Class X509CRL
Version
1.0.0 (2020-Aug-26).
hexadecimal X.509 CRL ASN.1 parser class
Defined in: x509crl.js.
| Constructor Attributes | Constructor Name and Description |
|---|---|
|
X509CRL(params)
hexadecimal X.509 CRL ASN.1 parser class.
|
| Field Attributes | Field Name and Description |
|---|---|
|
hexadecimal string of X.509 CRL ASN.1 data
|
|
|
index of revokedCertificates field in TBSCertList depends on CRL version and nextUpdate field
|
|
|
index of SignatureAlgorithm field in TBSCertList position depends on CRL version field
|
| Method Attributes | Method Name and Description |
|---|---|
|
findRevCert(PEM)
get revokedCertificate associative array for checking certificate
This method will find revokedCertificate entry as JSON object for a specified certificate. |
|
|
findRevCertBySN(hexadecimal)
get revokedCertificate associative array for serial number
This method will find revokedCertificate entry as JSON object for a specified serial number. |
|
|
get JSON object of issuer field
This method returns parsed issuer field value as JSON object. |
|
|
get hexadecimal string of issuer field TLV of certificate.
|
|
|
get JSON object of nextUpdate field
This method returns parsed nextUpdate field value as string. |
|
|
getParam()
get JSON object for CRL parameters
This method returns a JSON object of the CRL parameters. |
|
|
get revokedCertificate JSON parameter
This method returns parsed revokedCertificate parameter as JSON object. |
|
|
get array for revokedCertificates field
This method returns parsed revokedCertificates field value as array of revokedCertificate parameter. |
|
|
get signature algorithm name in basic field
This method will get a name of signature algorithm in CRL.
|
|
|
get signature value as hexadecimal string
This method will get signature value of CRL. |
|
|
get JSON object of thisUpdate field
This method returns parsed thisUpdate field value as string. |
|
|
get X.509 CRL format version
This method returns a version field value TBSCertList. |
|
|
verifySignature(pubKey)
verifies signature value by public key
This method verifies signature value of hexadecimal string of X.509 CRL by specified public key. |
Class Detail
X509CRL(params)
hexadecimal X.509 CRL ASN.1 parser class.
This class parses X.509 CRL. Following methods are provided to get field value:
BASIC FIELD
Author: Kenji Urushima.
This class parses X.509 CRL. Following methods are provided to get field value:
BASIC FIELD
- version - X509CRL#getVersion
- signatureAlgorithm - X509CRL#getSignatureAlgorithmField
- issuer - X509CRL#getIssuer
- issuer - X509CRL#getIssuerHex
- thisUpdate - X509CRL#getThisUpdate
- nextUpdate - X509CRL#getNextUpdate
- revokedCertificates - X509CRL#getRevCertArray
- revokedCertificate - X509CRL#getRevCert
- signature - X509CRL#getSignatureValueHex
- X509CRL#getParam - get all parameters
Author: Kenji Urushima.
// constructor
crl = new X509CRL("-----BEGIN X509 CRL...");
crl = new X509CRL("3082...");
- Parameters:
- {String} params
- X.509 CRL PEM string or hexadecimal string
Field Detail
{String}
hex
hexadecimal string of X.509 CRL ASN.1 data
{Integer}
posRevCert
index of revokedCertificates field in TBSCertList depends on CRL version and nextUpdate field
{Integer}
posSigAlg
index of SignatureAlgorithm field in TBSCertList position depends on CRL version field
Method Detail
{object}
findRevCert(PEM)
get revokedCertificate associative array for checking certificate
This method will find revokedCertificate entry as JSON object for a specified certificate.
When the serial number is not found in the entry, this returns null.
Before finding, X509CRL#getParam is called internally to parse CRL.
NOTE: This method will just find an entry for a serial number. You need to check whether CRL is proper one or not for checking certificate such as signature validation or name checking.
This method will find revokedCertificate entry as JSON object for a specified certificate.
When the serial number is not found in the entry, this returns null.
Before finding, X509CRL#getParam is called internally to parse CRL.
NOTE: This method will just find an entry for a serial number. You need to check whether CRL is proper one or not for checking certificate such as signature validation or name checking.
crl = new X509CRL(PEMCRL);
crl.findRevCert(PEMCERT-REVOKED) →
{sn:"123a", date:"208025235959Z", ext: [{extname:"cRLReason",code:3}]}
crl.findRevCert(PEMCERT-NOTREVOKED) → null
crl.findRevCert(CERT-HEX) → null or {sn:...}
- Parameters:
- {string} PEM
- or hexadecimal string of certificate to be revocation-checked
- Since:
- jsrsasign 10.5.5 x509crl 1.0.3
- Returns:
- {object} JSON object for revokedCertificate or null
{object}
findRevCertBySN(hexadecimal)
get revokedCertificate associative array for serial number
This method will find revokedCertificate entry as JSON object for a specified serial number.
When the serial number is not found in the entry, this returns null.
Before finding, X509CRL#getParam is called internally to parse CRL.
NOTE: This method will just find an entry for a serial number. You need to check whether CRL is proper one or not for checking certificate such as signature validation or name checking.
This method will find revokedCertificate entry as JSON object for a specified serial number.
When the serial number is not found in the entry, this returns null.
Before finding, X509CRL#getParam is called internally to parse CRL.
NOTE: This method will just find an entry for a serial number. You need to check whether CRL is proper one or not for checking certificate such as signature validation or name checking.
crl = new X509CRL(PEMCRL);
crl.findRevCertBySN("123a") → // revoked
{sn:"123a", date:"208025235959Z", ext: [{extname:"cRLReason",code:3}]}
crl.findRevCertBySN("0000") → null // not revoked
- Parameters:
- {string} hexadecimal
- string of checking certificate serial number
- Since:
- jsrsasign 10.5.5 x509crl 1.0.3
- Returns:
- {object} JSON object for revokedCertificate or null
{Array}
getIssuer()
get JSON object of issuer field
This method returns parsed issuer field value as JSON object.
This method returns parsed issuer field value as JSON object.
crl = new X509CRL("-----BEGIN X509 CRL...");
x.getIssuer() →
{ array: [[{type:'C',value:'JP',ds:'prn'}],...],
str: "/C=JP/..." }
- Returns:
- {Array} JSON object of issuer field
{string}
getIssuerHex()
get hexadecimal string of issuer field TLV of certificate.
This method returns ASN.1 DER hexadecimal string of issuer field.
This method returns ASN.1 DER hexadecimal string of issuer field.
crl = new X509CRL("-----BEGIN X509 CRL...");
x.getIssuerHex() → "30..."
- Since:
- jsrsasign 10.5.5 x509crl 1.0.3
- Returns:
- {string} hexadecial string of issuer DN ASN.1
- See:
- X509CRL#getIssuer
{String}
getNextUpdate()
get JSON object of nextUpdate field
This method returns parsed nextUpdate field value as string. "nextUpdate" is OPTIONAL field so when nextUpdate field doesn't exists, this returns null.
This method returns parsed nextUpdate field value as string. "nextUpdate" is OPTIONAL field so when nextUpdate field doesn't exists, this returns null.
crl = new X509CRL("-----BEGIN X509 CRL...");
crl.getNextUpdate() → "200825235959Z"
- Returns:
- {String} string of nextUpdate field or null
{Array}
getParam()
get JSON object for CRL parameters
This method returns a JSON object of the CRL parameters. Return value can be passed to KJUR.asn1.x509.CRL constructor.
NOTE1: From jsrsasign 10.5.16, optional argument can be applied. It can have following members:
This method returns a JSON object of the CRL parameters. Return value can be passed to KJUR.asn1.x509.CRL constructor.
NOTE1: From jsrsasign 10.5.16, optional argument can be applied. It can have following members:
- tbshex - if this is true, tbshex member with hex value of tbsCertList will be added
- nodnarray - if this is true, array member for subject and issuer will be deleted to simplify it
crl = new X509CRL("-----BEGIN X509 CRL...");
crl.getParam() →
{version: 2,
sigalg: "SHA256withRSA",
issuer: {array:
[[{type:"C",value:"JP",ds:"prn"}],[{type:"O",value:"T1",ds:"prn"}]]},
thisupdate: "200820212434Z",
nextupdate: "200910212434Z",
revcert: [
{sn:{hex:"123d..."},
date:"061110000000Z",
ext:[{extname:"cRLReason",code:4}]}],
ext: [
{extname:"authorityKeyIdentifier",kid:{hex: "03de..."}},
{extname:"cRLNumber",num:{hex:"0211"}}],
sighex: "3c5e..."}
crl.getParam({tbshex: true}) → { ... , tbshex: "30..." }
crl.getParam({nodnarray: true}) → {issuer: {str: "/C=JP"}, ...}
- Returns:
- {Array} JSON object for CRL parameters
- See:
- KJUR.asn1.x509.CRL
{Array}
getRevCert()
get revokedCertificate JSON parameter
This method returns parsed revokedCertificate parameter as JSON object.
This method returns parsed revokedCertificate parameter as JSON object.
crl = new X509CRL();
crl.getRevCertArray("30...") →
{sn:"123a", date:"208025235959Z", ext: [{extname:"cRLReason",code:3}]}
- Returns:
- {Array} JSON object for revokedCertificate parameter
{Array}
getRevCertArray()
get array for revokedCertificates field
This method returns parsed revokedCertificates field value as array of revokedCertificate parameter. If the field doesn't exists, it returns null.
This method returns parsed revokedCertificates field value as array of revokedCertificate parameter. If the field doesn't exists, it returns null.
crl = new X509CRL("-----BEGIN X509 CRL...");
crl.getRevCertArray() →
[{sn:"123a", date:"208025235959Z", ext: [{extname:"cRLReason",code:3}]},
{sn:"123b", date:"208026235959Z", ext: [{extname:"cRLReason",code:0}]}]
- Returns:
- {Array} array of revokedCertificate parameter or null
- See:
- X509CRL#getRevCert
{String}
getSignatureAlgorithmField()
get signature algorithm name in basic field
This method will get a name of signature algorithm in CRL.
crl = new X509CRL("-----BEGIN X509 CRL...");
crl.getSignatureAlgorithmField() → "SHA256withRSAandMGF1"
- Returns:
- {String} signature algorithm name (ex. SHA1withRSA, SHA256withECDSA, SHA512withRSAandMGF1)
- See:
- X509#getSignatureAlgorithmField
- KJUR.asn1.x509.AlgirithmIdentifier
{String}
getSignatureValueHex()
get signature value as hexadecimal string
This method will get signature value of CRL.
This method will get signature value of CRL.
crl = new X509CRL("-----BEGIN X509 CRL...");
crl.getSignatureValueHex() &rarr "8a4c47913..."
- Returns:
- {String} signature value hexadecimal string without BitString unused bits
{String}
getThisUpdate()
get JSON object of thisUpdate field
This method returns parsed thisUpdate field value as string.
This method returns parsed thisUpdate field value as string.
crl = new X509CRL("-----BEGIN X509 CRL...");
x.getThisUpdate() → "200825235959Z"
- Returns:
- {String} string of thisUpdate field (ex. "YYMMDDHHmmSSZ")
{Number}
getVersion()
get X.509 CRL format version
This method returns a version field value TBSCertList. This returns null if there is no such field.
This method returns a version field value TBSCertList. This returns null if there is no such field.
crl = new X509CRL("-----BEGIN X509 CRL...");
crl.getVersion() → 2
- Returns:
- {Number} version field value (generally 2) or null
{Boolean}
verifySignature(pubKey)
verifies signature value by public key
This method verifies signature value of hexadecimal string of X.509 CRL by specified public key. The signature algorithm used to verify will refer signatureAlgorithm field. (See X509CRL#getSignatureAlgorithmField)
This method verifies signature value of hexadecimal string of X.509 CRL by specified public key. The signature algorithm used to verify will refer signatureAlgorithm field. (See X509CRL#getSignatureAlgorithmField)
crl = new X509CRL("-----BEGIN X509 CRL...");
x.verifySignature(pubKey) → true, false or raising exception
- Parameters:
- {Object} pubKey
- public key object, pubkey PEM or PEM issuer cert
- Returns:
- {Boolean} true if signature value is valid otherwise false