Module: bip70/x509

Members

(static) allowUntrusted :Boolean

Whether to allow untrusted root certs during verification.

Type:
  • Boolean
Source:

(static) curves :Object

OID to curve name map for ECDSA.

Type:
  • Object
Source:

(static, constant) oid :Object

OID to algorithm map for PKI.

Type:
  • Object
Source:
See:

(static) trusted :Object

Map of trusted root certs.

Type:
  • Object
Source:

Methods

(static) getCAName(cert) → {String}

Try to retrieve CA name by checking for a few different OIDs.

Parameters:
Name Type Description
cert Object
Source:
Returns:
Type
String

(static) getCurve(params) → {Object}

Lookup curve based on key parameters.

Parameters:
Name Type Description
params Buffer
Source:
Returns:
Type
Object

(static) getKeyAlgorithm(cert) → {Object}

Retrieve key algorithm from cert.

Parameters:
Name Type Description
cert Object
Source:
Returns:
Type
Object

(static) getPublicKey(cert) → {Object|null}

Get cert public key.

Parameters:
Name Type Description
cert Object
Source:
Returns:
Type
Object | null

(static) getSigAlgorithm(cert) → {Object}

Retrieve signature algorithm from cert.

Parameters:
Name Type Description
cert Object
Source:
Returns:
Type
Object

(static) getSigningKey(key, chain) → {Object}

Get signature key info from cert chain.

Parameters:
Name Type Description
key Buffer
chain Array:.<Buffer:>
Source:
Returns:
Type
Object

(static) getSubjectOID(cert, oid) → {String}

Retrieve cert value by OID.

Parameters:
Name Type Description
cert Object
oid String
Source:
Returns:
Type
String

(static) getVerifyKey(chain) → {Object|null}

Get chain verification key.

Parameters:
Name Type Description
chain Array:.<Buffer:>
Source:
Returns:
Type
Object | null

(static) isTrusted(cert) → {Buffer}

Test whether a cert is trusted by hashing and looking it up in the trusted map.

Parameters:
Name Type Description
cert Object
Source:
Returns:
Type
Buffer

(static) parse(der) → {Object|null}

Parse a DER formatted cert.

Parameters:
Name Type Description
der Buffer
Source:
Returns:
Type
Object | null

(static) parseChain(chain) → {Array:.<Object:>}

Parse certificate chain.

Parameters:
Name Type Description
chain Array:.<Buffer:>
Source:
Returns:
Type
Array:.<Object:>

(static) setTrust(certs)

Add root certificates to the trusted map.

Parameters:
Name Type Description
certs Array:.<Buffer:>
Source:

(static) signSubject(hash, msg, key, chain) → {Buffer}

Sign a hash with the chain signing key.

Parameters:
Name Type Description
hash String
msg Buffer
key Buffer
chain Array:.<Buffer:>
Source:
Returns:
Type
Buffer

(static) verifyChain(certs)

Verify certificate chain.

Parameters:
Name Type Description
certs Array:.<Object:>
Source:

(static) verifySubject(hash, msg, sig, chain) → {Boolean}

Verify a sighash against chain verification key.

Parameters:
Name Type Description
hash String
msg Buffer
sig Buffer
chain Array:.<Buffer:>
Source:
Returns:
Type
Boolean

(static) verifyTime(cert) → {Boolean}

Verify cert expiration time.

Parameters:
Name Type Description
cert Object
Source:
Returns:
Type
Boolean

(static) verifyTimes(chain) → {Boolean}

Verify all expiration times in a certificate chain.

Parameters:
Name Type Description
chain Array:.<Object:>
Source:
Returns:
Type
Boolean

(static) verifyTrust(chain) → {Boolean}

Verify that at least one parent cert in the chain is trusted.

Parameters:
Name Type Description
chain Array:.<Object:>
Source:
Returns:
Type
Boolean