ObjectX509Cert

X509Cert YescryptoThe object representing the x509 certificate in the module. This object mainly includes certificate information and methods constructed from a DER or PEM format certificate data and certificate chain data. It can perform operations such as certificate parsing and verification.

Through the X509Cert object, you can obtain the certificate's subject name, issuer name, passing time, expiration time, ca verification and other information. You can also export the DER encoding of the certificate, obtain the certificate's public key, signature algorithm and other information.

If you want to load a certificate, you can use the following code to create an X509Cert object from certificate data in DER/PEM format:

1
2
3
4
const crypto = require('crypto');

const certData = require('fs').readFile('server.crt');
const cert = new crypto.X509Cert(certData);

Of course, the X509Cert object also provides a method to directly import the certificate:

1
const cert = crypto.X509Cert.import(certData);

Then you can perform various certificate operations through cert, such as obtaining the validity period of the certificate:

1
2
var strDate = cert.notBefore.toLocaleTimeString() + " " + cert.notBefore.toLocaleDateString() + " ~ " + cert.notAfter.toLocaleTimeString() + " " + cert.notAfter.toLocaleDateString();
console.log(`证书有效时间: ${strDate}`)

inheritance relationship

Constructor

X509Cert

X509Cert constructor

1
new X509Cert();

---

X509Cert constructor, loads a DER format certificate

1
new X509Cert(Buffer derCert);

Call parameters:

• derCert:Buffer, certificate in DER format

---

X509Cert constructor, loads a certificate in CRT/PEM format

1
new X509Cert(String txtCert);

Call parameters:

• txtCert: String, certificate in CRT/PEM format

member properties

version

Integer, get the version of the certificate

1
readonly Integer X509Cert.version;

---

serial

String, get the serial number of the certificate

1
readonly String X509Cert.serial;

---

issuer

String, Gets the distinguished name of the certificate issuer

1
readonly String X509Cert.issuer;

---

subject

String, obtains the subject distinguished name of the certificate

1
readonly String X509Cert.subject;

---

notBefore

Date, obtain the validity time of the certificate

1
readonly Date X509Cert.notBefore;

---

notAfter

Date, get the expiration time of the certificate

1
readonly Date X509Cert.notAfter;

---

ca

Boolean, obtains whether the certificate is a ca certificate

1
readonly Boolean X509Cert.ca;

---

pathlen

Integer, get the pathlen of the certificate

1
readonly Integer X509Cert.pathlen;

---

usage

String, obtains the scope of use of the certificate

1
readonly String X509Cert.usage;

The result is all or part of the following: digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment, keyAgreement, keyCertSign, cRLSign

---

type

String, Netscape certificate type to get the certificate

1
readonly String X509Cert.type;

The result is all or part of the following: client, server, email, objsign, reserved, sslCA, emailCA, objCA

---

sig_md

Integer, the digest algorithm for obtaining the certificate

1
readonly Integer X509Cert.sig_md;

---

sig_pk

Integer, obtains the signature algorithm of the certificate

1
readonly Integer X509Cert.sig_pk;

---

publicKey

PKey, get the public key of the certificate

1
readonly PKey X509Cert.publicKey;

---

next

X509Cert, get the next certificate in the certificate chain

1
readonly X509Cert X509Cert.next;

member function

import

Load a certificate in DER format, which can be called multiple times

1
X509Cert.import(Buffer derCert);

Call parameters:

• derCert:Buffer, certificate in DER format

---

Load a certificate in CRT/PEM format, which can be called multiple times

1
X509Cert.import(String txtCert);

Call parameters:

• txtCert: String, certificate in CRT/PEM format

---

loadRootCerts

Load the default root certificate that comes with it

1
X509Cert.loadRootCerts();

The content of this certificate comes from: http://hg.mozilla.org/releases/mozilla-release/raw-file/default/security/nss/lib/ckfw/builtins/certdata.txt

---

verify

Verify the given certificate using the current certificate chain

1
Boolean X509Cert.verify(X509Cert cert) async;

Call parameters:

• cert: X509Cert, given the certificate that needs to be verified

Return results:

• Boolean, returns True if the verification is successful

---

pem

Export the loaded certificate in PEM format

1
String X509Cert.pem(Boolean all = true);

Call parameters:

• all: Boolean, specifies whether to output all certificates, the default is true

Return results:

• String, export the certificate chain as an array

---

der

Export the loaded certificate in DER format

1
Buffer X509Cert.der();

Return results:

• Buffer, export the certificate chain as an array

---

clear

Clear the loaded certificates

1
X509Cert.clear();

---

toString

Returns the string representation of the object. Generally, "[Native Object]" is returned. The object can be re-implemented according to its own characteristics.

1
String X509Cert.toString();

Return results:

• String, returns the string representation of the object

---

toJSON

Returns a JSON format representation of the object, generally returning a collection of readable properties defined by the object.

1
Value X509Cert.toJSON(String key = "");

Call parameters:

• key: String, not used

Return results:

• Value, returns a value containing JSON serializable