-
-
Notifications
You must be signed in to change notification settings - Fork 642
Tutorial for ASN.1 structure classes of X.509 certificate OBSOLETED
Kenji Urushima edited this page Apr 26, 2021
·
3 revisions
TOP | Wiki | DOWNLOADS | TUTORIALS | API REFERENCE | Online Tool | DEMO | NODE TOOL
The name space KJUR.asn1.x509 concludes some classes of ASN.1 structures for X.509 certificate. Class names and methods are very similar to BouncyCastle JCE library. So if you know it it's easy to learn.
When you generate X.509 certificate by CA private key you'll take following procedures:
- generate TBSCertificate object
- add Basic Fields to TBSCertificate object
- add Extensions to TBSCertificate object
- sign certificate and get a PEM formatted string of the certificate
// generate TBSCertificate
var tbsc = new KJUR.asn1.x509.TBSCertificate();
// add basic fields
tbsc.setSerialNumberByParam({'int': 1234});
tbsc.setSignatureAlgByParam({'name': 'SHA1withRSA'});
tbsc.setIssuerByParam({'str': "/C=US/O=Test/CN=CA"});
tbsc.setNotBeforeByParam({'str': "130511235959Z"});
tbsc.setNotAfterByParam({'str': "150511235959Z"});
tbsc.setSubjectByParam({'str': "/C=US/O=Test/CN=User1"});
tbsc.setSubjectPublicKeyByParam({'rsapem': "----BEGIN PUBLIC KEY(snip)"});
// add extensions
tbsc.appendExtension(new KJUR.asn1.x509.BasicConstraints({'cA': false}));
tbsc.appendExtension(new KJUR.asn1.x509.KeyUsage({'bin':'11'}));
tbsc.appendExtension(new KJUR.asn1.x509.CRLDistributionPoints({'uri':'http://a.com/a.crl'}));
// sign and get PEM certificate with CA private key
var cert = new KJUR.asn1.x509.Certificate({'tbscertobj': tbsc,
'rsaprvpem': '----BEGIN RSA PRIVATE KEY(snip)',
'rsaprvpas': 'password'});
cert.sign();
var certPEM = cert.getPEMString();