Class Certificate

constructor

• new Certificate(
      input:
          | string
          | Buffer
          | ArrayBuffer
          | Certificate
          | {
              $hash: CertificateHashString;
              issuer: string;
              issuerDN: { name: string; value: string }[];
              notAfter: string;
              notBefore: string;
              serial: string;
              subject: string;
              subjectDN: { name: string; value: string }[];
              subjectPublicKey:
                  | Secp256K1PublicKeyString
                  | Secp256R1PublicKeyString
                  | ED25519PublicKeyString;
          } & {
              $binary?: string;
              $chain?: undefined;
              baseExtensions?: {} & {
                  authorityKeyIdentifier?: {
                      contains: string;
                      type: "context";
                      value: 0;
                  } & {};
                  basicConstraints?: [ca: boolean, pathLenConstraint?: null | string];
                  keyUsage?: KeyUsage;
                  subjectKeyIdentifier?: string;
              };
          },
      options?: CertificateOptions,
  ): Certificate

  Parameters

  • input:
        | string
        | Buffer
        | ArrayBuffer
        | Certificate
        | {
            $hash: CertificateHashString;
            issuer: string;
            issuerDN: { name: string; value: string }[];
            notAfter: string;
            notBefore: string;
            serial: string;
            subject: string;
            subjectDN: { name: string; value: string }[];
            subjectPublicKey:
                | Secp256K1PublicKeyString
                | Secp256R1PublicKeyString
                | ED25519PublicKeyString;
        } & {
            $binary?: string;
            $chain?: undefined;
            baseExtensions?: {} & {
                authorityKeyIdentifier?: {
                    contains: string;
                    type: "context";
                    value: 0;
                } & {};
                basicConstraints?: [ca: boolean, pathLenConstraint?: null | string];
                keyUsage?: KeyUsage;
                subjectKeyIdentifier?: string;
            };
        }
  • Optionaloptions: CertificateOptions

  Returns Certificate

Optional ReadonlybaseExtensions

Optional Readonlychain

Readonlyissuer

ReadonlyissuerDN

Readonlymoment

ReadonlynotAfter

ReadonlynotBefore

Readonlyserial

Readonlysubject

ReadonlysubjectDN

ReadonlysubjectPublicKey

Static ReadonlyBuilder

Static ReadonlyBundle

Static ReadonlyHash

trusted

• get trusted(): boolean

  If this certificate can be trusted to have been validated to a trusted Root CA

  Returns boolean

assertCanConstructValidGraph

• assertCanConstructValidGraph(certificates: Set<Certificate>): undefined | true

  Asserts provided certificates can construct a valid graph with no loops or orphans, and that all provided certificates can reach the root, or current certificate

  Parameters

  • certificates: Set<Certificate>

    Additional intermediate certificates to verify

  Returns undefined | true

assertValid

• assertValid(moment?: null | Date): void

  Assert that the certificate is valid at a given moment

  Parameters

  • Optionalmoment: null | Date

  Returns void

checkIssued

• checkIssued(issuer: Certificate): boolean

  Check if the certificate is issued by a given issuer

  Parameters

  • issuer: Certificate

  Returns boolean
• checkIssued(
      issuer: Certificate,
      reason: true,
  ): { issued: true } | { issued: false; reason: string }

  Check if the certificate is issued by a given issuer

  Parameters

  • issuer: Certificate
  • reason: true

  Returns { issued: true } | { issued: false; reason: string }

checkValid

• checkValid(moment?: null | Date): boolean

  Check if the certificate is valid at a given moment

  Parameters

  • Optionalmoment: null | Date

  Returns boolean
• checkValid(moment?: null | Date, reason?: false): boolean

  Check if the certificate is valid at a given moment

  Parameters

  • Optionalmoment: null | Date
  • Optionalreason: false

  Returns boolean
• checkValid(
      moment?: null | Date,
      reason?: true,
  ): { valid: true } | { reason: string; valid: false }

  Check if the certificate is valid at a given moment

  Parameters

  • Optionalmoment: null | Date
  • Optionalreason: true

  Returns { valid: true } | { reason: string; valid: false }

equals

• equals(other: Certificate): boolean

  Compare the certificate with another certificate and return true if they are the same

  Parameters

  • other: Certificate

  Returns boolean

getExtensions

• getExtensions(): | undefined
  | (
      | [id: ASN1OID, critical: boolean, value: Buffer]
      | [id: ASN1OID, value: Buffer]
  )[]

  Get the extensions present in the certificate -- this is the raw extensions as they were parsed from the certificate, and may contain extensions that are not processed by this class.

  Returns
      | undefined
      | (
          | [id: ASN1OID, critical: boolean, value: Buffer]
          | [id: ASN1OID, value: Buffer]
      )[]

getIssuerAccount

• getIssuerAccount(): null | Account<KeyPairKeyAlgorithm>

  Get the issuer account

  Returns null | Account<KeyPairKeyAlgorithm>

getIssuerCertificate

• getIssuerCertificate(): null | Certificate

  Get the issuer certificate (if known)

  Returns null | Certificate

getRootCertificate

• getRootCertificate(): null | Certificate

  Get the root certificate (if known)

  Returns null | Certificate

hash

• hash(): CertificateHash

  Compute a hash of the certificate

  Returns CertificateHash

isSelfSigned

• isSelfSigned(): boolean

  Verifies that a certificate is self-signed

  Returns boolean

toDER

• toDER(): ArrayBuffer

  Get the certificate as a DER encoded ArrayBuffer

  Returns ArrayBuffer

toJSON

• toJSON(
      options?: ToJSONSerializableOptions<boolean>,
      includeChain?: boolean,
  ): {
      $hash: CertificateHashString;
      issuer: string;
      issuerDN: { name: string; value: string }[];
      notAfter: string;
      notBefore: string;
      serial: string;
      subject: string;
      subjectDN: { name: string; value: string }[];
      subjectPublicKey:
          | Secp256K1PublicKeyString
          | Secp256R1PublicKeyString
          | ED25519PublicKeyString;
  } & {
      $binary?: string;
      $chain?: undefined;
      baseExtensions?: {} & {
          authorityKeyIdentifier?: {
              contains: string;
              type: "context";
              value: 0;
          } & {};
          basicConstraints?: [ca: boolean, pathLenConstraint?: null | string];
          keyUsage?: KeyUsage;
          subjectKeyIdentifier?: string;
      };
  }

  Get a JSON representation of the certificate

  Parameters

  • Optionaloptions: ToJSONSerializableOptions<boolean>
  • includeChain: boolean = false

  Returns {
      $hash: CertificateHashString;
      issuer: string;
      issuerDN: { name: string; value: string }[];
      notAfter: string;
      notBefore: string;
      serial: string;
      subject: string;
      subjectDN: { name: string; value: string }[];
      subjectPublicKey:
          | Secp256K1PublicKeyString
          | Secp256R1PublicKeyString
          | ED25519PublicKeyString;
  } & {
      $binary?: string;
      $chain?: undefined;
      baseExtensions?: {} & {
          authorityKeyIdentifier?: {
              contains: string;
              type: "context";
              value: 0;
          } & {};
          basicConstraints?: [ca: boolean, pathLenConstraint?: null | string];
          keyUsage?: KeyUsage;
          subjectKeyIdentifier?: string;
      };
  }

toPEM

• toPEM(): string

  Get the certificate as a PEM encoded string

  Returns string

toString

• toString(): string

  The string representation of the certificate is a PEM encoded certificate -- this misses some of the internal details like chain and verified, but is usually what someone wants to see when they call toString()

  Returns string

verify

• verify(account: Account<KeyPairKeyAlgorithm> | Certificate): boolean

  Verifies that the certificate is was signed by the given account or certificate

  Parameters

  • account: Account<KeyPairKeyAlgorithm> | Certificate

  Returns boolean

verifyChain

• verifyChain(
      store: { intermediate?: Set<Certificate>; root?: Set<Certificate> },
  ): null | Certificate[]

  Verify against a given certificate store

  Parameters

  • store: { intermediate?: Set<Certificate>; root?: Set<Certificate> }

    • Optionalintermediate?: Set<Certificate>

      Intermediate certificates

    • Optionalroot?: Set<Certificate>

      Root certificates

  Returns null | Certificate[]
• verifyChain(
      store: { intermediate?: Set<Certificate>; root?: Set<Certificate> },
      _ignore_seenCerts?: Set<Certificate>,
  ): null | Certificate[]

  Verify against a given certificate store

  Parameters

  • store: { intermediate?: Set<Certificate>; root?: Set<Certificate> }

    • Optionalintermediate?: Set<Certificate>

      Intermediate certificates

    • Optionalroot?: Set<Certificate>

      Root certificates
  • Optional_ignore_seenCerts: Set<Certificate>

  Returns null | Certificate[]

StaticisCertificate

• isCertificate(value: unknown): value is Certificate

  Is a certificate object?

  Parameters

  • value: unknown

  Returns value is Certificate