]},
 {sn:"123b", date:"208026235959Z", ext: [{extname:"cRLReason",code:0}]}]
Returns:
{Array} array of revokedCertificate parameter or null
See:
X509CRL#getRevCert

{String} getSignatureAlgorithmField()
get signature algorithm name in basic field This method will get a name of signature algorithm in CRL.
crl = new X509CRL("-----BEGIN X509 CRL...");
crl.getSignatureAlgorithmField() → "SHA256withRSAandMGF1"
Returns:
{String} signature algorithm name (ex. SHA1withRSA, SHA256withECDSA, SHA512withRSAandMGF1)
See:
X509#getSignatureAlgorithmField
KJUR.asn1.x509.AlgirithmIdentifier

{String} getSignatureValueHex()
get signature value as hexadecimal string
This method will get signature value of CRL.
crl = new X509CRL("-----BEGIN X509 CRL...");
crl.getSignatureValueHex() &rarr "8a4c47913..."
Returns:
{String} signature value hexadecimal string without BitString unused bits

{String} getThisUpdate()
get JSON object of thisUpdate field
This method returns parsed thisUpdate field value as string.
crl = new X509CRL("-----BEGIN X509 CRL...");
x.getThisUpdate() → "200825235959Z"
Returns:
{String} string of thisUpdate field (ex. "YYMMDDHHmmSSZ")
See:
X509#getNotBefore
X509CRL#getNextUpdate
KJUR.asn1.x509.Time

{Number} getVersion()
get X.509 CRL format version
This method returns a version field value TBSCertList. This returns null if there is no such field.
crl = new X509CRL("-----BEGIN X509 CRL...");
crl.getVersion() → 2
Returns:
{Number} version field value (generally 2) or null

{Boolean} verifySignature(pubKey)
verifies signature value by public key
This method verifies signature value of hexadecimal string of X.509 CRL by specified public key. The signature algorithm used to verify will refer signatureAlgorithm field. (See X509CRL#getSignatureAlgorithmField)
crl = new X509CRL("-----BEGIN X509 CRL...");
x.verifySignature(pubKey) → true, false or raising exception
Parameters:
{Object} pubKey
public key object, pubkey PEM or PEM issuer cert
Returns:
{Boolean} true if signature value is valid otherwise false
See:
X509#verifySignature
KJUR.crypto.Signature

© 2012-2023 Kenji Urushima, All rights reserved
Documentation generated by JsDoc Toolkit 2.4.0