WebCrypto GOST Class: X509

GostCert. X509

Constructor

new X509(cert)

This class encapsulates X.509 Version 3 certificates.

Constructs an X.509 certificate from the given DER encoding or ASN.1 Certificate object.
Parameters:
Name Type Description
cert FormatedData | GostASN1.Certificate The certificate
Source:

Extends

Methods

check()

Check the object structure
Inherited From:
Source:

checkUsage(operation, date) → {boolean}

Check key usage and date validation
Parameters:
Name Type Description
operation DOMString The operation
date Date Operation date. Default current date
Source:
Returns:
Type
boolean

decode(source)

Decode the source to self object
Parameters:
Name Type Description
source FormatedData Encoded data
Inherited From:
Source:

encode(format) → {FormatedData}

Encode the object
Parameters:
Name Type Description
format string Encoding format 'DER', 'CER' or 'PEM'
Inherited From:
Source:
Returns:
Type
FormatedData

generate(keyAlgorithm) → {Promise}

Generate key pair for certificate
Parameters:
Name Type Description
keyAlgorithm AlgorithmIdentifier | string The key algorithm or name of provider
Source:
Returns:
Promise to return GostASN1.PrivateKeyInfo after self-signed certificate generation
Type
Promise

getProvider()

Get appropriate crypto provider for public key
Source:
Returns:
Object Set of crypto provider algorithms

getPublicKey() → {Promise}

Gets the public key.
Source:
Returns:
Promise to return Key
Type
Promise

sign(issuerPrivateKey, issuerCertificate) → {Promise}

Generate the contents of this certificate and sign it.

If issuerCertificate is not defined self signed certificate generated
Parameters:
Name Type Description
issuerPrivateKey GostASN1.PrivateKeyInfo The issuer's private key
issuerCertificate GostCert.X509 The issuer's certificate or undefined for self-signed certificate
Source:
Returns:
Promise to return self object after sign the certificate
Type
Promise

verify(issuerCertificate, issuerCRL, date) → {Promise}

Verifies this certificate.

More precisely:

  • Verifies that the current VM date/time is within the validity period of the certificate.
  • If an unrecognized critical extension is present, the certificate is rejected.
  • If the issuer certificate has been set, verifies that the signing certificate is a CA certificate, and that the signature is correct. The signing certificate is considered to be a CA certificate unless one of the following two conditions hold: The signing certificate contains a basicConstraints extension, and the CA flag is false; or the signing certificate contains a keyUsage extension, the keyUsage extension is marked critical, and the keyCertSign bit is false.
  • If the issuer CRL has been set, verifies that the certificate has not been revoked.
Parameters:
Name Type Description
issuerCertificate GostCert.X509 The issuer X.509 certificate
issuerCRL GostCert.CRL The issuer CRL
date Date Validation date. Default current date
Source:
Returns:
Promise to return self object if the certificate is valid
Type
Promise

verifySignature(data, signature, algorithm) → {Promise}

Verify a signature made with this certificate's public key.
Parameters:
Name Type Description
data CryptoOperationData The signed document.
signature CryptoOperationData The signature
algorithm AlgorithmIdentifier The algorithm ID used for the signature.
Source:
Returns:
Promise to return true if the signature is verified, and false otherwise
Type
Promise