search

PeculiarVentures / x509

@peculiar/x509 is an easy to use TypeScript/Javascript library based on @peculiar/asn1-schema that makes generating X.509 Certificates and Certificate Requests as well as validating certificate chains easy
https://peculiarventures.github.io/x509/
MIT License
86 stars 14 forks source link

Examples of using X509Crl and X509CrlGenerator #78

Closed dangtony98 closed 4 months ago

dangtony98 commented 4 months ago

Foremost, thank you for this great library!

As part of needing to implement various CRL functionality, I noticed related PRs merged here and here but couldn't find any examples in the repo of using these structures.

I wonder if it'd be possible for you to provide some minimal example of usingX509CrlEntry, X509CrlGenerator, and any related structures; this would be extremely helpful (something similar to the example showed here should be great).

Note that upon trying to create a minimal instance of X509CrlEntry with the following:

const serialNumber = crypto.randomBytes(16).toString("hex");
const crlEntry = new x509.X509CrlEntry(serialNumber, new Date(), []);

as per the constructor: 

constructor(serialNumber: string, revocationDate: Date, extensions: Extension[]);

I'm getting the following error:

dev-api              |     err: {
dev-api              |       "type": "TypeError",
dev-api              |       "message": "The provided value is not of type '(ArrayBuffer or ArrayBufferView)'",
dev-api              |       "stack":
dev-api              |           TypeError: The provided value is not of type '(ArrayBuffer or ArrayBufferView)'
dev-api              |               at BufferSourceConverter.toView (/app/node_modules/pvtsutils/build/index.js:60:15)
dev-api              |               at BufferSourceConverter.toUint8Array (/app/node_modules/pvtsutils/build/index.js:48:21)
dev-api              |               at new Some (/app/node_modules/asn1js/build/index.js:146:98)
dev-api              |               at new LocalIntegerValueBlock (/app/node_modules/asn1js/build/index.js:1472:9)
dev-api              |               at new BaseBlock (/app/node_modules/asn1js/build/index.js:513:44)
dev-api              |               at new Integer (/app/node_modules/asn1js/build/index.js:1612:9)
dev-api              |               at Object.toASN (/app/node_modules/@peculiar/asn1-schema/build/cjs/converters.js:32:23)
dev-api              |               at AsnSerializer.toAsnItem (/app/node_modules/@peculiar/asn1-schema/build/cjs/serializer.js:135:38)
dev-api              |               at AsnSerializer.toASN (/app/node_modules/@peculiar/asn1-schema/build/cjs/serializer.js:52:48)
dev-api              |               at AsnSerializer.serialize (/app/node_modules/@peculiar/asn1-schema/build/cjs/serializer.js:14:21)
dev-api              |     }

Overall, it would be great to get a concrete example of how to use the structure.

dangtony98 commented 4 months ago

Nevermind. I was able to reference an example in one of the tests:

const crl = await x509.X509CrlGenerator.create({
      // issuer: caCert.issuer,
      issuer: "Test",
      thisUpdate: new Date("2022/01/01"),
      nextUpdate: new Date("2022/12/12"),
      entries: [
        {
          serialNumber: "01",
          revocationDate: new Date("2022/01/01"),
          reason: x509.X509CrlReason.certificateHold,
          invalidity: new Date("2022/01/01"),
          issuer: "CN=Test, O=Дом"
        }
      ],
      signingAlgorithm: alg,
      signingKey: sk
    });

This seems to work.