Class Certificate

Constructors

constructor

new Certificate(
input: string | ArrayBuffer | Buffer | Certificate,
options?: CertificateOptions,
): Certificate
Parameters
- input: string | ArrayBuffer | Buffer | Certificate
- Optionaloptions: CertificateOptions
Returns Certificate

Properties

`Optional` `Readonly`baseExtensions

baseExtensions?: {
    authorityKeyIdentifier?: { contains: Buffer; type: "context"; value: 0 };
    basicConstraints?: [ca: boolean, pathLenConstraint?: bigint];
    subjectKeyIdentifier?: Buffer;
}

Basic Extensions

Type declaration

OptionalauthorityKeyIdentifier?: { contains: Buffer; type: "context"; value: 0 }
Authority Key Identifier
OptionalbasicConstraints?: [ca: boolean, pathLenConstraint?: bigint]
Basic Constraints
OptionalsubjectKeyIdentifier?: Buffer
Subject Key Identifier

`Optional` `Readonly`chain

chain?: Certificate[]

Chain, if a store is provided

`Readonly`issuer

issuer: string

The Issuer DN of the certificate as a string --- for informational purposes only

`Protected`issuerDN

issuerDN: ASN1Set[]

The complete IssuerDN

`Readonly`moment

moment: null | Date

The moment at which the certificate was validated

`Readonly`notAfter

notAfter: Date

The timestamp at which the certificate expires

`Readonly`notBefore

notBefore: Date

The timestamp at which the certificate becomes valid

`Readonly`serial

serial: bigint

The serial number of the certificate

`Readonly`subject

subject: string

The Subject DN of the certificate as a string --- for informational purposes only

`Protected`subjectDN

subjectDN: ASN1Set[]

The complete SubjectDN

`Readonly`subjectPublicKey

subjectPublicKey: Account

The Subject of the certificate as a KeetaNet Account, derived from the public key in the certificate

`Static` `Readonly`Builder

Builder: typeof CertificateBuilder = CertificateBuilder

The Certificate Builder

Accessors

trusted

get trusted(): boolean
If this certificate can be trusted to have been validated to a trusted Root CA

Returns boolean

Methods

assertValid

assertValid(moment?: null | Date): void
Assert that the certificate is valid at a given moment
Parameters
- Optionalmoment: null | Date
Returns void

checkIssued

checkIssued(issuer: Certificate): boolean
Check if the certificate is issued by a given issuer
Parameters
- issuer: Certificate
Returns boolean
checkIssued(
issuer: Certificate,
reason: true,
): { issued: true } | { issued: false; reason: string }
Check if the certificate is issued by a given issuer
Parameters
- issuer: Certificate
- reason: true
Returns { issued: true } | { issued: false; reason: string }

checkValid

checkValid(moment?: null | Date): boolean
Check if the certificate is valid at a given moment
Parameters
- Optionalmoment: null | Date
Returns boolean
checkValid(moment?: null | Date, reason?: false): boolean
Check if the certificate is valid at a given moment
Parameters
- Optionalmoment: null | Date
- Optionalreason: false
Returns boolean
checkValid(
moment?: null | Date,
reason?: true,
): { valid: true } | { reason: string; valid: false }
Check if the certificate is valid at a given moment
Parameters
- Optionalmoment: null | Date
- Optionalreason: true
Returns { valid: true } | { reason: string; valid: false }

equals

equals(other: Certificate): boolean
Compare the certificate with another certificate and return true if they are the same
Parameters
- other: Certificate
Returns boolean

`Protected`finalizeConstruction

finalizeConstruction(): void
Finalize construction of the certificate -- if this method is replaced in a subclass, remember to call it at the end of the subclass constructor or the certificate will not be fully constructed

Returns void

getIssuerAccount

getIssuerAccount(): null | Account<ECDSA_SECP256K1 | ED25519 | ECDSA_SECP256R1>
Get the issuer account

Returns null | Account<ECDSA_SECP256K1 | ED25519 | ECDSA_SECP256R1>

getIssuerCertificate

getIssuerCertificate(): null | Certificate
Get the issuer certificate (if known)

Returns null | Certificate

getRootCertificate

getRootCertificate(): null | Certificate
Get the root certificate (if known)

Returns null | Certificate

hash

hash(): string
Compute a hash of the certificate

Returns string

isSelfSigned

isSelfSigned(): boolean
Verifies that a certificate is self-signed

Returns boolean

`Protected`processExtension

processExtension(id: string, value: ArrayBuffer): boolean
Process an extension -- returns true if the extension was processed

This is intended to be overridden by subclasses for processing custom extensions
Parameters
- id: string
- value: ArrayBuffer
Returns boolean

`Protected`processExtensions

processExtensions(): void
Process remaining extensions

Returns void

toDER

toDER(): ArrayBuffer
Get the certificate as a DER encoded ArrayBuffer

Returns ArrayBuffer

toJSON

toJSON(includeChain?: boolean): any
Get a JSON representation of the certificate
Parameters
- includeChain: boolean = false
Returns any

toPEM

toPEM(): string
Get the certificate as a PEM encoded string

Returns string

verify

verify(
    account:
        | Account<ECDSA_SECP256K1 | ED25519 | ECDSA_SECP256R1>
        | Certificate,
): boolean
Verifies that the certificate is was signed by the given account or certificate
Parameters
- account: Account<ECDSA_SECP256K1 | ED25519 | ECDSA_SECP256R1> | Certificate
Returns boolean

verifyChain

verifyChain(
store: { intermediate?: Set<Certificate>; root?: Set<Certificate> },
_ignore_seenCerts?: Set<Certificate>,
): null | Certificate[]
Verify against a given certificate store
Parameters
- store: { intermediate?: Set<Certificate>; root?: Set<Certificate> }
  - Optionalintermediate?: Set<Certificate>
    Intermediate certificates
  - Optionalroot?: Set<Certificate>
    Root certificates
- Optional_ignore_seenCerts: Set<Certificate>
Returns null | Certificate[]

`Static`isCertificate

isCertificate(value: unknown): value is Certificate
Is a certificate object?
Parameters
- value: unknown
Returns value is Certificate

Class Certificate

Index

Constructors

Properties

Accessors

Methods

Constructors

constructor

Parameters

Returns Certificate

Properties

Optional ReadonlybaseExtensions

Type declaration

OptionalauthorityKeyIdentifier?: { contains: Buffer; type: "context"; value: 0 }

OptionalbasicConstraints?: [ca: boolean, pathLenConstraint?: bigint]

OptionalsubjectKeyIdentifier?: Buffer

Optional Readonlychain

Readonlyissuer

ProtectedissuerDN

Readonlymoment

ReadonlynotAfter

ReadonlynotBefore

Readonlyserial

Readonlysubject

ProtectedsubjectDN

ReadonlysubjectPublicKey

Static ReadonlyBuilder

Accessors

trusted

Returns boolean

Methods

assertValid

Parameters

Returns void

checkIssued

Parameters

Returns boolean

Parameters

Returns { issued: true } | { issued: false; reason: string }

checkValid

Parameters

Returns boolean

Parameters

Returns boolean

Parameters

Returns { valid: true } | { reason: string; valid: false }

equals

Parameters

Returns boolean

ProtectedfinalizeConstruction

Returns void

getIssuerAccount

Returns null | Account<ECDSA_SECP256K1 | ED25519 | ECDSA_SECP256R1>

getIssuerCertificate

Returns null | Certificate

getRootCertificate

Returns null | Certificate

hash

Returns string

isSelfSigned

Returns boolean

ProtectedprocessExtension

Parameters

Returns boolean

ProtectedprocessExtensions

Returns void

toDER

Returns ArrayBuffer

toJSON

Parameters

Returns any

toPEM

Returns string

verify

Parameters

Returns boolean

verifyChain

Parameters

Optionalintermediate?: Set<Certificate>

Optionalroot?: Set<Certificate>

`Optional` `Readonly`baseExtensions

`Optional`authorityKeyIdentifier?: { contains: Buffer; type: "context"; value: 0 }

`Optional`basicConstraints?: [ca: boolean, pathLenConstraint?: bigint]

`Optional`subjectKeyIdentifier?: Buffer

`Optional` `Readonly`chain

`Readonly`issuer

`Protected`issuerDN

`Readonly`moment

`Readonly`notAfter

`Readonly`notBefore

`Readonly`serial

`Readonly`subject

`Protected`subjectDN

`Readonly`subjectPublicKey

`Static` `Readonly`Builder

`Protected`finalizeConstruction

`Protected`processExtension

`Protected`processExtensions

`Optional`intermediate?: Set<Certificate>

`Optional`root?: Set<Certificate>

`Static`isCertificate