How to use the asn1.js-rfc5280.Certificate function in asn1
To help you get started, we’ve selected a few asn1 examples, based on popular ways it is used in public projects.
Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.
bitpay / bitcore / packages / bitcore-payment-protocol / lib / browser.js View on Github 
var ncert = chain[i + 1];
// The root cert, check if it's trusted:
if (!ncert || name) {
if (!name) {
return false;
}
chain.length = 0;
return true;
}
var nder = ncert.toString('hex');
var npem = KJUR.asn1.ASN1Util.getPEMStringFromHex(nder, 'CERTIFICATE');
// Get Next Certificate:
var ndata = new Buffer(nder, 'hex');
var nc = rfc5280.Certificate.decode(ndata, 'der');
var npubKey;
// Get Public Key from next certificate (via KJUR because it's a mess):
if (sigHashAlg !== 'none') {
var js = new KJUR.crypto.Signature({
alg: sigHashAlg + 'withRSA',
prov: 'cryptojs/jsrsa'
});
js.init(npem);
npubKey = js.pubKey;
}
// Get Signature Value from current certificate:
var data = new Buffer(der, 'hex');
var c = rfc5280.Certificate.decode(data, 'der');
var sig = c.signature.data;var nc = rfc5280.Certificate.decode(ndata, 'der');
var npubKey;
// Get Public Key from next certificate (via KJUR because it's a mess):
if (sigHashAlg !== 'none') {
var js = new KJUR.crypto.Signature({
alg: sigHashAlg + 'withRSA',
prov: 'cryptojs/jsrsa'
});
js.init(npem);
npubKey = js.pubKey;
}
// Get Signature Value from current certificate:
var data = new Buffer(der, 'hex');
var c = rfc5280.Certificate.decode(data, 'der');
var sig = c.signature.data;
// Check Validity of Certificates
var validityVerified = PaymentProtocol.validateCertTime(c, nc);
// Check the Issuer matches the Subject of the next certificate:
var issuerVerified = PaymentProtocol.validateCertIssuer(c, nc);
var sigVerified;
// Verify current Certificate signature
if (sigHashAlg !== 'none') {
var jsrsaSig = new KJUR.crypto.Signature({
alg: sigHashAlg + 'withRSA',
prov: 'cryptojs/jsrsa'
});chain.length = 0;
return true;
}
var nder = ncert.toString('hex');
// Get Public Key from next certificate:
var ndata = new Buffer(nder, 'hex');
var nc = rfc5280.Certificate.decode(ndata, 'der');
var npubKeyAlg = PaymentProtocol.getAlgorithm(
nc.tbsCertificate.subjectPublicKeyInfo.algorithm.algorithm);
var npubKey = nc.tbsCertificate.subjectPublicKeyInfo.subjectPublicKey.data;
npubKey = PaymentProtocol.DERtoPEM(npubKey, npubKeyAlg + ' PUBLIC KEY');
// Get Signature Value from current certificate:
var data = new Buffer(der, 'hex');
var c = rfc5280.Certificate.decode(data, 'der');
var sig = c.signature.data;
// Check Validity of Certificates
var validityVerified = PaymentProtocol.validateCertTime(c, nc);
// Check the Issuer matches the Subject of the next certificate:
var issuerVerified = PaymentProtocol.validateCertIssuer(c, nc);
// Verify current Certificate signature:
// Get the raw DER TBSCertificate
// from the DER Certificate:
var tbs = PaymentProtocol.getTBSCertificate(data, sig);
var verifier = crypto.createVerify('RSA-' + sigHashAlg);
verifier.update(tbs);
var sigVerified = verifier.verify(npubKey, sig);var ncert = chain[i + 1];
// The root cert, check if it's trusted:
if (!ncert || name) {
if (!name) {
return false;
}
chain.length = 0;
return true;
}
var nder = ncert.toString('hex');
// Get Public Key from next certificate:
var ndata = new Buffer(nder, 'hex');
var nc = rfc5280.Certificate.decode(ndata, 'der');
var npubKeyAlg = PaymentProtocol.getAlgorithm(
nc.tbsCertificate.subjectPublicKeyInfo.algorithm.algorithm);
var npubKey = nc.tbsCertificate.subjectPublicKeyInfo.subjectPublicKey.data;
npubKey = PaymentProtocol.DERtoPEM(npubKey, npubKeyAlg + ' PUBLIC KEY');
// Get Signature Value from current certificate:
var data = new Buffer(der, 'hex');
var c = rfc5280.Certificate.decode(data, 'der');
var sig = c.signature.data;
// Check Validity of Certificates
var validityVerified = PaymentProtocol.validateCertTime(c, nc);
// Check the Issuer matches the Subject of the next certificate:
var issuerVerified = PaymentProtocol.validateCertIssuer(c, nc);exports.buildCertId = function (cert)
{
var issuer = cert.issuerCertificate;
cert = cert.raw;
try
{
cert = rfc5280.Certificate.decode(cert, 'der');
if (issuer)
{
issuer = issuer.raw;
issuer = rfc5280.Certificate.decode(issuer, 'der');
}
}
catch (e)
{
return null; // if we encountered an error during decoding, return null
}
var tbsCert = cert.tbsCertificate;
var tbsIssuer = issuer.tbsCertificate;
const certID = {
hashAlgorithm: {exports.buildCertId = function (cert)
{
var issuer = cert.issuerCertificate;
cert = cert.raw;
try
{
cert = rfc5280.Certificate.decode(cert, 'der');
if (issuer)
{
issuer = issuer.raw;
issuer = rfc5280.Certificate.decode(issuer, 'der');
}
}
catch (e)
{
return null; // if we encountered an error during decoding, return null
}
var tbsCert = cert.tbsCertificate;
var tbsIssuer = issuer.tbsCertificate;
const certID = {
hashAlgorithm: {
// algorithm: [ 2, 16, 840, 1, 101, 3, 4, 2, 1 ] // sha256
algorithm: [1, 3, 14, 3, 2, 26] // sha1
},
issuerNameHash: sha1(rfc5280.Name.encode(tbsCert.issuer, 'der')),};
const tbs_der = rfc5280.TBSCertificate.encode(tbs, 'der');
const sign = crypto.createSign(digest);
sign.update(tbs_der);
const signature = sign.sign(private_key);
const cert = {
tbsCertificate: tbs,
signatureAlgorithm: { algorithm: sha256WithRSAEncryption, parameters: null_ },
signature:
{ unused: 0,
data: signature }
};
const pem = rfc5280.Certificate.encode(cert, 'pem', {label: 'CERTIFICATE'});
fs.writeFileSync('./0-dns-cert.pem', pem + '\n');var BasicOCSPResponse = asn1.define('BasicOCSPResponse', function() {
this.seq().obj(
this.key('tbsResponseData').use(ResponseData),
this.key('signatureAlgorithm').use(rfc5280.AlgorithmIdentifier),
this.key('signature').bitstr(),
this.key('certs').optional().explicit(0).seqof(rfc5280.Certificate)
);
});
exports.BasicOCSPResponse = BasicOCSPResponse;exports.IA5Str = IA5Str;
var Null = asn1.define('Null', function() {
this.null_();
});
exports.SHA256 = [ 2, 16, 840, 1, 101, 3, 4, 2, 1 ];
exports.SHA256RSA = [ 1, 2, 840, 113549, 1, 1, 11 ];
exports.SHA512 = [ 2, 16, 840, 1, 101, 3, 4, 2, 3 ];
exports.SHA512RSA = [ 1, 2, 840, 113549, 1, 1, 13 ];
exports.RSA = [ 1, 2, 840, 113549, 1, 1, 1 ];
exports.COMMONNAME = [ 2, 5, 4, 3 ];
exports.ALTNAME = [ 2, 5, 29, 17 ];
exports.TBSCertificate = rfc5280.TBSCertificate;
exports.Certificate = rfc5280.Certificate;
exports.EMPTY_PARAMETERS = Null.encode(null, 'der');Agent.prototype.handleOCSPResponse = function handleOCSPResponse(socket,
stapling,
cb) {
var cert = socket.ssl.getPeerCertificate(true);
var issuer = cert.issuerCertificate;
cert = cert.raw;
try {
cert = rfc5280.Certificate.decode(cert, 'der');
if (issuer) {
issuer = issuer.raw;
issuer = rfc5280.Certificate.decode(issuer, 'der');
}
} catch (e) {
return cb(e);
}
function onIssuer(err, x509) {
if (err)
return cb(err);
issuer = x509;
if (stapling) {
var req = ocsp.request.generate(cert, issuer);
ocsp.verify({
request: req,
response: staplingasn1
Contains parsers and serializers for ASN.1 (currently BER only)
Package Health Score
77 / 100Popular asn1 functions
- asn1.Ber
- asn1.Ber.BitString
- asn1.Ber.Context
- asn1.Ber.Integer
- asn1.Ber.OctetString
- asn1.Ber.Reader
- asn1.Ber.Writer
- asn1.BerReader
- asn1.BerWriter
- asn1.js-rfc2560.CertID
- asn1.js-rfc2560.OCSPRequest
- asn1.js-rfc2560.OCSPResponse
- asn1.js-rfc5280.AlgorithmIdentifier
- asn1.js-rfc5280.Certificate
- asn1.js-rfc5280.Extensions
- asn1.js-rfc5280.Name
- asn1.js-rfc5280.SubjectPublicKeyInfo
- asn1.js-rfc5280.Version
- asn1.js.bignum
- asn1.js.define