Constructor
new TrustedCAPolicy(trustedCACerts, requireCRL, requireCA)
A certificate trust policy based on a set of trusted root CAs.
In this policy, a certificate will be trusted if and only if it is part of a valid certificate chain which terminates in one of the trusted root CAs.
This policy has two options for certificate chain verification:
In this policy, a certificate will be trusted if and only if it is part of a valid certificate chain which terminates in one of the trusted root CAs.
This policy has two options for certificate chain verification:
- requireCRL - If true, then for every certificate in a chain (unless it is one of the trusted root CA certificates) a valid CRL must be provided to determine its revocation status. The default is false.
- requireCAFlag - If true, then every intermediate CA certificate (excluding the root CA or the end entity certificate) must contain a Basic Constraints extension, with the CA flag set. The default for this option is true.
Parameters:
| Name | Type | Description |
|---|---|---|
trustedCACerts |
Array.<GostCert.X509> | |
requireCRL |
boolean | |
requireCA |
boolean |
- Source:
Extends
Methods
-
getValidCertificate(selector, certificates, crls, date) → {Promise}
-
Returns a certificate, known to be valid (according to criteria dependent on the verification scheme), which has the given selector, certificate and CRL lists to implement a particular certificate verification scheme, such a forming valid certificate chains.
Second and third argument to this method may be undefined, and such a case must be treated exactly the same as if the particular argument was an empty array.Parameters:
Name Type Description selectorGostCert.CertificateSelector Certificate selector certificatesArray.<GostASN1.Certificate> Certificates crlsArray.<GostASN1.CertificateList> CLRs dateDate Validation date. Default today - Overrides:
- Source:
Returns:
Promise to return valid GostCert.X509- Type
- Promise