search

kjur / jsrsasign

The 'jsrsasign' (RSA-Sign JavaScript Library) is an opensource free cryptography library supporting RSA/RSAPSS/ECDSA/DSA signing/validation, ASN.1, PKCS#1/5/8 private/public key, X.509 certificate, CRL, OCSP, CMS SignedData, TimeStamp, CAdES and JSON Web Signature/Token in pure JavaScript.
https://kjur.github.io/jsrsasign
Other
3.27k stars 643 forks source link

Basic constraints and key usage #169

Closed 3goats closed 8 years ago

3goats commented 8 years ago

I've been experiencing with the X.509 class and was wondering if there's simple way of getting the basic constraints (e.g. Subject Type=CA, Path Length Constraint=0) and key usage information (e.g. Certificate Signing, Off-line CRL Signing, CRL Signin...) ?

I need the oids to translated rather than just the list of OIDs e.g.

ExtKeyUsageBin: 
[ { posTLV: 850, oid: '2.5.29.14', critical: false, posV: 868 },
  { posTLV: 912, oid: '2.5.29.35', critical: false, posV: 930 },
  { posTLV: 1064, oid: '2.5.29.19', critical: false, posV: 1082 } ]

Is there anything like an X.509 dump capability that dumps out all of the values similar to using openssl x509 -in cert.cer -text -noout

Ultimatly I need to parse the entire cert and get to this level of detail:

/*
cert = { subject: 
   { countryName: 'US',
     postalCode: '10010',
     stateOrProvinceName: 'NY',
     localityName: 'New York',
     streetAddress: '902 Broadway, 4th Floor',
     organizationName: 'Nodejitsu',
     organizationalUnitName: 'PremiumSSL Wildcard',
     commonName: '*.nodejitsu.com' },
  issuer: 
   { countryName: 'GB',
     stateOrProvinceName: 'Greater Manchester',
     localityName: 'Salford',
     organizationName: 'COMODO CA Limited',
     commonName: 'COMODO High-Assurance Secure Server CA' },
  notBefore: Sun Oct 28 2012 20:00:00 GMT-0400 (EDT),
  notAfter: Wed Nov 26 2014 18:59:59 GMT-0500 (EST),
  altNames: [ '*.nodejitsu.com', 'nodejitsu.com' ],
  signatureAlgorithm: 'sha1WithRSAEncryption',
  fingerPrint: 'E4:7E:24:8E:86:D2:BE:55:C0:4D:41:A1:C2:0E:06:96:56:B9:8E:EC',
  publicKey: {
    algorithm: 'rsaEncryption',
    e: '65537',
    n: '.......' } }
*/
kjur commented 8 years ago

As for key usage, jsrsasign already has methods: http://kjur.github.io/jsrsasign/api/symbols/X509.html#.getExtKeyUsageString http://kjur.github.io/jsrsasign/api/symbols/X509.html#.getExtKeyUsageBin

For basic constraints, I've add a method for it in the latest version: http://kjur.github.io/jsrsasign/api/symbols/X509.html#.getExtBasicConstraints

For certificate dump, how about using ASN.1 dump? http://kjur.github.io/jsrsasign/api/symbols/ASN1HEX.html#.dump

3goats commented 8 years ago

Thanks for this.

For certificate dump, how about using ASN.1 dump?

Yes this would be a start, ideally I would like to dump all of certificate meta data to a data structure for indexing if possible.

Sent from my iPhone

On 14 Apr 2016, at 12:30, Kenji Urushima notifications@github.com wrote:

For certificate dump, how about using ASN.1 dump?