declare namespace jsrsasign.KJUR.asn1.x509 {
interface X509CertificateParamsUnsigned extends CertificateTBSParams {
sigalg: string;
cakey: string | RSAKey | crypto.DSA | crypto.ECDSA;
}
interface X509CertificateParamsSigned extends CertificateTBSParams {
sighex: string;
}
interface X509CertificateTBSParamsUnsigned {
tbsobj: TBSCertificate;
sigalg: string;
cakey: string | RSAKey | crypto.DSA | crypto.ECDSA;
}
interface X509CertificateTBSParamsSigned {
tbsobj: TBSCertificate;
sighex: string;
}
type X509CertificateParams =
| X509CertificateParamsSigned
| X509CertificateParamsUnsigned
| X509CertificateTBSParamsSigned
| X509CertificateTBSParamsUnsigned;
/**
* X.509 Certificate class to sign and generate hex encoded certificate
* @param params JSON object for Certificate parameters
* @description
*
* This class provides Certificate ASN.1 class structure
* defined in
*
* RFC 5280 4.1.
*
* Certificate ::= SEQUENCE {
* tbsCertificate TBSCertificate,
* signatureAlgorithm AlgorithmIdentifier,
* signatureValue BIT STRING }
*
* Parameter "params" JSON object can be
* the same as {@link KJUR.asn1.x509.TBSCertificate}.
* Then they are used to generate TBSCertificate.
* Additionally just for Certificate, following parameters can be used:
*
* - {TBSCertfificate}tbsobj -
* specifies {@link KJUR.asn1.x509.TBSCertificate}
* object to be signed if needed.
* When this isn't specified,
* this will be set from other parametes of TBSCertificate.
*
- {Object}cakey (OPTION) - specifies certificate signing private key.
* Parameter "cakey" or "sighex" shall be specified. Following
* values can be specified:
*
* - PKCS#1/5 or PKCS#8 PEM string of private key
*
- RSAKey/DSA/ECDSA key object. {@link KEYUTIL.getKey} is useful
* to generate a key object.
*
*
* - {String}sighex (OPTION) - hexadecimal string of signature value
* (i.e. ASN.1 value(V) of signatureValue BIT STRING without
* unused bits)
*
* CAUTION: APIs of this class have been totally updated without
* backward compatibility since jsrsasign 9.0.0.
* NOTE1: 'params' can be omitted.
* NOTE2: DSA/ECDSA is also supported for CA signging key from asn1x509 1.0.6.
* @example
* var cert = new KJUR.asn1.x509.Certificate({
* version: 3,
* serial: {hex: "1234..."},
* sigalg: "SHA256withRSAandMGF1",
* ...
* sighex: "1d3f..." // sign() method won't be called
* });
*
* // sighex will by calculated by signing with cakey
* var cert = new KJUR.asn1.x509.Certificate({
* version: 3,
* serial: {hex: "2345..."},
* sigalg: "SHA256withRSA",
* ...
* cakey: "-----BEGIN PRIVATE KEY..."
* });
*
* // use TBSCertificate object to sign
* var cert = new KJUR.asn1.x509.Certificate({
* tbsobj: <>,
* sigalg: "SHA256withRSA",
* cakey: "-----BEGIN PRIVATE KEY..."
* });
*/
class Certificate extends ASN1Object {
constructor(params?: X509CertificateParams);
/**
* set parameter
* @param params JSON object of certificate parameters
* @description
* This method will set parameter
* {@link KJUR.asn1.x509.Certificate#params}
* to this object.
* @example
* cert = new KJUR.asn1.x509.Certificate();
* cert.setByParam({
* version: 3,
* serial: {hex: "1234..."},
* ...
* });
*/
setByParam(params: X509CertificateParams): void;
/**
* get PEM formatted certificate string after signed
* @return PEM formatted string of certificate
* @since jsrsasign 9.0.0 asn1hex 2.0.0
* @description
* This method returns a string of PEM formatted
* certificate.
* @example
* cert = new KJUR.asn1.x509.Certificate({...});
* cert.getPEM() →
* "-----BEGIN CERTIFICATE-----\r\n..."
*/
getPEM(): string;
getEncodedHex(): string;
}
}