Generate X.509 certificate revocation list
try {
// Import root CA private key
var cakey = new gostCrypto.asn1.PrivateKeyInfo(certAndKeyCA.textContent);
// Import root CA certificate
var cacert = new gostCrypto.cert.X509(certAndKeyCA.textContent);
// Create new or get current CRL
var crl;
if (CRL.textContent) {
crl = new gostCrypto.cert.CRL(CRL.textContent);
// Next update number
crl.crlExtensions.cRLNumber += 1;
} else
crl = new gostCrypto.cert.CRL();
// Add some certificates to the list
var list = revocationList.textContent.split('\n');
var today = new Date();
today.setHours(0, 0, 0, 0);
for (var i = 0; i < list.length; i++) {
if (list[i]) {
s = list[i].replace(/[^a-zA-Z0-9\:]/g, '').split(':');
// If certificate is not already revoked add to list
if (!crl.isRevoked(s[0]))
crl.revokedCertificates.push({
userCertificate: s[0],
revocationDate: today,
crlEntryExtensions: {
invalidityDate: today,
cRLReason: s[1]
}
});
}
}
// Sign CRL
crl.sign(cakey, cacert).then(function () {
// Output ready CRL
CRL.textContent = crl.encode('PEM');
// Verify CRL
return crl.verify(cacert);
}).catch(function (reason) {
alert(reason.message);
});
} catch (e) {
alert(e.message);
}