Class X509
Version
1.0.1 (08 May 2012).
hexadecimal X.509 certificate ASN.1 parser class
Defined in: x509-1.1.js.
Constructor Attributes | Constructor Name and Description |
---|---|
X509(params)
hexadecimal X.509 certificate ASN.1 parser class.
|
Field Attributes | Field Name and Description |
---|---|
(DEPRECATED) array of parameters for extensions
|
|
getOtherName ASN.1 structure parameter as JSON object
This method will get OtherName parameters defined in RFC 5280 4.2.1.6. |
|
hexacedimal string for X.509 certificate.
|
|
format version (1: X509v1, 3: X509v3, otherwise: unknown) since jsrsasign 7.1.4
|
Method Attributes | Method Name and Description |
---|---|
c14nRDNArray(aRDN)
simple canonicalization(c14n) for RDN array
This method canonicalizes a DN string according to "RFC 4518 StringPrep Appendix B Substring Matching" as following:
|
|
dnarraytostr(aDN)
convert array for X500 distinguish name to distinguish name string
This method converts from an array representation of X.500 distinguished name to X.500 name string. |
|
findExt(aExt, extname)
find extension parameter in array
This method returns an extension parameter for specified extension name in the array. |
|
get algorithm name name of AlgorithmIdentifier ASN.1 structure
This method will get a name of AlgorithmIdentifier.
|
|
get AttributeTypeAndValue ASN.1 structure parameter as JSON object
This method will get AttributeTypeAndValue parameters defined in RFC 5280 4.1.2.4. |
|
getCriticalExtV(extname, hExtV, critical)
get extension value and critical flag value
This method is an utility method for all getExt* of extensions. |
|
get DisplayText ASN.1 structure parameter as JSON object
This method will get
DisplayText parameters.
|
|
get DistributionPoint ASN.1 structure parameter as JSON object
This method will get DistributionPoint parameters.
|
|
get DistributionPointName ASN.1 structure parameter as JSON object
This method will get DistributionPointName parameters.
|
|
getExtAdobeTimeStamp(hExtV, critical)
parse AdobeTimeStamp extension as JSON object
This method parses X.509v3 AdobeTimeStamp private extension value defined in the Adobe site as JSON object. |
|
get AuthorityInfoAccess extension value in the certificate as associative array
This method will get authority info access value
as associate array which has following properties:
|
|
getExtAuthorityInfoAccess(hExtV, critical)
get AuthorityInfoAccess extension value as JSON object
This method parse authorityInfoAccess extension.
|
|
getExtAuthorityKeyIdentifier(hExtV, critical)
get authorityKeyIdentifier value as JSON object in the certificate
This method will get AuthorityKeyIdentifier extension value as JSON object. |
|
getExtBasicConstraints(hExtV, critical)
get BasicConstraints extension value as object in the certificate
This method will get basic constraints extension value as object with following paramters.
|
|
getExtCertificatePolicies(hExtV, critical)
get CertificatePolicies extension value as JSON object
This method will get certificate policies value
as an array of JSON object which has properties defined
in KJUR.asn1.x509.CertificatePolicies.
|
|
getExtCRLDistributionPoints(hExtV, critical)
get CRLDistributionPoints extension value as JSON object
This method will get certificate policies value
as an array of JSON object which has properties defined
in KJUR.asn1.x509.CRLDistributionPoints.
|
|
get array of string for fullName URIs in cRLDistributionPoints(CDP) in the certificate (DEPRECATED)
This method will get all fullName URIs of cRLDistributionPoints extension
in the certificate as array of URI string.
|
|
getExtCRLNumber(hExtV, critical)
parse cRLNumber CRL extension as JSON object
This method parses CRLNumber CRL extension value defined in RFC 5280 5.2.3 as JSON object. |
|
getExtCRLReason(hExtV, critical)
parse cRLReason CRL entry extension as JSON object
This method parses CRLReason CRL entry extension value defined in RFC 5280 5.3.1 as JSON object. |
|
getExtExtKeyUsage(hExtV, critical)
get extKeyUsage value as JSON object
This method parse extKeyUsage extension.
|
|
get extKeyUsage value as array of name string in the certificate(DEPRECATED)
This method will get extended key usage extension value as array of name or OID string. |
|
getExtInfo(oidOrName)
get a X.509v3 extesion information such as extension OID, criticality and value index for specified oid or name.
|
|
getExtInhibitAnyPolicy(hExtV, critical)
get InhibitAnyPolicy extension value as JSON object
This method will get certificate policies value as an array of JSON object which has properties defined in KJUR.asn1.x509.InhibitAnyPolicy. |
|
getExtIssuerAltName(hExtV, critical)
get issuerAltName value as array of string in the certificate
This method will get issuerAltName value
as an array of JSON object which has properties defined
in KJUR.asn1.x509.IssuerAltName.
|
|
getExtKeyUsage(hExtV, critical)
get KeyUsage extension value as JSON object
This method parse keyUsage extension.
|
|
getExtKeyUsageBin(hExtV)
get KeyUsage extension value as binary string in the certificate
This method will get key usage extension value as binary string such like '101'. |
|
getExtKeyUsageString(hExtV)
get KeyUsage extension value as names in the certificate
This method will get key usage extension value as comma separated string of usage names. |
|
getExtNameConstraints(hExtV, critical)
get NameConstraints extension value as object in the certificate
This method will get name constraints extension value as object with following paramters. |
|
getExtOcspNoCheck(hExtV, critical)
parse OCSPNoCheck OCSP extension as JSON object
This method parses OCSPNoCheck extension value defined in RFC 6960 4.2.2.2.1 as JSON object. |
|
getExtOcspNonce(hExtV, critical)
parse OCSPNonce OCSP extension as JSON object
This method parses Nonce OCSP extension value defined in RFC 6960 4.4.1 as JSON object. |
|
getExtParam(hExt)
get a extension parameter JSON object
This method returns a extension parameters as JSON object. |
|
getExtParamArray(hExtSeq)
get array of certificate extension parameter JSON object
This method returns an array of certificate extension parameters. |
|
getExtPolicyConstraints(hExtV, critical)
get PolicyConstraints extension value as JSON object
This method will get certificate policies value as an array of JSON object which has properties defined in KJUR.asn1.x509.PolicyConstraints. |
|
getExtPolicyMappings(hExtV, critical)
get PolicyMappings extension value as JSON object
This method will get certificate policies value as an array of JSON object which has properties defined in KJUR.asn1.x509.PolicyMappings. |
|
getExtSubjectAltName(hExtV, critical)
get subjectAltName value as array of string in the certificate
This method will get subjectAltName value
as an array of JSON object which has properties defined
in KJUR.asn1.x509.SubjectAltName.
|
|
get subjectAltName value as array of string in the certificate (DEPRECATED)
This method will get subject alt name extension value
as array of type and name.
|
|
getExtSubjectKeyIdentifier(hExtV, critical)
get subjectKeyIdentifier value as hexadecimal string in the certificate
This method will get SubjectKeyIdentifier extension value as JSON object. |
|
get GeneralName ASN.1 structure parameter as JSON object
This method will get GeneralName parameters defined in RFC 5280 4.2.1.6. |
|
get GeneralNames ASN.1 structure parameter as JSON object
This method will get GeneralNames parameters defined in
RFC 5280 4.2.1.6.
|
|
get GeneralSubtree ASN.1 structure parameter as JSON object
This method will get GeneralSubtree parameters defined in RFC 5280 4.2.1.10. |
|
getInfo()
get certificate information as string.
|
|
getIssuer(flagCanon, flagHex)
get JSON object of issuer field
Get a JSON object of an issuer field. |
|
get hexadecimal string of issuer field TLV of certificate.
|
|
get string of issuer field of certificate.
|
|
get notAfter field string of certificate.
|
|
get notBefore field string of certificate.
|
|
getParam(option)
get JSON object of certificate parameters
This method returns a JSON object of the certificate parameters. |
|
get PolicyInformation ASN.1 structure parameter as JSON object
This method will get PolicyInformation parameters defined in
RFC 5280 4.2.1.4.
|
|
get PolicyQualifierInfo ASN.1 structure parameter as JSON object
This method will get
PolicyQualifierInfo parameters.
|
|
get a RSAKey/ECDSA/DSA public key object of subjectPublicKeyInfo field.
|
|
get a string index of contents of subjectPublicKeyInfo BITSTRING value from hexadecimal certificate
|
|
<static> |
X509.getPublicKeyFromCertHex(h)
get RSA/DSA/ECDSA public key object from X.509 certificate hexadecimal string
|
<static> |
X509.getPublicKeyFromCertPEM(sCertPEM)
get RSA/DSA/ECDSA public key object from PEM certificate string
NOTE: DSA is also supported since x509 1.1.2.
|
get a hexadecimal string of subjectPublicKeyInfo field.
|
|
get a string index of subjectPublicKeyInfo field for hexadecimal string certificate.
|
|
<static> |
X509.getPublicKeyInfoPropOfCertPEM(sCertPEM)
get public key information from PEM certificate
Resulted associative array has following properties:
|
getRDN(h)
get RelativeDistinguishedName ASN.1 structure parameter array
This method will get RelativeDistinguishedName parameters defined in RFC 5280 4.1.2.4. |
|
get hexadecimal string of serialNumber field of certificate.
|
|
get signature algorithm name in basic field
This method will get a name of signature algorithm in
basic field of certificate.
|
|
get signature algorithm name from hexadecimal certificate data
This method will get signature algorithm name of certificate:
|
|
get signature value as hexadecimal string
This method will get signature value of certificate: |
|
getSPKI()
get ASN.1 TLV hexadecimal string of subjectPublicKeyInfo field.
|
|
get hexadecimal string of subjectPublicKey of subjectPublicKeyInfo field.
|
|
getSubject(flagCanon, flagHex)
get JSON object of subject field
Get a JSON object of a subject field. |
|
get hexadecimal string of subject field of certificate.
|
|
get string of subject field of certificate.
|
|
get UserNotice ASN.1 structure parameter as JSON object
This method will get
UserNotice parameters.
|
|
get format version (X.509v1 or v3 certificate)
This method returns a format version of X.509 certificate. |
|
getX500Name(h, flagCanon, flagHex)
get Name ASN.1 structure parameter array
This method will get Name parameter defined in RFC 5280 4.1.2.4. |
|
get X.500 Name ASN.1 structure parameter array
This method will get Name parameter defined in RFC 5280 4.1.2.4. |
|
<static> |
X509.hex2attrTypeValue(hex, idx)
get string from hexadecimal string of ASN.1 DER AttributeTypeAndValue
This static method converts from a hexadecimal string of AttributeTypeAndValue specified by 'hex' and 'idx' to LDAP string representation (ex. |
<static> |
X509.hex2dn(hex, idx)
get distinguished name string in OpenSSL online format from hexadecimal string of ASN.1 DER X.500 name
This static method converts from a hexadecimal string of distinguished name (DN) specified by 'hex' and 'idx' to OpenSSL oneline string representation (ex. |
<static> |
X509.hex2rdn(hex, idx)
get relative distinguished name string in OpenSSL online format from hexadecimal string of ASN.1 DER RDN
This static method converts from a hexadecimal string of relative distinguished name (RDN) specified by 'hex' and 'idx' to LDAP string representation (ex. |
parseExt(hCSR)
set array of X.509v3 and CSR extesion information such as extension OID, criticality and value index.
|
|
readCertHex(sCertHex)
read a hexadecimal string of X.509 certificate
NOTE: X509#parseExt will called internally since jsrsasign 7.2.0. |
|
readCertPEM(sCertPEM)
read PEM formatted X.509 certificate from string.
|
|
setCanonicalizedDN(pDN)
set canonicalized DN to a DN parameter
This method canonicalizes a DN string as following:
|
|
updateAIACAIssuer(aExt, newURI)
update authorityInfoAccess caIssuer in parameter
This method updates "caIssuer" accessMethod URI of AuthorityInfoAccess extension in the extension parameter array if it exists. |
|
updateAIAOCSP(aExt, newURI)
update authorityInfoAccess ocsp in parameter
This method updates "ocsp" accessMethod URI of AuthorityInfoAccess extension in the extension parameter array if it exists. |
|
updateCDPFullURI(aExt, newURI)
update CRLDistributionPoints Full URI in parameter
This method updates Full URI of CRLDistributionPoints extension in the extension parameter array if it exists. |
|
verifySignature(pubKey)
verifies signature value by public key
This method verifies signature value of hexadecimal string of X.509 certificate by specified public key object. |
Class Detail
X509(params)
hexadecimal X.509 certificate ASN.1 parser class.
X509 class provides following functionality:
Author: Kenji Urushima.
X509 class provides following functionality:
- parse X.509 certificate ASN.1 structure
- get basic fields, extensions, signature algorithms and signature values
- read PEM certificate
- TO GET FIELDS
- serial - X509#getSerialNumberHex
- signature algorithm field - X509#getSignatureAlgorithmField
- issuer - X509#getIssuerHex
- issuer - X509#getIssuerString
- notBefore - X509#getNotBefore
- notAfter - X509#getNotAfter
- subject - X509#getSubjectHex
- subject - X509#getSubjectString
- subjectPublicKeyInfo - X509#getPublicKey
- subjectPublicKeyInfo - X509#getPublicKeyHex
- subjectPublicKeyInfo - X509#getPublicKeyIdx
- subjectPublicKeyInfo - X509.getPublicKeyFromCertPEM
- subjectPublicKeyInfo - X509.getPublicKeyFromCertHex
- subjectPublicKeyInfo - X509#getPublicKeyContentIdx
- signature algorithm - X509#getSignatureAlgorithmName
- signature value - X509#getSignatureValueHex
- X509 METHODS TO GET EXTENSIONS
- authorityKeyIdentifier - X509#getExtAuthorityKeyIdentifier
- subjectKeyIdentifier - X509#getExtSubjectKeyIdentifier
- keyUsage - X509#getExtKeyUsage
- keyUsage - X509#getExtKeyUsageBin
- keyUsage - X509#getExtKeyUsageString
- certificatePolicies - X509#getExtCertificatePolicies
- policyMappings - X509#getExtPolicyMappings
- policyConstraints - X509#getExtPolicyConstraints
- inhibitAnyPolicy - X509#getExtInhibitAnyPolicy
- subjectAltName - X509#getExtSubjectAltName
- subjectAltName2 - X509#getExtSubjectAltName2 (DEPRECATED)
- issuerAltName - X509#getExtIssuerAltName
- basicConstraints - X509#getExtBasicConstraints
- nameConstraints - X509#getExtNameConstraints
- extKeyUsage - X509#getExtExtKeyUsage
- extKeyUsage - X509#getExtExtKeyUsageName (DEPRECATED)
- cRLDistributionPoints - X509#getExtCRLDistributionPoints
- cRLDistributionPoints - X509#getExtCRLDistributionPointsURI (DEPRECATED)
- authorityInfoAccess - X509#getExtAuthorityInfoAccess
- authorityInfoAccess - X509#getExtAIAInfo (DEPRECATED)
- cRLNumber - X509#getExtCRLNumber
- cRLReason - X509#getExtCRLReason
- ocspNonce - X509#getExtOcspNonce
- ocspNoCheck - X509#getExtOcspNoCheck
- adobeTimeStamp - X509#getExtAdobeTimeStamp
- UTILITIES
- reading PEM X.509 certificate - X509#readCertPEM
- reading hexadecimal string of X.509 certificate - X509#readCertHex
- get all certificate information - X509#getInfo
- get specified extension information - X509#getExtInfo
- verify signature value - X509#verifySignature
- utility for extensions - X509#getCriticalExtV
Author: Kenji Urushima.
- Parameters:
- params
Field Detail
{Array}
aExtInfo
(DEPRECATED) array of parameters for extensions
{Array}
getOtherName
getOtherName ASN.1 structure parameter as JSON object
This method will get OtherName parameters defined in RFC 5280 4.2.1.6.
This method will get OtherName parameters defined in RFC 5280 4.2.1.6.
OtherName ::= SEQUENCE { type-id OBJECT IDENTIFIER, value [0] EXPLICIT ANY DEFINED BY type-id }The value of member "other" is converted by ASN1HEX#parse.
x = new X509(); x.getOtherName("30...") → { oid: "1.2.3.4", value: {utf8str: {str: "aaa"}} }
- Since:
- jsrsasign 10.5.3 x509 2.0.12
- See:
- KJUR.asn1.x509.GeneralNames
- KJUR.asn1.x509.GeneralName
- KJUR.asn1.x509.OtherName
- X509#getGeneralName
- ASN1HEX#parse
{String}
hex
hexacedimal string for X.509 certificate.
{Number}
version
format version (1: X509v1, 3: X509v3, otherwise: unknown) since jsrsasign 7.1.4
Method Detail
{string}
c14nRDNArray(aRDN)
simple canonicalization(c14n) for RDN array
This method canonicalizes a DN string according to "RFC 4518 StringPrep Appendix B Substring Matching" as following:
This method canonicalizes a DN string according to "RFC 4518 StringPrep Appendix B Substring Matching" as following:
- convert to lower case
- convert from all sequence of spaces to a space
- remove leading and trailing spaces
var x = new X509(); x.c14nRDNArray([ [{type:"C", value:"JP", ds: "prn"}], [{type:"O", value:" Test 1234 ", ds: "utf8"}], [{type:"OU", value:"HR 45", ds: "utf8"}] ]) → "/c=jp/o=test 1234/ou=hr 45"
- Parameters:
- {array} aRDN
- array of RDN parameters
- Since:
- jsrsasign 10.6.0 x509 2.1.0
- Returns:
- {string} canonicalized distinguish name (ex. "/c=jp/o=test ca")
{String}
dnarraytostr(aDN)
convert array for X500 distinguish name to distinguish name string
This method converts from an array representation of X.500 distinguished name to X.500 name string. This supports multi-valued RDN.
This method converts from an array representation of X.500 distinguished name to X.500 name string. This supports multi-valued RDN.
var x = new X509(); x.dnarraytostr( [[{type:"C",value:"JP",ds:"prn"}], [{type:"O",value:"T1",ds:"prn"}]]) → "/C=JP/O=T1" x.dnarraytostr( [[{type:"C",value:"JP",ds:"prn"}], [{type:"O",value:"T1",ds:"prn"} {type:"CN",value:"Bob",ds:"prn"}]]) → "/C=JP/O=T1+CN=Bob"
- Parameters:
- {Array} aDN
- array for X500 distinguish name
- Since:
- jsrsasign 10.0.6 x509 2.0.8
- Returns:
- {String} distinguish name
{Array}
findExt(aExt, extname)
find extension parameter in array
This method returns an extension parameter for specified extension name in the array. This method is useful to update extension parameter value. When there is no such extension with the extname, this returns "null".
This method returns an extension parameter for specified extension name in the array. This method is useful to update extension parameter value. When there is no such extension with the extname, this returns "null".
// (1) x = new X509(CERTPEM); params = x.getParam(); pSKID = x.findExt(params.ext, "subjectKeyIdentifier"); pSKID.kid = "1234abced..."; // skid in the params is updated. // then params was updated // (2) another example aExt = [ {extname:"keyUsage",critical:true,names:["digitalSignature"]}, {extname:"basicConstraints",critical:true}, {extname:"subjectKeyIdentifier",kid:{hex:"f2eb..."}}, {extname:"authorityKeyIdentifier",kid:{hex:"12ab..."}}, {extname:"authorityInfoAccess",array:[{ocsp:"http://ocsp.example.com/"}]}, {extname:"certificatePolicies",array:[{policyoid:"2.23.140.1.2.1"}]} ]; var x = new X509(); x.findExt(aExt, "authorityKeyInfoAccess").array[0].ocsp = "http://aaa.com"; pKU = x.findExt(aExt, "keyUsage"); delete pKU["critical"]; // clear criticla flag pKU.names = ["keyCertSign", "cRLSign"]; // then aExt was updated
- Parameters:
- {Array} aExt
- array of extension parameters
- {String} extname
- extension name
- Since:
- jsrsasign 10.0.3 x509 2.0.7
- Returns:
- {Array} extension parameter in the array or null
- See:
- X509#getParam
{String}
getAlgorithmIdentifierName(hTLV)
get algorithm name name of AlgorithmIdentifier ASN.1 structure
This method will get a name of AlgorithmIdentifier.
var x = new X509(); algName = x.getAlgorithmIdentifierName("30...");
- Parameters:
- {String} hTLV
- hexadecimal string of AlgorithmIdentifier
- Since:
- jsrsasign 9.0.0 x509 2.0.0
- Returns:
- {String} algorithm name (ex. SHA1withRSA, SHA256withECDSA, SHA512withRSAandMGF1, SHA1)
{Object}
getAttrTypeAndValue(h)
get AttributeTypeAndValue ASN.1 structure parameter as JSON object
This method will get AttributeTypeAndValue parameters defined in RFC 5280 4.1.2.4.
This method will get AttributeTypeAndValue parameters defined in RFC 5280 4.1.2.4.
AttributeTypeAndValue ::= SEQUENCE { type AttributeType, value AttributeValue } AttributeType ::= OBJECT IDENTIFIER AttributeValue ::= ANY -- DEFINED BY AttributeType
- {String}type - AttributeType name or OID(ex. C,O,CN)
- {String}value - raw string of ASN.1 value of AttributeValue
- {String}ds - DirectoryString type of AttributeValue
- utf8 - (0x0c) UTF8String
- num - (0x12) NumericString
- prn - (0x13) PrintableString
- tel - (0x14) TeletexString
- ia5 - (0x16) IA5String
- vis - (0x1a) VisibleString
- bmp - (0x1e) BMPString
x = new X509(); x.getAttrTypeAndValue("30...") → {type:"CN",value:"john.smith@example.com",ds:"ia5"} or {type:"O",value:"Sample Corp.",ds:"prn"}
- Parameters:
- {String} h
- hexadecimal string of AttributeTypeAndValue
- Since:
- jsrsasign 9.0.0 x509 2.0.0
- Returns:
- {Object} JSON object of AttributeTypeAndValue parameters
{Array}
getCriticalExtV(extname, hExtV, critical)
get extension value and critical flag value
This method is an utility method for all getExt* of extensions.
This method is an utility method for all getExt* of extensions.
x = new X509(sCertPEM); x.getCriticalExtV("inhibitAnyPolicy") &rarr ["020103", true] // get from X509 object x.getCriticalExtV("inhibitAnyPolicy", "020104", true) &rarr ["020104", true] // by argument of method.
- Parameters:
- {string} extname
- name string of the extension
- {string} hExtV
- hexadecimal string of extension
- {boolean} critical
- flag
- Since:
- jsrsasign 10.6.1 x509 2.1.1
- Returns:
- {Array} extension value hex and critical flag
{Object}
getDisplayText(h)
get DisplayText ASN.1 structure parameter as JSON object
This method will get
DisplayText parameters.
DisplayText ::= CHOICE { ia5String IA5String (SIZE (1..200)), visibleString VisibleString (SIZE (1..200)), bmpString BMPString (SIZE (1..200)), utf8String UTF8String (SIZE (1..200)) }Result of this method can be passed to KJUR.asn1.x509.DisplayText constructor.
x = new X509(); x.getDisplayText("0c03616161") &rarr {type: 'utf8', str: 'aaa'} x.getDisplayText("1e03616161") &rarr {type: 'bmp', str: 'aaa'}
- Parameters:
- {String} h
- hexadecimal string of DisplayText
- Since:
- jsrsasign 9.0.0 x509 2.0.0
- Returns:
- {Object} JSON object of DisplayText parameters
{Object}
getDistributionPoint(h)
get DistributionPoint ASN.1 structure parameter as JSON object
This method will get DistributionPoint parameters.
Result of this method can be passed to
KJUR.asn1.x509.DistributionPoint constructor.
NOTE: reasons[1] and CRLIssuer[2] field not supported
NOTE: reasons[1] and CRLIssuer[2] field not supported
x = new X509(); x.getDistributionPoint("30...") → {dpname: {full: [{uri: "http://aaa.com/"}]}}
- Parameters:
- {String} h
- hexadecimal string of DistributionPoint
- Since:
- jsrsasign 9.0.0 x509 2.0.0
- Returns:
- {Object} JSON object of DistributionPoint parameters
- See:
- X509#getExtCRLDistributionPoints
- X509#getDistributionPointName
- X509#getGeneralNames
- X509#getGeneralName
{Object}
getDistributionPointName(h)
get DistributionPointName ASN.1 structure parameter as JSON object
This method will get DistributionPointName parameters.
Result of this method can be passed to
KJUR.asn1.x509.DistributionPointName constructor.
NOTE: nameRelativeToCRLIssuer[1] not supported
NOTE: nameRelativeToCRLIssuer[1] not supported
x = new X509(); x.getDistributionPointName("a0...") → {full: [{uri: "http://aaa.com/"}]}
- Parameters:
- {String} h
- hexadecimal string of DistributionPointName
- Since:
- jsrsasign 9.0.0 x509 2.0.0
- Returns:
- {Object} JSON object of DistributionPointName parameters
- See:
- X509#getExtCRLDistributionPoints
- X509#getDistributionPoint
- X509#getGeneralNames
- X509#getGeneralName
{Array}
getExtAdobeTimeStamp(hExtV, critical)
parse AdobeTimeStamp extension as JSON object
This method parses X.509v3 AdobeTimeStamp private extension value defined in the Adobe site as JSON object. This extension provides the URL location for time stamp service.
Result of this method can be passed to KJUR.asn1.x509.AdobeTimeStamp constructor.
NOTE: This extesion doesn't seem to have official name. This may be called as "pdfTimeStamp".
This method parses X.509v3 AdobeTimeStamp private extension value defined in the Adobe site as JSON object. This extension provides the URL location for time stamp service.
adbe- OBJECT IDENTIFIER ::= { adbe(1.2.840.113583) acrobat(1) security(1) x509Ext(9) 1 } ::= SEQUENCE { version INTEGER { v1(1) }, -- extension version location GeneralName (In v1 GeneralName can be only uniformResourceIdentifier) requiresAuth boolean (default false), OPTIONAL }
Result of this method can be passed to KJUR.asn1.x509.AdobeTimeStamp constructor.
NOTE: This extesion doesn't seem to have official name. This may be called as "pdfTimeStamp".
x.getExtAdobeTimeStamp(<>) → { extname: "adobeTimeStamp", uri: "http://tsa.example.com/" reqauth: true }
- Parameters:
- {String} hExtV
- hexadecimal string of extension value
- {Boolean} critical
- flag
- Since:
- jsrsasign 10.0.1 x509 2.0.5
- Returns:
- {Array} JSON object of parsed AdobeTimeStamp extension
{Object}
getExtAIAInfo()
get AuthorityInfoAccess extension value in the certificate as associative array
This method will get authority info access value
as associate array which has following properties:
- ocsp - array of string for OCSP responder URL
- caissuer - array of string for caIssuer value (i.e. CA certificates URL)
x = new X509(); x.readCertPEM(sCertPEM); // parseExt() will also be called internally. x.getExtAIAInfo(hCert) → { ocsp: ["http://ocsp.foo.com"], caissuer: ["http://rep.foo.com/aaa.p8m"] }
- Since:
- jsrsasign 7.2.0 x509 1.1.14
- Returns:
- {Object} associative array of AIA extension properties
{Array}
getExtAuthorityInfoAccess(hExtV, critical)
get AuthorityInfoAccess extension value as JSON object
This method parse authorityInfoAccess extension. When arguments are
not specified, its extension in X509 object will be parsed.
Result of this method can be passed to
KJUR.asn1.x509.AuthorityInfoAccess constructor.
When hExtV and critical specified as arguments, return value will be generated from them.
When hExtV and critical specified as arguments, return value will be generated from them.
x = new X509(); x.readCertPEM(sCertPEM); // parseExt() will also be called internally. x.getExtAuthorityInfoAccess() → { critial: true, // array: [{ocsp: http://ocsp.example.com/}, {caissuer: https://repository.example.com/}] } x = new X509(); x.getExtAuthorityInfoAccesss("306230...") x.getExtAuthorityInfoAccesss("306230...", true)
- Parameters:
- {String} hExtV
- hexadecimal string of extension value (OPTIONAL)
- {Boolean} critical
- flag (OPTIONAL)
- Since:
- jsrsasign 9.0.0 x509 2.0.0
- Returns:
- {Array} JSON object of AuthorityInfoAccess parameters or undefined
{Array}
getExtAuthorityKeyIdentifier(hExtV, critical)
get authorityKeyIdentifier value as JSON object in the certificate
This method will get AuthorityKeyIdentifier extension value as JSON object.
When hExtV and critical specified as arguments, return value will be generated from them. If there is no such extension in the certificate, it returns undefined.
Result of this method can be passed to KJUR.asn1.x509.AuthorityKeyIdentifier constructor.
NOTE: The 'authorityCertIssuer' and 'authorityCertSerialNumber' supported since jsrsasign 9.0.0 x509 2.0.0.
This method will get AuthorityKeyIdentifier extension value as JSON object.
When hExtV and critical specified as arguments, return value will be generated from them. If there is no such extension in the certificate, it returns undefined.
Result of this method can be passed to KJUR.asn1.x509.AuthorityKeyIdentifier constructor.
id-ce-authorityKeyIdentifier OBJECT IDENTIFIER ::= { id-ce 35 } AuthorityKeyIdentifier ::= SEQUENCE { keyIdentifier [0] KeyIdentifier OPTIONAL, authorityCertIssuer [1] GeneralNames OPTIONAL, authorityCertSerialNumber [2] CertificateSerialNumber OPTIONAL } KeyIdentifier ::= OCTET STRINGConstructor may have following parameters:
- {Array}kid - JSON object of KJUR.asn1.DEROctetString parameters
- {Array}issuer - JSON object of KJUR.asn1.x509.X500Name parameters
- {Array}sn - JSON object of KJUR.asn1.DERInteger parameters
- {Boolean}critical - critical flag
NOTE: The 'authorityCertIssuer' and 'authorityCertSerialNumber' supported since jsrsasign 9.0.0 x509 2.0.0.
x = new X509(); x.readCertPEM(sCertPEM); // parseExt() will also be called internally. x.getExtAuthorityKeyIdentifier() → { kid: {hex: "1234abcd..."}, issuer: {hex: "30..."}, sn: {hex: "1234..."}, critical: true}
- Parameters:
- {String} hExtV
- hexadecimal string of extension value (OPTIONAL)
- {Boolean} critical
- flag (OPTIONAL)
- Since:
- jsrsasign 7.2.0 x509 1.1.14
- Returns:
- {Array} JSON object of AuthorityKeyIdentifier parameter or undefined
{Array}
getExtBasicConstraints(hExtV, critical)
get BasicConstraints extension value as object in the certificate
This method will get basic constraints extension value as object with following paramters.
- {Boolean}cA - CA flag whether CA or not
- {Integer}pathLen - maximum intermediate certificate length
- {Boolean}critical - critical flag
- {cA:true,pathLen:3,critical:true} - cA flag is true and pathLen is 3
- {cA:true,critical:true} - cA flag is true and no pathLen
- {} - basic constraints has no value in case of end entity certificate
- undefined - there is no basic constraints extension
x = new X509(); x.readCertPEM(sCertPEM); // parseExt() will also be called internally. x.getExtBasicConstraints() → {cA:true,pathLen:3,critical:true}
- Parameters:
- {String} hExtV
- hexadecimal string of extension value (OPTIONAL)
- {Boolean} critical
- flag (OPTIONAL)
- Since:
- jsrsasign 7.2.0 x509 1.1.14
- Returns:
- {Array} JSON object of BasicConstraints parameter or undefined
{Object}
getExtCertificatePolicies(hExtV, critical)
get CertificatePolicies extension value as JSON object
This method will get certificate policies value
as an array of JSON object which has properties defined
in KJUR.asn1.x509.CertificatePolicies.
Result of this method can be passed to
KJUR.asn1.x509.CertificatePolicies constructor.
If there is no this extension in the certificate,
it returns undefined.
CAUTION: return value of JSON object format have been changed from jsrsasign 9.0.0 without backword compatibility.
When hExtV and critical specified as arguments, return value will be generated from them.
CAUTION: return value of JSON object format have been changed from jsrsasign 9.0.0 without backword compatibility.
When hExtV and critical specified as arguments, return value will be generated from them.
x = new X509(); x.readCertPEM(sCertPEM); // parseExt() will also be called internally. x.getExtCertificatePolicies() → { array: [ { policyoid: "1.2.3.4" } { policyoid: "1.2.3.5", array: [ { cps: "https://example.com/" }, { unotice: { exptext: { type: "bmp", str: "sample text" } } } ] } ]}
- Parameters:
- {String} hExtV
- hexadecimal string of extension value (OPTIONAL)
- {Boolean} critical
- flag (OPTIONAL)
- Since:
- jsrsasign 7.2.0 x509 1.1.14
- Returns:
- {Object} JSON object of CertificatePolicies parameters or undefined
{Object}
getExtCRLDistributionPoints(hExtV, critical)
get CRLDistributionPoints extension value as JSON object
This method will get certificate policies value
as an array of JSON object which has properties defined
in KJUR.asn1.x509.CRLDistributionPoints.
Result of this method can be passed to
KJUR.asn1.x509.CRLDistributionPoints constructor.
If there is no this extension in the certificate,
it returns undefined.
x = new X509(); x.readCertPEM(sCertPEM); // parseExt() will also be called internally. x.getExtCRLDistributionPoints() → {array: [ {dpname: {full: [{uri: "http://example.com/"}]}}, {dpname: {full: [{uri: "ldap://example.com/"}]}} ], critical: true}
- Parameters:
- {String} hExtV
- hexadecimal string of extension value (OPTIONAL)
- {Boolean} critical
- flag (OPTIONAL)
- Since:
- jsrsasign 9.0.0 x509 2.0.0
- Returns:
- {Object} JSON object of CRLDistributionPoints parameters or undefined
- See:
- KJUR.asn1.x509.CRLDistributionPoints
- X509#getDistributionPoint
- X509#getDistributionPointName
- X509#getGeneralNames
- X509#getGeneralName
{Object}
getExtCRLDistributionPointsURI()
get array of string for fullName URIs in cRLDistributionPoints(CDP) in the certificate (DEPRECATED)
This method will get all fullName URIs of cRLDistributionPoints extension
in the certificate as array of URI string.
If there is this in the certificate, it returns undefined;
NOTE: Currently this method supports only fullName URI so that other parameters will not be returned.
NOTE: Currently this method supports only fullName URI so that other parameters will not be returned.
x = new X509(); x.readCertPEM(sCertPEM); // parseExt() will also be called internally. x.getExtCRLDistributionPointsURI() → ["http://example.com/aaa.crl", "http://example.org/aaa.crl"]
- Since:
- jsrsasign 7.2.0 x509 1.1.14
- Returns:
- {Object} array of fullName URIs of CDP of the certificate
getExtCRLNumber(hExtV, critical)
parse cRLNumber CRL extension as JSON object
This method parses CRLNumber CRL extension value defined in RFC 5280 5.2.3 as JSON object.
Result of this method can be passed to KJUR.asn1.x509.CRLNumber constructor.
This method parses CRLNumber CRL extension value defined in RFC 5280 5.2.3 as JSON object.
id-ce-cRLNumber OBJECT IDENTIFIER ::= { id-ce 20 } CRLNumber ::= INTEGER (0..MAX)
Result of this method can be passed to KJUR.asn1.x509.CRLNumber constructor.
crl = X509CRL("-----BEGIN X509 CRL..."); ... get hExtV and critical flag ... crl.getExtCRLNumber("02...", false) → {extname: "cRLNumber", num: {hex: "12af"}}
- Parameters:
- {String} hExtV
- hexadecimal string of extension value
- {Boolean} critical
- flag
- Since:
- jsrsasign 9.1.1 x509 2.0.1
getExtCRLReason(hExtV, critical)
parse cRLReason CRL entry extension as JSON object
This method parses CRLReason CRL entry extension value defined in RFC 5280 5.3.1 as JSON object.
Result of this method can be passed to KJUR.asn1.x509.CRLReason constructor.
This method parses CRLReason CRL entry extension value defined in RFC 5280 5.3.1 as JSON object.
id-ce-cRLReasons OBJECT IDENTIFIER ::= { id-ce 21 } -- reasonCode ::= { CRLReason } CRLReason ::= ENUMERATED { unspecified (0), keyCompromise (1), cACompromise (2), affiliationChanged (3), superseded (4), cessationOfOperation (5), certificateHold (6), removeFromCRL (8), privilegeWithdrawn (9), aACompromise (10) }
Result of this method can be passed to KJUR.asn1.x509.CRLReason constructor.
crl = X509CRL("-----BEGIN X509 CRL..."); ... get hExtV and critical flag ... crl.getExtCRLReason("02...", false) → {extname: "cRLReason", code: 3}
- Parameters:
- {String} hExtV
- hexadecimal string of extension value
- {Boolean} critical
- flag
- Since:
- jsrsasign 9.1.1 x509 2.0.1
{Array, Object}
getExtExtKeyUsage(hExtV, critical)
get extKeyUsage value as JSON object
This method parse extKeyUsage extension. When arguments are
not specified, its extension in X509 object will be parsed.
Result of this method can be passed to
KJUR.asn1.x509.ExtKeyUsage constructor.
When hExtV and critical specified as arguments, return value will be generated from them.
When hExtV and critical specified as arguments, return value will be generated from them.
x = new X509(); x.readCertPEM(sCertPEM); // parseExt() will also be called internally. x.getExtExtKeyUsage() → { array: ["clientAuth", "emailProtection", "1.3.6.1.4.1.311.10.3.4"], critical: true},
- Parameters:
- {String} hExtV
- hexadecimal string of extension value (OPTIONAL)
- {Boolean} critical
- flag (OPTIONAL)
- Since:
- jsrsasign 9.0.0 x509 2.0.0
- Returns:
- {Array} JSON object of ExtKeyUsage parameter or undefined
- {Object} JSONarray of extended key usage ID name or oid
{Object}
getExtExtKeyUsageName()
get extKeyUsage value as array of name string in the certificate(DEPRECATED)
This method will get extended key usage extension value as array of name or OID string. If there is this in the certificate, it returns undefined;
NOTE: Supported extended key usage ID names are defined in name2oidList parameter in asn1x509.js file.
This method will get extended key usage extension value as array of name or OID string. If there is this in the certificate, it returns undefined;
NOTE: Supported extended key usage ID names are defined in name2oidList parameter in asn1x509.js file.
x = new X509(); x.readCertPEM(sCertPEM); // parseExt() will also be called internally. x.getExtExtKeyUsageName() → ["serverAuth", "clientAuth", "0.1.2.3.4.5"]
- Deprecated:
- since jsrsasign 9.0.0 x509 2.0.0
- Since:
- jsrsasign 7.2.0 x509 1.1.14
- Returns:
- {Object} array of extended key usage ID name or oid
getExtInfo(oidOrName)
get a X.509v3 extesion information such as extension OID, criticality and value index for specified oid or name.
This method will get an X.509v3 extension information JSON object having extension OID, criticality and value idx for specified extension OID or name. If there is no such extension, this returns undefined.
This method will get an X.509v3 extension information JSON object having extension OID, criticality and value idx for specified extension OID or name. If there is no such extension, this returns undefined.
x = new X509(); x.readCertPEM(sCertPEM); // parseExt() will also be called internally. x.getExtInfo("keyUsage") → { oid: "2.5.29.15", critical: true, vidx: 1714 } x.getExtInfo("unknownExt") → undefined
- Parameters:
- {String} oidOrName
- X.509 extension oid or name (ex. keyUsage or 2.5.29.19)
- Since:
- jsrsasign 7.2.0 x509 1.1.14
- Returns:
- X.509 extension information such as extension OID or value indx (see X509#parseExt)
{Object}
getExtInhibitAnyPolicy(hExtV, critical)
get InhibitAnyPolicy extension value as JSON object
This method will get certificate policies value as an array of JSON object which has properties defined in KJUR.asn1.x509.InhibitAnyPolicy. Result of this method can be passed to KJUR.asn1.x509.InhibitAnyPolicy constructor. If there is no this extension in the certificate, it returns undefined.
When hExtV and critical specified as arguments, return value will be generated from them.
This method will get certificate policies value as an array of JSON object which has properties defined in KJUR.asn1.x509.InhibitAnyPolicy. Result of this method can be passed to KJUR.asn1.x509.InhibitAnyPolicy constructor. If there is no this extension in the certificate, it returns undefined.
When hExtV and critical specified as arguments, return value will be generated from them.
x = new X509(sCertPEM); x.getExtInhibitAnyPolicy() → { extname: "policyConstraints", critical: true, skip: 3 } x.getExtInhibitAnyPolicy("020103", true) → same as above
- Parameters:
- {String} hExtV
- hexadecimal string of extension value (OPTIONAL)
- {Boolean} critical
- flag (OPTIONAL)
- Since:
- jsrsasign 10.6.1 x509 2.1.1
- Returns:
- {Object} JSON object of InhibitAnyPolicy parameters or undefined
{Array}
getExtIssuerAltName(hExtV, critical)
get issuerAltName value as array of string in the certificate
This method will get issuerAltName value
as an array of JSON object which has properties defined
in KJUR.asn1.x509.IssuerAltName.
Result of this method can be passed to
KJUR.asn1.x509.IssuerAltName constructor.
If there is no this extension in the certificate,
it returns undefined.
When hExtV and critical specified as arguments, return value will be generated from them.
When hExtV and critical specified as arguments, return value will be generated from them.
x = new X509(); x.readCertPEM(sCertPEM); // parseExt() will also be called internally. x.getExtIssuerAltName() → { array: [ {uri: "http://example.com/"}, {rfc822: "user1@example.com"}, {dns: "example.com"} ], critical: true } x.getExtIssuerAltName("3026...") → { array: [{ip: "192.168.1.1"}] }
- Parameters:
- {String} hExtV
- hexadecimal string of extension value (OPTIONAL)
- {Boolean} critical
- flag (OPTIONAL)
- Since:
- jsrsasign 9.0.0 x509 2.0.0
- Returns:
- {Array} JSON object of IssuerAltName parameters
{Array}
getExtKeyUsage(hExtV, critical)
get KeyUsage extension value as JSON object
This method parse keyUsage extension. When arguments are
not specified, its extension in X509 object will be parsed.
Result of this method can be passed to
KJUR.asn1.x509.KeyUsage constructor.
When hExtV and critical specified as arguments, return value will be generated from them.
When hExtV and critical specified as arguments, return value will be generated from them.
id-ce-keyUsage OBJECT IDENTIFIER ::= { id-ce 15 } KeyUsage ::= BIT STRING { digitalSignature (0), nonRepudiation (1), keyEncipherment (2), dataEncipherment (3), keyAgreement (4), keyCertSign (5), cRLSign (6), encipherOnly (7), decipherOnly (8) }
x = new X509(); x.readCertPEM(sCertPEM); // parseExt() will also be called internally. x.getExtKeyUsage() → { critial: true, names: ["digitalSignature", "decipherOnly"] } x = new X509(); x.getExtKeyUsage("306230...") x.getExtKeyUsage("306230...", true)
- Parameters:
- {String} hExtV
- hexadecimal string of extension value (OPTIONAL)
- {Boolean} critical
- flag (OPTIONAL)
- Since:
- jsrsasign 9.0.0 x509 2.0.0
- Returns:
- {Array} JSON object of KeyUsage parameter or undefined
{String}
getExtKeyUsageBin(hExtV)
get KeyUsage extension value as binary string in the certificate
This method will get key usage extension value as binary string such like '101'. Key usage bits definition is in the RFC 5280. If there is no key usage extension in the certificate, it returns empty string (i.e. '').
NOTE: argument 'hExtV' supported since jsrsasign 9.0.0 x509 2.0.0.
This method will get key usage extension value as binary string such like '101'. Key usage bits definition is in the RFC 5280. If there is no key usage extension in the certificate, it returns empty string (i.e. '').
NOTE: argument 'hExtV' supported since jsrsasign 9.0.0 x509 2.0.0.
x = new X509(); x.readCertPEM(sCertPEM); // parseExt() will also be called internally. x.getExtKeyUsageBin() → '101' // 1 - digitalSignature // 0 - nonRepudiation // 1 - keyEncipherment
- Parameters:
- {String} hExtV
- hexadecimal string of extension value (OPTIONAL)
- Since:
- jsrsasign 7.2.0 x509 1.1.14
- Returns:
- {String} binary string of key usage bits (ex. '101')
- See:
- X509#getExtKeyUsage
{String}
getExtKeyUsageString(hExtV)
get KeyUsage extension value as names in the certificate
This method will get key usage extension value as comma separated string of usage names. If there is no key usage extension in the certificate, it returns empty string (i.e. '').
NOTE: argument 'hExtV' supported since jsrsasign 9.0.0 x509 2.0.0.
This method will get key usage extension value as comma separated string of usage names. If there is no key usage extension in the certificate, it returns empty string (i.e. '').
NOTE: argument 'hExtV' supported since jsrsasign 9.0.0 x509 2.0.0.
x = new X509(); x.readCertPEM(sCertPEM); // parseExt() will also be called internally. x.getExtKeyUsageString() → "digitalSignature,keyEncipherment"
- Parameters:
- {String} hExtV
- hexadecimal string of extension value (OPTIONAL)
- Since:
- jsrsasign 7.2.0 x509 1.1.14
- Returns:
- {String} comma separated string of key usage
- See:
- X509#getExtKeyUsage
{Object}
getExtNameConstraints(hExtV, critical)
get NameConstraints extension value as object in the certificate
This method will get name constraints extension value as object with following paramters.
This method will get name constraints extension value as object with following paramters.
- {Array}permit - array of KJUR.asn1.x509.GeneralSubtree parameter
- {Array}exclude - array of KJUR.asn1.x509.GeneralSubtree parameter
- {Boolean}critical - critical flag
x = new X509(sCertPEM); x.getExtNameConstraints() → { critical: true, permit: [{dns: 'example.com'},{rfc822: 'john@example.com'}], exclude: [{dn: {...X500Name parameter...}}] }
- Parameters:
- {String} hExtV
- hexadecimal string of extension value (OPTIONAL)
- {Boolean} critical
- flag (OPTIONAL)
- Since:
- jsrsasign 10.5.16 x509 2.0.16
- Returns:
- {Object} JSON object of NamConstraints parameter or undefined
- See:
- KJUR.asn1.x509.NameConstraints
- KJUR.asn1.x509.GeneralSubtree
- KJUR.asn1.x509.GeneralName
- X509#getGeneralSubtree
- X509#getGeneralName
{Array}
getExtOcspNoCheck(hExtV, critical)
parse OCSPNoCheck OCSP extension as JSON object
This method parses OCSPNoCheck extension value defined in RFC 6960 4.2.2.2.1 as JSON object.
Result of this method can be passed to KJUR.asn1.x509.OCSPNoCheck constructor.
This method parses OCSPNoCheck extension value defined in RFC 6960 4.2.2.2.1 as JSON object.
id-pkix-ocsp-nocheck OBJECT IDENTIFIER ::= { id-pkix-ocsp 5 }
Result of this method can be passed to KJUR.asn1.x509.OCSPNoCheck constructor.
x = new X509(); x.getExtOcspNoCheck(<>) → { extname: "ocspNoCheck" }
- Parameters:
- {String} hExtV
- hexadecimal string of extension value
- {Boolean} critical
- flag
- Since:
- jsrsasign 9.1.6 x509 2.0.3
- Returns:
- {Array} JSON object of parsed OCSPNoCheck extension
{Array}
getExtOcspNonce(hExtV, critical)
parse OCSPNonce OCSP extension as JSON object
This method parses Nonce OCSP extension value defined in RFC 6960 4.4.1 as JSON object.
Result of this method can be passed to KJUR.asn1.x509.OCSPNonce constructor.
This method parses Nonce OCSP extension value defined in RFC 6960 4.4.1 as JSON object.
id-pkix-ocsp OBJECT IDENTIFIER ::= { id-ad-ocsp } id-pkix-ocsp-nonce OBJECT IDENTIFIER ::= { id-pkix-ocsp 2 } Nonce ::= OCTET STRING
Result of this method can be passed to KJUR.asn1.x509.OCSPNonce constructor.
x = new X509(); x.getExtOcspNonce(<>) → { extname: "ocspNonce", hex: "1a2b..." }
- Parameters:
- {String} hExtV
- hexadecimal string of extension value
- {Boolean} critical
- flag
- Since:
- jsrsasign 9.1.6 x509 2.0.3
- Returns:
- {Array} JSON object of parsed OCSPNonce extension
{Array}
getExtParam(hExt)
get a extension parameter JSON object
This method returns a extension parameters as JSON object.
This method returns a extension parameters as JSON object.
x = new X509(); ... x.getExtParam("30...") → {extname:"keyUsage",critical:true,names:["digitalSignature"]}
- Parameters:
- {String} hExt
- hexadecimal string of Extension
- Since:
- jsrsasign 9.1.1 x509 2.0.1
- Returns:
- {Array} Extension parameter JSON object
- See:
- KJUR.asn1.x509.X509Util.newCertPEM
- X509#getParam
- X509#getExtParamArray
- X509CRL#getParam
- KJUR.asn1.csr.CSRUtil.getParam
{Array}
getExtParamArray(hExtSeq)
get array of certificate extension parameter JSON object
This method returns an array of certificate extension parameters.
NOTE: Argument "hExtSeq" have been supported since jsrsasign 9.1.1.
This method returns an array of certificate extension parameters.
NOTE: Argument "hExtSeq" have been supported since jsrsasign 9.1.1.
x = new X509(); x.readCertPEM("-----BEGIN CERTIFICATE..."); x.getExtParamArray() → [ {extname:"keyUsage",critical:true,names:["digitalSignature"]}, {extname:"basicConstraints",critical:true}, {extname:"subjectKeyIdentifier",kid:{hex:"f2eb..."}}, {extname:"authorityKeyIdentifier",kid:{hex:"12ab..."}}, {extname:"authorityInfoAccess",array:[{ocsp:"http://ocsp.example.com/"}]}, {extname:"certificatePolicies",array:[{policyoid:"2.23.140.1.2.1"}]}]
- Parameters:
- {String} hExtSeq
- hexadecimal string of SEQUENCE of Extension
- Since:
- jsrsasign 9.0.0 x509 2.0.0
- Returns:
- {Array} array of certificate extension parameter JSON object
- See:
- KJUR.asn1.x509.X509Util.newCertPEM
- X509#getParam
- X509#getExtParam
- X509CRL#getParam
- KJUR.asn1.csr.CSRUtil.getParam
{Object}
getExtPolicyConstraints(hExtV, critical)
get PolicyConstraints extension value as JSON object
This method will get certificate policies value as an array of JSON object which has properties defined in KJUR.asn1.x509.PolicyConstraints. Result of this method can be passed to KJUR.asn1.x509.PolicyConstraints constructor. If there is no this extension in the certificate, it returns undefined.
When hExtV and critical specified as arguments, return value will be generated from them.
This method will get certificate policies value as an array of JSON object which has properties defined in KJUR.asn1.x509.PolicyConstraints. Result of this method can be passed to KJUR.asn1.x509.PolicyConstraints constructor. If there is no this extension in the certificate, it returns undefined.
When hExtV and critical specified as arguments, return value will be generated from them.
x = new X509(sCertPEM); x.getExtPolicyConstraints() → { extname: "policyConstraints", critical: true, reqexp: 3, inhibit: 3 }
- Parameters:
- {String} hExtV
- hexadecimal string of extension value (OPTIONAL)
- {Boolean} critical
- flag (OPTIONAL)
- Since:
- jsrsasign 10.6.1 x509 2.1.1
- Returns:
- {Object} JSON object of PolicyConstraints parameters or undefined
{Object}
getExtPolicyMappings(hExtV, critical)
get PolicyMappings extension value as JSON object
This method will get certificate policies value as an array of JSON object which has properties defined in KJUR.asn1.x509.PolicyMappings. Result of this method can be passed to KJUR.asn1.x509.PolicyMappings constructor. If there is no this extension in the certificate, it returns undefined.
When hExtV and critical specified as arguments, return value will be generated from them.
This method will get certificate policies value as an array of JSON object which has properties defined in KJUR.asn1.x509.PolicyMappings. Result of this method can be passed to KJUR.asn1.x509.PolicyMappings constructor. If there is no this extension in the certificate, it returns undefined.
When hExtV and critical specified as arguments, return value will be generated from them.
x = new X509(sCertPEM); x.getExtPolicyMappings() → { extname: "policyMappings", critical: true, array: [["1.2.3", "1.4.5"],["0.1.2", "anyPolicy"]]}
- Parameters:
- {String} hExtV
- hexadecimal string of extension value (OPTIONAL)
- {Boolean} critical
- flag (OPTIONAL)
- Since:
- jsrsasign 10.6.1 x509 2.1.1
- Returns:
- {Object} JSON object of PolicyMappings parameters or undefined
{Array}
getExtSubjectAltName(hExtV, critical)
get subjectAltName value as array of string in the certificate
This method will get subjectAltName value
as an array of JSON object which has properties defined
in KJUR.asn1.x509.SubjectAltName.
Result of this method can be passed to
KJUR.asn1.x509.SubjectAltName constructor.
If there is no this extension in the certificate,
it returns undefined.
When hExtV and critical specified as arguments, return value will be generated from them.
CAUTION: return value of JSON object format have been changed from jsrsasign 9.0.0 x509 2.0.0 without backword compatibility.
When hExtV and critical specified as arguments, return value will be generated from them.
CAUTION: return value of JSON object format have been changed from jsrsasign 9.0.0 x509 2.0.0 without backword compatibility.
x = new X509(); x.readCertPEM(sCertPEM); // parseExt() will also be called internally. x.getExtSubjectAltName() → { array: [ {uri: "http://example.com/"}, {rfc822: "user1@example.com"}, {dns: "example.com"} ], critical: true } x.getExtSubjectAltName("3026...") → { array: [{ip: "192.168.1.1"}] }
- Parameters:
- {String} hExtV
- hexadecimal string of extension value (OPTIONAL)
- {Boolean} critical
- flag (OPTIONAL)
- Since:
- jsrsasign 7.2.0 x509 1.1.14
- Returns:
- {Array} JSON object of SubjectAltName parameters or undefined
{Object}
getExtSubjectAltName2()
get subjectAltName value as array of string in the certificate (DEPRECATED)
This method will get subject alt name extension value
as array of type and name.
If there is this in the certificate, it returns undefined;
Type of GeneralName will be shown as following:
- "MAIL" - [1]rfc822Name
- "DNS" - [2]dNSName
- "DN" - [4]directoryName
- "URI" - [6]uniformResourceIdentifier
- "IP" - [7]iPAddress
x = new X509(); x.readCertPEM(sCertPEM); // parseExt() will also be called internally. x.getExtSubjectAltName2() → [["DNS", "example.com"], ["DNS", "example.org"], ["MAIL", "foo@example.com"], ["IP", "192.168.1.1"], ["IP", "2001:db8::2:1"], ["DN", "/C=US/O=TEST1"]]
- Deprecated:
- jsrsasign 9.0.0 x509 2.0.0
- Since:
- jsrsasign 8.0.1 x509 1.1.17
- Returns:
- {Object} array of alt name array
{Array}
getExtSubjectKeyIdentifier(hExtV, critical)
get subjectKeyIdentifier value as hexadecimal string in the certificate
This method will get SubjectKeyIdentifier extension value as JSON object.
When hExtV and critical specified as arguments, return value will be generated from them. If there is no such extension in the certificate, it returns undefined.
Result of this method can be passed to KJUR.asn1.x509.SubjectKeyIdentifier constructor.
CAUTION: Returned JSON value format have been changed without backward compatibility since jsrsasign 9.0.0 x509 2.0.0.
This method will get SubjectKeyIdentifier extension value as JSON object.
When hExtV and critical specified as arguments, return value will be generated from them. If there is no such extension in the certificate, it returns undefined.
Result of this method can be passed to KJUR.asn1.x509.SubjectKeyIdentifier constructor.
id-ce-subjectKeyIdentifier OBJECT IDENTIFIER ::= { id-ce 14 } SubjectKeyIdentifier ::= KeyIdentifier
CAUTION: Returned JSON value format have been changed without backward compatibility since jsrsasign 9.0.0 x509 2.0.0.
x = new X509(); x.readCertPEM(sCertPEM); // parseExt() will also be called internally. x.getExtSubjectKeyIdentifier() → { kid: {hex: "1b3347ab..."}, critical: true };
- Parameters:
- {String} hExtV
- hexadecimal string of extension value (OPTIONAL)
- {Boolean} critical
- flag (OPTIONAL)
- Since:
- jsrsasign 7.2.0 x509 1.1.14
- Returns:
- {Array} JSON object of SubjectKeyIdentifier parameter or undefined
{Array}
getGeneralName(h)
get GeneralName ASN.1 structure parameter as JSON object
This method will get GeneralName parameters defined in RFC 5280 4.2.1.6.
This method will get GeneralName parameters defined in RFC 5280 4.2.1.6.
GeneralName ::= CHOICE { otherName [0] OtherName, rfc822Name [1] IA5String, dNSName [2] IA5String, x400Address [3] ORAddress, directoryName [4] Name, ediPartyName [5] EDIPartyName, uniformResourceIdentifier [6] IA5String, iPAddress [7] OCTET STRING, registeredID [8] OBJECT IDENTIFIER }Result of this method can be passed to KJUR.asn1.x509.GeneralName constructor.
x = new X509(); x.getGeneralName("860f687474703a2f2f6161612e636f6d2f") → {uri: "http://aaa.com/"} x.getGeneralName("a41c30...") → { dn: { array: [ [{type:"C", value:"JP", ds:"prn"}], [{type:"O", value:"T1", ds:"utf8"}] ], str: "/C=JP/O=T1" } }
- Parameters:
- {String} h
- hexadecimal string of GeneralName
- Since:
- jsrsasign 9.0.0 x509 2.0.0
- Returns:
- {Array} JSON object of GeneralName parameters or undefined
- See:
- KJUR.asn1.x509.GeneralNames
- KJUR.asn1.x509.GeneralName
- KJUR.asn1.x509.OtherName
- X509#getGeneralName
- X509#getOtherName
{Array}
getGeneralNames(h)
get GeneralNames ASN.1 structure parameter as JSON object
This method will get GeneralNames parameters defined in
RFC 5280 4.2.1.6.
GeneralNames ::= SEQUENCE SIZE (1..MAX) OF GeneralNameResult of this method can be passed to KJUR.asn1.x509.GeneralNames constructor.
x = new X509(); x.getGeneralNames("3011860f687474703a2f2f6161612e636f6d2f") → [{uri: "http://aaa.com/"}] x.getGeneralNames("301ea41c30...") → [{ dn: { array: [ [{type:"C", value:"JP", ds:"prn"}], [{type:"O", value:"T1", ds:"utf8"}] ], str: "/C=JP/O=T1" } }]
- Parameters:
- {String} h
- hexadecimal string of GeneralNames
- Since:
- jsrsasign 9.0.0 x509 2.0.0
- Returns:
- {Array} array of GeneralNames parameters
{Object}
getGeneralSubtree(h)
get GeneralSubtree ASN.1 structure parameter as JSON object
This method will get GeneralSubtree parameters defined in RFC 5280 4.2.1.10.
This method will get GeneralSubtree parameters defined in RFC 5280 4.2.1.10.
GeneralSubtree ::= SEQUENCE { base GeneralName, minimum [0] BaseDistance DEFAULT 0, maximum [1] BaseDistance OPTIONAL } BaseDistance ::= INTEGER (0..MAX)Result of this method can be passed to KJUR.asn1.x509.GeneralSubtree constructor.
x = new X509(sPEM); x.getGeneralSubtree("30...") → { dn: ...X500NameObject..., min: 1, max: 3 } x.getGeneralSubtree("30...") → { dns: ".example.com" }
- Parameters:
- {String} h
- hexadecimal string of GeneralSubtree
- Since:
- jsrsasign 10.5.16 x509 2.0.16
- Returns:
- {Object} JSON object of GeneralSubtree parameters or undefined
- See:
- KJUR.asn1.x509.GeneralSubtree
- KJUR.asn1.x509.GeneralName
- X509#getExtNameConstraints
- X509#getGeneralName
{String}
getInfo()
get certificate information as string.
x = new X509(); x.readCertPEM(certPEM); console.log(x.getInfo()); // this shows as following Basic Fields serial number: 02ac5c266a0b409b8f0b79f2ae462577 signature algorithm: SHA1withRSA issuer: /C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert High Assurance EV Root CA notBefore: 061110000000Z notAfter: 311110000000Z subject: /C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert High Assurance EV Root CA subject public key info: key algorithm: RSA n=c6cce573e6fbd4bb... e=10001 X509v3 Extensions: keyUsage CRITICAL: digitalSignature,keyCertSign,cRLSign basicConstraints CRITICAL: cA=true subjectKeyIdentifier : b13ec36903f8bf4701d498261a0802ef63642bc3 authorityKeyIdentifier : kid=b13ec36903f8bf4701d498261a0802ef63642bc3 signature algorithm: SHA1withRSA signature: 1c1a0697dcd79c9f...
- Since:
- jsrsasign 5.0.10 x509 1.1.8
- Returns:
- {String} certificate information string
{Array}
getIssuer(flagCanon, flagHex)
get JSON object of issuer field
Get a JSON object of an issuer field.
NOTE: From jsrsasign 10.6.0, flagHex and flagCanon has been supported to conclude a canonicalized name for caseIgnoreMatch desribed in RFC 4518.
Get a JSON object of an issuer field.
NOTE: From jsrsasign 10.6.0, flagHex and flagCanon has been supported to conclude a canonicalized name for caseIgnoreMatch desribed in RFC 4518.
var x = new X509(sCertPEM); x.getIssuer() → { array: [[{type:'C',value:'JP',ds:'prn'}],...], str: "/C=JP/..." } // with flags x.getIssuer(true, true) → { array: ..., str: "/C=JP/O= Test 123 ", canon: "/c=jp/o=test 123", hex: "30..." }
- Parameters:
- {boolean} flagCanon
- flag to conclude canonicalized name (DEFAULT false)
- {boolean} flagHex
- flag to conclude hexadecimal string (DEFAULT false)
- Since:
- jsrsasign 9.0.0 x509 2.0.0
- Returns:
- {Array} JSON object of issuer field
- See:
- X509#getX500Name
{String}
getIssuerHex()
get hexadecimal string of issuer field TLV of certificate.
var x = new X509(); x.readCertPEM(sCertPEM); var issuer = x.getIssuerHex(); // return string like "3013..."
- Returns:
- {String} hexadecial string of issuer DN ASN.1
{String}
getIssuerString()
get string of issuer field of certificate.
var x = new X509(); x.readCertPEM(sCertPEM); var dn1 = x.getIssuerString(); // return string like "/C=US/O=TEST" var dn2 = KJUR.asn1.x509.X500Name.compatToLDAP(dn1); // returns "O=TEST, C=US"
- Returns:
- {String} issuer DN string
- See:
- X509#getIssuer
{String}
getNotAfter()
get notAfter field string of certificate.
var x = new X509(); x.readCertPEM(sCertPEM); var notAfter = x.getNotAfter(); // return string like "151231235959Z"
- Returns:
- {String} not after time value (ex. "151231235959Z")
{String}
getNotBefore()
get notBefore field string of certificate.
var x = new X509(); x.readCertPEM(sCertPEM); var notBefore = x.getNotBefore(); // return string like "151231235959Z"
- Returns:
- {String} not before time value (ex. "151231235959Z")
{Object}
getParam(option)
get JSON object of certificate parameters
This method returns a JSON object of the certificate parameters. Return value can be passed to KJUR.asn1.x509.X509Util.newCertPEM.
NOTE1: From jsrsasign 10.5.16, optional argument can be applied. It can have following members:
NOTE2: From jsrsasign 10.6.0, member "dncanon" and "dnhex" supported in the "option" argument.
This method returns a JSON object of the certificate parameters. Return value can be passed to KJUR.asn1.x509.X509Util.newCertPEM.
NOTE1: From jsrsasign 10.5.16, optional argument can be applied. It can have following members:
- tbshex - (boolean) tbshex member with hex value of tbsCertificate will be added if true (DEFAULT undefined)
- nodnarray - (boolean) array member for subject and issuer will be deleted to simplify it if true (DEFAULT undefined)
- dncanon - (boolean) add canon member to subject and issuer for DN StringPrep if true(DEFAULT undefined)
- dnhex - (boolean) add hex member to subject and issuer if true(DEFAULT undefined)
NOTE2: From jsrsasign 10.6.0, member "dncanon" and "dnhex" supported in the "option" argument.
x = new X509(); x.readCertPEM("-----BEGIN CERTIFICATE..."); x.getParam() → {version:3, serial:{hex:"12ab"}, sigalg:"SHA256withRSA", issuer: {array:[[{type:'CN',value:'CA1',ds:'prn'}]],str:"/O=CA1"}, notbefore:"160403023700Z", notafter:"160702023700Z", subject: {array:[[{type:'CN',value:'Test1',ds:'prn'}]],str:"/CN=Test1"}, sbjpubkey:"-----BEGIN PUBLIC KEY...", ext:[ {extname:"keyUsage",critical:true,names:["digitalSignature"]}, {extname:"basicConstraints",critical:true}, {extname:"subjectKeyIdentifier",kid:{hex:"f2eb..."}}, {extname:"authorityKeyIdentifier",kid:{hex:"12ab..."}}, {extname:"authorityInfoAccess",array:[{ocsp:"http://ocsp.example.com/"}]}, {extname:"certificatePolicies",array:[{policyoid:"2.23.140.1.2.1"}]} ], sighex:"0b76...8" }; x.getParam({tbshex: true}) → { ... , tbshex: "30..." } x.getParam({nodnarray: true}) → {issuer: {str: "/C=JP"}, ...} x.getParam({dncanon: true}) → {... {issuer: {canon: "/c=jp/o=..."} ...} ...} x.getParam({dnhex: true}) → {... {issuer: {hex: "30..."} ...} ...}
- Parameters:
- {Object} option
- optional setting for return object
- Since:
- jsrsasign 9.0.0 x509 2.0.0
- Returns:
- {Object} JSON object of certificate parameters
{Object}
getPolicyInformation(h)
get PolicyInformation ASN.1 structure parameter as JSON object
This method will get PolicyInformation parameters defined in
RFC 5280 4.2.1.4.
PolicyInformation ::= SEQUENCE { policyIdentifier CertPolicyId, policyQualifiers SEQUENCE SIZE (1..MAX) OF PolicyQualifierInfo OPTIONAL }Result of this method can be passed to KJUR.asn1.x509.PolicyInformation constructor.
x = new X509(); x.getPolicyInformation("30...") → { policyoid: "2.16.840.1.114412.2.1", array: [{cps: "https://www.digicert.com/CPS"}] }
- Parameters:
- {String} h
- hexadecimal string of PolicyInformation
- Since:
- jsrsasign 9.0.0 x509 2.0.0
- Returns:
- {Object} JSON object of PolicyInformation parameters
{Object}
getPolicyQualifierInfo(h)
get PolicyQualifierInfo ASN.1 structure parameter as JSON object
This method will get
PolicyQualifierInfo parameters.
PolicyQualifierInfo ::= SEQUENCE { policyQualifierId PolicyQualifierId, qualifier ANY DEFINED BY policyQualifierId } id-qt OBJECT IDENTIFIER ::= { id-pkix 2 } id-qt-cps OBJECT IDENTIFIER ::= { id-qt 1 } id-qt-unotice OBJECT IDENTIFIER ::= { id-qt 2 } PolicyQualifierId ::= OBJECT IDENTIFIER ( id-qt-cps | id-qt-unotice ) Qualifier ::= CHOICE { cPSuri CPSuri, userNotice UserNotice } CPSuri ::= IA5StringResult of this method can be passed to KJUR.asn1.x509.PolicyQualifierInfo constructor.
x = new X509(); x.getPolicyQualifierInfo("30...") → {unotice: {exptext: {type: 'utf8', str: 'aaa'}}} x.getPolicyQualifierInfo("30...") → {cps: "https://repository.example.com/"}
- Parameters:
- {String} h
- hexadecimal string of PolicyQualifierInfo
- Since:
- jsrsasign 9.0.0 x509 2.0.0
- Returns:
- {Object} JSON object of PolicyQualifierInfo parameters
{Object}
getPublicKey()
get a RSAKey/ECDSA/DSA public key object of subjectPublicKeyInfo field.
x = new X509(); x.readCertPEM(sCertPEM); pubkey= x.getPublicKey();
- Since:
- jsrsasign 7.1.4 x509 1.1.13
- Returns:
- {Object} RSAKey/ECDSA/DSA public key object of subjectPublicKeyInfo field
{Integer}
getPublicKeyContentIdx()
get a string index of contents of subjectPublicKeyInfo BITSTRING value from hexadecimal certificate
x = new X509(); x.readCertPEM(sCertPEM); idx = x.getPublicKeyContentIdx(); // return string index in x.hex parameter
- Since:
- jsrsasign 8.0.0 x509 1.2.0
- Returns:
- {Integer} string index of key contents
<static>
X509.getPublicKeyFromCertHex(h)
get RSA/DSA/ECDSA public key object from X.509 certificate hexadecimal string
- Parameters:
- {String} h
- hexadecimal string of X.509 certificate for RSA/ECDSA/DSA public key
- Since:
- jsrasign 7.1.0 x509 1.1.11
- Returns:
- returns RSAKey/KJUR.crypto.{ECDSA,DSA} object of public key
<static>
X509.getPublicKeyFromCertPEM(sCertPEM)
get RSA/DSA/ECDSA public key object from PEM certificate string
NOTE: DSA is also supported since x509 1.1.2.
- Parameters:
- {String} sCertPEM
- PEM formatted RSA/ECDSA/DSA X.509 certificate
- Since:
- x509 1.1.1
- Returns:
- returns RSAKey/KJUR.crypto.{ECDSA,DSA} object of public key
{String}
getPublicKeyHex()
get a hexadecimal string of subjectPublicKeyInfo field.
x = new X509(sCertPEM); hSPKI = x.getPublicKeyHex(); // return string like "30820122..."
- Deprecated:
- since jsrsasign 10.5.7 x509 2.0.13. Please use X509#getSPKI instead.
- Since:
- jsrsasign 7.1.4 x509 1.1.13
- Returns:
- {String} ASN.1 SEQUENCE hexadecimal string of subjectPublicKeyInfo field
{Number}
getPublicKeyIdx()
get a string index of subjectPublicKeyInfo field for hexadecimal string certificate.
x = new X509(); x.readCertPEM(sCertPEM); idx = x.getPublicKeyIdx(); // return string index in x.hex parameter
- Since:
- jsrsasign 7.1.4 x509 1.1.13
- Returns:
- {Number} string index of subjectPublicKeyInfo field for hexadecimal string certificate.
<static>
{Hash}
X509.getPublicKeyInfoPropOfCertPEM(sCertPEM)
get public key information from PEM certificate
Resulted associative array has following properties:
- algoid - hexadecimal string of OID of asymmetric key algorithm
- algparam - hexadecimal string of OID of ECC curve name or null
- keyhex - hexadecimal string of key in the certificate
- Parameters:
- {String} sCertPEM
- string of PEM formatted certificate
- Since:
- x509 1.1.1
- Returns:
- {Hash} hash of information for public key
{Array}
getRDN(h)
get RelativeDistinguishedName ASN.1 structure parameter array
This method will get RelativeDistinguishedName parameters defined in RFC 5280 4.1.2.4.
This method will get RelativeDistinguishedName parameters defined in RFC 5280 4.1.2.4.
RelativeDistinguishedName ::= SET SIZE (1..MAX) OF AttributeTypeAndValue
x = new X509(); x.getRDN("31...") → [{type:"C",value:"US",ds:"prn"}] or [{type:"O",value:"Sample Corp.",ds:"prn"}] or [{type:"CN",value:"john.smith@example.com",ds:"ia5"}]
- Parameters:
- {String} h
- hexadecimal string of RDN
- Since:
- jsrsasign 9.0.0 x509 2.0.0
- Returns:
- {Array} array of AttrTypeAndValue parameters
{String}
getSerialNumberHex()
get hexadecimal string of serialNumber field of certificate.
var x = new X509(); x.readCertPEM(sCertPEM); var sn = x.getSerialNumberHex(); // return string like "01ad..."
- Returns:
- {String} hexadecimal string of certificate serial number
{String}
getSignatureAlgorithmField()
get signature algorithm name in basic field
This method will get a name of signature algorithm in
basic field of certificate.
NOTE: From jsrsasign 8.0.21, RSA-PSS certificate is also supported. For supported RSA-PSS algorithm name and PSS parameters, see X509#getSignatureAlgorithmField.
NOTE: From jsrsasign 8.0.21, RSA-PSS certificate is also supported. For supported RSA-PSS algorithm name and PSS parameters, see X509#getSignatureAlgorithmField.
var x = new X509(); x.readCertPEM(sCertPEM); algName = x.getSignatureAlgorithmField();
- Since:
- x509 1.1.8
- Returns:
- {String} signature algorithm name (ex. SHA1withRSA, SHA256withECDSA, SHA512withRSAandMGF1)
{String}
getSignatureAlgorithmName()
get signature algorithm name from hexadecimal certificate data
This method will get signature algorithm name of certificate:
var x = new X509(); x.readCertPEM(sCertPEM); x.getSignatureAlgorithmName() → "SHA256withRSA"
- Since:
- jsrsasign 7.2.0 x509 1.1.14
- Returns:
- {String} signature algorithm name (ex. SHA1withRSA, SHA256withECDSA)
{String}
getSignatureValueHex()
get signature value as hexadecimal string
This method will get signature value of certificate:
This method will get signature value of certificate:
var x = new X509(); x.readCertPEM(sCertPEM); x.getSignatureValueHex() &rarr "8a4c47913..."
- Since:
- jsrsasign 7.2.0 x509 1.1.14
- Returns:
- {String} signature value hexadecimal string without BitString unused bits
{string}
getSPKI()
get ASN.1 TLV hexadecimal string of subjectPublicKeyInfo field.
Get a hexadecimal string of SubjectPublicKeyInfo ASN.1 TLV of the certificate.
Get a hexadecimal string of SubjectPublicKeyInfo ASN.1 TLV of the certificate.
SubjectPublicKeyInfo ::= SEQUENCE { algorithm AlgorithmIdentifier, subjectPublicKey BIT STRING }
x = new X509(sCertPEM); hSPKI = x.getSPKI(); // return string like "30820122..."
- Since:
- jsrsasign 10.5.8 x509 2.0.13
- Returns:
- {string} ASN.1 SEQUENCE hexadecimal string of subjectPublicKeyInfo field
{string}
getSPKIValue()
get hexadecimal string of subjectPublicKey of subjectPublicKeyInfo field.
Get a hexadecimal string of subjectPublicKey ASN.1 value of SubjectPublicKeyInfo of the certificate without unusedbit "00". The "subjectPublicKey" is encapsulated by BIT STRING. This method returns BIT STRING value without unusedbits.
Get a hexadecimal string of subjectPublicKey ASN.1 value of SubjectPublicKeyInfo of the certificate without unusedbit "00". The "subjectPublicKey" is encapsulated by BIT STRING. This method returns BIT STRING value without unusedbits.
SubjectPublicKeyInfo ::= SEQUENCE { algorithm AlgorithmIdentifier, subjectPublicKey BIT STRING }
x = new X509(sCertPEM); hSPKIValue = x.getSPKIValue(); // without BIT STRING Encapusulation.
- Since:
- jsrsasign 10.5.8 x509 2.0.13
- Returns:
- {string} ASN.1 hexadecimal string of subjectPublicKey
- See:
- X509#getSPKI
{object}
getSubject(flagCanon, flagHex)
get JSON object of subject field
Get a JSON object of a subject field.
NOTE: From jsrsasign 10.6.0, flagHex and flagCanon has been supported to conclude a canonicalized name for caseIgnoreMatch desribed in RFC 4518.
Get a JSON object of a subject field.
NOTE: From jsrsasign 10.6.0, flagHex and flagCanon has been supported to conclude a canonicalized name for caseIgnoreMatch desribed in RFC 4518.
var x = new X509(sCertPEM); x.getSubject() → { array: [[{type:'C',value:'JP',ds:'prn'}],...], str: "/C=JP/..." } // with flags x.getSubject(true, true) → { array: ..., str: "/C=JP/O= Test 123 ", canon: "/c=jp/o=test 123", hex: "30..." }
- Parameters:
- {boolean} flagCanon
- flag to conclude canonicalized name (DEFAULT false)
- {boolean} flagHex
- flag to conclude hexadecimal string (DEFAULT false)
- Since:
- jsrsasign 9.0.0 x509 2.0.0
- Returns:
- {object} JSON object of subject field
- See:
- X509#getX500Name
{String}
getSubjectHex()
get hexadecimal string of subject field of certificate.
var x = new X509(); x.readCertPEM(sCertPEM); var subject = x.getSubjectHex(); // return string like "3013..."
- Returns:
- {String} hexadecial string of subject DN ASN.1
{String}
getSubjectString()
get string of subject field of certificate.
var x = new X509(); x.readCertPEM(sCertPEM); var dn1 = x.getSubjectString(); // return string like "/C=US/O=TEST" var dn2 = KJUR.asn1.x509.X500Name.compatToLDAP(dn1); // returns "O=TEST, C=US"
- Returns:
- {String} subject DN string
- See:
- X509#getSubject
{Object}
getUserNotice(h)
get UserNotice ASN.1 structure parameter as JSON object
This method will get
UserNotice parameters.
NOTE: NoticeReference parsing is currently not supported and it will be ignored.
UserNotice ::= SEQUENCE { noticeRef NoticeReference OPTIONAL, explicitText DisplayText OPTIONAL }Result of this method can be passed to KJUR.asn1.x509.NoticeReference constructor.
NOTE: NoticeReference parsing is currently not supported and it will be ignored.
x = new X509(); x.getUserNotice("30...") → {exptext: {type: 'utf8', str: 'aaa'}}
- Parameters:
- {String} h
- hexadecimal string of UserNotice
- Since:
- jsrsasign 9.0.0 x509 2.0.0
- Returns:
- {Object} JSON object of UserNotice parameters
{Number}
getVersion()
get format version (X.509v1 or v3 certificate)
This method returns a format version of X.509 certificate. It returns 1 for X.509v1 certificate and 3 for v3 certificate. Otherwise returns 0. This method will be automatically called in X509#readCertPEM. After then, you can use X509.version parameter.
This method returns a format version of X.509 certificate. It returns 1 for X.509v1 certificate and 3 for v3 certificate. Otherwise returns 0. This method will be automatically called in X509#readCertPEM. After then, you can use X509.version parameter.
var x = new X509(); x.readCertPEM(sCertPEM); version = x.getVersion(); // 1 or 3 sn = x.getSerialNumberHex(); // return string like "01ad..."
- Since:
- jsrsasign 7.1.14 x509 1.1.13
- Returns:
- {Number} 1 for X509v1, 3 for X509v3, otherwise 0
{Array}
getX500Name(h, flagCanon, flagHex)
get Name ASN.1 structure parameter array
This method will get Name parameter defined in RFC 5280 4.1.2.4.
NOTE: From jsrsasign 10.6.0, flagHex and flagCanon has been supported to conclude a canonicalized name for caseIgnoreMatch desribed in RFC 4518.
This method will get Name parameter defined in RFC 5280 4.1.2.4.
Name ::= CHOICE { -- only one possibility for now -- rdnSequence RDNSequence } RDNSequence ::= SEQUENCE OF RelativeDistinguishedName
NOTE: From jsrsasign 10.6.0, flagHex and flagCanon has been supported to conclude a canonicalized name for caseIgnoreMatch desribed in RFC 4518.
x = new X509(); x.getX500Name("30...") → { array: [ [{type:"C",value:"US",ds:"prn"}], [{type:"O",value:"Sample Corp.",ds:"utf8"}], [{type:"CN",value:"john.smith@example.com",ds:"ia5"}] ], str: "/C=US/O=Sample Corp./CN=john.smith@example.com", hex: "30..." } x.getX500Name("30...", true) → { array: [ [{type:"C",value:"US",ds:"prn"}], [{type:"O",value:"Sample Corp.",ds:"utf8"}] ], str: "/C=US/O=Sample Corp.", canon: "/c=us/o=sample corp.", hex: "30..." }
- Parameters:
- {String} h
- hexadecimal string of Name
- {boolean} flagCanon
- flag to conclude canonicalized name (DEFAULT false)
- {boolean} flagHex
- flag to conclude hexadecimal string (DEFAULT false)
- Since:
- jsrsasign 9.0.0 x509 2.0.0
- Returns:
- {Array} array of RDN parameter array
- See:
- X509#getX500NameArray
- X509#getRDN
- X509#getAttrTypeAndValue
- X509#c14nRDNArray
- KJUR.asn1.x509.X500Name
- KJUR.asn1.x509.GeneralName
- KJUR.asn1.x509.GeneralNames
{Array}
getX500NameArray(h)
get X.500 Name ASN.1 structure parameter array
This method will get Name parameter defined in RFC 5280 4.1.2.4.
This method will get Name parameter defined in RFC 5280 4.1.2.4.
Name ::= CHOICE { -- only one possibility for now -- rdnSequence RDNSequence } RDNSequence ::= SEQUENCE OF RelativeDistinguishedName
x = new X509(); x.getX500NameArray("30...") → [[{type:"C",value:"US",ds:"prn"}], [{type:"O",value:"Sample Corp.",ds:"utf8"}], [{type:"CN",value:"john.smith@example.com",ds:"ia5"}]]
- Parameters:
- {String} h
- hexadecimal string of Name
- Since:
- jsrsasign 10.0.6 x509 2.0.9
- Returns:
- {Array} array of RDN parameter array
<static>
{String}
X509.hex2attrTypeValue(hex, idx)
get string from hexadecimal string of ASN.1 DER AttributeTypeAndValue
This static method converts from a hexadecimal string of AttributeTypeAndValue specified by 'hex' and 'idx' to LDAP string representation (ex. C=US).
This static method converts from a hexadecimal string of AttributeTypeAndValue specified by 'hex' and 'idx' to LDAP string representation (ex. C=US).
X509.hex2attrTypeValue("3008060355040a0c0161") → O=a X509.hex2attrTypeValue("300806035504060c0161") → C=a X509.hex2attrTypeValue("...3008060355040a0c0161...", 128) → O=a
- Parameters:
- {String} hex
- hexadecimal string of ASN.1 DER concludes AttributeTypeAndValue
- {Integer} idx
- index of hexadecimal string (DEFAULT=0)
- Returns:
- {String} string representation of AttributeTypeAndValue (ex. C=US)
<static>
{String}
X509.hex2dn(hex, idx)
get distinguished name string in OpenSSL online format from hexadecimal string of ASN.1 DER X.500 name
This static method converts from a hexadecimal string of distinguished name (DN) specified by 'hex' and 'idx' to OpenSSL oneline string representation (ex. /C=US/O=a).
This static method converts from a hexadecimal string of distinguished name (DN) specified by 'hex' and 'idx' to OpenSSL oneline string representation (ex. /C=US/O=a).
X509.hex2dn("3031310b3...") → /C=US/O=a/CN=b2+OU=b1
- Parameters:
- {String} hex
- hexadecimal string of ASN.1 DER distinguished name
- {Integer} idx
- index of hexadecimal string (DEFAULT=0)
- Returns:
- {String} OpenSSL online format distinguished name
<static>
{String}
X509.hex2rdn(hex, idx)
get relative distinguished name string in OpenSSL online format from hexadecimal string of ASN.1 DER RDN
This static method converts from a hexadecimal string of relative distinguished name (RDN) specified by 'hex' and 'idx' to LDAP string representation (ex. O=test+CN=test).
NOTE: Multi-valued RDN is supported since jsnrsasign 6.2.2 x509 1.1.10.
This static method converts from a hexadecimal string of relative distinguished name (RDN) specified by 'hex' and 'idx' to LDAP string representation (ex. O=test+CN=test).
NOTE: Multi-valued RDN is supported since jsnrsasign 6.2.2 x509 1.1.10.
X509.hex2rdn("310a3008060355040a0c0161") → O=a X509.hex2rdn("31143008060355040a0c01613008060355040a0c0162") → O=a+O=b
- Parameters:
- {String} hex
- hexadecimal string of ASN.1 DER concludes relative distinguished name
- {Integer} idx
- index of hexadecimal string (DEFAULT=0)
- Returns:
- {String} OpenSSL online format relative distinguished name
parseExt(hCSR)
set array of X.509v3 and CSR extesion information such as extension OID, criticality and value index. (DEPRECATED)
This method will set an array of X.509v3 extension information having following parameters:
This method will set an array of X.509v3 extension information having following parameters:
- oid - extension OID (ex. 2.5.29.19)
- critical - true or false
- vidx - string index for extension value
When you want to parse extensionRequest of CSR, argument 'hCSR' shall be specified.
NOTE: CSR is supported from jsrsasign 8.0.20 x509 1.1.22.
This method and X509.aExtInfo property have been *deprecated* since jsrsasign 9.1.1. All extension parser method such as X509.getExt* shall be call with argument "hExtV" and "critical" explicitly.
x = new X509(); x.readCertPEM(sCertPEM); // parseExt() will also be called internally. x.aExtInfo → [ { oid: "2.5.29,19", critical: true, vidx: 2504 }, ... ] // to parse CSR X = new X509() x.parseExt("-----BEGIN CERTIFICATE REQUEST-----..."); x.aExtInfo → [ { oid: "2.5.29,19", critical: true, vidx: 2504 }, ... ]
- Parameters:
- {String} hCSR
- - PEM string of certificate signing requrest(CSR) (OPTION)
- Deprecated:
- jsrsasign 9.1.1 x509 2.0.1
- Since:
- jsrsasign 7.2.0 x509 1.1.14
readCertHex(sCertHex)
read a hexadecimal string of X.509 certificate
NOTE: X509#parseExt will called internally since jsrsasign 7.2.0.
NOTE: X509#parseExt will called internally since jsrsasign 7.2.0.
x = new X509(); x.readCertHex("3082..."); // read certificate
- Parameters:
- {String} sCertHex
- hexadecimal string of X.509 certificate
- Since:
- jsrsasign 7.1.4 x509 1.1.13
readCertPEM(sCertPEM)
read PEM formatted X.509 certificate from string.
x = new X509(); x.readCertPEM(sCertPEM); // read certificate
- Parameters:
- {String} sCertPEM
- string for PEM formatted X.509 certificate
setCanonicalizedDN(pDN)
set canonicalized DN to a DN parameter
This method canonicalizes a DN string as following:
This method canonicalizes a DN string as following:
- convert to lower case
- convert from all multiple spaces to a space
var x = new X509(); var pDN = { array: [ [{type:'C',value:'JP',ds:'prn'}], [{type:'O',value:'Test 1',ds:'prn'}] ], str: "/C=JP/O=Test 1" }; x.setCanonicalizedDN(pDN); // pDN will become following pDN = { array: [ [{type:'C',value:'JP',ds:'prn'}], [{type:'O',value:'Test 1',ds:'prn'}] ], str: "/C=JP/O=Test 1", canon: "/c=jp/o=test 1" };
- Parameters:
- {object} pDN
- DN parameter associative array
- Since:
- jsrsasign 10.6.0 x509 2.1.0
updateAIACAIssuer(aExt, newURI)
update authorityInfoAccess caIssuer in parameter
This method updates "caIssuer" accessMethod URI of AuthorityInfoAccess extension in the extension parameter array if it exists.
This method updates "caIssuer" accessMethod URI of AuthorityInfoAccess extension in the extension parameter array if it exists.
aExt = [ {extname:"authorityKeyIdentifier",kid:{hex:"12ab..."}}, {extname:"authoriyInfoAccess", array:[ {ocsp: "http://ocsp1.example.com"}, {caissuer: "http://example.com/a.crt"} ]} ]; x = new X509(); x.updateAIACAIssuer(aExt, "http://example.net/b.crt");
- Parameters:
- {Array} aExt
- array of extension parameters
- {String} newURI
- string of new uri
- Since:
- jsrsasign 10.0.4 x509 2.0.8
updateAIAOCSP(aExt, newURI)
update authorityInfoAccess ocsp in parameter
This method updates "ocsp" accessMethod URI of AuthorityInfoAccess extension in the extension parameter array if it exists.
This method updates "ocsp" accessMethod URI of AuthorityInfoAccess extension in the extension parameter array if it exists.
aExt = [ {extname:"authorityKeyIdentifier",kid:{hex:"12ab..."}}, {extname:"authoriyInfoAccess", array:[ {ocsp: "http://ocsp1.example.com"}, {caissuer: "http://example.com/a.crt"} ]} ]; x = new X509(); x.updateAIAOCSP(aExt, "http://ocsp2.example.net");
- Parameters:
- {Array} aExt
- array of extension parameters
- {String} newURI
- string of new uri
- Since:
- jsrsasign 10.0.4 x509 2.0.8
updateCDPFullURI(aExt, newURI)
update CRLDistributionPoints Full URI in parameter
This method updates Full URI of CRLDistributionPoints extension in the extension parameter array if it exists.
This method updates Full URI of CRLDistributionPoints extension in the extension parameter array if it exists.
aExt = [ {extname:"authorityKeyIdentifier",kid:{hex:"12ab..."}}, {extname:"cRLDistributionPoints", array:[{dpname:{full:[{uri:"http://example.com/a.crl"}]}}]}, ]; x = new X509(); x.updateCDPFullURI(aExt, "http://crl2.example.new/b.crl");
- Parameters:
- {Array} aExt
- array of extension parameters
- {String} newURI
- string of new uri
- Since:
- jsrsasign 10.0.4 x509 2.0.8
{Boolean}
verifySignature(pubKey)
verifies signature value by public key
This method verifies signature value of hexadecimal string of X.509 certificate by specified public key object. The signature algorithm used to verify will refer signatureAlgorithm field. (See X509#getSignatureAlgorithmField) RSA-PSS signature algorithms (SHA{,256,384,512}withRSAandMGF1) are available.
This method verifies signature value of hexadecimal string of X.509 certificate by specified public key object. The signature algorithm used to verify will refer signatureAlgorithm field. (See X509#getSignatureAlgorithmField) RSA-PSS signature algorithms (SHA{,256,384,512}withRSAandMGF1) are available.
pubKey = KEYUTIL.getKey(pemPublicKey); // or certificate x = new X509(); x.readCertPEM(pemCert); x.verifySignature(pubKey) → true, false or raising exception
- Parameters:
- {Object} pubKey
- public key object
- Since:
- jsrsasign 7.2.0 x509 1.1.14
- Returns:
- {Boolean} true if signature value is valid otherwise false