Class Index | File Index

Classes

Class X509


Version 1.0.1 (08 May 2012).
hexadecimal X.509 certificate ASN.1 parser class
Defined in: x509-1.1.js.

Class Summary
Constructor Attributes Constructor Name and Description
 
X509()
hexadecimal X.509 certificate ASN.1 parser class.
Field Summary
Field Attributes Field Name and Description
 
hex
hexacedimal string for X.509 certificate.
 
subjectPublicKeyRSA
Tom Wu's RSAKey object
 
subjectPublicKeyRSA_hE
hexadecimal string for public exponent of RSA public key
 
subjectPublicKeyRSA_hN
hexadecimal string for modulus of RSA public key
Method Summary
Method Attributes Method Name and Description
<static>  
X509.getExtAIAInfo(hCert)
get AuthorityInfoAccess extension value in the certificate as associative array This method will get authority info access value as associate array which has following properties:
  • ocsp - array of string for OCSP responder URL
  • caissuer - array of string for caIssuer value (i.e.
<static>  
X509.getExtAuthorityKeyIdentifier(hCert)
get authorityKeyIdentifier value as JSON object in the certificate This method will get authority key identifier extension value as JSON object.
<static>  
X509.getExtBasicConstraints(hCert)
get BasicConstraints extension value as object in the certificate This method will get basic constraints extension value as object with following paramters.
<static>  
X509.getExtCRLDistributionPointsURI(hCert)
get array of string for fullName URIs in cRLDistributionPoints(CDP) in the certificate This method will get all fullName URIs of cRLDistributionPoints extension in the certificate as array of URI string.
<static>  
X509.getExtExtKeyUsageName(hCert)
get extKeyUsage value as array of name string in the certificate This method will get extended key usage extension value as array of name or OID string.
<static>  
X509.getExtKeyUsageBin(hCert)
get KeyUsage extension value as binary string in the certificate This method will get key usage extension value as binary string such like '101'.
<static>  
X509.getExtKeyUsageString(hCert)
get KeyUsage extension value as names in the certificate This method will get key usage extension value as comma separated string of usage names.
<static>  
X509.getExtSubjectAltName(hCert)
get subjectAltName value as array of string in the certificate This method will get subject alt name extension value as array of name.
<static>  
X509.getExtSubjectKeyIdentifier(hCert)
get subjectKeyIdentifier value as hexadecimal string in the certificate This method will get subject key identifier extension value as hexadecimal string.
<static>  
X509.getHexOfTLV_V3ExtValue(hCert, oidOrName)
get X.509 V3 extension value ASN.1 TLV for specified oid or name This method will get X.509v3 extension value of ASN.1 TLV which is specifyed by extension name or oid.
<static>  
X509.getHexOfV_V3ExtValue(hCert, oidOrName)
get X.509 V3 extension value ASN.1 V for specified oid or name This method will get X.509v3 extension value of ASN.1 value which is specifyed by extension name or oid.
 
getInfo()
get certificate information as string.
 
getIssuerHex()
get hexadecimal string of issuer field TLV of certificate.
 
getIssuerString()
get string of issuer field of certificate.
 
getNotAfter()
get notAfter field string of certificate.
 
getNotBefore()
get notBefore field string of certificate.
<static>  
X509.getPosOfTLV_V3ExtValue(hCert, oidOrName)
get index in the certificate hexa string for specified oid or name specified extension This method will get X.509v3 extension value of ASN.1 V(value) which is specifyed by extension name or oid.
<static>  
X509.getPublicKeyFromCertPEM(sCertPEM)
get RSAKey/ECDSA public key object from PEM certificate string NOTE: DSA is also supported since x509 1.1.2.
<static>  
X509.getPublicKeyInfoPosOfCertHEX(hCert)
get position of subjectPublicKeyInfo field from HEX certificate get position for SubjectPublicKeyInfo field in the hexadecimal string of certificate.
<static>  
X509.getPublicKeyInfoPropOfCertPEM(sCertPEM)
get public key information from PEM certificate Resulted associative array has following properties:
  • algoid - hexadecimal string of OID of asymmetric key algorithm
  • algparam - hexadecimal string of OID of ECC curve name or null
  • keyhex - hexadecimal string of key in the certificate
NOTE: X509v1 certificate is also supported since x509.js 1.1.9.
 
getSerialNumberHex()
get hexadecimal string of serialNumber field of certificate.
 
getSignatureAlgorithmField()
get signature algorithm name in basic field This method will get a name of signature algorithm field of certificate:
<static>  
X509.getSignatureAlgorithmName(hCert)
get signature algorithm name from hexadecimal certificate data This method will get signature algorithm name of certificate:
<static>  
X509.getSignatureValueHex(hCert)
get signature value in hexadecimal string This method will get signature value of certificate:
 
getSubjectHex()
get hexadecimal string of subject field of certificate.
 
getSubjectString()
get string of subject field of certificate.
<static>  
X509.getV3ExtInfoListOfCertHex(hCert)
get array of X.509 V3 extension value information in hex string of certificate This method will get all extension information of a X.509 certificate.
<static>  
X509.getV3ExtItemInfo_AtObj(hCert, pos)
get X.509 V3 extension value information at the specified position This method will get some information of a X.509 V extension which is referred by an index of hexadecimal string of X.509 certificate.
<static>  
X509.pemToBase64(sCertPEM)
get Base64 string from PEM certificate string
<static>  
X509.pemToHex(sCertPEM)
get a hexa decimal string from PEM certificate string
 
readCertPEM(sCertPEM)
read PEM formatted X.509 certificate from string.
Class Detail
X509()
hexadecimal X.509 certificate ASN.1 parser class.
X509 class provides following functionality:
  • parse X.509 certificate ASN.1 structure
  • get basic fields, extensions, signature algorithms and signature values
  • read PEM certificate

Author: Kenji Urushima.
See:
'jsrsasign'(RSA Sign JavaScript Library) home page http://kjur.github.com/jsrsasign/
Field Detail
{String} hex
hexacedimal string for X.509 certificate.
{RSAKey} subjectPublicKeyRSA
Tom Wu's RSAKey object
{String} subjectPublicKeyRSA_hE
hexadecimal string for public exponent of RSA public key
{String} subjectPublicKeyRSA_hN
hexadecimal string for modulus of RSA public key
Method Detail
<static> {Object} X509.getExtAIAInfo(hCert)
get AuthorityInfoAccess extension value in the certificate as associative array This method will get authority info access value as associate array which has following properties: If there is no key usage extension in the certificate, it returns null; 
oAIA = X509.getExtAIAInfo(hCert);
// result will be such like:
// oAIA.ocsp = ["http://ocsp.foo.com"];
// oAIA.caissuer = ["http://rep.foo.com/aaa.p8m"];
Parameters:
{String} hCert
hexadecimal string of X.509 certificate binary
Since:
x509 1.1.6
Returns:
{Object} associative array of AIA extension properties
<static> {Object} X509.getExtAuthorityKeyIdentifier(hCert)
get authorityKeyIdentifier value as JSON object in the certificate This method will get authority key identifier extension value as JSON object. If there is no its extension in the certificate, it returns null.
NOTE: Currently this method only supports keyIdentifier so that authorityCertIssuer and authorityCertSerialNumber will not be return in the JSON object. 
akid = X509.getExtAuthorityKeyIdentifier(hCert);
// returns following JSON object
{ kid: "1234abcd..." }
Parameters:
{String} hCert
hexadecimal string of X.509 certificate binary
Since:
jsrsasign 5.0.10 x509 1.1.8
Returns:
{Object} JSON object of authority key identifier or null
<static> {Object} X509.getExtBasicConstraints(hCert)
get BasicConstraints extension value as object in the certificate This method will get basic constraints extension value as object with following paramters. There are use cases for return values: 
obj = X509.getExtBasicConstraints(hCert);
Parameters:
{String} hCert
hexadecimal string of X.509 certificate binary
Since:
x509 1.1.7
Returns:
{Object} associative array which may have "cA" and "pathLen" parameters
<static> {Object} X509.getExtCRLDistributionPointsURI(hCert)
get array of string for fullName URIs in cRLDistributionPoints(CDP) in the certificate This method will get all fullName URIs of cRLDistributionPoints extension in the certificate as array of URI string. If there is no its extension in the certificate, it returns null.
NOTE: Currently this method supports only fullName URI so that other parameters will not be returned. 
cdpuri = X509.getExtCRLDistributionPointsURI(hCert);
// returns following array:
["http://example.com/aaa.crl", "http://example.org/aaa.crl"]
Parameters:
{String} hCert
hexadecimal string of X.509 certificate binary
Since:
jsrsasign 5.0.10 x509 1.1.8
Returns:
{Object} array of fullName URIs of CDP of the certificate
<static> {Object} X509.getExtExtKeyUsageName(hCert)
get extKeyUsage value as array of name string in the certificate This method will get extended key usage extension value as array of name or OID string. If there is no its extension in the certificate, it returns null.
NOTE: Supported extended key usage ID names are defined in name2oidList parameter in asn1x509.js file. 
eku = X509.getExtExtKeyUsageName(hCert);
// returns following array:
["serverAuth", "clientAuth", "0.1.2.3.4.5"]
Parameters:
{String} hCert
hexadecimal string of X.509 certificate binary
Since:
jsrsasign 5.0.10 x509 1.1.8
Returns:
{Object} array of extended key usage ID name or oid
<static> {String} X509.getExtKeyUsageBin(hCert)
get KeyUsage extension value as binary string in the certificate This method will get key usage extension value as binary string such like '101'. Key usage bits definition is in the RFC 5280. If there is no key usage extension in the certificate, it returns empty string (i.e. ''). 
bKeyUsage = X509.getExtKeyUsageBin(hCert);
// bKeyUsage will be such like '101'.
// 1 - digitalSignature 
// 0 - nonRepudiation
// 1 - keyEncipherment
Parameters:
{String} hCert
hexadecimal string of X.509 certificate binary
Since:
x509 1.1.6
Returns:
{String} binary string of key usage bits (ex. '101')
<static> {String} X509.getExtKeyUsageString(hCert)
get KeyUsage extension value as names in the certificate This method will get key usage extension value as comma separated string of usage names. If there is no key usage extension in the certificate, it returns empty string (i.e. ''). 
sKeyUsage = X509.getExtKeyUsageString(hCert);
// sKeyUsage will be such like 'digitalSignature,keyEncipherment'.
Parameters:
{String} hCert
hexadecimal string of X.509 certificate binary
Since:
x509 1.1.6
Returns:
{String} comma separated string of key usage
<static> {Object} X509.getExtSubjectAltName(hCert)
get subjectAltName value as array of string in the certificate This method will get subject alt name extension value as array of name. If there is no its extension in the certificate, it returns null.
NOTE: Currently this method supports only dNSName so that other name type such like iPAddress or generalName will not be returned. 
san = X509.getExtSubjectAltName(hCert);
// returns following array:
["example.com", "example.org"]
Parameters:
{String} hCert
hexadecimal string of X.509 certificate binary
Since:
jsrsasign 5.0.10 x509 1.1.8
Returns:
{Object} array of alt names
<static> {String} X509.getExtSubjectKeyIdentifier(hCert)
get subjectKeyIdentifier value as hexadecimal string in the certificate This method will get subject key identifier extension value as hexadecimal string. If there is no its extension in the certificate, it returns null. 
skid = X509.getExtSubjectKeyIdentifier(hCert);
Parameters:
{String} hCert
hexadecimal string of X.509 certificate binary
Since:
jsrsasign 5.0.10 x509 1.1.8
Returns:
{String} hexadecimal string of subject key identifier or null
<static> {String} X509.getHexOfTLV_V3ExtValue(hCert, oidOrName)
get X.509 V3 extension value ASN.1 TLV for specified oid or name This method will get X.509v3 extension value of ASN.1 TLV which is specifyed by extension name or oid. If there is no such extension in the certificate, it returns null. 
hExtValue = X509.getHexOfTLV_V3ExtValue(hCert, "keyUsage");
// hExtValue will be such like '030205a0'.
Parameters:
{String} hCert
hexadecimal string of X.509 certificate binary
{String} oidOrName
oid or name for extension (ex. 'keyUsage' or '2.5.29.15')
Since:
x509 1.1.6
Returns:
{String} hexadecimal string of extension ASN.1 TLV
<static> {String} X509.getHexOfV_V3ExtValue(hCert, oidOrName)
get X.509 V3 extension value ASN.1 V for specified oid or name This method will get X.509v3 extension value of ASN.1 value which is specifyed by extension name or oid. If there is no such extension in the certificate, it returns null. Available extension names and oids are defined in the KJUR.asn1.x509.OID class. 
hExtValue = X509.getHexOfV_V3ExtValue(hCert, "keyUsage");
// hExtValue will be such like '05a0'.
Parameters:
{String} hCert
hexadecimal string of X.509 certificate binary
{String} oidOrName
oid or name for extension (ex. 'keyUsage' or '2.5.29.15')
Since:
x509 1.1.6
Returns:
{String} hexadecimal string of extension ASN.1 TLV
{String} getInfo()
get certificate information as string.
x = new X509();
x.readCertPEM(certPEM);
console.log(x.getInfo());
// this shows as following
Basic Fields
  serial number: 02ac5c266a0b409b8f0b79f2ae462577
  signature algorithm: SHA1withRSA
  issuer: /C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert High Assurance EV Root CA
  notBefore: 061110000000Z
  notAfter: 311110000000Z
  subject: /C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert High Assurance EV Root CA
  subject public key info: 
    key algorithm: RSA
    n=c6cce573e6fbd4bb...
    e=10001
X509v3 Extensions:
  keyUsage CRITICAL:
    digitalSignature,keyCertSign,cRLSign
  basicConstraints CRITICAL:
    cA=true
  subjectKeyIdentifier :
    b13ec36903f8bf4701d498261a0802ef63642bc3
  authorityKeyIdentifier :
    kid=b13ec36903f8bf4701d498261a0802ef63642bc3
signature algorithm: SHA1withRSA
signature: 1c1a0697dcd79c9f...
Since:
jsrsasign 5.0.10 x509 1.1.8
Returns:
{String} certificate information string
{String} getIssuerHex()
get hexadecimal string of issuer field TLV of certificate.
var x = new X509();
x.readCertPEM(sCertPEM);
var issuer = x.getIssuerHex(); // return string like "3013..."
Returns:
{String} hexadecial string of issuer DN ASN.1
{String} getIssuerString()
get string of issuer field of certificate.
var x = new X509();
x.readCertPEM(sCertPEM);
var issuer = x.getIssuerString(); // return string like "/C=US/O=TEST"
Returns:
{String} issuer DN string
{String} getNotAfter()
get notAfter field string of certificate.
var x = new X509();
x.readCertPEM(sCertPEM);
var notAfter = x.getNotAfter(); // return string like "151231235959Z"
Returns:
{String} not after time value (ex. "151231235959Z")
{String} getNotBefore()
get notBefore field string of certificate.
var x = new X509();
x.readCertPEM(sCertPEM);
var notBefore = x.getNotBefore(); // return string like "151231235959Z"
Returns:
{String} not before time value (ex. "151231235959Z")
<static> {Integer} X509.getPosOfTLV_V3ExtValue(hCert, oidOrName)
get index in the certificate hexa string for specified oid or name specified extension This method will get X.509v3 extension value of ASN.1 V(value) which is specifyed by extension name or oid. If there is no such extension in the certificate, it returns -1. Available extension names and oids are defined in the KJUR.asn1.x509.OID class. 
idx = X509.getPosOfV_V3ExtValue(hCert, "keyUsage");
// The 'idx' will be index in the string for keyUsage value ASN.1 TLV.
Parameters:
{String} hCert
hexadecimal string of X.509 certificate binary
{String} oidOrName
oid or name for extension (ex. 'keyUsage' or '2.5.29.15')
Since:
x509 1.1.6
Returns:
{Integer} index in the hexadecimal string of certficate for specified extension
<static> X509.getPublicKeyFromCertPEM(sCertPEM)
get RSAKey/ECDSA public key object from PEM certificate string NOTE: DSA is also supported since x509 1.1.2.
Parameters:
{String} sCertPEM
PEM formatted RSA/ECDSA/DSA X.509 certificate
Since:
x509 1.1.1
Returns:
returns RSAKey/KJUR.crypto.{ECDSA,DSA} object of public key
<static> {Integer} X509.getPublicKeyInfoPosOfCertHEX(hCert)
get position of subjectPublicKeyInfo field from HEX certificate get position for SubjectPublicKeyInfo field in the hexadecimal string of certificate.
Parameters:
{String} hCert
hexadecimal string of certificate
Since:
x509 1.1.4
Returns:
{Integer} position in hexadecimal string
<static> {Hash} X509.getPublicKeyInfoPropOfCertPEM(sCertPEM)
get public key information from PEM certificate Resulted associative array has following properties:
NOTE: X509v1 certificate is also supported since x509.js 1.1.9.
Parameters:
{String} sCertPEM
string of PEM formatted certificate
Since:
x509 1.1.1
Returns:
{Hash} hash of information for public key
{String} getSerialNumberHex()
get hexadecimal string of serialNumber field of certificate.
var x = new X509();
x.readCertPEM(sCertPEM);
var sn = x.getSerialNumberHex(); // return string like "01ad..."
Returns:
{String} hexadecimal string of certificate serial number
{String} getSignatureAlgorithmField()
get signature algorithm name in basic field This method will get a name of signature algorithm field of certificate: 
var x = new X509();
x.readCertPEM(sCertPEM);
algName = x.getSignatureAlgorithmField();
Since:
x509 1.1.8
Returns:
{String} signature algorithm name (ex. SHA1withRSA, SHA256withECDSA)
<static> {String} X509.getSignatureAlgorithmName(hCert)
get signature algorithm name from hexadecimal certificate data This method will get signature algorithm name of certificate: 
algName = X509.getSignatureAlgorithmName(hCert);
Parameters:
{String} hCert
hexadecimal string of X.509 certificate binary
Since:
x509 1.1.7
Returns:
{String} signature algorithm name (ex. SHA1withRSA, SHA256withECDSA)
<static> {String} X509.getSignatureValueHex(hCert)
get signature value in hexadecimal string This method will get signature value of certificate: 
sigHex = X509.getSignatureValueHex(hCert);
Parameters:
{String} hCert
hexadecimal string of X.509 certificate binary
Since:
x509 1.1.7
Returns:
{String} signature value hexadecimal string without BitString unused bits
{String} getSubjectHex()
get hexadecimal string of subject field of certificate.
var x = new X509();
x.readCertPEM(sCertPEM);
var subject = x.getSubjectHex(); // return string like "3013..."
Returns:
{String} hexadecial string of subject DN ASN.1
{String} getSubjectString()
get string of subject field of certificate.
var x = new X509();
x.readCertPEM(sCertPEM);
var subject = x.getSubjectString(); // return string like "/C=US/O=TEST"
Returns:
{String} subject DN string
<static> {Array} X509.getV3ExtInfoListOfCertHex(hCert)
get array of X.509 V3 extension value information in hex string of certificate This method will get all extension information of a X.509 certificate. Items of resulting array has following properties: 
hCert = X509.pemToHex(certGithubPEM);
a = X509.getV3ExtInfoListOfCertHex(hCert);
// Then a will be an array of like following:
[{posTLV: 1952, oid: "2.5.29.35", critical: false, posV: 1968},
 {posTLV: 1974, oid: "2.5.29.19", critical: true, posV: 1986}, ...]
Parameters:
{String} hCert
hexadecimal string of X.509 certificate binary
Since:
x509 1.1.5
Returns:
{Array} array of result object by X509.getV3ExtInfoListOfCertHex
<static> {Object} X509.getV3ExtItemInfo_AtObj(hCert, pos)
get X.509 V3 extension value information at the specified position This method will get some information of a X.509 V extension which is referred by an index of hexadecimal string of X.509 certificate. Resulting object has following properties: This method is used by X509.getV3ExtInfoListOfCertHex internally.
Parameters:
{String} hCert
hexadecimal string of X.509 certificate binary
{Integer} pos
index of hexadecimal string for the extension
Since:
x509 1.1.5
Returns:
{Object} properties for the extension
<static> {String} X509.pemToBase64(sCertPEM)
get Base64 string from PEM certificate string 
b64 = X509.pemToBase64(certPEM);
Parameters:
{String} sCertPEM
PEM formatted RSA/ECDSA/DSA X.509 certificate
Returns:
{String} Base64 string of PEM certificate
<static> {String} X509.pemToHex(sCertPEM)
get a hexa decimal string from PEM certificate string 
hex = X509.pemToHex(certPEM);
Parameters:
{String} sCertPEM
PEM formatted RSA/ECDSA/DSA X.509 certificate
Returns:
{String} hexadecimal string of PEM certificate
readCertPEM(sCertPEM)
read PEM formatted X.509 certificate from string.
x = new X509();
x.readCertPEM(sCertPEM); // read certificate
Parameters:
{String} sCertPEM
string for PEM formatted X.509 certificate
© 2012-2015 Kenji Urushima, All rights reserved
Documentation generated by JsDoc Toolkit 2.4.0