How to use pkijs - 10 common examples
To help you get started, we’ve selected a few pkijs examples, based on popular ways it is used in public projects.
Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.
PeculiarVentures / tl-create / test / cisco.js View on Github 
///
///
var xadesjs = require("xadesjs");
global.xadesjs = xadesjs;
var asn1js = require("asn1js");
global.asn1js = asn1js;
var request = require("sync-request");
global.request = request;
var Pkijs = require("pkijs");
global.Pkijs = Pkijs;
var WebCrypto = require("node-webcrypto-ossl");
webcrypto = new WebCrypto();
Pkijs.setEngine('OpenSSL', webcrypto, new Pkijs.CryptoEngine({
name: 'OpenSSL',
crypto: webcrypto,
subtle: webcrypto.subtle
}));
var tl_create = require("../built/tl-create");
var assert = require("assert");
var fs = require("fs");
describe("Cisco format", function () {
it("Parse incoming text for external root bundle", function () {
this.timeout(15000);
// get static file
var ciscoText = fs.readFileSync("./test/static/ios.p7b", "binary");// } TimestampedEntry;
this.timestamp = new Date(utilFromBase(new Uint8Array(stream.getBlock(8)), 8));
this.entryType = stream.getUint16();
switch(this.entryType)
{
case LogEntryType.constants("x509_entry"):
{
const certificateLength = stream.getUint24();
const asn1 = asn1js.fromBER((new Uint8Array(stream.getBlock(certificateLength))).buffer.slice(0));
if(asn1.offset === (-1))
throw new Error("Object's stream was not correct for TimestampedEntry");
this.signedEntry = new Certificate({ schema: asn1.result });
}
break;
case LogEntryType.constants("precert_entry"):
this.signedEntry = new PreCert({ stream });
break;
default:
throw new Error("Object's stream was not correct for TimestampedEntry");
}
const extensionsLength = stream.getUint16();
if(extensionsLength)
this.extensions = (new Uint8Array(stream.getBlock(extensionsLength))).buffer.slice(0);
}
//**********************************************************************************function CheckSSL() {
if (fs.existsSync(APP_SSL_CERT) && fs.existsSync(APP_SSL_KEY)) {
const sslCert = fs.readFileSync(APP_SSL_CERT, "utf8").replace(/-{5}[\w\s]+-{5}/ig, "").replace(/\r/g, "").replace(/\n/g, "");
// Parse cert
const asn1 = asn1js.fromBER(new Uint8Array(Buffer.from(sslCert, "base64")).buffer);
const cert = new pkijs.Certificate({ schema: asn1.result });
// Check date
if (cert.notAfter.value < new Date()) {
winston.info(`SSL certificate is expired`);
return false;
}
return true;
}
winston.info(`SSL certificate is not found`);
return false;
}getStampingBuffer(cmsSignedData, signerIndex, parameters)
{
//region Initial variables
let sequence = Promise.resolve();
let hashAlgorithm = "SHA-256";
let content = new ArrayBuffer(0);
let aTSHashIndex = new ArrayBuffer(0);
let resultBuffer = new ArrayBuffer(0);
//endregion
//region Get a "crypto" extension
const crypto = getCrypto();
if(typeof crypto === "undefined")
return Promise.reject("Unable to create WebCrypto object");
//endregion
//region Check input parameters
if("hashAlgorithm" in parameters)
hashAlgorithm = parameters.hashAlgorithm;
if("content" in parameters)
content = parameters.content; // ArrayBuffer
else
{
if("eContent" in cmsSignedData.encapContentInfo)
{
if((cmsSignedData.encapContentInfo.eContent.idBlock.tagClass === 1) &&
(cmsSignedData.encapContentInfo.eContent.idBlock.tagNumber === 4))let ocspResponse;
//endregion
//region Check input parameters
if("hashAlgorithm" in parameters)
hashAlgorithm = parameters.hashAlgorithm;
if("ocspResponse" in parameters)
ocspResponse = parameters.ocspResponse; // in_window.org.pkijs.simpl.OCSP_RESPONSE
else
return Promise.reject("Parameter \"ocspResponse\" is mandatory for making \"OcspResponsesID\"");
//endregion
//region Get a "crypto" extension
const crypto = getCrypto();
if(typeof crypto === "undefined")
return Promise.reject("Unable to create WebCrypto object");
//endregion
//region Fill correct value for "hashIndAlgorithm"
sequence = sequence.then(
() => {
if(hashAlgorithm.toUpperCase() !== "SHA-1")
{
const oid = getOIDByAlgorithm({ name: hashAlgorithm });
if(oid === "")
return Promise.reject(`Incorrect hashing algorithm: ${hashAlgorithm}`);
this.ocspRepHash = new OtherHashAlgAndValue({
hashAlgorithm: new AlgorithmIdentifier({
algorithmId: oid,getStampingBuffer(cmsSignedData, signerIndex, parameters = {})
{
//region Initial variables
let sequence = Promise.resolve();
let hashAlgorithm = "SHA-256";
let resultBuffer = new ArrayBuffer(0);
let signatureTimeStamp; // SignatureTimeStamp
let completeCertificateReferences; // CompleteCertificateReferences
let completeRevocationReferences; // CompleteRevocationReferences
//endregion
//region Get a "crypto" extension
const crypto = getCrypto();
if(typeof crypto === "undefined")
return Promise.reject("Unable to create WebCrypto object");
//endregion
//region Check input parameters
if("hashAlgorithm" in parameters)
hashAlgorithm = parameters.hashAlgorithm;
if("signatureTimeStamp" in parameters)
signatureTimeStamp = parameters.signatureTimeStamp;
else
return Promise.reject("Parameter \"signatureTimeStamp\" is mandatory for making \"CAdES-C-Timestamp\" attribute");
if("completeCertificateReferences" in parameters)
completeCertificateReferences = parameters.completeCertificateReferences;
elsecase "pkcs8": {
const jwk = await this.exportJwkPrivateKey(key);
const privateKey = new PrivateKeyInfo();
privateKey.fromJSON(jwk);
return privateKey.toSchema(true).toBER(false);
}
case "spki": {
const jwk = await this.exportJwkPublicKey(key);
const publicKey = new PublicKeyInfo();
publicKey.fromJSON(jwk);
return publicKey.toSchema(true).toBER(false);
}
case "raw": {
// export subjectPublicKey BIT_STRING value
const jwk = await this.exportJwkPublicKey(key);
const publicKey = new PublicKeyInfo();
publicKey.fromJSON(jwk);
return publicKey.toSchema(true).valueBlock.value[1].valueBlock.valueHex;
}
default:
throw new Error(`Not supported format '${format}'`);
}
}}
case "pkcs8": {
const jwk = await this.exportJwkPrivateKey(key);
return jwk2pkcs(jwk);
}
case "spki": {
const jwk = await this.exportJwkPublicKey(key);
return jwk2spki(jwk);
}
case "raw": {
// export subjectPublicKey BIT_STRING value
const jwk = await this.exportJwkPublicKey(key);
if ((key.algorithm as EcKeyGenParams).namedCurve === "X25519") {
return Base64Url.decode(jwk.x!).buffer as ArrayBuffer;
} else {
const publicKey = new PublicKeyInfo();
publicKey.fromJSON(jwk);
return publicKey.toSchema(true).valueBlock.value[1].valueBlock.valueHex;
}
}
default:
throw new Error(`Not supported format '${format}'`);
}
}}
case "pkcs8": {
const jwk = await this.exportJwkPrivateKey(key);
return this.jwk2pkcs(jwk);
}
case "spki": {
const jwk = await this.exportJwkPublicKey(key);
return this.jwk2spki(jwk);
}
case "raw": {
// export subjectPublicKey BIT_STRING value
const jwk = await this.exportJwkPublicKey(key);
if ((key.algorithm as EcKeyGenParams).namedCurve === "X25519") {
return Convert.FromBase64Url(jwk.x);
} else {
const publicKey = new pkijs.PublicKeyInfo();
publicKey.fromJSON(jwk);
return publicKey.toSchema(true).valueBlock.value[1].valueBlock.valueHex;
}
}
default:
throw new core.OperationError("format: Must be 'jwk', 'raw', pkcs8' or 'spki'");
}
}switch (format.toLowerCase()) {
case "jwk":
if (key.type === "private") {
return this.exportJwkPrivateKey(key);
} else {
return this.exportJwkPublicKey(key);
}
case "pkcs8": {
const jwk = await this.exportJwkPrivateKey(key);
const privateKey = new PrivateKeyInfo();
privateKey.fromJSON(jwk);
return privateKey.toSchema(true).toBER(false);
}
case "spki": {
const jwk = await this.exportJwkPublicKey(key);
const publicKey = new PublicKeyInfo();
publicKey.fromJSON(jwk);
return publicKey.toSchema(true).toBER(false);
}
case "raw": {
// export subjectPublicKey BIT_STRING value
const jwk = await this.exportJwkPublicKey(key);
const publicKey = new PublicKeyInfo();
publicKey.fromJSON(jwk);
return publicKey.toSchema(true).valueBlock.value[1].valueBlock.valueHex;
}
default:
throw new core.OperationError("format: Must be 'jwk', 'pkcs8' or 'spki'");
}
}pkijs
Public Key Infrastructure (PKI) is the basis of how identity and key management is performed on the web today. PKIjs is a pure JavaScript library implementing the formats that are used in PKI applications. It is built on WebCrypto and aspires to make it p
Package Health Score
78 / 100Popular pkijs functions
- pkijs.AlgorithmIdentifier
- pkijs.Attribute
- pkijs.AttributeTypeAndValue
- pkijs.BasicConstraints
- pkijs.BasicOCSPResponse
- pkijs.Certificate
- pkijs.ContentInfo
- pkijs.ECPrivateKey
- pkijs.ECPublicKey
- pkijs.Extension
- pkijs.GeneralName
- pkijs.GeneralNames
- pkijs.getCrypto
- pkijs.OCSPRequest
- pkijs.PrivateKeyInfo
- pkijs.PublicKeyInfo
- pkijs.setEngine
- pkijs.SignedData
- pkijs.TimeStampResp