Object built-in object
  1. front page
  2. built-in objects
  3. ObjectX509Req

ObjectX509Req

The X509Req object is an object used to create x509 certificate requests and belongs tocryptomodule

You can create an instance of X509Req through its constructor. In the constructor, you can pass in parameters to specify the subject distinguished name and public key of the certificate, for example:

1
2
3
4
var crypto = require('crypto');

let pky = crypto.PKey.from(private_pem);
let req = new crypto.X509Req("CN=localhost,O=fibjs", pky);

You can use this instance to call the methods and properties of its parent class to obtain information about the certificate request object, for example:

1
2
3
4
5
// return the DER format of the certificate request
let derReq = req.der();

// return the PEM format of the certificate request
let pemReq = req.pem();

You can also sign the X509Req object to generate a formal certificate object, for example:

1
2
3
4
5
6
7
let opt = {
    notBefore: new Date('2019-01-01') // valid from 2019-01-01
        ,
    notAfter: new Date('2029-12-31') // valid to 2029-12-31
};
let crt = req.sign("CN=myy.mkx", pky, opt);
// CN=myy.mkx is the issuer of the certificate

It should be noted that the X509Req object is used to create an x509 certificate request, not the certificate itself. To obtain a valid certificate, it needs to be signed. At the same time, the public key used to sign the certificate must be consistent with the public key used in the certificate request.

inheritance relationship

%0 object object toString() toJSON() X509Req X509Req new X509Req() subject publicKey sig_md sig_pk import() pem() der() sign() object->X509Req

Constructor

X509Req

X509Req constructor

1
new X509Req();

X509Req constructor, creates a certificate request based on the given information

1
2
3
new X509Req(String subject,
    PKey key,
    Integer hash = hash.SHA256);

Call parameters:

  • subject: String, the subject distinguished name of the certificate
  • key:PKey, the public key of the certificate
  • hash: Integer, certificate digest algorithm, default ishash.SHA256

X509Req constructor, loads a certificate request in DER format

1
new X509Req(Buffer derReq);

Call parameters:

  • derReq:Buffer, certificate request in DER format

X509Req constructor, loads a certificate request in PEM format

1
new X509Req(String pemReq);

Call parameters:

  • pemReq: String, certificate request in DER format

member properties

subject

String, obtains the subject distinguished name of the certificate

1
readonly String X509Req.subject;

publicKey

PKey, get the public key of the certificate

1
readonly PKey X509Req.publicKey;

sig_md

Integer, the digest algorithm for obtaining the certificate

1
readonly Integer X509Req.sig_md;

sig_pk

Integer, obtains the signature algorithm of the certificate

1
readonly Integer X509Req.sig_pk;

member function

import

Load a certificate request in DER format

1
X509Req.import(Buffer derReq);

Call parameters:

  • derReq:Buffer, certificate request in DER format

Load a certificate request in PEM format

1
X509Req.import(String pemReq);

Call parameters:

  • pemReq: String, certificate request in PEM format

pem

Returns the PEM format encoding of the current certificate request

1
String X509Req.pem();

Return results:

  • String, the PEM format encoding of the current certificate request

der

Returns the DER format encoding of the current certificate request

1
Buffer X509Req.der();

Return results:

  • Buffer, the DER format encoding of the current certificate request

sign

Sign the current certificate request as an official certificate

1
2
3
X509Cert X509Req.sign(String issuer,
    PKey key,
    Object opts = {}) async;

Call parameters:

  • issuer: String, the distinguished name of the signing authority
  • key:PKey, the private key of the signing authority
  • opts: Object, other optional parameters

Return results:

  • X509Cert, returns the signed official certificate

The fields received by opts are as follows:

1
2
3
4
5
6
7
8
{
    ca: false, // specify if the certificate is a CA certificate, default is false
    pathlen: -1, // specify the path length of the certificate, default is -1
    notBefore: "", // specify the certificate valid from date, default is current date
    notAfter: "", // specify the certificate valid to date, default is 365 days after current date
    usage: "", // specify the certificate usage, accept: digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment, keyAgreement, keyCertSign, cRLSign
    type: "" // specify the certificate Netscape certificate type, accept: client, server, email, objsign, reserved, sslCA, emailCA, objCA
}

toString

Returns the string representation of the object. Generally, "[Native Object]" is returned. The object can be re-implemented according to its own characteristics.

1
String X509Req.toString();

Return results:

  • String, returns the string representation of the object

toJSON

Returns a JSON format representation of the object, generally returning a collection of readable properties defined by the object.

1
Value X509Req.toJSON(String key = "");

Call parameters:

  • key: String, not used

Return results:

  • Value, returns a value containing JSON serializable
© Copyright 2012-2024 fibjs.org | Support us