Class Certificate

Constructors

constructor

new Certificate(
input: string | Buffer | ArrayBuffer | Certificate,
options?: CertificateOptions,
): Certificate
Parameters
- input: string | Buffer | ArrayBuffer | Certificate
- Optionaloptions: CertificateOptions
Returns Certificate

Properties

`Optional` `Readonly`baseExtensions

baseExtensions?: {
    authorityKeyIdentifier?: { contains: Buffer; type: "context"; value: 0 };
    basicConstraints?: [ca: boolean, pathLenConstraint?: bigint];
    subjectKeyIdentifier?: Buffer;
}

Basic Extensions

Type declaration

OptionalauthorityKeyIdentifier?: { contains: Buffer; type: "context"; value: 0 }
Authority Key Identifier
OptionalbasicConstraints?: [ca: boolean, pathLenConstraint?: bigint]
Basic Constraints
OptionalsubjectKeyIdentifier?: Buffer
Subject Key Identifier

`Optional` `Readonly`chain

chain?: Certificate[]

Chain, if a store is provided

`Readonly`issuer

issuer: string

The Issuer DN of the certificate as a string --- for informational purposes only

`Readonly`issuerDN

issuerDN: { name: string; value: string }[]

The Issuer DN of the certificate --- for informational purposes only

`Protected`issuerDNSet

issuerDNSet: ASN1Set[]

The complete IssuerDN

`Readonly`moment

moment: null | Date

The moment at which the certificate was validated

`Readonly`notAfter

notAfter: Date

The timestamp at which the certificate expires

`Readonly`notBefore

notBefore: Date

The timestamp at which the certificate becomes valid

`Readonly`serial

serial: bigint

The serial number of the certificate

`Readonly`subject

subject: string

The Subject DN of the certificate as a string --- for informational purposes only

`Readonly`subjectDN

subjectDN: { name: string; value: string }[]

The Subject DN of the certificate --- for informational purposes only

`Protected`subjectDNSet

subjectDNSet: ASN1Set[]

The complete SubjectDN

`Readonly`subjectPublicKey

subjectPublicKey: Account

The Subject of the certificate as a KeetaNet Account, derived from the public key in the certificate

`Static` `Readonly`Builder

Builder: typeof CertificateBuilder = CertificateBuilder

The Certificate Builder

`Static` `Readonly`Bundle

Bundle: typeof CertificateBundle = CertificateBundle

The certificate bundle

`Static` `Readonly`Hash

Hash: typeof CertificateHash = CertificateHash

The certificate hash information

Accessors

trusted

get trusted(): boolean
If this certificate can be trusted to have been validated to a trusted Root CA

Returns boolean

Methods

assertCanConstructValidGraph

assertCanConstructValidGraph(certificates: Set<Certificate>): undefined | true
Asserts provided certificates can construct a valid graph with no loops or orphans, and that all provided certificates can reach the root, or current certificate
Parameters
- certificates: Set<Certificate>
  Additional intermediate certificates to verify
Returns undefined | true

assertValid

assertValid(moment?: null | Date): void
Assert that the certificate is valid at a given moment
Parameters
- Optionalmoment: null | Date
Returns void

checkIssued

checkIssued(issuer: Certificate): boolean
Check if the certificate is issued by a given issuer
Parameters
- issuer: Certificate
Returns boolean
checkIssued(
issuer: Certificate,
reason: true,
): { issued: true } | { issued: false; reason: string }
Check if the certificate is issued by a given issuer
Parameters
- issuer: Certificate
- reason: true
Returns { issued: true } | { issued: false; reason: string }

checkValid

checkValid(moment?: null | Date): boolean
Check if the certificate is valid at a given moment
Parameters
- Optionalmoment: null | Date
Returns boolean
checkValid(moment?: null | Date, reason?: false): boolean
Check if the certificate is valid at a given moment
Parameters
- Optionalmoment: null | Date
- Optionalreason: false
Returns boolean
checkValid(
moment?: null | Date,
reason?: true,
): { valid: true } | { reason: string; valid: false }
Check if the certificate is valid at a given moment
Parameters
- Optionalmoment: null | Date
- Optionalreason: true
Returns { valid: true } | { reason: string; valid: false }

equals

equals(other: Certificate): boolean
Compare the certificate with another certificate and return true if they are the same
Parameters
- other: Certificate
Returns boolean

`Protected`finalizeConstruction

finalizeConstruction(): void
Finalize construction of the certificate -- if this method is replaced in a subclass, remember to call it at the end of the subclass constructor or the certificate will not be fully constructed

Returns void

getExtensions

getExtensions(): | undefined
| (
    | [id: ASN1OID, critical: boolean, value: Buffer]
    | [id: ASN1OID, value: Buffer]
)[]
Get the extensions present in the certificate -- this is the raw extensions as they were parsed from the certificate, and may contain extensions that are not processed by this class.

Returns
    | undefined
    | (
        | [id: ASN1OID, critical: boolean, value: Buffer]
        | [id: ASN1OID, value: Buffer]
    )[]

getIssuerAccount

getIssuerAccount(): null | Account<ECDSA_SECP256K1 | ED25519 | ECDSA_SECP256R1>
Get the issuer account

Returns null | Account<ECDSA_SECP256K1 | ED25519 | ECDSA_SECP256R1>

getIssuerCertificate

getIssuerCertificate(): null | Certificate
Get the issuer certificate (if known)

Returns null | Certificate

getRootCertificate

getRootCertificate(): null | Certificate
Get the root certificate (if known)

Returns null | Certificate

hash

hash(): CertificateHash
Compute a hash of the certificate

Returns CertificateHash

isSelfSigned

isSelfSigned(): boolean
Verifies that a certificate is self-signed

Returns boolean

`Protected`processExtension

processExtension(id: string, value: ArrayBuffer): boolean
Process an extension -- returns true if the extension was processed

This is intended to be overridden by subclasses for processing custom extensions
Parameters
- id: string
- value: ArrayBuffer
Returns boolean

`Protected`processExtensions

processExtensions(): void
Process remaining extensions

Returns void

toDER

toDER(): ArrayBuffer
Get the certificate as a DER encoded ArrayBuffer

Returns ArrayBuffer

toJSON

toJSON(
    options?: ToJSONSerializableOptions<boolean>,
    includeChain?: boolean,
): {
    $binary?: string;
    $chain?: unknown;
    $hash: CertificateHash;
    baseExtensions:
        | undefined
        | {
            authorityKeyIdentifier?: {
                contains: Buffer;
                type: "context";
                value: 0;
            };
            basicConstraints?: [ca: boolean, pathLenConstraint?: bigint];
            subjectKeyIdentifier?: Buffer;
        };
    issuer: string;
    issuerDN: { name: string; value: string }[];
    notAfter: Date;
    notBefore: Date;
    serial: bigint;
    subject: string;
    subjectDN: { name: string; value: string }[];
    subjectPublicKey: Account<ECDSA_SECP256K1 | ED25519 | ECDSA_SECP256R1>;
}
Get a JSON representation of the certificate
Parameters
- Optionaloptions: ToJSONSerializableOptions<boolean>
- includeChain: boolean = false
Returns {
    $binary?: string;
    $chain?: unknown;
    $hash: CertificateHash;
    baseExtensions:
        | undefined
        | {
            authorityKeyIdentifier?: {
                contains: Buffer;
                type: "context";
                value: 0;
            };
            basicConstraints?: [ca: boolean, pathLenConstraint?: bigint];
            subjectKeyIdentifier?: Buffer;
        };
    issuer: string;
    issuerDN: { name: string; value: string }[];
    notAfter: Date;
    notBefore: Date;
    serial: bigint;
    subject: string;
    subjectDN: { name: string; value: string }[];
    subjectPublicKey: Account<ECDSA_SECP256K1 | ED25519 | ECDSA_SECP256R1>;
}

toPEM

toPEM(): string
Get the certificate as a PEM encoded string

Returns string

toString

toString(): string
The string representation of the certificate is a PEM encoded certificate -- this misses some of the internal details like chain and verified, but is usually what someone wants to see when they call toString()

Returns string

verify

verify(
    account:
        | Account<ECDSA_SECP256K1 | ED25519 | ECDSA_SECP256R1>
        | Certificate,
): boolean
Verifies that the certificate is was signed by the given account or certificate
Parameters
- account: Account<ECDSA_SECP256K1 | ED25519 | ECDSA_SECP256R1> | Certificate
Returns boolean

verifyChain

verifyChain(
store: { intermediate?: Set<Certificate>; root?: Set<Certificate> },
_ignore_seenCerts?: Set<Certificate>,
): null | Certificate[]
Verify against a given certificate store
Parameters
- store: { intermediate?: Set<Certificate>; root?: Set<Certificate> }
  - Optionalintermediate?: Set<Certificate>
    Intermediate certificates
  - Optionalroot?: Set<Certificate>
    Root certificates
- Optional_ignore_seenCerts: Set<Certificate>
Returns null | Certificate[]

`Static`isCertificate

isCertificate(value: unknown): value is Certificate
Is a certificate object?
Parameters
- value: unknown
Returns value is Certificate

Class Certificate

Index

Constructors

Properties

Accessors

Methods

Constructors

constructor

Parameters

Returns Certificate

Properties

Optional ReadonlybaseExtensions

Type declaration

OptionalauthorityKeyIdentifier?: { contains: Buffer; type: "context"; value: 0 }

OptionalbasicConstraints?: [ca: boolean, pathLenConstraint?: bigint]

OptionalsubjectKeyIdentifier?: Buffer

Optional Readonlychain

Readonlyissuer

ReadonlyissuerDN

ProtectedissuerDNSet

Readonlymoment

ReadonlynotAfter

ReadonlynotBefore

Readonlyserial

Readonlysubject

ReadonlysubjectDN

ProtectedsubjectDNSet

ReadonlysubjectPublicKey

Static ReadonlyBuilder

Static ReadonlyBundle

Static ReadonlyHash

Accessors

trusted

Returns boolean

Methods

assertCanConstructValidGraph

Parameters

Returns undefined | true

assertValid

Parameters

Returns void

checkIssued

Parameters

Returns boolean

Parameters

Returns { issued: true } | { issued: false; reason: string }

checkValid

Parameters

Returns boolean

Parameters

Returns boolean

Parameters

Returns { valid: true } | { reason: string; valid: false }

equals

Parameters

Returns boolean

ProtectedfinalizeConstruction

Returns void

getExtensions

Returns | undefined | ( | [id: ASN1OID, critical: boolean, value: Buffer] | [id: ASN1OID, value: Buffer] )[]

getIssuerAccount

Returns null | Account<ECDSA_SECP256K1 | ED25519 | ECDSA_SECP256R1>

getIssuerCertificate

Returns null | Certificate

getRootCertificate

Returns null | Certificate

hash

Returns CertificateHash

isSelfSigned

Returns boolean

ProtectedprocessExtension

Parameters

Returns boolean

ProtectedprocessExtensions

Returns void

toDER

Returns ArrayBuffer

toJSON

Parameters

toPEM

`Optional` `Readonly`baseExtensions

`Optional`authorityKeyIdentifier?: { contains: Buffer; type: "context"; value: 0 }

`Optional`basicConstraints?: [ca: boolean, pathLenConstraint?: bigint]

`Optional`subjectKeyIdentifier?: Buffer

`Optional` `Readonly`chain

`Readonly`issuer

`Readonly`issuerDN

`Protected`issuerDNSet

`Readonly`moment

`Readonly`notAfter

`Readonly`notBefore

`Readonly`serial

`Readonly`subject

`Readonly`subjectDN

`Protected`subjectDNSet

`Readonly`subjectPublicKey

`Static` `Readonly`Builder

`Static` `Readonly`Bundle

`Static` `Readonly`Hash

`Protected`finalizeConstruction

Returns
| undefined
| (
| [id: ASN1OID, critical: boolean, value: Buffer]
| [id: ASN1OID, value: Buffer]
)[]

`Protected`processExtension

`Protected`processExtensions

`Optional`intermediate?: Set<Certificate>

`Optional`root?: Set<Certificate>

`Static`isCertificate