UNPKG

@types/jsrsasign

Version:
1,298 lines (1,234 loc) 94.1 kB
declare namespace jsrsasign { interface ExtensionParameter { [key: string]: any; extname: string; critical: boolean; names: string[]; kid: { [key: string]: any; }; array: any[]; } interface X500Name { array: Array<Array<{ type: string; value: string; ds: string }>>; str: string; } type GeneralName = | { rfc822: string; } | { dns: string; } | { uri: string; } | { ip: string; } | { dn: X500Name; } | { other: ASN1HEXParseResult; } | undefined; interface DistributionPointName { full?: GeneralName[]; } type IdentityArray = Array<[{ type: string; value: string; ds: string }]>; interface X509Extension { oid: string; critical: boolean; vidx: number; } interface IdentityResponse { array: IdentityArray; str: string; } interface CertificateTBSParams { version?: number; // this can be omitted, the default is 3. serial: Hex | { int: number } | { bigint: number } | number; // DERInteger parameter issuer: { array: IdentityArray } | { str: string } | { array: IdentityArray; str: string }; // X500Name parameter sigalg?: string; notbefore: string; // string, passed to Time notafter: string; // string, passed to Time subject: { array: IdentityArray } | { str: string } | { array: IdentityArray; str: string }; // X500Name parameter sbjpubkey: | RSAKey | ECCPrivateKey | KJUR.crypto.ECDSA | KJUR.crypto.DSA | KJUR.jws.JWS.JsonWebKey | { n: string; e: string } | string; // KEYUTIL.getKey pubkey parameter ext: Array<{ extname: string; [x: string]: any }>; } interface Hex { hex: string; } interface AuthorityKeyIdentifierResult { kid: Hex; issuer?: Hex; sn?: Hex; critical?: boolean; } interface PublicKeyInfoPropOfCertPEMResult { /** hexadecimal string of OID of asymmetric key algorithm */ algoid: string; /** hexadecimal string of OID of ECC curve name or null */ algparam: string | null; /** hexadecimal string of key in the certificate */ keyhex: string; } interface DistributionPoint { dpname?: DistributionPointName; } interface DisplayText { type: string; str: string; } interface UserNotice { exptext?: DisplayText; } type PolicyQualifierInfo = | { cps: string; } | { unotice: UserNotice; } | {}; interface PolicyInformation { policyoid: string; array?: PolicyQualifierInfo[]; } type GeneralSubtree = (GeneralName & { min: number }) | (GeneralName & { max: number }); interface ExtSubjectKeyIdentifier { extname: "subjectKeyIdentifier"; kid: Hex; critical?: boolean; } interface ExtKeyUsage { extname: "keyUsage"; critical?: boolean; names: string[]; } interface ExtSubjectAltName { extname: "subjectAltName"; array: GeneralName[]; critical?: boolean; } interface ExtIssuerAltName { extname: "issuerAltName"; array: GeneralName[]; } interface ExtBasicConstraints { extname: "basicConstraints"; critical?: boolean; cA?: boolean; pathLen?: number; } type ExtNameConstraints = | { extname: "nameConstraints"; critical?: boolean; permit: GeneralSubtree[] } | { extname: "nameConstraints"; critical?: boolean; exclude: GeneralSubtree[] }; interface ExtCRLDistributionPoints { extname: "cRLDistributionPoints"; array: DistributionPoint[]; critical?: boolean; } interface ExtCertificatePolicies { extname: "certificatePolicies"; array: PolicyInformation[]; critical?: boolean; } interface ExtAuthorityKeyIdentifier { extname: "authorityKeyIdentifier"; kid: Hex; issuer?: Hex; sn?: Hex; critical?: boolean; } interface ExtExtKeyUsage { extname: "extKeyUsage"; array: string[]; critical?: boolean; } interface ExtAuthorityInfoAccess { extname: "authorityInfoAccess"; critical?: boolean; array: Array< ( | { ocsp: string; } | { caissuer: string; } ) >; } interface ExtCRLNumber { extname: "cRLNumber"; critical?: boolean; num?: { hex: string }; } interface ExtCRLReason { extname: "cRLReason"; critical?: boolean; code?: number; } interface ExtOcspNonce { extname: "ocspNonce"; critical?: boolean; hex: string; } interface ExtOcspNoCheck { extname: "ocspNoCheck"; critical?: boolean; } interface ExtAdobeTimeStamp { extname: "adobeTimeStamp"; critical?: boolean; uri?: string; reqauth?: boolean; } type ExtParam = | { [key: string]: any; extname: string; extn: string; critical?: boolean; code?: number; } | ExtSubjectKeyIdentifier | ExtKeyUsage | ExtSubjectAltName | ExtIssuerAltName | ExtBasicConstraints | ExtNameConstraints | ExtCRLDistributionPoints | ExtCertificatePolicies | ExtAuthorityKeyIdentifier | ExtExtKeyUsage | ExtAuthorityInfoAccess | ExtCRLNumber | ExtCRLReason | ExtOcspNonce | ExtOcspNoCheck | ExtAdobeTimeStamp; interface AIAInfo { caissuer: string[]; ocsp: string[]; } interface UserNotice { exptext?: DisplayText; } /** * hexadecimal X.509 certificate ASN.1 parser class.<br/> * property String hex hexacedimal string for X.509 certificate. * property Number version format version (1: X509v1, 3: X509v3, otherwise: unknown) since jsrsasign 7.1.4 * property Array aExtInfo (DEPRECATED) array of parameters for extensions * @author Kenji Urushima * @version 1.0.1 (08 May 2012) * @see <a href="https://kjur.github.io/jsrsasigns/">'jsrsasign'(RSA Sign JavaScript Library) home page https://kjur.github.io/jsrsasign/</a> * @description * X509 class provides following functionality: * <ul> * <li>parse X.509 certificate ASN.1 structure</li> * <li>get basic fields, extensions, signature algorithms and signature values</li> * <li>read PEM certificate</li> * </ul> * * <ul> * <li><b>TO GET FIELDS</b> * <ul> * <li>serial - {@link X509#getSerialNumberHex}</li> * <li>signature algorithm field - {@link X509#getSignatureAlgorithmField}</li> * <li>issuer - {@link X509#getIssuerHex}</li> * <li>issuer - {@link X509#getIssuerString}</li> * <li>notBefore - {@link X509#getNotBefore}</li> * <li>notAfter - {@link X509#getNotAfter}</li> * <li>subject - {@link X509#getSubjectHex}</li> * <li>subject - {@link X509#getSubjectString}</li> * <li>subjectPublicKeyInfo - {@link X509#getPublicKey}</li> * <li>subjectPublicKeyInfo - {@link X509#getPublicKeyHex}</li> * <li>subjectPublicKeyInfo - {@link X509#getPublicKeyIdx}</li> * <li>subjectPublicKeyInfo - {@link X509.getPublicKeyFromCertPEM}</li> * <li>subjectPublicKeyInfo - {@link X509.getPublicKeyFromCertHex}</li> * <li>subjectPublicKeyInfo - {@link X509#getPublicKeyContentIdx}</li> * <li>signature algorithm - {@link X509#getSignatureAlgorithmName}</li> * <li>signature value - {@link X509#getSignatureValueHex}</li> * </ul> * </li> * <li><b>X509 METHODS TO GET EXTENSIONS</b> * <ul> * <li>authorityKeyIdentifier - {@link X509#getExtAuthorityKeyIdentifier}</li> * <li>subjectKeyIdentifier - {@link X509#getExtSubjectKeyIdentifier}</li> * <li>keyUsage - {@link X509#getExtKeyUsage}</li> * <li>keyUsage - {@link X509#getExtKeyUsageBin}</li> * <li>keyUsage - {@link X509#getExtKeyUsageString}</li> * <li>certificatePolicies - {@link X509#getExtCertificatePolicies}</li> * <li>subjectAltName - {@link X509#getExtSubjectAltName}</li> * <li>subjectAltName2 - {@link X509#getExtSubjectAltName2} (DEPRECATED)</li> * <li>issuerAltName - {@link X509#getExtIssuerAltName}</li> * <li>basicConstraints - {@link X509#getExtBasicConstraints}</li> * <li>nameConstraints - {@link X509#getExtNameConstraints}</li> * <li>extKeyUsage - {@link X509#getExtExtKeyUsage}</li> * <li>extKeyUsage - {@link X509#getExtExtKeyUsageName} (DEPRECATED)</li> * <li>cRLDistributionPoints - {@link X509#getExtCRLDistributionPoints}</li> * <li>cRLDistributionPoints - {@link X509#getExtCRLDistributionPointsURI} (DEPRECATED)</li> * <li>authorityInfoAccess - {@link X509#getExtAuthorityInfoAccess}</li> * <li>authorityInfoAccess - {@link X509#getExtAIAInfo} (DEPRECATED)</li> * <li>cRLNumber - {@link X509#getExtCRLNumber}</li> * <li>cRLReason - {@link X509#getExtCRLReason}</li> * <li>ocspNonce - {@link X509#getExtOcspNonce}</li> * <li>ocspNoCheck - {@link X509#getExtOcspNoCheck}</li> * <li>adobeTimeStamp - {@link X509#getExtAdobeTimeStamp}</li> * </ul> * </li> * <li><b>UTILITIES</b> * <ul> * <li>reading PEM X.509 certificate - {@link X509#readCertPEM}</li> * <li>reading hexadecimal string of X.509 certificate - {@link X509#readCertHex}</li> * <li>get all certificate information - {@link X509#getInfo}</li> * <li>get specified extension information - {@link X509#getExtInfo}</li> * <li>verify signature value - {@link X509#verifySignature}</li> * </ul> * </li> * </ul> */ class X509 { /** * hexacedimal string for X.509 certificate. */ hex: string; /** * format version (1: X509v1, 3: X509v3, otherwise: unknown) since jsrsasign 7.1.4 */ static readonly version: number; foffset: number; /** * (DEPRECATED) array of parameters for extensions */ aExtInfo: X509Extension[]; constructor(params?: string); /** * get format version (X.509v1 or v3 certificate)<br/> * @return Number 1 for X509v1, 3 for X509v3, otherwise 0 * @since jsrsasign 7.1.14 x509 1.1.13 * @description * This method returns a format version of X.509 certificate. * It returns 1 for X.509v1 certificate and 3 for v3 certificate. * Otherwise returns 0. * This method will be automatically called in * {@link X509#readCertPEM}. After then, you can use * {@link X509.version} parameter. * @example * var x = new X509(); * x.readCertPEM(sCertPEM); * version = x.getVersion(); // 1 or 3 * sn = x.getSerialNumberHex(); // return string like "01ad..." */ getVersion(): number; /** * get hexadecimal string of serialNumber field of certificate.<br/> * @return String hexadecimal string of certificate serial number * @example * var x = new X509(); * x.readCertPEM(sCertPEM); * var sn = x.getSerialNumberHex(); // return string like "01ad..." */ getSerialNumberHex(): string; /** * get signature algorithm name in basic field * @return String signature algorithm name (ex. SHA1withRSA, SHA256withECDSA, SHA512withRSAandMGF1) * @since x509 1.1.8 * @see X509#getAlgorithmIdentifierName * @description * This method will get a name of signature algorithm in * basic field of certificate. * <br/> * NOTE: From jsrsasign 8.0.21, RSA-PSS certificate is also supported. * For supported RSA-PSS algorithm name and PSS parameters, * see {@link X509#getSignatureAlgorithmField}. * @example * var x = new X509(); * x.readCertPEM(sCertPEM); * algName = x.getSignatureAlgorithmField(); */ getSignatureAlgorithmField(): string; /** * get algorithm name name of AlgorithmIdentifier ASN.1 structure * @param hTLV hexadecimal string of AlgorithmIdentifier * @return String algorithm name (ex. SHA1withRSA, SHA256withECDSA, SHA512withRSAandMGF1, SHA1) * @since jsrsasign 9.0.0 x509 2.0.0 * @description * This method will get a name of AlgorithmIdentifier. * <br/> * @example * var x = new X509(); * algName = x.getAlgorithmIdentifierName("30..."); */ getAlgorithmIdentifierName(hTLV: string): string; /** * get JSON object of issuer field<br/> * @return Array JSON object of issuer field * @since jsrsasign 9.0.0 x509 2.0.0 * @see X509#getX500Name * @description * @example * var x = new X509(sCertPEM); * x.getIssuer() &rarr; * { array: [[{type:'C',value:'JP',ds:'prn'}],...], * str: "/C=JP/..." } */ getIssuer(): IdentityResponse; /** * get hexadecimal string of issuer field TLV of certificate.<br/> * @return String hexadecial string of issuer DN ASN.1 * @example * var x = new X509(); * x.readCertPEM(sCertPEM); * var issuer = x.getIssuerHex(); // return string like "3013..." */ getIssuerHex(): string; /** * get string of issuer field of certificate.<br/> * @return String issuer DN string * @see X509#getIssuer * @example * var x = new X509(); * x.readCertPEM(sCertPEM); * var dn1 = x.getIssuerString(); // return string like "/C=US/O=TEST" * var dn2 = KJUR.asn1.x509.X500Name.compatToLDAP(dn1); // returns "O=TEST, C=US" */ getIssuerString(): string; /** * get JSON object of subject field<br/> * name getSubject * memberOf X509# * * @return Array JSON object of subject field * @since jsrsasign 9.0.0 x509 2.0.0 * @see X509#getX500Name * @description * @example * var x = new X509(sCertPEM); * x.getSubject() &rarr; * { array: [[{type:'C',value:'JP',ds:'prn'}],...], * str: "/C=JP/..." } */ getSubject(): IdentityResponse; /** * get hexadecimal string of subject field of certificate.<br/> * name getSubjectHex * memberOf X509# * * @return String hexadecial string of subject DN ASN.1 * @example * var x = new X509(); * x.readCertPEM(sCertPEM); * var subject = x.getSubjectHex(); // return string like "3013..." */ getSubjectHex(): string; /** * get string of subject field of certificate.<br/> * name getSubjectString * memberOf X509# * * @return String subject DN string * @see X509#getSubject * @example * var x = new X509(); * x.readCertPEM(sCertPEM); * var dn1 = x.getSubjectString(); // return string like "/C=US/O=TEST" * var dn2 = KJUR.asn1.x509.X500Name.compatToLDAP(dn1); // returns "O=TEST, C=US" */ getSubjectString(): string; /** * get notBefore field string of certificate.<br/> * name getNotBefore * memberOf X509# * * @return String not before time value (ex. "151231235959Z") * @example * var x = new X509(); * x.readCertPEM(sCertPEM); * var notBefore = x.getNotBefore(); // return string like "151231235959Z" */ getNotBefore(): string; /** * get notAfter field string of certificate.<br/> * name getNotAfter * memberOf X509# * * @return String not after time value (ex. "151231235959Z") * @example * var x = new X509(); * x.readCertPEM(sCertPEM); * var notAfter = x.getNotAfter(); // return string like "151231235959Z" */ getNotAfter(): string; /** * get a hexadecimal string of subjectPublicKeyInfo field.<br/> * name getPublicKeyHex * memberOf X509# * * @return String ASN.1 SEQUENCE hexadecimal string of subjectPublicKeyInfo field * @since jsrsasign 7.1.4 x509 1.1.13 * @deprecated since jsrsasign 10.5.7 x509 2.0.13. Please use {@link X509#getSPKI} instead. * * @example * x = new X509(sCertPEM); * hSPKI = x.getPublicKeyHex(); // return string like "30820122..." */ getPublicKeyHex(): string; /** * get ASN.1 TLV hexadecimal string of subjectPublicKeyInfo field.<br/> * name getSPKI * memberOf X509# * * @return string ASN.1 SEQUENCE hexadecimal string of subjectPublicKeyInfo field * @since jsrsasign 10.5.8 x509 2.0.13 * @see X509#getPublicKeyHex * @see X509#getSPKIValue * * @description * Get a hexadecimal string of SubjectPublicKeyInfo ASN.1 TLV of the certificate.<br/> * <pre> * SubjectPublicKeyInfo ::= SEQUENCE { * algorithm AlgorithmIdentifier, * subjectPublicKey BIT STRING } * </pre> * * @example * x = new X509(sCertPEM); * hSPKI = x.getSPKI(); // return string like "30820122..." */ getSPKI(): string; /** * get hexadecimal string of subjectPublicKey of subjectPublicKeyInfo field.<br/> * name getSPKIValue * memberOf X509# * * @return string ASN.1 hexadecimal string of subjectPublicKey * @since jsrsasign 10.5.8 x509 2.0.13 * @see X509#getSPKI * * @description * Get a hexadecimal string of subjectPublicKey ASN.1 value of SubjectPublicKeyInfo * of the certificate without unusedbit "00". * The "subjectPublicKey" is encapsulated by BIT STRING. * This method returns BIT STRING value without unusedbits. * <br/> * <pre> * SubjectPublicKeyInfo ::= SEQUENCE { * algorithm AlgorithmIdentifier, * subjectPublicKey BIT STRING } * </pre> * * @example * x = new X509(sCertPEM); * hSPKIValue = x.getSPKIValue(); // without BIT STRING Encapusulation. */ getSPKIValue(): string; /** * get a string index of subjectPublicKeyInfo field for hexadecimal string certificate.<br/> * name getPublicKeyIdx * memberOf X509# * * @return Number string index of subjectPublicKeyInfo field for hexadecimal string certificate. * @since jsrsasign 7.1.4 x509 1.1.13 * @example * x = new X509(); * x.readCertPEM(sCertPEM); * idx = x.getPublicKeyIdx(); // return string index in x.hex parameter */ getPublicKeyIdx(): number; /** * get a string index of contents of subjectPublicKeyInfo BITSTRING value from hexadecimal certificate<br/> * name getPublicKeyContentIdx * memberOf X509# * * Integer string index of key contents * @since jsrsasign 8.0.0 x509 1.2.0 * @example * x = new X509(); * x.readCertPEM(sCertPEM); * idx = x.getPublicKeyContentIdx(); // return string index in x.hex parameter */ // NOTE: Without BITSTRING encapsulation. getPublicKeyContentIdx(): number; /** * get a RSAKey/ECDSA/DSA public key object of subjectPublicKeyInfo field.<br/> * name getPublicKey * memberOf X509# * * @return Object RSAKey/ECDSA/DSA public key object of subjectPublicKeyInfo field * @since jsrsasign 7.1.4 x509 1.1.13 * @example * x = new X509(); * x.readCertPEM(sCertPEM); * pubkey= x.getPublicKey(); */ getPublicKey(): RSAKey | KJUR.crypto.DSA | KJUR.crypto.ECDSA; /** * get signature algorithm name from hexadecimal certificate data * name getSignatureAlgorithmName * memberOf X509# * * @return String signature algorithm name (ex. SHA1withRSA, SHA256withECDSA) * @since jsrsasign 7.2.0 x509 1.1.14 * @see X509#getAlgorithmIdentifierName * @description * This method will get signature algorithm name of certificate: * @example * var x = new X509(); * x.readCertPEM(sCertPEM); * x.getSignatureAlgorithmName() &rarr; "SHA256withRSA" */ getSignatureAlgorithmName(): string; /** * get signature value as hexadecimal string<br/> * name getSignatureValueHex * memberOf X509# * * @return String signature value hexadecimal string without BitString unused bits * @since jsrsasign 7.2.0 x509 1.1.14 * * @description * This method will get signature value of certificate: * * @example * var x = new X509(); * x.readCertPEM(sCertPEM); * x.getSignatureValueHex() &rarr "8a4c47913..." */ getSignatureValueHex(): string; /** * verifies signature value by public key<br/> * name verifySignature * memberOf X509# * * @param pubKey public key object * @return Boolean true if signature value is valid otherwise false * @since jsrsasign 7.2.0 x509 1.1.14 * * @description * This method verifies signature value of hexadecimal string of * X.509 certificate by specified public key object. * The signature algorithm used to verify will refer * signatureAlgorithm field. (See {@link X509#getSignatureAlgorithmField}) * RSA-PSS signature algorithms (SHA{,256,384,512}withRSAandMGF1) * are available. * * @example * pubKey = KEYUTIL.getKey(pemPublicKey); // or certificate * x = new X509(); * x.readCertPEM(pemCert); * x.verifySignature(pubKey) &rarr; true, false or raising exception */ verifySignature(pubKey: string | RSAKey | KJUR.crypto.DSA | KJUR.crypto.ECDSA | ECCPrivateKey): boolean; /** * set array of X.509v3 and CSR extesion information such as extension OID, criticality and value index. (DEPRECATED)<br/> * name parseExt * memberOf X509# * * @param hCSR - PEM string of certificate signing requrest(CSR) (OPTION) * @since jsrsasign 7.2.0 x509 1.1.14 * @deprecated jsrsasign 9.1.1 x509 2.0.1 * * @description * This method will set an array of X.509v3 extension information having * following parameters: * <ul> * <li>oid - extension OID (ex. 2.5.29.19)</li> * <li>critical - true or false</li> * <li>vidx - string index for extension value</li> * <br/> * When you want to parse extensionRequest of CSR, * argument 'hCSR' shall be specified. * <br/> * NOTE: CSR is supported from jsrsasign 8.0.20 x509 1.1.22. * <br/> * This method and X509.aExtInfo property * have been *deprecated* since jsrsasign 9.1.1. * All extension parser method such as X509.getExt* shall be * call with argument "hExtV" and "critical" explicitly. * * @example * x = new X509(); * x.readCertPEM(sCertPEM); // parseExt() will also be called internally. * * x.aExtInfo &rarr; * [ { oid: "2.5.29,19", critical: true, vidx: 2504 }, ... ] * * // to parse CSR * X = new X509() * x.parseExt("-----BEGIN CERTIFICATE REQUEST-----..."); * x.aExtInfo &rarr; * * [ { oid: "2.5.29,19", critical: true, vidx: 2504 }, ... ] */ parseExt(hCSR: string): void; /** * get a X.509v3 extesion information such as extension OID, criticality and value index for specified oid or name. * @param oidOrName X.509 extension oid or name (ex. keyUsage or 2.5.29.19) * @return X.509 extension information such as extension OID or value indx (see `X509#parseExt`) * @description * This method will get an X.509v3 extension information JSON object * having extension OID, criticality and value idx for specified * extension OID or name. * If there is no such extension, this returns undefined. * @example * x = new X509(); * x.readCertPEM(sCertPEM); // parseExt() will also be called internally. * * x.getExtInfo("keyUsage") → { oid: "2.5.29.15", critical: true, vidx: 1714 } * x.getExtInfo("unknownExt") → undefined */ getExtInfo(oidOrName: string): X509Extension | undefined; /** * get BasicConstraints extension value as object in the certificate * @param hExtV hexadecimal string of extension value (OPTIONAL) * @param critical flag (OPTIONAL) * @return JSON object of BasicConstraints parameter or undefined * @description * This method will get basic constraints extension value as object with following paramters. * * - {Boolean}cA - CA flag whether CA or not * - {Integer}pathLen - maximum intermediate certificate length * - {Boolean}critical - critical flag * * There are use cases for return values: * * - {cA:true,pathLen:3,critical:true} - cA flag is true and pathLen is 3 * - {cA:true,critical:true} - cA flag is true and no pathLen * - {} - basic constraints has no value in case of end entity certificate * undefined - there is no basic constraints extension * * @example * x = new X509(); * x.readCertPEM(sCertPEM); // parseExt() will also be called internally. * x.getExtBasicConstraints() &rarr; {cA:true,pathLen:3,critical:true} */ getExtBasicConstraints(hExtV?: string, critical?: boolean): ExtBasicConstraints; /** * get NameConstraints extension value as object in the certificate<br/> * name getExtNameConstraints * memberOf X509# * * @param hExtV hexadecimal string of extension value (OPTIONAL) * @param Boolean critical flag (OPTIONAL) * @return Object JSON object of NamConstraints parameter or undefined * @since jsrsasign 10.5.16 x509 2.0.16 * @see KJUR.asn1.x509.NameConstraints * @see KJUR.asn1.x509.GeneralSubtree * @see KJUR.asn1.x509.GeneralName * @see X509#getGeneralSubtree * @see X509#getGeneralName * * @description * This method will get name constraints extension value as object with following paramters. * <ul> * <li>Arraypermit - array of {@link KJUR.asn1.x509.GeneralSubtree} parameter</li> * <li>Arrayexclude - array of {@link KJUR.asn1.x509.GeneralSubtree} parameter</li> * <li>{Boolean}critical - critical flag</li> * </ul> * * @example * x = new X509(sCertPEM); * x.getExtNameConstraints() &rarr; { * critical: true, * permit: [{dns: 'example.com'},{rfc822: 'john@example.com'}], * exclude: [{dn: {...X500Name parameter...}}] * } */ getExtNameConstraints(hExtV?: string, critical?: boolean): ExtNameConstraints; /** * get GeneralSubtree ASN.1 structure parameter as JSON object<br/> * name getGeneralSubtree * memberOf X509# * * @param h hexadecimal string of GeneralSubtree * @return Object JSON object of GeneralSubtree parameters or undefined * @since jsrsasign 10.5.16 x509 2.0.16 * @see KJUR.asn1.x509.GeneralSubtree * @see KJUR.asn1.x509.GeneralName * @see X509#getExtNameConstraints * @see X509#getGeneralName * * @description * This method will get GeneralSubtree parameters defined in * <a href="https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.10"> * RFC 5280 4.2.1.10</a>. * <pre> * GeneralSubtree ::= SEQUENCE { * base GeneralName, * minimum [0] BaseDistance DEFAULT 0, * maximum [1] BaseDistance OPTIONAL } * BaseDistance ::= INTEGER (0..MAX) * </pre> * Result of this method can be passed to * {@link KJUR.asn1.x509.GeneralSubtree} constructor. * * @example * x = new X509(sPEM); * x.getGeneralSubtree("30...") &rarr; { dn: ...X500NameObject..., min: 1, max: 3 } * x.getGeneralSubtree("30...") &rarr; { dns: ".example.com" } */ getGeneralSubtree(h: string): GeneralSubtree; /** * get KeyUsage extension value as JSON object * memberOf X509# * * name getExtKeyUsage * @param hExtV hexadecimal string of extension value (OPTIONAL) * @param Boolean critical flag (OPTIONAL) * @return Array JSON object of KeyUsage parameter or undefined * @since jsrsasign 9.0.0 x509 2.0.0 * @see KJUR.asn1.x509.KeyUsage * @see X509#getExtKeyUsageString * @description * This method parse keyUsage extension. When arguments are * not specified, its extension in X509 object will be parsed. * Result of this method can be passed to * {@link KJUR.asn1.x509.KeyUsage} constructor. * <br> * When hExtV and critical specified as arguments, return value * will be generated from them. * <pre> * id-ce-keyUsage OBJECT IDENTIFIER ::= { id-ce 15 } * KeyUsage ::= BIT STRING { * digitalSignature (0), * nonRepudiation (1), * keyEncipherment (2), * dataEncipherment (3), * keyAgreement (4), * keyCertSign (5), * cRLSign (6), * encipherOnly (7), * decipherOnly (8) } * </pre> * @example * x = new X509(); * x.readCertPEM(sCertPEM); // parseExt() will also be called internally. * x.getExtKeyUsage() &rarr; * { * critial: true, * names: ["digitalSignature", "decipherOnly"] * } * * x = new X509(); * x.getExtKeyUsage("306230...") * x.getExtKeyUsage("306230...", true) */ getExtKeyUsage(hExtV?: string, critical?: boolean): ExtKeyUsage; /** * get KeyUsage extension value as binary string in the certificate<br/> * name getExtKeyUsageBin * memberOf X509# * * @param hExtV hexadecimal string of extension value (OPTIONAL) * @return String binary string of key usage bits (ex. '101') * @since jsrsasign 7.2.0 x509 1.1.14 * @see X509#getExtKeyUsage * @description * This method will get key usage extension value * as binary string such like '101'. * Key usage bits definition is in the RFC 5280. * If there is no key usage extension in the certificate, * it returns empty string (i.e. ''). * <br/> * NOTE: argument 'hExtV' supported since jsrsasign 9.0.0 x509 2.0.0. * @example * x = new X509(); * x.readCertPEM(sCertPEM); // parseExt() will also be called internally. * x.getExtKeyUsageBin() &rarr; '101' * // 1 - digitalSignature * // 0 - nonRepudiation * // 1 - keyEncipherment */ getExtKeyUsageBin(hExtV?: string): string; /** * get KeyUsage extension value as names in the certificate<br/> * name getExtKeyUsageString * memberOf X509# * * @param hExtV hexadecimal string of extension value (OPTIONAL) * @return String comma separated string of key usage * @since jsrsasign 7.2.0 x509 1.1.14 * @see X509#getExtKeyUsage * @description * This method will get key usage extension value * as comma separated string of usage names. * If there is no key usage extension in the certificate, * it returns empty string (i.e. ''). * <br/> * NOTE: argument 'hExtV' supported since jsrsasign 9.0.0 x509 2.0.0. * @example * x = new X509(); * x.readCertPEM(sCertPEM); // parseExt() will also be called internally. * x.getExtKeyUsageString() &rarr; "digitalSignature,keyEncipherment" */ getExtKeyUsageString(hExtV?: string): string; /** * get subjectKeyIdentifier value as hexadecimal string in the certificate<br/> * name getExtSubjectKeyIdentifier * memberOf X509# * * @param hExtV hexadecimal string of extension value (OPTIONAL) * @param Boolean critical flag (OPTIONAL) * @return Array JSON object of SubjectKeyIdentifier parameter or undefined * @since jsrsasign 7.2.0 x509 1.1.14 * @description * This method will get * <a href="https://tools.ietf.org/html/rfc5280#section-4.2.1.2"> * SubjectKeyIdentifier extension</a> value as JSON object. * <br> * When hExtV and critical specified as arguments, return value * will be generated from them. * If there is no such extension in the certificate, it returns undefined. * <br> * Result of this method can be passed to * {@link KJUR.asn1.x509.SubjectKeyIdentifier} constructor. * <pre> * id-ce-subjectKeyIdentifier OBJECT IDENTIFIER ::= { id-ce 14 } * SubjectKeyIdentifier ::= KeyIdentifier * </pre> * <br> * CAUTION: * Returned JSON value format have been changed without * backward compatibility since jsrsasign 9.0.0 x509 2.0.0. * * @example * x = new X509(); * x.readCertPEM(sCertPEM); // parseExt() will also be called internally. * x.getExtSubjectKeyIdentifier() &rarr; * { kid: {hex: "1b3347ab..."}, critical: true }; */ getExtSubjectKeyIdentifier( hExtV?: string, critical?: boolean, ): { extname: string; kid: Hex; critical?: boolean | undefined }; /** * get authorityKeyIdentifier value as JSON object in the certificate * @param hExtV hexadecimal string of extension value (OPTIONAL) * @param critical flag (OPTIONAL) * @return JSON object of AuthorityKeyIdentifier parameter or undefined * @description * This method will get * {@link getExtAuthorityKeyIdentifier https://tools.ietf.org/html/rfc5280#section-4.2.1.1} * value as JSON object. * * When hExtV and critical specified as arguments, return value * will be generated from them. * If there is no such extension in the certificate, it returns undefined. * * Result of this method can be passed to * {@link KJUR.asn1.x509.AuthorityKeyIdentifier} constructor. * * id-ce-authorityKeyIdentifier OBJECT IDENTIFIER ::= { id-ce 35 } * AuthorityKeyIdentifier ::= SEQUENCE { * keyIdentifier [0] KeyIdentifier OPTIONAL, * authorityCertIssuer [1] GeneralNames OPTIONAL, * authorityCertSerialNumber [2] CertificateSerialNumber OPTIONAL } * KeyIdentifier ::= OCTET STRING * * Constructor may have following parameters: * * - Arraykid - JSON object of {@link KJUR.asn1.DEROctetString} parameters * - Arrayissuer - JSON object of {@link KJUR.asn1.x509.X500Name} parameters * - Arraysn - JSON object of {@link KJUR.asn1.DERInteger} parameters * - {Boolean}critical - critical flag * * NOTE: The 'authorityCertIssuer' and 'authorityCertSerialNumber' * supported since jsrsasign 9.0.0 x509 2.0.0. * @example * x = new X509(); * x.readCertPEM(sCertPEM); * x.getExtAuthorityKeyIdentifier() &rarr; * { kid: {hex: "1234abcd..."}, * issuer: {hex: "30..."}, * sn: {hex: "1234..."}, * critical: true} */ getExtAuthorityKeyIdentifier(hExtV?: string, critical?: boolean): AuthorityKeyIdentifierResult; /** * get extKeyUsage value as JSON object * name getExtExtKeyUsage * memberOf X509# * * @param hExtV hexadecimal string of extension value (OPTIONAL) * @param Boolean critical flag (OPTIONAL) * @return Array JSON object of ExtKeyUsage parameter or undefined * @return Object JSONarray of extended key usage ID name or oid * @since jsrsasign 9.0.0 x509 2.0.0 * @see KJUR.asn1.x509.ExtKeyUsage * @description * This method parse extKeyUsage extension. When arguments are * not specified, its extension in X509 object will be parsed. * Result of this method can be passed to * {@link KJUR.asn1.x509.ExtKeyUsage} constructor. * <br> * When hExtV and critical specified as arguments, return value * will be generated from them. * @example * x = new X509(); * x.readCertPEM(sCertPEM); // parseExt() will also be called internally. * x.getExtExtKeyUsage() &rarr; * { array: ["clientAuth", "emailProtection", "1.3.6.1.4.1.311.10.3.4"], * critical: true}, */ getExtExtKeyUsage(hExtV?: string, critical?: boolean): ExtExtKeyUsage; /** * get extKeyUsage value as array of name string in the certificate(DEPRECATED)<br/> * name getExtExtKeyUsageName * memberOf X509# * * @return Object array of extended key usage ID name or oid * @since jsrsasign 7.2.0 x509 1.1.14 * @deprecated since jsrsasign 9.0.0 x509 2.0.0 * @description * This method will get extended key usage extension value * as array of name or OID string. * If there is this in the certificate, it returns undefined; * <br> * NOTE: Supported extended key usage ID names are defined in * name2oidList parameter in asn1x509.js file. * @example * x = new X509(); * x.readCertPEM(sCertPEM); // parseExt() will also be called internally. * x.getExtExtKeyUsageName() &rarr; ["serverAuth", "clientAuth", "0.1.2.3.4.5"] */ getExtExtKeyUsageName(): string[]; /** * get subjectAltName value as array of string in the certificate * name getExtSubjectAltName * memberOf X509# * * @param hExtV hexadecimal string of extension value (OPTIONAL) * @param Boolean critical flag (OPTIONAL) * @return Array JSON object of SubjectAltName parameters or undefined * @since jsrsasign 7.2.0 x509 1.1.14 * @see KJUR.asn1.x509.SubjectAltName * @see X509#getExtIssuerAltName * @description * This method will get subjectAltName value * as an array of JSON object which has properties defined * in {@link KJUR.asn1.x509.SubjectAltName}. * Result of this method can be passed to * {@link KJUR.asn1.x509.SubjectAltName} constructor. * If there is no this extension in the certificate, * it returns undefined. * <br> * When hExtV and critical specified as arguments, return value * will be generated from them. * <br> * CAUTION: return value of JSON object format have been changed * from jsrsasign 9.0.0 x509 2.0.0 without backword compatibility. * @example * x = new X509(); * x.readCertPEM(sCertPEM); // parseExt() will also be called internally. * x.getExtSubjectAltName() &rarr; * { array: [ * {uri: "http://example.com/"}, * {rfc822: "user1@example.com"}, * {dns: "example.com"} * ], * critical: true * } * * x.getExtSubjectAltName("3026...") &rarr; * { array: [{ip: "192.168.1.1"}] } */ getExtSubjectAltName(hExtV?: string, critical?: boolean): ExtSubjectAltName; /** * get issuerAltName value as array of string in the certificate * name getExtIssuerAltName * memberOf X509# * * @param hExtV hexadecimal string of extension value (OPTIONAL) * @param Boolean critical flag (OPTIONAL) * @return Array JSON object of IssuerAltName parameters * @since jsrsasign 9.0.0 x509 2.0.0 * @see KJUR.asn1.x509.IssuerAltName * @see X509#getExtSubjectAltName * @description * This method will get issuerAltName value * as an array of JSON object which has properties defined * in {@link KJUR.asn1.x509.IssuerAltName}. * Result of this method can be passed to * {@link KJUR.asn1.x509.IssuerAltName} constructor. * If there is no this extension in the certificate, * it returns undefined. * <br> * When hExtV and critical specified as arguments, return value * will be generated from them. * @example * x = new X509(); * x.readCertPEM(sCertPEM); // parseExt() will also be called internally. * x.getExtIssuerAltName() &rarr; * { array: [ * {uri: "http://example.com/"}, * {rfc822: "user1@example.com"}, * {dns: "example.com"} * ], * critical: true * } * * x.getExtIssuerAltName("3026...") &rarr; * { array: [{ip: "192.168.1.1"}] } */ getExtIssuerAltName(hExtV?: string, critical?: boolean): ExtIssuerAltName; /** * get GeneralNames ASN.1 structure parameter as JSON object * name getGeneralNames * memberOf X509# * * @param h hexadecimal string of GeneralNames * @return Array array of GeneralNames parameters * @see KJUR.asn1.x509.GeneralNames * @see KJUR.asn1.x509.GeneralName * @see X509#getGeneralNames * @since jsrsasign 9.0.0 x509 2.0.0 * @description * This method will get GeneralNames parameters defined in * <a href="https://tools.ietf.org/html/rfc5280#section-4.2.1.6"> * RFC 5280 4.2.1.6</a>. * <pre> * GeneralNames ::= SEQUENCE SIZE (1..MAX) OF GeneralName * </pre> * Result of this method can be passed to * {@link KJUR.asn1.x509.GeneralNames} constructor. * @example * x = new X509(); * x.getGeneralNames("3011860f687474703a2f2f6161612e636f6d2f") * &rarr; [{uri: "http://aaa.com/"}] * * x.getGeneralNames("301ea41c30...") &rarr; * [{ dn: { * array: [ * [{type:"C", value:"JP", ds:"prn"}], * [{type:"O", value:"T1", ds:"utf8"}] * ], * str: "/C=JP/O=T1" } }] */ getGeneralNames(h: string): GeneralName[]; /** * get GeneralName ASN.1 structure parameter as JSON object<br/> * name getGeneralName * memberOf X509# * * @param h hexadecimal string of GeneralName * @return Array JSON object of GeneralName parameters or undefined * @since jsrsasign 9.0.0 x509 2.0.0 * @see KJUR.asn1.x509.GeneralNames * @see KJUR.asn1.x509.GeneralName * @see KJUR.asn1.x509.OtherName * @see X509#getGeneralName * @see X509#getOtherName * * @description * This method will get GeneralName parameters defined in * <a href="https://tools.ietf.org/html/rfc5280#section-4.2.1.6"> * RFC 5280 4.2.1.6</a>. * <pre> * GeneralName ::= CHOICE { * otherName [0] OtherName, * rfc822Name [1] IA5String, * dNSName [2] IA5String, * x400Address [3] ORAddress, * directoryName [4] Name, * ediPartyName [5] EDIPartyName, * uniformResourceIdentifier [6] IA5String, * iPAddress [7] OCTET STRING, * registeredID [8] OBJECT IDENTIFIER } * </pre> * Result of this method can be passed to * {@link KJUR.asn1.x509.GeneralName} constructor. * @example * x = new X509(); * x.getGeneralName("860f687474703a2f2f6161612e636f6d2f") * &rarr; {uri: "http://aaa.com/"} * x.getGeneralName("a41c30...") &rarr; * { dn: { * array: [ * [{type:"C", value:"JP", ds:"prn"}], * [{type:"O", value:"T1", ds:"utf8"}] * ], * str: "/C=JP/O=T1" } } */ getGeneralName(h: string): GeneralName; /** * get subjectAltName value as array of string in the certificate (DEPRECATED) * name getExtSubjectAltName2 * memberOf X509# * * @return Object array of alt name array * @since jsrsasign 8.0.1 x509 1.1.17 * @deprecated jsrsasign 9.0.0 x509 2.0.0 * @description * This method will get subject alt name extension value * as array of type and name. * If there is this in the certificate, it returns undefined; * Type of GeneralName will be shown as following: * <ul> * <li>"MAIL" - [1]rfc822Name</li> * <li>"DNS" - [2]dNSName</li> * <li>"DN" - [4]directoryName</li> * <li>"URI" - [6]uniformResourceIdentifier</li> * <li>"IP" - [7]iPAddress</li> * </ul> * @example * x = new X509(); * x.readCertPEM(sCertPEM); // parseExt() will also be called internally. * x.getExtSubjectAltName2() &rarr; * [["DNS", "example.com"], * ["DNS", "example.org"], * ["MAIL", "foo@example.com"], * ["IP", "192.168.1.1"], * ["IP", "2001:db8::2:1"], * ["DN", "/C=US/O=TEST1"]] */ getExtSubjectAltName2(): string[][] | undefined; /** * get CRLDistributionPoints extension value as JSON object * name getExtCRLDistributionPoints * memberOf X509# * * @param hExtV hexadecimal string of extension value (OPTIONAL) * @param Boolean critical flag (OPTIONAL) * @return Object JSON object of CRLDistributionPoints parameters or undefined * @since jsrsasign 9.0.0 x509 2.0.0 * @see KJUR.asn1.x509.CRLDistributionPoints * @see X509#getDistributionPoint * @see X509#getDistributionPointName * @see X509#getGeneralNames * @see X509#getGeneralName * @description * This method will get certificate policies value * as an array of JSON object which has properties defined * in {@link KJUR.asn1.x509.CRLDistributionPoints}. * Result of this method can be passed to * {@link KJUR.asn1.x509.CRLDistributionPoints} constructor. * If there is no this extension in the certificate, * it returns undefined. * @example * x = new X509(); * x.readCertPEM(sCertPEM); // parseExt() will also be called internally. * x.getExtCRLDistributionPoints() &rarr; * {array: [ * {dpname: {full: [{uri: "http://example.com/"}]}}, * {dpname: {full: [{uri: "ldap://example.com/"}]}} * ], * critical: true} */ getExtCRLDistributionPoints(hExtV?: string, critical?: boolean): ExtCRLDistributionPoints; /** * get DistributionPoint ASN.1 structure parameter as JSON object * name getDistributionPoint * memberOf X509# * * @param h hexadecimal string